From May 23 to 26, the international cyber festival Positive Hack Days-2 was held at the Luzhniki Olympic Complex. A large-scale event brought together experts, customers of information security services and everyone interested in the world of cybersecurity. A rich program, productive discussions, unique knowledge and new acquaintances - all this aroused great interest among thousands of participants.
The event is organized by Positive Technologies, a leader in effective cybersecurity. The global partner and co-organizer of PHDays-2 was the IT company Innostage, a developer, cyber architect and integrator of services and solutions in the field of digital security.
Innostage experts took an active part in the design and implementation of the business and informal program, loudly speaking at the cyber festival about the brand, its products, services and solutions.
As a result of the cyber battle, the best cyber defenders were: BLUE WATER (Kazan Federal University), FEFU Daemons (Far Eastern Federal University) and inCrack (Nizhny Novgorod State Technical University named after R. E. Alekseev with the support of the NEIMARK IT campus and CIT of the Nizhny Novgorod region). It is worth noting the NullBots team from Murmansk. This is the first time the guys are participating in such a competition and at the same time showed excellent results: 24 investigations out of 24. The only thing is that on average they needed twice as much time per investigation as the leaders, so they debuted with fourth place.
The top three among the Reds included the following teams: Team8 (Krasnodar Higher Military School named after Army General S. M. Shtemenko), N0N@me13 (FSO Academy of Russia) and LaCringe (Far Eastern Federal University).
Together, the winners and runners-up from both camps shared a prize fund of 200,000 rubles.
At Standoff, from 13 target states there were now two (they were designated as F and S), which made it possible to increase the number of teams and significantly increase the level of difficulty for their opponents. In both states, oil and gas, industrial, transport, financial and other facilities were exposed, attacks on which threatened irreparable consequences. For example, by attacking a virtual nuclear power plant, hackers can stop the reactor turbine, leaving businesses and the population without electricity. And to make it more interesting for numerous viewers to watch the process, successful attacks are displayed on an interactive layout with mini-copies of buildings, railways and other infrastructure elements.
In the final, the digital twin of the Innostage IT infrastructure became the space for the Standoff play-in. For a reward of 5 million rubles, the attacking teams were offered to implement one of two unacceptable events - encrypt a file storage with project documentation or gain access to the CRM system and steal information about clients and contracts.
“We watched with great interest and excitement how actively the red teams were trying to hack the digital twin of the Innostage infrastructure. Our SOC CyberART tracked and analyzed every step of the attackers as they got closer and closer to the target. But they were never able to implement unacceptable events,” notes Ekaterina Syurtukova, head of the service department at Innostage and adds, “at the same time, now ethical hackers have the opportunity to try their luck on our real infrastructure. Moreover, now they are not given six hours; in fact, they are not limited in time at all. On May 26, we launched a bug bounty program in cyber testing mode on the Standoff365 platform. And there have already been dozens of responses to the invitation to implement an unacceptable event in our infrastructure - to transfer 2,000 rubles from the company’s accounts for a fee of 5 million rubles.”
At the same time, Innostage singled out the Wetox team, which went the furthest. Like any real infrastructure, the digital twin had several non-critical file stores, and the team was able to access and encrypt one of them. But no one managed to get into the protected segment with the target systems and implement the unacceptable. In any case, this is an excellent result, so the Wetox team received a special prize from Innostage - a certificate for the race weekend in Kazan and an invitation to the Innostage SOC CyberART office.
Cyber testing is the most effective tool for testing digital resilience today, and Innostage is the first IT integrator to take this bold step. White hat hackers will receive as much as 5 million rubles if they transfer up to 2,000 rubles from their Innostage account to their accounts. The program is implemented through the Standoff 365 Bug Bounty platform, and the public launch took place on May 26. And within a day, about 40 participants decided to try their luck as a hacker.
“Any company can be hacked, the only question is the price. For example, the average cost of a direct entry class vulnerability into DIT, that is, gaining access to a secure network and company data, on Bug Bounty platforms is currently estimated at 2.5-3 million rubles. From this starting point, it is necessary to carry out calculations and see how many steps potentially need to be taken within the infrastructure in order to realize an unacceptable event: in our case, this is the theft of funds from an account. We are ready to pay specialists millions if they not only point out critical vulnerabilities in our infrastructure, but also demonstrate how to take advantage of them,” emphasizes Aidar Guzairov.
Also, Aidar Guzairov, as a speaker and moderator, took part in discussions where the changing attitude of business owners and managers to digital risks, the potential of the Russian cybersecurity industry in foreign markets and the prospects for the development of Russian information security vendors were discussed.
Innostage's methodology is flexibly customized to the needs and capabilities of the company and creates optimal conditions for digital business sustainability. CyberYool is universal and is suitable for any organization, regardless of whether it is creating an IT and information security infrastructure from scratch or transforming an existing one.
The approach allows you to achieve a high level of digital security for the company and eliminate most of the business pain points associated with the low level of documentation of the IT infrastructure, as well as the lack of coordination between the actions of IT and information security services.
“Yool (yul) translated from Tatar means “path,” which means that our methodology will lead businesses to cyber resilience. At the first stage, we assess the company’s security, then we build a design for the target picture, at the third stage we transform and ensure technological processes, at the fourth stage we train employees and at the fifth stage we conduct an independent assessment,” Ksenia Rysaeva, head of the center for practical information security at Innostage, explained to the participants of the cyber festival.
Also inside the Cyberdrome they organized minicar races on the cyber resistance track, introduced guests to the results of testing PT NGFW and their own IT products, and held an interactive adventure Deep Purple Space for customers. The tent featured the Innostage Digital Headquarters product, which, based on a neural network, analyzed the digital portrait of visitors and the general level of interest in the proposed activities.
It was hard not to notice the street area of the brand: the attention of visitors was captured by real sports cars from the leader of Russian motorsport AG Team, a multiple winner in circuit racing. Innostage is the team sponsor.
In general, the Innostage cyber force, consisting of more than a hundred employees, conducted dozens of business and informal activities in a variety of locations at the cyber festival these days. In addition to technical, business and partnership tracks, speakers performed on the Nauchpop stage, where cybersecurity and related topics were presented in the most accessible format.
The speakers discussed the topics of building an institute for the exchange of knowledge and competencies in the field of IT and information security with the involved community, the creation and implementation of educational and training complexes in cooperation with practicing professionals in the field of information security to ensure technological sovereignty.
In conclusion, two agreements were signed with Innostage on the creation of a Student SOC in Murmansk and Vladivostok. Deputy Governor - Minister of Digital Development of the Murmansk Region Elena Semenova signed the document on the launch of the Student SOC in the Arctic, and the director of the Institute of Mathematics and Computer Technologies of the Far Eastern Federal University Grigory Aleksanin launched the project in Primorye.
Luzhniki is the main, but not the only arena of the cyber festival where we presented our activities. Thus, the youth track Positive Hack Days 2 took place in Innopolis. On May 25, in the most technologically advanced city in the country, our HR specialists gave schoolchildren and students recommendations on how to make a successful career in information security, and held interactive events for them with a drawing of merch.
The leitmotif of Positive Hack Days-2 was the theme of space. And you can really say about the project: “It’s just space!” The cyber festival has confirmed its status as one of the key platforms for discussing current issues of cybersecurity and developing new approaches to protection against cyber threats. and the Innostage team made a significant contribution to its preparation and conduct.
The event is organized by Positive Technologies, a leader in effective cybersecurity. The global partner and co-organizer of PHDays-2 was the IT company Innostage, a developer, cyber architect and integrator of services and solutions in the field of digital security.
Innostage experts took an active part in the design and implementation of the business and informal program, loudly speaking at the cyber festival about the brand, its products, services and solutions.
Make way for the young
As part of the youth day PHDays-2, Innostage held an All-Russian student cyber battle. This is a top cyber competition for students of Russian universities. Eight teams of defenders under the mentorship of Innostage and 13 teams of attackers, in the preparation of which Positive Technologies experts participated, competed in a two-day battle for the IT infrastructure of the city of N.As a result of the cyber battle, the best cyber defenders were: BLUE WATER (Kazan Federal University), FEFU Daemons (Far Eastern Federal University) and inCrack (Nizhny Novgorod State Technical University named after R. E. Alekseev with the support of the NEIMARK IT campus and CIT of the Nizhny Novgorod region). It is worth noting the NullBots team from Murmansk. This is the first time the guys are participating in such a competition and at the same time showed excellent results: 24 investigations out of 24. The only thing is that on average they needed twice as much time per investigation as the leaders, so they debuted with fourth place.
The top three among the Reds included the following teams: Team8 (Krasnodar Higher Military School named after Army General S. M. Shtemenko), N0N@me13 (FSO Academy of Russia) and LaCringe (Far Eastern Federal University).
Together, the winners and runners-up from both camps shared a prize fund of 200,000 rubles.
Digital twin
Innostage exhibited a digital twin of its infrastructure at the Standoff cyber battle. It is a central gathering point for cybersecurity experts from both the offensive and defensive sides and one of the world's largest competitions, in which teams of sports hackers attempt to hack a virtual nation's IT systems while cyber defenders detect and investigate their actions.At Standoff, from 13 target states there were now two (they were designated as F and S), which made it possible to increase the number of teams and significantly increase the level of difficulty for their opponents. In both states, oil and gas, industrial, transport, financial and other facilities were exposed, attacks on which threatened irreparable consequences. For example, by attacking a virtual nuclear power plant, hackers can stop the reactor turbine, leaving businesses and the population without electricity. And to make it more interesting for numerous viewers to watch the process, successful attacks are displayed on an interactive layout with mini-copies of buildings, railways and other infrastructure elements.
In the final, the digital twin of the Innostage IT infrastructure became the space for the Standoff play-in. For a reward of 5 million rubles, the attacking teams were offered to implement one of two unacceptable events - encrypt a file storage with project documentation or gain access to the CRM system and steal information about clients and contracts.
“We watched with great interest and excitement how actively the red teams were trying to hack the digital twin of the Innostage infrastructure. Our SOC CyberART tracked and analyzed every step of the attackers as they got closer and closer to the target. But they were never able to implement unacceptable events,” notes Ekaterina Syurtukova, head of the service department at Innostage and adds, “at the same time, now ethical hackers have the opportunity to try their luck on our real infrastructure. Moreover, now they are not given six hours; in fact, they are not limited in time at all. On May 26, we launched a bug bounty program in cyber testing mode on the Standoff365 platform. And there have already been dozens of responses to the invitation to implement an unacceptable event in our infrastructure - to transfer 2,000 rubles from the company’s accounts for a fee of 5 million rubles.”
At the same time, Innostage singled out the Wetox team, which went the furthest. Like any real infrastructure, the digital twin had several non-critical file stores, and the team was able to access and encrypt one of them. But no one managed to get into the protected segment with the target systems and implement the unacceptable. In any case, this is an excellent result, so the Wetox team received a special prize from Innostage - a certificate for the race weekend in Kazan and an invitation to the Innostage SOC CyberART office.
Launch of Bug Bounty
On the starting day of the cyber festival, Innostage CEO Aidar Guzairov announced the company’s launch of its own Bug Bounty program in the format of open cyber trials. The target action for participants is not just searching for bugs, but implementing an unacceptable event.Cyber testing is the most effective tool for testing digital resilience today, and Innostage is the first IT integrator to take this bold step. White hat hackers will receive as much as 5 million rubles if they transfer up to 2,000 rubles from their Innostage account to their accounts. The program is implemented through the Standoff 365 Bug Bounty platform, and the public launch took place on May 26. And within a day, about 40 participants decided to try their luck as a hacker.
“Any company can be hacked, the only question is the price. For example, the average cost of a direct entry class vulnerability into DIT, that is, gaining access to a secure network and company data, on Bug Bounty platforms is currently estimated at 2.5-3 million rubles. From this starting point, it is necessary to carry out calculations and see how many steps potentially need to be taken within the infrastructure in order to realize an unacceptable event: in our case, this is the theft of funds from an account. We are ready to pay specialists millions if they not only point out critical vulnerabilities in our infrastructure, but also demonstrate how to take advantage of them,” emphasizes Aidar Guzairov.
Also, Aidar Guzairov, as a speaker and moderator, took part in discussions where the changing attitude of business owners and managers to digital risks, the potential of the Russian cybersecurity industry in foreign markets and the prospects for the development of Russian information security vendors were discussed.
Presentation of the CyberYool methodology
Innostage introduced to the market its own CyberYool methodology to ensure enhanced cyber protection and business continuity. The methodology is based on many years of experience in import substitution of software and redesign of the Innostage architecture, as well as expertise in preventing and investigating cyber attacks. The approach has been tested on the company's infrastructure and is already being used for the first external customers.Innostage's methodology is flexibly customized to the needs and capabilities of the company and creates optimal conditions for digital business sustainability. CyberYool is universal and is suitable for any organization, regardless of whether it is creating an IT and information security infrastructure from scratch or transforming an existing one.
The approach allows you to achieve a high level of digital security for the company and eliminate most of the business pain points associated with the low level of documentation of the IT infrastructure, as well as the lack of coordination between the actions of IT and information security services.
“Yool (yul) translated from Tatar means “path,” which means that our methodology will lead businesses to cyber resilience. At the first stage, we assess the company’s security, then we build a design for the target picture, at the third stage we transform and ensure technological processes, at the fourth stage we train employees and at the fifth stage we conduct an independent assessment,” Ksenia Rysaeva, head of the center for practical information security at Innostage, explained to the participants of the cyber festival.
Cyberdrome and Innopolis
Innostage experts spoke about the technical aspects of the methodology and its application both in the Cyberdrome - a corporate tent with its own lecture hall and a lot of activities, as well as on tracks on IT systems architecture and business. The lecture hall speakers also shared their expertise on the training of information security specialists and other relevant topics.Also inside the Cyberdrome they organized minicar races on the cyber resistance track, introduced guests to the results of testing PT NGFW and their own IT products, and held an interactive adventure Deep Purple Space for customers. The tent featured the Innostage Digital Headquarters product, which, based on a neural network, analyzed the digital portrait of visitors and the general level of interest in the proposed activities.
It was hard not to notice the street area of the brand: the attention of visitors was captured by real sports cars from the leader of Russian motorsport AG Team, a multiple winner in circuit racing. Innostage is the team sponsor.
In general, the Innostage cyber force, consisting of more than a hundred employees, conducted dozens of business and informal activities in a variety of locations at the cyber festival these days. In addition to technical, business and partnership tracks, speakers performed on the Nauchpop stage, where cybersecurity and related topics were presented in the most accessible format.
Personnel training
In the HR track, moderated by Innostage experts, there was a discussion “Educational practice and personnel for the information security industry.” At it, representatives of regional administrations, leading universities and educational centers discussed issues of providing students with enhanced practice-oriented expertise and popularizing the profession of information security specialist.The speakers discussed the topics of building an institute for the exchange of knowledge and competencies in the field of IT and information security with the involved community, the creation and implementation of educational and training complexes in cooperation with practicing professionals in the field of information security to ensure technological sovereignty.
In conclusion, two agreements were signed with Innostage on the creation of a Student SOC in Murmansk and Vladivostok. Deputy Governor - Minister of Digital Development of the Murmansk Region Elena Semenova signed the document on the launch of the Student SOC in the Arctic, and the director of the Institute of Mathematics and Computer Technologies of the Far Eastern Federal University Grigory Aleksanin launched the project in Primorye.
Luzhniki is the main, but not the only arena of the cyber festival where we presented our activities. Thus, the youth track Positive Hack Days 2 took place in Innopolis. On May 25, in the most technologically advanced city in the country, our HR specialists gave schoolchildren and students recommendations on how to make a successful career in information security, and held interactive events for them with a drawing of merch.
The leitmotif of Positive Hack Days-2 was the theme of space. And you can really say about the project: “It’s just space!” The cyber festival has confirmed its status as one of the key platforms for discussing current issues of cybersecurity and developing new approaches to protection against cyber threats. and the Innostage team made a significant contribution to its preparation and conduct.
