Standoff
13
MAY 22–25, 2024
MOSCOW, LUZHNIKI SPORTS COMPLEX
MOSCOW, LUZHNIKI SPORTS COMPLEX
Cyberbattle of the year: don’t miss out!
₽15 mln
A jackpot the red teams will really fight for
Upgraded mechanics
Now featuring a whole new country, new security events, roles for the blues, and rules for the reds
36 hours
A four-day long cyber exercise with breaks overnight
Greater hacking horizons
500+ software and hardware units you can must hack
Come to Moscow's Luzhniki sports complex on May 23–25 to see the cyberbattle Standoff 13 with your own eyes
Blue team application form
for Standoff 13
Fill out the form, and we'll contact you within five days
to discuss the terms and price of participation
Standoff 13 winner
Standoff 13 wrap-up
Team
Highlights
Number of attacks triggered
Place
Points
1st place in the playoffs
34
111 131
2nd place in the playoffs
27
74 513
3rd place in the playoffs
24
56 023
4th place in the playoffs
18
39 801
1st place in State S
38
144 761
2nd place in the play-in
27
116 155
3rd place in the play-in
25
79 193
4th place in the play-in
23
68 883
5th place in the winning State F
13
27 296
5th place in State S
22
64 085
6th place in the winning State F
15
22 336
6th place in State S
17
49 892
7th place in the winning State F
15
19 810
7th place in State S
18
41 980
8th place in the winning State F
10
19 629
8th place in State S
18
40 349
9th place in the winning State F
11
17 344
9th place in State S
17
36 371
10th place in the winning State F
9
16 714
10th place in State S
10
26 225
11th place in the winning State F
8
16 411
11th place in State S
5
7 300
12th place in the winning State F
3
3 700
12th place in State S
5
4 900
13th place in State S
3
3 000
Defender results
Team
Incidents detected
Attacks investigated
*Two teams participated in a special response mode. In addition to investigating incidents, these teams could act as defenders and fend off attacks, such as by blocking accounts and infrastructure hosts.
Playoff contenders
During the playoffs, not one team managed to trigger a non-tolerable event in the digital twin representing the mission-critical information systems of Positive Technologies. Therefore, the winner was determined in the Overtime stage.
Team
Number of attacks triggered
Points
Rank
Play-in participants
During the play-in, not one team managed to trigger a non-tolerable event in the digital twin of Innostage systems. However, the Wetox team got a special award for a good attack attempt.
Team
Number of attacks triggered
Points
The winner: State F
State F teams
State S teams
41 points
42 points
One of the State F teams finished the cyberbattle with 0 points for state-level critical events, other critical events, and discovered vulnerabilities. Therefore, that team was not counted in the team standings for its state.
The results of the main phase were determined by the average number of state-level events triggered by all active teams of each state. Results:
State S: 3.23
State F: 3.42
The results of the main phase were determined by the average number of state-level events triggered by all active teams of each state. Results:
State S: 3.23
State F: 3.42
The Russian student cyberbattle also took place at Moscow's Luzhniki sports complex on May 23–25
Future cybersecurity specialists tested their skills in a battle over the IT infrastructure of a virtual city.
The Standoff cyberbattle is...
A cyber exercise where infosec specialists test the defenses of company systems from various economic sectors using virtual states as their testing ground
During the battle, the red teams, acting as hackers, split into two clans and attack the systems of virtual states, State F and State S. For example, they might try to steal bank customer data, hack the traffic light control system, or halt the operation of an oil refinery. Teams earn points for successful attacks, with the top four teams of the winning clan battling it out for the first place.
Meanwhile, the blue teams — cybersecurity specialists — are tasked to detect and investigate attacks, as well as to respond to these threats.
Meanwhile, the blue teams — cybersecurity specialists — are tasked to detect and investigate attacks, as well as to respond to these threats.
Cybersecurity is crucial for protecting users, companies, and entire countries as it helps to ensure continuous operation of all economic sectors.
The Standoff cyberbattle demonstrates how insufficient protection of high-profile businesses and critical facilities can lead to catastrophic consequences.
Cyberbattle participants can get a feel for the infrastructure of various industries, test their ability to discover security flaws, and experience the intensity of lifelike cyberattacks.
The Standoff cyberbattle demonstrates how insufficient protection of high-profile businesses and critical facilities can lead to catastrophic consequences.
Cyberbattle participants can get a feel for the infrastructure of various industries, test their ability to discover security flaws, and experience the intensity of lifelike cyberattacks.
The infrastructure of the virtual states is represented by 3D models. Each industry has its own 3D model with buildings and facilities that suffer the consequences of attacks much like they would in real life: luggage piles up on the conveyor belt at the airport, trains derail, blackouts occur, and oil tanks overflow.
A bit of cyberbattle lore
How all this comes together can be discovered at Moscow's Luzhniki sports complex on May 22–25.
Standoff 13 features some noticeable changes: besides the well-known State F, a new powerful infrastructure has emerged on the international cyberarena—State S.
Although State S was formed recently, its rapid economic growth has sparked interest from neighboring countries, and its unprecedented rate of technological development has attracted hackers. As a result, hackers now have an expanded array of targets, while defenders face a substantial increase in their protective duties.
Although State S was formed recently, its rapid economic growth has sparked interest from neighboring countries, and its unprecedented rate of technological development has attracted hackers. As a result, hackers now have an expanded array of targets, while defenders face a substantial increase in their protective duties.
So what else is new?
Since 2016, we've been preparing a complex infrastructure for each battle so that the bravest pros can put their skills to the test
At Standoff 13, there will be two virtual states: the well-known State F and the absolutely new State S with its own infrastructure and industries including oil and gas, metallurgy, energy, and more
State S
For the red teams, the cyberbattle will take place in two stages.
In the first stage, we'll divide hacker teams by state to form two opposing clans. Each clan will have its own objectives in the rival state, and the clan that accomplishes the most objectives wins.
Rankings within the clans will be based on points that each team earns for triggering security events and discovering vulnerabilities. The best four teams from the winning clan will move on to the second stage, the playoffs, and will battle it out for the top spot.
The top four teams from the second state will compete in the play-in round for a special prize from Innostage.
In the first stage, we'll divide hacker teams by state to form two opposing clans. Each clan will have its own objectives in the rival state, and the clan that accomplishes the most objectives wins.
Rankings within the clans will be based on points that each team earns for triggering security events and discovering vulnerabilities. The best four teams from the winning clan will move on to the second stage, the playoffs, and will battle it out for the top spot.
The top four teams from the second state will compete in the play-in round for a special prize from Innostage.
Mechanics for red teams
The blue teams won't be tied to either state and will be able to protect their respective sectors in one of two modes: investigation (monitoring) or defense (response).
In monitoring mode, the blue teams' task is to document as many incidents as possible and investigate all attacks.
In response mode, the teams can additionally prevent and repel attacks to protect their sector.
In monitoring mode, the blue teams' task is to document as many incidents as possible and investigate all attacks.
In response mode, the teams can additionally prevent and repel attacks to protect their sector.
Opportunities for blue teams
Prize pool of ₽15 mln
- ₽2.5 mlnTo be shared among the top 10 red teams
- ₽7.5 mlnFor completing a special task from Positive Technologies
during the playoffs - ₽5 mln
For completing a special task from Innostage during the play-in round
On the chopping hacking block
What's coming up for top teams
The best four teams from the winning state will enter the playoffs and vie for the main prize of the cyberbattle, while the top four teams from the second state will compete for a special prize from Innostage during the play-in round.
Who is this all for
Security researchers
(red teams)
(red teams)
Red teams compete with each other and attempt to pull off as many attacks as possible. They can then use this experience to excel in real-world pentesting and bug hunting.
Guests
Anyone can come to the cyberbattle to see how hackers break security systems and what impact their attacks have.
Blue teams test their detection, investigation, and response skills to level up their abilities to protect real companies.
Cybersecurity specialists
(blue teams)
(blue teams)
What's happening when
March 20 –April 10
Qualifying round for the red teams
April 15
Announcement of the results of the qualifying round for the red teams
May 22
First day of the cyberbattle
10:00 — 20:00
Defenders
10:00 — 20:00
Attackers
10:00 — 20:00
Defenders
10:00 — 20:00
Attackers
May 23
Second day of the cyberbattle
10:00 — 20:00
Defenders
10:00 — 20:00
Attackers
10:00 — 20:00
Defenders
10:00 — 20:00
Attackers
May 24
Third day of the cyberbattle
10:00 — 18:00
Defenders
10:00 — 18:00
Attackers
10:00 — 18:00
Defenders
10:00 — 18:00
Attackers
May 25
Grand finale: cyberbattle playoffs
10:00 — 18:00
Playoff for attackers
10:00 — 16:00
Play-in for attackers
10:00 — 16:00
Defenders
18:30 — 19:30
Awards ceremony
10:00 — 18:00
Playoff for attackers
10:00 — 16:00
Play-in for attackers
10:00 — 16:00
Defenders
18:30 — 19:30
Awards ceremony
How to participate
Sign-ups for Standoff 13 are now closed
If you want to set up your own cyberbattle, contact us at hello@standoff365.com, and we’ll come up with something exciting together.
Follow us on Telegram so that you don't miss out on the next cyberbattle.
Standoff 12 gallery
Technological Partners
The Standoff cyberbattle is made possible thanks to the efforts of a huge team of industry experts, including contributions from our partners
Netris
Competency Center of PJSC Rostelecom for video surveillance in smart cities and large businesses
eKassir
Software developer for banks and financial institutions
SafeTech
Developer of innovative solutions for protecting remote banking systems and e-document management systems
University of Tyumen
Top national university with more than 20,000 students and 10 innovative institutes and schools
Innostage
Developer, system integrator, and information security cyberarchitect
Company overiew
Netris is the Competency Center of PJSC Rostelecom for video surveillance in smart cities and large businesses.
15+ years in top positions on the Russian video surveillance market Today, the Netris platform powers more than 550,000 cameras across the country.
Netris' product portfolio includes:
The Netris video surveillance platform: a comprehensive video surveillance and video analytics system used for a wide range of needs on a regional and federal scale. The platform can handle an unlimited number of cameras and other video sources, making it suitable for use in smart city ecosystems, state and municipal enterprises, transnational corporations, large geographically distributed organizations, and transport facilities.
Netris ITX: a software video recorder for video surveillance at urban infrastructure facilities.
Netris solutions help effectively manage regions and improve the quality of the urban environment by helping monitor public safety, prevent crime, and analyze the operation of city services.
15+ years in top positions on the Russian video surveillance market Today, the Netris platform powers more than 550,000 cameras across the country.
Netris' product portfolio includes:
The Netris video surveillance platform: a comprehensive video surveillance and video analytics system used for a wide range of needs on a regional and federal scale. The platform can handle an unlimited number of cameras and other video sources, making it suitable for use in smart city ecosystems, state and municipal enterprises, transnational corporations, large geographically distributed organizations, and transport facilities.
Netris ITX: a software video recorder for video surveillance at urban infrastructure facilities.
Netris solutions help effectively manage regions and improve the quality of the urban environment by helping monitor public safety, prevent crime, and analyze the operation of city services.
Participation in Standoff
Netris provided its Netris ITX software video recorders at Standoff 13 to use at cyberbattle urban infrastructure facilities: schools, kindergartens, hospitals, stadiums, and transport facilities.
With Netris ITX, you can add cameras and users with different rights, view video streams from cameras in real time and from the archive, and record video. Netris ITX software video recorders also include integrated transport video analytics detectors, weapons detection, smoke detection, and fire detection.
With Netris ITX, you can add cameras and users with different rights, view video streams from cameras in real time and from the archive, and record video. Netris ITX software video recorders also include integrated transport video analytics detectors, weapons detection, smoke detection, and fire detection.
Company overview
eKassir has been developing software for banks and financial institutions since 2003.
The company’s competencies include payment and transaction systems, open banking APIs, solutions for connecting to the Faster Payments System (FPS) and the Digital Ruble Platform of the Central Bank of the Russian Federation, and software for ATMs.
eKassir’s key product is the Omnichannel Banking Platform. It combines all the company’s solutions in one platform, including front-end applications and server components for business operations and integration with the back-office systems of banks. The platform provides support for any omnichannel cases and offers a single set of services in all bank channels to increase functionality fast.
eKassir products are used by more than 100 clients in 20 countries. In Russia, this includes a third of the top 20 banks, including Gazprombank, Rosselkhozbank, Otkritie, and Post Bank. The company’s software products are PA-DSS and EMVCo compliant.
The company’s competencies include payment and transaction systems, open banking APIs, solutions for connecting to the Faster Payments System (FPS) and the Digital Ruble Platform of the Central Bank of the Russian Federation, and software for ATMs.
eKassir’s key product is the Omnichannel Banking Platform. It combines all the company’s solutions in one platform, including front-end applications and server components for business operations and integration with the back-office systems of banks. The platform provides support for any omnichannel cases and offers a single set of services in all bank channels to increase functionality fast.
eKassir products are used by more than 100 clients in 20 countries. In Russia, this includes a third of the top 20 banks, including Gazprombank, Rosselkhozbank, Otkritie, and Post Bank. The company’s software products are PA-DSS and EMVCo compliant.
Participation in Standoff
At the Standoff 13 cyberbattle, eKassir set up payments to be processed by the Faster Payments System based on the Adapter for FPS and Payments Hub products.
The Adapter for FPS is a full packaged product for connecting banks and financial organizations to FPS services. It supports all current FPS functionality, including cross-border transfers, cashback, and operations to dispute transactions.
Payments Hub is a solution for the centralized acceptance of payments by any customer service channel, including online and mobile banking, ATMs, and cash desks in bank branches.
Both products are protected by Access Management and API Gateway systems responsible for the remote authentication of external requests and API data gateways. Access is provided by access tokens.
The Adapter for FPS is a full packaged product for connecting banks and financial organizations to FPS services. It supports all current FPS functionality, including cross-border transfers, cashback, and operations to dispute transactions.
Payments Hub is a solution for the centralized acceptance of payments by any customer service channel, including online and mobile banking, ATMs, and cash desks in bank branches.
Both products are protected by Access Management and API Gateway systems responsible for the remote authentication of external requests and API data gateways. Access is provided by access tokens.
Company overview
SafeTech is a Russian developer of innovative solutions for protecting remote banking and e-document management systems. The company creates security tools for digital channels to make everyday tasks easier, more convenient, and safer for users.
SafeTech solutions help financial and other organizations implement new digital services, including opening accounts remotely without visiting a bank office, registering new businesses online, creating phygital offices, and electronic interactions with partners.
Key figures and facts:
— 13 years on the market
— 80+ partner banks
— SafeTech projects are implemented in all 10 of the top 10 Russian banks
— 15,000,000 users of SafeTech solutions
— Top 100 information security supplier in Russia
SafeTech solutions help financial and other organizations implement new digital services, including opening accounts remotely without visiting a bank office, registering new businesses online, creating phygital offices, and electronic interactions with partners.
Key figures and facts:
— 13 years on the market
— 80+ partner banks
— SafeTech projects are implemented in all 10 of the top 10 Russian banks
— 15,000,000 users of SafeTech solutions
— Top 100 information security supplier in Russia
Participation in Standoff
SafeTech presented its flagship solution at the Standoff cyberbattle—PayContro—a multifunctional mobile authentication and electronic signature platform. It protects against the most common types of attacks on the clients of financial organizations, incuding the re-issuance of SIM cards, phishing, fake IDs, and social engineering.
PayContro is designed to radically increase the security of a bank’s digital channels compared to classic text message and push notification codes. The solution transforms your mobile device into an analogue of a USB token with the same high level of security and a simple user script.
In 2023, the solution was already put to the test for four days at the cyberbattle without a single team finding any vulnerabilities.
PayContro is designed to radically increase the security of a bank’s digital channels compared to classic text message and push notification codes. The solution transforms your mobile device into an analogue of a USB token with the same high level of security and a simple user script.
In 2023, the solution was already put to the test for four days at the cyberbattle without a single team finding any vulnerabilities.
Partner overview
University of Tyumen (UT) is a leader of the national higher education system and member of the Priority 2030 federal program. Over 20,000 students are enrolled in UT’s 10 innovative institutes and schools. The information security program offers two majors and awards diplomas to more than 200 graduates annually. The university’s new School of Computer Science conducts information security research, offers career guidance, and collaborates on scientific and technical projects with leading companies in the industry. UT’s Information Technology Center establishes and implements the university’s digital transformation policy, including development of the IT infrastructure and educational and scientific digital environment, and creates accounting and enterprise management services based on information security data.
Participation in Standoff
For the Standoff 13 cyberbattle, UT’s Information Technology Center built a special IaaS powered by the UT Shared Use Center. The team’s solution supports automated training stand deployment and customization, including personalized remote access to training stands for participants. Throughout the event, the Information Technology Center will ensure the operability and provide support for the deployed infrastructure, training stands, and their microsegments.
Company overview
Innostage is a Russian IT company and strategic partner of Standoff 13 at the Positive Hack Days 2 international festival. A developer, system integrator of services and solutions, and information security cyberarchitect, Innostage’s mission is to ensure the digital resistance of market leaders in top sectors of the economy. Innostage implements information security projects of any complexity, including in the field of import substitution. Main company focuses: —Information security —System integration —Implementation of information security tools —ICS security —Consulting —Business solutions and software —Building and development of IT infrastructure Innostage also supports Innostage CyberART, a professional SOC with an integrated approach to countering digital threats.
Participation in Standoff
Innostage provides Standoff 13 with a digital twin of its infrastructure built on cybersecurity fundamentals and its own cyberresilience methods. At the play-in stage, red teams will have to trigger specific non-tolerable events.
The Standoff cyberbattle is a stress test before the Bug Bounty program Innostage is planning for June 2024. Innostage is also an organizer of the nationwide Student Cyberbattle, the final of which will be held May 23−25 at Luzhniki. Under the guidance of experienced Innostage specialists, eight defender teams from Russian universities will combat cyberthreats to the infrastructure of City N.
The Standoff cyberbattle is a stress test before the Bug Bounty program Innostage is planning for June 2024. Innostage is also an organizer of the nationwide Student Cyberbattle, the final of which will be held May 23−25 at Luzhniki. Under the guidance of experienced Innostage specialists, eight defender teams from Russian universities will combat cyberthreats to the infrastructure of City N.
Glossary
These are events that can cause severe damage to the company, disrupting its core activities or even leading to a shutdown. Each company defines its own list of non-tolerable events depending on its size, risk level, and the industry it belongs to.
Attackers participating in the cyberbattle can realize 15 non-tolerable event scenarios. For example, they can bring trains to a standstill, shut down all electrical substations, and cause an oil pipeline leak.
Attackers participating in the cyberbattle can realize 15 non-tolerable event scenarios. For example, they can bring trains to a standstill, shut down all electrical substations, and cause an oil pipeline leak.
Such events inflict financial and reputational damage on organizations, can temporarily disrupt the operation of a business or individual departments, lead to human casualties, create health threats, or cause environmental damage.
At Standoff 13, attackers can trigger about 150 unique critical events. For instance, they can cause a breakdown in the passenger check-in system, leak employees' personal data, or intercept CCTV feeds.
At Standoff 13, attackers can trigger about 150 unique critical events. For instance, they can cause a breakdown in the passenger check-in system, leak employees' personal data, or intercept CCTV feeds.
Attacker teams, aka the reds, attackers, or white hat hackers. Their goal is to find security flaws in companies' systems and conduct successful attacks. At Standoff, red teams compete with each other, and the winners get prizes.
These are teams of cybersecurity specialists who detect and investigate attacks. They’re also known as defenders. Blue teams do not compete with red teams or each other. Participating in Standoff enables them to understand attackers' way of thinking better and test their own skills, gaining valuable experience that will help them in their real job.
A virtual state model that emulates all key industries (including industry-specific workflows and systems) and is used for holding cyber exercises. This enables specialists participating in cyber exercises to get to know different security tools, identify infrastructure flaws, or get hands-on experience with investigating attacks.
The virtual states are cyberspaces that emulate infrastructure and security systems of real-world companies and facilities that ensure the viability of entire countries. This includes power plants, an oil refinery, banks, a mission control center, and much more.
All systems in these states are deployed by means of virtual machines and software that are made to be as realistic as possible.
All systems in these states are deployed by means of virtual machines and software that are made to be as realistic as possible.
To conduct an attack and earn points for it, red team members must obtain access to the virtual machines and software of an organization located in either state.
For example, they can send a phishing email with a malicious attachment to an employee. If the organization uses outdated software, the hackers can gain persistence in the system and steal data or take control over the operations center.
For example, they can send a phishing email with a malicious attachment to an employee. If the organization uses outdated software, the hackers can gain persistence in the system and steal data or take control over the operations center.
