The Standoff: Attackers and defenders to face off in digital metropolis security challenge

The upcoming HITB+ CyberWeek, which will take place at the Emirates Palace in Abu Dhabi on October 12–17, 2019, will see hackers and cybersecurity practitioners participate in many CTF-style competitions, but none as exciting as The Standoff.

What is it?

The Standoff is a cyberbattle that mimics the real-life arms race between hackers that attack and security specialists that defend critical infrastructure. The participating blue and red teams battle it out on an accurate model of the modern city.

Developed by cybersecurity experts at Positive Technologies, a company that specializes in protection of critical IT systems, this mock city models the digital systems of a full-fledged metropolis with infrastructure including traffic systems, electrical plants, and transportation, rounded out with ICS/SCADA equipment.

“The contest infrastructure is built using real equipment and the latest industry-specific technologies,” Michael Levin, Deputy Director of Expert Security Center at Positive Technologies, told Help Net Security.

“We know what to use because we conduct lots of penetration testing projects, so we understand what the real problems in different industries are and how vulnerabilities could be exploited. This allows us to implement a variety of attack vectors to make the cyberbattle even more exciting and unpredictable.”

Unlike regular CTF, where participants have a minimal toolkit and set of goals, in The Standoff attackers only have a high-level description of the task that could be solved in multiple ways.

“Another distinction from the CTF is that capture the flag contests are usually attack-centered, while The Standoff features several groups of participants. We have defenders, SOCs, security tools vendors, spectators. All of them are communicating and affecting each other during the battle,” he added.

“Also, every event that occurs during the cyberbattle has its resemblance in our mock town. The model works on real hardware with no emulation at all.”

Rules and limitations

Most CTF contests are limited in scope, but not The Standoff: participating teams must have different skills to solve a variety of tasks of different levels of complexity.

Attackers (red teams) have very few limits imposed: they will know most of their objectives in advance and use any tools they like.

“We design tasks in a way that stimulates hackers to conduct real-time research on technologies and vulnerabilities. If they don’t do this, they will be kicked out from the infrastructure by defenders. To win, red teams need to uncover non-typical vulnerabilities, hide their activity, use non-standard techniques and approaches, and do everything very fast,” Levin explained.

Defenders (blue teams) will each be assigned a different company to defend but will have no time to study the infrastructure, find weak points, pick attack detection tools, and apply fixes before the attacks begin. They will receive a list of allowed security tools and will have limited room for maneuver to fix the infrastructure itself – their only available options will be WAF rules, NGFW policies, basic account management, and deletion of malicious payloads.

“You can’t fix all vulnerabilities and control all risks in such contest. So, to make it to the end, the blue team should be fast, well-coordinated, be very good at prioritizing and decision-making,” Levin noted, and says that three days of The Standoff combine a attacks huge corporation usually might experience for a whole year.

The winning attacker team will be the one with the highest score (points earned depend on the completed tasks). Defender teams are scored based on quickness of incident detection and the completeness of the evidence they collect.

Defender teams can consist of employees of a single real-world company.

“A lot of effort is spent on the selection of participants: we need professionals who attack and protect real infrastructures on an everyday basis. Practical experience is crucial to compete in The Standoff,” he pointed out.

Aspiring participants can apply until October 12 and will be notified if they made the cut. Teams can have up to five members. The Standoff itself will be held on October 15–17.