3. Some history
The competition took place for the first time at PHDays 2012.
$natch aims at demonstrating typical vulnerabilities of the
online bank systems.
Positive Technologies performs security tests of the online bank
systems on the regular basis. We are really into this.
The most interesting, dangerous and simply typical
vulnerabilities are integrated into PHDays iBank right away.
4. Last year results
― 9 participants
― 4 winners
― biggest prize of 3.500 roubles
― Some winners got into positive
community
after an extremely scary
interview of course
5. PHDays iBank 2
PHDays iBank 2 is NOT a real online banking system that is
used by actual banks.
System had been developed exclusively for the PHDays 2013
competition.
PHDays iBank 2 employs typical vulnerabilities of the online
banking systems.
6. Competition rules
― 100 bank clients
― 10 participants
― 20.000 roubles of prize money
― 1 day for source code analysis
― 30 – 40 minutes of the actual competition
― a participant will get as much money as he will manage to
transfer to his or her account
― Participants can steal money from each other
7. At the workshop
― You will be able to examine each vulnerability in detail
― Exploit vulnerabilities by yourself
― Exploit vulnerabilities with tools
― All is done on a special copy of the competition system