GRAND PRIZE - Flight to PHDays X !!!

What is it?

This competition models the arms race between hackers and security specialists, which is seen every day in real life. Security experts at Positive Technologies have created an accurate model of the modern city, featuring all the latest tech used in actual critical infrastructure. This is the perfect “live fire” environment to set up red-vs-blue clashes to see the potential implications for security in the real world.

the setting

This mock city models the digital systems of a full-fledged metropolis with infrastructure including traffic systems, electrical plants, and transportation, rounded out with ICS/SCADA equipment.

In The Standoff at HiTB, defenders (blue teams) will have no time to study the infrastructure, find weak points, pick attack detection tools, and apply fixes. Instead, they will be protecting vulnerable services that are about to be attacked by red teams in a matter of minutes.

Defenders will have limited room for maneuver to fix the infrastructure itself. Their only available options will be WAF rules, NGFW policies, basic account management, and deletion of malicious payloads.

Hackers and security specialists are always in competition. Attackers try to find vulnerabilities and exploit them. Defenders look for weaknesses, patch them, and set up smart tools for detecting malicious activity. 




Underground Spiritual





CBOE 2nd Place

CBOE 3rd Place



Short Notice


How to take part

The Standoff Cyberbattle is not a normal Capture the Flag (CTF) game and will require teams to have the specific skill sets commonly seen in security professionals. The stimulation brings real-world problems to life and will enable cyber professionals to hone in on protection and monitoring skills.

To apply your submission, please fill out the form below. We will make sure that your skillset is a good fit and let you know the results once all applications have been reviewed.



Attackers have complete freedom of action, so long as they do not disturb the infrastructure needed for holding the contest. Their job: to achieve their objectives by any means possible. Objectives are of a high-level nature (for example, “Get client list from company HiPower”). Objectives vary based on target and can be accomplished in different ways.

Most objectives will be known to attackers in advance. However, some objectives are hidden and can be triggered by certain actions or events. Some objectives can be accomplished only during a certain period of time and only by a single team. Information about teams’ successes and accomplishments will be available throughout the game on the team profiles as well as on the leaderboard.

Attackers may use any tools they like so long as they do not break the core rules. At the start, all teams have basic information about the attackable targets; this information will be available on the forum of The Standoff. All other information must be found by the teams themselves. Attackers are free to exchange information with each other.

At The Standoff, attackers will have the opportunity to create a botnet for mining cryptocurrency. The organizers will provide relevant details to teams by request during The Standoff.

During the game, participants may choose to give short reports on what they have done.

The winner is the attacker team with the highest score (total number of points earned for completed tasks).



All defenders will be protecting companies in the virtual city. Each team will be assigned a different company to defend. Each team is responsible for monitoring security tools, as well as ensuring the security and integrity of the assets of “their” company.

Teams receive a list of allowed security tools; this list must be strictly followed. All infrastructure and protection systems will be pre-configured by the vendors for maximum transparency of infrastructure-related events.

During the game, teams should periodically give short reports on incidents and events of interest.

Defender teams are scored based on quickness of incident detection and the completeness of the evidence they collect.

Defender teams may be corporate (consist of employees of a single real-world company).