Registration is closed! Today 358 teams will play #RuCTFE 2017! https://ructfe.org/news/#today

RuCTF 2018 is going to take part in Yekaterinburg on April 12-16.

RuCTF is an annual open all-Russian intercollegiate competition and conference on information protection. This year we are holding the contest for the 12th time!

The schedule will be the following:

April 12 — it's better to arrive on this day as the conference is going to start on April 13 since morning (we promise, this day will not seem boring to you),
April 13-14 — the conference itself and a personal contest on information security,
April 15 — RuCTF 2018 final contest,
April 16 — awarding and closing ceremony.

We have already sent all the invitations to the teams and very soon the list of invited teams will be made public. The conference program will be published a little later, but it already promises to be useful and fascinating :)

Official website: https://ructf.org/2018/en

You can ask any questions via our email: [email protected]

We published the list of invited teams: https://ructf.org/2018/en/teams/

Today we are starting to introduce you to our conference speakers, since we've published almost complete conference schedule: https://ructf.org/2018/en/events/

The first speaker is Egor Korbutov. Egor is an experienced penetration tester of Digital Security and BugHunter, a member and organizer of Defcon Russia (DCG#7812).

On RuCTF 2018 Egor is going to appear with his presentation "Your hash is mine. Pentest in Windows local networks".
A word to the speaker himself:
— This presentation will fully enlighten you about attacks in Windows networks: what the NTLM hashes are, what kinds of them exist, how to steal them and what for. Also a little about bruteforcing hashes and weak passwords. For last I prepared a fascinating RCE for machines in AD domain.

We updated the schedule on our site. It's time to tell you about another speaker of the conference! First presentation of the second day will be provided by Artem Zinenko, member of the Hackerdom team

He is going to tell about internal structure of WinRM and available authentication methods in it, show the way all these methods are organised inside the system and why most of them aren't secure.
The presentation will be of interest both to those who manage Windows on machines via Ansible or WinRM and those who merely use Windows.

Nowadays "smart" devices become more and more popular. Some even say the amount of them is bigger than amount of people on Earth. But we need to ask ourselves whether they are properly secured. Andrey Muravitskiy's presentation will be dedicated to fresh vulnerabilities uncovered by team Kaspersky Lab ICS CERT in different "smart" devices with certain examples and demonstration.

Andrey is a senior security researcher in the team Kaspersky Lab ICS CERT: he started working in Kaspersky Lab in 2016, his specialisations are penetration testing, research of industrial automatisation systems' security, "internet of things" and and different smart devices. He is a member of several CTF teams.

On the second day another talk will be presented by a regular guest of our conference — Dmitry Sklyarov. Dmitry is a head of the department of Positive Technologies application analysis, he is working in the field of information security more than 18 years. He is a developer of an algorithm of Advanced eBook Processor program, published by Moscow company "Elcomsoft" and designed for creation of ebook backup copies in Adobe PDF format.

Intel Management Engine (ME) technology has been around for over 10 years (since 2005), but it seems impossible to find any official information about ME on the Internet. Fortunately, some studies have been published in recent years; however, all of them deal with ME 10 and earlier, while modern computers implement ME 11 (introduced in 2015 for Skylake microarchitecture). In his presentation, he will explain in detail how ME 11 stores its state on the flash and the other types of file systems that are supported by ME 11.

Last in timetable, but not least talk: The ARTist Framework – Modding and Analyzing Android & Apps for Fun and Profit by Oliver Schranz from saarsec team.
This talk will introduce you to the ARTist instrumentation framework that can be used to analyze and customize Android apps and other Java parts of the operating system. It combines ease of deployment, non-invasiveness and instruction-level instrumentation support, while aiming at developers and end users alike. By the end of the talk, you will have an understanding what problems ARTist can solve and how to write your first own module.

Oliver Schranz is a founding member of the saarsec CTF team, Ph.D. student at the Center for IT Security, Privacy and Accountability (CISPA, Saarland University) and a security analyst at the Backes SRT GmbH company. His research mainly focuses on application-layer security solutions for Android that abstain from modifying the operating system.

Teams are rapidly coming to Yekaterinburg, which means it's time to tell you about our traditional quest. This year we start at 6:30 p.m. Register your team here: https://goo.gl/forms/CF1ITSmsK0IiGWhU2