PHDays video



CityF Rules

PHDays VI СityF: The Standoff

PHDays key theme is ‘The Standoff ’. This year we are replacing the usual CTF format and are instead bringing you a fully-fledged battle. We are using a realistic scenario in a specially designed setting that mimics a typical urban infrastructure. This time, the hackers will bring out the big guns in order to take down the city, while city defenders — security experts and the SOC — will be trying to counter their attacks.


The setting, for this competition, is an interconnected urban environment with its own bank, mobile operator, energy company with distribution and trunk substations, a hydro-electric plant, and central and regional traffic control stations, a large corporate office facility, and even a SMART home. The infrastructure will include internet simulation with news, entertainment, and social network sites, which can be exploited by attackers. The environment is dynamic — the services come and go with the attackers constantly interacting with them.

At the beginning of the contest, teams will get access to the infrastructure, which includes the BlackMarket forum. Hackers may sell stolen info and receive new tasks through the market.


We invite teams to participate as hackers, security experts, and the SOC. Any means to achieve the goal are acceptable excluding those restricted by the rules. The judging panel will be supervising the game at all times. Teams are prohibited from:

  • Attacking the infrastructure
  • Attacking judges’ computers
  • Generating unreasonably high volume of traffic (flooding)
  • Blocking access to resources via IP (for defenders)

In the case of a violation, a team may be penalized or disqualified. The panel may clarify the rules before the game starts, as well as modify the infrastructure during the event itself.

There will be rewards in various categories. CityF participants are not the only ones going for prizes though — internet users from the PHDays Everywhere initiative and those who wish to sign in for specific challenges, for instance, bank or ICS/SCADA hacking may also compete for rewards. Also, teams that present their activity reports to the audience will receive special prizes.


Hackers may attack the targets locally or remotely via VPN, as part of a team or as a solo contestant. Participants are not allowed to interfere with the infrastructure itself — only specific objects may be targeted. Players are free to make public announcements about successful hacks.


Teams and single players (nicknames allowed) may be part of this group. Defenders will be split into several teams, each assigned to a specific element — a bank, mobile operator, etc. Teams will be given a sufficient amount of time to configure security tools. During the Standoff, defenders may change security tool configurations, as they become masters of their infrastructures. You may use any IS means. Primary tasks include the designing, installation, configuration, and employment of security tools (if necessary, you may ask the organizers to provide you with required equipment). Also, there will be a SOC team assisting the security experts.

Defenders are expected to report security incidents and take countermeasures as necessary.

External SOC

Every SOC chooses several objects (e.g., the mobile operator or the bank) and protects them in collaboration with their defenders. The SOC helps to monitor the situation and detect threats. Players are to report attacks to the defenders team in a timely manner and suggest ways to counter security risks. In addition, the SOC team is to make regular reports on its activity and provide the organizers with the infrastructure security statistics (attack trends and other metrics).