| Developers: | Positive Technologies |
| Technology: | Virtualization, IB - Information Leakage Prevention, IB - Security Information and Event Management (SIEM) |
Content |
Main articles:
- Virtualization. Classification and applications
- Security Information and Event Management (SIEM)
- DLP - Data Loss/Leak Prevention
The Standoff is a platform that Positive Technologies allows you to create virtual models of key objects information infrastructure and test them for resistance to attempts to gain unauthorized access to. hacker to the attacks
2021
Hard in cyber exercises, easy in cybersecurity. Results of The Standoff Moscow
To Moscow The world's largest cyber exercises, The Standoff Moscow, were organized by the company Positive Technologies in partnership with the Civil Code. The Innostage article "Hard in cyber exercises, easy in cybersecurity. Results of The Standoff Moscow " details the course of the battle, assesses the virtual infrastructure states and understands the techniques of attackers and defenders. More details here [1]
Vulnerability Detection in NFT Smart Contracts
In Moscow, The Standoff Digital Art contest ended at open cyber exercises, during which white hackers hacked paintings from representatives of domestic digital art. This was announced on November 17, 2021 by TAdviser representatives of The Standoff project.
The Standoff Digital Art virtual is a gallery, each painting in which is presented in the form of a NFT token. It was he who the experts tried to break into. cyber security the Russian Digital artists Desinfo, Meta Rite, Artem Tkach, volv_victory, Anomalit Kate and Loit provided their work.
NFT is a non-replaceable token. It cannot be divided into parts or replaced with a similar one. NFT has all the properties of a unique subject in the physical world, so it is valued no less, and in some cases even more, than its analog version. But demand is not just about supply. Works of art are always someone wants to assign. You can steal a painting from the gallery by entering the exhibition. A digital painting can be stolen without getting off the couch.
At the same time, there is no technical way to return the stolen NFT to the former owner. The entire technology of blockchain, smart contracts implies that the actions taken cannot be canceled. If the smart contract itself does not spell out the option of returning NFT, then there is no way to do this. On the other hand, it is very difficult to withdraw money for a stolen NFT object. And covering your tracks is more difficult than in the case of theft of a real picture. All transactions are visible in the explorer, to track who, what and when did, is quite simple. At the same time, it is impossible to bring anything out of the blockchain into the real world without using cryptobirge, and all cryptobirges as of November 2021 request detailed personal data about each of their users. Nevertheless, thefts are committed. One of the high-profile "cases" was the theft of two cryptopanks from the NFTX platform in June 2021. The burglar managed to bail out only 6 ETH, as a result, the platform bought them back. Another incident happened with a collection of authors of crypto banks (Larva Labs) called Meebits. A vulnerability was discovered in the code of the smart contract, which made it possible to predict the rarity of the new meebit when it was minted. The hacker managed to get an ultra-rare NFT and sell it for 200 ETH.
 | NFT is a token that is implemented according to certain standards. But they are only a prescription of what should be in a smart contract. At the same time, the standard does not regulate the code itself - hence the problems arise. Of course, there are libraries in which everything has already been implemented and tested, but nothing prevents you from changing this code or adding your own. As a rule, this is the reason for all vulnerabilities, says Arseny Reutov, head of application protection research at Positive Technologies.
|  |
Such weaknesses were sought by members of The Standoff Digital Art, checking the strength of smart contracts of real Russian NFT objects. To take possession of the picture, attackers found vulnerabilities in smart contracts by analyzing the source code. They were published in the test network of the blockchain Ethereum. Each of the vulnerabilities was exploited only once.
Representatives of cyber art agreed that NFT is an unconditional trend, and NFT pictures may not be inferior in value to analog ones. This is due to the pricing mechanism.
| | NFT provided CG artists with the opportunity to enter the art market. There was an opportunity to sell - a market appeared. It is the market that forms the cost of digital art: the most expensive works are either the most famous images, or what was created by the media author. Value is determined by the audience involved, noticed digital artist Artem Tkach.
| |
Participants in The Standoff Digital Art also noted that there was a certain tendency to interpenetrate analog and digital art:
| | The digital direction brought offline artists a tool to create and share their works. For example, when there was quarantine, many traditional artists began to create digital art, which was convenient to share with the whole world. So, from my point of view, this direction is an additional tool for artists to show the world what you can do. It is also convenient. Technology must work for humans, noted artist, creator, artist Alexander Tito.
| |
However, it is obvious that the safety of the NFT art is not known enough. The results of the competition prove the relevance of this direction for IB companies. After all, hackers closely monitor trends, and all technologies instantly fall into their field of view.
| | More and more people are immersing themselves in the topic, learning the language of Solidarity and blockchain platforms. But the entry threshold remains quite high, especially in decentralized finance. To understand smart contracts, you need to not only know Solidarity, but also the protocol itself and all the math and financial side associated with it. In NFT, everything is simpler, but there is a very complex logic that needs to be sorted out, noted the organizer of The Standoff Digital Art Arseny Reutov.
| |
Description of The Standoff
According to information for November 2021, The Standoff is a cyberpoligon in which leading experts in the field of "offensive" and "defensive" are fighting for the resources of a virtual copy of the world. At the landfill, production chains, business scenarios and the technological landscape characteristic of various sectors of the economy were recreated.
At The Standoff, defenders and attackers from a variety of prototypes of real companies have access to logistics, transport (freight and passenger), mining and distribution energy infrastructure, smart urban systems, financial, telecommunications structures and much more. Participation in The Standoff allows you to test the possibility of implementing cyber attacks and assess the extent of their consequences in a safe environment, gain knowledge and practical skills to detect and counter cyber attacks, study scenarios for responding to known and unknown risks, and investigate the relationships between cybersecurity and business.
| The site content is translated by machine translation software powered by PROMT. The machine-translated articles are not always perfect and may contain errors in vocabulary, syntax or grammar. Read original article If you find inaccuracies or errors in the results of machine translation, please write to editor@tadviser.ru. We will make every effort to correct them as soon as possible. |