Positive Technologies: The Standoff Cyberpolygon

The main articles are:

• Virtualization. Classification and applications
• Security Information and Event Management (SIEM)
• DLP - Data Loss/Leak Prevention

The Standoff is a platform that Positive Technologies allows you to create virtual models of key objects information infrastructure and test them for resistance to attempts to gain unauthorized access, to. hacker to the attacks

2025: Standoff Defend for practical training of information security specialists

Positive Technologies on April 29, 2025 introduced the updated Standoff Defend online training ground for practical training of information security specialists.

The updated version of Standoff Defend allows information security specialists to continuously pump their skills, training in conditions modeled on the tactics and techniques of APT groups and as close as possible to the real ones. The updated version of Standoff Defend is available by subscription and is aimed at companies with their own SOC, it allows specialists to develop competencies without risk to the real infrastructure.

In 2023-2024, 39% of companies found traces of the presence of well-known APT groups. To avoid intruders entering the infrastructure and prevent an incident, it is necessary to regularly increase the competence of the defense team. Standoff Defend allows cybersecurity specialists to practice 24/7 attack investigation skills and develop under the guidance of experienced mentors.

Online polygon Standoff Defend is virtual IT infrastructure a typical company. This infrastructure has deployed tools information protection used in corporate systems, the model attacks is based on real threats and covers more than 70% of MITRE ATT&CK matrix tactics and techniques. The landfill is designed for specialists, SOC threat analysts, incident investigation engineers and experts on. cyber security Access to the platform is provided by subscription for 6 or 12 months.

The updated Standoff Defend is another step towards ensuring that the training of information security specialists is as close as possible to real practice. We enable the defense team to face modern threats in a safe environment and prepare to repel them in real combat conditions. Now companies will have a chance to check the level of training of their SOC and learn how to beat first without exposing the business to the risk of real losses, "said Alexey Novikov, Managing Director of Positive Technologies.

Standoff Defend helps businesses prepare for real threats. This is not just a training ground, but a full-fledged ecosystem for the development of information security competencies, including:

• Adjustable attacks - With the help of a special module, attacks are launched that simulate the actions of the largest APT groups. There are 15 such attack chains available to users.
• Workshops with mentors - Standoff experts conduct workshops that show a reference investigation of attacks and analyze the most popular errors of the defense team.
• Advanced knowledge base - theoretical materials and practical tasks based on real incidents and individually selected for each participant.
• The Progress Monitoring System is a tool for tracking the growth dynamics of skills and competencies (both for each participant and for the team as a whole).
• Mini-cyberbitva - platform users will be able to consolidate their skills on online cyberbitva, where they will have to investigate planned attacks and "live" attacks by white hackers.

In Russia, the heads of organizations are personally responsible for ensuring cybersecurity. They are interested in creating effective information security teams that can competently use protective equipment, analyze the tactics and techniques of attackers, and also quickly respond to attacks of any complexity. The online landfill plays a key role in building an effective defense system. The expertise of a thousand white hackers using various tactics, techniques and tools helps businesses and government organizations strengthen cyber resilience. In the context of the rapid development of information systems, Standoff Defend allows defense teams to continuously increase competencies and improve information security processes without interruption from the main work.

2021

It's hard in cyber training, easy in cybersecurity. Results of The Standoff Moscow

The world's largest cyber training, The Standoff Moscow, was held in Moscow, organized by Positive Technologies in partnership with Innostage Group of Companies. In the article "Hard in cyber training, easy in cybersecurity. The results of The Standoff Moscow "detail the progress of the battle, assess the infrastructure of the virtual state and understand the techniques of attackers and defenders. Read more here.

Detection of vulnerabilities in smart contracts of NFT pictures

In Moscow, The Standoff Digital Art competition ended at open cyber exercises, during which "white" hackers hacked into paintings by representatives of domestic digital art. This was announced on November 17, 2021 to TAdviser by representatives of The Standoff project.

NFT pictures can still be stolen

The Standoff Digital Art virtual is a gallery in which each painting is presented in the form of NFT a -token. It was he who tried to hack the specialists. cyber security the Russian Digital artists Desinfo, Meta Rite, Artem Tkach, volv_victory, Anomalit Kate and Loit provided their works.

NFT is a non-interchangeable token. It cannot be divided into parts or replaced with a similar one. NFT has all the properties of a unique item in the physical world, so it is valued no less, and in some cases even more, than its analog version. But demand gives rise not only to supply. Works of art always someone wants to appropriate. From the gallery, the painting can be stolen by entering the exhibition. A digital picture can be stolen without getting up from the sofa.

At the same time, there is no technical way to return the stolen NFT to the previous owner. The entire technology of blockchain, smart contracts implies that the actions performed cannot be canceled. If the smart contract itself does not spell out the option of returning the NFT, then there is no way to do this either. On the other hand, it is very difficult to withdraw money for a stolen NFT object. And cover your tracks more difficult than in the case of theft of a real picture. All transactions are visible in the explorer, it is quite easy to track who did what and when. At the same time, it is impossible to withdraw anything from the blockchain to the real world without using a crypto exchange, and all crypto exchanges for November 2021 request detailed personal data about each of their users. And yet, thefts are committed. One of the high-profile "cases" was the theft of two crypto banks from the NFTX platform in June 2021. The cracker managed to help out only 6 ETH, as a result, the platform bought them back. Another incident happened with a collection of cryptopank authors (Larva Labs) called Meebits. A vulnerability was discovered in the code of the smart contract, which made it possible to predict the rarity of the new meebit when it was minted. The hacker managed to get an ultra-rare NFT and sell it for 200 ETH.

An NFT is a token that is implemented by certain standards. But they are only a prescription of what should be in a smart contract. At the same time, the standard does not regulate the code itself - hence the problems. Of course, there are libraries in which everything is already implemented and tested, but nothing prevents you from changing this code or adding your own. As a rule, this is the reason for all vulnerabilities, says Arseniy Reutov, head of research for application protection at Positive Technologies.

The participants of The Standoff Digital Art were looking for similar weaknesses, testing the strength of smart contracts of real Russian NFT objects. To take possession of the picture, attackers found vulnerabilities in smart contracts by analyzing the source code. They were published on the Ethereum blockchain test network. Each of the vulnerabilities was exploited only once.

Representatives of cyber art agreed that NFT is an unconditional trend, and NFT paintings may not be inferior in cost to analog ones. This is due to the pricing mechanism.

NFT provided CG artists with the opportunity to enter the art market. There was an opportunity to sell - a market appeared. It is the market that forms the cost of digital art: the most expensive works are either the most famous images, or what was created by the media author. Value is determined by the audience involved, noticed digital artist Artem Tkach.

Participants in The Standoff Digital Art also noted that there has been a certain trend towards the interpenetration of analog and digital art:

Digital direction brought offline artists an instrument to create and share their works. For example, when there was a quarantine, many traditional artists started creating digital art, which was convenient to share with the whole world. So, from my point of view, this direction is an additional toolkit for artists to show the world what you can do. It is also convenient. Technology has to work for man, noted artist, creator, artist Alexander Tito.

However, it is obvious that not enough is known about ensuring the security of NFT art. The results of the competition prove the relevance of this area for information security companies. After all, hackers closely monitor trends, and all technologies instantly fall into their field of vision.

More and more people are immersing themselves in the topic, learning the language of Solidarity and blockchain platforms. But the entry threshold remains quite high, especially in decentralized finance. To understand smart contracts, you need not only to know Solidarity, but also the protocol itself and all the mathematics and financial side associated with it. Everything is simpler in NFT, but there is also a very difficult logic that needs to be dealt with, noted the organizer of The Standoff Digital Art Arseny Reutov.

Description of The Standoff

According to information for November 2021, The Standoff is a cyber game in which leading experts in the field of "offensive" and "defensive" are fighting for the resources of a virtual copy of the world. The landfill recreates production chains, business scenarios and the technological landscape characteristic of various sectors of the economy.

On The Standoff, defenders and attackers from all over the variety of prototypes of real companies have access to logistics, transport (freight and passenger traffic), mining and distribution energy infrastructures, smart urban systems, financial, telecommunications structures and much more. Participation in The Standoff allows you to test the possibility of implementing cyber attacks and assess the scale of their consequences in a safe environment, gain knowledge and practical skills in detecting cyber attacks and countering them, study scenarios for responding to known and unknown risks, and investigate the relationships between cybersecurity and business.