General information

The Standoff will take place non-stop during Positive Hack Days, starting right after the forum opens and lasting until the end of the forum.

Teams consist of five or more people. Each team can play for one side—attackers, defenders, or SOC—only. A single company may not put up teams for opposing sides (for example, one team for attackers and another team for defenders or SOC). Teams can work locally at the venue, remotely, or mixed (some team members at the venue and others remotely).

A month before the game, each side will receive a briefing from the organizers. The briefing will cover the game rules, preparations and details of the game infrastructure, victory conditions, and awards. SOC and defender teams will be given information about the city infrastructure they are to protect.

During the game, the organizers will provide space for team members and necessary equipment. Proper beds will not be present at the venue, so teams will need to organize any sleeping arrangements themselves. Food will be available both day and night.

At the start of the game, each team will receive access to the game infrastructure. Connections will be made via a dedicated network switch (if the team is at the PHDays venue) or via VPN (if the team is participating remotely).

During the game, a portal will provide basic information about the game infrastructure and list of objectives. News from the organizers will be published there as well.


The teams can do absolutely anything that is not forbidden by the rules. Teams may not:

  • Interfere with the functioning of The Standoff or attack the underlying infrastructure of the venue or game.
  • Attack the jury's computers.
  • Generate unreasonably large amounts of traffic (flood).
  • Defenders may not apply IP-based address blocking.

Teams in violation of these rules may be disqualified.

The game will be continuously monitored by the jury. Important: the jury may clarify the rules at any time prior to the game start, as well as change the state of game infrastructure during the game.


Attackers have complete freedom of action, so long as they do not impair the functioning of the game. They are invited to achieve their objectives by any means necessary. All objectives are general in nature (for example, "hack the telecom operator"), vary based on the target type, and can be accomplished in different ways.

Most of the objectives will be known to the attackers, but the game also has hidden objectives that are triggered by certain actions or events. Some objectives can be accomplished only on a particular timeframe and only by one team.

The teams' rankings can be tracked throughout the game in their profiles on the site of The Standoff and on the leader board.

Attackers may use any tools they like, so long as they do not break the core rules indicated above. At the start, all teams are provided with basic information about the attackable targets; this information will be available on the forum. All other information must be found by the teams themselves. Attackers may share information with each other.

Attackers will be able to build a botnet for cryptocurrency mining; technical details will be provided by the organizers at the briefing.

During the game, participants may choose to give short talks with status updates and their experiences.

The rules for awarding points in various categories will be published right before the start of competition. The overall winner is the attacker team with the highest score. A team's total score consists of the points earned by completing particular objectives.


Defender teams consist of employees of a single company. Each defender team will be responsible for protecting one particular office. Other targets will remain unprotected. The teams' tasks include designing, installing, configuring, and using protection tools, as well as ensuring the security and integrity of the assets of the company to which the relevant team is assigned.

The teams may use any protection tools that are available in software or virtual device form. The organizers will not provide licenses for protection tools, except for those developed by the organizers themselves.

The organizers will apply guidelines to determine whether and how to adjust the game infrastructure for a team (such as the network settings and protection tools in use) so as to ensure a balance between defense and offense. In order to maintain that balance, a more-or-less constant number of vulnerabilities will be present on the corporate infrastructures.

During the game, teams will make regular reports regarding incidents and their accomplishments.

External SOCs

SOCs provide the city's companies with insight and well-honed processes for detecting and preventing incidents. They make life easier for defenders by detecting and investigating incidents as well as by monitoring the city's entire network.

During The Standoff, SOCs provide timely notification to defenders about attacks and propose protection measures. Just like defenders, SOCs should publicly present on the attacks and hacking techniques they encounter, as well as provide protection-related statistics.


The Standoff will also include a hackathon for developers. Developer teams will write applications to be stress-tested by attackers. The teams develop, deploy, and update their applications.


The city is home to a wide range of people, including corporate employees and carefree denizens who use computers, smartphones, and smart gadgets in their daily life. During the game, virtual residents will actively use city services—so bear in mind that they are trusting and prone to falling for social engineering.

Victory conditions

Victory in The Standoff overall, as well as in particular categories, is based on the objectives successfully accomplished by a particular team. The organizers will announce the winners at the awards ceremony after the game.

Game progress can be tracked on the site of The Standoff, which includes a leader board and rankings with category leaders.