Standoff 14 Cyberbattle: important info
This document describes how the cyberbattle will go down for both types of teams.
Important information for red teams
Important information for blue teams
General information
The virtual infrastructure for the Standoff 14 Cyberbattle will consist of four sectors, each with its own operating hours. All times are given in UTC+3.
Important information for red teams
For the red teams, the cyberbattle will take place in a single stage over four days. All times are given in UTC+3.
November 26
05:00–23:59
November 27
05:00–23:59
November 28
05:00–23:59
November 29
00:00–13:00: attack time
14:00: report submission deadline for red teams
16:00: cyberbattle results
How the cyberbattle will go down for red teams
The day before the battle, on November 25, starting at 14:00 (UTC+3), all teams need to check their connection to the Standoff infrastructure. The organizers will send instructions to the team captains in advance.

The main goal of the red teams in the cyberbattle is to score the maximum number of points. There are two types of tasks for which points can be earned.
Finding vulnerabilities
Triggering critical events
You need to exploit a vulnerability and submit a report to be reviewed by the jury.
You need to trigger a critical event and submit a report about it. All reports on critical events are manually reviewed by the jury.
Tasks will be published on the Standoff 365 Platform, in a dedicated section that will appear when the battle starts.
The number of points awarded depends on several criteria:
1. Task completion order. The scoring system is dynamic, with points decreasing by 15% with each team that successfully completes the task. To earn the highest amount of points, you must be the first team to complete the task. For more information, see How to earn points.

2. Involvement of defenders participating in response mode. Each defender team is assigned to a particular industry to supervise it during the cyberbattle. The objective of all blue teams is to promptly detect and investigate attacks. Some defender teams participate in response mode, in which they can temporarily (for up to 15 minutes) block infrastructure hosts and attacker-controlled accounts. Attacks on industries protected by such blue teams can earn you more points, but you must be prepared for temporary account lockouts.

3. Task difficulty.
Our advice to all red teams is to get familiar with the onboarding materials and guidelines on how to fill out reports. They will help you grasp the battle rules and avoid common mistakes.
It is important that all participants treat each other and the organizers with respect and adhere to sportsmanlike conduct. Please carefully read the list of actions prohibited during the cyberbattle so that you can enjoy it and later be able to participate in other Standoff 365 events.
If you notice any issues with the infrastructure during the cyberbattle or have questions, write to the Technical Support chatbot.
How the winner will be determined
The team that scores the most points wins. If several teams score the same number of points, the team that got there first will be deemed the winner.
Place
1
Prize amount
$20,000
2
$10,000
3
$5,000
4
$2,500
5
$2,000
6
$1,500
7
$1,000
8
$500
There is also another prize pool of $7,500 for special nominations. Details will be revealed during the cyberbattle.
Where to view the results
Teams can view their results on the Standoff 365 Platform (a special section will appear when the battle starts). Daily results will also be published on the Standoff 14 page.
Important information for blue teams
For the blue teams, the cyberbattle will take place in a single stage over four days. All times are given in UTC+3.
November 26
For Russian teams:
09:00–18:00
November 27
For Russian teams:
09:00–18:00
November 28
For Russian teams:
09:00–18:00
November 29
Attack response and investigation:
For international teams:
05:00–23:59
For international teams:
00:00–23:59
For international teams:
00:00–23:59
— For Russian teams:
09:00–13:00
— For international teams: 00:00–13:00
15:00: report submission deadline for blue teams
16:00: cyberbattle results
Each blue team participating in the cyberbattle will have its own mentor. Mentor working hours are as follows (UTC+3):
November 26
09:00–18:00
November 27
09:00–18:00
November 28
09:00–18:00
November 29
09:00–15:00
How the cyberbattle will go down for blue teams
Each blue team is assigned to one of four industries. The main objective of defenders is to detect incidents and investigate critical events caused by red teams.

Blue teams participating in response mode should also try to stop the attackers.
How results are evaluated
Defender teams do not compete with each other, nor do they earn points. However, participants can evaluate their progress based on two key indicators: the average time to investigate a critical event and the number of incidents detected.

Defenders should only submit investigation reports on successful attacks. This means that reports on things such as the following will be dismissed: phishing attacks where users didn’t click any malicious links, unsuccessful brute-force attack attempts, or attacks on facilities that don’t belong to the cyberrange infrastructure.

To learn how to fill out reports, read our guide for defenders.
Where to view the results
The team results during and after the cyberbattle will be displayed on the cyberbattle website and in a special section on the Standoff 365 Platform.
Copyright © 2024 Standoff. All rights reserved.