Challenge | t2 infosec conference

2014-09-07

t2’14 Challenge to be released 2014-09-13 10:00 EEST

Due to recent extraordinary events, we’re diverting from our usual Challenge process this year. Instead of a traditional puzzle, a captured binary will be released for crowdsourced reverse-engineering.

Background

Running assets is always difficult, however this year has been excruciating for t2 infosec. We lost one of our most prized and well placed deep cover operatives in a foreign three letter agency. Shortly after the CFP, communications stopped and we have to assume her new assignment is a permanent placement at a black site somewhere in Eastern Europe.

Luckily for us, the person was able to exfiltrate a key piece of an intelligence analysis system before disappearing. In order to turn the tables and go for the pride-and-ego down, our intention is to burn this capability once and for all.

Y-LOCKPOINT is designed for searching and analyzing compromised computer systems. Despite the OPSEC failures, which allowed us to gain access to front-end application, the binary is well-protected – preliminary analysis indicates emphasis on multi-layer protection and resistance to analysis.

Your mission, should you choose to accept it, is to participate in the crowdsourced reverse engineering effort of the acquired front-end binary.

Details

The first person to recover all content will win a free ticket to t2’14 conference. In addition to this, the creators of the Challenge will select another winner among the next ten correct answers. The criteria for the other selection is the elegance of the answer. In short, you can win with both speed and style.

The Challenge will be released on 2014-09-13 10:00 EEST right here at t2.fi

2013-09-24

t2’13 Challenge Solutions

In real life, technical superiority is one thing and an ability to present your work is another.

So, without further ado – best write-ups for t2’13 Challenge:

2013-09-23

t2’13 Challenge Winners++

Yes we know, we have already announced the winners but wait – there is more! First time in the history of t2 we are giving out one additional free admission. And that goes to Ludvig Strigeus from Sweden. Why? Well, first of all, he is an awesome guy and writes software we all love but in addition to that, his solution was both fast and elegant. The authors felt that although the challenge rules didn’t do justice to him, he totally deserved to win as well. So here we go 🙂

Congrats Ludde!

2013-09-22

t2’13 Challenge Winners

Teem Grammer Nazi from Australia was the first one to solve the t2’13 Challenge (8 hours and something). That is pretty hard core.

The second winner is Alexander Polyakov from Russia. Alexander is one of those guys who has solved pretty much each and every t2 challenge over the years and this time his hard work finally paid off.

Congratulations to both winners! We would also like to thank each one of you who participated – especially those who made it to top 20 – you guys rock! Last but not least. if you have an interesting idea for t2’14 Challenge, please let us know – authors get a free admission to the conference among other things 😉

2013-09-21

t2’13 Challenge winners will be published this weekend

We will publish the winners of t2’13 Challenge later this weekend. So, if you’re still planning on submitting your write-up the deadline is tomorrow 2013-09-22 12:00 EEST.

2013-09-07

t2’13 Challenge warning

Sometimes it happens that we underestimate the “cleverness” of the contestants. This is one of those times. We are sorry that we have to spoil part of the Challenge but we feel that we need to explain what is going on.

After mounting the USB drive one of the things you will find is vault/index.html. The idea in a nutshell is that every click on an arrow creates a new dynamic url. So, in order to solve it you need to find the right combination which in turn will take you to the right redirection url.

Now, some “clever” contestant registered the default redirection url i.e. the one that activates if you just click the lock icon without hitting any arrows. Needless to say, the prankster didn’t choose “my little pony picture” but something a bit more horrid.

We are sorry about this – we have contacted tinyurl.com and asked them to remove the redirection. This has no effect to the challenge itself – the only effect is a psychological one i.e. one of the contestants is trying to troll others.

2013-09-07

t2’13 Challenge download stats

t2’13 Challenge was downloaded more than 100 times within the first five minutes. Good luck everybody!

2013-09-07

t2’13 Challenge is on!

t2’13 Challenge is on! Good luck!

2013-08-16

t2′13 Challenge to be released 2013-09-07 10:00 EEST

We’re pleased to announce the release of the t2’13 Challenge!

Soon after t2’12 was over, we discovered that the conference had been infiltrated by an APT. Our best guess is that the APT pwned the laptop of one of the conference organizers and successfully exfiltrated some data. Luckily for us, our beloved APT got so hammered on the conference dinner on Thursday that he forgot his USB thumb drive to Zetor. We are confident that this OPSEC blunder will lead us to what was stolen but despite our best efforts we have not been able to decipher the contents of the USB drive. Your mission, should you choose to accept it, is to recover the stolen content.

The first person to recover all content will win a free ticket to t2’13 conference. In addition to this, the creators of the Challenge will select another winner among the next ten correct answers. The criteria for the other selection is the elegance of the answer. In short, you can win with both speed and style.

The t2’13 Challenge will be released 2013-09-07 10:00 EEST right here at http://t2.fi/

2012-09-24

t2’12 Challenge Solution

In real life, your technical superiority is one thing and your ability to present your work is another. Therefore, we feel that Timo Teräs from Finland submitted the best write-up that both eloquently and accurately illustrates the Challenge.

So, without further ado: