t2’13 Challenge

Type

APT – it’s easy as 1 2 3 (Jackson 5)

Status

The challenge is over.

Description

Soon after t2’12 was over, we discovered that the conference had been infiltrated by an APT. Our best guess is that the APT pwned the laptop of one of the conference organizers and successfully exfiltrated some data. Luckily for us, our beloved APT got so hammered on the conference dinner on Thursday that he forgot his USB thumb drive to Zetor. We are confident that this OPSEC blunder will lead us to what was stolen but despite our best efforts we have not been able to decipher the contents of the USB drive. Your mission, should you choose to accept it, is to recover the stolen content.

As soon as you unravel the stolen content, head to https://t2.fi/ext/2013/challenge and fill out the form. Once you have entered the MD5s for all stolen files, you will receive an email with your rank. Please reply to the email with a write-up of how you solved the challenge. The scoreboard gives you (almost) real-time information on how you are ranking against other APT-hunters.

The first person to enter all correct MD5s will win a free ticket to t2’13 conference. In addition to this, the creators of the Challenge will select another winner among the next ten correct answers. The criteria for the other selection is the elegance of the answer. In short, you can win with both speed and style. Either way the solution must include a detailed description of methods and tools used.

If you don’t know what is the definition of elegance – please check out the winning write-ups from previous years.

Rules of the Challenge

  1. Anybody can participate, excluding the organizers and employees of the companies that made the challenge.
  2. The answer must have a detailed description of the methods and tools used.
  3. It is not allowed to publish the solution on public forums before the challenge is over.
  4. It is not allowed to modify or redistribute the challenge files.
  5. All rights are reserved.

Filename: t213-challenge.zip
Filesize: 1 273 844 bytes
MD5: ad8037791c51efb89432f41f6b7adee5

Authors

Ideas and implementation: Timo Hirvonen, Timo Teräs, Tomi Tuominen
Photo shoot model (aka. Joanne Fulcrum): Heidi Lammassaari
Photo shoot and postprocessing: Toni Ahola