Email dump analysis


The Challenge is over.


Everybody is a fan of disruption until it hits them personally.

Unicorns attract competitors, copycats and charlatans. For a VC, the road to losing the principal is paved with poor decisions, bad luck and ultimately betting on the wrong horse. One of the challengers in the unregulated pay-per-hitchhike app industry, Astley Auto Association, has been trying to raise a C round. Its founder and CEO, a controversial character, is claimed to represent the darker side of the booming startup scene. While his fans cheer the sticking-it-to-the-man attitude R. Astley has demonstrated to the regulators, there are critics, including many notable venture capitalists and angel investors, who say the man embodies the lack of integrity and honesty.

With circumstances as messy as those of a publicly funded open source project, it gets even messier. An unknown actor has compromised the e-mail server of Astley Auto Association. To prove they have the whole archive, chosen mails from CEO of AAA, R. Astley, and other employees were collected to a dump.
A disgruntled employee, competitor, VC trying to bring down the valuation, angry customer, or a random opportunist – clearly an attribution question so difficult it can only be solved by world leading threat intelligence companies.

Luckily we are more interested in a good hacklog and thorough compromise. A properly placed string tells sometimes defenders and investigators more than thousand words in a compliance report. The mission, should you choose to accept it, is to analyse the e-mail dump and uncover the clues left by the unknown actor, which demonstrate the devastating level of control they have over the environment.

Operational information

The first person to enter all the correct flags will win a free ticket to
t2’16 conference. All flags are of the format of flag<text>. In addition to this, the creators of the Challenge will select another winner among the next ten correct answers. The criteria for the other selection is the elegance of the answer. In short, you can win with both speed and style. Either way, the solution must include a detailed description of the methods and tools used. Compromising the creators of the challenge in search of the correct answers may or may not yield a desired outcome.

Rules of the Challenge

  • 0x0 Anybody can participate, excluding the organizers and employees of the companies/organizations that made the challenge
  • 0x1 The answer must have a detailed description of the methods and tools used
  • 0x2 It is not allowed to publish a solution on public forums before the challenge is over
  • 0x3 It is not allowed to modify or redistribute the challenge files
  • 0x4 All rights are reserved. Persons, company names or any other identifiable information is fictional, totally made up for entertainment purposes and shit.

Filename: t216-challenge.zip (password: t216)
Filesize: 4 876 105 bytes
SHA1: 6212bb76f6d2fc222474bd70d70d2ef5fa383e2e


All the cool stuff: Ludvig Strigeus, Timo Hirvonen, Rest: Tomi Tuominen