We just realised that we forgot to include the link for submitting the flags (it was not supposed to be part of the challenge 😉
Sorry!! Here we go!
Everybody is a fan of disruption until it hits them personally.
Unicorns attract competitors, copycats and charlatans. For a VC, the road to losing the principal is paved with poor decisions, bad luck and ultimately betting on the wrong horse. One of the challengers in the unregulated pay-per-hitchhike app industry, Astley Auto Association, has been trying to raise a C round. Its founder and CEO, a controversial character, is claimed to represent the darker side of the booming startup scene. While his fans cheer the sticking-it-to-the-man attitude R. Astley has demonstrated to the regulators, there are critics, including many notable venture capitalists and angel investors, who say the man embodies the lack of integrity and honesty.
With circumstances as messy as those of a publicly funded open source project, it gets even messier. An unknown actor has compromised the e-mail server of Astley Auto Association. To prove they have the whole archive, chosen mails from CEO of AAA, R. Astley, and other employees were collected to a dump.
A disgruntled employee, competitor, VC trying to bring down the valuation, angry customer, or a random opportunist – clearly an attribution question so difficult it can only be solved by world leading threat intelligence companies.
Luckily we are more interested in a good hacklog and thorough compromise. A properly placed string tells sometimes defenders and investigators more than thousand words in a compliance report. The mission, should you choose to accept it, is to analyse the e-mail dump and uncover the clues left by the unknown actor, which demonstrate the devastating level of control they have over the environment.
The first person to recover all flags will win a free ticket to t2’16 conference. In addition to this, the creators of the Challenge will select another winner among the next ten correct answers. The criteria for the other selection is the elegance of the answer. In short, you can win with both speed and style.
The Challenge will be released on 2016-09-10 10:00 EEST right here at t2.fi
In real life, technical superiority is one thing and an ability to present your work is another.
So, without further ado – best write-up for t2’15 Challenge:
Merry Christmas and Happy New Year!
Richard Baranyi (Crypto wizard23) from Slovakia was the first one to solve the t2’15 Challenge. Well done! Congratulations!
The elegant write-up trophy goes to Juha Kivekäs, Finland. His write-up will be published soon so you’ll have a change to evaluate the submission yourself.
Congratulations to both winners! We would also like to thank each one of you who participated. Last but not least. if you have an interesting idea for t2’16 Challenge, please let us know – authors get a free admission to the conference among other perks 😉
This is just a short note to let you know that the deadline for t2’15 Challenge write-up submissions is 2015-10-17 10:00 EEST, after which the creators of the Challenge will select the winner.
Please remember that the criteria for the selection is the elegance of the answer. The solution must include a detailed description of methods and tools used. If you don’t know the definition of elegance – please check out the winning write-ups from previous years.
t2’15 Challenge hint #4: If you failed to read the recipe …
t2’15 Challenge hint #3: What file format was invented on the date contained in the missile system decryptor?
t2’15 Challenge hint #2: If you modify the cookie you will notice that it contains padding.
t2’15 Challenge hint #1: One flag is unintentionally a little bit unclear. If you find a password on a level, its hash is the solution to the level.