Penetration Testing
t2'16: Challenge to be released 2016-09-10 10:00 EEST Aug 30 2016 07:48PM
Tomi Tuominen (tomi tuominen t2 fi)
It is that time of the year again.

Unicorns attract competitors, copycats and charlatans. For a VC, the road to losing the principal is paved with poor decisions, bad luck and ultimately betting on the wrong horse. One of the challengers in the unregulated pay-per-hitchhike app industry, Astley Auto Association, has been trying to raise a C round. Its founder and CEO, a controversial character, is claimed to represent the darker side of the booming startup scene. While his fans cheer the sticking-it-to-the-man attitude R. Astley has demonstrated to the regulators, there are critics, including many notable venture capitalists and angel investors, who say the man embodies the lack of integrity and honesty.

With circumstances as messy as those of a publicly funded open source project, it gets even messier. An unknown actor has compromised the e-mail server of Astley Auto Association. To prove they have the whole archive, chosen mails from CEO of AAA, R. Astley, and other employees were collected to a dump.
A disgruntled employee, competitor, VC trying to bring down the valuation, angry customer, or a random opportunist - clearly an attribution question so difficult it can only be solved by world leading threat intelligence companies.

Luckily we are more interested in a good hacklog and thorough compromise. A properly placed string tells sometimes defenders and investigators more than thousand words in a compliance report. The mission, should you choose to accept it, is to analyse the e-mail dump and uncover the clues left by the unknown actor, which demonstrate the devastating level of control they have over the environment.

For more information, please refer to https://t2.fi/challenge/t216-challenge/

The Challenge will be released on 2016-09-10 10:00 EEST right here at https://t2.fi/

Good luck,

T

--
Tomi 'T' Tuominen | Founder @ t2 infosec conference | https://t2.fi

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJXxeMFAAoJEBflN3v0piV40wsP/15jsriLnWJTuDZIHx8GCvT6
Hnqvky1oyEQtAQ9akAC+naglqQmSpi4ZnuKgNB5IX4W1wbPTsaDpPHHMafZ71nQM
NG85y2rXqzjrrUcNHP+KpjlnVwLTgS7wrQx6kNruK78OEVck4rtYW3BNeJBgxzhb
UGu9lG5wT7AyXgal/+vDn/gi/LcfT9sdCViuZvfqSKtrbgtfUSSO84D5H7H9oe4H
ZLm5l+GjWElDM3pfQgv0pbwz9DExn7/S1eqkMTzAKkqbi3+hxCQr3ELoubgm8GY6
34z5lTD8N/EMUxJh9fQgAg64wM8qgDSW4BQKCQBx8DRiEtovW2weCKKx38dB/0ox
g+oflEUi3YDBITjziuVi14YnNTp6d5mK5acu+7ouHnNU3BUCMf8ZGHFvdliYrTAm
CcCyQs8yMhniidXX7uA6WuB22rD+8RI673KRsiOowrVOxu6o/a0V/ZvlzZ3tXq7S
KEFHjBEa1oXuXoxximakTQutpEQMIjD5dqTFEopiwoYB8Oo1BdON0khkg7iW12DM
tMiaGZMk7BPEcuoQQCcoGLpkzamKOyUSY547wIIDWStZaU6fjshV8bq8P+4GqJl9
gpyf/A0fJwP3OrCVHcA4H1wjO2sZ0MxhGiKIw+shlh8BLbdoQ+CPflWo905WpU7g
ZFIP3C1kgMWU+IozMsGU
=CKwL
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus