Corporate Espionage

Community Contract Info

This Community Contract was made by our community member “BoΠeShΔdϴw³”.

https://www.twitter.com/B0neShad0w

If you would like to create your own Contract, head over to: https://hacktoria.com/submit-a-community-contract/ Hacktoria can assist you in making a good contract. To receive help making your contract, just reach out to anyone with the “confidant” role in our Discord server.

Note: Hacktoria cannot guarantee the functionality of Community Contracts.


Prologue

It was just another Friday afternoon in the SOC, Lili was giving Louis a hard time about another date he had arranged for the weekend, you are such a dog joked Lili, to which Louis responded “yeah” but isn’t it cool. The whole team were in good spirits as the weekend was fast approaching, then suddenly Sam shouts out “look at the screens – LOOK!” – everybody stops and looks up, OH SHIT yells Louis, quick, get Sue in here. Sue rushes into the room her eyes widen, and she turns very pale…

She shouts we are under attack – quick, track these bastards, we need to isolate where this is coming from, unfortunately as quick as it started, it ended, save the logs! SAVE THE LOGS! shouts Sue.

Lili & Sam are frantically trying to gather the logs, that is weird mummers Lili, the logs are disappearing, f*** these guys are good says Louis, there goes our weekend. Sigh!
We are going to need some strong coffee in here guys.


Briefing

Greetings, Special Agent J.

We have an extremely urgent matter on our hands. One of our preferred suppliers of Ai tech fears they are subject to on-going data breach. Velocity9 is a small but very influential cutting-edge Ai tech company, a lot of major players use their tech, this ranges from autonomous drones for military use to smart speakers for the public domain, the list goes on and it is growing at an extraordinary rate.

We bought into their tech as early adopters for the “field kit” used by our agents. Their current analysis shows that a large amount of their “Proprietary Ai code” has been exfiltrated somehow! It is unclear at this point if this is a hacking attempt by a rival company, APT or worse by a member of staff. Most of the logs were either deleted or corrupted during the breach.

Your mission is to go in under cover with the guise of a “pentester” to evaluate their security model of the new “Bastion Hosts” security model, but actually try to ascertain who is responsible for the breach, remember these hosts are secure by design, so it will require a special touch to be able to perform your required tasks.

We have our suspicions as to which agency is behind this, but we need proof, this is where your help is needed, we must set the “bear trap”, track their movements and locate the stolen data before it falls into the wrong hands. You may need to dust off your “spy craft” shoes for this one Agent J. Our allies and the agency depend on you.

Note: A bastion host is a special-purpose server configured to withstand attacks. The server will generally host a single application or process. It is hardened in this manner primarily due to its purpose.

As always, Special Agent J. The contract is yours, if you choose to accept.


Materials and Answer Instruction

Password Instruction:

  • Lowercase letters, numbers and hyphens only
  • English language used for locations on Google Maps

password sample for flagfile: some-amenity-city-country-yyyy-mm-dd-hh-mm-handler

sample password: jims-flowers-darwin-australia-1985-10-06-23-45-B0neShad0w

Download the Materials

Download the Flagfile


Write-ups: Corporate Espionage

Submit your own in our Discord “brand-intel” channel for a reward of 100,000 HC or 200,000 HC for the first write-up.

Nothing yetnothing yet, be the first!