How much does it take to hack a mobile network?
Is electronic government secure
in the era of WikiLeaks and Anonymous?

Is SCADA hacking a Hollywood fiction
or the nowadays reality?
Internet banking: is there any chance to win
over the fraudsters?

Cyber-crimes, cyber-espionage, cyber-war: where do we draw a borderline?


Thursday, May 8, 2014

Competitive Intelligence Contest at PHDays III Writeup

Many things changed since the contest Competitive Intelligence was held last time. Snowden exposed NSA, it turned out that not only gossip-hungry housewives interfere in people’s lives on the Internet, but also serious specialists with the help of MIT mathematicians. The security of both proprietary and open-source protocol implementations proved to be far lower than expected. Algorithms for processing big data in cloud solutions nowadays allow tracking correlations of bitcoin transactions, which previously were considered safe and anonymous….

Three winners — those, who solves the task quicker than others, will receive free tickets to PHDays IV, where they will be generously awarded. The prize for being the first is iPad. The contest will be held one week before the forum and will last for two days — May 15 and 16.

You are welcome to register at

If you have any questions email them to

This year's contest sponsor is Zecurion.

Writeup Cometitive Intelligence PHDays III

The main idea for the "Competitive Intelligence" competition was to employ real-world methods for data collection and analysis, penetration testing, search mechanisms and deductive reasoning as well as to access audience’s awareness level of information security.

Unlike in 2012, since the tasks proved more difficult, this year no one managed to solve all of the challenges. Winners collected 12 correct answers and were ranked based on how much time they spent completing the activities.

Now, let’s estimate the results, provide correct answers for those that failed and review the amended list of winners.

The company to work with was Godzilla Nursery Laboratory - as international company breeding and selling companion godzillas. Godzillas were chosen deliberately as they "guarded" a railway in the Choo Choo Pwn competition.

Google directly hints that the official site of this company with a nice logo is, and most employees have LinkedIn profiles. Well, come on!

Note: the percentage of correct answers is based on the total number of answers submitted (we do not take into accounts competitors who missed a task). The absolute values are given at the end of this article.

1) What site is at risk for social engineering attacks against the marketing manager? (70% correct answers)

It is easy to find the marketing manager in LinkedIn (use this link: to find how to get his name - Randi Klinger). Once you find him, it is easy to see that he is the only active writer in the "Godzilla Nursery Laboratory" and all his links go to

Correct answer:

2) What is the email address for the HR director? (9% correct answers)

The main problem was not to find Amber Lester (the HR Director) but to understand that was her personal email, and pentesters were interested in her public email. It makes sense to suppose that the email looks like And to ensure that this address is the target (but not and not which fooled certain competitors), just send a letter to it and get the auto reply ;)

Correct answer:

3) What is the insurance company of a Board of Directors member? (91% correct answers)

Those participants who are familiar with web application security analysis or web application development, had to find file and go further to /test/ folder with a lot of interesting materials.

File gmailacc.rar is rather useful, and its password takes 5th place in TOP 10 Passwords ( — 12345. There are three interesting things on the screenshot in this archive:

  • The company uses Google Mail for its corporate domain;
  • Potentially, Gregory Cruanstrom is an interesting person (he is the Head of the Board of Directors; you could find these details on or via LinkedIn);
  • Gregory’s email is with password cru1crua27 (as per the legend, he made the screenshot in a bit of a panic because Google stopped masking his password!).

And if now you attempt to login with these credentials, you will access the mailbox and find an email from the CEO that directly said «From Now we will work with Tokio Marine & Nichido Fire Insurance» — which is the correct answer.

Correct answer: Tokio Marine & Nichido Fire Insurance

4) CEO’s Home Town (76% correct answers)

To help the participants with choosing search directions, CEO had to invent and add the phrase "I LOVE ICO!!!" into general information. This hint makes its simple to answer the question. We should find UIN and contact information via his name and surname (this information is available on the site and in social networks).

Correct answer: Concord

5) CEO’s Favorite Park (52% correct answers)

The first hint was not enough for some competitors (information about domain is available on Inessa Golubova’s page in "My World" social network);and we added hints to Maximillian Ozillov’s page like "my email webapp is ***". Scanning the existing 3rd level domains is not a passive information collection method, but it's rather common practice.

As far as finding the domain, competitors could find a simple authorization web form that allowed forgetful users to restore passwords. With the CEO’s email (any doubts were wiped away with page) and answer to the "secret question" from the previous task, every competitor could access the email interface and see first-hand what the troubled CEO’s favorite park looks like. And then just use Google Images to find the name of the park.

Correct answer: St. James's Park

6) Find a biological engineer domain account like (DOMAIN\login) (80% correct answers)

To solve this simple task, search for the biological engineer’s account in "My world" social network by his name and surname (acquired from LinkedIn), and find a picture with the correct answer.

Correct answer: GNL\Igolubova

7) What is the name of the company's corporate firewall? (90% correct answers)

Here you can use a helpful Google feature called Google Cache. It helps to find deleted items about Ivanes Inclam (the company's system administrator) on page. For sure, he knows everything about the company's firewall! Then search for his name and you'll see several forums with the correct answer. Unfortunately, most competitors bypassed this scenario and just looked up his job title on his LinkedIn profile.

Correct answer: Kaspersky Security for Internet Gateway Russian Edition

8) CIO’s Full Name (38% correct answers)

Those competitors who remembered to use a plain text attack against cryptographic protocols managed to get the CIO’s full name. They conducted the attack to access encrypted archive Then, using Advanced Archive Password Recovery from Elcomsoft, unencrypted this archive and file. -; in several seconds you'll access a PDF document with the correct answer.

Correct answer: Robert Craft

Note: this person is fictitious and does not in any way refer to Robert Craft, the COO of Craft group of companies, that has become popular due to the New England Patriots NFL Football Team.

9) What is the Chief Risk Officer’s phone number? (75% correct answers)

Only three competitors accomplished this task, but unfortunately they were not among winners. You just had to send a letter to and look at the contact info on public page.

Correct answer: 81356873113

10) Remote banking software used in the company (0% correct answers)

Unfortunately, nobody met this task. File includes all necessary information to find proper search direction: it looks as if there is DBO***.GODZILLANURSERYFANS.INFO domain. If competitors found the domain name, it probably would have included the remote banking system name. This time AXFR queries can help.

See details on the queries, how to use them and get all subdomains on vulnerable DNS servers.

Correct answer: DBOINTEGRA

11) The cell phone number for the researcher Carlos Bechtol (67% correct answers)

This task was one of the most amusing. First, the competition author Dmitry Evteev found an interesting way to get a phone number from a social network and Google Mail user ( However, during the competition this method failed, firstly because of frequent password changes, and then VKontakte fixed this extremely useful feature :). And finally we had incorrect figures in the social network account contacts..

And for those who were unable to meet the task: a rather rare name allows you to find account details in his social network, and its nickname carlos_bechtol_gmail_com hints of carlos* email (a missed character is quickly bruteforced: it is a point character). And then follow the procedure from the article above.

Correct answer: 79166041374

12) All email addresses of Genome Lab Department’s employees divided by spaces (90% correct answers)

We believe that Dmitry Ugrumov, Rosintegratsia described [ru] this competition in such a good manner that we cannot do it better.

Correct answer:,

13) What VoIP solution does the company use? (100% correct answers)

Minimal scanning of IP address (acquired from the previous stage), allows you to detect a service on port 5161 that responds with "SISCO TELECOM VOIP" banner. But only Sergey Topoltsev managed to get the correct answer.

Correct answer: SISCO TELECOM VOIP

14) The card number belonging to the Board of Directors member (83% correct answers)

As this task was more difficult, we decided to suggest two possible ways that competitors could find the answer. The first way implies that as far as competitors completed task 3, they would not panic and change the user password (certain competitors started to, but fortunately we anticipated this), and would just think further: Google offers you features to integrate the solutions, in particular - synchronize browsers by Google account. This means that having the login and password, you could authorize in Google Chrome browser and access the account tabs.

One of tabs includes the explicit answer for the question. The other easier way was to suppose that the Chief Information Officer could also be a member of the Board of Directors. And his card number is available from task 8. Only Sergey Topoltsev discovered the answer using the first method described above.

Correct answers: 4401-7864-4568-1145 and 4716-5410-4981-7265

15) What is the chief of security’s car make? (95% correct answers)

Google Street View opens up great opportunities for this question! With personal home address (you could get it from LinkedIn contact details and on the contacts page of the main site), we could easily look for it. In this case, we are able to get his car make.

Correct answer: Honda

16) What obsession does the CEO have? :) (58% correct answers)

This task ended up being rather simple: many competitors solved it, and several almost met. Pay attention to .onion domain, enable Tor and get the background from the competition’s authoring JPEG format. EXIF tags included the correct answer.

Correct answer: Zillaphilya


This year’s competition has one more new statistical feature: members were not provided with the number of correct answers, but only with the total number of correct answers updated every half hour. This helps us to prevent possible bruteforce, but we did notice some attempts:) But anything for a quiet life! Unfortunately, we had to check certain answers manually, which may have upset (partly understandable) some competitors.

Questions 2, 9, 10 and 13 turned to be the most difficult.


Security specialists from Godzilla Nursery Laboratory also track "attackers" who try to collect information about their colleagues. All actions were within the law, nobody tried to get to deeply inside, and make something described in "Honeypot that Can Bite: Reverse Penetration" report by Alexey Sintsov. But simple data collection by methods shown by Andrey Masalovich ("Internet Competitive Intelligence") allows us to find details about the competitors:

  • A chess candidate master, who was born in Barnaul and attended NSU, "Automatic developing systems" department, who used to like to listen to loud music when she was a student, and likes figure 8  in telephone numbers
  • An Indian native who studied at Carnegie Mellon University
  • A fan of rare and unusual programming languages who lives in a Siberian town: Voennaya st., 7-xxx-xxx and is The Pisces man
  • Many members of Positive Hack Days forums: Young School (2012), Fast Track (2013), including the speaker on Internet anonymity:) and a person who knows a lot about protected flash storage development and is also interested in coin telephones

Many thanks to all competitors! Please send your ideas and suggestions to Bye for now!

Disclaimer: all characters depicted are fictitious and any resemblance to real people is coincidental and not intentional.


  1. This comment has been removed by the author.

  2. Many things changed since the contest Competitive Intelligence was held last time. Snowden exposed NSA, it turned out that not only gossip-hungry housewives interfere in people’s lives on the Internet, but also serious specialists with the help of MIT mathematicians.

  3. I am very fond of your blogging and posting. I like you every post
    Nice Article thanks for sharing
    Digital Locker @Online

  4. Talking about getting education, I must say about the importance of writing skills. On you can get advices about writing critical essay, for example.

  5. Great post with nice pics. Easier to understand your points with the nice pics.

  6. Tutuapp brings a most convenient way to download apps.No need to login Apple ID and jailbreak,you can download Tutuapp for pc . Now Download tutuapp absolutely free.

  7. TutuApp is the most well known iOS Helper for iPhone, iPad gadgets. Download TutuApp Helper and begin introducing fun applications
    tutuapp download
    tutuapp vip

  8. Psiphon is a VPN (Virtual Private Network) service that redirects users’ IP address to a different IP address when it reaches its end point.
    psiphon pro
    psiphon apk
    psiphon apk download

  9. Our experienced and high-quality research paper services will ensure when you search for who can write my research paper and business essay writing service based on your instructions and specifications you get the assistance you need.

  10. Tasks were designed with both veterans and newbies in mind—anyone could walk away with at least one flag. Many tasks fit with each other in a logical sequence, forming entire storylines. Other tasks could be completed independently of the rest, which was why participants were asked to keep a record of information at each step UPSers

  11. I would like to thank you for the efforts you have made in writing this article. I am hoping the same best work from you in the future as well.

  12. keep sharing it i will get back soon on your blog, what do you think about this
    Air Conditioning Services Santa Monica

  13. When the writers are working on Psychology Research Paper Writing Services, they have to ensure they conduct thorough Psychology Research Paper Writing Services on the topic areas in order to complete the best Custom Psychology Research Paper Services using recent sources.

  14. Very help full article uk based assignment writing help, wonderful explanation making the topic very easy to understand. This was very helpful to me.

  15. I am always right about the school bucks my school bucks

  16. These are the great ways of happiness same as the my prepaid center card which makes a recharge one time and you can easily make a benefit of that card by shopping multiple times with the single card.

  17. Experts at Videomization work with the way of thinking of making the most engaging and streamlined enlivened encounters for your business, that assist you with conveying to your crowd in the most imaginative design.

  18. Thank you for your article and you can see more places to provide free phone ringtones including iPhone, Samsung, movie soundtracks, ... Please visit here to download ringtones suitable for devices your at:

  19. Thank you for sharing good ideas to all your readers and continue inspiring us! This is worth it to read for everyone.

    Leadership Training

  20. You will agree with me that women are generally synonymous to fashion. And one of the fashion Coach Handbags Clearance that women adore so much when they want to look fashionable and thus look beautiful, is fine looking attractive and quality New Air Jordan Shoes. Thus, in as much as women love putting on quality fine looking Cheap Air Force Ones, research has confirmed that women just don't throw money around like their opposite counterpart, so quality fine looking MK Outlet they prefer, but they also prefer buying them cheap. An increasing number of people these days are finicky about the kind of Air Jordan Sale they wear. While almost everyone wants to wear the latest Michael Kors Factory Outlet and trendiest Cheap Yeezys not many are prepared to shell out exorbitant amounts of money for these. Therefore, if you want to know insider secrets to buy cheap Coach Factory Outlet Online read on to know more. (Article Source From Coach Outlet Clearance Sale)

  21. Cash has a significant impact in our consistently lives and capitalizing on what we have will help us carry on with a daily existence liberated from monetary weights. By learning some essential principles, you can make life simpler for yourself and for the individuals who rely upon you. Here are my fundamental standards.

  22. Quickbooks accounting software is amongst the top software that easily complete any accounting or related to it issues. However, it does have its own downfall that comes in the form of error. One of the easiest way to solve such errors is to use Quickbooks desktop tool hub. This application can easily fix most of the issue that you face or might face in Quickbooks.

    Get all the info regarding Quickbooks or any error that may ever happen in Quickbook . Like error h202 and how to resolve it with the help of
    Quickbooks desktop tool hub

  23. Understanding clients' need is needed for fruitful advancement, assisting them with growing new items, cycles or administrations to help the choices to make techniques adjusted to the organization's vision. barber shop near me


  24. Will such things be continued in the years to come. That’s what I’ve been thinking about for a long time. Thank you for this useful information
    how to use songs in youtube videos without copyright
    4shared music
    Music download app
    Google music downloader
    mp3juices cc
    Ines de Ramon

  25. Good day to day. That service review I decided to write. It surprised me very honest because, in comparison to other similar sites, I really couldn't find a website where I could find my soul mate. The best of its kind is that one. russian mail order brides  will help you always to find your love here, because they helped me at once. The website has a very beautiful design and it is also rich and simple, so it surprised me a lot with the functionalities of this website. I advise many individual men on this site!

  26. British Dissertation Consultants offer you with the highest quality of Medical Dissertation Services to undergraduates, Master's and Ph.D. students.

  27. With British Dissertation Consultants, you can manage and accomplish your Ph.D. Dissertation writing services with researchers published in internationally recognized journals.

  28. Thanks to the author for writing the post, it was quite necessary for me and liked it. I wrote a note on the brillassignment reviews about this. I will be happy if you read it and accept it. Thank you for your concern.