Description
Hello analyst,
Following an alert from the ABSSI (*Agence Bretonne de la Sécurité des Systèmes d'Information*), we are suspecting a compromise of one of our contractors. An extract, containing a dubious network traffic, has been supplied. Could you please have a look at it? As usual, we are looking for an analysis of the exchanges, and any IOCs if relevant.
Please be careful with contained data, if any. The, maybe, compromised contractor is working on a highly sensitive infrastructure, all information related to this system MUST BE reported at the earliest opportunity.
Thanks for your assistance and your discretion,
-Incident Dispatcher - Investigation des Moyens et Plateformes Sous-traitées
Note: the IPs (203.0.17.X & 203.0.2.X) are internal ABSSI IP addresses and are not part of this challenge.
To finish the challenge, you have to:
- Find an e-mail address (format [0-9a-z]{64}@sstic.org) and send an e-mail to this address as quickly as possible.
- Send a write-up to this same e-mail address before the challenge closing date (2026-05-15 23:59 UTC+2).
Speed Ranking
| Position
| Validation date
| Name
| Write-up date
| Write-up
|
Quality Ranking
| Position
| Validation date
| Name
| Write-up date
| Write-up
|
| 1.
|
|
|
|
|
| 2.
|
|
|
|
|
| 3.
|
|
|
|
|
Prizes
The top three of each ranking will win the following prizes:
- 1st place : Nintendo Switch 2 + an entry ticket for SSTIC 2026 (Your place will be refunded if you already have one)
- 2nd place : Flipper Zero
- 3rd place : Raspberry Pi 5 4GB
Moreover, the top 10 participants in the Speed Ranking and the top 3 in the Quality Ranking will receive a surprise prize, a symbolic yet classy souvenir to commemorate their achievement.
Rules
- Duration
- The challenge runs from 2026-04-15 15:00 UTC+2 to 2026-05-15 23:59 UTC+2
- The deadline may be extended if there are less than three valid solves.
- IA/LLMs
- Using IA/LLMs to autonomously solve challenges is against the spirit of this challenge and is thus considered a violation of its rules.
- Using IA/LLMs as a search engine (call for an artificial friend) is tolerated.
- Usages of IA/LLMs for the writeup is allowed, but must be EXPLICITLY documented.
- Rankings
- There are two distinct rankings: speed and quality.
- The speed ranking will be updated over time as we receive validation e-mails.
- The quality ranking will reward the most detailed, elegant and best-written solutions. Therefore, even if you are not among the fastest finishers, you can still aim to win a prize by writing a high quality report.
- The winner of the quality category will also be offered the opportunity to give a talk about the challenge solution during the SSTIC conference.
- To be eligible for the Speed Ranking, participants must still submit a write-up before the challenge deadline, even if they do not wish to compete in the Quality Ranking. In this case, the write-up may be minimal, but must describe the approach taken.
- Flags
- At the end of each stage, optional intermediate flags may be obtained. These can be submitted at the bottom of the page to appear in the leaderboard for the corresponding stage.
- Submission of the flags is not mandatory; only the final email submission is required to validate the challenge.
- The format of these flags is SSTIC{hexa}
- Eligibility
- The challenge is open to everyone, except employees of DGA-MI and members of the SSTIC organizing committee.
- Members of the SSTIC program committee are allowed to participate.
- Team participation is not allowed. However, limited external help (e.g., “call-a-friend”) is tolerated. And yes, you are free to consider any AI as a friend.
- Prizes
- A participant may win two prizes (one for the speed ranking and another one for the quality ranking).
- In order to claim prizes, winners are required to share their identity with the STIC association.
- The organizers reserve the right, at their discretion, to award additional prizes to other participants.
- Write-ups
- Write-ups shall be written in either French or English.
- They will be evaluated by a judging panel consisting of both the challenge authors and some members of the SSTIC organization.
- By submitting a write-up, participants agree on having their solution published on this page and associated to their name (or pseudonym).
- Code of Conduct
- Attacking the challenge infrastructure is strictly forbidden.
- There is no need to run automated tools such as scanners nor to conduct any network bruteforce.
- Any publication of challenge solutions, in whole or in part, is strictly prohibited before the challenge deadline.
- 0-rulez
- Rules are meant to be followed… but also occasionally bent.
- If you choose to do so, you’ll receive a “0-rulez” tag. You will still be on the leaderboard, just not eligible for prizes.
Please write to challenge2026 [at] sstic.org for any question or issue.
Root
Challenge made by DGA-MI