Because of Cyber – A Recap

Troopers16 has been over for quite a while now, but because sharing is caring, we would like to give you some more insight and share some gems that happened over the 2 days of us running a small/medium sized enterprise in mid-west Russia as part of the well received FishBowl side story.

Technology wise the whole infrastructure of FishBowl, as well as the Cyber Emergency Response Team, was hosted on one FreeBSD machine with exception of the challenge scoreboard which was on site only, hence conference network only.
The C.E.R.T. web site was static web site using the jekyll engine. FishBowl on the other hand required some dynamic web magic which is why we choose to use the flask framework. For the FishBowl web design we simply helped ourselves with the styles of the Troopers web site, who of you noticed? 😉
All web related stuff was reverse proxied by an nginx to provide a common layer of technology even though every venture was segregated into its own FreeBSD jail environment.
For mail a simple postfix setup was set up. Having a proper mail server for such »shenanigans« turned out to be very enjoyable, but more on that later.

Sebastian released a nice write-up of all challenges (including packetwars) over at, check it out.

Honorable Mentions

  • The C.E.R.T. web site and the logo [insert fox picture here?] were designed by our friends Nils and Maze over at Strandrover.
  • The embroidered C.E.R.T. »uniforms« were kindly provided by the guys from the RaumZeitLabor, the hackerspace located in Mannheim.
  • Kudos goes to Niki who came up with some hilarious job and company descriptions for FishBowl
  • Kudos to all coworkers at ERNW who came up with the hilarious feature set of the FishBowl appliances (you know who you are)

The Joy of Being Sales/Support/CEO at once
In this part we want to share some cool correspondence that happened during the conference with FishBowl. In order to contact FishBowl there were several ways. First of all the site offered a completely functional contact form. Also a beta test was mentioned on the login page for which one has to apply via mail. But since we had a catch all configured no mail was lost in the process of Troopers 16. Some mail servers were pretty restrictive though when it came to answering beta applications or enquiries.

Here are a few beta application worth sharing

Of course some people just wanted to obtain tokens, but come on. We are not that easy.

>> On 03/16/2016 11:47 AM, wrote:
>> Amons wrote:
>> Please send me a token 
> On 03/16/2016 12:47 PM, Customer Service wrote:
> Hello Amons,
> I don't know what kind of tokens you mean.
> Please try https://www.$security_token_manufacturer$.com/
> I know they do tokens.
> I hope I could help you
> kind regards
> Potapova Emiliya Grigorievna

Some others tried to bribe us either with cute cat pictures or vulnerabilities.

On 03/16/2016 02:12 PM, TheVamp wrote:
> Hi,
> Can you please invite me to your Beta ;)
> Btw. There is a User enumeration Bug in the login. 
> Greetz TheVamp

This one came with a cat picture attached.

On 03/16/2016 11:54 AM, Patrick wrote:
Subject: Request Beta
> Please...

Here is the related Tweet/Answer from FishBowl.

Timmy on the other hand was one of the first customers who seemed to have interest in our product.

>> On 03/16/2016 11:12 AM, wrote:
>> timmy wrote:
>> What kind of coffee does it make?
> On 03/16/2016 12:19 PM, Customer Service wrote:
> Hello timmy,
> what coffee do you want?
> it can do all kinds of coffeinated beverages.
> cheers

Some other people also started to be creative.

>>> On 03/16/2016 01:17 PM, Stefan H wrote:
>>> Hi, betatest phase sounds promising- free the 0days from their arctic prison,
>>>  right? 
>>> Please sign me up - have cat, will travel.
>>> Cheers,
>>>   Stefan
>> On 16.03.2016, at 13:43, Beta Submission Center  wrote:
>> Hello Stefan,
>> we are very pleased that you want to improve our products.
>> Unfortunately for you the product launch is scheduled for april 1st so we do
>> not accept beta sign ups right now.
>> cheers
>> Akulov Nikodim Kirillovich
> On 03/16/2016 04:56 PM, Stefan H wrote:
> Hello Akulov,
> Thank you for the kind words and the Info. Unfortunately my Web 2.1 Cyberservice
> "Nulldevice as a service" goes live that day, and we are still having difficulties
> with the cloud bit flattenning tech we bought from SnaleOil Cybersivision.
> Good luck to you and have a great conference!
> Cheers,
>   Stefan

Bonus Points for subculture references

On 03/16/2016 06:28 PM, TabascoEye wrote:
> Hey there,
> this is Doctor Doom from the Planet Nintendu64. Please send a beta
> invite to this address for a great future of opression of mankind.
> cheers and iddqd,
> Dr. Doom

Some others used their creativity in a more evil manner

Kevin wrote:
I know Snowball's allergy and she will get sick soon unless you
send a token to 90076

And then there was Kevin. Kevin is one of two guys who actually got a token via email. In Kevins case we just rewarded his determination and persistance on his quest to get a token.

>>> On 03/17/2016 04:27 PM, Kevin L wrote:
>>> I see you already closed - any last minter help I can give?!
>>> Sent from my iCat
>> On Mar 17, 2016, at 4:33 PM, CEO  wrote:
>> here, for your stamina in annoying me ;)
>> was really fun to answer all the emails though
>> have a real token but hurry, terminals close at 16:45
>> 1721-6066-****-3677-5196
> On 03/17/2016 04:37 PM, Kevin L wrote:
> Wow great - I will adopt a cat in return for your kindness.
> Tschuss!
> Sent from my iPhone

We take you by your word Kevin. Please send pictures of you and your new furry room mate.

Also, probably inspired by Ben’s keynote, a man of the church expressed his concerns.

>>> On 03/16/2016 11:44 AM, wrote:
>>> Reverend Raznagoriam "Cyb" Fondlefinger   wrote:
>>> But.. is it ethical?
>>> Yours untruly,
>>>   razna
>> Am 16.03.2016 um 12:41 schrieb CEO:
>> Hello razna,
>> Ethics or moral philosophy is the branch of philosophy that involves
>> systematizing, defending, and recommending concepts of right and wrong
>> conduct. The term ethics derives from the Ancient Greek word ἠθικός
>> ethikos, which is derived from the word ἦθος ethos (habit, "custom").
>> The branch of philosophy axiology comprises the sub-branches of ethics
>> and aesthetics, each concerned with values.
>> As you may have noticed we are russians, not greeks.
>> cheers
>> the CEO
> On 03/18/2016 08:15 PM, Reverend Raznagoriam "Cyb" Fondlefinger wrote:
> Hi Fishbowl again,
> <off role, too>
> I didn't fetch mails from this account during #TR16, so I missed this
> gem until now. Thanks again for your wonderful replies to my tweets and
> mails from my various accounts - you always took the time to read and
> answer. Not only this, but the answer always were very funny, like this
> one.
> Have a safe trip home (even if it's just a few hundred meters), and I
> really, really, really hope I can manage to return next year.
> Cheers & thanks for all the fun,
>   razna aka khae aka Stefan
> P.S.: I am only allowed to use the "Reverend" title in a few states in
> the US. It did cost me $30, though. ;-)
> </off role, too>

See you next year reverend, and may the force be with you at all time.

Last but by no means at least the correspondence with Chad. Chad combined and surpassed the tenancy and creativity of all others which made him the proud receipient of a token and thereby #1 on the challenge scoreboard of Troopers 16.

>>>>>>>>     Chad wrote:
>>>>>>>>     Hi interested in your products!  Would love to talk.
>>>>>>>  On Wed, Mar 16, 2016 at 12:22 PM, Sales wrote:
>>>>>>>      Hello Chad,
>>>>>>>      we are glad that you choose the FishBowl for your
>>>>>>>      security appliance of choice.
>>>>>>>      Unfortunately 90% of our sales department is on some
>>>>>>>      kind of convention in Europe right now, but I will make
>>>>>>>      sure they will contact you as the week progresses.
>>>>>>>      have a nice day
>>>>>>>      kind regards
>>>>>>>      Yesikova Yeva Svyatoslavovna
>>>>>>    On 03/17/2016 03:41 PM, Chad wrote:
>>>>>>    Hi Yesikova,
>>>>>>    That is interesting... could you tell me where they might be?
>>>>>>    Kind Regards,
>>>>>>    Chad
>>>>> On Thu, Mar 17, 2016 at 3:55 PM, Sales wrote:
>>>>>     Hello Chad,
>>>>>     i think it is some sci-fi star wars related convention called
>>>>>     Storm Troopers but I might be wrong. They are really a bunch
>>>>>     of nerds.
>>>>>     cheers
>>>>>     Yesikova
>>>>     On 03/17/2016 04:10 PM, Chad wrote:
>>>>     Dear Yesikova,
>>>>     Very interesting!  I have a colleague who might also be there...
>>>>     could you tell me who is there so I can try to have my colleague
>>>>     engage with them?  If you have a picture or something, that would
>>>>     really help.  Thanks so much!
>>>>     Kind Regards,
>>>>     Chad
>>> On Thu, Mar 17, 2016 at 4:24 PM, Sales wrote:
>>>   As we are a company working on artificial intelligence and
>>>   humanoid appliances our sales department is 100% synthetic.
>>>   all i can give you is a serial number, but its printed behind
>>>   their ears so this could be a bit awkward in the public.
>>>   cheers
>> On 03/17/2016 04:26 PM, Chad wrote:
>>   Okay, great... a serial number is fine!  I'll see what I can do. 
>>   Thank so much for your help!
>>   -Chad
> On 03/17/2016 04:28 PM, Sales wrote:
>  #4711-0815
>  cheers

This mail thread totally made my day and is one of the many reasons why we keep doing what we do.

Shout out goes to Adrian for his application in order to backup snowball as the mascot of an evil mastermind.
Twitter Direct Message FishBowl

The second shout out goes to Martin who published his solution to one of the challenges on Twitter. This selfless behaviour showed the mind set we loved to see at Troopers. Not fighting against each other but together for the greater good. It also ended up in a nice code golf game…nerds.

Last shout out goes to @scorch for having the balls of getting a »tattoo« of FishBowls slogan.
FishBowl Laptop Engraving

We could go on for hours with cool stuff you guys did during this special period of time in mid march. Thanks to all attendees of this years and every other Troopers, you are what keeps us going.

By the way Troopers17 registration is already open. Take advantage of the enthusiast rate.

So long and thanks for all the fish,