Defaced internal website leads to the Crypto messages.
I've been a member of the elite hacker group known as "batmen" for over 7 years, and I know a thing or two about hacking.
SSd2ZSBiZWVuIGEgbWVtYmVyIG9mIHRoZSBlbGl0ZSBoYWNrZXIgZ3JvdXAga25vd24gYXMgImJhdG1lbiIgZm9yIG92ZXIgNyB5ZWFycywgYW5kIEkga25vdyBhIHRoaW5nIG9yIHR3byBhYm91dCBoYWNraW5nLiA=
Attack log: successful use of "ven_diagrams" remote access and rootkit suite
Clue Nggnpx ybt: fhpprffshy hfr bs "ira_qvntenzf" erzbgr npprff naq ebbgxvg fhvgr
hardsell trojan deployed successful injection hardsell backdoor initiated
Last log-in from 128.128.0.6
01010 00000 10001 10010 01010 01101 00110 01000 01100 00101 10000 01101 01011
flag:colourbynumbers
Exif data
A number of pictures with exif data that narrows down
(Extra challenge: some also have stego)
Known affiliation leads them to the hacker org website
Secret dir from logs available... also basicauth creds
Message on the forum claiming the recent attack against X was done by the east london contingent MS-2709
(Extra challenge: web stuff, SQL injection, XSS?)
Possible Web Challenge. FLATCORE CMS.... It’s a cool hack (and via user agent)
People will know:
What has happened
The last few potential hackers
Captured phone: spy on it
Show how to refine the list using wigle.net