Well, we don’t validate this challenge at time, but few secondes after the end …
We just explain a quick way to do because this shitty challenge does not deserve a nice writeup.
We were given a .vdi and a file called « lastdump ».
This file was supposed to be encrypted (LUKS) but it was not the case …
So we have extracted the data :
$ foremost -t pdf lastdump or $ photorec <on the lastdump>
It was like … 3AM and we already got the PDF with the logo.
We spend many many MANY times on it, searching for a PDF in the PDF (PDFCeption …), playing with ascii85decode to decode stream, etc.
At 10AM, Notfound asked to the author, an embittered person (yggdrasil):
2015-04-04 10:02:19 Notfound_ is the logo important ?
No reponse …
A shitty hint was given :
PDFCeption -> Hint: find the difference http://bit.ly/1avCLaQ
Just before midnight, we decided to try LSB on the logo (for a MISC500, yeah LSB, seems legit)
Indeed, the surprise was huge. The logo is stegano !!!!
Last step, find what kind : LSB BGR.
The flag is: DaddyDontTouchMeThere
— Notfound
Hexpresso 
Hey,
Thank’s for your write up
I also worked hard on it …. but I was wrong. I have extracted the ascii85decode/flatdecode (I removed manualy non ascii bytes) part of the pdf and it was an image (without header) :
I noticed binary stream arround the token but it was not ascii….
The logo in that you found the stegano was « ESIEA » one ?
Hi,
Yes, I (Notfound) also past many time on this challenge, and I have extracted the ascii85decode/flatcode too 😀
When the hint was given, I tried to make a difference between the 2 PDF in order to fine ANOTHER PDF … But I was wrong.
The logo is the logo of NDH, check this -> http://notfound.ovh/ndh.png