The Fugle Company – The optimal solution

Below you will find our take on the targeted attack game that was developed by Trend Micro.
With some luck and some good decisions, it seems that we got an optimal solution for this game that balances available resources while minimizing exposure risk. We will try and explain a bit our choices which happened to be the correct ones in this very interesting scenario.

Below is a video demonstrating the gameplay we describe above.

Reset a WatchGuard Firebox M200 1

  1. Power on the WatchGuard Firebox M200.
  2. Wait until the Arm indicator ( Shield symbol ) turns solid green.
    The indicator is found on the front part of the device (it is the second light on the column with the three lights).
  3. Press and hold the Reset button on the front of the device.
    The reset button is right next to the three lights.
    Do not release the button until step 8.
  4. After five seconds, the Arm indicator ( Shield symbol ) will turn red.
  5. Continue to hold the Reset button even if the Arm indicator ( Shield symbol ) is not lit.
  6. After approximately 40 seconds, the Arm indicator ( Shield symbol ) should start to flash green.
  7. Continue to hold the Reset button while the Arm indicator ( Shield symbol ) flashes green once per second.
  8. Once the Arm indicator ( Shield symbol ) starts to flash green twice per second, release the Reset button.
  9. Wait until the Arm indicator ( Shield symbol ) starts to flash red again.
  10. Press and hold the Reset button for five seconds to reboot the device.
  11. The Firebox will restart with factory-default settings.

After you perform the reset procedure, the Firebox will be reset to factory-default settings.
Any saved backup images will be deleted from the Firebox.
Interface 0 will be enabled as an external interface, as a DHCP client.
Interface 1 will be enabled as a trusted interface with the IP address, and a DHCP server will be enabled.
The default admin and status management user accounts will be available, with the default passphrases (default password) which will be the word readwrite.
The Web Setup Wizard will start automatically when you log in to Fireware Web UI.
The device will be discoverable by the WSM Quick Setup Wizard.
The device will be discoverable as a new FireCluster member (if the device supports FireCluster).

MTN Cyprus – Get SIM Card IMSI and MSISDN using USSD codes

Because of reasons we wanted to find the IMSI of a SIM card and the MSISDN of its connection on a phone we had in our hands.
We did not wish to install additional applications on that phone to get this information so we had to find an alternative method in getting the IMSI and the MSISDN.
Luckily for us there was a way using the USSD codes that were provided by MTN Cyprus.

Using the dialer (phone application) of our phone we typed the following two commands (one at a time) and then pressed the call (green) button.

To get the MSISDN we called:


To get the IMSI we called:


After each call a popup message would appear from the provider (MTN) showing us the information asked.


Unstructured Supplementary Service Data (USSD), sometimes referred to as “Quick Codes” or “Feature codes”, is a communications protocol used by GSM cellular telephones to communicate with the mobile network operator’s computers. USSD can be used for WAP browsing, prepaid callback service, mobile-money services, location-based content services, menu-based information services, and as part of configuring the phone on the network.



MSISDN is a number uniquely identifying a subscription in a GSM or a UMTS mobile network. Simply put, it is the mapping of the telephone number to the SIM card in a mobile/cellular phone. This abbreviation has a several interpretations, the most common one being “Mobile Station International Subscriber Directory Number”.



The International Mobile Subscriber Identity or IMSI is used to identify the user of a cellular network and is a unique identification associated with all cellular networks. It is stored as a 64 bit field and is sent by the phone to the network. It is also used for acquiring other details of the mobile in the home location register (HLR) or as locally copied in the visitor location register. To prevent eavesdroppers identifying and tracking the subscriber on the radio interface, the IMSI is sent as rarely as possible and a randomly generated TMSI is sent instead.



Cannot verify domain with Yandex when domain is behind CloudFlare 2

Recently we were trying to verify the ownership of a domain through yandex. We tried the CNAME approach which would be more universal and so we added a new CNAME record in the DNS configuration in CloudFlare.

The record had the following configuration:

  • Type: CNAME
  • Name: yamail-dd63c3831dbd
  • Value:
  • TTL: Automatic
  • Status: DNS and HTTP proxy (CDN)

We tried several times the verify domain button in but it kept on failing saying that the CNAME record was not found. Only after we disabled the DNS and HTTP proxy (CDN) did it work.

So in the end, the properly working record was as follows:

  • Type: CNAME
  • Name: yamail-dd63c3831dbd
  • Value:
  • TTL: Automatic
  • Status: DNS Only