Open Source INTelligence Capture The Flag Contest

This page contains details about our popular Open Source INTelligence (OSINT) Capture The Flag (CTF) contest played at security conferences across the country.  Unlike most CTFs, our targets are real (people), the flags are real (information), and it doesn't take a PhD in cryptography to win! Join a team and show everyone your Internet stalking skills in this one-of-a-kind CTF (that we know of). Prizes are awarded for the top 3 teams and include highly coveted social engineering tools and cash.  You could win other prizes just for entering the contest!​

Click here for the rules of the OSINT CTF.

Click here for a calendar of upcoming contests.

Rules

 

OSINT is about gathering freely available information. Under no circumstances should any of our volunteer “targets” feel victimized by the participants in this CTF. This contest focuses on the information-gathering skills of the contestant. Our goal as sponsors is to raise awareness about the vast amount of information shared by people and how this information can be used in a social engineering attack. Therefore, the following rules must be followed:​

  • No paid search services can be used. All teams must be able to provide a URL for each flag submission upon requestion. We will spot check the winning teams and disqualify any source URLs that cannot be verified without requiring authentication beyond a generic LinkedIn, Spokeo, Twitter, Jigsaw, Flickr, Pastebin, shodan, or Facebook account that has no connection with any of the targets.

  • Teams are not allowed to call, email, or elicit information from the targets in ANY way.

  • C G Silvers Consulting reserves the right to disqualify any team that uses unethical means or disregards the intent of the contest.

  • You get two guesses per challenge. Format does matter. Please read carefully and take note of the format for each flag.

  • At least one member of each team must be present at the awards presentation to win (see schedule below).

 
 

Upcoming Contests

 

Join us for the OSINT CTF at the following conferences:

  • CypherCon: April 2-3, 2020

  • NolaCon: May 15-17, 2020

  • DEF CON: August 6-9, 2020

  • GrrCON: October 22-23, 2020

 

CypherCon 2020

Our popular Open Source INTelligence (OSINT) Capture The Flag (CTF) contest is played at security conferences across the country. Unlike most CTFs, our targets are real (people), the flags are real (information), and it doesn't take a PhD in cryptography to win! Find a partner and show everyone your Internet stalking skills in this one-of-a-kind CTF. Cool prizes are awarded for the top 3 teams. You could also win prizes just for competing!

Prizes

 

Take a look at some of the cool prizes that have been awarded at previous cons:

  • NolaCon and GrrCon Black Badges

  • HAK4KIDZ Electronic Badge and dc801 DefCon 26 Badge

  • Hak5 hacking gadgets

  • Various drones

  • Raspberry Pis and accessories

  • Various social engineering hacking tools

  • A signed copy of "Social Engineering: The Science of Human Hacking" by Chris Hadnagy

  • Google Home Mini

  • Arduboy Arduino

  • Online training voucher from IntelTechniques

  • Linux To Go USB boot drives

  • Various lockpick sets

  • Waterproof bluetooth speakers

  • Amazon gift cards

Details

 

  • Competitors work in teams of TWO: Find your hacking lobster.

  • What you need to compete: Contestants must bring a laptop computer with the ability to connect to WIRED internet (RJ45) and an ethernet cable. It’s also recommended that you bring a power adapter, as the CTF runs for 4 hours.

  • PRE-REGISTRATION is recommended in order to compete: The OSINT CTF takes place on Day 1 of the conference and space is limited.

  • The top three teams will be invited to participate in a panel discussion on Day Two of the conference: Let us get a look inside the hacker head!

Gameplay

  • Complete the google form to register. https://forms.gle/ZTWsNiksuc37WQhq7

  • At the start of the contest, the names and photos of our Volun-targets will be revealed. These are real people who have graciously agreed to let you stalk them online. Please be respectful.

  • Our OSINT CTF consists of sets of questions. You will have access to the first set of questions for a period of time, and then the next set of questions will appear. The first set of questions will then close, and so on. 

  • Once you’ve found a flag:

    • Record the URL where you found it.

    • Take a screenshot and add annotation to the image (Seriously, even if YOU think the answer is obvious, annotate. It increases your chances of scoring maximum points when you circle/highlight/underline the flag.)

    • Save the image file using the following format: Team Name_Challenge #

    • Using the OSINT CTF official scoring engine, submit your answer and the URL.

    • Submit the corresponding screenshot file to Dropbox (you’ll be emailed the dropbox submission link).

  • The number of guesses per challenge is variable. Make sure you notice how many guesses each challenge allows.

  • Formatting matters. Pay attention to the formatting required when answering challenges.
     

Code of Conduct

OSINT is about gathering freely available information. Under no circumstances should any of our volunteer “targets” feel victimized by the participants in this CTF. This contest focuses on the information-gathering skills of the contestant. Our goal as sponsors is to raise awareness about the vast amount of information shared by people and how this information can be used in a social engineering attack. Therefore, the following rules must be followed:​

  • No paid search services can be used. All contestants must be able to provide a URL for each flag submission upon request. We will spot check the winners and disqualify any source URLs that cannot be verified without requiring authentication beyond a generic LinkedIn, Spokeo, Twitter, Jigsaw, Flickr, Pastebin, shodan, or Facebook account that has no connection with any of the targets.

  • Contestants are not allowed to call, email, or elicit information from the targets in ANY way.

  • CG Silvers Consulting reserves the right to disqualify any contestant that uses unethical means or disregards the intent of the contest.

  • You get a variable number of guesses per challenge. Format does matter. Please read carefully and take note of the format for each flag.

  • Contestant must be present at the awards presentation to win

© 2020 by CG Silvers Consulting

  • Twitter Classic
  • LinkedIn App Icon