Open Source INTelligence Capture The Flag Contest

This page contains details about our popular Open Source INTelligence (OSINT) Capture The Flag (CTF) contest played at security conferences across the country.  Unlike most CTFs, our targets are real (people), the flags are real (information), and it doesn't take a PhD in cryptography to win! Join a team and show everyone your Internet stalking skills in this one-of-a-kind CTF (that we know of). Prizes are awarded for the top 3 teams and include highly coveted social engineering tools and cash.  You could win other prizes just for entering the contest!

  • Click here for the prizes and schedule for GrrCON 2018

  • Click here for the results from BSidesATL 2018.

  • Click here for the results from NolaCon 2016.

  • Click here for a write up by the NolaCon 2016 winners.

  • Click here for a write up by the GrrCON 2015 winners.

  • Click here for a video of GrrCON 2015.

Rules

 

OSINT is about gathering freely available information. Under no circumstances should any of our volunteer “targets” feel victimized by the participants in this CTF. This contest focuses on the information-gathering skills of the contestant. Our goal as sponsors is to raise awareness about the vast amount of information shared by people and how this information can be used in a social engineering attack. Therefore, the following rules must be followed:​

  • No paid search services can be used. All teams must be able to provide a URL for each flag submission upon requestion. We will spot check the winning teams and disqualify any source URLs that cannot be verified without requiring authentication beyond a generic LinkedIn, Spokeo, Twitter, Jigsaw, Flickr, Pastebin, shodan, or Facebook account that has no connection with any of the targets.

  • Teams are not allowed to call, email, or elicit information from the targets in ANY way.

  • C G Silvers Consulting reserves the right to disqualify any team that uses unethical means or disregards the intent of the contest.

  • You get two guesses per challenge. Format does matter. Please read carefully and take note of the format for each flag.

  • At least one member of each team must be present at the awards presentation to win (see schedule below).

 

GrrCON 2019

Our popular Open Source INTelligence (OSINT) Capture The Flag (CTF) contest is played at security conferences across the country. Unlike most CTFs, our targets are real (people), the flags are real (information), and it doesn't take a PhD in cryptography to win! 

So mark your calendar: The next OSINT CTF will be held at GrrCon in Grand Rapids, MI on October 25, 2019.
 

Prizes

 

First place:

  • GRRCon Black Badge

  • FPV Drone

  • Raspberry Pi Travel Kit

  • Hidden Camera Spy Water Bottle

  • Keysy LF RFID Duplicator and Emulator

  • HAK4KIDZ Electronic Badge

 

Second place:

  • Raspberry Pi Travel Kit

  • Hidden Camera Spy Water Bottle

  • Keysy LF RFID Duplicator and Emulator

  • HAK4KIDZ Electronic Badge

 

Third place:

  • Keysy LF RFID Duplicator and Emulator

  • HAK4KIDZ Electronic Badge

Details

 

  • GrrCON 2019 Contest Date: Friday, Oct. 25, 2019, 10 am - 2:30 pm

  • Location: DeVos Place in Grand Rapids, Michigan. Players must be present to compete.

  • Contest will follow a single-player format, so it’s every hacker for themselves! No need to find a team. 

  • Spaces are limited. If you’re interested in participating in the GrrCON OSINT-CTF, complete and submit this brief form.

  • Don’t hold back; tell us why we should choose you!

  • Necessary Equipment:  Your laptop, an ethernet cable (or a way to connect to a wired network), and your finest social engineering skills. 

Code of Conduct

OSINT is about gathering freely available information. Under no circumstances should any of our volunteer “targets” feel victimized by the participants in this CTF. This contest focuses on the information-gathering skills of the contestant. Our goal as sponsors is to raise awareness about the vast amount of information shared by people and how this information can be used in a social engineering attack. Therefore, the following rules must be followed:​

  • No paid search services can be used. All contestants must be able to provide a URL for each flag submission upon request. We will spot check the winners and disqualify any source URLs that cannot be verified without requiring authentication beyond a generic LinkedIn, Spokeo, Twitter, Jigsaw, Flickr, Pastebin, shodan, or Facebook account that has no connection with any of the targets.

  • Contestants are not allowed to call, email, or elicit information from the targets in ANY way.

  • CG Silvers Consulting reserves the right to disqualify any contestant that uses unethical means or disregards the intent of the contest.

  • You get a variable number of guesses per challenge. Format does matter. Please read carefully and take note of the format for each flag.

  • Contestant must be present at the awards presentation to win.
     

Get ready for the GrrCON OSINT CTF 2019! CLICK HERE TO APPLY.
 

GrrCON 2018

 

Prizes

 

Third place:

  • An Arduboy Arduino

  • A signed copy of "Social Engineering: The Science of Human Hacking" by Chris Hadnagy

  • A button spy cam (shaped like a yellow smiley face, because why not?)

 

Second place:

  • All third place prizes

  • A waterproof wireless speaker

  • The Sparrows Night School lockpick set

 

First place:

  • All third and second place prizes

  • A dc801 DEF CON 26 badge

  • A 2-month IntelTechniques voucher

  • A GrrCON black badge

Schedule

 

Day 1: Thursday, September 6:

8:30 AM:  OSINT CTF Announcement

Information about the contest revealed during the Welcome to GrrCON presentation.

 

10:00 AM:  Registration Begins

Check in at the CG Silvers Consulting booth to register your team for the contest.

 

5:30 PM:  Registration Ends

Once you have registered your team for the contest, keep checking twitter for contest information.

 

Day 2: Friday, September 7:

9:00 AM to 11:00 AM:  Late Registration

Check in at the CG Silvers Consulting booth to register your team for the contest. Once you have registered your team for the contest, keep checking twitter for contest login information. You will also be able to login to the scoring engine and answer "warmup" questions for practice.

 

11:00 AM:  Contest Begins

Teams will now be able to login to the game scoring engine, find out who the targets are, and begin submitting flags.

 

3:00 PM:  Contest Ends

The scoring engine stops and no more flags will be accepted. The top three teams will be determined.

 

6:00 PM:  Awards Presentation at the Closing Ceremonies

After a short explanation of the rules and results of the contest, prizes will be presented to the top three teams.

 
 
Congratulations to the winners of the BSidesATL 2018 OSINT CTF competition!

The contestants in the OSINT CTF at BSidesATL had a true challenge ahead of them. And yet, with only four hours to play and 30 flags to collect from three targets, the teams blew us away.

The winners, the point totals, and their prize packs by the end of the conference were:

  • "Phantom Theives" earned first place with 820 points. They won a Google Home Mini, a Wi-Fi Pineapple Nano, and a 30-day online training voucher from IntelTechniques, plus all the prizes from the second and third place prize packs.

  • "The Droids" earned second place with 810 points. They won a Pocket Drone and a LAN turtle, plus all the prizes from the third place prize pack.

  • "coolcatsallowed" earned third place with 710 points. They won waterproof bluetooth speakers, a USB Rubber Duckie, and a collection of CG Silvers Consulting and Kennesaw State University swag.

We had an outstanding showing with 41 participating teams working to identify 55 flags on 4 real human targets.

The winning teams:

 

  • "Dual Core Failing at Competing" took 1st place winning 3 Linux To Go USB boot drives, 3 NolaCon Black Badges, and $450 cash

 

  • "FyDuck" took 2nd place winning 3 Hak5 field kits and $300 cash

 

  • "TheThreeAmigos" edged out "HOW_I_OPSEC" to claim 3rd place winning 3 Camera equipped drones and $150 cash 

 

  • "HOW_I_OPSEC" was so close to 3rd place, we had to extend honorable mention rewards including a Multi-profile To Go USB boot drive and a drone.

 

Check out the Nola_Con tweets @cgsilvers to see the contest in action as well as winners of our T-Shirt contest.

 

A special thanks to the live targets for allowing us to use their information to illustrate the power of Open Source Intelligence.

 

Keep following @cgsilvers on Twitter for information concerning upcoming OSINT CTF competitions!

Congratulations to the winners of the NolaCon 2016 OSINT CTF competition!
 

© 2019 by CG Silvers Consulting

  • Twitter Classic
  • LinkedIn App Icon