OSINT CTF

OPEN SOURCE INTELLIGENCE CAPTURE THE FLAG

Kris Explains the OSINT CTF

In the OSINT CTF, contestants are expected to obtain flags (pieces of information) about their targets (real humans of our choosing). Unlike most CTFs, you do not need a technical background to win -- just the Internet stalking skills of a scorned ex.

Rules

OSINT is about gathering freely available information. Under no circumstances should any of our volunteer “targets” feel victimized by the participants in this CTF. This contest focuses on the information-gathering skills of the contestant. Our goal as sponsors is to raise awareness about the vast amount of information shared by people and how this information can be used in a social engineering attack. Therefore, the following rules must be followed:​

  • No paid search services can be used. All teams must be able to provide a URL for each flag submission upon requestion. We will spot check the winning teams and disqualify any source URLs that cannot be verified without requiring authentication beyond a generic LinkedIn, Spokeo, Twitter, Jigsaw, Flickr, Pastebin, shodan, or Facebook account that has no connection with any of the targets.

  • Teams are not allowed to call, email, or elicit information from the targets in ANY way.

  • C G Silvers Consulting reserves the right to disqualify any team that uses unethical means or disregards the intent of the contest.

  • You get two guesses per challenge. Format does matter. Please read carefully and take note of the format for each flag.

  • At least one member of each team must be present at the awards presentation to win (see schedule below).

Upcoming OSINT CTFs

Due to the COVID-19 pandemic, the OSINT CTF is not currently scheduled to appear at any conferences. 

Please check back often for an updated schedule, and let us know if you'd like to bring the OSINT CTF to a conference or event near you!

NolaCon CGSC Booth_edited.jpg
 

Prizes

Below are some of the cool prizes that have been awarded at previous cons: