On the Road: OSINT CTF at dc404
This past Saturday, the side room of Manuel's Tavern in Atlanta turned into a battlefield as dc404 members competed in a condensed, hour-long OSINT CTF. The contest drew the highest turnout for a dc404 meeting ever, according to the chapter leader!
For the uninitiated:
An Open Source Intelligence Capture the Flag is a timed contest played by teams competing to find the most flags the quickest. Each CTF has at least one target, a person who volunteers to be the subject of the contest. To play, teams hunt for specific bits of information ("flags") about each target using only open sources of information — that is, no hacking or paid services, just good old fashioned Googling, Facebook stalking, public records trawling, etc.
The purpose of the OSINT CTF is to bring awareness to the amount of potentially sensitive information that anyone can find on the internet without a great deal of technical knowledge or money.
Even information that you might not think of as sensitive can be weaponized. Think about those security questions you answer to reset your passwords. Wanna bet that in the age of Facebook and digitized public records, your mother's maiden name, the name of the street you grew up on, and your high school graduation year are out there somewhere? We take you up on that bet in the OSINT CTF!
Sound like fun? Sad you missed out? Luckily for you, CG Silvers Consulting is hosting the OSINT CTF at NolaCon for the second time. Register for the conference here, and we'll see you in May! In the meantime, read more about the contest, including past results and prizes, here.
The OSINT CTF at dc404:
Keith, our chapter leader, graciously volunteered as the target for the contest. We asked questions like:
What is the name of the street where Keith currently lives?
What is Keith's oldest child's first name?
What is Keith's mother's first name?
Contestants said they got the best information from social media, especially accounts of family and friends, and public records, such as voter registration records. We've seen this pattern with other iterations of the CG Silvers Consulting OSINT CTF.
Here are the stats from the dc404 CTF:
1 target stalked
39 teams registered
20 teams able to capture some flags
3 of 10 flags uncaptured by any team
350 points scored by winning team BeginnersLuck
Like what you read? Want to get notified when I post? Subscribe to the email list.