top of page
  • Chris

On the Road: OSINT CTF at BSidesATL

Many thanks again to BSidesATL for hosting us, to IntelTechniques and Hak5 for sponsoring our sick prize packs, and to our targets for volunteering to be creeped on.

This past Saturday, we hosted the OSINT CTF at BSidesATL at Kennesaw State University. It was an amazing experience — the main hall was packed for every talk, and we had competitors in our contest room all day to use the open tables, watch the live scoreboard, and eat too much candy.

Every time we host the OSINT CTF, I'm amazed at what our competitors are able to find in such a short period of time. This time was no different! Out of more than 1,000 potential points spread across three OSINT targets, our top team raked in 820 points, with our second and third place teams right behind with 810 and 710, respectively.

The kicker? NONE of our top three finishers have any professional experience with OSINT.

So what's the secret to their success?

We asked our top three teams for some advice for future OSINT CTF competitors. If you're planning to join us for the OSINT CTF at NolaCon this year, listen up! Here's what they had to say:

Our BSidesATL OSINT CTF first place winners, Paul and Angelica (Phantom Theives).

1st place, Paul and Angelica (Phantom Theives)

  • "Learn how to Google. Not just basic Googling, but what key phrases get good results. Learn the different Google flags. Search for files. You might be able to find metadata, like a Word doc published by them that might have metadata on them."

  • "The younger the person is, the more likely you are to find newspaper articles on them from their childhood years."

Our first place winners completed the CTF entirely on two iPhones, one of which ran out of battery in the middle of the competition. So to add another piece of advice from Paul and Angelica: bring portable power banks and USB chargers!

What did they win? A Google Home Mini, a Wi-Fi Pineapple Nano, and a 30-day online training voucher from IntelTechniques, plus all the prizes from the second and third place prize packs.

Our BSidesATL OSINT CTF first place winners, Russ and John (The Droids).

2nd place, Russ and John (The Droids)

  • "Start with the name, go find the LinkedIn, and find their family. You can start to piece it all together. Then, you're not just looking for the actual target. You can find the spouse's address, which is obviously going to be the same address, or the school their kid goes to, so you have a geographic area to look in."

  • "Scrutinize all pictures. We were able to find the target's Facebook profile by identifying the same pictures of a target's children that were posted on the spouse's profile."

What did they win? A Pocket Drone and a LAN turtle, plus all the prizes from the third place prize pack.

Our BSidesATL OSINT CTF first place winners, Kate, Wesley, and Jess (coolcatsallowed).

3rd place, Kate, Wesley, and Jess (coolcatsallowed)

  • "WhitePages was a problem back in the day, and the website still is today. Landlines give everything away."

  • "Social media has all sorts of breadcrumbs. It's always a good place to start."

  • "A lot of stuff I learned in CEH was a good starting place."

What did they win? Waterproof bluetooth speakers, a USB Rubber Duckie, and a collection of CG Silvers Consulting and Kennesaw State University swag.

See how the other contestants stacked up:

The BSidesATL OSINT CTF scoreboard.

Like what you read? Want to get notified when I post? Subscribe to the email list.

86 views0 comments
bottom of page