Kris and I had the pleasure of spending last weekend in Grand Rapids attending one of our absolute favorite conferences, GrrCon. This is one we really look forward to every year, seeing old friends (special shout out to THE Hacking Dave) and making some new ones.
As always, we hosted our OSINT CTF and I have to say, this contest was record breaking all around. A whopping 50 teams ended up registering, which I can confidently say is the most we have EVER had, with our first team signing up just nine minutes after we began registration and taking the prize for earliest sign up ever. And by far the most impressive stat from our contest was the fact that all of our top three teams, though they have backgrounds in OSINT, were first time OSINT CTF contestants.
Read more on the contest itself and our latest champs below.
The Big OSINT CTF
This conference we decided to do things a little differently, making the contest two hours and raising the stakes in doing so. Second place team, Reno, had held a first-place position comfortably through the entirety of the contest, but in the last ten minutes MTU overtook their position to win it all.
When we asked the teams if they liked the two-hour time frame for the contest, this is what they had to say:
“Honestly? We would have preferred one hour and then they (MTU) wouldn’t have caught up.”
We love the honesty, Reno. But in all seriousness, Kris and I could not have asked for a better top three teams to lead a post contest panel with, these guys had us cracking up the entire time and all of our top three teams had some great advice for future contestants.
Each team’s golden advice is as follows:
3rd Place – Dark Wolf Solutions
“Social media can be a really great tool to use, but other than that? Just be persistent. Go to the third page of google. Most people will give up after the second or first, but that third page can make all the difference. Most importantly, though, be organized with your bookmarks.”
2nd Place – Reno
“My advice? Creative googling. I can definitely be a creature of habit and I tend to get stuck in using the sites and resources I know and love. But a little creative googling can go a long way. Also, cross reference answers across sites. That is how I ended up finding the right answer for Jason’s wife’s birthday. Everything I was seeing kept saying November 9th, November 9th. But when I submitted that as the answer it was wrong. Eventually I found a site I usually wouldn’t use through some creative googling and saw November 11th, plugged it in, and low and behold it was right.”
1st Place – MTU
“Gosh I don’t know, we used all the sites we usually use and when we couldn’t figure it out we just tried to get creative with it. A little google dorking goes a long way. Using relatives can also be very helpful. It doesn’t matter how well your information is locked down on the internet if your mom is still posting things. So definitely try to find the relatives, and cross check the information available between relatives.”
A little pro-tip that all of our winners agreed on was using voter registration records, especially since they are public access in the state of Michigan. While this will not necessarily be the case for every OSINT CTF we do, depending on where our VolunTARGETS are from, it is still a very helpful resource to keep bookmarked for future contests.
As this is our fourth conference this year, Kris and I have had plenty of time to observe our contestants, and we have a few of our very own, inside-scoop pro-tips to share with our future contestants as well.
If you think you know the answer to a question and you are still getting it wrong? Come to the booth. Sometimes our answers need to be more specific, and we can gently nudge you in the right direction. Or sometimes you are just simply wrong, and we will tell you that too.
If you want to be a lawyer instead of a hacker, and you feel very strongly about wanting to argue your answer, come to the booth! Specifically, when you had the right answer, but you were off on a minute detail. We can be lenient when we want to be, and it never hurts to ask.
Basically, when in doubt? Come to the booth. At the end of the day, we are here to help. You are never bothering us when you come to ask a question (and even if you are we will smile and help you to the best of our ability 😉).
Overall, this conference was, as always, an absolute blast. We want to give a special thank you to GrrCon for hosting us, our many contestants for participating, our winners for keeping us all entertained, and our VolunTARGETS, who without there would be no contest at all. Until next year, Grand Rapids. CGSC out.