This past weekend, Kris, Hannah, our soon to be daughter-in-law Kaela, and I all headed out to Louisville, Kentucky for the brand-new cyber security conference Hack Red Con, and boy oh boy was it a blast. We of course hosted our OSINT CTF and watched as some of our favorite past contestants competed with lovely new ones to see who would win it all.
Read more from our most recent OSINT Champs below.
The Walk of Champions
In First Place – Mystery Machine
Mystery Machine, certainly lived up to their namesake in solving the mysteries of the OSINT CTF and coming in first place. Unlike their namesake, however, this was not a group of best friends but two friends and a
complete stranger who bonded together over their love of hacking and Scooby Doo. But don’t let their lack of friendly history fool you. This team was “in it to win it” from the jump.
1. Why did you decide to join the OSINT CTF?
C2 - It is interesting to use your research skills/search skills, use free online tools and see what you can find. In the end though, competitions are just fun. Especially in cyberspace.
H- It brings out the best in you, the competition makes you learn more.
C2 - Yeah, it was nice to form a group here, like we just met and we were like “Hey we could definitely use somebody else on the team” and I think that worked out really well.
2. What was the hardest flag to find? If you found it, how did you do it?
C1 - For me the hardest flag that I was not able to find were the middle names. Those middle names are something else.
C3 - We got middle initials and then guessed the rest of the name. When the deadline came, we were just like it’s a J so its Joe and Jane.
C2 - We were fortunate enough to find one middle name from searching and just guessing the spelling and trying different spellings. Doing things like looking up a list of common names that start with that letter from the year that person was born. Say 1950, what’s a common name that starts with D?
C1 - And we threw out different names and he threw out a different spelling for one of the names and tried it, and bam! That was it.
When asked if they would return to defend their title, Mystery Machine seemed oh so eager, even going so far as to say they will follow us out to GrrCON. We certainly hope to see these familiar faces again in October.
In Second Place – Kronos
Our second-place champ Kronos, though alone at the conference, had his wife working behind the scenes with him in this competition from home. She acted as a sort of virtual oracle throughout the competition. Hopefully we will get to see her in person at future OSINT CTF.
1. Why did you decide to join the OSINT CTF?
C - Just to have some fun. It was one of my first CTFs that I tried to do, and I asked my wife to join in with me because she is really good at internet stalking so I know she would be really good to help me.
H – Does she do that professionally?
C - No, she is an intellectual property lawyer. So, she kind of does some internet stalking for that, but not in the OSINT world. So I gave her the idea of it, and I think she had a blast.
H – That is awesome. Applicable skills across industries. I love that.
2. What was the hardest flag to find? If you found it, how did you do it?
C - We didn’t get it, but Cecelia’s mother’s birthday was definitely the hardest. Even though we found a grave stone that gave the birth date it was wrong. So, we still aren’t sure if that question was right or not so we need to track down Cecelia and check.
H – Absolutely, I am sure she is going to be getting a lot of weird DMs after this.
3. Did you learn a skill or tool that you’ll take with you after the contest?
C - Just the ability to easily google search almost everything. Like going into people’s Facebooks and seeing how open they are and how you can just traverse through that to find more information by guessing where people were from and finding more information that way.
In Third Place – A Brazilian Hax
A Brazilian Hax is one of our reining champs, and thus we have much to learn from their experiences. (Check out their previous interview in our blog post for NolaCon!) They also brought a unique perspective to the competition: We featured our first non-American target in this OSINT CTF, and one half of Brazilian Hax is...well...Brazilian.
1. Are there any new/different methods that you used in this competition compared to previous ones?
C1 - For me this time a lot of the flags were found by digging through comments on things. So, what was the target’s pet’s name? I found that on a comment on an Instagram photo of the pet. What was the target’s dad’s birthday? I found it on a Facebook post that said Happy Birthday from five years ago, then found the year of birth on a people search result by using the time stamp on the post and putting those two pieces together I got the full date.
H – So, a lot of multi-threading and looking for things in more unexpected places. Did you find the same thing?
C2 - Yeah, the same thing. But because the target was not from the US, I could relate to that a lot. I know in some of the social media the family is going to overexpose the person a lot. It was the same thing where the answer was in the comments of one of the social medias, but it was in a foreign language so I had to translate. There was definitely some extra work there. It made me curious about putting myself forward as a target. Just as a form of revenge, if I have to translate a foreign language y’all have to translate Portuguese (laughs manically.)
CGSC and A Brazilian Hax have major history. In fact, this team has been known to stalk us across the nation. We can hardly say we mind though, especially when half of the group is rapper hacker legend DualCore.
2. Because the target was from a foreign country, were there certain tools that you normally use that you couldn’t this time? What was different? Did you feel like you were actually at more of an advantage as someone born outside of the US?
C2 - That helped me a lot. As soon as I opened up one of the people’s search things and I typed a person’s name and it said “We have no record” I was like OH okay so this is like MY case so I will try to do OSINT more how I would do it on myself and not how I would do it on American targets.
H – That is so fascinating. I really want to include more international targets now, because it will make people more creative, like you said, and force them to think in a different way.
Overall, we had a fantastic time at Hack Red Con and were so happy to be a part of their debut conference. Will definitely recommend checking this one out in years to come, but until next year, cheers!
Thank you to the voluntargets, our contestants, and the conference organizers.