My First Experience with OSINT CTF

osint header

Introduction

A week ago I had the privilege to attend a one of a kind event that featured support from the Mayor of Toronto, the LGBTQ community, and the Toronto Police Service.

The Pride Toronto x Trace Labs Missing CTF: OSINT CTF for Missing Persons is a full day event hosted in Toronto, Canada. Pride Toronto partnered with Trace Labs to give the Toronto Police Service and amateur enthusiats an opportunity to collaborate together, conducting reconnaissance on 7 missing persons from the Greater Toronto Area.

Mayor John Tory

Mayor John Tory took the time to come out to the event and speaking to the Judges, the Trace Labs team, and the Toronto Police Service individually expressing his gratitude.

Mayor John Tory

He took the stage and addressed the crowd, thanking everyone for their time and efforts in providing the Police with information that could help with their investigations.

Executive Director of Pride Toronto

Executive Director of Pride Toronto, and Trace Labs James Liolios and Adrian Korn speak about the event.

PrideTO

“The volunteers range from security experts to amateur hackers who will be given a case and will start looking at where that person was last seen, who they have been virtually interacting with and what led up to the day they went missing…

The event is run like a game — teams get points for each new detail they uncover.”

Team Sherlock

Meet team Sherlock. A group of people that met on slack, just days before the event.

sherlock teamsherlock

We have finally arrived!

I was nervious going into this event. With minimal knowledge in security, and no prior experience of OSINT and CTF, I wasn’t sure what to expect. But I knew for sure that I wanted to meet like-minded people and enjoy the event.

the venue

First walking into the building, I was stunned by how enermous the venue was. I was expecting to be in a crammbed room with 40 degrees temperature. Instead I was in a well conditioned and spacious room with a great atmosphere, lighting, and music… I could not have asked for a better first experience.

Let the event begin

Before the event started, Mayor John Tory took the time to talk to each individual judge, thanking them for their time.

tory and the police

In this picture he talks to the Toronto Police Cyber Crimes Unit and thanking them for their time and efforts in judging in helping judge the event.

Who is TraceLabs and what do they do???

The founders of Trace Labs talk about all the events they hosted since the start of the organization in 2018. They hosted many events and talks to help families and the police through OSINT.

Adrian and James

Introduction to OSINT and SIGINT

With the event just starting, we had a speaker codename Radar, gave a talk on using OSINT and SIGINT to track people. Hearing an expert in his field talk about his experiences and tools he uses encouraged me. Hearing Radar talk about different techniques and methods in being able to successfully pivot towards new information you encounter, made me think differently in how I was going to go into this event.

Scoreboard Update #1

Just 2 hours into the OSINT CTF, we barely made it into the top 5. We ran into an issue. Everyone on the team except me were not able to submit any information to the judges. So I was the dedicated person to take everyones information and submit it to the judges. We were frustrated because it was double the work to submit just one information. Eventually we started struggling in getting information. At this point I had a general sense of how I wanted to approach the rest of the event.

Scoreboard1

Luckily, before the event I made burner accounts for Facebook, Twitter, Instagram, and Linkedin. I was able to scourage those social media platforms for the team because no one else had burner accounts. And doing reconnaisance on all missing persons, I noticed that Facebook was the most commonly used by all of them. Identifying this early on, I knew that I would dedicate a lot of time on that platform. So, for each missing persons first did a Facebook search and pivot from there. Once I gathered enough information from the individuals profile (e.g. job, where they lived, family, friends, etc.), I would then do a search on the other social media platforms and see if there were anything to pivot from there.

Scoreboard Update #2

As the event went on, we started to get momentum. With only 25 minutes left, thanks to Jake, we drastically closed the gap. He found out that one of the missing persons email has be flagged in multiple websites using the resource haveibeenpwned. Submitting this information, we managed to score 1000 points! This put us back in the race, moving upo one slot. At this point, the rest of the team and I ran out of information to submit for points, we were frustrated because everything we found ended up being repetitive information or from a news website/article (which either don’t count for points or are rejected by the judges). It was becoming a nail bitter. The top 4 teams were all less than 100 points from each other. My competitive side started to come out, I was frequently checking the scoreboard to see if any information I submit would be accepted and award us points. My heart was pounding, my hands were getting sweaty, the entire team was stressing. I remember telling the team captain Joe not to look at the score board because of how close it was. I made a joke that he was lucky his back was towards the scoreboard, so he didn’t have to look at it and stress. At this point, I told the team whatever information anybody found just send it to me and I’ll submit it, no matter how small.

Scoreboard2

Jake was on a role. With only 5 minutes left, Jake found a few more information on the same missing person we got 1000 points from. Each information he found I submitted it right away. Our “pending” status for our information was only going up. I remember the last 10 seconds so vivdly. When I submitted one of Jakes requests, the platform stated “Contest is over, unable to submit”. Right then and there my heart dropped. With just 1 more information pending for the judge to review, we managed to secure the win!

Winner Winner Chicken Dinner

By looking at the final points, you can see how close this OSINT CTF was. The top 3 teams were less than 25 points from each other.

WINNER!

Congratuations… TO EVERYONE!

Here you can see the top 3 teams and the prizes they won.

Congratulations

  1. Team Sherlock
  2. Shandyman & The Three Half-Pints
  3. Noxians

Official Team Sherlock Picture

Sherlock Group From left to right: Joe, Jake, Me, Emma

I would like to thank my amazing teammates for being understanding and compassionate individuals. It was a stressful 8 hours but we managed to hold it together and make the event enjoyable and fun. We all went into this event not knowing anyone, and we all came out as great friends.

I would personally like to thank our Team Captain Joe for letting me join the team. Prior the joining, I private messaged Joe stating that this would be my first ever CTF event and where my knowledge is at with security. I told him that I was passionate and eager to learn. That he would be getting 110% from me from start to finish. Joe had a lot of passion coming into this event and without his leadership and his ability to communicate and be open-minded this team would not have been put together. I would also like to thank Emma, even though she was the quiet, she was the most understanding when it came to this event. With the consistent internet outtages every 5 minutes - she was the most calm. She didn’t show any stress or discomfort to the team and made sure not to put any more problems on the team. She provided good information about one missing person that definitely helped us with the victory. Lastly, I would to thank Jake. Jake joined the team the very last minute. Joe and I met Jake at the venue an hour before the event started. Jake said that he was planning on doing the event solo. But, luckily for him we had an open slot. We were suppose to have another teammate attend but didn’t bother to send a message nor show up. Not to be that type of person, but I’m glad that individual didn’t show up or I wouldn’t have met such an intelligent human being that knows his stuff.

I seriously couldn’t have asked for a better team.

Conlusion

Overall, with this being my first OSINT CTF event, I was beyond nervous of joining. I knew that my skills and knowledge would not be on par with most of the people attending. But I’m glad I didn’t let that stop me from going. I learned a lot attending this event. It felt amazing helping out the police in trying to find these missing persons. This event is one that I will never forget.

OSINT CTF

I would like to thank Trace Labs, Pride Toronto, Toronto Police, Hunch.ly, IntelTechniques, and Security Compass, all for sponsoring and making this event happen. Without them none of this would have been possible.