Capture The Talent — OSINT Write-ups

Holiday Pics: Part 1

When we post images online these can be viewed by an attacker, who will  use reverse image searching or look at landmarks to find the location.  Moreover, if you've announced you are on holiday or the picture is  clearly a holiday destination then this could also be a burglary risk.  The same goes for work, sharing information about your work location  including pics of inside your workplace is great intel. So, this picture  was posted on Twitter, can you find out where this is? If you get stuck  there are hints.
Photo de vacance présente avec l’énoncé

Holiday Pics: Part 2

Here is another image that was posted on online recently, can you  identify its location? For this challenge you will need to identify the  Street and City.  The flag format is the following CTT{XXXXXX_XXX_XXXX_XXXXX_XXXXXX}
La seconde photo de vacance
Capture d’écran depuis Street View

In Denial: Part 1

Finding information about a Threat Actor (TA), is important, the tools, techniques and procedures they use can be helpful in understanding your adversaries’ motivations and what you are potentially facing. In this challenge you’re going to have to use a few techniques to find out the required information about this threat actor.

Challenge Part 1: You need to find where this message is from, once you do that one of the servers has the TOR link included in ransom in one of the ports, what is the IP address of this server?
Free hint only one of these servers has the full ransom message! Happy hunting.
L’image qu’on nous donne avec l’énoncé est de mauvaise qualité
On y retrouve la même image

In Denial: Part 2

Challenge Part 2: Great well done for solving that, was simple right? So now on to the next part of our challenge. We know a little about this  group from that image, they target port 3389, have targeted a few  servers mainly in Russia and Ukraine. Now let’s do some basic research  on this group. Last year this ransomware group was reported on, can you  find the article, and the file hash that a security researcher posted on  socials. From here can you find the date this was first uploaded to  virus total?Flag format CTT{XXXX-XX-XX}

In Denial: Part 3

Awesome work so far, so now we need to look at the threat actor handles  to get a feel for their digital footprint.  For this challenge I’m not sending you on to the darknet to look at  their profile, but can you find their handle on a popular hacking forum  on Clearnet.  Using Google Dorking only, which hacking forum do they have an account  on, and when did they join? Note you will not need to access the forum  for this challenge the answer will appear in the results. Flag format  CTT{XXXXXXXXXX_XXXXXXXX_XX_XXXX} name of forum and date joined.

Take Off

What is the name of the last airport this aeroplane took off from?
Image qu’on a avec l’énoncé

Catch Me If You Can

The target is trying to flee the country! But which airport are they using? We need the co-ordinates.  No degree or commas needed in the answer.

The Many Faces of Stu: Part 1

Avoir une bonne maîtrise des médias sociaux et examiner les comptes et  les informations que ces comptes partagent est un outil essentiel dans  tout type d'enquête, qu'il s'agisse d'un adversaire, de la recherche  d'une entreprise ou de votre propre empreinte numérique. Dans ce défi,  Stu s'est porté volontaire pour être une victime involontaire.  En août 2018, Stu (cybersecstu) a posté une image sur Twitter avec un  gros plan d'une mosaïque composée de photos de lui. Quel est  l'identifiant de la photo ? C'est la partie mise en évidence dans cette  URL : https://pbs.twimg.com/media/%7Bphoto  ID}?format=jpg&name=900x900  Vous pouvez utiliser les recherches avancées, Twint, les recherches  manuelles ou si vous avez assez de patience, vous pouvez remonter le  temps pour trouver la bonne réponse. Mais essayez de la rechercher si  vous ne la connaissez pas. Ce drapeau EST sensible à la casse.  Format du drapeau : CTT{XxXXXxXXXXXXXxX}

The Many Faces of Stu: Part 2

Dans ce défi, nous devons trouver deux comptes spécifiques qui sont liés à un GIF de Stu créé par un membre de la communauté.  Ce GIF https://twitter.com/cybersecstu/status/1451499505417850914  a été créé par un membre de la communauté sur Twitter il y a quelque  temps. Pouvez-vous trouver le profil de cette personne ? À partir de là,  pouvez-vous trouver le compte à partir duquel il a posté ce GIF sur un  site Web GIF bien connu ? Pour relever ce défi, vous devrez trouver les  deux identifiants, celui de Twitter et celui du site GIF.

Brum Brum

Whilst hunting for your target, you have come across some intel: a car registration plate.  Which country could the target be in?  
Flag format: Name of a place, no "CTT{}" required
Plaque d’immatriculation dont on doit trouver la provenance

Feeling HOT HOT HOT

The creator of this CTF recently obtained some very VERY hot sauce. But, just how hot?  I need the 'schoville' rating, a numerical number. No commas, letters or full-stops.

Say A Prayer

In pursuit of your target, they send a mocking photograph of where they are hiding. "You'll never catch me!" they say...  Where are they? Which country? That's not enough for this challenge. We need to know the name of the nearest chapel!
Image accompagnant l’énoncé (on observe la boussole de Street View)

My thoughts, written down

Blogs are fun, and can give a lot of information about certain topics.

--

--

French CTF team

Love podcasts or audiobooks? Learn on the go with our new app.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store