GrrCon 2016 OSINT CTF

Aside from the great speakers and free beer, one of my favorite things about GrrCon is that everything is so hands-on and interactive for all types of skill levels. I got to pick various locks, try and pwn some IoT light bulbs, and even compete in CG Silvers Open Source Intelligence (OSINT) capture the flag competition our team “ramrod” took 1st place!!!

The Contest

2 real human targets.

  • No paid search services can be used. All teams must be able to provide a URL for each flag submission upon requestion. We will spot check the winning teams and disqualify any source URLs that cannot be verified without requiring authentication beyond a generic LinkedIn, Spokeo, Twitter, Jigsaw, Flickr, Pastebin, shodan, or Facebook account that has no connection with any of the targets.

  • Teams are not allowed to call, email, or elicit information from the targets in ANY way.

  • C G Silvers Consulting reserves the right to disqualify any team that uses unethical means or disregards the intent of the contest.

  • You get two guesses per challenge. Format does matter. Please read carefully and take note of the format for each flag.

  • At least one member of each team must be present at the awards presentation to win.

Our job was to use any open source of information to find out and answer questions about our targets with questions varying in complexity and points.

The “ramrod” approach

Our team decided to knock out as much low hanging fruit questions as possible. Most of the information here was obtained just from meticulously going through Facebook profiles for all posts/comments/tags of the targets. This approach was apparently used by every other team because we were sitting somewhere in 10th place at this time.

Once we started to build profiles of our targets and documenting their relevant info, we started to connect the dots with the questions and really gained momentum in the leaderboard. Some answers we submitted and others we wanted to hold off on until we could validate its authenticity. Remember only 2 guesses are allowed so it was crucial to only submit when we are confident with the result. We were hovering around 3rd and 4th place with only about an hour left in the competition.

With only 15 or so minutes left in the competition, we had built an archive of answers that we were about 90% sure were correct. So everyone started to submit the final answers we had and turned out they were all true results. Knocking out some of the high value questions launched us into 1st place and we ended up taking 1st by only 10 points!

Final Thoughts

This OSINT CTF was such a good learning opportunity. Its not “hacking” in a traditional sense of the word, but more of a thinking-outside-the-box approach. Being able to take only fragments of information about a target and enumerating an entire profile of them is truly a valuable skill in infosec.

With our hard work we won the top prizes!

  • GrrCon Black Badge
  • Drone
  • Hak5 Pinapple Tetra

Had an amazing time and cant wait until next year!

Go team ramrod!!!

More Reading