BSides Portland 2018 Event Debrief

Lately Trace Labs has been full out with events. We did BSides Edmonton on September 13 and then BSides St John’s on September 20th. After that we had the Defcon Australia with the DC011612 Chapter on October 4/5th.  All were very productive and professional. At each event we make new friends, improve our process and try to invest in our CTF platform.

We are lucky in this respect and work with some very amazing people. In fact, every day I am pleasantly surprised at how supportive this industry is of our efforts. We have people helping us on from around the world. Our staff meetings are never convenient for all as its always an obscene hour somewhere when we meet. It is not unusual for me to hear, “it’s 4am here right now and I need to work tomorrow.” It’s those moments that I realize we are doing something amazing. Thank you all for being part of this movement.

Each event we attend seems to be more impressive than the last. Portland BSides was no exception. It started slow so I began to relax a bit. We had to schedule for Saturday as that’s when our judges were more available and we were competing with many other high value events and talks so we expected it might be a small event. During the first hour there were very few submissions.

Huge shout out to the organizers who gave us a great space and for the Trace Labs members who were onsite. The onsite members Quiz and Loki really made it so much better. Having staff there to assist people is a lot easier. We had the leader board on the wall which is really nice for contestants to see how everyone is doing.

Around 11am things started to change. Intel started to come in faster and faster. It started as a trickle but quickly turned into a full on river. Judges got to work vetting all incoming intel to ensure it was accurate and relevant. Unlike past events, this time we made a rule to exclude all media, law enforcement and missing persons sites so that more of the incoming intel was unknown and of high value. In previous events we noticed that judges would get flooded with low value and already known information which bogs down the event and isn’t really worth anything to law enforcement. This change really worked out well as it allowed judges to keep up and also dramatically increased the quality of submissions.

Also, Trace Labs begin using its new CTF platform which was a lot faster for judges. Huge shout our to the man of many names, but I know him as finderseater in India who helped us make modifications to CTFd to allow non theoretical flags to be submitted into the system. Thank you!

Just after lunch we got the first Location submission. This is often a false alarm and we have to then talk to the contestant about it. However this time it was a real location on a missing person. Holly crap! We found someone! While we have done this before, it is rare and we don’t always expect it. Everyone was very excited about this. Little did we expect that we would close the day with a total of 4 Locations submitted and approved by judges. Since our typical CTF has a total of 8 missing persons, that means half the people we were looking for were found. That is amazing and beyond our wildest hopes.

Congratulations to team b34rd3d who did amazingly well and stayed physically hidden the entire CTF so no one could bug them. This worked out to be a good strategy! All teams did amazing well and included: CWRT, Mike, Qult of the Quantum Qows, RATS, SomeRandomTeam, NuGye and Meow. Apparently Portland has some amazing OSINT Operators.

Overall the event went really well. Lots of locations, lots of very good OSINT, a lot of fun and most of all, a lot of great friendships. That was the positive side of the event.

I am Creep and I am the one who submits this intel to law enforcement after the event. I was super excited with our results and very eager to reach out to law enforcement with these details. However, as I went to each police website I was confused by the lack of any submission area for such information. Then I became disappointed with the total lack of any department, person or even the words “missing person” on their site. I see this as an area where Trace Labs will help to improve. I’ve reached out to each police department and asked how they would like to receive the information so we can formalize this process to ensure it meets their requirements. I hope to then develop this as a universal process for all. I’ll keep you updated on progress on this.

Some improvements we plan to make for the next event is to change the labels on the CTF platform. There are a few places where we see the legacy labeling which can be confusing. We also want to ensure we have local judges at each event that have done the training. Our two judges who were onsite were amazing! Thank you again!

Trace Labs would like to thank our sponsors for the event:

Hunchly: https://www.hunch.ly/

If you are serious about OSINT then I suggest you look at this software. Used by most government agencies and serious OSINT Operators. Hunchly has support Trace Labs since our beginning and was our first sponsor.

IntelTechniques by Michael Bazzell: https://inteltechniques.com

Bazzell is hands down one of the best OSINT resources out there. Excellent book, podcast, training and website. A must for all to check out. Book is an excellent resource.

World Class Investigator by Julie Clegg: https://www.juliecleggofficial.com/

Julie is a great mentor and example of a successful investigator in our industry. She has been very supportive of Trace Labs and the industry in general. Great experience and always happy to share. Her new book just came our and I hear it is amazing.

 

Finally, huge thanks to all the contestants. You all did an amazing job at this event and are the heart of Trace Labs. Thank you!

Leave a Reply