Searchparty CTF 2024.04

humanDecoded

April 6, 2024

We're back with our second CTF of the year! Here you should find everything you need to know about the upcoming CTF.

You can always reach out to contact@tracelabs.org with any questions.

Summary

Date: April 20th, 2024

Time: 15:00 UTC - 19:00 UTC (this is 11am Eastern US time to 3pm Eastern US time)

Cost: $20 per contestant

Ticket Purchasehttps://tracelabs.org/eventbrite

Platform: https://searchparty.tracelabs.org

Registration on Platform (after ticket purchase): https://searchparty.tracelabs.org/register

Training Materials:

Platform Demo

Contestant Briefing

Contestant Guide

Trace Labs OSINT Field Manual

Frequently Asked Questions

What even is a Trace Labs?

It's our mission to leverage the power of the Crowd using #OSINT4Good to assist in active missing persons cases. We've striven to create a process and methodology that not only can assist law enforcement with real cases but also introduce people to the field of Open Source Intelligence in a safe and approachable way. To learn more, check out this note from Trace Labs founder Robert Sell. In this letter, Rob does a great job giving background on the organization but also illustrating the balance between competing in a CTF (and likely wanting to win) and staying focused on the actual mission.

Letter to the Community

What is a Search Party CTF?

Our Search Party CTFs are non-theoretical CTFs where the "flags" correspond to real pieces of intelligence concerning real missing persons cases. Teams of up to 4 people (or solo is fine to) will be sketching out the online footprint of a real missing person case. Intel is submitted via our CTF platform (linked in the summary above) and vetted in real time by volunteer judges behind the scenes. The process has been gamified to provide structure to the collection process and to reward teams for finding more and more pieces of intelligence. The points don't really matter though, they're just a by product of the process. The end result will be a summarized report for the law enforcement agency handling the case. Ideally, the information we find is useful in their investigation.

The CTF has very strict rules of engagement. We are passively collecting information with no direct interaction with anyone. We recommend you read our Contestant Guide for a more complete overview of the competition and its rules.

How do I sign up for the CTF?

Once you have your Eventbrite order code (emailed to you when you bought your ticket) it's as simple as getting on https://searchparty.tracelabs.org/register to get set up on the platform.

Please see our training playlist for more information about the CTF platform and how it works:

https://www.youtube.com/playlist?list=PLlaJQR699XLt4ib7yWgvaWM7KA12uTlB9

What do I need to do before the event?

Before the event, you're expected to watch our recorded Contestant Briefing: https://www.youtube.com/watch?v=dYdQIiMzRlI

Before the event, you're expected to have read the Contestant Guide.

Set up and test your sock puppet accounts on major social media platforms.

Do I need a team to compete?

No. You can compete solo or on a team of up to 4 people.

Are these events safe?

We've made them as safe as we possibly can. We've put such strict "rules of engagement" in place in order to keep everyone involved safe. We strongly encourage all contestants to create alternate social media accounts (sock puppet accounts) ahead of the event. As long as you have sock puppet accounts set up and abide by our "passive reconnaissance only" rules this is a very safe activity to engage in.

I'm not a <insert imposter syndrome here> can I still compete?

YES!!!!! The greatest part about OSINT is all you need is curiosity, problem solving skills and a novel way of looking at the world around you. If you have these things and you follow the rules, this can be your first step in to the wide world of intelligence collection and analysis.

How does the CTF Actually work?

Great question. We recommend reading the Contestant Guide, watching our Platform Demo, and viewing previous Contestant Briefings to get a feel for the competition. But a short bullet pointed answer to the question looks like: 

  • Missing persons cases can be sourced directly from law enforcement agencies, publicly available missing persons registries or from community submissions. All cases worked must have either an implicit or explicit request for help from the public by the relevant law enforcement agency.
  • We've documented a list of data points that could help the relevant law enforcement agency further their investigation. These data points represent the "flags" in the CTF. This is the information your team will be looking for
  • Your team will be submitting your intelligence in our CTF platform (linked above). Submissions will be a combination of a URL pointing to your intelligence as well as a brief explanation of the submission from your team. You also have the option to submit a single screenshot with each submission to help your explanation.
  • Once a submission is made, a volunteer on the back end will review your submission. If they agree with your submission you will be awarded points. If the reviewer doesn't agree, that submission will be declined and the reviewer will leave feedback explaining their decision.
  • WARNING: Please do not attempt to game the system and spam submissions just to get points. We've gamified the intel collection process but all submission decisions are ultimately up to the volunteer on the back end. Please, only submit intelligence you think will be useful in furthering the investigation. There will be text boxes in your submission to explain your reasoning and the value of the submission to the investigation.
  • This is a real investigation, it's very possible that you won't find every "flag" for each case.
  • After the event, a team of volunteer report writers will summarize the information all the teams submitted for each case.

What can you expect from Trace Labs?

  • A safe and respectful environment to compete in.
  • Encouragement and appreciation from the entire team.
  • Back end volunteers that we've made every effort to train and support.
  • A fun and fulfilling experience.
  • A sincere thank you from us on behalf of everyone that will never know you helped them.

I'm a contestant. How can I talk to my coach during the event?

The Trace Labs Discord server will be the best place to have a group discussion between your team and your coach. In the server, in "Channels & Roles", self assign the "support ticket user" role.

Once you get that role, you will see the ⁠support-ticket channel. Inside that channel, you need to issue the following command to create a channel.
-ticket open <ticket name or team name>

Wait for a couple of minutes or so. Once the channel is created, only you and the TL Leadership and Staff members have access to that. You will then need to add your team members and your OSINT Coach by using the following command:
-ticket adduser @username

Once the event is over, please close the channel by using this command:
-ticket close <reason for closing>

Resources

New to OSINT? Where to begin?

Collection of OSINT Tools, Videos, Trainings and Resources from humanDecoded's OSINT Workshop

Trace Labs OSINT Field Manual - Beta Version

Trace Labs Podcast: Breadcrumbs by Trace Labs

Trace Labs Discord: https://tracelabs.org/discord

Trace Labs Youtube Channel: https://www.youtube.com/c/TraceLabsVideos

Books and Trainings from Michael Bazzell: https://inteltechniques.com/books.html

The OSINT Newsletter: https://osintnewsletter.com/

Forensic OSINT Knowledge Base: https://www.forensicosint.com/osint-guide

A free course on People OSINT from Joe Gray: https://www.youtube.com/watch?v=EePeB9A2ZAk

Kase Scenarios Narrative Driven OSINT Training: https://kasescenarios.com/

Google: Seriously. Just type “OSINT” into your search engine and see what pops up. Other helpful search terms could include: “SOCMINT”, “Sock Puppet Account”, “People OSINT” and “Open Source Intelligence”

Github “Awesome OSINT” repo: https://github.com/jivoi/awesome-osint

OSINT resources from _OhShint: https://ohshint.gitbook.io/oh-shint-its-a-blog/

OSINT resources from Belouve: https://github.com/belouve/osint-resource

humanDecoded

Tom Hocker

More Posts

RSS Feed