Capture the Flag (CTF)

Trace Labs offers information security conferences with a unique high value experience for contestants by way of an open source intelligence (OSINT) Capture The Flag (CTF) contest focussed on missing persons.

This OSINT CTF is non-theoretical where contestants work in teams of up to 4 members to crowdsource the collection of OSINT to assist law enforcement in generating new leads on missing persons. In the information security community, a typical CTF will be of a technical nature where “flags” are hidden within pre-configured servers/virtual machines that contestants have to obtain using hacking techniques to gain points. The Trace Labs OSINT CTF differs from this by having different flag categories based off pieces of information that law enforcement would look to gather to aid in a missing persons case.

Basics:

The contest runs as a Capture the Flag (CTF) format where contestants must collect various “flags” which equate to points. Since the each flag submitted is treated as potential “net new intelligence”, Trace Labs has a team of volunteers known as “Judges” who validate each submission and award points if the flag meets the category requirements. At the end of each CTF, the team with the most points on the scoreboard wins.

Schedule: 

  1. Monthly Global Virtual OSINT Search Party CTF Events – These take place on a Saturday for 6 hours in length and are open to the general public. Check out our Eventbrite for upcoming global events
  2. Private Events – Select private events for Conferences, Law Enforcement, and Corporations.

OSINT Search Party CTF Platform:

 

Our in house platform “OSINT Search Party” is used to power all of our CTF events, enabling the collection and processing of crowdsourced OSINT.

Scoring System:

The Trace Labs scoring system is based off the following Categories:

Friends – 10 points

Relevant information on Friends. This can include but not limited to:

    • Name
    • Aliases
    • Birthdate
    • IDs (drivers license, passport, library card, etc)
    • Home address
    • Home phone number
    • Work address
    • Work phone number
    • Email
    • Social media handle (e.g. Facebook, Twitter, etc)
    • Any insightful information from friends’ comments

Employment – 15 Points

Relevant information on Employment. This can include but not limited to:

  • Business name
  • Aliases
  • Manager name
  • Start date
  • End date
  • IDs (badge, license, etc)
  • Business address
  • Business phone
  • Email
  • Social media
  • Any insightful information from employer’s comments

Family – 20 Points

Relevant information on family. This can include but not limited to:

  • Name(s)
  • Aliase(s)
  • Birth date
  • Any ID #(s) (drivers license, passport, library card, etc)
  • Home address
  • Home phone number
  • Work address
  • Work phone number
  • Email(s)
  • Social media handle(s) (Facebook, Twitter, etc)
  • Last time they saw the subject
  • Any insightful information that might show direction of travel, location or intent from family’s comments.

Category: Subject’s Home – 25 Points

Information that is relevant regarding the subject’s home. This can include but not limited to:

  • Address
  • Landlord’s name
  • Landlord’s phone number
  • Recent accommodations
  • Any meaningful interactions with the landlord
  • Risks in the immediate area (e.g sex offenders)
  • Habits (e.g. couch surfing)

Category:  Basic Subject Info –  50 Points

Basic relevant information regarding subject. This can include but not limited to:

  • Name
  • Aliases
  • Birth date
  • Pictures
  • IDs (e.g. drivers license, passport, library card)
  • emails
  • Social media handles/accounts
  • Blogs or forum profile and relevant posts
  • Personal websites
  • Dating site profiles and relevant posts
  • Craigslist or Kijii profile and relevant posts
  • Reddit accounts or sites of similar nature, online resume and physical description

Category: Advanced Subject Info – 150 Points

Advanced relevant information regarding the subject. This can include but not limited to:

  • Unique identifiers (e.g. tattoos, scars, piercings)
  • Medical issues
  • Habits (e.g. smoking, drinking, hitch hiking, hangouts)
  • Previous missing persons history
  • Brand of cell phones
  • Model of cell phones
  • Cell phone carriers
  • Make of vehicles
  • Year of vehicles
  • Color of vehicles
  • License plate of vehicles
  • Video game handles (e.g. xbox)
  • IP Address
  • Breached Passwords: Must show hashed or cleartext password
  • Any other information about where the subject might be headed

Category: Day Last Seen – 500 Points

Relevant information regarding the subject’s since the last day seen. This can include but not limited to:

  • Pictures of subject on day last seen ( e.g. CCTV)
  • Details of subject on day last seen (mood, altercations, conversations, etc)
  • Person last seen with
  • Intent to meet with someone
  • Direction of travel
  • Other details that relate to the day last seen

Category: Darkweb – 1000 Points

Relevant information found on the dark web about the subject:

Your submission must originate from a .onion URL to be considered Dark Web – Eg. https://dsfjldsjflj.onion and must only exist on the Tor network – Eg. http://facebookcorewwwi.onion would not count as Dark Web

  • pictures or details of subject on human trafficking related dark web sites
  • the sales of goods by the subject on dark web sites
  • any activity or post by the subject on the dark web

Category: Location – 5000 Points

Relevant information pertaining to the current location of the subject. This can include but not limited to: new information on location (this does not include a Police update saying the person was found or an obituary – this will get you 150 points and can be under the category Advanced Subject Info.)

NOTE: Any information that can be used to help locate the subject has value. While many items are listed above, there will be many items that are not and will be valued as the CTF progresses. More is better and you will likely get points for items not listed here if it is deemed to help the investigation.