Capture the Flag (CTF)

Trace Labs offers information security conferences with a unique high value experience for contestants by way of an open source intelligence (OSINT) capture the flag (CTF) contest. Unlike all other CTFs currently being offered, this is a non theoretical CTF that focuses on helping law enforcement find real missing persons.

Trace Labs doesn’t do theoretical. Instead, we partner with you to provide your contestants with an  CTF contest platform that will allow you to successfully train your attendees in OSINT while providing a fun and exciting contest. Our platform is based off the popular CTFd open source platform so it offers the traditional leader board, team sign up and familiar interface.

Basics:

The contest runs as a Capture the Flag (CTF) format where contestants must collect various “flags” which equate to points. The contestant with the most points wins. Contestants need to have their team or individual registered in the CTF system.  The best way to get registered and get assistance is via our Slack channel.

Schedule: 

The contests typically run as a day event but Trace Labs will accommodate any schedule or duration. One day events on the weekends are most popular.

Platform:

The CTF platform utilizes the very popular CTFd platform. This allows contestant to utilize a system they are already accustomed to. Of course we had to make adjustments to the system to allow for the flexibility of non theoretical flags. We never know what contestants will find so we therefore assign points to any valid flags within the rules. The platform allows for judging, leader board, hints, team enrollment and other standard features of a CTF.

Our Slack channels also allow contestants a fast and familiar way to collaborate and get assistance. Contestants can sign up at any time for the Trace Labs Slack environment. This is done via the main Trace Labs registration (this gets you a Slack account as well). Upon registration we will vet your info and once that is complete you will get welcome emails.

Register here: https://www.tracelabs.org/accounts/register/

Scoring System:

Notes:

  • *** Contestants will NOT get points for any flags found on media or law enforcement websites.  ***
  • Any item that ends with (s), such as Landlord(s) means you can score points for each one you find.
  • Contestants must explain relevancy. While providing a friends social media might be worth points, judges won’t know unless contestants say why it is important. An example might be: “subject exchanged comments with this friend a week before disappearing.”
  • Out of respect to the families, we use the term “subject” rather than “target” for the missing person. This is consistent with first responder language.

Category: Friends – 10 points

  • Name(s)
  • Aliase(s)
  • Birth date
  • Any ID #(s) (drivers license, passport, library card, etc)
  • Home address
  • Home phone number
  • Work address
  • Work phone number
  • Email(s)
  • Social media or other online accounts
  • General case info (videos or news that is general)

Category: Employment – 15 Points (max of 3)

  • Name(s) of employer
  • Website(s) of employer
  • Employer(s) address
  • Social media handle(s) of employer (Facebook, Twitter, etc)
  • Subject’s information(s) on employer site (picture, details, etc)

Category: Family – 20 Points

  • Name(s)
  • Aliase(s)
  • Birth date
  • Any ID #(s) (drivers license, passport, library card, etc)
  • Home address
  • Home phone number
  • Work address
  • Work phone number
  • Email(s)
  • Social media handle(s) (Facebook, Twitter, etc)
  • Last time they saw the subject
  • Any insightful information that might show direction of travel, location or intent from family’s comments.

Category: Subject’s Home – 25 Points

  • Landlord(s) name
  • Landlord(s) phone number(s)
  • Recent accommodation(s)
  • Any meaningful interaction with landlord
  • Risks in the immediate area: sex offenders, etc

Category:  Basic Subject Info –  50 Points

  • Name
  • Aliase(s)
  • Birth date
  • Picture(s)
  • Any ID #(s) (drivers license, passport, library card, etc)
  • Email(s)
  • Social media handle(s) (Facebook, Twitter, etc)
  • Blog or forum profile and relevant posts
  • Personal website(s)
  • Dating site profiles and relevant posts
  • Craigslist or Kijii profile and relevant posts
  • Reddit account(s) – or sites of similar nature
  • Online resume
  • Physical description

Category: Advanced Subject Info – 150 Points

  • Unique identifiers: Tattoo(s), scars, piercings, etc
  • Medical issue(s)
  • Habits (smoking, drinking, hitch hiking, couch surfing, etc)
  • Clothing worn on day of disappearance
  • Previous missing persons events for subject (for example last location found)
  • Brand of cell phone(s)
  • Model of cell phone(s)
  • Cell phone carrier(s)
  • Make of vehicle(s)
  • Year of vehicle(s)
  • Color of vehicle(s)
  • License plate of vehicle(s)
  • Video game handle(s) (xbox, etc)
  • IP address(s)
  • Any information on where subject might be headed or doing

Category: Day Last Seen – 500 Points

  • Picture(s) of subject on day last seen (includes CCTV stills)
  • Details of subject on day last seen (mood, altercations, conversations, etc)
  • Person last seen with
  • Intent to meet with someone after day last seen
  • Direction of travel on day last seen
  • Other details that relate to the day last seen that may be relevant (ensure you explain this)

Category: Darkweb – 1000 Points (do not use a work computer to search this stuff)

  • Picture or details of subject on sites such as backstage
  • Discussion regarding subject on Darkweb site(s)

Category: Location – 5000 Points

  • This is rare but does occur. You must be able to show current location.
  • This does not include rumor as in someone thinks they saw the person.
  • An obituary by the family is worth 500 points as we would submit this to the police to ensure they are aware and can update their files.

NOTE: Any information that can be used to help locate the subject has value. While many items are listed above, there will be many items that are not and will be valued as the CTF progresses. More is better and you will likely get points for items not listed here if it is deemed to help the investigation.