Capture the Flag (CTF)

Trace Labs offers information security conferences with a unique high value experience for contestants by way of an open source intelligence (OSINT) Capture The Flag (CTF) contest focussed on missing persons.

This OSINT CTF is non-theoretical where contestants work in teams of up to 4 members to crowdsource the collection of OSINT to assist law enforcement in generating new leads on missing persons. In the information security community, a typical CTF will be of a technical nature where “flags” are hidden within pre-configured servers/virtual machines that contestants have to obtain using hacking techniques to gain points. The Trace Labs OSINT CTF differs from this by having different flag categories based off pieces of information that law enforcement would look to gather to aid in a missing persons case.

Basics:

The contest runs as a Capture the Flag (CTF) format where contestants must collect various “flags” which equate to points. Since the each flag submitted is treated as potential “net new intelligence”, Trace Labs has a team of volunteers known as “Judges” who validate each submission and award points if the flag meets the category requirements. At the end of each CTF, the team with the most points on the scoreboard wins.

Schedule: 

The CTFs typically run as a day event for up to 8 hours. One day events on the weekends are most popular.

To stay up to date with our CTF events, subscribe to our Eventbrite.

Platform:

Trace Labs uses a custom platform specifically designed for an OSINT CTF. To see a demo of this platform, please checkout our Contestant Training and Judge Training videos.

Scoring System:

Notes:

  • *** Contestants will NOT get points for any flags found on media or law enforcement websites.  ***
  • Any item that ends with (s), such as Landlord(s) means you can score points for each one you find.
  • Contestants must explain relevancy. While providing a friends social media might be worth points, judges won’t know unless contestants say why it is important. An example might be: “subject exchanged comments with this friend a week before disappearing.”
  • Out of respect to the families, we use the term “subject” rather than “target” for the missing person. This is consistent with first responder language.

Category: Friends – 10 points

  • Name(s)
  • Aliase(s)
  • Birth date
  • Any ID #(s) (drivers license, passport, library card, etc)
  • Home address
  • Home phone number
  • Work address
  • Work phone number
  • Email(s)
  • Social media or other online accounts
  • General case info (videos or news that is general)

Category: Employment – 15 Points (max of 3)

  • Name(s) of employer
  • Website(s) of employer
  • Employer(s) address
  • Social media handle(s) of employer (Facebook, Twitter, etc)
  • Subject’s information(s) on employer site (picture, details, etc)

Category: Family – 20 Points

  • Name(s)
  • Aliase(s)
  • Birth date
  • Any ID #(s) (drivers license, passport, library card, etc)
  • Home address
  • Home phone number
  • Work address
  • Work phone number
  • Email(s)
  • Social media handle(s) (Facebook, Twitter, etc)
  • Last time they saw the subject
  • Any insightful information that might show direction of travel, location or intent from family’s comments.

Category: Subject’s Home – 25 Points

  • Landlord(s) name
  • Landlord(s) phone number(s)
  • Recent accommodation(s)
  • Any meaningful interaction with landlord
  • Risks in the immediate area: sex offenders, etc

Category:  Basic Subject Info –  50 Points

  • Name
  • Aliase(s)
  • Birth date
  • Picture(s)
  • Any ID #(s) (drivers license, passport, library card, etc)
  • Email(s)
  • Social media handle(s) (Facebook, Twitter, etc)
  • Blog or forum profile and relevant posts
  • Personal website(s)
  • Dating site profiles and relevant posts
  • Craigslist or Kijii profile and relevant posts
  • Reddit account(s) – or sites of similar nature
  • Online resume
  • Physical description

Category: Advanced Subject Info – 150 Points

  • Unique identifiers: Tattoo(s), scars, piercings, etc
  • Medical issue(s)
  • Habits (smoking, drinking, hitch hiking, couch surfing, etc)
  • Clothing worn on day of disappearance
  • Previous missing persons events for subject (for example last location found)
  • Brand of cell phone(s)
  • Model of cell phone(s)
  • Cell phone carrier(s)
  • Make of vehicle(s)
  • Year of vehicle(s)
  • Color of vehicle(s)
  • License plate of vehicle(s)
  • Video game handle(s) (xbox, etc)
  • IP address(s)
  • Any information on where subject might be headed or doing

Category: Day Last Seen – 500 Points

  • Picture(s) of subject on day last seen (includes CCTV stills)
  • Details of subject on day last seen (mood, altercations, conversations, etc)
  • Person last seen with
  • Intent to meet with someone after day last seen
  • Direction of travel on day last seen
  • Other details that relate to the day last seen that may be relevant (ensure you explain this)

Category: Darkweb – 1000 Points (do not use a work computer to search this stuff)

  • Picture or details of subject on sites such as backstage
  • Discussion regarding subject on Darkweb site(s)

Category: Location – 5000 Points

  • This is rare but does occur. You must be able to show current location.
  • This does not include rumor as in someone thinks they saw the person.
  • An obituary by the family is worth 500 points as we would submit this to the police to ensure they are aware and can update their files.

NOTE: Any information that can be used to help locate the subject has value. While many items are listed above, there will be many items that are not and will be valued as the CTF progresses. More is better and you will likely get points for items not listed here if it is deemed to help the investigation.