Capture the Flag (CTF)

Trace Labs offers information security conferences with a unique high value experience for contestants by way of an open source intelligence (OSINT) Capture The Flag (CTF) contest focussed on missing persons.

This OSINT CTF is non-theoretical where contestants work in teams of up to 4 members to crowdsource the collection of OSINT to assist law enforcement in generating new leads on missing persons. In the information security community, a typical CTF will be of a technical nature where “flags” are hidden within pre-configured servers/virtual machines that contestants have to obtain using hacking techniques to gain points. The Trace Labs OSINT CTF differs from this by having different flag categories based off pieces of information that law enforcement would look to gather to aid in a missing persons case.

Basics:

The contest runs as a Capture the Flag (CTF) format where contestants must collect various “flags” which equate to points. Since the each flag submitted is treated as potential “net new intelligence”, Trace Labs has a team of volunteers known as “Judges” who validate each submission and award points if the flag meets the category requirements. At the end of each CTF, the team with the most points on the scoreboard wins.

Schedule: 

The CTFs typically run as a day event for up to 8 hours. One day events on the weekends are most popular.

To stay up to date with our CTF events, subscribe to our Eventbrite.

Platform:

Trace Labs uses a custom platform specifically designed for an OSINT CTF. To see a demo of this platform, please checkout our Contestant Training and Judge Training videos.

Scoring System:

The Trace Labs scoring system is based off the following Categories:

Friends – 10 points

Must show the relevancy of why this friend is important. This can include but not limited to:

    • Name(s)
    • Aliase(s)
    • Birth date
    • Any ID #(s) (drivers license, passport, library card, etc)
    • Home address
    • Home phone number
    • Work address
    • Work phone number
    • Email(s)
    • Social media or other online accounts
    • General case info (videos or news that is general)

Employment – 15 Points

Must show the relevancy of why this employer is important. This can include but not limited to:

  • Name(s) of employer
  • Website(s) of employer
  • Employer(s) address
  • Social media handle(s) of employer (Facebook, Twitter, etc)
  • Subject’s information(s) on employer site (picture, details, etc)

Family – 20 Points

Must show the relevancy of why this family member is important. This can include but not limited to:

  • Name(s)
  • Aliase(s)
  • Birth date
  • Any ID #(s) (drivers license, passport, library card, etc)
  • Home address
  • Home phone number
  • Work address
  • Work phone number
  • Email(s)
  • Social media handle(s) (Facebook, Twitter, etc)
  • Last time they saw the subject
  • Any insightful information that might show direction of travel, location or intent from family’s comments.

Category: Subject’s Home – 25 Points

Home can be more than a house address or apartment and could include transient patterns of life such as couch surfing or risks in the immediate area. This can include but not limited to:

  • Landlord(s) name
  • Landlord(s) phone number(s)
  • Recent accommodation(s)
  • Any meaningful interaction with landlord
  • Any temporary residency or transient patterns of life.
  • Risks in the immediate area: sex offenders, etc

Category:  Basic Subject Info –  50 Points

This is the most common category as it includes all of the subjects social media sites. This can include but not limited to:

  • Name
  • Aliase(s)
  • Birth date
  • Picture(s)
  • Any ID #(s) (drivers license, passport, library card, etc)
  • Email(s)
  • Social media handle(s) (Facebook, Twitter, etc)
  • Blog or forum profile and relevant posts
  • Personal website(s)
  • Dating site profiles and relevant posts
  • Craigslist or Kijii profile and relevant posts
  • Reddit account(s) – or sites of similar nature
  • Online resume
  • Physical description

Category: Advanced Subject Info – 150 Points

This category includes more specific details on the subject. This can include but not limited to:

  • Unique identifiers: Tattoo(s), scars, piercings, etc
  • Medical issue(s)
  • Habits (smoking, drinking, hitch hiking, couch surfing, etc)
  • Clothing worn on day of disappearance
  • Previous missing persons events for subject (for example last location found)
  • Brand of cell phone(s)
  • Model of cell phone(s)
  • Cell phone carrier(s)
  • Make of vehicle(s)
  • Year of vehicle(s)
  • Color of vehicle(s)
  • License plate of vehicle(s)
  • Video game handle(s) (xbox, etc)
  • IP address(s)
  • Any information on where subject might be headed or doing

Category: Day Last Seen – 500 Points

This can include but not limited to:

  • Picture(s) of subject on day last seen (includes CCTV stills)
  • Details of subject on day last seen (mood, altercations, conversations, etc)
  • Person last seen with
  • Intent to meet with someone after day last seen
  • Direction of travel on day last seen
  • Other details that relate to the day last seen that may be relevant (ensure you explain this)

Category: Darkweb – 1000 Points (do not use a work computer to search this stuff)

This can include but not limited to:

  • Picture or details of subject on sites such as backstage
  • Discussion regarding subject on Darkweb site(s)

Category: Location – 5000 Points

This can include but not limited to:

  • You must be able to show current location.
  • Often confused with Day Last Seen which is historical information rather than current.
  • This does not include rumours of where the person might be.
  • An obituary by the family is worth 500 points as we would submit this to the police to ensure they are aware and can update their files.

NOTE: Any information that can be used to help locate the subject has value. While many items are listed above, there will be many items that are not and will be valued as the CTF progresses. More is better and you will likely get points for items not listed here if it is deemed to help the investigation.