Trace Labs Global Remote 2 CTF

On July 13, Over 200 persons (which including myself) participated in Trace Labs's Global Remote 2 for missing persons. This was my first CTF for cyber security or intelligence and it was enjoyable.

Update (2019/07/18): @raebaker put together a great overview of how the CTF works, the dashboard, and the overall feel during the CTF. You can view his write up on Medium: Finding Missing People with Trace Labs CTF.

For the CTF, I used Buscador OS as my primary method of researching each case. Buscador OS provided many tools built in and provided already configured browsers (Chrome, Firefox, Tor) to conduct different types of research. I mainly did research by hand instead of using the tools due to my lack of knowledge on both techniques and experience at the tools.

The book Open Source Intelligence Techniques by Michael Bazzell (site) provides good information for OSINT researching. Some of the tools are no longer available from the website but are shown in the book. You can read information about the tools from the IntelTechniques Forum post.

Tools Used

Spiderfoot - an automation OSINT tool

Spiderfoot provides a wide range of OSINT modules built within a python framework. It uses a full list of modules:

I did find this one was very hit or miss. It does provide a quick way to check other sites without having to query them directly and provided a very easy to use python script to perform the task.

Skiptracer - OSINT scraping framework

Skiptracer provides a way to search for phone, email, screen names, real names, addresses, ip, hostname, and breach credentials. I find that for searching persons is useful only in the US then internationally.

Some other team members used this more then I did. I did take a look at the tool and see how it worked. Knowing a few pieces of information may yield more through this command line, questioned driven tool.

Thoughts on the CTF

It is staggering the number of missing persons around the world. Some of these stories really hit home when you watch or read news information about a missing person leading to want to find information about this person.

During this CTF, my team had minors, cold cases, international and domestic cases. Each one of these presented its own challenges when locating information on a missing persons. I enjoyed the learning curve which was very high and demanding. The community was responsive to questions about tools and information about OSINT in general; they were also responsive to the information about cases after the end of the CTF.

The over all experience was well worth it. I only wish I could have completed on in person and really worked to figure out the processes to directly help in support of missing persons.