Cyber Investigator Challenge 'Digital Treasure Hunt' CTF

This highly practical one day instructor OSINT guided challenge event lets delegates test their skills post training, a genuine experiential learning experience. Putting the skills you have acquired into practice within a safe environment. The event is 100% practical and the delegates will be split into teams to support the game play through the challenge event. Using a modern Cyber Lab game engine, delegates will be presented with fifty tasks split into five domains and each successful task will capture a country on the world map.

During the event the target is a fictious humorous hacking group which has left a trail of clues across the internet and on its own website. The tasks will test even the most seasoned investigators with some advanced tasks such as DNS investigation. Tasks range from simple to very complex, and each round will slowly lead to the next with delegates needing to analyse every clue to solve the next.

Prerequisites

The day event is suitable for cyber investigators, security analysts from private sector and public-sector and or law enforcement backgrounds.

Delegates should have ideally attended Open Source Intelligence Boot Camp (QAOSIDWBC) or other QA OSINT courses, or have a very strong background in multi aspect OSINT investigations using an assortment of tools & techniques.

Learning outcomes

Delegates will practice new ‘entirely hands-on’ OSINT skills throughout the game play and re-enforce existing skills, both web & desktop tool-based techniques. Covering but not limited to:

    Website investigation
    Website code analysis
    DNS investigation
    Website scanning and banner grabbing
    Online searching
    Hashing and cryptography
    EXIF image analysis
    Basic to advanced manual image analysis
    Twitter, Facebook and other social media platforms
    Tor browsing
    Cryptocurrency

Outline

Delegates will first be briefed on the challenge scenario and be split into teams. With each team given a URL and username/password to login to the game challenge engine. Once briefed a starting clue is giving and five rounds of 45mins to 90mins begin as follows:

Round #1 (Website & DNS) - 15 Questions

Once delegates have solved the clue they will end up at a website (domain name) to investigate. They need to go through the overt & covert text to solve questions. On top of this there are Whois & DNS tasks to solve.

Round #2 (Images & EXIF) - 8 Questions

Five images taken around Europe are stored in overt & covert view on the website which solve eight questions. These range from finding the exact location and altitude using a tool, to working out the town and even a crossroads abroad without EXIF data to extract.

Round #3 (Social Media & Web) - 10 Questions

From using clues on the website, delegates need to scour social media platforms, both known and less known to find accounts & clues to assist them later. Included is an image reverse, taking an edited image and mapping it to a social media user with zero name or location given.

Round #4 (Cryptography) - 10 Questions

Tasks include both symmetric & asymmetric encryption, be it open source PGP, SSL/TLS or a custom-made cipher. One steganography question is included to as well as tasks on SHA hashing.

Round #5 (Tor & Cryptocurrencies) - 7 Questions

The final round involves finding and searching within two THS (Tor hidden service) sites. Thrown in for good measure and to keep up to date with current trends is five questions on Cryptocurrency and the delegates if successful have the opportunity to “steal” a real private key (wallet).