We’ve talked in recent weeks about the importance of training and the methodology behind it. Much of the OSINT work we do is focused on the social aspects and footprint of a target online. As most security experts know, this is just part of the big picture. IPs, marketing data, phones, hardware, and even where a target gets lunch consistently are all part of targeting.
At ShadowDragon, we’ve partnered with some of our friends in the ethical hacking community to develop a Capture the Flag that is not just designed to push your team and keep them on their toes, but is actually very fun and has an awesome climax. I’ve done my share of CTFs over the years, and this one is unique in more than just a few ways.
The focus of this CTF is to expand upon a number of ways many investigators already know how to search and expand upon that organically. Our CTF is specially setup to challenge a team’s technical prowess and their ability to link the artifacts they identify together all inside an entertaining narrative. All the time this is going on, players are being seamlessly educated on topics where their strengths might be somewhat limited.
Players will do everything from exploring domains, social-media accounts, source-code, darknet sites, and finally, a challenging HUMINT scenario. The HUMINT experience presents players with unique encounters requiring real-time awareness as well as calm nerves and emotional control.
Some of the concepts included in this CTF are:
DNS
Directory Enumeration
Keybase
Github
Netflow
Non-traditional Port Knocking
SSL Certs / Certificate Transparency Logs
Decloaking Hidden Services
Shodan / ZoomEye
HUMINT
If you are interested in your team experiencing this crazy fun CTF, contact us and we can help facilitate not just an amazing learning experience, but a great team building event as well.
