I Participated in a Trace Labs CTF – Now I’m Hooked on OSINT

When I decided to create a blog last year to document my journey as a DFIR newbie and share resources, I made a Twitter account to go along with it. I didn’t know about “Infosec Twitter” or how many DFIR people were on there, but I found out rather quickly. It was like a whole new world had opened up! A few months later, in April of 2020, I was scrolling through my Twitter feed and saw something about a Trace Labs OSINT CTF. I had no idea what Trace Labs was, and really didn’t know much about OSINT but I was curious so I had to check it out. My reaction was pretty much….”Wait, you mean this is a CTF to help find real, actual missing people??? Sign me up!!” So, sign up I did. Then I tried to learn everything I could about OSINT. I started following OSINT accounts on Twitter, reading the blog posts and watching the videos they put out.

I was excited to take part in something that could help people. Being that I was new to OSINT, I decided to do the first Trace Labs CTF solo to see how I did. The Tweets below pretty much summed it up.

I ended up in last place.

Then I found out about The OSINTion by Joe Gray. Joe teaches an excellent “OSINT Investigations: People” course. I learned a lot. It also turned out, I wasn’t all that bad at OSINT, I was bad at knowing what to submit for the CTF. Joe Gray also has a Two Hour People OSINT Walkthrough workshop on the conINT YouTube channel.

After realizing how fun and addicting OSINT was, I wanted to try to OSINT everything. Missing person story on the news? Let me see if I can find anything. Amber alert? Same thing. Stolen dog? Stolen car? Gotta try. I’ve learned about new tools and techniques by doing this. I typically just Google or search YouTube to learn how to do something and find OSINT blog posts and videos that way.

I continued to learn more about OSINT and participated in the next CTF in July of 2020. This is when the team I’m regularly on, the OSINTeers, was formed. I also bought the OSINT Combine training that can be purchased along with a ticket to the Trace Labs CTF. That helped as well. The OSINTeers worked very well together and teamed up again in August for another CTF. This time I won the Trace Labs Workspace contest and got some awesome swag 🙂 They also run a meme contest on Twitter.

That same month, there was a SANS/Trace Labs Search Party CTF. I did that one solo. I think I ended up a little bit above the middle of the scoreboard when it was over so I was definitely improving. A few days after the SANS/Trace Labs CTF, I attended a Trace Labs live stream and won a ticket to a Darknet workshop by solving an OSINT challenge. The workshop was amazing!

The OSINTeers got back together again for the Trace Labs CTF in September, and again in October when it was part of conINT.

In February 2021, the OSINTeers won the MVO (Most Valuable OSINT) badge all thanks to one of my awesome teammates.

The next Trace Labs OSINT CTF is right around the corner on June 26th and the OSINTeers are ready to go once again 🙂 This will be my 8th time participating.

If this is your first Trace Labs CTF or if you want to be prepared for the next one (tickets are sold out for the one this month), there are a lot of resources out there. The Trace Labs YouTube Channel is one of them. It has TONS of information from Getting Started and Using the Trace Labs VM, to Setting up Sock Puppet Accounts. Also, make sure to read their Contestant Guide. It has everything you need to know about what to submit and the points system (go HERE and scroll down to Resources for the Contestant Guide).

As far as training goes, I have an OSINT category on my Free and Affordable Training Site that is regularly updated. It lists OSINT training that’s either free or under $1,000.

If you’re interested in OSINT training over $1,000, SANS has SEC487: Open-Source Intelligence (OSINT) Gathering and Analysis as well as SEC537: Practical Open-Source Intelligence (OSINT) Analysis and Automation. There is also OSINT training from Aware Online.

OSINT Resources:

OSINT Conferences:

• conINT
• Layer 8 Conference
• Australian OSINT Symposium
• OSMOSIScon
• SANS OSINT Summit
• National Child Protection Task Force Conference (for law enforcement, prosecution officials, and case assistants)

OSINT YouTube Channels

• The OSINT Curious Project
• OSINT Dojo
• Bendobrown
• Trace Labs
• conINT
• Layer 8 Conference
• Maltego

Gerald Auger – Simply Cyber also created several OSINT YouTube videos this month.

OSINT Books

• Open Source Intelligence Techniques by Michael Bazzell
• Open Source Intelligence Methods and Tools by Nihad A. Hassan and Rami Hijazi
• Hunting Cyber Criminals: A Hacker’s Guide to Online Intelligence Gathering Tools and Techniques by Vinny Troia
• The Operator Handbook by Netmux includes sections on OSINT

OSINT Blogs

• Sector035
• OSINT Techniques
• OSINT Combine
• Secjuice
• Hatless1der
• Jake Creps
• OSINTCurio.us
• OSINT Me

OSINT Distros

• Trace Labs OSINT VM
• CSI Linux
• Tsurugi Linux

I personally use CSI Linux (I haven’t tried the Trace Labs VM yet)

OSINT Training:

• Free and Affordable OSINT Training – Nothing over $1,000
• SANS SEC487 Open-Source Intelligence Gathering and Analysis
• SANS SEC537 Practical Open-Source Intelligence (OSINT) Analysis and Automation
• Certified Social Media Intelligence Expert (McAfee Institute)
• Certified in Open Source Intelligence (C|OSINT) (McAfee Institute)
• Advanced Open Source Intelligence Course (OSINT Combine)

Where You Can Practice OSINT

• TryHackMe has several free OSINT rooms. Just select Show “Free Only” and search for OSINT.
• @Quiztime on Twitter. Here is an article about how Quiztime works.
• OSINT CTFs by @BushidoToken
• GeoGuessr – Use your OSINT skills to figure out where various locations are.
• OSINT Dojo
• Cyberdefenders Intel 101 Challenge
• TraceLabs – in addition to the CTF, they have ongoing ops that you can participate in outside of a competition. You’ll need to join their Discord for that.
• Europol Trace an Object – These are objects from images involving child victims. Use your OSINT skills to help identify the objects.
• DFIR, OSINT, and Blue Team CTFs and Challenges

OSINT Jobs

• Intelligence Careers (United States)
• @myosintjob on Twitter

Who to Follow on Twitter

I’m going to be slightly lazy here and link to #FF lists other people created. So, a good start would be to follow everyone on @cybersecstu’s list, on @hatless1der’s list, and on The OSINTion’s list. KAS_stoner also has a huge Twitter list of OSINT People.

More OSINT Resources

• The Ultimate OSINT Collection
• Awesome OSINT
• OSINT Dojo Resources
• Toddington Free OSINT Resources
• OSINT Framework
• OSINT Google Doc by @cybersecstu
• SANS “Must Have” Free Resources for OSINT
• Ph055a’s OSINT Collection
• The OSINTion Wiki
• Meta OSINT
• OSINT4All
• GEOINT

And this is a shameless plug for my “Never Underestimate the Power of OSINT” design on TeePublic.

Happy OSINTing!