I Participated in a Trace Labs CTF – Now I’m Hooked on OSINT

When I decided to create a blog last year to document my journey as a DFIR newbie and share resources, I made a Twitter account to go along with it. I didn’t know about “Infosec Twitter” or how many DFIR people were on there, but I found out rather quickly. It was like a whole new world had opened up! A few months later, in April of 2020, I was scrolling through my Twitter feed and saw something about a Trace Labs OSINT CTF. I had no idea what Trace Labs was, and really didn’t know much about OSINT but I was curious so I had to check it out. My reaction was pretty much….”Wait, you mean this is a CTF to help find real, actual missing people??? Sign me up!!” So, sign up I did. Then I tried to learn everything I could about OSINT. I started following OSINT accounts on Twitter, reading the blog posts and watching the videos they put out.

I was excited to take part in something that could help people. Being that I was new to OSINT, I decided to do the first Trace Labs CTF solo to see how I did. The Tweets below pretty much summed it up.

Tweet saying I was bad at the Trace Labs OSINT CTF

I ended up in last place.

Then I found out about The OSINTion by Joe Gray. Joe teaches an excellent “OSINT Investigations: People” course. I learned a lot. It also turned out, I wasn’t all that bad at OSINT, I was bad at knowing what to submit for the CTF. Joe Gray also has a Two Hour People OSINT Walkthrough workshop on the conINT YouTube channel.

After realizing how fun and addicting OSINT was, I wanted to try to OSINT everything. Missing person story on the news? Let me see if I can find anything. Amber alert? Same thing. Stolen dog? Stolen car? Gotta try. I’ve learned about new tools and techniques by doing this. I typically just Google or search YouTube to learn how to do something and find OSINT blog posts and videos that way.

I continued to learn more about OSINT and participated in the next CTF in July of 2020. This is when the team I’m regularly on, the OSINTeers, was formed. I also bought the OSINT Combine training that can be purchased along with a ticket to the Trace Labs CTF. That helped as well. The OSINTeers worked very well together and teamed up again in August for another CTF. This time I won the Trace Labs Workspace contest and got some awesome swag ๐Ÿ™‚ They also run a meme contest on Twitter.

That same month, there was a SANS/Trace Labs Search Party CTF. I did that one solo. I think I ended up a little bit above the middle of the scoreboard when it was over so I was definitely improving. A few days after the SANS/Trace Labs CTF, I attended a Trace Labs live stream and won a ticket to a Darknet workshop by solving an OSINT challenge. The workshop was amazing!

The OSINTeers got back together again for the Trace Labs CTF in September, and again in October when it was part of conINT.

In February 2021, the OSINTeers won the MVO (Most Valuable OSINT) badge all thanks to one of my awesome teammates.

Trace Labs Winner Announcement

The next Trace Labs OSINT CTF is right around the corner on June 26th and the OSINTeers are ready to go once again ๐Ÿ™‚ This will be my 8th time participating.

If this is your first Trace Labs CTF or if you want to be prepared for the next one (tickets are sold out for the one this month), there are a lot of resources out there. The Trace Labs YouTube Channel is one of them. It has TONS of information from Getting Started and Using the Trace Labs VM, to Setting up Sock Puppet Accounts. Also, make sure to read their Contestant Guide. It has everything you need to know about what to submit and the points system (go HERE and scroll down to Resources for the Contestant Guide).

As far as training goes, I have an OSINT category on my Free and Affordable Training Site that is regularly updated. It lists OSINT training that’s either free or under $1,000.

If you’re interested in OSINT training over $1,000, SANS has SEC487: Open-Source Intelligence (OSINT) Gathering and Analysis as well as SEC537: Practical Open-Source Intelligence (OSINT) Analysis and Automation. There is also OSINT training from Aware Online.

OSINT Resources:

OSINT Conferences:

OSINT YouTube Channels

Gerald Auger – Simply Cyber also created several OSINT YouTube videos this month.



OSINT Distros

I personally use CSI Linux (I haven’t tried the Trace Labs VM yet)

OSINT Training:

Where You Can Practice OSINT


Who to Follow on Twitter

I’m going to be slightly lazy here and link to #FF lists other people created. So, a good start would be to follow everyone on @cybersecstu’s list, on @hatless1der’s list, and on The OSINTion’s list. KAS_stoner also has a huge Twitter list of OSINT People.

More OSINT Resources

And this is a shameless plug for my “Never Underestimate the Power of OSINT” design on TeePublic.

Happy OSINTing!