In this challenge, the participant needs to find several flags by conducting OSINT (Open Source Intelligence) examining on infrastructures and pieces of evidence created by a threat actor, mainly focusing on a ransomware campaign allegedly targeting an ABCLab.
There will be six challenges related to OSINT, and this is the story of solving the first five.
For the first four challenges, the description will be the same. From a blackmail letter, the participant is required to find both the question and the flag of the challenges.
The first flag is found on a geo-location of a hotel where a picture of the hotel was posted on the threat actor’s Twitter account.
The second flag is obtained by accessing a password-protected pastebin using a password provided in another post of the threat actor’s Twitter account.
The third flag is found on a Reddit account named TheCyberMagneto, which is also the same username found on a GitHub account.
The fourth flag is found in one of the repositories on the GitHub account of PhantomCiphers, which is also the name of the ransomware mentioned in the Reddit post.