First off id like to start by apologising for the delay in getting out this Blog post. There has been a lot going on over the last couple weeks in the lives of the Shandymen, and this post had to take a back seat for a while!
The TraceLabs OSINT Search Party CTF’s are a one of a kind event. The type of event that the four of us love to take part in. They gamify the niche area of cyber security that is OSINT, and use that to help families in dire need. They offer prizes for folks who can find a lot of “Flags” related to the missing person, and that draws the attention of hundreds (heck, even thousands) of competitors from across the globe. While the prizes are nice, it’s the families of the missing people who are the real winners from CTFs like this.
The Numbers from these events really are staggering. Over 50,000 relevant pieces of intelligence accepted (3200 from the previous CTF alone), everything from names, to phone numbers, to passwords on the dark web, everything and everyone contributes just a little piece towards finding people. Consider as well that these events are fielded by volunteers? Add all that up, and my oh my do you get a fantastic recipe for helping those in need. I cant stress enough how incredible these events really are, and as i’m sure you may have seen me write before, I recommend everyone become a part of this truly incredible community of people.
The Shandymen Approach
Our approach to these events is actually pretty straightforward. As someone near and dear to most of our hearts would say: “Keep it Simple” (Gordon Ramsay….who else?). The Shandymen take a Divide-And-Conquer approach to each and every CTF, and this allows us to cover a wide range of Missing Person cases, to uncover a treasure trove of information earlier. We can allocate more time to “golden” Missing People, as statistically there will be more information readily available about that person.
We can take a psychological approach to each missing case also. For example its a lot more likely that you will find more information regarding a 19-year old male in America, than a 55-year old male in Australia. This is due to the likes of the reliance of the younger generation on the Internet, whereas someone a little older may not have much information online, as they have aged and grown without an online presence. It’s the younger people that we tend to focus our attention on first.
You might be surprised to know that the majority of the tools utilised by the Shandymen, are just pieces of knowledge that we have picked up over time. Manually pivoting through Social Media profiles and Google Dorking (eg; intext:”Missing Person Name” -missing) are in our opinion, the best approaches to initially locate data on a person. Other tools come in to play in the next phase, where we expand the Scope of the Missing Person. Tools like Sherlock (https://github.com/sherlock-project/sherlock) and PhoneInfoGa (https://github.com/sundowndev/PhoneInfoga) can provide extremely useful information on a person, in the event that you can find Usernames or Phone Numbers on a person!
Of course it goes without saying that we have a number of custom tools as well. Stuff like Dark Web data extractors, SOCMINT Correlation Scripts and a special tool that we affectionately dubbed “ISeeYou“, all of which were developed over time as we took part in more and more OSINT CTFs. You start to see where automation may make your event a lot more efficient. Its all about building or finding tools to fit the needs/wants of your team.
Of course, this team wouldnt be as effective without some excellent communication. The Shandymen have worked together in every global CTF since 2019, constantly re-evaluating our strong and weak points. Shandyman’s strong point for example, is scanning Breached Data Wells and creating custom tools for the team to leverage. Each person contributes a ton of skills in their own way, and it’s that strong bond that we have that enables us to be incredibly efficient in every OSINT CTF that we take part in.
Peer Review is absolutely vital in these events. If there is something you are ever unsure of; always, ALWAYS ask your team. Heck, sometimes they will have an opinion that switches on a lightbulb above your head, and allows you to look at a Flag from a different perspective. I cant stress enough how important the communication and rapport with teammates is, so if you are targeting the #1 spot in these CTFs, build a team around your relationship and strengths with other people. You wont be disappointed!
This is the most important piece of advice we can give. Remember that these events have been gamified to help Missing People, and it’s that type of competition that you can have a lot of fun with. Have a laugh with your teammates, drink beer, chat on Discord and just have a great time being apart of something truly special like these CTF’s. You will find yourself more relaxed, more focused and ready to find information.
That’s pretty much everything we have to offer on how to approach the TraceLabs OSINT Search Party CTF’s for now! We have some tools available over on our GitHub page, which you can find by hitting the “GitHub” header on this Blog!
Feel free to reach out to any of us, through this site or through LinkedIn we are happy to help you with any request you have!