Metrics from today's Global Remote 2 #MissingCTF— Trace Labs (@TraceLabs) July 13, 2019
+25 Volunteer Judges
+190,000 Points on Scoreboard pic.twitter.com/RTsNQqvPvx
Update (2019/07/18): @raebaker put together a great overview of how the CTF works, the dashboard, and the overall feel during the CTF. You can view his write up on Medium: Finding Missing People with Trace Labs CTF.
For the CTF, I used Buscador OS as my primary method of researching each case. Buscador OS provided many tools built in and provided already configured browsers (Chrome, Firefox, Tor) to conduct different types of research. I mainly did research by hand instead of using the tools due to my lack of knowledge on both techniques and experience at the tools.
The book Open Source Intelligence Techniques by Michael Bazzell (site) provides good information for OSINT researching. Some of the tools are no longer available from the website but are shown in the book. You can read information about the tools from the IntelTechniques Forum post.
Spiderfoot - an automation OSINT tool
Spiderfoot provides a wide range of OSINT modules built within a python framework. It uses a full list of modules:
Someone could run any or all of the modules. I find it generally works better with location research on domains, companies, and other research materials then actual people. It has a lite Google and Bing search tool; however, searching each actual site yields more information for this CTF.
Sherlock - Locate UserNames across Social Media
Sherlock was not preinstalled in Buscador OS. I did use it through the docker image with the provided information on the Github page. This tool was very interesting but limited as well. You give it a username say "hunchly" and it will attempt every social media site within its list for the same username. This can local username used by one person at different sites.
I did find this one was very hit or miss. It does provide a quick way to check other sites without having to query them directly and provided a very easy to use python script to perform the task.
Skiptracer - OSINT scraping framework
Skiptracer provides a way to search for phone, email, screen names, real names, addresses, ip, hostname, and breach credentials. I find that for searching persons is useful only in the US then internationally.
Some other team members used this more then I did. I did take a look at the tool and see how it worked. Knowing a few pieces of information may yield more through this command line, questioned driven tool.
Thoughts on the CTF
It is staggering the number of missing persons around the world. Some of these stories really hit home when you watch or read news information about a missing person leading to want to find information about this person.
During this CTF, my team had minors, cold cases, international and domestic cases. Each one of these presented its own challenges when locating information on a missing persons. I enjoyed the learning curve which was very high and demanding. The community was responsive to questions about tools and information about OSINT in general; they were also responsive to the information about cases after the end of the CTF.
The over all experience was well worth it. I only wish I could have completed on in person and really worked to figure out the processes to directly help in support of missing persons.