Finding Missing People with TraceLabs OSINT CTF

there we go great okay welcome to besides 2022. um jen and darren are going to talk about trace lab's osin ctf uh and they're voyaged through um uh the triceps gtf and their inaugural experience into that um nice airplane awesome okay jen i'll let you kick it off there yeah i'm sorry i missed thought the train yeah that's what it was awesome

what did you ask yeah you want to kick it off sure uh yeah like darren said welcome everybody to our talk besides 2022 uh i'm jen and uh [Music] let's get started a little bit about us um my name is jen i am an appsec privacy and compliance nerd um oh synthetic enthusiast and i'll let darren introduce myself uh my name is darren also known as hardbox i'm a privacy com opsec geek and lots of ocean lots of ocean ocean ocean oceans definitely piles of it um also i think chief one of the chief cat herders this year from phoebe again for the eighth year of b-sides woohoo awesome so let's uh let's get into it

what is ocean if you didn't attend ritu's talk earlier today uh and in case you didn't i highly recommend that you go back and check it out it was very good uh ocean stands for open cells open source intelligence basically what that means is it's the type of intelligence community a type of security topic that draws from openly available public public material basically stuff for your mom or your grandma or maybe even you i hope not you but your mom and grandma like to post on facebook a little bit about trace labs we're going to be talking about the trace labs ctf trace labs is a canadian non-profit organization and their mission is to facilitate

and accelerate the family reunification of missing persons well uh the other side of that is to train ocean enthusiasts up on on the tradecraft and so what is trace lab ctf it is a regularly scheduled i think they're doing it once every every couple of months at this point a ctf where new and seasoned enthusiasts like ourselves get together for a friendly competition where the outcome has real world benefits so how does the tracelab ctf work um ctf stands for capture the flag just in case anybody didn't know yeah but uh the traceup ctf works like this um basically um you create an account on the platform that the ctf tracelabs platform that they have

um you can have it you can join a team or create a team a team of one is fine up to four people uh it can be on one team um they have a there's all kind they've been doing this for a while so it's great they have a big intro call zoom call for all the everybody that's participating in the ctf um usually there's about 600 people in each ctf that participate all total and they go over the rules of engagement and uh some of this is really important because um this is not you know you're looking at real missing people so there's some definitely some great rules of engagement that are really important

um some things like no password resets and things like that we'll talk a little bit more about in a little bit um so at the kickoff when they start the event um they basically release um the subject information on the on the ctf platform and it's from anywhere from four to six missing people usually that are real missing people cases and they provide information to you on those missing people um and so the tracelab ctf also has a discord channel which really helps for communicating with finding information about the ctf and communicating with your judge during the event so that helps a lot to be on there also which is a separate platform in the trace lab ctf

so uh how does a ctf work at traceland ctf work so basics after you after you the kickoff call you basically spend the next four to six hours and that can vary depending on the ctf uh scouring the internet looking for flags to score points uh we'll get to the plagues flags in a couple of minutes but one of the key differences between this type of ztf and a regular type of ctf is the the ctfs that some of you may already be familiar with they have intentionally vulnerable systems with intentionally planted flags these ones uh that the the ctf that we're that we're talking about today the flags actually have to do with real

life people missing people uh different aspects of their life their family um they're basically made up of breadcrumbs around the internet that are that may or may not be there for you to find um so you look for the flags you screenshot the evidence you submit them like you're going to be audited so your submissions are judged like gary mentioned you have a judge uh you want to make sure that you outline the category you want to give them the evidence and then you want to give them why you think this is actually related to the investigation uh what about this is pertinent and how it's helpful uh the evidence will get submitted to law enforcement after everything's

wrapped up to help with the case which is pretty cool uh there is a strict no contact rule the the subject or the subject's family are often dealing with some really painful feelings and obviously like if you if you know somebody that's gone missing you know how uh devastating that can be so i mean imagine if you've got 600 ocean enthusiasts suddenly adding it to facebook or adding you to instagram um it can also really damage the hard work that the investigators have put in to the uh into the the case to date no you've got like we're saying no password resets exactly 600 people or 300 people doing password resets is not good this is not often

if the missing person doesn't want to be found it can also tip them off that someone is looking for them yeah okay so talk a little bit about the scoring system so this is how the scoring system works for the ctf and it's interesting um so we start out with the lowest points here and uh so providing information about friends so any relevant information on friends including but not limited to so name aliases birth dates id driver's license passport work address work phone number email home address phone number uh if insightful information from friends comments so a lot of this stuff is from a lot of the investigations tend to focus on social media stuff a lot of

the people right so this is all interesting so you can't just go to facebook and submit every single one of their friends but if they know their best friends like you knew there's definitely this is information that's pertinent to the investigation so but this is the lowest scored uh the lowest scoring points employment um so some other a little bit in the 15 points information regarding employment but not limited to business name aliases manager start date and date ids you might send some photos and they're wearing the mcdonald's shirt etc you name it um things like that uh social media handle of their employer et cetera things like that um when they start and give us the

information they really they give you very little information they might give you like a little blurb and a link to a missing person site um you get you get a little information you know their name you know what's going on you know a little bit about where how long they've been missing um and what country they're from and the people are mis we get every time there is people from all over the world um missing so last couple of events there's been a couple people from the united states there's been somebody from canada there's been somebody from australia there's been people from england so it varies every event yeah um just continuing on on the scoring system

uh in case you in case we didn't mention it or in case you haven't figured it out these are all of the flags that you're looking for so your family gets a little bit more more points there a little bit harder to find so mom dad brother sister extended family cousins aunts uncles etc uh what are their ids what are their birth dates what are their information their their pii if you will or any insightful information from families comments around you know where uh where they might be or the date that they went missing or the date that they were last seen that kind of thing again home a lot of the times the subject's home isn't published on the

internet but you might be able to find what street they are on and then using other photos from websites that they've posted to figure out which house they grew up in or which house that they most recently uh lived in um where their landlord's name recent accommodations any habits that they have you know do they go coach surfing that kind of thing this is a good one too i'll mention them but of course risks in the immediate area sex offenders of course these are all very uh pertinent things to an investigation and habits it says scout surfing but one of the other things which is possibly pertinent to missing people some of the other habits could be

um drug use smoking weed a lot of the people wouldn't you know it might it might be printed to the investigation it might not be but in a lot of past events um we'll see teenagers in there posting photos of them drinking and smoking and whatever on on instagram and these are all pertinent um they're printed to an investigation definitely so they're all worth points okay so the next here we go now we're getting up there so 50 points so basic subject information so things related to the missing person name any aliases so any other aliases or social media handles uh birth date id emails a lot of us have five emails ten emails social media handles and recent

investigations we've had all kinds of people that have three different instagram accounts and three different facebook accounts and old blogs or old forum posts or personal websites i've had recently uh during ctf uh people that were missing that were 18 and of course had uh accounts on dating sites and they said they were 19 of course and you know things like that that's all very pertinent especially things like that um craigslist reddit accounts online resumes physical descriptions that aren't included in our original information um and then advanced subject information um so these are more pertinent so unique identifiers so they got piercings they have it ear pierced they have a tattoo they have scars medical issues um so this can be gleaned

from a lot of social media um so things like they might have a any type of medical issue it might be permanent and then we go into habits and i did mention this uh but this is specific to the to the subject so smoking drinking hitchhiking hangouts all very pertinent to possible missing person cases previous missing person's history um this actually does pop up and has popped up in recent ctfs where uh they have been been mis a missing person before uh in the past and um so maybe they ran maybe they ran away maybe they've whatever right um brand and model carrier of cell phones um all worth some good points uh and um you're

like how do i find that out well people post photos of them with their phones a lot very often on social media and you know that's an iphone or that's or whatever or if you have a phone number you can find out what their carrier is things like that um video game handles a lot of the recent subjects have all kinds of video game handles they play video games non-stop ip address you might be able to find or any other information regarding to your actual the subject themselves so yeah i remember one specific photo uh for a subject we were looking for it was a selfie of this person at the gym so you automatically knew that they

were going to the gym they were a gym goer it exposed some tattoos on their arms that you weren't able to see in other photos and they also had a you're all also able to see the fact that it was an iphone and it was a more recent one because it had all of the cameras and so right there you've got 450 points from three flags so when you've got one photo really scour that and make sure that you get all of the flags that you can get from the uh get from the photo i got a question i'm gonna answer quickly somebody's asking uh uh if we've uh how many of the flags have already been found or if we

contributed to helping find intel on the person's in question so the ctf uh basically for the four hours or four to six hours all the teams submit flags and they're all judged by every team has a judge and it's all judged basically um you get points if they consider it being a valid uh flag and at the end of the ctf all of those all of that information is provided to law enforcement regarding those missing people so that's all that information is given at the end of every event and um there's a lot of a lot you'll see we'll show you some sites in a bit about how much information is actually submitted from 600 people in four hours and it's a

lot um so yeah so uh jen you want to do this one over me let's see there last day the uh i was gonna say too the um there will be a lot of duplicate flags submitted obviously by multiple teams but that doesn't matter you you can't see what other teams are submitting so you may or may not be able to um you may not you may or may not get a unique flag right but that correlates the information for law enforcement if they're getting it from you know from 100 people and they're providing the same information that's right which is i'm good uh last slide so these are kind of the these are the high scoring flags they

last seen do you are you able to do a showdown search for example if you know which way the subject was headed down a street are you able to do a showdown search of um cctv in the area to see video footage of when they the day that they were walking down the street uh any any details what they were wearing what they were uh what their mood was did they have a fight with somebody before they left that kind of thing uh who were they last seen with did they meet up with somebody in a park before they disappeared uh which way did they go anywhere any anything that is uh is going to give law enforcement

the uh an inkling of as to where to keep looking uh dark web is worth a thousand points a piece and it similar similar flags as to regular web but the dark web flags get a thousand points if it's only available on the dark web so for example if you've got a facebook page for the person on the dark web but it also lives on the regular web it doesn't count as dark web accounts as i think advanced subject info and then location if you can prove that you know where the individual is now um alive or dead obituaries don't count unfortunately but if you can prove that you know where they are then that's what 5000 points

yeah um a quick uh couple comments about this uh our this slide here yes last day scene it's definitely um in recent investigations we've had people that posted instagram non-stop about where they were going and the trips as they went so they you know they had posts about like where they were going on their last day scene and all that stuff is really interesting and important um these are these points are a lot harder to get the dark web points usually every event there's like maybe you know 10 of these that are that are awarded and the location uh points are rare every every other event there might be somebody awarded with that but it

does happen it has happened in the events that i've taken part in that you know somebody's got those that location 5000 points there yeah yeah all right tickets i'll talk about tickets so tickets so every event um they announce every event typically through their um trace lab ctf twitter account or on their discord or both all the time and depending on the event uh tickets sellout they're just twenty dollars their nominal fee it takes takes care of their hosting and whatever else but tickets can sell out very quickly depending on you know what event i took part in the trace subs event at uh defcon last year and it's all loaded in four hours um

they also uh the first uh batch of tickets that traceups provides they also uh do an osint training discount on there that comes with it which is really great um the first event that we took part in i got an event and jen was very sad regarding that um so after you get the tickets basically as i was talking about earlier you could set up a team it's pretty easy one person sets up a team and they send the invite code um and you can have up to four members um and the first time that me and jen took took uh tried was it just how many people was just me it was just the two

of us it's the two of us right exactly so you can do it by yourself you can do it with them you know two people you can do with four people and of course that varies it definitely uh there's a little bit of a learning curve and just figuring things out but it is interesting um the scoring platform is um yeah it's like you gotta you gotta look at what's what's worth points it's not just you know like go down the rabbit hole and that's very easy to do going down the rabbit hole and looking for information about somebody and like oh there's two hours wow you know four hours four to six hours goes very

quickly yeah it's it's actually worth mentioning that in subsequent ocean competitions and seriousness ctfs i have been able to get the training and it's actually worthwhile so if you're interested in signing up uh sign up early and you get the training [Music] oh tools prep two uh my tools were i'm i'm an ocean newbie so multiple search engines i heavily relied on the michael bizzell books youtube darren darren was a really big source of info for me i used sublime to keep all of my notes uh darren's got all of the tools which we've got a link to his start me page which i also used because darren does this frequently um he's a lot better at this than i am

still after even after all the practice in the last year he's still held a lot better with this i am so uh socks if you're familiar with socks socks are if you're not familiar with box i should say socks stand for stock puppet accounts basically if you're logging on to facebook to do some recon on a subject don't you probably don't want to use your own facebook account if you have one create a create a dummy account sometimes facebook will get wise to what you're doing the algorithm picks up that you're poking around and perhaps doing things that you shouldn't be doing or you know the stalkery behavior and they will they will ban you

um going into this i really just wanted to learn so i wasn't being too aggressive i did a lot of searching on my own existing alphabet accounts but i did manage to create a new tick tock and a new instagram and a new facebook account um i might not i might actually not uh create sock puppets again unless i was doing a lot of ocean mostly just because i'm not super aggressive and i don't i don't i don't really uh i don't really go down the rabbit hole i'm kind of all over the place like a crow uh darren apparently yeah you've you've got a lot of passive research socks that you've had set up in the past yeah i do a lot

of other awesome work so i have some i have different socks that are they're passive research stocks are just used for research um i also have non-passive socks that are that have personas that um portray a a part that uh into that investigation that i'm working on so they might be um oh they might be whoever like depends on the investigation right so um um and but research talks i i feel that research talks are pretty good because it means that your your your account like you people see when you're looking at their their profile on facebook it's you show up as a friend occasionally if you look at their profile enough times right so it's some

of those things so if i'm doing research you know tracelab ctf isn't a huge deal but if i'm doing an investigation onto somebody that's uh doing something bad i really don't want my facebook profile photo with my mug showing up uh as a possible friend because i've looked at their facebook profile six times so i have a bunch of socks that i've spent time setting up that are have personas and fake names and fake photos and um so they're gonna see john smith or sally smith um has been looked at their profile maybe and not darren thurston hardbox um so that's depending on traceup ctf isn't a huge uh you know um yeah it's not i'm not worried lots about

opsec on that but um other investigations i do um comms so for our back end with our team we um communication is pretty uh important of course so we set up a private discord server and that's what we use for our intel communications on during the during the trace lab ctf and basically we added added our team to that and we just did the channel for each missing person and it allowed us to basically post information and keep track of what we were investigating real like as we posted you know as we found information out we posted in the channel just so we had a record of what we were finding on the uh on

each missing person uh in subsequent uh ctfs we've started to use mind map which has helped out a lot um jen tell us about my maps i don't know anybody know what microscope yeah yeah my maps are cool it's a we use an online collaborative one so everybody logs in and what you can do is you can have the if if you're familiar with the mind mount the way it goes you get like one one branch and then you can branch out into other branches and then those branches can have branches so for example if you've got subject one you can put down uh for the different flag categories and then under those different flight

categories you can have the different flag types and so you can have you know subject one family mother and then mother's facebook and then father father's facebook and then from there you can pivot into you know father's work or father's social media that kind of thing it's a really effective way to have a visual representation of what you're still missing and it's also really uh i think we started with discord and it's good to share info so that you're not you know so we're not both looking for the mom for example um you can see what someone else had done in the past in the past for our events we've switched switched missing person every hour or so so we've you know it's

like spent an hour or two on a missing person and then switched and then you can see what the other person has found already on that missing person which is great so we have a reference there yeah so okay d-day june 26th this is it's almost been a year ago since our first ekfam yeah uh kickoff started at eight o'clock in the morning it was a long day uh ctf started at nine so there's an hour of sort of intros welcomes plays by the rules um four subjects to look for on our first ctf but there's been between four and six other times um worldwide subjects worldwide participation darren touched on that a little bit earlier we've had subjects

from all over the world but you also get folks from all over the world participating as well lots of coffee that day lots of searching and submitting flags and then 4 p.m closing the day went by very very quickly yeah it sure did definitely okay here we can get an idea of what this the back end of the trace lab ctf uh looks like here um so basically when you get your people that are missing um you get some information it shows you what's going on this is sort of the back end of the ctf it'll show you um the place they're missing from and how many days they've been missing from and here you can see

um things that we've submitted uh and that were rejected um it shows you a little bit it shows you that there's one minute left here so this was at the end of uh our first ctf got it um and yes we blanked out their names uh and a little bit more here so you can see here if you click on one of them you can see that that flags that have been submitted and you can see a couple things here um cell phone carrier oh i'm gonna make that smaller here one sec there we go uh cell phone carrier um advanced subject information basics information social media sites things like that that we submitted that were

approved

so lessons uh i i'll talk about my lessons and then i'll hand it over to darren to talk with his um don't spend too much time on one subject so the first one i spent probably two and a half or three hours out of the four hours on one person and it not only do you become less effective over time because you uh you can lose track of what's going on or um you can get confused about what where you actually you can lose track of where you were or what thread you were sort of following um you the the more time that you spend on an individual the less objectivity you have so for me it was my first time i got really

emotionally invested in this missing girl and i felt the i felt the emotional impact probably for a day or two afterwards i was a bang of hammers that night um and then the next day as well it was not only very tired but it was just very very very sad these are you know missing people um real humans yeah the other thing is you want to document absolutely everything uh particularly if you if you're submitting a bunch of flags you really want to make sure that you document everything figure out how you found something figure out why you think something is important and then if you document it your you can go back afterwards and take a

look at it and you can share that information with your team perhaps if uh if you've documented it perhaps they can pick up a thread and run without one um the then i might i'm still in the fence about using a screen recorder uh your frequently it's just there's such a short period of time um i don't know if i would use a screen recorder for a ctf but if i was doing this professionally i might do that take breaks regularly and yeah mind mapping definitely makes sense yeah there is software for screen recording which works great especially for longer term investigations it's important i think it works well for different things you can actually you

know it's like because you don't remember everything after a week or two i'm like oh what did i see on this day etc etc um and just a note on uh emotional impact um yeah um it's um you're you're it's a little rough you're dealing with people that are missing um there are some really sad cases every event um you know yeah there's um there's definitely real real and it um you feel it um you might think you don't but you will yeah um definitely it's important for decompression after the event is really important to even during the event take some breaks half walk around the house get some fresh air for a second whatever it's important um it is you

know you think it's not stressful but it's amazing actually how how quick four hours go and how stressful it is it's interesting um so some uh some notes about um the ctf um review the point system details as much as you can they're important um and this is a ctf well it is real world but those points are important so you could go down the rabbit hole for an hour or two and and find one flag or two flags but so paying attention to those what the what you get points for is important and and um and submitting submitting submitting submitting so after you your team submits their their first submission um you'll be uh judge will be

selected for you and typically our team would like to now after we've done a submission and you get assigned a judge is to go over to discord and you start a little chat with our team and our judge so you can check in with the judge and it helps a lot um it allows you to ask questions if they if they deny you a flag or something like that you can ask you can ask them why and and it's helped us a lot in them in the past it's definitely a really good thing to do um coordinating with your team members so typically in the past four four hour events we've checked in at the start had a voice

check-in and then every hour we've had a voice check-in and typically then maybe switch subjects switch to a new subject or if somebody's doing really great and uh digging into something then you know one person one team member will work on a missing person for two hours or something but and rotate a little bit that helps things definitely um so document document document the mind map works worked great and we've used that more in the last couple events because you can see everything all at once on one page it works really well um you can put links in you can put photos in you can do whatever i've liked that lots it's helped it's a good good

way we've found out yeah i'm okay of the tools we like to use these are just some we'll make these slides available and a link will be available to end i know i posted one earlier in the chat but um a couple of my my favorite tools here uh epis mail checker which is great um it checks for google google accounts google and you can put in an email um and even if it's not a gmail account you know what people have google services that aren't um that aren't um that aren't gmail accounts so it'll tell you it'll give you information um if you have a profile photo it's going to give them that um if you've done a whole bunch of

reviews on google maps you know what a lot of those are public most of those are public and it's very easy to see where those you know you've done reviews in austin austin texas for the last six months um you know you can see all that um it's very interesting what it shows user name check what's my name app that's my first place i go when i find a username this uh this website here if you give it a username hardbox or hard mac or whatever it's going to tell you it's going to check about i'm not sure where it's at now 90 sites or so it's going to check those 90 sites and tell you where

that username is used and provide you links to those sites so it's great it's my first stop for for user accounts um spyderfoot is a python utility that i'm going to talk about in the next slide or two a little bit um ocean framework is a basic ocean framework that talks all about um oh send uh investigations and different types of um um uh different methods of ocean to investigation and basically it's a very big framework and has a lot of links on it it's a very good place to go to just to look um do some research for when you're looking at hosting techniques um multiple search engines so yeah not just google not just bing

there's all kinds of search engines out there and they provide you all all kinds of different results another mention on this um is that when you're searching uh from a search engine i like to use a vpn because if you go if if my vpn's set to chicago and my missing people are from chicago i actually get different search results when i'm coming from chicago and i'm not coming from canada and you will find that when you're doing uh research over time uh a lot of my other online research tools are available on my start me page i did post that in the chat earlier and we'll provide you uh to these slides later uh tweet beaver

tweet beaver is my best everybody likes tweet beaver tweet beaver provides you all kinds of information on twitter accounts so it'll give you their timeline it will give you a list of and allow you to export uh timeline users friends account information it'll allow you to look at two different twitter accounts against each other and see followers or things like that in common things like that it's great it's definitely a great uh tool for uh for twitter and there's good people behind tweetbeaver they're awesome peeps

oh well spider fight that's me still so spider fits an open source intelligence tool it's written in python it's awesome um so i run linux it does run on mac uh windows i'm not really sure um but it is really nice um it allows you it has a really nice interface that allows you to run searches on user names domain names ip addresses all kinds of things it does require um to be really useful it does require some api access um a lot of you know different uis that uses a lot of different um most those apis are a lot of them are free not all of them um but i do have about 30 apis on my spider foot

and they are um you know those ones are all free um it provides you great results i do run it and typically run my usernames or run email addresses on it also during the during the tracelab ctf i also use it for other uh investigations a lot it's a great tool and they are doing spiderfoot team is great they're adding more and more modules all the time it's really powerful tool and it's getting better and better as time goes on okay um this is uh you can see a little bit of interface on spiderfoot and these were some usernames i searched on for a tracelab ctf and you can see it was uh something uh m redacted

fin and that provided me a bunch of accounts um which were very interesting this was a this was a teenager that was missing and um they had accounts on tinder and they had venmo and cash app accounts so that was very interesting results um okay so flags okay let you judge him rags yeah so a lot of times you'll find flags in news stories unfortunately you can't use news stories for for submission it's uh it's yeah no no no stories uh but what you can do is take that information and use it for things like employment flags uh one point um i think i was researching someone who the the news story called out that the the

subject worked at a specific place so went over to the the company's website and was actually able to download a a photo in an actual um a screen cap of their info on like the about us page uh also leads to friendly family and friends flags names photos employment um hobbies as well there have been you know news stories that have uh the folks in the uniform for a band which you know will give them give give the the school as well as some of their hobbies um multiple flags from one username obviously we saw that in spider foot um focus on the higher points flags for example the cell phone type and carrier and make sure that you know what the

flags are before you go in uh the first couple of times running through i completely forgot that some things were worth more than others and so i got stuck on looking at friends when i could be actually getting advanced subject info and then submitting things that way too um expect to have some of your flags get rejected either as duplicates or just as not enough information or questionable uh if you can't if you need to get a subscription or if it's behind some kind of a paywall it doesn't count you can't it'll that'll get rejected for sure talk to your judge uh these folks are often really good really senior members of the community they know what they're doing

they know what they're looking for um they're here to help they can guide you in the right way and then be like ross you want to pivot uh what does that mean well like i say the news story you get a photo um you might see a high school in the background you so you get the school you uh if you see a a photo of a couple folks together and you see something in uh in the background then leaning against a car or something like that you'll be able to pivot to the type of car the make model um every every piece of information can potentially leave to lead to another piece of information yeah school website

you name it all kinds of things and yeah you got it okay here you get an idea of how crazy things get i'm gonna make that bigger so i can see it okay so here um you can see this is uh this is the end of our first event and you can get an idea of how many uh how many things were submitted um there's 425 contestants four cases four missing people 240 teams 100 judges and by the way those judges not only are they awesome they're volunteering so yeah be nice to your judges too they're they're working hard exactly working hard and uh you got it so um you can get an idea here first

place here uh federal bureau of oceans um and they had 149 submissions um for 10 495 points pretty damn crazy exactly um and as you can see you'll see the score here that's they're at the very top here and they took off they've got some a lot of points and the top 10 teams here all are pretty experienced those in people they've been they typically take place uh and take part in the traceup ctf most events um a lot of them probably some of them a lot of them i think have uh jobs in ocean definitely they're skilled um but you get an idea of how many submissions they're submitting and that's the submissions i believe these

are submissions that were approved so this probably i don't think believe this shows the submissions that were rejected so you get an idea of that there's a question in the chat darren um have you been able to be successful in helping to find the missing people um the answer to that is we don't know uh submit the flags the flags go to law enforcement and then that's it that's the end of uh that is the end of the investigation yeah it's and it's one of those things too it's just like you know it's you know we're not then that's why we have our thing our slides redacted and things like that we we not you know these are

real people in investigations uh i hope it has and i don't know for sure you know we don't get any feedback from trace labs ctf and i don't expect anything of course you know we'd like to know but it's one of those things i hope that you know they've found some missing people but we don't really know um for sure yeah you got it hmm here's some numbers uh this was i think elite does say that only the accepted submissions show on that view thanks elise elisa is an awesome judge from uh tracelab ctf thank you for the comment uh i think this was from our first question yes so if you look back uh we had 425 contestants and 240

teams that led to over 7 000 submissions uh 2000 of the almost 2 000 of those were rejected so we had over 5 000 valid submissions accepted some from the home lots from family lots of friends some for employment lots of basic subject info and advanced info a few from the day last scene and zero dark web uh i don't know how that compares i don't remember how that compares to um the other ones that we've done i have some but they're not here as slides yeah typically there's yeah there's not very many dark web ones um last day scenes yes it's some but yeah it's yeah you got it but yeah you can get an idea of how big

and how many things are submitted yeah yeah um surprises every uh traceup ctf there's some pretty awesome prizes um as you can see uh offensive uh security uh uh trace lab oscp vouchers which are uh worth a couple thousand dollars actually is an awesome prize um pack in the box subscriptions uh hunchley licenses hunchley's an awesome uh ocean piece of software that does uh screen sharing and uh screen recording and things like that it's not screen sharing screen recording really nice piece of software really good for ocean investigations overall uh pack the box subscriptions spider foot uh licenses uh subscriptions which are also awesome and so we get a there's typically every event there's a first second and third

place and then there's also the mvo winner and that is basically the most valuable uh submission and every uh every event that's typically it's awarded to a team that provides the most insightful sort of uh submission and uh in different events that's been um submissions regarding like one of them was a geo i think a geolocated uh subject to last day or things like that um they're basically submissions that were uh you know well thought and definitely probably unique to a lot of or most of the other uh submissions that we receive for each uh each tracelab ctf you've got it most valuable ocean you've got it yeah and yeah tracelabs is from vancouver um

and um we um there yeah it's from vancouver and we they're good people definitely they've uh yeah they've sponsored besides in the past so this is how we did in our first event uh seventh out of 240 yeah so this is weird 29 submissions 1910 points nothing compared to the top 10 teams but we i was pretty happy with it i think jeff was pretty good yeah yeah 29 submissions got uh 1900 points and yeah yeah definitely pretty happy with that i've done uh i think most of our events we've placed in the top about 30 to 40 uh teams um i one i did by myself at def con i placed in the top 30 which was

awesome um and so yeah it's been pretty happy with those results so what you're saying is i'm slowing you down no hell no i didn't miss the last one you were still reading the last one you missed it okay here's the results uh qr code does not lead to anything malicious i don't think darren created it but if uh if you don't like it you can you can blame him um those are the slides so resources the search party link intel techniques uh darren start page again ocean framework the sans sounds blog on ocean github on search party write-ups that's actually one thing that we forgot um yeah looking at other people's write-ups is really handy

that was it's been a lot of fun and then the ocean map um i think i actually want to update this to include uh rechews resources while i took a look after the presentation this morning and it's i think they're worth including in here so there's a there's a lot of resources we could have 10 slides but yeah there's some some of these will get you some good places you got it that's for sure yeah uh we have a couple is the next the next f is it elite is the next ctf at def con is that is that what you mean there oh yeah yeah totally awesome so the next uh next traceup ctf will be in uh this

summer exactly at defcon 30. you got that's what i figured thanks elise that's awesome to know you got it and then tim is asking if there's any crossover between trace labs and orgs like bellingcat i can't answer that because they don't know what bellingcat is um there is not that i know of but i'm i'm sure some people uh from bellingham might take part in tracelabs ctf but no there's no crossover as far as i know um there are some other missing people uh uh ctfs out there in other countries a couple others um and um i can't remember their names right now but tracelabs is the biggest and has been around the longest and is

pretty international i know their last event they actually moved it from a morning event to an afternoon event to uh basically get more people from australia involved and a lot of uh australians got involved on the on the investigation side and there was also they added i think there was two or three missing people from australia we had six missing people all together two australians or one new zealander so it was interesting um a lot of and it's interesting because people from the united states are really easy to find there's a lot of information available typically but people from canada aren't we we have a lot of we have really good privacy laws in canada

and people from the uk and australia and other countries definitely have different uh differences harder and easier to find from different countries right and so it's interesting to brush up on those skills and try and find different people from different places uh how does ocean map compare to obsidian uh if you mean obsidian the the note-taking tool yes um i think that they're oh i haven't explored obsidian enough to know whether or not there's a mind map tool i believe there is i haven't played without obsidian a lot um i know that a lot of osun people are really uh pushing uh really happy with obsidian i've tried it a little bit um we could yeah i like the mind map

because it's one one view and we can do a share with all the team members obsidian might be a little overkill for a four hour ctf but obsidian is like awesome but it might be a lot for just um for a four hour ctf yeah actually just since you still have seen a couple days ago so i haven't explored its full potential yet okay so i think we got a couple more questions i'm gonna so that's our contact information and then we have yeah exactly uh thank does you have questions yeah i'm gonna see here i'm just looking um all right let me look over here okay uh just checking up here okay you know what questions there okay one

over there let's see web breacher yeah obsidian awesome jim you got it yeah good stuff yeah it is good it's pretty powerful it's pretty awesome i like obsidian and there is a it does take a little bit of a learning curve but it's pretty awesome for uh investigations and and note-taking it's pretty there's a lot of plug-ins in every different fun stuff with it i think it might be a little bit overkill for a four-hour ctf but it's pretty neat so if there's no other questions going are we on time whoa look at that we're 10 minutes early that's all right darren and i are both on slack on twitter or i will post the link to the slides in

the main chat there um so you don't have to scan that qr code um this one here if you want to scan it go for it but uh i'll post the link actually to the to my github um which you can find uh under hard box um if you want to search for it and you'll see the slides there and you can download them um i'll post a link a little bit in the main chat so people can find it and download it if they'd like to download our slides awesome okay i'm going to kick us off here the slide because i have the power to do that and have a nice b size 2022

i think they're gonna get scut up here in five minutes or ten minutes or so thanks everybody thanks jen you guys have a good besides 2022. take care

you