NahamCon CTF 2023 — OSINT Challenges Walkthrough
A detailed walkthrough of all four OSINT challenges from NahamCon CTF 2023.
In this post, we will dive into the captivating realm of open-source intelligence (OSINT) challenges presented at NahamCon CTF. OSINT plays a crucial role in the world of cybersecurity, as it involves gathering information from publicly available sources to uncover hidden clues, solve puzzles, and uncover vulnerabilities. If you are new to the field and want to get a more comprehensive overview, I encourage you to check out my “Approaching CTF OSINT Challenges — Learn by Example” blog post:
In contrast to the 2022 NahamCon CTF OSINT challenges that were more around social OSINT, this year’s challenges were GeoOSINT challenges. What is GeoOSINT you ask? great question 👇
GeoOSINT
GeoOSINT, or Geospatial Open-Source Intelligence, refers to the practice of gathering and analyzing open-source information that has a geographical or spatial context. It involves leveraging various sources such as maps, satellite imagery, social media geotags, public records, and other location-based data to extract valuable intelligence. GeoOSINT allows analysts and investigators to gain insights into specific geographic areas, understand patterns, and uncover relationships between entities or events. By utilizing geospatial data, it becomes possible to identify potential risks, monitor activities, track movements, and detect patterns that may be otherwise hidden. This field has gained prominence in recent years, especially with the increased availability of mapping technologies and publicly accessible geospatial information. GeoOSINT serves as a valuable tool in a wide range of domains, including security, law enforcement, emergency response, urban planning, and market research, enabling professionals to make informed decisions based on geographically contextualized information.
As can be seen in this viral video by @josemonkey, people experienced in GeoOSINT do not need a lot of information to be able to pinpoint an exact location:
Now is be a good point to point out that if you value your privacy, you should really think twice before uploading any information on social media :)
All of the challenges in this CTF utilized the osint.golf platform and are still available if you want to try them yourself. Hence, I will not be revealing the actual flags, but rather the steps I took to find them.
Anyway, Let’s dive into the actual challenges…
Challenge 1
For the first challenge, after looking around what seemed like a golf course, there are two pieces of information that caught my eye.
The first is a large event banner, containing the phrase “all Thailand Premier Championship” as well as some additional text which isn’t really readable.
The second was some kind of stand with a BETAGRO logo on it:
A quick Google search for `all Thailand golf championship betagro` has produced the following image:
We can see that (at least in 2017), the competition took place at the Laem Chabang International Country Club.
Submitting the Google marker for the country club did not produce the flag, since we still need to pinpoint the exact location.
Once I started drilling down into the satellite view in order to identify the exact location, something just did not add up… After spending TOO MUCH time on unsuccessful attempts to force the location, I decided to take a step back and question whether this is indeed the correct golf course.
Note: In every challenge, and specifically in OSINT, always be open to the fact that some of your assumptions may not be accurate and be sure to reevaluate them when you feel you have reached a dead end.
At this point, I went back to the first image and my original Google search and added the words “road to” which appear on the event banner.
This time, the results pointed to a different golf course, the Khon Kaen Golf Club:
This time the landmarks aligned perfectly and I could get the flag.
Challenge 2
This challenge places us on a large boat near a dock.
The first element I tried to explore is a combination of four flags printed out on the body of the ship:
A Google image search led to this image of the signal flags used by the British royal navy:
In our case, the combination in the image is:
India Bravo Quebec Zolo
A Google search of the above combination led me to the Acciarello (ferry) Wiki page:
There I learned that:
“In 2015 it was definitively sold to the Elba company BluNavy, however continuing to alternate between the summer connections on the Island of Elba and the winter ones on the Strait of Messina”
Since the picture we got seems to have been taken in the summer, my next search was for Elba Island.
The island has many ports, but we have several characteristics we can rely on.
First, some kind of fort:
Second, 3 piers with distinct lengths:
After some exploring, I have identified Portoferraio port which answers all of our requirements:
All that is left is to use Google street view to find the exact location:
Challenge 3
This time we find ourselves in a park. The park seems very large and is surrounded by tall buildings from all sides. This indicates the park is located in a major city.
Once again, we will use Google Image Search for the following building:
And luckily enough, one of the pictures points us in the right direction:
All that is left is to pinpoint the exact location and we get our flag:
Challenge 4
For the last (and trickiest) challenge, we are provided with an aerial view of what seems to be a large train station located in a European rural setting.
This time I started with examining the distinctly colored green and yellow railroad car using, once again, Google Image search:
The wagon seems to belong to a company called GYSEV. According to Wikipedia, the company operates in Hungary and Austria.
“The Raaberbahn or GYSEV is a Hungarian-Austrian railway company based in Sopron, Hungary. The company is a joint enterprise of the states of Hungary (65.6%),[1] Austria (28.2%), and a holding belonging to ÖBB (4.9%). “
This could indicate the landmark we are looking for is somewhere near the border of these two states. It is still a pretty wide net :)
We need some more details to focus on.
This time the image search points us to Bratislava Castle:
The only problem is that Bratislava Castle is in Slovakia. This doesn’t really sit well with our first lead. On the other hand, Slovakia isn’t that far from Hungary and Austria.
I decided it was worth exploring. Yet once again, when I tried to match the landmarks from the challenge with those around Bratislava castle, something didn’t add up. The area seems too urban to match our challenge.
Back to the drawing board it is, or to Google Image Search that is :)
One of the matches we got in our original image search was to
Ebenfurth Castle
When Exploring the satellite view of the castle in Google Maps, we can see that it matches perfectly with our challenge, including the sonar panels on the castle’s roof and the three weird-looking buildings at the upper left corner):
All that is left is to find the exact location the challenge view was taken from, somewhere above the track and near the building with red edges:
This is a Google Street view from the bridge, observing the target area:
Final Thoughts
This concludes the NahamCon CTF 2023 series of OSINT challenges.
While last years׳ OSINT challenges were (at least in my opinion) more exciting, I did learn a lot while solving these challenges and I can’t help but appreciate the enormous effort that was put into building them by @itsecgary (who also developed the GeoOSINT web app used to host the challenges).
On that note, I’d like to give a huge shoutout to the organizers of the NahamCon CTF and conference. @_JohnHammond, @NahamSec, @ippsec, @Alh4zr3d and others really go out of their way to make high quality cybersecurity content accessible for free for anyone who wants to learn which is truly inspiring!
Feel free to leave your thoughts in the comments or reach out directly via Twitter if you have any questions.
