DEF CON Forum Site Header Art


No announcement yet.

Announcing the OSINT CTF at DC28

  • Filter
  • Time
  • Show
Clear All
new posts

  • Announcing the OSINT CTF at DC28

    READ ALL OF THIS PAGE (that means every word on this page) BEFORE PROCEEDING – THE RULES ARE IMPORTANT!


    For the first time ever, the SEVillage is going to host an OSINT CTF at DEF CON! OSINT is the lifeblood of a social engineer and a person’s proficiency in using this skill is often time the reason for success in social engineering engagements. This unique event will challenge you and test your abilities to use OSINT skills. With a 4-hour time limit each contestant will be given the chance to collect information on provided targets. Those who end with the highest score will take home some very nice SE prizes!

    So, if you are:
    • Willing to spend time in an awesome, fun contest
    • Wanting to win awesome prizes
    • Wanting to be crowned the DEF CON OSINT Champion!

    Then read on….

    The CTF Rules

    Before you sign up, read the ALL THE RULES CAREFULLY. Breaking these rules can lead to disqualification – SO KNOW THEM!

    The underlying idea of this contest is: No one gets victimized during this contest. This contest focuses on the information-gathering skills of the contestant. Our goal is to raise awareness about the vast amount of information shared by people and how this information can be used in a social engineering attack. We will never lose our core value of ‘leave them feeling better for having met you’ and we expect each OSINT CTF contestant to live up to that standard. If you violate anything on the following list, you will receive a warning; if the behavior continues then you will be disqualified from the competition.

    The Do Not List:
    • Attempting to elicit confidential, legal, or personal target data (e.g. SS#, credit card numbers, passwords, etc.).
    • No paid search services can be used. All contestants must be able to provide a URL for each flag submission upon requestion. We will spot check the winning contestant and disqualify any source URLs that cannot be verified without requiring authentication beyond a generic LinkedIn, Spokeo, Twitter, Jigsaw, Flickr, Pastebin, shodan, or Facebook account that has no connection with any of the targets.
    • Contestants are not allowed to call, email, or elicit information from the targets in ANY way.
    • You get two guesses per challenge. Format does matter. Please read carefully and take note of the format for each flag.
    • Use of pornography in any form. We attempt to keep the SEVillage family-friendly at all times.
    • Any techniques that would make a target feel as if they are “at risk” in any manner.
    • The use of threats or foul language.
    • Use common sense, if something seems unethical – don’t do it. If you have questions, ask a judge.
    • Contestants will compete on an individual basis; submissions consisting of multiple people on a team will not be accepted

    • A computer
    • Be in attendance at DEF CON on Friday, August 7, 2020

    Does this sound exciting? Then sign up TODAY! Signups will be taken until May 11, 2020.

    We will be choosing only 14 contestants to compete. To help us choose, we are asking contestants to make a 90 second (or less) video to show us why we should pick them. After you have completed the form below you will be sent video instructions via email.

    PGP key: valid 2020 Jan 15, to 2024 Jan 01 Fingerprint: BC5B CD9A C609 1B6B CD81 9636 D7C6 E96C FE66 156A