Cyber Investigator CTF
CTF link: https://investigator.cybersoc.wales/
Last updated
Was this helpful?
CTF link: https://investigator.cybersoc.wales/
Last updated
Was this helpful?
Our signals intelligence team has captured a transmission originating from Western China and we have reason to believe that it may provide us with some kind of code that might be meant for a field operative of theirs. We'd like to know what it is.
The translation team is not available for us to utilise at the moment, so I'm wondering if you can use any of your digital tricks to work out what the code in the recording I've attached is?
Expected flag format: ###############
Knowing that the language spoken in Western China is Chinese, we could use a tool that transcribes audio to text and thus know the code provided.
In this case use the veed.io and got the code..
We've been granted authorisation for a wiretap on a phone belonging to a kidnapping victim; no calls have been made since they disappeared however just recently, there was a call made to a bank where the caller inputted a debit card number.
Can you find out the 16 digit card number so that we can trace the spending activity associated with this card? This will be very helpful in our effort to locate who may be a potential suspect in this case.
Expected flag format: ################
In the audio you can hear the dialing of cell phone numbers, this is called DTMF.
As each number has a different and unique tone, we can use a tool that decodes it and gives us the 16 digits of the card. In this case I used DTMF Decoder..
As part of an investigation into an individual we believe is responsible for a slew of email threats directed at senior politicians, we have been digging up boxes of evidence from various forests around the UK.
From a few feet beneath Grizedale forest, we've recovered a cassette tape that when played, has what sounds like some unrecognisable speech. We don't know who it is or what they're saying.
It isn't clear what the suspect was doing with this, or whether they intended for us to find it.
Are you able to identify who is in the recording for us? I've attached a digital copy of the tape.
Note: you've only got 3 attempts so refrain from just guessing!
Expected flag format: firstName(space)lastName
When we listen to the audio, we can identify that it is reversed, we reverse it back using Invert audio and so we have the original audio. Then using the tool in activity one, we extract the text of everything this person says, and then look for who said it...
Uh oh... tell me where it's headed so we can let them know it's over.
Note: You have only 3 attempts for this one.
Expected flag format: nameOfTarget
In the image you can see the spectrum of an audio, then look for tools that can transform the spectrum into audio.I found several that did not work but for Photosounder that was not the case...
In the audio you can hear that it says Latitude 34.67...... and Longitude 32.59........., I look for the coordinates and it gives us the exact place that ends up being the flag.
One of our undercover officers has been following a suspected financial crime kingpin and they keep visiting a lockup in a secluded area of London - we have no idea what is in there.
A couple of nights ago, the officer noticed that there is a digital PIN pad used to open the lockup door, and shortly after the suspect entered and closed the door behind them, our officer promtly approached the PIN pad and took a photograph of the keys with a thermal camera.
Research into the PIN pad reveals that it only accepts four digit codes, so that should make things easier.
What is the PIN code for the lockup? It will be much easier for us to make a subdued entry to find out what is in there without compromising our investigation through forcing our way in.
Note: You only have 5 attempts so inspect the image very carefully before checking your answer.
Expected flag format: ####
Bearing in mind that the informant took the photo at the moment after the robber entered, we could deduce that the last number is the hottest and the first number is the coldest, so we are left with 4185.
We've been monitoring the movements of a few somewhat well-known club DJs-for-hire with sketchy pasts.
A couple of days ago, we parked one of our investigators outside a nightclub which previous checks suggest is linked to a drug-related money laundering scheme. We also happen to know that each of the DJs we've been following use Spotify for their music at venues.
Unfortunately, the DJ for the evening must have used another entrance as our suveillance team didn't spot anyone matching the profile of any of our suspects that night.
It would be useful for us to know the name of the song that is playing in the attached recording, as this will enable us to scrape the listening histories of our suspects and match the two up to identify who was there at the time.
We're hoping to recruit this particular DJ and leverage the likely trust that has been established with the club management to utilise them as an informant.
This will help us to infiltrate the drug gang running the nightclub and move us closer to dismantling their operation.
Expected flag format: XXXXXXXXX
For this case we can use a tool that allows us to identify the song by audio. In this case I used Shazam, but there are many other applications that do the same.
We recently performed a search of a Yacht parked in a berth in Hawaii; fairly strangely, a lookup of the vessel's paperwork yields no results and we don't have time to draft in someone with enough knowledge of boats to be able to provide us with further context.
However, we did find what looks to be a dash cam with footage of someone driving through what we suspect is a town or city in Asia.
I've attached an image showing a road sign from one of the clips found on the camera, could you take a look and see if you can work out where the driver was at the time?
First we look up the name of each address it gives us and then look at the matches. Which brings us to Shanghai, where the 4 places meet.
We believe we've found an address where a number of victims of human trafficking are being held. We know that there are anywhere between 1 and 3 grunts posted to guard the premises at any given time, but in the early hours of the morning, they seem to watch TV most of the time.
I have been thinking about a distraction technique to get them all into the living room at the same time whilst we make quiet entry into the property before hurling a flashbang into the lounge and getting the drop on them, hopefully without firing a shot so we can keep them in a fit state to tell us all about the intricate workings of their organisation.
A way of getting them together to deliberate might be to cause a problem with their TV.
Our guys sat on the hill not far away and spotted the below remote control in one of their hands, together with a TV as pictured on the unit in the lounge.
I know that these remotes are programmable, could you find out the code to set the remote to control this brand of TV?
This will enable us to switch off the TV, fiddle with the sound, change inputs and so on - hopefully causing a stir long enough to distract them.
We paste the image in Google Lens and find out that the model is Sky Q Voice-Controlled, we look for the Sky page which ask for the version of the control, and the brand of the TV.
We've been tracking a cell on the horn of Africa and one particular target has fallen under suspicion. Our agent deployed there has found out that the target always stores his handgun in a small compartment of the boot of his car, which following some research on this particular model of the car, measures in at 200mm x 135mm (length x width).
Our agent believes that they have recovered the target's weapon but to help confirm this, we need to establish whether it ties in with our theory about putting it in the boot. We have no idea what the gun is, so could you use your talents to find out the length and height of the handgun pictured?
By the way, the agent said that some parts of the handgun feel rough - like sandpaper - perhaps a brand name has been sanded off somewhere along the line.
The first thing I did was to search in google for 19 AUSTRIA, all the results about guns talk about the Glock brand. Searching on the official Glock website for the 19 model, we found the measurements:
Length: 187mm Height: 128mm
I've been anonymously emailed some footage with a siren blaring in the background and a scene of chaos and panic, with people running out of open spaces seeking cover. I'm not quite sure what to make of this.
Could you take a look at the clip for me and let me know the name of the country in which it was filmed?
Will be a big help and a good start to building up a picture of what its all about.
Note: You have just 5 attempts for this so keep a sharp eye out.
Expected flag format: nameOfCountry
In the video we can extract several images that lead us to the flag.
Doing a reverse image search we know that the first image is of a building called Matcal and the second image is of Kirya Tower. Both buildings are located in Israel.
In the third image, the "trafic" has a url ending with .il which is the geographic Top Level Domain for Israel.
We've dug out a memory stick from a safety deposit box on the east coast of the US after following up on some leads over there, but all of the modified/access/creation timestamps have been wiped, meaning that we don't have even the slightest idea of when it was last used.
Said memory stick contains an array of incriminating files which prompt us to want to speak to whoever the memory stick belongs to.
Amongst the files on the drive, we have found a recording of a Boeing 737-800 aircraft taking off from some airport.
Can you find the latest possible date that the video was taken? This will help us to gain a ballpark idea of the age of the rest of the content on the seized memory stick. Note that the metadata of the video file itself won't be any use in this case.
Attempts are capped at 5, so refrain from completely guessing!
Expected flag format: DD/MM/YYYY
In the video you can see an American Airlines plane taking off and a LASER (Venezuelan Airline) plane on the runway, you can also identify the Venezuelan flag. Therefore we can say that we are in a Venezuelan airport.
Since the question says when was the last POSSIBLE date, I assumed that something had happened and so I found the flag.
We keep detecting an unknown device on our network in the office and records are showing that it's connecting via one of our WiFi access points. We'd like to learn a bit more about what is going on here.
The MAC address is: 00:0a:95:10:e2:1b.
Could you tell us the manufacturer of the device that we are looking for?
Note: You only have 3 attempts so refrain from guessing!
Expected flag format: nameOfManufacturer
As we know MAC addresses are made up of 12 hexadecimal digits and the first 6 digits are those that identify the manufacturer, called OUI (Organizational Unique Identifier).
We've sent a couple of officers to Birmingham Airport (BHX) security to help fill a temporary staffing shortage and whilst there, they have identified a male who is yielding strong readings for a presence of cocaine. He has come from Lima via Istanbul.
There seems to be a white powdery substance synonymous with this drug leaking out of the phone in trace amounts, but attempts to open the phone have failed. It seems that some sort of very strong adhesive has been used to bind the chassis togehter.
We've weighed the device and right now it is showing as 300g. There are no signs of life and the device does not respond when a compatable charger is plugged in. We suspect the device may have been gutted and stuffed with cocaine.
Is there any way you could find out the difference between the current weight and the original (expected) weight of the device? A substantial difference will help us confirm our hunch that the device being used to conceal a controlled substance and we'll confidently drill into it.
By having the IMEI (International Mobile Station Equipment Identity) which is the unique identifier of the cell phone worldwide, we can search for information about it. I used Imei Info
With this we know that the cell phone is a J210F GALAXY J2 (2016) which the weight is 138g and as the question asks us for the difference, we do 300 - 138 which is 162g.
Did you know about 30,000 websites are hacked daily?
We recently set up a unit alongside our counterparts in North America that is designed to actively monitor potential attack surfaces of high net worth and other high profile parties; think C-level employees of companies, those in powerful government positions and so on.
Interesting one for you... I'm trying to work out whether Elon Musk's email address has ever been included in these huge data breaches which tend to arise from organisations' databases/sources being left exposed to the public or attacked by black hat hackers.
The typical result of the above is that lots of personal information such as names, usernames, email addresses, passwords, physical addresses, credit card information et al gets flooded onto the dark net, where it is then used for all sorts of nefarious purposes.
Can you find out the name of the company whose data breach Elon's email was spotted in? Here's his outlandish business card.
For this case, we can use tools that help you to know if your data is in a data breach. Have i been pwned? is one that if you provide your email or phone number can tell you when it happened, what data and in which company it happened.
It's me again. We've been scraping the contents of some open cloud storage buckets belonging to some dark net e-commerce websites known for selling drugs, weapons, stolen credentials and so on.
I have spotted a few documents using this peculiar font, seemingly discussing the drop-off of goods (attached here).
My thinking is that it would be easier to filter out the millions of documents that we have seized if we know the name of the font used in the exemplar document, as we could then use computer vision techniques to match the full character set of said font to any of the other documents in the masses of data which use the same one, potentially finding other associated messages and detail that we may otherwise never have time to dig up.
Let me know?
Note: You have only 5 attempts for this one, so make sure you're certain of the font.
For this challenge we can use a typography identifier and upload the image there. I used Font Squirrel
We have 3 possible fonts and when we tested the first one it was enough.
Last week, we seized a computer belonging to somebody who we believe to be involved in the logistics of a criminal organisation. Upon inspecting the contents of the hard disk in the machine, we've found some code held in TXT files; the person in question seems to be something of a gamer with a preference for older titles.
Attached is a sample of one of the code files we found. We're aware of instances where similar parties contact one another using the likes of Call of Duty as the servers are not monitored; perhaps they're using some other game in this instance to achieve the same? If it's any help, every single one of their computer games seems to be rated PEGI 18+.
It looks like this code is some sort of tutorial, they were possibly trying to learn the language...
Could you find out the name of the video game that the scripting language shown in the attached text file is used with? This will help us to potentially narrow down who else they have been speaking to by checking for the presence of the game on other seized machines.
NOTE: Remember, its a multiplayer game.
Note: You have just 10 attempts for this so don't guess!
Expected flag format: nameOfGame
Just by searching for the first comment and variable they declare, we get two striking results.
The first result talks about Pawn, which is a video game programming language.
The second result is from Open Multiplayer where they explain you how to program scripts for Grand Theft Auto: San Andreas Multiplayer
