CTT CTF FTW!

I got the great chance to take part in the CTT CTF (acronym’s all over the place!).

For anyone who doesn’t know, CTT is Capture the Talent, a great company founded by Amy Stokes-Water and Shaun Whorton. Yes I am biased because both of these hooman’s are pretty damn amazing, have you even spoken to them before you judge?!

And CTF is Capture the Flag, a series of cyber challenges in which you have to, that’s right you guessed it, capture the flag.

I went into the CTF fully aware of my capabilities, or lack there of, but to my surprise and probably everyone elses, I did quite well!

All those years doing recon on boys for myself and friends finally paid off in the OSINT category of challenges (and yes boys, this is exactly what girls do, we know the name of your childhood pet 2 months before you tell us).

Apologies for my lack of preparation, but I took no screenshots as I went along, I was just in too much shock at my sheer amazingness of getting more than 2 points! Either way, I’m going to tell you a bit about what it was I did and learnt.

There are some amazing things you can find out from a picture. Every time you take one, it captures all sorts of information, even down to the shutter speed and device it’s taken on.

This led me to contemplate the million pictures i’ve taken and posted online and what kind of information you could possibly know about me…I imagine a lot and that scared me quite a bit.

After I was done realising I never wanted to post anything online again, it was back to CTF challenges.

I took a quick look at all the OSINT ones, just to see if any of them made sense. And alas one of them did straight away. A number plate, and the flag was the name of the country the number plate was from. I very quickly did a reverse image search on google (yes, one of the tools used for boy recon), and an exact match was found. Woo I was now 3rd on the leader-board of 3 players! Winner if I ever did see one.

Next up was a picture that Shaun had taken of some hills on a sunny day. I didn’t know where to start with this one, there was no information that I could easily glean from the picture, except a bridge. And then I remembered Amy telling us about doing the 3 peaks and her shoes breaking(this made the boring part memorable, who chooses to climb up hills?!). A quick look at the picture’s EXIF data (fancy frilly word meaning hidden information) gave me a date for the picture, and a quick search in the discord channel of when they did the walk and AHA, it’s the 3 peaks.

A quick google showed me the only bridge of any note in that area, and just to one side of the bridge was a hill. Popped that in and bob’s your uncle, I captured the flag in a way that it probably wasn’t intended to be caught.

Last one i’ll tell you about was a holiday picture. Nice and simple, tell us where this was taken. I had the inside scoop on this one, the brick buildings, narrow streets and old signage could mean only one thing, it was taken in my favourite place in the world, Mont Saint Michel. I jumped onto google maps, found the little yellow guy and dropped him into the middle of the little island. Walked around a bit and decided I needed to go back there as soon as possible and eventually found where the picture was taken.

I did 100% use more skills than knowledge I already had, and if I can remember the other challenges from under the cloud of frustration that grew over me while doing the CTF I will certainly write about them.

But for now, I’m really glad I took part. It was a fun 24 hours, especially having some friendly competition and gave me a confidence boost that was much needed!

And for anyone who’s still here wanting to know where I landed on the leaderboard, because my spot at 3 did not last long, it was 16. Not a bad turn out for my first try!