WEBVTT

00:00.740 --> 00:06.350
In this video, we're talking about the Trace Labs O.S. search party CTF and how to prepare for it.

00:06.380 --> 00:10.670
Now, this topic came up from one of the students in this course.

00:10.670 --> 00:15.020
They actually asked a question if there's anything about preparing for it.

00:15.170 --> 00:16.040
There wasn't.

00:16.040 --> 00:17.660
I thought it was a fantastic idea.

00:17.660 --> 00:21.650
So here we are and thank you for asking that question.

00:23.310 --> 00:24.480
Now real quick.

00:24.660 --> 00:28.940
I don't work for or otherwise affiliate with the Trace Labs team.

00:28.950 --> 00:35.490
I do participate in their ctfs when I can, and I've done 11 so far and look forward to doing more with

00:35.490 --> 00:42.300
them, but I do not actually work for an otherwise affiliate with the Trace Labs team.

00:43.900 --> 00:45.070
Now real quick.

00:45.070 --> 00:50.200
If you're not familiar with the trace search part, essentially it's a crowdsourced system for finding

00:50.200 --> 00:51.220
missing people.

00:51.250 --> 00:59.470
Trace lab team works with local law enforcement and comes up with these people that to help law enforcement

00:59.470 --> 01:04.960
and the flags we're looking for are essentially clues that could potentially help law enforcement find

01:04.960 --> 01:06.220
these people that are missing.

01:07.910 --> 01:13.790
And hopefully reunite these missing people with their families and friends and whatnot.

01:14.910 --> 01:16.940
Now there is an entry cost.

01:16.950 --> 01:21.750
Cost I want to say ranges between 10 to $20 American.

01:21.750 --> 01:26.370
I believe it's been a little while since I've signed up for one.

01:26.370 --> 01:31.200
I think it's I think the last time I paid it was like ten, $15.

01:31.320 --> 01:38.010
So very low entry fee to get in and you can have up to teams of four people.

01:38.010 --> 01:39.720
Or you could do this solo.

01:40.020 --> 01:43.830
Personally, I've done all the Trace Labs search parties solo.

01:44.070 --> 01:53.070
However, if you do want to win prizes and I do recommend going with a team, you will obviously most

01:53.070 --> 01:55.170
likely get more information that way.

01:55.410 --> 02:00.270
And again, what we're doing is we're looking for these flags.

02:00.270 --> 02:08.400
We're looking for certain information that is given in the Trace Labs CTF, things like social media

02:08.400 --> 02:15.090
accounts, location dates, timestamps, whatnot, and ill list listed out when you when you actually

02:15.090 --> 02:16.470
go through the CTF.

02:16.950 --> 02:25.470
Now the information that you gather and gather by your team is given to a judge assigned to you and

02:25.470 --> 02:27.060
to me how much information you throw out there.

02:27.060 --> 02:29.550
It might take a little while for the judge to.

02:30.650 --> 02:32.600
Take the information and validate it.

02:32.780 --> 02:37.940
So be patient and you don't have to send one piece and wait for it to get validate.

02:37.940 --> 02:45.020
You can start sending all the information you have and eventually all that will get evaluated verified.

02:45.020 --> 02:47.180
And then you'll either get credit for it.

02:47.180 --> 02:50.090
You won't get credit if you don't, they'll actually tell you why.

02:50.120 --> 02:58.100
So pay attention to flags that are denied and why they were denied, and badges and warrants can be

02:58.100 --> 03:00.860
given for the winners.

03:01.640 --> 03:05.050
And for more information, go to wbez.org.

03:05.060 --> 03:06.580
For slash initiatives.

03:06.590 --> 03:08.960
Forward slash search party.

03:09.890 --> 03:14.560
Now, certain recommendations for pay attention to the rules of CTF.

03:14.570 --> 03:16.460
Now before the CTF starts.

03:16.460 --> 03:19.850
They do have a briefing video.

03:19.880 --> 03:25.910
I strongly encourage you whether you've never taken a CTF before or even if you have taken the CTF before,

03:26.330 --> 03:29.930
I think it's always a good idea to jump into that that.

03:30.930 --> 03:32.910
Preparation video they do.

03:33.000 --> 03:37.020
You're probably going to hear information that you heard before, but it's always a good refresher,

03:37.020 --> 03:41.100
and there might be new information that you might need or want to know.

03:41.980 --> 03:48.580
And these cases are real people, so please be respectful of that and keep that in mind.

03:49.890 --> 03:52.020
Prepare yourself mentally.

03:52.140 --> 03:55.410
So some of these cases may strike a nerve with some people.

03:55.590 --> 04:00.900
We're dealing with people that are missing from all different reasons.

04:00.930 --> 04:03.750
A person may intentionally run away.

04:03.750 --> 04:05.970
They they may have been kidnapped.

04:06.000 --> 04:11.460
It could be due to stress or mental illness or medical conditions.

04:11.820 --> 04:13.470
It varies quite a bit.

04:13.470 --> 04:14.190
And.

04:15.340 --> 04:22.540
As you're searching these things, you it it you might find things that relate to either you or people

04:22.540 --> 04:26.470
in your life or whatnot and that that might.

04:27.240 --> 04:28.530
You know, get you emotionally.

04:28.530 --> 04:31.110
So try to prepare yourself for this.

04:31.110 --> 04:39.540
And as they say in the Trace Labs briefings, that these searches can be emotionally draining.

04:39.540 --> 04:42.360
So try prepare for that.

04:42.480 --> 04:46.080
Take breaks if you need to take breaks, it is on a time limit.

04:46.350 --> 04:52.740
But again, your your personal mental and health and wellbeing is important too.

04:52.770 --> 04:56.610
So if you've got to take a break, you know it's worth taking that break.

04:57.480 --> 05:01.890
Get a team together and determine roles ahead of time.

05:01.890 --> 05:07.230
I do recommend teams if you really want to score high on this.

05:08.020 --> 05:13.480
Uh, teams obviously, again, could actually find a lot more information normally than one person.

05:13.480 --> 05:16.030
But again, determine the rules ahead of time.

05:16.030 --> 05:17.860
Figure out who's going to be doing what.

05:17.890 --> 05:25.420
Like team member A might be in charge of social media, team member B might be in charge of doing reverse

05:25.420 --> 05:28.660
image searches and whatnot and so on and so forth.

05:28.660 --> 05:30.520
So kind of keep those rolls ahead.

05:30.520 --> 05:34.750
That way things aren't overlapping if it's not necessary.

05:35.290 --> 05:38.230
Now, the ctfs don't always take place in the same country.

05:38.230 --> 05:44.650
I've done some in United States, some have taken place in Australia and over in Europe and whatnot.

05:44.650 --> 05:47.800
So you do want to keep that in mind.

05:47.830 --> 05:51.970
The missing people vary in age, careers, conditions, etcetera.

05:51.970 --> 05:56.530
They could be again, they could be runaway mental problems, potential kidnapping, etcetera.

05:56.530 --> 05:57.340
So.

05:58.430 --> 06:02.210
Not everyone is going to have the same internet footprint.

06:02.210 --> 06:08.660
Some younger people are probably going to have more social media presence than someone, say, in their

06:08.660 --> 06:10.110
70s or 80s.

06:10.130 --> 06:14.810
So you do want to keep that in mind, and you're going to have to adjust your investigation accordingly.

06:15.050 --> 06:17.270
Now, you're not going to just be assigned one person.

06:17.270 --> 06:19.340
You'll actually have a.

06:20.550 --> 06:23.430
Several different people that you could select from.

06:23.820 --> 06:30.930
I want to say it's usually about five to maybe seven people or so that you can, that you can kind of

06:30.930 --> 06:31.410
select through.

06:31.440 --> 06:35.430
You can bounce between them and start as you do your investigation.

06:35.430 --> 06:41.010
So if you're having a really hard time with one person pulling information up, you may want to switch

06:41.010 --> 06:42.060
to someone else.

06:42.740 --> 06:44.780
And again depending on.

06:45.780 --> 06:49.230
Who you're actually investing in is going to depend on their internet footprint.

06:51.920 --> 06:53.720
Other recommendations are prepared.

06:53.720 --> 06:58.490
Your VM makes sure it is up to date and makes sure your VM is clean.

06:58.490 --> 07:05.150
It should be a new VM, not a used one to make sure your information and findings are clean.

07:05.780 --> 07:08.750
Familiar yourself with yourself with your tools.

07:08.750 --> 07:14.570
Make sure you have whatever tools that you think you're going to need for the various regions.

07:14.570 --> 07:20.090
Make sure your tools are up to date and your resources are still valid and working because things do

07:20.120 --> 07:22.010
move quickly, especially with tools.

07:22.010 --> 07:25.850
When it comes to Osint, things that work today may not work tomorrow.

07:25.850 --> 07:27.830
So again, make sure they're updated.

07:27.830 --> 07:33.710
Make sure that they're working properly, both tools and resources that you're using.

07:34.850 --> 07:40.430
Make sure everyone on your team is familiar and comfortable with their roles.

07:40.560 --> 07:48.650
Last thing you want is for people to have issues or argue about not wanting to be in the roles that

07:48.650 --> 07:50.180
they're in, for whatever reason.

07:50.210 --> 07:52.820
Make sure to keep in communication with your team.

07:52.850 --> 07:58.280
Don't argue with a judge that's assigned to you unless there is a legitimate problem, in which case

07:58.280 --> 08:00.710
you should be able to escalate that.

08:00.890 --> 08:06.800
But in general, if you're trying to argue with a judge about, well, you should have took this flag.

08:07.100 --> 08:08.630
Probably not going to go anywhere.

08:08.630 --> 08:09.860
The judges are.

08:10.220 --> 08:15.680
From my understanding, pretty well trained in what what is and isn't accepted.

08:16.160 --> 08:20.180
And be flexible in your searches and investigations.

08:20.200 --> 08:24.830
Information available again will vary from person to person, so do keep that in mind.

08:25.810 --> 08:29.410
And finally, good luck in your searches.

08:29.800 --> 08:35.530
Again, I think this is a wonderful, wonderful initiative that Trace Labs has.

08:35.740 --> 08:43.270
I've been really happy to be able to participate in it, and I hope that you participate in it.

08:44.770 --> 08:49.870
Help out to help out law enforcement, help these families and friends that are missing people and try

08:49.870 --> 08:51.610
to get people back home safely.

08:51.910 --> 08:53.500
Thank you for watching.

08:53.500 --> 08:54.760
I'll see you next video.