Clue: Halo Malicious is not a real corporation, it's a cover for a crimeware organization. Find the key to infiltrate their secret lair!
💡
Note: The solution to this CTF can now be found on https://github.com/technicalciso/CTF/. Use the password technicalciso to unlock PicturePerfect.zip.

Why is OSINT Important?

OSINT can help uncover threats, including those that stem from widespread use of social media to perform reconnaissance and gather information about targets. OSINT tools are used to quickly detect data leaks, pinpoint account compromises, find vulnerable systems, intercept threat actor chatter, and otherwise identify risks to an organization.

What is an OSINT CTF?

A CTF (Capture the Flag) is a cybersecurity exercise where participants must uncover a secret string of text. OSINT (open source intelligence) refers to gathering of intelligence from publicly available sources, and an OSINT CTF is a cyber exercise specifically designed to challenge and build OSINT skills.

What are the steps for solving an OSINT CTF?

Start by carefully studying the entire clue and using public websites to gather more information. Each step should reveal more clues and lead to the next step. Beware that in this CTF the common practice of starting with Google searches might lead to rabbit holes.

The secret string of text needed to solve this CTF is in the form HTB{secret string}. Check back here in a few weeks for a link to the official write-up and solutions.


NOTE: I created this CTF in 2021. It has been privately shared with colleagues and used for team building events, but has not been previously published. Disclaimer: Social media accounts, posts, and other information necessary to solve this CTF is subject to change. As of the posting of this article, the CTF is still solvable.