Osint Ctf
- Find out more information about the person of interest’s GitHub account:
a. API Key on the GitHub, clicked on the first repository “Project-Build---custom-login-page”, then clicked on the file, Login Page.js and then located API Key = aJFRaLHjMXvYZgLPwiJkroYLGRkNBW
b. Real name: Emilie Marseille (from the Instagram account)
job role: Backend programmer
company: Consultants Inc
university : Sorbonne university, France (from LinkedIn)
c. On the same as of 1a, Username: EMarseille99 Plaintext password: PicassoBaguette99 On linux terminal, I keyed in the command "echo UGljYXNzb0JhZ3VldHRlOTk= |base64 - -decode"
- From looking at their GitHub account, what hacking tools did the person of interest use on company PCs for:
a. Lateral movement & privilege escalation- PoshC2
b. Remote control- QuasarRAT
c. Reconnaissance- metasploit-framework
d. Cryptocurrency mining (she used this)- xmrig
e. Password cracking- hashcat
- Find our person of interest’s other accounts online
a. From a popular business/hiring network
linkedin.com/inémilie-marseille-4b353a1aa
b. Social media account for taking photos
Instagram: instagram.com/emarseille99
c. Community profile for playing PC games and what university club were they in? Steam TF2 BACKPACK EXAMINER tf2items.com/id/EMarseille99 Using a username searching tool, whatsmyname.app
- Using their social media find:
a. Where did they go on holiday? Singapore
I downloaded the picture with the caption of ‘holiday’ using ‘instantsaver’ and searched using ‘Yandex’.
It brought out similar pictures with description written in Singapore language, but I had to translate using translator.
b. Which city do they live in?
c. Where is their family based- Dubai, Burj Khalifa. Identifying the Dubai flag in one of the pictures on instagram