CyberDefender - Intel101

Posted on 2024-01-31 | Post modified | In Security Practice｜CyberDefender｜Threat Intel |

CyberDefender - Intel101

Challenge: https://cyberdefenders.org/blueteam-ctf-challenges/38

Scenario

Open-source intelligence (OSINT) exercise to practice mining and analyzing public data to produce meaningful intel when investigating external threats as a security blue team analyst. Tools

Tool

Q1

Who is the Registrar for jameskainth.com?

Recon

看whois的搜尋結果

Flag: NameCheap

Q2

You get a phone call from this number: 855-707-7328, they were previously known by another name? (No spaces between words)

Recon

這一題是參考¹，看truecaller的搜尋結果會發現他是Spectrum Cable的客服電話，這應該是其中一個美國電信公司，所以直接查他舊的名字就知道

Flag: TimeWarnerCable

Q3

What is the Zoom meeting id of the British Prime Ministers Cabinet Meeting?

Recon

慢慢google就會看到這個網站

Flag: 539544323

Q4

What Percentage of full-time degree-seeking freshmen from the fall of 2018 re-enrolled to Champlain in the fall of 2019?

Recon

這一題是參考¹的說明，因為現在都只有2022/2023之類的比較近一點的資訊，如果用wayback machine也沒有那麼久之前的資料，不過用wayback machine是正確的方向

Flag: 82.5%

Q5

In 1998 specifically on February 12th, Champlain was planning on adding an exciting new building to its campus. Back then, it was called “The Information Commons”. Can you find a picture of what the inside would look like? Upload the sha256 hash here.

Recon

直覺會先用wayback machine看1998的時候，網站的變化

Exploit

wayback machine
Search Informations Common
存檔並checksum

Flag: f4952b314eb15acf0eec79c954f83881c17d50d2b5922ee37e8fc5e5cd1aeac2

Q6

One of Champlain College’s Cyber Security Faculty got a bachelor’s degree in arts from this Ohioan university. Who was the other faculty member who studied there? (FirstName LastName - two words)

Exploit

可以先看Cybersecurity - facaulty的東西
題目有提到有人是在Ohioan大學取得美術學士學位，這是個重點，他不是說在Ohio University而是Ohioan University，也就是只提到該間大學是在Ohio，所以要先知道是哪一間，parse過一下現任的員工後發現University of Toledo就在Ohio State
題目問的是”其他員工”也是在該間大學就讀過，而不是”其他cybersecurity員工”，代表我們要找的對象是全校所有的員工，因此可以直接在所有員工的頁面parse有這間大學的資訊頁面，最後我找到這個人，字數和hint也和題目相同
1
inurl:champlain.edu/academics/our-faculty intext:University of Toledo

Flag: Todd Schroeder

Q7

In 2019 UVM’s Ichthyology Class Had to Name their fish for class. Can you find out what the last person on the public roster named their fish?

Recon

這一題照著¹也是找不到

Flag: Saccopharyngiformes

Q8

Can You Figure Out Which State This Picture Has Been Taken From? See attached photo

Exploit

這一題我是先google map找外國的恐龍主題樂園，然後就看他的所在地try & error，因為答案有最後一個char的hint

Flag: Virginia

Reference

CyberDefenders Walkthrough : Intel101 ↩ ↩² ↩³

Post author: SBK6401
Post link: https://bernie6401.github.io/CyberDefender-Intel101/
Copyright Notice: All articles in this blog are licensed under CC BY-NC-SA 4.0 unless stating additionally.