STORY DRIVEN OSINT CTF

easy
medium
hard
insane

Insider Threat

Briefing

Greetings, Special Agent.

Your mission involves a critical insider risk management audit for Equilibrium Wealth Management. Your objective is to employ social engineering techniques to glean sensitive information that could help assess potential internal threats within the firm. Your targets are two social media accounts, already identified and linked to individuals within Equilibrium. It’s imperative that you exercise discretion and maintain your cover at all times. You are not to engage directly with Equilibrium. Your task is to engage these social media accounts, identify anomalies, and report any information that could pose a risk to Equilibrium. Your unique set of skills in reading subtle cues and decoding hidden meanings will be invaluable in this mission.

As always, Special Agent, the contract is yours, if you choose to accept.

Materials

Social Media:

https://www.facebook.com/profile.php?id=100093059295034

https://www.facebook.com/profile.php?id=100092575855849

Answer Instruction

Use the answer to unlock the flagfile, this will reward you with your badge.

Answer Format: InsiderFirstName_classification_SixDigitCode

Flagfile

Be advised, the flagfile is an encrypted ZIP. Make sure your OS supports the ZIP format. Ensure the password contains no hidden characters or formatting, paste in Notepad first if the password doesn’t seem to work.

Download Flagfile here

PS: Don’t forget to claim your Coins and XP, by posting your card in the #card-brag channel in Discord.

Official Write-up

Provided here is the official write-up, it does contain the answer. Use this if you’re stuck, or want to verify if you got the answer correct.

Insider Threat

An investigation of potential insider threats at Equilibrium Wealth Management through analysis of employee social media accounts and their security practices.

Available Materials

  1. Two Facebook profile URLs
  2. Insider Classification reference image
  3. Context about Equilibrium Wealth Management
  4. Target format for answer

Solution Path

Initial Investigation

  1. Review both provided Facebook profiles
  2. Focus on recent posts and updates
  3. Look for exposed sensitive information
  4. Pay attention to career announcements
  5. Note any mentioned email addresses

Key Discovery Points

  1. Sofia Jiminez’s profile reveals:
  • Recent promotion announcement
  • Work email exposure
  • Company referral information
  • Internal process details
  1. Email interaction reveals:
  • Six-digit IT code
  • Security procedure violations

Answer Format

Must follow this format:

InsiderFirstName_classification_SixDigitCode

Correct format:

sofia_negligent_392148

Format Requirements

  1. Exact first name spelling
  2. Lowercase classification
  3. Underscore separators
  4. Correct six-digit code
  5. No spaces or extra characters

Investigation Methods

  1. Social media analysis
  2. Email contact testing
  3. Security policy review
  4. Classification assessment
  5. Information validation

Remember: Focus on identifying security practice violations and exposed sensitive information that could pose risks to the organization.

Creator: Vance Poitier