Getting Started

If you have secured your ticket and joined the Slack or Discord channel, it's time to prepare for the upcoming event. Understanding the event's scope, the rules, and the scoring criteria is crucial. All this information is detailed in the Contestant Guide. For first-time participants, it’s beneficial to watch the Training Playlist, which offers valuable insights into Trace Labs and the CTF experience. However, there’s additional preparation to consider for this or any OSINT event you wish to attend.

Section 1.1: Utilizing Virtual Machines

A virtual machine (VM) serves as an isolated computing environment, functioning like a standalone computer with its own CPU, memory, network interface, and storage, all running on a physical host. Essentially, it allows you to create a computer within a computer.

For events like this, it’s preferable to operate on a burner machine or one that has a fresh installation. This practice reduces the risk of accidentally introducing personal data during your investigations. If a burner machine isn’t available, using a VM is a viable alternative.

Trace Labs offers a dedicated OSINT VM, a curated Kali Linux image preloaded with a variety of OSINT tools. If you’re unfamiliar with VMs, start by familiarizing yourself with hypervisors like VMware and VirtualBox.

Section 1.2: The Importance of VPNs

A Virtual Private Network (VPN) enhances your online privacy and anonymity by creating a secure connection over a public internet network. VPNs mask your IP address, making your online activities nearly untraceable.

In recent years, VPNs have surged in popularity due to the level of anonymity they afford. If you haven’t already, consider using one for this event. A VPN that frequently changes your IP location can help prevent alerting the subject or any related parties that you are conducting research.

Section 1.3: Creating Sock Puppets

In the realm of technology, a sock puppet refers to a false online identity used to engage with targets during an investigation, safeguarding your true identity. Various social media platforms, including Facebook, Twitter, and LinkedIn, require accounts to access both public and private profile information. These platforms often serve as the primary sources for searches during the event, as they are abundant in information.

Establishing sock puppet accounts and testing their functionality beforehand will streamline your access to this wealth of social media data. It’s critical to ensure that your real identity remains unlinked to these accounts—avoid using personal details like your real name, email address, or any identifiable information.

Section 1.4: The Art of Note-Taking

Note-taking is a vital aspect of the research process, involving the documentation of crucial information. Organizing the data collected during an investigation is essential for creating a timeline that helps you stay on track as you switch between various subjects. Investigations can be nonlinear; some leads may be fruitful while others may not yield immediate results.

Consider using applications like Joplin or Obsidian for note-taking, as they can manage numerous notes organized into notebooks, making them searchable and easily modifiable.

The Trace Labs OSINT CTFs typically span six hours, so it’s easy to lose track of time. Don’t forget to take hydration breaks, stretch, and have snacks on hand to maintain your energy!