{"id":760,"date":"2026-05-28T07:52:07","date_gmt":"2026-05-28T07:52:07","guid":{"rendered":"https:\/\/quantusintel.group\/osint\/blog\/2026\/05\/28\/osint-ctf-challenge-walkthroughs\/"},"modified":"2026-05-28T07:52:07","modified_gmt":"2026-05-28T07:52:07","slug":"osint-ctf-challenge-walkthroughs","status":"publish","type":"post","link":"https:\/\/quantusintel.group\/osint\/blog\/2026\/05\/28\/osint-ctf-challenge-walkthroughs\/","title":{"rendered":"OSINT CTF Challenge Walkthroughs"},"content":{"rendered":"

From Open Sources to Answers\u00a0<\/h2>\n

On May\u00a09, we hosted our third\u00a0Maltego\u00a0Community OSINT CTF<\/a>,\u00a0and it delivered exactly the kind of intensity and unpredictability that makes competitive investigations so engaging.\u00a0Some teams stayed near the top of the scoreboard for most of the event, but a few unexpected teams quickly moved up the rankings\u00a0later on. The fight for third place was\u00a0very close\u00a0until the last\u00a0minutes, with teams solving challenges and positions changing constantly throughout the event.\u00a0<\/p>\n

After an intense competition filled with investigative\u00a0ups and downs, breakthrough discoveries, and constant scoreboard changes, the teams\u00a0Lv1x,\u00a0RinggitPower, and\u00a0WillHackForBeer<\/strong>\u00a0secured the top three spots.\u00a0<\/p>\n

The competition may have ended, but the discussion certainly did not. Following the CTF, our\u00a0Discord community<\/a>\u00a0remained highly active as participants continued analyzing investigative approaches, discussing dead ends, comparing methodologies, and breaking down the tools and workflows used during each challenge. These post-CTF discussions are often where some of the most valuable learning takes place.\u00a0<\/p>\n

Capture\u00a0the\u00a0Flag\u00a0(CTF)\u00a0remains\u00a0one of the most effective ways to develop investigative thinking, technical creativity, and problem-solving skills under pressure.\u00a0In this walkthrough, we will break down all\u00a026\u00a0challenges step by step, from the\u00a0initial\u00a0reconnaissance phase to the final flag submission, while exploring the investigative mindset, tools, and methodologies used throughout each stage.\u00a0<\/p>\n

Whether you completed the challenge successfully or found yourself stuck midway through, the purpose of this write-up is not simply to\u00a0provide\u00a0the answer, but to\u00a0demonstrate\u00a0the investigative process itself.\u00a0The real value of OSINT CTFs lies in learning how to approach unfamiliar problems, adapt investigative methodologies, and build repeatable workflows that can also be applied in real-world investigations beyond the competition environment<\/strong>.\u00a0Follow along!\u00a0<\/p>\n

Name: Account Attribution \u2013 1 |\u00a0Category:\u00a0SOMINT\u00a0|\u00a011\u00a0pts<\/h3>\n
\n
\n
\n
\n

Challenge<\/strong>: We were able to intercept an email address:\u00a0davidjs1@deliveryotter.com<\/a>, but we do not know which social media account belongs to the suspect.\u00a0Identify\u00a0the associated social media profile and retrieve the flag string hidden in the account bio.\u00a0\u00a0<\/p>\n

Flag format:<\/strong>\u00a0Th1s_i5_fl4g\u00a0<\/p>\n<\/div><\/div>\n<\/div>\n<\/section>\n

<\/p>\n

The investigation starts with the intercepted email address:\u00a0davidjs1@deliveryotter.com,\u00a0from which the username\u00a0\u2018davidjs1\u2019\u00a0is extracted and used for username enumeration through OSINT tools or manual\u00a0dorking\u00a0across platforms. This leads to a matching profile on Bluesky at\u00a0https:\/\/bsky.app\/profile\/davidjs1.bsky.social<\/a>, where the bio\u00a0contains\u00a0the string\u00a0synt{L0h_t0g_z3}.\u00a0Recognizing that\u00a0synt\u00a0is indicative of ROT13 encoding (which\u00a0decodes\u00a0flag), the entire string is decoded using ROT13 to reveal the actual flag:\u00a0Y0u_g0t_m3.\u00a0<\/p>\n

Flag:\u00a0Y0u_g0t_m3<\/span><\/strong><\/p>\n


\n \"\"
\n<\/a><\/p>\n

Name: Account Attribution \u2013 2 |\u00a0Category:\u00a0SOMINT\u00a0|\u00a05\u00a0pts<\/h3>\n
\n
\n
\n
\n

Challenge<\/strong>: Analyze the tweet thread posted by the suspect.\u00a0Identify\u00a0the image within the thread and\u00a0determine\u00a0the name of the hotel where the meeting took place (i.e., the location from which the image was captured).\u00a0<\/p>\n

Flag Format:<\/strong> Hotel\u00a0NameOfHotel\u00a0<\/p>\n

\u00a0<\/p>\n<\/div><\/div>\n<\/div>\n<\/section>\n

<\/p>\n

After\u00a0identifying\u00a0the suspect\u2019s Bluesky profile, the next step is to analyze their activity. Within a thread discussing a meeting, a reply\u00a0contains\u00a0a shortened link:\u00a0https:\/\/shorturl.at\/b6Lpf<\/a>, which redirects to an image hosting site (https:\/\/imgshare.cc\/fedswxfu<\/a>),\u00a0containing\u00a0the challenge image.\u00a0<\/p>\n


\n \"\"
\n<\/a><\/p>\n

The\u00a0objective\u00a0is to\u00a0determine\u00a0the\u00a0hotel name from where the image was taken. One effective approach is to perform a reverse image search, which reveals a recognizable landmark \u2014 the\u00a0Hungarian Parliament Building in Budapest<\/a>. Using this clue, participants can switch to map services and street view to analyze the viewing angle and approximate location from which the photo was captured, eventually narrowing it down to nearby hotels with a similar perspective.\u00a0<\/p>\n

An alternative and more OSINT-focused method\u00a0involve\u00a0enumerating\u00a0publicly accessible webcams in the identified area. By searching platforms like\u00a0EarthCam\u00a0<\/a>or similar webcam aggregators, participants can\u00a0locate\u00a0feeds matching the same view of the\u00a0parliament. This leads to a specific camera hosted at Hotel Victoria, where the visual perspective aligns with the challenge image. The same webcam is also referenced on the hotel\u2019s official\u00a0website<\/a>, confirming the location.\u00a0Thus, the correct flag\u00a0is:\u00a0Hotel Victoria.\u00a0<\/p>\n

Flag:\u00a0Hotel Victoria<\/span><\/strong><\/p>\n

Name: Account Attribution \u2013 3 |\u00a0Category:\u00a0SOMINT\u00a0|\u00a020\u00a0pts<\/h3>\n
\n
\n
\n
\n

Challenge<\/strong>: Based on the image from the\u00a0previous\u00a0challenge,\u00a0determine\u00a0the time range during which the picture was taken. Please select the corresponding choice.\u00a0<\/p>\n

A. 6:00 AM \u2013 8:00 AM\u00a0<\/p>\n

B. 8:00 AM \u2013 10:00 AM\u00a0<\/p>\n

C. 1:00 PM \u2013 3:00 PM\u00a0<\/p>\n

D. 6:00 PM \u2013 8:00 PM<\/p>\n

Flag Format:<\/strong> Hotel\u00a0NameOfHotel\u00a0<\/p>\n<\/div><\/div>\n<\/div>\n<\/section>\n

<\/p>\n

After\u00a0identifying\u00a0the location in the\u00a0previous\u00a0step, the next\u00a0objective\u00a0is to\u00a0determine\u00a0when the image was taken. From the suspect\u2019s Bluesky post, investigators can extract the date of the meeting, which serves as a key input for further analysis.\u00a0<\/p>\n

To estimate the time, a\u00a0chronolocation\u00a0approach is used, analyzing the position of the sun and resulting shadows in the image. Since the image clearly shows the Hungarian Parliament Building in Budapest, it can serve as a reference point. By inputting the location (either\u00a0coordinates or place name) and the known date into tools like\u00a0SunCalc<\/a>, participants can simulate the sun\u2019s position throughout the day.\u00a0<\/p>\n

To refine the estimate, the shadow length and direction visible in the image are compared against the simulated outputs. The approximate height of the Parliament building (around 95\u2013100 meters, easily obtainable via a quick search) helps in judging how shadows would fall at\u00a0different times. By adjusting the\u00a0sun\u00a0position in the tool and matching the observed shadow angle and length, the most\u00a0accurate\u00a0time window can be\u00a0determined.\u00a0<\/p>\n

Through this analysis, the image aligns with\u00a0a morning timeframe<\/a>, specifically between\u00a08:00 AM and 10:00 AM.\u00a0<\/p>\n

Flag:\u00a0B. 8:00 AM \u2013 10:00 AM<\/span><\/strong><\/p>\n


\n \"\"
\n<\/a><\/p>\n

\n
\n
\n
\n Note<\/strong>: The original challenge image also\u00a0contains\u00a0a timestamp, which can be used for cross-verification of the estimated time.\n<\/div>\n<\/div>\n<\/div>\n<\/section>\n

<\/p>\n

Name: From the archives |\u00a0Category: Cyber Threat Intel |\u00a010 pts\u00a0<\/h3>\n
\n
\n
\n
\n

Challenge<\/strong>:\u00a0A suspicious outbound connection was detected during malware traffic analysis. Network telemetry revealed repeated communication with the following IP address: 47.96.17[.]237.\u00a0Your task is to\u00a0identify\u00a0the ZIP archive associated with network activity involving the IP.\u00a0\u00a0<\/p>\n

Flag Format:<\/strong> filename.zip\u00a0<\/p>\n<\/div><\/div>\n<\/div>\n<\/section>\n

<\/p>\n

The investigation begins with the provided IP address\u00a047.96.17[.]237. The first step is to search the IP within\u00a0VirusTotal<\/a>\u00a0to gather intelligence related to its infrastructure, communications, and associated artifacts. Once the IP intelligence page is opened, navigate to the\u00a0Relations\u00a0tab, which\u00a0contains\u00a0linked indicators such as communicating files, contacted URLs, domains, and behavioral associations.\u00a0<\/p>\n

Within the Relations section, review the list of files that have historically communicated with or been associated with the IP address. Among the listed artifacts, you will find a ZIP archive named\u00a0Microsoft.AppRuntime.5017.214.zip. This file appears as a communicating artifact tied directly to the IP infrastructure, making it the required answer\u00a0for\u00a0the challenge.\u00a0<\/p>\n

Since the\u00a0objective\u00a0is to\u00a0identify\u00a0the ZIP file communicating with the provided IP, the discovered archive name becomes the final flag.<\/p>\n

Flag:\u00a0Microsoft.AppRuntime.5017.214.zip<\/span><\/strong><\/p>\n

\n
\n
\n
\n

Want to join our next OSINT challenge?<\/strong>\u00a0<\/p>\n

Our Discord community is where the real action\u00a0happens:\u00a0challenge announcements, CTF prep, team discussions, memes, post-CTF analysis, and hands-on learning sessions.\u00a0It\u2019s\u00a0also a space to exchange OSINT techniques, investigative workflows, and learn from other investigators.\u00a0<\/p>\n

[Join the community now!](https:\/\/discord.com\/invite\/fhhU4q7CFe)<\/u><\/p>\n<\/div><\/div>\n<\/div>\n<\/section>\n

<\/p>\n

Name: Whose Signature Is This? |\u00a0Category: Cyber Threat Intel |\u00a020 pts\u00a0<\/h3>\n
\n
\n
\n
\n

Challenge<\/strong>:\u00a0Threat analysts discovered a suspicious reverse proxy instance hosted at:\u00a0reverse.wcsset[.]com. Your task is to\u00a0determine\u00a0which company signed the certificate used by the reverse proxy tool.\u00a0<\/p>\n

\u00a0<\/p>\n<\/div><\/div>\n<\/div>\n<\/section>\n

<\/p>\n

The investigation begins with the provided domain\u00a0reverse.wcsset[.]com, which is suspected to host a reverse proxy tool. The first step is to analyze the domain using threat intelligence platforms, malware reports, or\u00a0Indicator of Compromise (IoC)\u00a0analysis sources to gather contextual information about the hosted infrastructure. By\u00a0searching for\u00a0the IoC across public intelligence repositories and security reports, you can uncover references tied to the domain and the services\u00a0operating\u00a0behind it.\u00a0<\/p>\n

During the analysis, reports linked to the domain reveal that the hosted tool is identified as\u00a0SOC.MOD, a suspicious reverse proxy utility commonly discussed in threat research. Reviewing the associated report in detail provides\u00a0additional\u00a0attribution data related to the binary or hosted component.\u00a0Within the report, it is specifically mentioned<\/a>\u00a0that the suspicious tool was digitally signed by the\u00a0Qisheng\u00a0Information Technology Service Department.\u00a0Since the challenge\u00a0throws light on\u00a0the company that signed the certificate associated with the reverse proxy tool, the identified organization becomes the\u00a0final answer.<\/p>\n

Flag:\u00a0Qisheng\u00a0Information Technology Service Department<\/span><\/strong><\/p>\n

Name: Domain Pivot |\u00a0Category: Cyber Threat Intel |\u00a015 pts<\/h3>\n
\n
\n
\n
\n

Challenge<\/strong>:\u00a0Threat analysts recovered the following file hash during an investigation into an active malware campaign: 40df05b4f04ad093b31c9ca07a559be56a700e49f6051b5cb7462db5f85be8c3.\u00a0\u00a0Intelligence reports\u00a0indicate\u00a0that one of the most recent domains linked to the malware also hosted a malicious ZIP archive associated with the same campaign.\u00a0Determine\u00a0the name of the malicious zip.\u00a0\u00a0<\/p>\n

Flag Format:<\/strong> Samplefile.zip\u00a0<\/p>\n<\/div><\/div>\n<\/div>\n<\/section>\n

<\/p>\n

The investigation begins with the provided file hash:\u00a040df05b4f04ad093b31c9ca07a559be56a700e49f6051b5cb7462db5f85be8c3.\u00a0The first step is to analyze the hash using\u00a0VirusTotal<\/a>. Search for the hash to access the malware intelligence page\u00a0containing\u00a0behavioral indicators,\u00a0communication\u00a0infrastructure, and associated relationships.\u00a0\u00a0<\/p>\n

Within the analysis results, review the network communication details and related indicators. Among the\u00a0communicating\u00a0infrastructure,\u00a0the top associated domain\u00a0identified<\/a>\u00a0is:\u00a07051.gsm.360safe.company.\u00a0<\/p>\n


\n \"\"
\n<\/a><\/p>\n

The next step is to pivot into the discovered domain by searching\u00a07051.gsm.360safe.company\u00a0inside\u00a0VirusTotal. Once the domain page loads, navigate to the\u00a0Relations\u00a0tab to inspect linked artifacts and communicating files. In this section, you can\u00a0identify\u00a0a ZIP archive named\u00a0IPanyVPNsetup.zip<\/a>, which appears as a\u00a0communicating\u00a0file associated with the domain.\u00a0\u00a0<\/p>\n

We\u00a0don\u2019t\u00a0stop here.\u00a0To further\u00a0validate\u00a0the finding, you can cross-reference threat intelligence reporting related to the\u00a0PlushDaemon\u00a0campaign. Reports discussing the campaign mention the same ZIP archive in connection with the identified domain, confirming the infrastructure relationship. Since the challenge asks for the malicious\u00a0communicating\u00a0ZIP file linked to the campaign, the identified archive becomes the\u00a0final answer.\u00a0\u00a0<\/p>\n

Flag:\u00a0IPanyVPNsetup.zip<\/span><\/strong><\/p>\n

Name: Sail Away |\u00a0Category: Geolocation |\u00a015 pts<\/h3>\n
\n
\n
\n
\n

Challenge:<\/strong>\u00a0Your task is to\u00a0identify\u00a0the exact port from where the image was taken.\u00a0\u00a0
\nImage Link:<\/strong>\u00a0https:\/\/imgshare.cc\/q3gfepxc<\/a>.\u00a0\u00a0
\nFlag Format<\/strong>: Port of ABC<\/p>\n

\u00a0<\/p>\n<\/div><\/div>\n<\/div>\n<\/section>\n

<\/p>\n


\n \"\"
\n<\/a><\/p>\n

The goal of this challenge is to\u00a0identify\u00a0the port from which the image was taken using visual OSINT techniques.\u00a0At first glance, the image appears to show a harbor area with a vessel docked near a waterfront.\u00a0A close inspection of the image reveals an important clue: the name\u00a0\u2018FRAM\u2019\u00a0is visible on the ship.\u00a0<\/p>\n

The term\u00a0\u2018FRAM\u2019\u00a0is a strong starting point for investigation. Searching for the vessel name leads to the ferry and tourism operations connected to western Norway, particularly routes\u00a0operating\u00a0around the\u00a0Fjord regions. This significantly narrows the geographic search area. After\u00a0identifying\u00a0the\u00a0likely operating\u00a0region, the next step is to examine port cities where these vessels commonly appear. Since multiple ports exist in the region,\u00a0additional\u00a0visual clues\u00a0became\u00a0important.\u00a0<\/p>\n

Looking closely at the right side of the image reveals a\u00a0bakery (\u201cbakeri\u201d) shop sign\u00a0along with a recognizable storefront logo. Scandinavian architecture, waterfront layout, and bridge\u00a0positioning\u00a0provides\u00a0additional\u00a0geolocation indicators.\u00a0Therefore, the correct flag\u00a0is:\u00a0Port of\u00a0\u00c5lesund\u00a0(Port of Aalesund).\u00a0<\/p>\n

Flag:\u00a0Port of\u00a0\u00c5lesund<\/span><\/strong><\/p>\n

Name: Showboarting \u2013 1 |\u00a0Category: Maritime |\u00a010 pts<\/h3>\n
\n
\n
\n
\n

Challenge<\/strong>: As part of the investigation, the agency has provided an image of the yacht. Your task is to\u00a0determine\u00a0who captured the photograph. Only use their first name.\u00a0<\/p>\n

Image Link:<\/strong>\u00a0https:\/\/imgshare.cc\/uekuibfl<\/a>.\u00a0
\nFlag Format:<\/strong> John\u00a0<\/p>\n

\u00a0<\/p>\n<\/div><\/div>\n<\/div>\n<\/section>\n

<\/p>\n


\n \"\"
\n<\/a><\/p>\n

A\u00a0reverse\u00a0image search of the provided yacht image reveals that the vessel is\u00a0called\u00a0the Dilbar. Once the\u00a0yacht\u2019s\u00a0name\u00a0has been\u00a0identified, the next step is to investigate maritime records to obtain the associated\u00a0International Maritime Organization (IMO)\u00a0number. This identifier becomes useful for pivoting into ship photography databases and historical vessel records.\u00a0<\/p>\n

Using the IMO number, searching on\u00a0Shipspotting.com<\/a>\u00a0helps\u00a0locate\u00a0matching images of the yacht. By reviewing the indexed results and comparing the exact image, you can find\u00a0the original upload page<\/a>\u00a0containing\u00a0additional\u00a0metadata such as photographer credits, upload details, and vessel information.\u00a0\u00a0<\/p>\n

Another approach is to search directly using keywords related to the yacht and image source, such as\u00a0\u2018Dilbar\u00a0Shipspotting\u2019\u00a0or by combining reverse image search results with maritime photography websites. This leads to the exact image record,\u00a0where the photographer attribution\u00a0identifies\u00a0the person\u00a0who captured the photo.\u00a0The\u00a0final answer\u00a0is\u00a0Daniel F.,\u00a0which can also be accepted as\u00a0Daniel.\u00a0<\/p>\n

Flag:\u00a0Daniel<\/span><\/strong><\/p>\n

Name: Showboarting \u2013 2 |\u00a0Category: Maritime |\u00a010 pts<\/h3>\n
\n
\n
\n
\n

Challenge:<\/strong>\u00a0Find the MMSI number of the yacht\u00a0shown in the\u00a0previous\u00a0picture during the\u00a0time period\u00a0of 2015\u20132016.\u00a0<\/p>\n

\u00a0<\/p>\n<\/div><\/div>\n<\/div>\n<\/section>\n

<\/p>\n

Once the\u00a0yacht\u2019s\u00a0IMO number has been\u00a0identified\u00a0through the image investigation, the next step is to\u00a0determine\u00a0the\u00a0Maritime\u00a0Mobile Service Identity (MMSI)\u00a0associated with the vessel. This can be done by checking AIS-based maritime databases, where vessel identifiers such as the IMO and MMSI, along with historical ship records, are commonly linked.\u00a0<\/p>\n

To find the historical MMSI specifically for the 2015\u20132016 period, one effective approach is to use\u00a0Global Fishing Watch<\/a>. Search for the yacht using its IMO number, which will display historical vessel information along with associated MMSI numbers and name records over time.\u00a0<\/p>\n

By reviewing the timeline and matching the correct date range, you can\u00a0identify\u00a0the MMSI linked to the vessel\u00a0during 2015\u20132016.\u00a0The historical record\u00a0shows<\/a>\u00a0that\u00a0the correct MMSI for that\u00a0period is\u00a0211708190.\u00a0\u00a0<\/p>\n

Flag:\u00a0211708190<\/span><\/strong><\/p>\n

Name: Gone fishing \u2013 1 |\u00a0Category: Maritime |\u00a020 pts<\/h3>\n
\n
\n
\n
\n

Challenge<\/strong>: Intelligence reports suggest that the vessel,\u00a0\u2018Jing Yuan 626\u2019, is\u00a0involved in suspicious activity, and you have\u00a0been tasked with investigating the movements.\u00a0According\u00a0to available reports, the vessel displayed unusual movement patterns during a specific\u00a0time period.\u00a0Your\u00a0objective\u00a0is to\u00a0determine\u00a0the port where the vessel was\u00a0located\u00a0between 07\/18\/2024 and 07\/19\/2024(MM\/DD\/YYYY).<\/p>\n

Challenge Format:<\/strong> Port of ABC<\/p>\n<\/div><\/div>\n<\/div>\n<\/section>\n

<\/p>\n

Once the\u00a0name\u00a0of the vessel,\u00a0Jing Yuan 626,\u00a0is\u00a0identified, the first step is to gather its maritime identifiers, specifically the IMO and MMSI numbers. These identifiers are essential for tracking historical vessel activity across multiple maritime intelligence platforms. Searching public ship registries or AIS-linked databases helps\u00a0establish\u00a0the vessel\u2019s identity before pivoting into timeline analysis.\u00a0<\/p>\n

To investigate activity during a specific period, historical AIS data is required. Many public tracking platforms, such as\u00a0MarineTraffic<\/a>\u00a0or\u00a0VesselFinder<\/a>, provide only limited historical access under free accounts, making deeper timeline analysis difficult. A more effective approach is to use\u00a0Global Fishing Watch<\/a>, which maintains long-term historical movement data and event-based reporting.\u00a0<\/p>\n

After searching the vessel using its IMO number\u00a0on Global Fishing Watch, open the\u00a0vessel\u00a0activity\u00a0timeline and review the reported events.\u00a0Under the\u00a0Activity by Type\u00a0section, navigate to\u00a0Port\u00a0Visits\u00a0and match the\u00a0timeframe\u00a0provided in the challenge. By correlating the reported dates with the vessel\u2019s movement history, the port associated with that timeline can be identified as\u00a0the\u00a0Port of Busan.\u00a0<\/p>\n

Flag:\u00a0Port of Busan<\/span><\/strong><\/p>\n

Name: Gone fishing \u2013 2 |\u00a0Category: Maritime |\u00a018 pts<\/h3>\n
\n
\n
\n
\n

Challenge<\/strong>: As part of the ongoing investigation into\u00a0the movements of Jing Yuan 626, analysts\u00a0identified\u00a0a notable vessel\u00a0encounter\u00a0that occurred on 17 December 2025.\u00a0Your task\u00a0is to\u00a0determine\u00a0the IMO number of the\u00a0ship involved.\u00a0\u00a0<\/p>\n

\u00a0<\/p>\n<\/div><\/div>\n<\/div>\n<\/section>\n

<\/p>\n

To investigate the encounter event, the first step is to open\u00a0Global\u00a0Fishing Watch and review the\u00a0Encountered Events\u00a0section for the vessel. Since the challenge provides a specific timeline\u201412\/17\/2025\u2014you can filter or navigate directly to that date within the activity timeline to\u00a0locate\u00a0the\u00a0relevant encounter.\u00a0<\/p>\n

Once\u00a0the event is\u00a0identified, the encounter record reveals\u00a0the second vessel involved. In this\u00a0case, the ship\u00a0encountered\u00a0by\u00a0Jing Yuan 626\u00a0is\u00a0Lurongyuanyuyun177. Initial event details may only display limited information, such as the MMSI number, requiring an\u00a0additional\u00a0pivot to gather full vessel intelligence.\u00a0<\/p>\n


\n \"\"
\n<\/a><\/p>\n

The\u00a0next step\u00a0is to\u00a0search\u00a0the vessel name or MMSI across maritime databases and AIS-linked sources to obtain its registry\u00a0information. By correlating the vessel identity with public ship\u00a0records,\u00a0the associated IMO number can be identified<\/a>. The investigation confirms that the IMO\u00a0number for\u00a0Lurongyuanyuyun177\u00a0is\u00a09860130.\u00a0<\/p>\n

Flag:\u00a09860130<\/span><\/strong><\/p>\n

Name: Gone fishing \u2013 3 |\u00a0Category: Maritime |\u00a015 pts<\/h3>\n
\n
\n
\n
\n

Challenge<\/strong>: As part of the continued investigation into the activities of Jing Yuan 626, analysts\u00a0reported a loitering event on 15 June 2025, lasting approximately 4 hours. Following this event, the vessel resumed movement.\u00a0Your task is to\u00a0determine\u00a0the next port visited by the vessel after the reported loitering activity.\u00a0<\/p>\n

Flag Format:<\/strong> Port of ABC\u00a0<\/p>\n<\/div><\/div>\n<\/div>\n<\/section>\n

<\/p>\n

To investigate the reported loitering activity, the first step is to use Global Fishing Watch, which provides historical event-based vessel tracking data. Within the vessel\u2019s activity timeline, navigate to the\u00a0Loitering Events\u00a0section to review all recorded instances of suspicious stationary or slow-moving behavior.\u00a0<\/p>\n

The challenge specifies a date of\u00a015\u00a0June\u00a02025, which helps narrow the search to events occurring on that day. Multiple loitering events may appear in the timeline, so the second\u00a0clue for\u00a0a\u00a04-hour\u00a0duration\u00a0becomes important for\u00a0identifying\u00a0the correct record. By filtering or reviewing the listed events for matching timestamps and duration, the exact loitering activity can be isolated.\u00a0<\/p>\n

Once the correct event is\u00a0identified, the associated metadata reveals the nearby port or location connected to the\u00a0vessel\u2019s\u00a0movement\u00a0after the event. The matching record\u00a0indicates\u00a0that the vessel was linked to the port of Iquique. Therefore, the correct answer is\u00a0Iquique (Chile) or Iquique.\u00a0So\u00a0the flag\u00a0is\u00a0the Port\u00a0of Iquique.\u00a0<\/p>\n

Flag:\u00a0Port of Iquique<\/span><\/strong><\/p>\n

Name: Crude Oil \u2013 Port of Inspection |\u00a0Category: Maritime |\u00a020 pts<\/h3>\n
\n
\n
\n
\n

Challenge:<\/strong>\u00a0MMSI number\u00a0is\u00a0273257030.\u00a0Your task is to analyze the vessel\u2019s historical activity and\u00a0determine\u00a0the port of inspection associated with the vessel on 24\/11\/2015.\u00a0<\/p>\n

Flag Format:<\/strong> Port of ABC\u00a0<\/p>\n<\/div><\/div>\n<\/div>\n<\/section>\n

<\/p>\n

Once the MMSI number of the vessel is provided, the first step is to identify the ship\u2019s name and IMO number.\u00a0Using public maritime databases or a simple search query, the MMSI can be linked to the vessel KRASNOYARSK, with IMO number 9312896. These identifiers are important because most inspection and registry databases are indexed by IMO rather than MMSI.\u00a0<\/p>\n

After obtaining the IMO number, the next step is to investigate inspection records. One of the most useful resources for this is\u00a0Equasis<\/a>. Access to the platform requires a free account, after which you can search directly using the vessel\u2019s IMO number.\u00a0<\/p>\n

Within the vessel profile, navigate to the Inspection section and review the historical inspection timeline. Matching the provided date,\u00a024\u00a0November\u00a02015,\u00a0reveals the corresponding inspection location.\u00a0The inspection record<\/a>\u00a0shows\u00a0that the vessel was inspected at Whitegate,\u00a0located\u00a0in Ireland. Therefore, the correct answer is\u00a0Whitegate, Ireland.\u00a0So\u00a0the flag would be\u00a0Port\u00a0of Whitegate.\u00a0<\/p>\n

Flag:\u00a0Port of Whtiegate<\/span><\/strong><\/p>\n

Name: Crude Oil \u2013 Managing Logistics |\u00a0Category: Maritime |\u00a022 pts<\/h3>\n
\n
\n
\n
\n

Challenge:<\/strong> MMSI number\u00a0is\u00a0273257030. Analysts\u00a0require\u00a0additional\u00a0historical context\u00a0regarding\u00a0operational\u00a0activity. Your task is to\u00a0identify\u00a0the\u00a0company responsible for\u00a0managing\u00a0the\u00a0logistics\u00a0for the vessel on 20\u00a0April\u00a02024.<\/p>\n

Flag Format:<\/strong>\u00a0Do not add the type of company.\u00a0For example,\u00a0if the answer is\u00a0\u2018Maltego Technologies GmbH,\u2019\u00a0put\u00a0\u2018Maltego Technologies.\u2019\u00a0<\/p>\n<\/div><\/div>\n<\/div>\n<\/section>\n

<\/p>\n

To\u00a0identify\u00a0the company responsible for managing\u00a0logistics, the investigation again\u00a0pivots to\u00a0Equasis\u00a0using the vessel\u2019s IMO number. After searching for the\u00a0vessel\u00a0profile, navigate to the\u00a0Ship\u00a0History\u00a0section, which\u00a0contains\u00a0historical ownership, management, and company association records.\u00a0<\/p>\n

Within the Ship History tab, review the\u00a0Company\u00a0section and focus on the specific date provided in the challenge. Historical records often\u00a0show\u00a0changes in management, operators, and logistics responsibilities over time, so\u00a0matching the exact date is important.\u00a0<\/p>\n

By\u00a0locating\u00a0the entry corresponding to\u00a020\u00a0April\u00a02024,\u00a0the listed role under\u00a0Ship Manager \/ Commercial Manager\u00a0identifies\u00a0the company responsible during that period.\u00a0The historical record\u00a0shows<\/a>\u00a0that the\u00a0company responsible\u00a0was\u00a0Sun\u00a0Ship Management.\u00a0<\/p>\n

Flag:\u00a0Sun Ship Management<\/span><\/strong><\/p>\n

Name: Crude Oil \u2013 Inmarsat |\u00a0Category: Maritime |\u00a020 pts<\/h3>\n
\n
\n
\n
\n

Challenge:<\/strong> MMSI number\u00a0is\u00a0273257030. You are to\u00a0determine\u00a0the Inmarsat satellite number\u00a0associated with the vessel.\u00a0<\/p>\n

Flag Format:<\/strong> 123456789<\/p>\n

\u00a0<\/p>\n<\/div><\/div>\n<\/div>\n<\/section>\n

<\/p>\n

This challenge requires pivoting from the vessel identifiers already gathered during earlier steps. Once the\u00a0vessel\u00a0name, IMO number, and MMSI are known, the next step is to investigate its communication and radio registration records. These details are often stored in international maritime communication databases rather than standard AIS platforms.\u00a0<\/p>\n

A useful source for this is\u00a0the\u00a0International Telecommunication Union\u00a0maritime ship station<\/a>\u00a0database. By\u00a0searching\u00a0the\u00a0vessel\u2019s\u00a0details through the ITU Ship Station search portal, you can retrieve communication-related information tied to the\u00a0vessel\u2019s\u00a0registration. After querying the\u00a0database\u00a0<\/a>using the\u00a0vessel\u00a0identifiers, the results page displays satellite communication records, including the associated Inmarsat satellite numbers.\u00a0In this case, the entry appears as 427315325-26,\u00a0indicating\u00a0a range. This means the vessel is associated with two satellite numbers: 427315325 and 427315326.\u00a0<\/p>\n

Flag:\u00a0427315325\u00a0and\u00a0427315326<\/span><\/strong><\/p>\n

Name: Crude Oil \u2013 EPIRB Hex ID |\u00a0Category: Maritime |\u00a020 pts<\/h3>\n
\n
\n
\n
\n

Challenge:<\/strong> MMSI number\u00a0is\u00a0273257030. Your\u00a0objective\u00a0is to\u00a0identify\u00a0the EPIRB Hex\u00a0ID\u00a0associated with the vessel.<\/p>\n

Flag Format:<\/strong> 12345A67BCDEFGH\u00a0(15-character long string).<\/p>\n

\u00a0<\/p>\n<\/div><\/div>\n<\/div>\n<\/section>\n

<\/p>\n

Subsequently, within the vessel\u2019s registration details,\u00a0additional\u00a0identifiers related to\u00a0onboard safety equipment\u00a0are displayed. One of these fields includes the\u00a0Emergency Position Indicating Radio Beacon\u00a0(EPIRB)\u00a0Hex ID, which is used for distress signaling and emergency identification.\u00a0By\u00a0examining the ITU ship station record<\/a>, the associated EPIRB Hex IDs for the vessel can be identified as\u00a022247D80DEFFBFF\u00a0and\u00a0A229905C35034D1.\u00a0<\/p>\n

Flag:\u00a022247D80DEFFBFF\u00a0and\u00a0A229905C35034D1<\/span><\/strong><\/p>\n

Subsequently, within the vessel\u2019s registration details,\u00a0additional\u00a0identifiers related to onboard safety equipment\u00a0are displayed. One of these fields includes the\u00a0Emergency Position Indicating Radio Beacon\u00a0(EPIRB)\u00a0Hex ID, which is used for distress signaling and emergency identification.\u00a0By\u00a0examining the ITU ship station record<\/a>, the associated EPIRB Hex IDs for the vessel can be identified as\u00a022247D80DEFFBFF\u00a0and\u00a0A229905C35034D1.\u00a0<\/p>\n

Name: Unknown Flight \u2013 1 |\u00a0Category: Aviation |\u00a020 pts<\/h3>\n
\n
\n
\n
\n

Challenge:<\/strong>\u00a0We intercepted this audio.\u00a0Your task is to analyze and decode the audio and identify the flight number. The flag is the flight number.\u00a0<\/p>\n

The link to the audio file:\u00a0https:\/\/drive.google.com\/file\/d\/1Nh1DosJfKGDj1DsMRvNehr89Jpw78of_\/view?usp=sharing<\/a><\/p>\n

Flag Format:<\/strong> 6-alphanumerical characters\u00a0<\/p>\n<\/div><\/div>\n<\/div>\n<\/section>\n

<\/p>\n

Once the\u00a0WAV file is downloaded, listening to the audio reveals that it\u00a0contains\u00a0Morse code.\u00a0You\u00a0can then use a\u00a0Morse code decoder<\/a>\u00a0to extract the hidden data from the audio.\u00a0After uploading the audio file,\u00a0you can\u00a0obtain\u00a0the following string:\u00a08DAA8499213B7DF74C182003F0F9.\u00a0As described in the challenge, we need to investigate aviation-related data. The extracted string is an ADS-B frame with CRC coding. We can decode it using an\u00a0ADS-B decoder<\/a>\u00a0to retrieve the embedded\u00a0aircraft\u00a0information, including the registration number.\u00a0After decoding the packet, the identification field reveals:\u00a0N777SA.\u00a0\u00a0<\/p>\n

Flag:\u00a0N777SA<\/span><\/strong><\/p>\n

Name: Unknown Flight \u2013 2 |\u00a0Category: Aviation |\u00a010 pts<\/h3>\n
\n
\n
\n
\n

Challenge:<\/strong> Search the flight records for the previously found flight on 15 April 2026. You need to\u00a0identify\u00a0the origin of the airport for the flight that arrived at Kentucky International Airport.\u00a0The\u00a0flag for this challenge is the ICAO code of the origin airport.<\/p>\n

\u00a0<\/p>\n<\/div><\/div>\n<\/div>\n<\/section>\n

<\/p>\n

Once we identify the flight registration number as\u00a0N777SA, we\u00a0can begin investigating its flight history.\u00a0Aviation tracking platforms\u00a0maintain\u00a0historical flight records, and one useful source is\u00a0FlightAware<\/a>. You can\u00a0review the aircraft\u2019s historical flight activity.\u00a0\u00a0\u00a0<\/p>\n

Search through the flight records for\u00a015\u00a0April\u00a02026. Locate the flight entry that traveled from Ted Stevens Anchorage International Airport to Cincinnati\/Northern Kentucky International Airport. From the record, the origin airport is identified as:\u00a0Anchorage Intl with the ICAO Code,\u00a0PANC.\u00a0<\/p>\n

Flag:\u00a0PANC<\/span><\/strong><\/p>\n

Name: Signal Decoding |\u00a0Category: Aviation |\u00a020 pts<\/h3>\n
\n
\n
\n
\n

Challenge:<\/strong> While intercepting a signal during an investigation, the following frame was captured: \/QUKAXBA.ADS.G-VIIM07253457F7124540C8751F9C84.\u00a0\u00a0Analyze the frame and\u00a0identify\u00a0the Mode S hexadecimal code associated with it.\u00a0<\/p>\n

Flag Format:<\/strong> 123456<\/p>\n<\/div><\/div>\n<\/div>\n<\/section>\n

<\/p>\n

The intercepted stream of data\u00a0is an ACARS\/VDL Mode 2 transmission. By analyzing the frame structure, we can\u00a0identify\u00a0the\u00a0aircraft\u00a0registration number embedded within the message. From the frame, the registration number\u00a0is:\u00a0G-VIIM.\u00a0\u00a0<\/p>\n

Once we have the registration number, we\u00a0can search\u00a0aviation tracking platforms such as\u00a0Flightradar24<\/a>\u00a0or other\u00a0ADS-B data sources<\/a>\u00a0to gather\u00a0additional\u00a0aircraft\u00a0details.\u00a0By reviewing the\u00a0aircraft\u00a0information, we can\u00a0identify\u00a0the associated Mode S hexadecimal code:\u00a0400685.\u00a0\u00a0<\/p>\n

Flag:\u00a0400685<\/span><\/strong><\/p>\n

Name: Lemon |\u00a0Category: Vehicle |\u00a010 pts<\/h3>\n
\n
\n
\n
\n

Challenge:<\/strong>\u00a0Analyze the image provided and\u00a0identify\u00a0the seller\u2019s name associated with the listing. The flag is the seller\u2019s name.\u00a0\u00a0<\/p>\n

Image link:<\/strong>\u00a0https:\/\/imgshare.cc\/4eb5gl6f<\/a>\u00a0<\/p>\n

Flag Format:<\/strong> Do not add the type of company. For example, if the answer is \u2018Maltego Technologies GmbH,\u2019 put \u2018Maltego Technologies.\u2019\u00a0<\/p>\n<\/div><\/div>\n<\/div>\n<\/section>\n

<\/p>\n

For the provided image, perform a reverse image\u00a0search\u00a0to\u00a0identify\u00a0where the image appears online. The results lead\u00a0to a salvage or vehicle auction listing\u00a0containing\u00a0the\u00a0same image. The matching listing can be found here:\u00a0https:\/\/bid.cars\/en\/lot\/0-43894600\/2022-Mercedes-Benz-GLE-350-4JGFB4JB0NA578981.<\/a>\u00a0On the listing page, the seller\u2019s information is displayed. The seller\u2019s name\u00a0shown is:\u00a0Progressive Casualty Insurance.\u00a0<\/p>\n

Flag:\u00a0Progressive Casualty Insurance<\/span><\/strong><\/p>\n

Name: A Bird\u2019s Eye View\u00a0\u2013 1 |\u00a0Category: GEOINT |\u00a020 pts<\/h3>\n
\n
\n
\n
\n

Challenge:<\/strong>\u00a0You are an analyst, and intelligence in the form of satellite imagery has\u00a0been provided\u00a0to you. Your task is to\u00a0determine\u00a0the exact coordinates of the location\u00a0shown in the imagery, accurate to one decimal place. The flag is the coordinate pair.\u00a0\u00a0<\/p>\n

Image link:<\/strong>\u00a0https:\/\/imgshare.cc\/44tkjqmk<\/a>\u00a0<\/p>\n

Flag format:<\/strong> 12.7, 24.1<\/p>\n<\/div><\/div>\n<\/div>\n<\/section>\n

<\/p>\n


\n \"\"
\n<\/a><\/p>\n

For the provided image, the first step is to\u00a0determine\u00a0the source of the imagery. The red hotspot blocks concentrated in a specific area\u00a0indicate\u00a0that the image originates from NASA FIRMS thermal mapping data.\u00a0<\/p>\n

By closely analyzing the image and performing a reverse image search, we can narrow down the geography. The visible coastline and waterway patterns suggest the location is near the Strait\u00a0of Hormuz, close to Oman.\u00a0<\/p>\n

Next, navigate to the\u00a0NASA FIRMS global map and select the date March 18th, 2026<\/a>. In the same geographic area, the thermal activity dots visible on the map match the hotspots\u00a0shown in the challenge image. By hovering over the matching hotspot location, the coordinates can be identified as:\u00a026.4, 56.4.\u00a0<\/p>\n

Flag:\u00a026.4, 56.4.<\/span><\/strong><\/p>\n

Name: A Bird\u2019s Eye View\u00a0\u2013 2 |\u00a0Category: GEOINT |\u00a015 pts<\/h3>\n
\n
\n
\n
\n

Challenge:<\/strong>\u00a0Analyze the image provided in the\u00a0previous\u00a0challenge and\u00a0identify\u00a0the name of the ship involved in the incident. Intelligence reports suggest that the vessel visible in the imagery had previously been involved in an earlier incident on March 4th before being targeted again later. The flag is the vessel\u2019s name.\u00a0<\/p>\n

\u00a0<\/p>\n<\/div><\/div>\n<\/div>\n<\/section>\n

<\/p>\n

The key clue in this challenge is the reference to the \u2018March 4th incident.\u2019\u00a0This\u00a0indicates\u00a0that the investigation should focus on maritime incidents that occurred during the Iran\u2013US\/Israel conflict around that date.\u00a0<\/p>\n

By\u00a0searching\u00a0news reports related to maritime attacks in the region during early March 2026, we can\u00a0identify\u00a0vessels involved in incidents near the Strait of Hormuz. Recent reports\u00a0show\u00a0that the container ship Safeen Prestige was struck on March 4th and later appeared to have been hit again around March 18th during the escalation of attacks in the region. (Source:\u00a0SAFETY4SEA<\/a>)\u00a0<\/p>\n

By correlating the timeline mentioned in the challenge with the\u00a0incident reports and imagery, we can determine that the ship involved is Safeen Prestige\u00a0<\/p>\n

Flag:\u00a0Safeen Prestige<\/span><\/strong><\/p>\n

Name: Warning States |\u00a0Category: GEOINT |\u00a015 pts<\/h3>\n
\n
\n
\n
\n

Challenge<\/strong>:\u00a0Analyze the provided image and\u00a0determine\u00a0the geographic coordinates of the marked red box location. Your answer must be\u00a0accurate\u00a0to\u00a0three decimal places. The flag is the\u00a0coordinate\u00a0pair.\u00a0\u00a0
\nImage link<\/strong>:\u00a0https:\/\/imgshare.cc\/tybzfye8<\/a>\u00a0
\nFlag format:<\/strong> 12.345, 67.890\u00a0<\/p>\n

\u00a0<\/p>\n<\/div><\/div>\n<\/div>\n<\/section>\n

<\/p>\n


\n \"\"
\n<\/a><\/p>\n

With\u00a0the provided image, begin by performing a reverse image search to\u00a0identify\u00a0the location\u00a0shown. The results\u00a0indicate\u00a0that the image is associated with the Natanz Nuclear Facility in Iran. Once the location is\u00a0identified, use mapping platforms such as Google Maps or satellite imagery tools to inspect the facility in detail. The red box in the challenge\u00a0image highlights one of the buildings within the complex that was\u00a0reportedly damaged.\u00a0<\/p>\n

By placing a marker directly on the highlighted structure and reading the coordinates, the exact location can be\u00a0determined\u00a0as:\u00a032.728, 51.723.\u00a0These coordinates<\/a>\u00a0align with the broader location of the Natanz nuclear complex in Isfahan Province.\u00a0\u00a0<\/p>\n

Flag:\u00a032.728, 51.723<\/span><\/strong><\/p>\n

Name: Bad Manners \u2013 1 |\u00a0Category: Vehicle |\u00a030 pts<\/h3>\n
\n
\n
\n
\n

Challenge:<\/strong> You have been provided with a new case to investigate. The only input available is the following: 4T1BF1FK1DU676960. Your task is to\u00a0determine\u00a0the type of violation that was charged\u00a0on\u00a023 March 2023.\u00a0\u00a0<\/p>\n

Flag format:<\/strong> Violation Type\u00a0<\/p>\n<\/div><\/div>\n<\/div>\n<\/section>\n

<\/p>\n

In the first challenge, we are provided with the sequence: 4T1BF1FK1DU676960.\u00a0This is a Vehicle Identification Number (VIN). Decoding the VIN alone will not directly reveal the\u00a0violation\u00a0information, since VIN records are not always publicly linked to traffic citations. The first step is to search the VIN online to\u00a0identify\u00a0additional vehicle details. By doing so, we can\u00a0locate\u00a0auction or public vehicle records that associate the VIN with a registration plate and state.\u00a0One useful source is\u00a0the auction listing document from the New York City Department of Finance.<\/a>\u00a0\u00a0\u00a0<\/p>\n

After matching the VIN to its corresponding registration number and state, the next step is to search for\u00a0public violation records,<\/a>\u00a0using the recovered registration number and state information. This returns a list of recorded violations associated with the vehicle. By filtering the records for the specified date, 23 March 2023, we can\u00a0identify\u00a0the matching violation entry. The violation type listed for that date is:\u00a0Obstruction Driveway.\u00a0<\/p>\n

Flag:\u00a0Obstruction Driveway<\/span><\/strong><\/p>\n

Name: Bad Manners \u2013 2 |\u00a0Category: Vehicle |\u00a015 pts<\/h3>\n
\n
\n
\n
\n

Challenge:<\/strong>\u00a0Using the previously\u00a0identified\u00a0violation record,\u00a0determine\u00a0the exact location where the incident occurred. The flag is the location of the violation.<\/p>\n

Flag format:<\/strong> street number, street name, city name.\u00a0<\/p>\n<\/div><\/div>\n<\/div>\n<\/section>\n

<\/p>\n

Using\u00a0the same violation\u00a0record\u00a0database<\/a>\u00a0from the\u00a0previous\u00a0challenge, continue reviewing the entry associated with the recovered registration number and the specified violation date. Within the violation details, the incident location is listed alongside the charge information. The location recorded for the violation is:\u00a0346,\u00a039th Street,\u00a0Brooklyn.\u00a0<\/p>\n

Flag:\u00a0346, 39th Street, Brooklyn<\/span><\/strong><\/p>\n

Name: Major Tom |\u00a0Category: Aviation |\u00a025 pts<\/h3>\n
\n
\n
\n
\n

Challenge<\/strong>:\u00a0You have been selected for a special orbital mission. As part of the investigation, you are provided with a PDF file\u00a0containing\u00a0satellite data that is not\u00a0immediately\u00a0readable. Your task is to analyze the data and\u00a0determine\u00a0the\u00a0maximum\u00a0EPS sensor temperature recorded by the satellite on 21 April 2026. The flag is the EPS temperature value.\u00a0<\/p>\n

Image link:\u00a0https:\/\/drive.google.com\/file\/d\/1OdyHfyGrCSTMP20eazMsa2bcjq6CRg98\/view?usp=drive_link<\/a>\u00a0<\/p>\n

Flag Format: 12.3\u00a0<\/p>\n<\/div><\/div>\n<\/div>\n<\/section>\n

<\/p>\n


\n \"\"
\n<\/a><\/p>\n

In this challenge, you are provided with a PDF file\u00a0containing\u00a0unreadable data. Upon closer inspection, the embedded content is revealed to be Morse code. The first step is to decode the Morse code using an online translator such as\u00a0a\u00a0DNS Checker Morse Code Translator<\/a>.\u00a0\u00a0\u00a0<\/p>\n

After decoding, the extracted content reveals TLE (Two-Line Element) satellite data. By carefully reviewing the TLE information, we can\u00a0identify\u00a0the NORAD catalog number associated with the satellite. The extracted NORAD ID is:\u00a041789.\u00a0Next, use\u00a0the\u00a0identifier to\u00a0search\u00a0the satellite database\u00a0maintained\u00a0by\u00a0SatNOGS<\/a>.\u00a0satellite\u2019s\u00a0sensor, battery, and telemetry data. From the telemetry dashboard:\u00a0\u00a0<\/p>\n

    \n
  1. Select the date range for\u00a02026-04-21\u00a0<\/li>\n
  2. Review the EPS temperature data panel\u00a0<\/li>\n
  3. Locate the reading corresponding to the required timeframe\u00a0<\/li>\n<\/ol>\n

    The\u00a0maximum\u00a0EPS temperature value\u00a0shown for the selected period is:\u00a026.7\u00a0<\/p>\n

    Flag:\u00a026.7<\/span><\/strong><\/p>\n

    Conclusion<\/strong><\/h2>\n

    That wraps up this walkthrough. Hopefully this gave you not only the solution, but also insight into the thought process and investigative techniques used along the way.\u00a0<\/p>\n

    If you approached the challenge differently, found alternative paths, or discovered\u00a0additional\u00a0artifacts, share them with\u00a0our Discord\u00a0community<\/a>!\u00a0Different perspectives are what make\u00a0CTFs\u00a0valuable learning experiences.\u00a0<\/p>\n

    More challenges, tips & tricks, and weekly OSINT exercises are coming soon. If you have any questions, reach out to community@marketing.com<\/a>. Until then, stay curious, document your findings, and trust your investigative process.<\/p>","protected":false},"excerpt":{"rendered":"

    From Open Sources to Answers\u00a0 On May\u00a09, we hosted our third\u00a0Maltego\u00a0Community OSINT CTF,\u00a0and it delivered exactly the kind of intensity and unpredictability that makes competitive investigations so engaging.\u00a0Some teams stayed near the top of the scoreboard for most of the event, but a few unexpected teams quickly moved up the rankings\u00a0later on. The fight for … Read more<\/a><\/p>\n","protected":false},"author":1,"featured_media":761,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-760","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/quantusintel.group\/osint\/wp-json\/wp\/v2\/posts\/760","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/quantusintel.group\/osint\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/quantusintel.group\/osint\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/quantusintel.group\/osint\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/quantusintel.group\/osint\/wp-json\/wp\/v2\/comments?post=760"}],"version-history":[{"count":0,"href":"https:\/\/quantusintel.group\/osint\/wp-json\/wp\/v2\/posts\/760\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/quantusintel.group\/osint\/wp-json\/wp\/v2\/media\/761"}],"wp:attachment":[{"href":"https:\/\/quantusintel.group\/osint\/wp-json\/wp\/v2\/media?parent=760"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/quantusintel.group\/osint\/wp-json\/wp\/v2\/categories?post=760"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/quantusintel.group\/osint\/wp-json\/wp\/v2\/tags?post=760"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}