CyberSoc | Cyber Detective CTF Write Up — Life Online
Cyber Detective CTF is an OSINT-focused CTF created by the Cyber Society at Cardiff University. There are 40 challenges across 3 categories: General Knowledge, Life Online and Evidence Investigation.
Life Online Progress: 11/12 (11/11)
Note: leaveamessage can’t be solved as the twitter account need for the question is suspended and I can’t seem to find any archives of the profile.
Let’s start1
Question 1 — voteforme
Hello James
Lets scroll down to see if we can anything about a political party?
James could to be a Democrat
Answer: Democrat
Question 2 — growingup
His other tweets doesn’t have any information so it’s probably the thing in his bio
This abomination
So I found this by googling “///push.asking.barn” apparently it’s from a site called what3words . If you couldn’t find it by google, check his tweets carefully apparently he tweeted about this. Oh an the answer is York.
Answer: York
Hello York
Question 3— choochoo, Okey?
James posted a train station saying getting off this afternoon so it highly likely that this is the city he work at.
Cardiff
Yes it was. Cardiff
Answer: Cardiff
Question 4 — suntan
So, we need to find Sarah first. Since I don’t remember seeing Sarah in James’s tweets I started checking James Likes, and boom found her.
Nice Place
Simple reverse image search brings, Elizabeth Quay which is in Perth, Australia.
Nice Place
Answer: Pert
Question 5 — wagthetail
First place I looked was her bio and found some coordinate for Buster’s favorite place (probably her dog)
I too should do a postgrad
IT’s 2 Bridge St, Brecon LD3 8AH, UK. according to google.
Nice
Answer: Brecon
Question 6 — narcissism
So I found this George guy from James “Replies” page
Happy George
I first tried the Code in the tweet above but it didn’t work, so back to searching.
Oh you silly boy
This looks awful like “Base64” encoding. Decoding it with my personal favorite tools. https://gchq.github.io/CyberChef/ and https://www.dcode.fr/cipher-identifier (this identifier is amazing) Okey, let’s use dCode even though I’m %100 sure that’s Base64.
dCode also believes this is Base64 encoding. Yey
Cool password.
Answer: imamazing123
Question 7— proppedup
I haven’t seen any desks in James or Sarah’s tweets so let’s look at Georges tweets.
Hmm. Okey
Well we found another person of interest. Yey for us. Anyways the answer is: brown grey
Answer: Brown Silver
Question 8 — bluengreen
To be honest this took me way to long, like more than 15 minutes. To solve this you go here,
So very sad
You see that very small black “u” looking character behind the avatar, well here it is. Oh and that’s the answer.
Yeah me too :(
Answer: icanseeyou
Question 9 — clockingout
So I tried so much stuff here and at first I couldn’t find it. After I finnesd this section of the ctf and came back. The first thing I noticed was, this tweet.
As you can see, James actually gave us everything we needed to solve this question. With this tweet, we know how long he works and the time he got off work.
So, is it simply “1:00 AM minus 8 hours of work = Answer” Not quite, because Twitter actually shows 1:00AM for MY local time not UK Time, and since I’m not in the UK Time zone, I’LL need to do some adjustments.
Using sites like timebie , we can see that 1:00AM my local time is 10:00PM UK Time(previuoıs day) . So, minus 8 hours of work is gives us 5:00PM my local time which is 2:00PM UK Time. The answer is 2:00
Answer: 2:00
Question 10 — meme
So I already found the meme with a code in it so I just tried that and it worked. (You can see it couple question above)
Answer: CTF3404X71
Question 11 — partytime
So since I don’t remember any address from James, Sarah and George let’s check Pearce’s tweets,
Nice
Opened Google maps and found the routes, C1, 57, 58 and 52
Nice
Tried 57 first and it worked.
Answer: 57
Question 12— leaveamessage
Looking at the tweet below we haven’t seen Sophjones77 so lets check that account.
Where did you go jenmp7, where?
So sad
Uhm, okey that’s very sad. Let’s look elsewhere.
 |  |
Found these guys, but I can’t be sure they’re related in anyway.
So after searching for a while I found a previous write-up about this question. And yes Sophjones77 was the correct account but since it’s suspended I can’t solve that question.
 |  |
**Sophjones77**
Okey well since I have no way of solving the last question. I’ll have to end this category for the CTF.
But, before I end, the final category, General Knowledge is super basic stuff like “what does OSINT and HTTPS stand for” So, I won’t add them here. But hey I still finished them :)
heheh. Nice.
Anyhow the first category was very fun to solve hope the next one is too. After I finish the Evidence Investigation category i’ll try out this CTF https://investigator.cybersoc.wales