I have posted before on participating in other TraceLabs events (such as the Australian Federal Police Missing Persons Hackathon), so here goes a brief recounting of my experiences with a US missing persons event.
Sometime ago I participated in an event run by TraceLabs in conjunction with the Australian Federal Police to locate pieces of information for missing persons across Australia. The twist on this event being it was gamified to allow competing teams to try and beat each other to amass the most amount of points according to a points award system.
I will now be competing in the Missing Persons CTF on the 11th of April 2020, and in the lead up to this now virtual CTF – I will be building some more capable infrastructure and tooling to support this challenge.
So for those new starters, what do you need as a bare minimum to start digging and submitting indicators?
It seems to be a significant buzzword nowadays, but Threat Intelligence is available in an abundance from a wide range of curators and commercial suppliers.
So what does it take to correlate observables such as precursors to determine if they are an indicator of compromise, and by whom have they been generated?