2 min readJust now
–
OhSINT CTF — Initial Investigation Writeup
Challenge Overview
This was my first OSINT-based CTF, focused entirely on open-source intelligence rather than exploitation of systems or services.
The objective was simple in theory:
Collect publicly available information and correlate it to uncover sensitive details about the target.
In practice, it required patience, attention to detail, and connecting small pieces of information scattered across multiple platforms.
1️⃣ Initial Footprint Discovery
The investigation began by identifying the target’s online presence.
The first solid lead was found on Twitter, where the target was actively posting.
From the account:
- Posting patterns
- Technical references
- Casual mentions
These …
2 min readJust now
–
OhSINT CTF — Initial Investigation Writeup
Challenge Overview
This was my first OSINT-based CTF, focused entirely on open-source intelligence rather than exploitation of systems or services.
The objective was simple in theory:
Collect publicly available information and correlate it to uncover sensitive details about the target.
In practice, it required patience, attention to detail, and connecting small pieces of information scattered across multiple platforms.
1️⃣ Initial Footprint Discovery
The investigation began by identifying the target’s online presence.
The first solid lead was found on Twitter, where the target was actively posting.
From the account:
- Posting patterns
- Technical references
- Casual mentions
These details helped establish a baseline profile of the individual.
2️⃣ Wireless Metadata Exposure
While reviewing the target’s posts, a BSSID was unintentionally disclosed.
Although it may appear harmless, a BSSID can act as a strong pivot point in OSINT investigations.
Using this identifier:
- The associated SSID was identified
- The geographical location of the network was determined using public wireless databases
This significantly narrowed down the target’s physical location.
3️⃣ Location Correlation
With location data available, further research focused on travel and activity history.
The target maintained a personal website where:
- Travel experiences were documented
- A recent vacation location was mentioned
Cross-referencing this information with previously discovered location data confirmed consistency and helped build confidence in the findings.
4️⃣ Developer Footprint Analysis
The next phase focused on technical platforms.
A GitHub profile associated with the target was discovered. From this profile:
- An email address was exposed
- Additional repositories and activity history were identified
This further expanded the target’s digital footprint.
5️⃣ Credential Exposure
While reviewing the target’s website more closely, a critical mistake was identified.
The page source contained sensitive information that should never be exposed publicly.
Inside the source code:
- A password was found in clear text
This represented a complete breakdown of basic security hygiene.
6️⃣ Outcome
By combining:
- Social media data
- Wireless metadata
- Location intelligence
- Developer platform exposure
- Poor credential handling
The challenge objective was successfully completed using only publicly available information.
No exploits, no brute force, no unauthorized access — just OSINT.
🧠 Key Takeaways
- OSINT attacks rely on correlation, not complexity
- Small leaks across different platforms compound into serious risks
- Metadata (like BSSID) can be far more dangerous than it appears
- Developers often unintentionally expose sensitive information
- Security failures often begin long before any “hacking” occurs
📬 Contact & Projects
Email: dakshbaweja20@gmail.com GitHub: https://github.com/sudo0xksh
🚀 Deteroid
Deteroid is a dedicated review platform for bug bounty hunters to share insights, rate programs, and collaborate on cybersecurity findings. Empowering ethical hackers with community-driven intel to hunt bugs smarter.
📸 Instagram: https://www.instagram.com/deteroids/