Welcome to the second part of Cyber Investigator CTF Writeup. Cyber Investigator CTF is a jeopardy style CTF organized by Cyber Security Society of Cardiff University. This CTF is tailored towards enthusiast in OSINT (Open-Source Intelligence), Threat Intelligence, digital forensics, and more. In this writeup, I’ll be explaining the Financial Crime & Signals Intelligence section challenges.

Financial Crime

wallstreetbets

The challenge here is to find which institutional investor purchased the largest number of Gamestop (GME) stocks before December 31, 2020. To solve this challenge, we can use fintel.io, a website that compiles public Form 13F filings submitted quarterly to the SEC by institutional firms, to view their stock holdings. Searching "Gamestop" on the website, we then navigate to the "Owners" section and select "Institutional Owners". With the effective date set to "December 31, 2020", a list of institutional owners is shown. The first entry is the flag.

therichestdoge

The task here is to find the wallet that holds the most Dogecoin. Thanks to the public availability of blockchain data, the information needed is available in websites such as bitinfocharts.com. This website offers a list of the top 100 richest wallets for various popular cryptocurrencies, including Bitcoin, Litecoin, and of course, Dogecoin. Unfortunately, the challenge was created a year ago, so the first wallet is no longer the correct answer. To access the data that was available at the time, we turn to the Wayback Machine’s archived pages. By checking the website through the Wayback Machine, we've finally found the correct answer.

herdimmunity

The challenge here is to determine the percentage difference between the price of the Pfizer/BioNTech vaccine listed on the invoice and the actual price paid by the European Union for the same vaccine. The price on the invoice is located on "PER ITEM" column. To find the price the European Union paid, we start with a basic Google search, focusing on news articles from late 2020 to early 2021, the period when the question was likely created.

Next, we divide the invoice price by the price paid by the European Union, subtract 1 from the result, and convert it to a percentage. This final value is submitted as the flag.

Signals Intelligence

foreigntransmission

In this task, we were given an audio file and need to transcribe a message spoken in Chinese. If you understand Chinese, it’s easier to transcribe the message. If not, you can use free transcription tools like veed.io or convertspeech to help transcribing the audio. However, these transcription services can be slightly inaccurate, so it's important to double-check the results.

personalbanker

We were given an audio file of someone pressing numbers on a phone, and our task is to identify the digits that were pressed. A quick search reveals that the tones in the recording are generated using a technology called Dual-Tone Multi-Frequency (DTMF). To decode the numbers, we can use an online DTMF decoder. Simply searching "online DTMF decoder" on Google will provide several options. By uploading or inputting the audio into one of these tools, we can extract the pressed numbers and obtain the flag.

faultycassette

In this challenge, we’re given an audio file with an unusual sound. Suspecting it might be played in reverse, we use an online audio converter to reverse the clip. Once reversed, a man's voice becomes audible. The next step is to transcribe what he says. With a quick Google search of the transcribed text, we are able to identify the speaker.

armageddon

This challenge is a bit tricky. We’re given an image of a spectrogram and need to figure out what’s being said in order to get the flag. After trying several online converters without success, we came across Photosounder and decided to use it.

After installing Photosounder and loading the spectrogram image, we were able to play the image as audio. By carefully listening to the full recording, we identified and transcribed the spoken content, which turned out to be a set of coordinates. We then entered these coordinates into Google Maps, leading us to the exact location. Using that location, we submitted the flag and completed the challenge.

And there we have it. Thank you for taking the time to read through this.