- DEADFACE recently targeted David Rogers, a high-level executive at Cronin Group. We're trying to work the attack backwards to find out how they were able to determine he was at this year's Black Hat convention in Las Vegas, NV. We've determined that, at some point, a member of DEADFACE has physical contact with him and was able to plant a malicious USB in his pocket which he then used on his work computer. Figure out which event he participated in - this will help us narrow down attendees to see who might belong to DEADFACE.
- submit the location of the specific event/talk/training as the flag (example:
flag{Conference Room 1})
- I went to this website → https://ghosttown.deadface.io/
- if you are curious how we got there → go back to the first question
( Dead face CTF OSINT | CTF - Mama y Papa )and see how we got it - search for →
black hat - reading all the chat, I found a picture with a QR code that might be useful with black hat logo
- use this picture to search for the QR code on google lense
- let’s go to this website → https://www.blackhat.com/us-23/training/schedule/index.html#advanced-apt-threat-hunting--incident-response-30558
- I used a lot of flags as → ADVANCED APT THREAT HUNTING & INCIDENT RESPONSE , APT , etc.. but non was true
flag{JASMINE - F}
