Mini note: I didnt solve these challenges in the CTF event

To the sky

First of all, the description mentioned "social media," so I searched the ones I know, X and Instagram, and discovered these two accounts.

After checking these accounts with WebArchive, I didn't find anything suspicious.

And after searching with whatsmyname, I found his GitHub account.

I checked this link, and it seems to be just a music…

His repo have 2 commits, so I also checked it and found something:

This link redirects to the YouTube link above :v, so we didn't find anything special here either.

Analyze Step: The description mentions social media, and we searched on popular platforms. All three accounts share the same username, but we couldn't find anything new here. Therefore, there might be other accounts on different platforms

We need to narrow down the search scope by checking which country he is from

I checked his last name by searching on LinkedIn and found another person with the same last name from France. Therefore, we can conclude that he might be from France.

In my opinion, to achieve the most accurate results, we should use the language of that country for the search.

I searched with top social media in France, translated to les meilleurs réseaux sociaux en France.

After checking a few platforms, we discovered that he uses this social media that we didnt found by whatsmyname: (https://www.tumblr.com/elowenvaelith)

I noticed this post

When we searched about the flag format, we can see it is a plane

So our mission is that find the plane he mention in this post.

Just copy and paste that post on Bing

So the flag is: wwf{piper_aerostar}

Identity

I found his email through GitHub and sent a random message to this Gmail address. I received the following response:

https://github.com/elowenvaelith/fuzzy-octo-garbanzo/commit/84344b9ca7bf4bf9616cb7d727aa7c22eff05d00.patch/

put .patch/ after the commit and then see it

Analyze Step:

• He mention about message me at
• about pgp :
  
  Image Not Showing Possible Reasons

  • The image was uploaded to a note which you don't have access to
  • The note which the image was originally uploaded to has been deleted

  Learn More →

So we need to find the app/platform use this pgp

I searched best pgp app

There are some app:

The first one is just open source

And keybase is the platform to message - right with our analyze:

So this platform have a lot of users, so we can find the account of Elowen Vaelith with that pgp.

First, we need to understand how this platform act:

So, I create account to understand that

So this is my key:

We didnt know what is this key meaning, so we need to find the place to decode this key:

I searched pgp decoder and find this one:

So first, I decode my key:

Our key have a lot of part:

Next, I decode the key that I gave from Elowen Vaelith:

So, his key gave the information about signature packet:

So next step, we need to check signature packet of our key:

From there, we can notice about keyid

That keyid is the same with the data in my profile:

So that, when anyone click to your profile, they can see this keyid

From there, we can find Elowen Vaelith's profile with this keyid

But it didnt work with his keyid but mine is yes, idk why :v

So I have to read the docs about api (the top of my search)

And found this one:

Look at another docs to find the format to use key/fetch:

So it is: https://keybase.io/_/api/1.0/key/fetch.json?pgp_key_ids=e2792425ca477506

So his username is: orionjules

So we found his real name: Orion Jules Stewart

wwf{orion_jules_stewart}

Memorial

So, usually, after found his real name we need to find family tree to find his sister:

He is from France so:

So this is her fav song:

wwf{heads_in_the_clouds}

Bulletproof

In the picture, I flip the photo sideways and look in the window to see 3_07 S Tacoma, 98405

So I search on Google Maps: Tacoma, 98405

So that, I know it is Tacoma WA 98405

We just simply brute the miss number: 0-9,

When I searched with "9", google mention about Shell:

So it is: wwf{3907s12thst_tacoma_wa98405_usa}