Cyberhunt Capture the Flag

From das_wiki
Revision as of 05:13, 4 December 2019 by This is ace (Talk | contribs)

Jump to: navigation, search

Welcome to Cyberhunt, the privacy capture the flag competition!


    In a generation where technology is essential to our daily living, do we really think about how secure our assets are? Our project provides a unique approach to cyber security and privacy. Instead of a typical approach of feeding mass amounts of information to users, our project allows users to be more immersed in the world of cyber security and privacy. Our simulations will give the user an offensive/ hacker-like approach which in-turn will educate them on effective defensive cyber security techniques. In order to beat the hacker, you have to think like a hacker.

    Our goal is to educate and raise awareness on the importance of Cyber Security. Technology in the information age is a double edged sword. The more we immerse ourselves in technology, the more people will exploit technology for their own personal agenda. We aim to mitigate this exploitation of technology by educating people on how to defend their information against cyber-attacks

Challenge 1: Linkshim Attack

Challenge 2: Linkage Attack

What is a Linkage Attack?

  • A linkage attack is a method cyber criminals use to identify individuals using a data set by combining information from one data set with another. These cyber criminals use pieces of information named Quasi-identifiers. Quasi-identifiers are pieces of information that are not meaningful alone. However, when they are combined with other Quasi-identifiers they can create a picture that can identify an individual.Examples of Quasi-identifiers are, postal code, date of birth, salary, transaction history, etc.
  • Alone each of these Quasi-identifiers is not specific enough to identify an individual. However, when combined the likelihood of identifying an individual is much higher. Linkage attacks are one of the most commonly used cyber-attacks because seemingly non harmful data is often enough to identify an individual.

In our demonstration we want the user to experience what it’s like to conduct a linkage attack.

  • In our challenge the user will be simulating a linkage attack by collecting information on individuals based off of data provided on social media platforms (Instagram, Snapchat)


  • The Boyfriend, ((Will), which is who you are in this simulation), believes his Girlfriend has been acting weird lately. His suspicions lead him to believe his girlfriend has been cheating on him. So he decides to conduct a linkage attack using snapchat and Instagram as sources. You are the boyfriend. Use the information provided in snapchat and Instagram to find out who your girlfriend is cheating on you with (Stacey is your GF). You will use snapchat to narrow down your suspects. Then you will use Instagram to find a relationship between Stacy (the girlfriend), suspect friends, and a suspect finsta profile. With this information you will be able to decipher the owner of the finsta profile. Which will link you to the person your girlfriend is cheating on you with.
  • The user will use the data sets provided to conduct a linkage attack to figure out who his girlfriend is cheating on him with.

Snapchat Emoji key


Snapchat Screenshot


Instagram Data Table


Step-by-Step instructions

  1. Examine the emojis on the snapchat screenshot and the names associated with them. The smiling face means that the snapchat profile are best friends. The grimacing face means that your profile and that snapchat profile have the same #1 best friend.
  2. Go to instagram and look at the people that Tony and Mike follow.
  3. Look for the finsta account that only Tony, Mike, Stacy, and Tina follow and try to follow it.
  4. Look through Mike and Tony’s pictures and find what the finsta accounts likes.
    • Notice that Stacy likes the same pictures
  5. Fill out the table to help you understand and follow along easier.
  6. When you fill out the table, you will be able to make a confident conclusion on who the finsta belongs to.