Cover image for OSINT/Past Attacks @ Hacktober CTF 2020 write-up

OSINT/Past Attacks @ Hacktober CTF 2020 write-up

igotinfected profile image Jason Rebelo ・2 min read


Hacktober CTF logo

This post is part of my Hacktober CTF 2020 writeups series. To check out the entire series, read the post below.

Past Attacks (20 points)

Knowing that it is going to be an attack against a Financial firm.
What is the type of attack that is likely to happen?

Enter the answer as flag{word word}.

challenge author: nmott131


The task here was to find a specific attack. This was much harder than I had expected as there are many different kinds of attacks, and it was unclear whether the challenge author was interested in the umbrella term or specific attack names that have occurred in the past (yes, the intent is much clearer in retrospect 🤦‍♂️) so I had to resort to unlocking two hints:

  • look up attacks that have hit financial firms in the past
  • this attack has hit polish financial firms


From there, I found an article that mentions very specific attacks, which are dubbed watering-hole attacks. These attacks are mentioned in conjunction with one of the victims of these atacks: Polish banks.

Here's the flag: flag{watering hole}


That's it for the Past Attacks challenge. It felt a bit guessy, and without the hints it would have been hard with my limited knowledge to find specific attack types that fit the bill. Or rather, there were too many to chosoe from?

If you're interested in other writeups for this CTF, check out the post below.


Editor guide