# OSINT 1 - Forensics ## Task It seems like companies have document leaks all the time nowadays. I wonder if this company has any. (NOTE: It turns out there's also an actual company named Kakuu in Japan. The real company is not in scope. Please don't try and hack them.) Hints: You're looking for a leaked document. You won't find it on their website. Accounts online associated with the scenario should be (fairly) distinguishable. ## Solution We get the following URL address: ``` http://puffer.utctf.live:8756 ``` Let's visit the website:

In the `Team` section we find information about the Kauu Corporation employees:

To get more information about the employees I used the SpiderFoot tool, which can be found [here](https://github.com/smicallef/spiderfoot). SpiderFoot is an OSINT automation tool. I run a scan in SpiderFoot for each employee, based on their first name and surname. I obtained the following results:

Let's start with the employee for whom the fewest results appeared, that is Cole Minerton.

The second result found for this person takes us to: ``` https://linktr.ee/coleminerton ``` Let's go to this URL address:

The website appears to contain various social media and profiles of one person. After visiting the profile of Mastodon, we can see that we are on the right way because Cole posted that Kakuu Corporation allows for "unlimited" paid time off:

So let's keep looking for something interesting. On his YouTube channel we can find a link to the Discord server:

Let's join it. On the server text channel, we can find `trustly_contract.pdf` file:

After downloading it and analysis we can find the flag in the text:

Flag: ``` utflag{discord_is_my_favorite_document_leaking_service} ```