At this point, I think it’s safe to call myself a “super fan” of Kase Scenarios. I was introduced to the company and their scenarios by one of Rae Baker’s Maritime OSINT courses early this year, and I’ve since “played” through all of their scenarios. They are, across the board, very well curated and, I think, appropriately difficult.
Their latest, “Orkla: Bounty Hunt” dropped today (24 September 2024), and of course I purchased it immediately-ish. Like, not right away, but within hours.
Please join me as I stumble through this. I’m going to try to make this write-up as I go, but keep my more detailed notes separate: no spoilers.
The scenario starts out with a standard legal/ethical warning; don’t do bad stuff, mmkay?
Clicking the “I promise…” button is the “flag” for this. It shows a quick video, then another button.
Interesting. It appears that we’re using a “fake” version of Discord in the scenario. Cool!
You: Let me check if something new has been posted on the Kase Discord.
Orkla: “Hey! Are you there?“
Huh. Who’s Orkla? I suppose I’ll respond with the only option available…
Orkla: You can call me Orkla. I need your help. Are you free
From here, it gives three options:
“Orkla? I don’t think I’ve seen you around here before.“
“What do you need help with?”
Click on Orkla’s profile picture
I’m going to click on the profile picture first, see if I can figure out who this jabroni is.
Hey, I like those things, too! I prefer the beach at night, though: I burn too easily.
There’s some dialogue here that really adds to the story — I won’t ruin it for you. Something you should know, though, is that it culminates in giving you a 60 day code for access to Silo for Research by Authenthic8. How much is that worth, you ask? Several dollars.
(OK, this is really cool and I can’t wait to play with it.)
Once you get through this and get your code for Silo for Research, it shows a 3 minute video from authentic8 explaining Silo for Research and some of its features. It’s worth watching.
Next, Orkla messages again, encouraging us to take some time to get to know Silo, because…surprise surprise, we’re going to be investigating (dramatic music) some of the “shadiest actors on the web.” (Take as long as you need here; it’s pretty straightforward, but there’s certainly an opportunity to fall down a rabbithole).
Once I verified that I’m comfortable with Silo, Orkla shot me some tools/techniques to get started in the investigation. (Note the shameless plug for Ms. Baker’s book. I’ll add one, too. Buy the book. It’s worth it. Just do it.)
- Bellingcat’s Online Investigation Toolkit
- The OSINT Curious website
- Start.me page by hatless1der
- Benjamin Strick’s Youtube channel
- The Kase Scenarios Discord
- Rae Baker’s OSINT book
- Forensic OSINT, gather and save data while you work
- Forensic OSINT Youtube channel
The next thing we get is a plug for Forensic OSINT, a Chrome plugin. I mostly use FireFox, but it sounds like this tool will be useful, so I’ll switch over to Chrome for this one. (I was surprised to learn that I didn’t even have Chrome installed, so…here we go.)
Ok, looks like we’ve finally hammered out all the admin stuff. Let’s go!
Well, that’s a little demeaning, but ok.
I would normally use the command line for this, but in keeping with the spirit of OPSEC and managed attribution, I wanted to find a web-based tool instead. dnschecker.org looked promising. Plugging the URL in there gave me the flag, quick and easy. No, I’m not going to tell you what it was.
This is a new one for me, so let me see what I can find. Some quick Google-Fu leads me to a tool. I’m not going to share it here, because Orkla gives it to you as a hint if you get stuck/put in the wrong answer (which I did the first time). My hint to you: read the question carefully.
This is harder. After a bit of googling, I plugged in the answer to DNSdumpster.com, and the answer was…there. It wasn’t immediately obvious, because my tech-fu is weak, but it was there, and I got it right on my third or fourth try.
This wasn’t “difficult,” but it was time consuming. I was familiar with the CVE program, but not the CVSS scores. I did some digging on the NetApp site and found what I was looking for there. I’m sure there’s a more efficient way — somebody please tell me?
I tried who.is, and didn’t get any hits. I did find it somewhere on the cyberfile.me website…just poke around a little bit. Hint: ctrl-f “@”
This was tricky, but not impossible. I looked at the Wayback Machine, and got nothing. I plugged the domain name int a few different whois search engines, and one of them spat out a company name for me. (I thought it was a person’s name at first, so it took a couple pivots for me to figure that out.) Once I had the name, it was easy to plug it into OpenCorporates and get the company number.
Thought you were going to get an easy hint there, huh? Nope, sorry — you have to do the work. I did, in fact, learn who founded this company. A quick google search got it for me.
With that, it’s past my bedtime, and I have to go to work tomorrow. Adulting is the worst.
My initial assessment: this scenario is appropriately difficult. It’s challenging, but not overwhelming for me, and I’d consider myself a “skilled beginner” at OSINT. The hints don’t give away the keys to the kingdom, but they do prod you in the right direction, if you need it. A skilled cybersecurity professional or OSINT analyst would probably breeze through this. It might take someone brand new to it a little longer. So far, I haven’t encountered anything that was over-the-top difficult or not Google-able. Be resilient. Pivot.
One thing I like about this compared to Kase Scenarios’ previous products is that you really don’t know how long it is. Their other offerings have a progress bar that tells you how far into it you are. No such thing here; just grind it out and see how long it takes you! For reference: getting this far took me about 3 hours, and I’m focused on taking good notes to share with the rest of you nerds. (By which I mean everyone who reads this, by which I mean…well, probably just me. You nerd.)
If someone else does read this and has feedback or questions, feel free to shoot me a message on here, or an email at [email protected].
Cheers!
1 thought on “Kase Labs Scenario- Orkla: Bounty Hunt (Part I)”
Comments are closed.