Tiberian Order | The Spy who Vanished – Write-Up

The Spy who vanished is a CTF created by the Tiberian Order. You can find it here: https://tiberianorder.com/contracts/the-spy-who-vanished/

Briefing

Greetings, Special Agent K. We have received information regarding the long lost spy from MI5, Deloris Frozenwood. She went missing in action a few years ago, never to be seen again. From what we understand, she went on to provide services to whoever the highest bidder might be.


Before she went rogue, Deloris was a revered operative within MI5. Taking on some of the most dangerous assignments and quickly working her way through the ranks. Discontent with management, she took matters into her own hands. Often skirting the lines between rule of law and criminal behavior. She was eventually terminated from MI5.


What happened after her career at MI5 remains shrouded in mystery. She showed up on the radar several times, but only for very brief moments. Having become a target of the organization she once worked for, she’s even gotten arrogant. Often making deliberate appearances for a brief moment, before vanishing to the shadows once again.


Our colleagues at MI5 have asked us to obtain any information on Deloris Frozenwood we can find. They’re particularly interested in social media profiles. For reference, Deloris often appears as “Deloris Frozenwood”, or as “D Frozenwood”.


If you find Deloris, her presence will lead you to the password to unlock your linkfile, containing the link to your contract card for this contract.


As always. Special Agent K, the contract is yours, if you choose to accept.

Download Linkfile

Overview

So from the text, I understand that we need to search social media networks and fortunately, there are also clues, the preferred usernames:

  • Deloris Frozenwood
  • D Frozenwood

Time to start searching

Searching

To make decoding more efficient, I will focus only on the first block. The CyberChef will be used as usual:

Because there are numerous social networks and I don't feel like checking each one by hand, the right tool comes into play: https://whatsmyname.app/

In the first attempt, I try the full name "DelorisFrozenwood", but as you can see there are no hits here

No Result for DelorisFrozenwood

Too bad, but I have a second possible username, so let's try "DFrozenwood".

Result for DFrozenwood

Gotcha! An old tweet from the target. Let's make have a look:

First, we click on the link
Archive overview

Next, we hover over the 31st of August and click the time to reveal the tweet
Archive calendar overview

This one looks cryptic, could it already be the password for the file or do further steps have to follow?
Tweet from DFrozenwood

here is the direct link to the archived tweet

Solving the puzzle

Like most, I'm lazily efficient, so for now I'll try the content of the tweet as a password

gnf435ynFJEFN#&$*F*D(*FSJ$Fkdfshh5f

Click, it's open. That was easier than I thought :)
In the file is now the link to the well-deserved contract card:

https://bit.ly/3B12QNV

Conclusion

Again, a small challenge, but it has been shown that with the help of the right tools, such a challenge can also be mastered. I'm already looking forward to the next challenge.

If you are looking for more CTF games yourself, check out Tiberian Order and try out the harder Contracts.

Subscribe to Eduard Schwarzkopf

Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe