What Is the Spying Challenge?
The Spying Challenge is an OSINT, social engineering and physical security competition founded in 2016 by three friends: Mélik Lemariey, Sylvain Hajri and Christophe Baland. This competition involves a number of teams of three or four people in a context created from scratch for the needs of the mission.
It is structured around three phases: OSINT and social engineering, tracking and physical intrusion. Several challenges are offered to competitors, who compete against each other in order to be selected for the next stage. At the end of each phase, participants send a detailed report of the information collected and the actions taken. The organizers then use these reports to define a team ranking.
How it works?
The three phases can be summarized as follows:
OSINT and social engineering
The first phase focuses on OSINT and hacking aspects. Participants must retrieve a certain amount of target information from open sources on the World Wide Web. Digging, discovering, understanding: you have to know the life of the targets from top to bottom. All means are good to collect information: vishing, spear phishing, etc.
The second phase of the Spying Challenge, which takes place on site, only concerns the selected teams. We are talking about the elite here, the best of the best.
In this second phase, it is necessary to observe and locate, take notes, photograph and perhaps even … steal someone else’s property. It is also necessary to practice your physical intrusion skills: lock picking, infiltration, etc.
When interacting with targets, it is essential to use your charisma and communication skills. Seduction, threats, techniques are multiple.
The most competent teams on the tracking phase have access to the last test: physical intrusion. It requires many skills: lock picking, hardware and software hacking, RFID, searching, … It is the final test reserved only for the best agents.
These events last all day, and the winning team wins a prize, but above all is covered in glory for being the best of the entries.
Why the Spying Challenge?
Through this competition, the organizers humbly seek, in addition to allowing teams to compete in events different from the classic CTF computer security events, to raise awareness of the traces left on the Internet and the means to find them, on social engineering attacks in a context of economic intelligence and on physical security issues that are too often neglected by companies. The Spying Challenge also makes it possible to transcribe what consultants experience during “red teams.”