OFFICIAL WRITE-UP

Introduction
This investigation was imagined by Yoan "Degun" Blanc (Osint Agency) and Yann "Tungst"
Pilpré (YPSI), and improved by our teammates from the OSCAR ZULU team: Fabienne
"Fab487" Crop and Antoine "Kralizec" Lounis.

We hope you had as much fun solving it as we did designing it.

Thanks

This survey would not have been possible without our early partners:

- RESEAU D'ENQUETEURS PRIVES (REP)

- OSINTRACKER
- KASE SCENARIOS

Thanks to Custos and Agent_Blue for their advice on the scenario and realism elements.

1/45 - Write-Up CTF Disparue(s) - Oscar Zulu Osint Crew - TLP

White
CONTENTS
Introduction 1
Thanks 1
Warning 4
Dead Man Walking 4
Hard Target 6
Fresh G
Killing Zoe G
Kiss of Death 8
Bad Company 10
Nothing To Lose 10
Last Man Standing 12
Tales from the Hood 12
True Romance 13
Touch of Evil 14
Basic Instinct 14
The Glass Shield 15
City of Industry 16
Clear and Present Danger 1G
Judge Dredd 1G
Albino Alligator 17
Faster Pussycat! Kill ! Kill ! 18
Captives 18
Heavenly Creatures 18
Donnie Brasco 19
Guilty as Sin 21
Psycho 21
Natural Born Killers 21
Original Gangsta 22
Goodfellas 23
Once Upon a Time in America 23
Cab Driver 24
Heaven's Prisonner 25
Little Odessa 25
Bound 25
Desperate Measures 2G
Primal Fear 2G

2/45 - Write-Up CTF Disparue(s) - Oscar Zulu Osint Crew - TLP

White
Things to Do in Denver When You're Dead 30
2 Days in the Valley 30
Once Were Warriors 31
Striking Distance 33
Wargames 3G
He walked by Night 38
Judgment Night 38
Keys to Tulsa 38
Set if oI 41
Mindmap OSINTRACKER 43

Note: The order in which challenges are resolved does not necessarily follow the order of the page
layout. This is specified if a successful challenge opens several challenges.

3/45 - Write-Up CTF Disparue(s) - Oscar Zulu Osint Crew - TLP

White
Warning
In this CTF, we used e-mails with automatic replies a1n de Ruidi1er le récit et d'éviter de perdre
trop les débutants.
This method of sending e-mails in a real-life context is absolutely forbidden. OSINT is
practised passively only, and we've taken this liberty in order to open the "doors" without having to
go through more difficult challenges.
DON'T DO THAT IN REAL LIFE!

Dead Man Walking

You have been approached by the desperate family of Ellen Gravist, who have had no
contact with her for several weeks. At odds with those closest to her, she had given little
news, but was showing signs of life.

They are unable to give you any further details about the circumstances, which
explains why the police did not consider the disappearance to be a cause for
concern... The attached PDF file contains the little information the family has been
able to give you.

After telling them that you can't tell them anything without Ellen's consent (if you find
her), but that you'll inform her of their concern, you accept the mission.

Good luck!

Which school did Ellen attend for her retraining?

4/45 - Write-Up CTF Disparue(s) - Oscar Zulu Osint Crew - TLP

White
 PDF file attached

Ellen's family doesn't seem to know much about her life... the first thing is to find out a little more
about her.
This question is asked in order to direct you to a well-known professional network...
A search on Linkedin will bring you to the pro1l of Ellen Gravist-Jacoulet, who says she
trained in Copywriting at Livementor.

Flag : livementor

5/45 - Write-Up CTF Disparue(s) - Oscar Zulu Osint Crew - TLP

White
Hard Target
Fresh
Afin to build up the profil, you continue your research.
What is his new job, clearly indicated in his profil.

Once you've found the Linkedin pro1l, it's easy to find out that she is Web Content Writer :

Flag : Web Content Writer

Killing Zoe
You start to get a sense of who Ellen is, and some of the readings are pretty clear about her
state of mind at the time of her disappearance... But she clearly had help.
What's the name of the woman who's giving him a new lease on life?

Things are starting to get tricky, because it's time to find out who she was hanging out with before
she disappeared. We can see on her Linkedin pro1l that she shares some of these articles on
Medium, with a strange but assumed editorial choice.

G/45 - Write-Up CTF Disparue(s) - Oscar Zulu Osint Crew - TLP White
What's interesting about this pro1l is in the Medium bio, where Ellen indicates a Wattpad
account where she writes more personally:

It soon becomes clear that this is in fact a kind of diary, in which she recounts her life since moving
to the South of France.

In Chapter 3, Ellen begins to talk about a Marianne who will completely change her life, and who
will appear several times in the story:

Answer: marianne

7/45 - Write-Up CTF Disparue(s) - Oscar Zulu Osint Crew - TLP White
Kiss of Death
You've found her diary, which she writes with a certain talent, but that seems to be the
end of the trail... Now you have to continue your investigation to find out what happened
to her.
Which 17th-century painter did she share a painting with?

The 1n of chapter 5 clearly indicates that Ellen has cut ties, and now lives under the name of
Persephonia Aidoneus.

If you read carefully, you can see a beautiful clue to the next part of our story:

Then it's time to list the blog platforms that have fallen into disuse:
● Skyblog (but on its way out)
● Blogger
● Tumblr
● Typepad
● ...

Tumblr will give us a positive result with the search persephonia aidoneus .

Ellen is clearly recognizable in the photo.

8/45 - Write-Up CTF Disparue(s) - Oscar Zulu Osint Crew - TLP White
Scrolling through the blog, you can discover a 17th-century painting she shared:

Answer: Peter Paul Rubens

9/45 - Write-Up CTF Disparue(s) - Oscar Zulu Osint Crew - TLP White
Bad Company
Before continuing, you take a few minutes to review all the information you've found.
It looks as if your investigation will take you in the direction of a cult to which Ellen may
have been recruited.
What is the name of this sect?

This is a question to make sure you've got all the information you need before continuing.
The Children of Hades are mentioned several times, both in the texts of the Wattpad journal
than in publications on Tumblr

Answer: the children of hades

Nothing To Lose
If you'd like to know for sure and are looking for another way to contact Ellen, you'll
probably be able to find an email among the information available.

A1n order to succeed in this part, you'll need to read the advice given before the start on our
Discord server and set up your (fake) Tumblr account so that it doesn't 1ltre sensitive content:

With this setting activated, an additional photo is now visible, indicating a means of contact a1n
"to see more".

10/45 - Write-Up CTF Disparue(s) - Oscar Zulu Osint Crew - TLP

White
Answer: [email protected]

Solving this question opens 3 new categories, which you'll explore later: Last Man Standing,
City Of Industry, Faster Pussycat! Kill ! Kill!

For the sake of clarity, the rest of this write-up will be organized by category, so please refer to the
table of contents if necessary.

11/45 - Write-Up CTF Disparue(s) - Oscar Zulu Osint Crew - TLP

White
Last Man Standing
Tales from the Hood
Like any cult, the Children of Hades must have their detractors! Under
which pseudonym can you find one?

If you read the Tumblr blog carefully, you can see a comment under a post.

Clearly, this account is almost empty, and was created specifically for commenting... The
only publication gives us a link to a website.
On this site, the author introduces himself under the pseudonym Kronos Titan.

12/45 - Write-Up CTF Disparue(s) - Oscar Zulu Osint Crew - TLP

White
Answer: kronos titan

True Romance
You begin to learn more about how the cult works, and how Ellen was recruited and
manipulated.
They're obviously well organized!
What role does Marianne play in the sect?

If you read the blog carefully, you can learn more about the sect's organization. This article, in
particular, clearly de1nes Marianne's role: a godmother

Answer: godmother

13/45 - Write-Up CTF Disparue(s) - Oscar Zulu Osint Crew - TLP

White
Touch of Evil

Afin order to be as effective as possible, you must continue to obtain as much

information as possible on the Children of Hades, and in particular on the events that
could enable you to find Ellen.
What name is given to this sect's parties?

Reading the blog sheds a little more light on the processes of the Children of Hades.
This post, in particular, explains the special evenings they call Black Moon Ceremonies.
Let's save this post for later!

Answer: Black Moon ceremonies

Basic Instinct
To reconnect with Ellen, you'll need to find out what steps she took during her
integration into the sect.
What is the third initial step in the recruitment process for the Children of Hades?
?

In the article on recruitment, Kronos provides us with a guide published by the

sect. It details how to find and prepare recruits for ceremonies.

In the third part of the document, we learn that the third step is a background check.

Answer: background check.

14/45 - Write-Up CTF Disparue(s) - Oscar Zulu Osint Crew - TLP

White
The Glass Shield
Ideally, of course, you should be able to identifier this valuable source for your
investigation. It should be possible to find out more about him, afin find out his first
name and the link he has with the current cult leader.

Like any good investigator, have you thought about using the Wayback machine to see if any
posts have been deleted or modi1ed?

If so, you'll come across an article that has been removed from the site!

The message, signed with his real first name, reveals that he is the father of the sect's leader!

Answer: georges père

15/45 - Write-Up CTF Disparue(s) - Oscar Zulu Osint Crew - TLP

White
City of Industry
Clear and Present Danger
Like any modern organization, the Children o f Hades must have an official information
channel. We need to find it.

If you've been paying attention while reading, you'll have seen a hashtag on Persephonia's Tumblr:

And indeed, this site is the sect's public communications channel!

Answer: enfantsdhades.com

Judge Dredd
You explore the site exhaustively afin to obtain information. What is the
username of the security manager?

This question calls for a bit of technique, and no doubt the least "cyber" of investigators will
have a bit of trouble. In this case, the hints will help.

For the more experienced, a look at the 1chier robots.txt shows an interesting file:

The address
https://enfantsdhades.com/vfrrghertevb34535lkh2Ohh00hLhkl0iujd39hhkbekzjiceluiquivoitcaest
fort909878987/ gives us 2 hidden directories /inv and /org.
The first contains an invitation in PDF format, which we'll probably use later, and the second
contains an organization chart, and above all a means of contacting the various protagonists!

In this organizational chart, we learn that a certain Heracles is in charge of security!

Answer: heracles

Solving this challenge opens a new category: Guilty as Sin

1G/45 - Write-Up CTF Disparue(s) - Oscar Zulu Osint Crew - TLP White
Albino Alligator
The safety manager needs to know a lot! He or she must be identified at all costs.
! Find out his true identity.

Remember that we have the Children of Hades e-mail address template. The
security manager's e-mail address is [email protected]

N.B.: As all sites became pay sites during the CTF, we decided to give the result to teams
who didn't have credit, by submitting a screenshot showing the information flouted on Epieos
for example.

Using a site like Osint Industries or Epieos, you can see that his e-mail address is linked to a
Trello :

By consulting Trello, it is possible to see the tasks he has assigned himself, without securing his
account. It's possible to discover chilling information about the sect's procedures, but also a task to
renew his CNAPS card.
A link to a document is provided in order to 1nir his file... and the form indicates his identity:

So we have the Heracles identity

Answer: guillaume tacheleron

17/45 - Write-Up CTF Disparue(s) - Oscar Zulu Osint Crew - TLP

White
18/45 - Write-Up CTF Disparue(s) - Oscar Zulu Osint Crew - TLP
White
Faster Pussycat! Kill ! Kill !
Captives
Given the information you've found, there's no doubt that Ellen isn't the only victim.
Will you be able to discover the pseudonyms of the other young women under influence?

To solve this challenge, you first need to send an e-mail to Persephonia, which will reply
promptly with a link :

By following the link ul23ocgxwgj7wi455ncpiegylrzqmisd7uwh2hxjsmxgy2wjgax35tad.onion

provided, you'll be able to consult a site that explains the evening's proceedings in greater detail.

As you read on, you'll discover that two other young women will be initiated on the same
evening.

Answer: demeter macarie

Heavenly Creatures
You've discovered a terrifiant website... as you imagined, these young filles are not
protected by the cult, but instead manipulated into falling prey to men willing to pay to
abuse them.
Determined to get them out of this trap, you continue your
investigation. What is the pseudonym of the author of the
photos on the site?

Let's take a look at the 1images available on the site. When you download one of the portraits,
you can consult the EXIF data using a tool like Exiftool (there are many available):

19/45 - Write-Up CTF Disparue(s) - Oscar Zulu Osint Crew - TLP

White
A Gary Durbourg is clearly identified as the photographer.

Answer: gary durbourg

Donnie Brasco
His pseudonym won't help you much, but it will eventually help you find his real identity!

A1n order to find the photographer's real name, we'll need to look into the networks that
creative people use to promote their work:
- Instagram
- Facebook
- Flickr
- Behance are
the best-known.
The first 3 networks don't work.
However, a search on Behance shows a pro1l that seems to match!

20/45 - Write-Up CTF Disparue(s) - Oscar Zulu Osint Crew - TLP

White
On his pro1l, he indicates that his real name is Gérard Dubourguin.

Answer: Gérard Dubourguin

21/45 - Write-Up CTF Disparue(s) - Oscar Zulu Osint Crew - TLP

White
Guilty as Sin
Psycho
It's time to focus on the chef. Based on what you've found so far, you should be able to
add a chapter to your case.
What pseudonym does the cult leader use?

By consulting the organization chart found earlier, it's easy to find the pseudonym Sarapis.

Answer: sarapis (or EH_Sarapis)

The following challenges in this category are not available if you haven't solved them yet
Original Gangsta

Natural Born Killers

You now have the ability to find Sarapis' true name. Follow the tracks, unravel all the fils
to unmask him.

This challenge is unlocked once the Once Upon a Time in America challenge has been
completed. You should have done some investigating on the SETH address provided.
SETH addresses correspond to the SEPOLIA network, which is used for testing the ethereum
network.
This saves the organizers of the competition the expense of real ethereum.

The SEPOLIA network has its own dedicated etherscan for tracking transactions.

We can see that the treasurer's address has sent tokens to another address
0x730C82D30d28d3Gb8754G41dAC90871eG3F0BGFD:

A look at the transactions for this address reveals 2 interesting transactions:

The first de1nishes the creation of a contract, and the very last is a Hash send.

22/45 - Write-Up CTF Disparue(s) - Oscar Zulu Osint Crew - TLP

White
The transaction details page lets you view the hash content. Just click on More details, then on
decode input data.
The following link contains 3 1files:
https://bafybeihez4sappks5drb73xubiodvcju3dhw4gtGjjGtrnrkwswegik3lq.ipfs.nftstorage.link/

These three 1chiers are wills signed by our 3 departed, naming as beneficiary a certain Serge
Arapis!
Sarapis is not just a Greco-Egyptian god, but a contraction of his first and last names!

Flag : Serge Arapis

Original Gangsta
You finish your profil on Serge Arapis and try to map out his relationships and
potential accomplices.
Which elementary school did he go to?

We now have the true name of the leader of the Children of Hades!
A simple Google search tells us that a certain Serge Arapis is on Copains d'Avant

The site simply informs us that he attended the École Marcel Pagnol. A1n
con1rmer, you can also find the stolen photo on the Kronos blog

And see that it's the same person... just older.

Answer: ecole marcel pagnol

The answer unlocks the Taxi Driver challenge

23/45 - Write-Up CTF Disparue(s) - Oscar Zulu Osint Crew - TLP

White
Goodfellas
Once Upon a Time in America
Tracing the fil of money is often an excellent idea! So you concentrate your search on
the organization's treasurer.
Find out where he spent his vacations as a child.

Let's go back to the Onion site we found earlier.

This tells us to send a message to the accountant so that he can give us the address to send the entry.
According to the organizational chart found earlier, e-mail addresses are in [email protected] format.

The pseudonym of treasurer is pluton, we try to send a e-mail

to [email protected]

We receive a reply with a SETH address where to send payment:

0xaFB4F59507C1E055A61c360Bd29F90c681496F85

Sometimes the lure of money makes even the worst scum forget about
safety. What if the treasurer had published this address elsewhere?

And it is! A search on Twitter shows us a tweet with this payment address!
https://twitter.com/GDakarivich/status/1G9902554053810G075

N. B. Once again, you'll need to remember to disable the "filtres" in the search to see it, and
consult all the tabs (latest, for example). Twitter search has its own particularities...

Consulting the Twitter pro1l of the person who appears to be the treasurer, we find a tweet
referring to his vacation in the Camargue:

24/45 - Write-Up CTF Disparue(s) - Oscar Zulu Osint Crew - TLP

White
Answer: camargue

The right answer to this challenge also unlocks a new challenge in the Guilty as Sin category.

Cab Driver
Your dossier is becoming more and more complete, and all you need is the real
identity of the treasurer to finish the identification of the sect's executives.

A look at the @GDakarivich twitter handle already gives us an indication. But

Serge Arapis' Copains d'Avant pro1l tells us a little more.

In fact, his list of school friends includes a certain... Gérard Dakarivich, who studied law with
Sarapis!

Here's our treasurer!

Answer: Gérard Dakarivich

25/45 - Write-Up CTF Disparue(s) - Oscar Zulu Osint Crew - TLP

White
Heaven's Prisonner
Little Odessa
You've identified 2 other victims, and their families are no doubt worried! So you try to
identifier them.
You begin your research on Macarie, who seems to be the most fragile. Find
out her first and last names.

Having found the wills, it's easy enough to identify Macarie from the scanned post-it note.
They are Sauvane Auberjonois

Answer: Sauvanne Auberjonois

Bound
Afin order to inform his family of your findings, you try to find out additional information. What
is her brother's first name and her mother's maiden name?

What better place to find genealogical information than on a genealogy website! On

Généanet, you'll find a family tree of Sauvanne Auberjonois :

2G/45 - Write-Up CTF Disparue(s) - Oscar Zulu Osint Crew - TLP White
His brother is Lionel, and his mother's maiden name is Garancin.

Answer: Lionel Garancin

Desperate Measures
Sauvanne's family found, you continue your investigation to identify Demeter. Find her
first and last names.

As with Macarie, the will reveals Macarie's true identity: Eabha Quinny, of Irish nationality.

Answer: Eabha Quinny

Primal Fear
Armed with this information, you now look for further clues. Despite the fact that the
cult only recruits people who have broken with their loved ones, these young women must
have people looking for them...

Where are the filles kept?

With the 2 identities, it should be possible to trace them back to a concerned acquaintance.

You've probably searched for Sauvanne on social networks without success (apart from the
family pro1ls created by some unfortunate person).

Searching for his name on Facebook, a post catches your eye:

27/45 - Write-Up CTF Disparue(s) - Oscar Zulu Osint Crew - TLP

White
Eabha's friend reports her missing!
The publication has a comment which informs that she managed to borrow a phone to send an
email.

Eabha con1rms that she is being held against her will, and that she regrets having followed them, and
communicates valuable information in an attempt to locate them:
- an old house for rent;

28/45 - Write-Up CTF Disparue(s) - Oscar Zulu Osint Crew - TLP

White
 - a journey of just over an hour from Martigues, without taking the freeway;
- driving west ;
- they didn't take any expressways or freeways;
- a boat for a few minutes ;
- 500m of dirt road before arriving ;
- all she sees are horses and brush;
- on her walks, she sees an old tower at around 1500m.

Thanks to the Traveltime website, you can de1ne an approximate area with a 1h25 journey time:

To the east, we can see that the Camargue area is within reach... treasurer Pluto's favorite vacation
spot!
She mentions a boat just before arriving, which is probably the Barcarin ferry across the Rhône
to the Camargue. The bridges over the Rhône are like expressways or freeways at this point.

We can therefore de1ne an area a few kilometers east of the Bac.

It's possible to search for ruins using Google Maps, but with a little mastery of the Overpass
Turbo tool, it's possible to do this very quickly.

Using the following query :

[out:json][timeout:25];
nwr["ruins"="yes"]({{bbox}});
out body;
>;
out skel qt;

Only one ruin stands out in our search!

29/45 - Write-Up CTF Disparue(s) - Oscar Zulu Osint Crew - TLP

White
On Google Maps, only one house can be rented in this area: Mas de la Belugue.
We'll use Google Street View to con1rm that the access road is dirt and about 500m long!

Answer: Mas de la Belugue Arles

30/45 - Write-Up CTF Disparue(s) - Oscar Zulu Osint Crew - TLP

White
Things to Do in Denver When You're Dead

Note: This part is not essential for completing the main investigation to free the 3 women, but
it does give a more detailed understanding of the sect's workings and the role of its members.

2 Days in the Valley

Armed with your findings, you inform the gendarmerie of your research and
conclusions.
They quickly dispatch a brigade to the scene, but unfortunately the place is already
empty...
On the spot, they find a fireplace that has been used to brȋler what appear to be papers.
One document has not been destroyed and may help you in your investigation of the cult
members.

Which command did you use to find your next work support? Flag format:

`SECRET_COMMAND{YEAH}`

The robot in the picture reminds you of someone...

That's right! The robot on the OSCAR ZULU discord server... The robot they retrieved is in fact
the former bot of the Children of Hades, and its reprogramming didn't eIacerate a protected part of
its memory...
So you pro1ce your support channel to enter the order indicated on the paper and you eIectively
get an answer:

You can therefore consult the backups of sect members.

If you test the nicknames one by one, you will find only one backup, that of Rhéa:
HADES_BOT{RHEA}

31/45 - Write-Up CTF Disparue(s) - Oscar Zulu Osint Crew - TLP

White
You'll get a link containing MBOX folders.

Flag : HADES_BOT{RHEA}

Once Were Warriors

With the documents found, you should be able t o identifier additional cult members.
What is Zeus and Rhea's marital status (in that order)?

By importing MBOX folders into a mail reader (you can also do this with a text editor, by
reconstructing the 1attached files in BASEG4, or using Autopsy or other forensic software), it is
possible to consult the saved e-mails.

We find an e-mail from Sarapis indicating that one of the members has died, and that the
articles of association of the company they are going to create have been redrafted. The e-mail
also indicates the pseudonyms and the number of shares per member.

32/45 - Write-Up CTF Disparue(s) - Oscar Zulu Osint Crew - TLP

White
It says to attach a 1file... but it's missing.
Reading the other e-mails, we see that he had forgotten it and that the 1PDF file is available in a
subsequent message.

The draft statutes are written with the real identities of the sect members!

By comparing the list in the e-mail and the status list, it is possible to identi1y our 2 missing
frames:
● Zeus : JODIONIN Zara
● Rhéa : ARAPIS Zoé

33/45 - Write-Up CTF Disparue(s) - Oscar Zulu Osint Crew - TLP

White
So Rhea is the sister of the sect's guru!

Flag : Jodionin Zara - Arapis Zoé

Striking Distance
A member of the cult has gone on a reconnaissance trip to assess a safe house
where they could take refuge after the ceremony. Find out where he landed and the
flight number he used.

Flag format: `Barcelona PPGGG

Searching the MBOX folders with the mutt utility (under Linux), we find an e-mail sent by
Rhéa

It's also possible to read Mbox 1files and then convert baseG4-encoded attachments into a
readable 1file.

There is also an image attached

34/45 - Write-Up CTF Disparue(s) - Oscar Zulu Osint Crew - TLP

White
She says she left Brussels on 19/09/2023. The photo shows an airport in daylight with poor
visibility. The quality of the image makes it impossible to read the inscription on the aircraft in the
background, but an acronym on the tail can be recognized.

Two horses face each other.

Given the environment, it's likely that we're in an African country.
If you search for airlines in the sub-Saharan region, you will find :

Air Burkina, with the same design.

Check out the Capital airport on the o ciel website:

35/45 - Write-Up CTF Disparue(s) - Oscar Zulu Osint Crew - TLP

White
We have the same con1guration of the control tower as on the picture.

The photo seems to have been taken from this position: 12.353471557715G2G, -1.51415358750G2104

Let's take a look at the flights between Brussels and Ouagadougou.

The FlightRadar24 website provides flight information for 09/19/2023

3G/45 - Write-Up CTF Disparue(s) - Oscar Zulu Osint Crew - TLP White
The flight number is SN255

Flag : Ouagadougou SN255

Wargames
According to initial analyses by our digital forensics teams, one of the cult's members has
his own computer server. Can you connect to it?

flag format: `EDH{Ceci_Est_Un_Magnifique_Flag}`

This challenge is a little easter egg for SSH fans.

If you send an e-mail to the deceased member's address, you'll receive a reply informing you of
the existence of SSH access:

37/45 - Write-Up CTF Disparue(s) - Oscar Zulu Osint Crew - TLP

White
 I don't have much time left...
If you really want to contact me, please connect here: SSH [email protected]
SRm5fowKzC9D5fw9
I don't know how much longer this server will be available. Zagreus

If you connect to the ssh server using a terminal, you'll get a page telling you that it's too late to
consult this server... and a tribute Rag to our dear CTF Cyber

flag : EDH{CHilDren_Of_EasTeR_Egg}

38/45 - Write-Up CTF Disparue(s) - Oscar Zulu Osint Crew - TLP

White
He walked by Night
Judgment Night
This latest information is crucial... but unfortunately it hasn't enabled you to discover
where our three missing girls have been taken.

Your last chance to find Ellen, Sauvanne and Eabha is to arrive before the start of the
next ceremony...

What date and time will it start (rounded to the nearest ten minutes)?

A1n order to resolve this question, we need to go back in time in our investigation.
The poorly hidden folder on the Children of Hades website contained a PDF invitation.

In its article on ceremonies, Kronos Titan indicates that the sect likes to base itself on lunar
calendars.
The invitation reads Ceremony of the 12e Black Moon.
The black moon is the astrological term for the new moon, that moment in the cycle when the
earth is right between the sun and the moon, and the moon becomes invisible.
This phenomenon logically occurs 12 times a year.
The 12e new moon of the year (i.e. in December) is scheduled for December 13, 2023 at 00:33,
according to several sites found by typing "lunar calendar 2023" into Google.

Reply : 13/12/2023 0:30:00

Keys to Tulsa
To solve the last enigma of the main survey (en1n), we'll have to remember Kronos Titan's
article in which he says:

39/45 - Write-Up CTF Disparue(s) - Oscar Zulu Osint Crew - TLP

White
 After I left, things changed... All I know is that back then, they loved lunar calendars and
hiding information in a public document. Their ceremonial places were coded with W3W, but
they've stopped since the tool became popular.

Lunar calendars are a thing of the past.

But the only public document you found was this invitation.
A1n to see if there are 1s hidden in a 1file (steganography), the Binwalk tool is always useful!
When you submit the PDF 1file of the invitation to the tool, you'll eIectively find a hidden Zip 1file!

A1n order to extract it, you can either rename the 1file to .zip, or restart Binwalk with the
command :
binwalk -e invit.pdf

You will then have access to a 1text file containing this enigmatic sentence:

ACCORDING TO PLUTARCH
1MLO3UT0P-2OAICFDBO-
ENLRHOERI-CIUEAXLAN-EEN2TTTVT-R DE0ERAO2-EEN2AO81--

By Googling Plutarch's secret code, it's possible to discover that the code used could be the
scytale, or Plutarch's staff.

The dcode website offers an online tool for decoding this chiIrement :

12ECEREMONIEDELALUNENOIRE2023CHATEAUFOXTROTDELTA80BRAVO1PO
INT2

Putting back the spaces gives :

12TH BLACK MOON CEREMONY 2023 CHATEAU FOXTROT DELTA 80 BRAVO 1

POINT 2

You can recognize the NATO phonetic alphabet.

We'd be looking for a castle located in FD80B1.2 This

would be a coordinate system...

40/45 - Write-Up CTF Disparue(s) - Oscar Zulu Osint Crew - TLP

White
Searching for letter and chiffres "coordinate" system in Google again, we find references to military
carroyage. But the system doesn't quite match.
By specifying the search by Carroyage France, Google indicates this time the DFCI (Défense
des Forêt Contre l'Incendie) carroyage.

The DFCI grid can be consulted on Géoportail.

Mas de la Belugue, for example, is located in HD82F35. When coordinates are passed by radio
during rescue operations, this would give "Hotel Delta 82 Foxtrot 3 point 5".

A closer look at the grid shows that the FOXTROT DELTA tile is much further west, in the
Bram area:

The FOXTROT DELTA tile is in Bram, and a Château is visible on the map!

41/45 - Write-Up CTF Disparue(s) - Oscar Zulu Osint Crew - TLP

White
A final Google search reveals that the full name is Château de Valgros Fontenac in Bram.

Answer: Château de Valgros Frontenac Bram

Set if o
The concluding challenge... nothing to solve here, except your next investigation.
You immediately report the time and contact details to the Bram Gendarmerie, who
quickly arrive on the scene with a platoon from the Toulouse GIGN unit.
They find the 3 victims, ready to be fed to the cult members. On the spot, the leaders of the
Children of Hades are arrested.

Quickly, their lawyer makes a statement:

"My customers are accused of absolutely unspeakable acts! The so-called victims were
all consenting, and signed contracts with my customers which stipulated

42/45 - Write-Up CTF Disparue(s) - Oscar Zulu Osint Crew - TLP

White
the conditions under which they joined this association, whose sole aim is their well-
being. We can discuss the methods that consist in wanting to treat young women in
distress by allowing them to realize their deviances. This is not a judicial affaire, as
everyone is consenting, but a philosophical debate.
I would therefore ask tomorrow for the release of my clients, who are perfectly innocent."

There's no doubt that the information you've gathered can be added to the civil
party's file, but it's with the goȋt of a bitter victory that you close this case.

--------

Congratulations on your
survey. We hope you enjoyed it!
Always be cautious, on the Internet and elsewhere, of those who offer you wonders, and keep an
eye on those you love, especially the fragile ones!

Enter **FIN** below to end this CTF!

In case of suspicion of sectarian aberration concerning one of your

relatives: You can contact the following organizations:

In France
www.unafdi.org
Union nationale des Associations de défense des Familles et de l'Individu victimes de sectes)
www.ccmm.asso.fr
Center Against Mental Manipulation
www.miviludes.interieur.gouv.fr
La Milviludes website

or call 17 in case of imminent danger or emergency.

In Belgium
www.ciaosn.be
Center d'information et d'avis sur les organisations sectaires nuisibles
or contact 101 in an emergency

43/45 - Write-Up CTF Disparue(s) - Oscar Zulu Osint Crew - TLP

White
Mindmap OSINTRACKER
Below you'll find an export of the OSINTRACKER mindmap created during our CTF test.

44/45 - Write-Up CTF Disparue(s) - Oscar Zulu Osint Crew - TLP White
You can download the archive export here:
https://www.dropbox.com/scl/1/h1kbdl4i5u2v4uz8vd1vy/disparues.osintracker?rlkey=8pzryGnr4
wpha9gcqtgq5c5b4&dl=0

45/45 - Write-Up CTF Disparue(s) - Oscar Zulu Osint Crew - TLP White