Tags: osint 

Rating:

## Task
> DEADFACE recently targeted David Rogers, a high-level executive at Cronin Group. We’re trying to work the attack backwards to find out how they were able to determine he was at this year’s Black Hat convention in Las Vegas, NV. We’ve determined that, at some point, a member of DEADFACE has physical contact with him and was able to plant a malicious USB in his pocket which he then used on his work computer. Figure out which event he participated in — this will help us narrow down attendees to see who might belong to DEADFACE.
>
> Submit the location of the specific event/talk/training as the flag (example: flag{Conference Room 1})

## Solution
No link or image is provided in the challenge descritption so we should search on [Ghost Town forum](https://ghosttown.deadface.io) to see if we can find any useful information.

Searching for key term ‘Black Hat’ we can find [this thread](http://ghosttown.deadface.io/t/black-hat-usa-2023/109).

In that thread we find this post about David Rogers:

![](https://miro.medium.com/v2/resize:fit:828/format:webp/1*-KRSI8ppPKQGkufSF7xJ4Q.png)

[Scanning](https://4qrcode.com/scan-qr-code.php) the QR code behind him leads to this [link of an event](https://www.blackhat.com/us-23/training/schedule/index.html#advanced-apt-threat-hunting--incident-response-30558).

On the top of this website we can find this:

![](https://miro.medium.com/v2/resize:fit:546/format:webp/1*1wWuuf_2Lm0ldQyDJ48Stw.png)

Therefore the flag is **` flag{Jasmine — F}`**