OSINT: Alternate Handles (300pts)

Challenge Description

The threat actor seems to have caught wind of our intelligence gathering. They’ve gone as far as to even send us an email taunting us! Find out the threat actor’s alternate handle(s).

Actor’s Message

From: JR <j.riscman@proton.me>
To: RISC Threat Intelligence <intel@ctf.urisc.club>
Subject: I have eyes everywhere.
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
MIME-Version: 1.0


Sup,

I know you've been trying to find me, good luck with that, LOSERS. I guess
you're wondering how I know that huh, well I'm not telling :P.

Lukewarm Regards,
Mega Cool Hackerman - JR.

(╯°□°)╯︵ ┻━┻

Approach

First, we need to assume that the threat actor is aware of our movements, indicating a source of data.

However, the only areas the information is sent is via RISC’s discord or Instagram.

Given this vested interest, we can assume that the threat actor is likely closely following RISC activity.

Thus, we would need to look into people who are curious about the CTF, then we would need to correlate the shared avatar between his GitHub and Discord to figure out the new handle.

So, the flag is:

RISC{PANDAMAN}

OR

RISC{JRWASHERELOL}

Solved!