OSINT: Where are they? (400pts)

Challenge Description

The threat actor has infiltrated RISC headquarters! We need to dispatch a team to handle him, immediately. Where is he?

Actor’s Message

From: JR <j.riscman@proton.me>
To: RISC Threat Intelligence <intel@ctf.urisc.club>
Subject: Right under your nose
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============7262613398416824827=="

--===============7262613398416824827==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit


Hello again :),

Y'know after visiting RMIT, it isn't half bad.

Lukewarmer Regards,
Mega Cool Hackerman - JR.

(╯°□°)╯︵ ┻━┻

Email Attachment

Approach

Considering the prompt, we can presume that this photo has been taken at RMIT.

For the keen-eyed, they may realise that this is a non-classroom area.

There are two solutions to finding this flag, lets start with the slow option.

Option 1 (SLOW)

Considering this is a non classroom area that RMIT, lets use this information to scour social media for RMIT official accounts or student accounts in order to collect photos and determine a similar looking area that can match the picture that we are provided.

Option 2 (FAST)

With this photo, we can utiltise the RMIT Virtual tour link to search around campus to find a room that could match the picture that we have been provided.

Alternatively, we can use a youtube video that tours around the study areas at RMIT.

Solution

From searching RMIT’s online base, it can be concluded that this photo was taken at Building 10, Level 9.

So, the flag is:

RISC{BUILDING_10_LEVEL_9}

Solved!