Okta? More like OhNah

Okta? More like OhNah

May 28, 2022
1 min read
okta-more-like-ohnah

Okta? More like OhNah

Solvers
B Battlemonger ,
Category
OSINT
Points
490
Flag
byuctf{port_scanning_11:22}

Recently, the group known as LAPSUS$ released indications they breached Microsoft & one of the Largest SSO companies, Okta. In some of their leaks they hinted that “most of the time if you don’t do anything like __________, you won’t be detected”.
Flag format: byuctf{answer:timestamp in format HH:MM}, two word answer seperated by an underscore.

Looks like a challenge regarding an infamous hacking group. Seeing that the flag asks for a timestamp and the language is pseudo-colloquial, I’d safely assume that this text mentioned somewhere came from a messaging board. I downloaded Telegram, their main method of communication with the real world, joining their announcements board, yet upon a Ctrl + F I couldn’t find this message anywhere. Their board mentions a group chat, but it was recently purged and terminated. When the admin confirmed that this wasn’t the intended solution, I moved towards looking for screenshots surrounding the Okta leak. Our team found this tweet from John Hammond after a while:

J
John Hammond @_JohnHammond March 22, 2022

even da big ones [shocked pikachu]

Tweet Media

The flag is byuctf{port_scanning_11:22}. A hint was later added to the challenge:

think screenshots! it is not on telegram but another platform with that same first letter. tweeted by a famous red head i think

It would have been much easier with this information… love you, John Hammond.