How I Won ACR DEFCON

This challenge was pure OSINT discipline: no guessing, no lucky jump, just careful correlation. My approach was to verify every clue before moving to the next source and keep a clean evidence trail as I worked.

1) Identity confirmation

I started from the provided GitHub profile, where subtle references pointed toward a LinkedIn account. That let me confirm the target identity with confidence before branching into other social profiles.

2) Cross-platform correlation

From LinkedIn, I compared profile imagery and tracked matching visual elements to locate the Facebook and Instagram accounts. This reduced false positives and kept the investigation anchored to one person.

3) Environmental clue extraction

Both social accounts contained images with minor signage clues. Those clues narrowed location candidates to rural Oregon, and after cross-checking I landed on Paulina, Oregon as the strongest match.

4) Airstrip identification

With Paulina established, I identified the nearest airstrip: Rager Airstrip. It is not officially listed in FAA databases, so this was a verification-heavy step that required external corroboration.

5) Runway and elevation validation

For runway length and context, I used this source: theraf.org/raf-grant-for-oregons-rager-airstrip.

Then I used latitude/longitude coordinates found in a comment by Erin White and confirmed elevation through the official elevation tool: apps.nationalmap.gov/bulkpqs/#.

This challenge rewarded methodical thinking more than speed. Winning Challenge 13 at DEFCON 33 came down to disciplined correlation, location verification, and validating each assumption before building the final answer.