We know that this tw33t is related to a hacking organization and that is also used to share a secret encoded message over Github and/or Twitter.
Flag format: CTF{sha256}
ctf{dd199cac14352639e7e5a2415131d6f09411e5b24840b9976d1c1bfaf20f9ca1}
Ran exiftool to get info about the model of the device used to take the photos, and the GPS location that was put in the metadata. Then, with this information, I managed to find a Github gist which contained (in its history) the text with an encoded message.
When we enter the given page, there is the following generated tweet (https://www.tweetgen.com):
Found the location of the “camera man” in Rome, behind the Pantheon:
https://what3words.com/mammals.hiding.director
The second image is from the same area, some meters into Piazza Della Minerva.
Steg tools on the 1st image: https://aperisolve.fr/aa275d7900cd22ef604fe855e10dd832
Steg tools on the 2nd image: https://aperisolve.fr/b5efb8428d4bf15f9a3eea5e41a89031
There’s also the profile image of the twitter account:
https://aperisolve.fr/8ec88a73e28cd0d4408503d4628824ea
Looks like the profile picture was taken just before landing in Rome, at the Fiumicino airport (I know because I have seen the exact same things when I went to Rome).
But nothing really useful, after hours of search…
Until I paid some more attention to the output of ‘exiftool’ for the 2nd image, from which I got the location of the Github HQ (San Francisco). In the image description there also was a hint: ‘Yet another tool’, most probably referring to another tool of Github. Also, when running ‘exiftool’ on both images, we notice a difference at the camera model: the 1st image has BE2029051N7, but the second only BE2029. 051N7 is OSINT in leet/1337.