• Onboarding: Here
• Challenge 1: Here
• Challenge 2: Here
• Challenge 3: Here
• Challenge 4: Here
• Challenge 5: Here
• Challenge 6: Here
• Challenge 7: This article
• Challenge 8: Here
• Challenge 9: Coming soon
• Challenge 10: Coming soon

Hi Detective,

It’s been awesome witnessing your progress. Seriously, you’ve climbed to new heights in uncovering the misdeeds of sly cyber-criminal, Krypto. We, the National Security Office (NSO), had our eyes on him for ages, and thanks to your information, we finally managed to track him down. I’ll spare you the thrilling details, but guess what? Turns out our guy held a high-ranking position as City Manager in the Mayor’s office, and he was tight with Ms. Gaia Budskott, the Mayor of Digitown. And yes, he’s also the mastermind behind the infamous KUsto ANti-Detective Agency (Kuanda.org) that you brilliantly exposed. However, here’s the unfortunate part: he slipped through the fingers of Digitown’s law enforcement. Given the new international nature of the case, we (the NSO) are taking over.

So, let’s cut to the chase. Time is of the essence, and we need your expertise and experience to help us find the final destination of Krypto.
While we have gathered significant information about him, it is not enough to capture him. Our sources indicate that he was spotted at the Doha airport on August 11, 2023, between 03:30 AM and 05:30 AM (UTC). However, by the time our agents arrived, he had already made his escape, presumably utilizing a private jet. We have deployed dozens of officers to all potential landing destinations, but he has evaded us so far. We have a single lead that suggests Krypto may have attempted a plane-to-plane jump, given his skills as a wingsuit expert. Here is where we got stuck.

Fortunately, we have you (and full access to the public and private jet plane schedules on this day). Your mission, should you choose to accept it, is to determine the destination to which Krypto has fled.

Hoping to hear back from you soon,
NSO Agent Stas Fistuko

This is a geo challenge and you’re going to need to check out the geo_point_to_h3cell and geo_point_to_s2cell commands for their awesome capabilities.

//First we need to find the first airport, you can use the code but the municipality works just as well

Airports
| where municipality == “Doha”
| project lat, lon

//Then we need to find flights leaving from Doha, between 03:30 AM and 05:30 AM, that have a close encounter with another plane where our suspect flight is the one flying above the other plane.

let doha=
Flights
| where Timestamp between (datetime(2023-08-11T03:30:00Z) .. datetime(2023-08-11T05:30:00Z))
| where onground==true
| summarize callsign=make_set(callsign) by geo_point_to_s2cell(51.608056,25.273056,12)
| mv-expand callsign
| extend callsign=tostring(callsign)
| distinct callsign;
let potentialplanes=
Flights
| where Timestamp between (datetime(2023-08-11T05:30:00Z) .. now() )
| where callsign in (doha)
| summarize Planes=make_set(callsign), Heights=make_set(geoaltitude) by geo_point_to_s2cell(lat,lon,15), bin(Timestamp, 1m)
| extend CountofPlanes=array_length(Planes),HeightCount=array_length(Heights)
| where CountofPlanes == 2
| where HeightCount == 2
| extend H1=toint([‘Heights’][0]), H2=toint([‘Heights’][1])
| extend HeightDelta=H1-H2
| where HeightDelta >=0 and HeightDelta<=10
| mv-expand Planes
| extend callsign=tostring(Planes)
| distinct callsign;
Flights
| summarize arg_max(Timestamp, *) by callsign
| where onground== true
| where callsign in~ (potentialplanes)
| extend key=geo_point_to_s2cell(lon, lat, 13)
| join kind=inner(
Airports
| extend key=geo_point_to_s2cell(lon, lat, 13)
) on key
| distinct municipality

//Bingo one suspect and it’s flying to Barcelona!