Important Notes to read
- this blog will contain the most important notes from the first OSINT session explain by sameer fakhoury in the first CTF completion and training in BAU
- these notes are summary for the content in Searchlight - IMINT tryhackme room
- The flag format is: sl{flag} - this means thaPt every answer needs to be submitted within the brackets, sl{your answer}. No capitalization is needed.
Definitions
- IMINT (Imagery Intelligence): Gathering and analyzing visual information from sources like satellites.
- GEOINT (Geospatial Intelligence): Integrating geospatial data, including IMINT, to provide insights into the geographic context of intelligence.
- This room will introduce you to several topics within IMINT, among them:
- Mindset and Analytical Skills
- Visual Data Extraction from Images/Videos
- Tools for Geolocation and Contextual Analysis
Geolocation Challenges steps:
- Search for clear location clues.
- Figure out the country/region using driving customs, language, or architecture.
- Spot road signs, nature, vehicle details for identification.
- Check road quality (paved or gravel) to gauge infrastructure.
- Identify distinctive landmarks to pinpoint the location.
- Task 2 Your first challenge!
- What is the name of the street where this image was taken?
- using google lens - or from the same picture
sl{carnaby street}
Google Dorking:
- Google Dorking, also known as Google Hacking, is a technique that utilizes advanced search operators to uncover information on the internet that may not be readily available through standard search queries.
- Here are the 10 most commonly used Google search dorks:
site: - Restricts search results to a specific website or domain. Example:site:example.comfiletype: - Limits results to specific file types. Example:filetype:pdfintitle: - Searches for keywords in the title of a web page. Example:intitle:openaiinurl: - Looks for keywords in the URL of a web page. Example:inurl:blogintext: - Searches for keywords within the body text of a web page. Example:intext:chatbotrelated: - Displays websites that are similar to a specified domain. Example:related:example.comcache: - Shows the cached version of a webpage as it appeared when Google last indexed it. Example:cache:example.comdefine: - Provides definitions of a word or phrase. Example:define:artificial intelligenceallintitle: - Requires all specified keywords to appear in the title of web pages. Example:allintitle:openai chatbotallinurl: - Requires all specified keywords to appear in the URL of web pages. Example:allinurl:blog post
- Task 3 Just Google it!
- Which city is the tube station located in?
- using google lens
sl{london}- Which tube station do these stairs lead to?
- focusing on the image carefully seeing a
Circuskeyword - so I searched for →
Circus London Underground - opening some images
sl{piccadilly circus}- Which year did this station open?
- How many platforms are there in this station?
- search for platforms in the same page →
CTRL+F sl{4}
- Task 4 Keep at it!
- Which building is this photo taken in?
- open the image and found some text that may be useful
- search for YVR CONNECTS
sl{vancouver international airport}- Which country is this building located in?
- search for the location of the airport
sl{canada}
- Which city is this building located in?
- search for the city
sl{richmond}
- Task 5 Coffee and a light lunch
- A friend of mine contacted me asking if I could help them locate a coffee shop that is supposed to serve the best lunch there is. They told me the coffee shop is somewhere in Scotland, and he sent me these two pictures. Do you think you could locate it and answer the questions below for me?
- Which city is this coffee shop located in?
- opening the coffee shop image and see a the name of the beside shop
- I have many location in google map so I will search manually
- open google map VR
- going to see some near coffee shops
- location →
1 Allan St, Blairgowrie PH10 6AB, United Kingdom - Street Address: 1 Allan St
- City/Town: Blairgowrie
- Postal Code: PH10 6AB
- Country: United Kingdom
sl{blairgowrie}- Which street is this coffee shop located in?
- from the upper question
sl{allan street}- What is their phone number?
- from the upper question
sl{+447878 839128}- What is their email address?
- search for →
The Wee Coffee Shop "email” - open this link → https://www.tripadvisor.com/Restaurant_Review-g191250-d2519557-Reviews-The_Wee_Coffee_Shop-Blairgowrie_Perth_and_Kinross_Scotland.html
- going to the website → https://www.facebook.com/weecoffeeshop/about
sl{theweecoffeeshop@aol.com}- What is their email address?
- search for → The Wee Coffee Shop owners
- Your surname is your family name
sl{cochrane}
browsers for image search
- One of the methods for geolocating an image is to do an image reverse search. This means that we are searching for the image itself online, and if the image has been indexed by search engines we may find the exact image or we can do a visual search or crop search to help us find similar images.
- I recommend adding this extension to ease the workflow for when you find images online that you want to do an image reverse on:
- we use a reverse image searching program → Yandex → Bing → Google
- why Yandexis better than google
- When you reverse image search with Google, Google tries to find the exact match of that image. With Yandex, it's almost as if Yandex knows what your image is of straight away and shows you other images of the same thing to reinforce the idea that it knows.
- Yandex uses AI to reverse image search, whereas it feels like Google is doing a simple "if IMG_0657 = [Position 1 of image database]: return" against all the images it has.
- Task 6 Reverse your thinking
- Which restaurant was this picture taken at?
- use google lens
sl{katz's deli}
- What is the name of the Bon Appétit editor that worked 24 hours at this restaurant?
- search for → Bon Appétit editor that worked 24 hours "Katz's Delicatessen”
sl{andrew knowlton}
- Task 7 Locate this sculpture
- What is the name of this statue?
- use google image search
- no benefit
- search for the term →
motorcycle elk sculpture sl{rudolph the chrome nosed reindeer}- Who took this image?
- search for → rudolph the chrome nosed reindeer
- going to → https://www.visitoslo.com/en/articles/outdoor-sculptures-in-oslo/
- opening the website will have a map will multi locations of sculptures so I’ll try to search manually
sl{kjersti stensrud}
- Task 8 ...and justice for all
- What is the name of the character that the statue depicts?
- I used google image but without any benefit
- so I searched for → justice sculpture
sl{lady justice}- where is this statue located?
- from here I will use Yandex
- going to this picture
- I will search for → bryan united states courthouse
- going to google map and search for Albert V. Bryan United States Courthouse → , view using VR
- searching the location
sl{alexandria, virginia}- What is the name of the building opposite from this statue?
- going back to the VR location we will see the opposite building
sl{the westin alexandria old town}
Geolocating videos
- Geolocating videos aren't much different from geolocating images. A video is just a string of images, usually played at 24 frames(or images) per second. In other words, a video will hold a whole lot more images that can be analyzed, reversed and scrutinized by you.
- Task 9 The view from my hotel room
- opening the video and extracting some important pictures and information
- picture one
- picture two
- picture three
- picture four
- picture five
- search for → Riverside Point
- use Image lens for picture one
- going back to google map of Riverside Point I will make a relation with Marina Bay Sands Singapore
- from the video we saw that the Riverside Point was at the right hand of the girl and there is water between them so I search in the red box location
- going to see 360
- as the video so I am close to the answer
- so now I know the location of the building by analyzing the picture
- search for → clarke quay singapore hotel
sl{novotel singapore clarke quay}
