Today is the back to the basics day.
Close to a year ago I had the pleasure to talk to Sinwindie, the creator of the OSINT Dojo. I also promised to participate as a learner in the OSINT Dojo project – that took way longer than anticipated.
Luckily, the time has finally come to rectify this and to deliver on the pledge.
In OSINT, every day is potentially a school day. Let’s do this.
OSINT Dojo Student – Rank Requirements
1: Participate in an OSINT CTF
2: Attempt 2 OSINT quizzes of any kind. Don’t just make a guess, show the reasoning behind your answer!
3: Create and share a 2-minute video showcasing the steps you took to solve a previous OSINT quiz. You may use your real voice or a computer generated one for audio.
4: Write and publish an article, tweet, or blog post of at least 250 words showcasing steps you took to solve a previous OSINT quiz
5: Introduce yourself to the OSINT community and let others know you are ready to learn by including the hashtag #OSINTDOJO
1: Participate in an OSINT CTF
To complete this requirement I selected the Sakura Room CTF challenge on TryHackMe. It’s an enjoyable and yet sometimes challenging room that requires using several various OSINT techniques and approaches. The description reads: “With a bit of research, most beginner OSINT practitioners should be able to complete these challenges“.
Damn right, you do need research. Maybe even a bit more than a bit – but it’s all for a good cause!
I definitely recommend this room for both OSINT beginners and consummate practitioners – a thing or two in these challenges will certainly surprise you.
2a: Quiz 1 - The OSINTDojo puzzle, November 23, 2020
Source: @OSINTDojo
Objective: Can you find the lat / long of the attached photo?
Visual clues:
- A sign with what appears like an emblem / logo and a partially visible name – “Golden T”;
- Country flags, the first one being what appears like the flag of South Africa; I was able to recognise that flag without any external aids, but should you need assistance, all other existing African flags can be found in this Wikipedia article.
- Spacious carpark at the front, gated boundary, bollards & flag masts – possibly a hotel?
- Large, long structure with a distinct shape – should be visible on Google Maps aerial shots;
- Individuals of African descent in the foreground;
- Older looking cars, suggesting a developing country;
- Tropical / warm country vegetation – so most definitely somewhere in the southern hemisphere;
- Telecommunications mast in the close proximity.
Methodology:
- Switch to the South African version of Google for better, localised search results;
- Search for: golden t hotel +Africa;
- First result – Facebook page of “Golden Tulip Africa”;
- Switch to the photos tab on Google and browse images manually;
- Identify Golden Tulip hotel in Accra, Ghana by spotting the visual clues;
- Corroborate using Google Maps street view – and find the exact same photo 🙂
- Take the GPS coordinates from the Google Maps location and reverse search for latitude / longitude.
Answer: Golden Tulip, 37 Liberation Rd, Accra, Ghana. 5°35’35.5″N 0°10’50.5″W
2b: Quiz 2 - The OSINTDojo puzzle, September 20, 2021
Source: @OSINTDojo
Objective: What city is pictured? What IP address is associated with this camera? What is the ISP for that IP address?
Methodology:
- Spot some obvious visual clues – anybody who was born in Eastern Europe (like yours truly) will have a bias in favour of immediately recognising the architecture (the towers, the red roofs, the blocks of flats, etc) as belonging to a country in that part of the world.
- Reverse search the target image using the Image Search Options extension for Firefox (or a similar browser extension for image reverse search);
- Visit the website appearing in the Google search results;
- Find the webcam feed that visually matches the target image (NOTE: do this during Eastern European daylight hours, UTC/GMT+1 or +2, because you won’t be able to see most of the features of this image in the dark);
- Visit the original website where the image came from;
- Check the website’s domain information using Big Domain Data (or another similar resource that will display the associated IP address);
- Visit IP Info and run the check on the associated IP address found to find the ISP.
Answer: Tallin, Estonia. 217.159.186.253. AS3249 Telia Eesti AS.
3: The 2-minute video
4: The published article
You’re reading it!