Searchlight - IMINT
OSINT challenges in the imagery intelligence category
easy
45 min
To access material, start machines and answer questions login.
Welcome to the Searchlight IMINT room!
In this room we will be exploring the discipline of IMINT/GEOINT, which is short for Image intelligence and geospatial intelligence. This room is suited for those of you who are just beginning your OSINT journey or those brand new to the field of IMINT/GEOINT.
This room will introduce you to several topics within IMINT, among them:
- Getting into the right mindset and how to be analytical
- Visually extracting key data points from an image or video
- Applying different tools to assist you in geolocation and answering context questions
When you have completed this room you should be comfortable applying tools and methodologies to geolocate and answer context questions based on visual intelligence alone. This room will prepare you for harder CTF challenges in this category as well as real-world geolocation work.
Any thoughts, feedback or issues can be forwarded to me directly on the THM or OSINT Curious Discord. You'll find me there as zewen.
The flag format is: sl{flag}. This means that every answer needs to be submitted within the brackets, sl{your answer}. No capitalization is needed.
If you are stuck or you want someone to discuss these challenges with, head on over to the OSINT Curious Discord server. You can also find me on Twitter if you have any questions!
The answer to the question below is: ready.
Your first geolocation challenge!
Let's introduce you to your first tool - your eyes!
Before we can apply a tool or a methodology for finding the location of an image, we should use our eyes to scan the image for important information. Extracting key data points from the image will allow you to apply the right tool, craft a good Google search or identify which part of the world the image might have been taken in.
There are 5 elements of IMINT that you should consider when looking at an image, according to Geoint expert Benjamin Strick:
- Context
- Foreground
- Background
- Map markings
- Trial and error
A geolocation challenge like this lacks one important factor, which is the context or the source of the image. In real-world cases, you usually have a context in which the image was produced or shared, usually called context clues. Most of these challenges will not have context clues but you may find clues in the titles and descriptions, or if you're stuck you can use the hint function.
Here are some questions you should ask yourself while looking at the upcoming challenges:
- Are there any obvious data in the image that reveals the location, like a street name or storefront signs?
- Can you determine the country or region of the image by, for instance, which side of the road they drive on, language or architectural characteristics that may reveal a country or continent/region?
- Do you recognize road sign styles, nature and environmental characteristics, or popular motor vehicle brands or vehicle types?
- What is the quality of any visible infrastructure like? Is the road paved or do you see gravel roads?
- Do you see any unique landmarks, buildings, bridges, statues or mountains that can help you geolocate the image?
Download the attached image and answer the question below - good luck!
The last challenge wasn't really a challenge, was it?
Let me introduce you to your first tool, Google! If you see anything in the image that can be extracted into a keyword, phrase, a company name, telephone number or any other question you may have as a result of scanning the image up and down: GOOGLE IT!
Here is a short introduction to what we call 'dorking', the art of using Google search queries to have Google return specific types of data. The next challenges will require you to do some basic Googling in order to answer the questions. You can also practice dorking by joining the Google Dorking room.
When geolocating a picture finding the exact location is key, but we may need to answer other questions about the location or the image as well, usually referred to as context questions.
The next few challenges will ask multiple questions that you need to answer based on the information you extract from the image.
Which city is the tube station located in?
Which year did this station open?
How many platforms are there in this station?
Good job solving the last challenge! You were able to find the location of the image and by doing that, you could answer contextual questions about the location. This challenge will also require you to do some 'Google dorking' to answer the questions below.
Scan the image for data and remember the questions from the introduction - Do you see anything in the image that can be used in a search query or help you narrow down the potential location?
Which country is this building located in?
Which city is this building located in?
Now that you've started to learn some techniques I figured we could try and do some good while we hone our skills.
A friend of mine contacted me asking if I could help them locate a coffee shop that is supposed to serve the best lunch there is. They told me the coffee shop is somewhere in Scotland, and he sent me these two pictures. Do you think you could locate it and answer the questions below for me?
Which city is this coffee shop located in?
What is their email address?
What is the surname of the owners?
One of the methods for geolocating an image is to do an image reverse search. This means that we are searching for the image itself online, and if the image has been indexed by search engines we may find the exact image or we can do a visual search or crop search to help us find similar images.
Aric Toler from Bellingcat has written a fantastic guide on reversing images, please read it here. OSINT Curious also has a write-up on the topic that you should look through before attempting this challenge.
I recommend adding this extension to ease the workflow for when you find images online that you want to do an image reverse on:
Addon description: "Perform a search by image. Choose between the image search engines Google, Bing, Yandex, TinEye and Baidu."
Chrome: RevEye Reverse Image Search
Firefox: RevEye Reverse Image Search
Remember that changing the crop and the keywords for searching an image may yield completely different results.
What is the name of the Bon Appétit editor that worked 24 hours at this restaurant?
This challenge will require you to apply some the techniques I have touched on so far: Scanning the image for visual clues, reverse image searching and Google dorking. Tools should not be your primary focus - don't underestimate how far you can get with dorking and scrolling search results.
Who took this image?
This challenge is a step up in difficulty from the previous challenges and you shouldn't expect to solve this quickly, especially if you are new to IMINT. While you can certainly apply the techniques and tools you've used to s far, this challenge may force you to revise your thinking and your approach while you're working on solving this challenge.
I highly recommend watching this Ted talk by Amy Herman on visual intelligence: "A lesson on looking" if you want a unique view on how you perceive visual data.
where is this statue located?
What is the name of the building opposite from this statue?
Geolocating videos aren't much different from geolocating images. A video is just a string of images, usually played at 24 frames(or images) per second. In other words, a video will hold a whole lot more images that can be analyzed, reversed and scrutinized by you.
Here's a good writeup by Nixintel on a tool called FFmpeg, which will help you extract the key images from the video that you may need to solve this challenge. Download the attached video and follow Nixintel's guide!
You may have to apply other tools to solve this challenge as well!
Ready to learn Cyber Security? Create your free account today!
TryHackMe provides free online cyber security training to secure jobs & upskill through a fun, interactive learning environment.
Already have an account? Log in