TryHackMe: Searchlight IMINT

Learn to explore and gather information related to a target using the image intelligence and geospatial intelligence disciplines in OSINT.

In my previous THM OSINT Writeup we had a look on how different open source tools could be used to gather information related to a website even if it does not exist on the internet. We now dive in exploring Image and geospatial intelligence which is another technique that could be used to extract particular information from images and geo locations. The room is availble on THM

Goals , Objectives

The main goal of the challenge is to develop and explore the following:

1. Analytical Mindset.
2. Extracting key data points from images & videos by visually exploring the target.
3. Using Google , Google Maps , Google dorks , Image reversing tools etc.

The challenge objectives are simple i.e. download the images given in each task and answer the questions by utilizing Image and geospatial intellegence

Learning Outcomes

After you complete the room you would be able to

1. Use tools and apply methodologies in order to answer context based questions using geo locations and image intelligence.
2. These challenges will enable you to prepare for CTFs and real world problems related to geo location and image intelligence.

P.S: The methodologies and techniques used in the challenges are simple , you just need to search the right thing in order to unlock the answers. The approach and technique while solving these challenges can differ from individual to individual

Tasks

The Room consists of 8 Challenges , each challenge contains an image that would be our source of investigation. Download each image and answer the questions

Task 1 : Welcome to the Searchlight IMINT room

The format in which you need to submit the answer is sl{Your Answer}. No capitallisation is needed

Task 2 : Your first challenge!

What is the first thing you do when you are presented with an image and asked to find some information?? Yes , you got that right use your eyes. Simply look at the image and try to figure out what tools or techniques could be used to map the key data points. In its simplest form information can be most of the time extracted by using google. Most of the time key facts can be extracted just by searching on the internet

As pointed out by  Geoint expert Benjamin Strick there are 5 elements of IMINT

• Context
• Foreground
• Background
• Map markings
• Trial and error

In the upcoming challeneges you need to develop a strategy that will help you find the your answers more quickly. A general list of question that you need to ask your self regarding an image can be :

1. Is there any data in the image that could possibilty point out to a location i.e. street name , nearest landmark etc ?
2. Can you identify any famous place , sign board , vehicals , infrastructure , statues , environment , landmarks , bridges etc ?

Apart  from this there could be many thoughts that could come in your mind while you investigate your target

Lets start with our first challenge by downloading our first image

Challenge Question : What is the name of the street where this image was taken?

The answer to this question is very simple , just by using our eyes we know which street this image was taken

Task 3 : Just Google it

The questions asked in this challenge are based on geoloaction. Answering these questions make use of simply googling. Lets see if we cant extract some information from the image we need to download

Challenge Question : Which city is the tube station located in?

Focus on the image , we can see the word "CIRCUS STA" on the enterance of the subway. Try using google and we can find a similar image on the google images

Now we know the name of the station , simply google it and you will find out all the relevant information. Navigate to the Wikipedia link which appears to be our first google search link

Search Underground public subway and you will be able to find the same logo in the wikipedia link  that was in the image above. This going to answer your first question in the challenge

Answer : London

Challenge Question : Which tube station do these stairs lead to?

Focus on the underground subway station name i.e "PICCADILLY CIRCUS". This answers our second question

Challenge Questions

Which year did this station open?

How many platforms are there in this station?

Navigate to the previous wikipedia link and you will find the answer to both of these questions

Task 4 : Keep at it!

Using our google search skills lets try to answer the following challenge questions related to the image below

Challenge Questions

1. Which building is this photo taken in?
2. Which country is this building located in?
3. Which city is this building located in?

Focus on words in the image "YVR" and using this keyword find the answer.

Task 5 :  Coffee and a light lunch

One important thing that we conclude from our previous challenges is that , finding the important keywords leads us to uncovering a lot of information related to target under investigation. Lets try to uncover some information related to the image below

Challenge Questions

1. Which city is this coffee shop located in?

2. Which street is this coffee shop located in?

3. What is their phone number?

4. What is their email address?

5. What is the surname of the owners?

Zoom on the image a bit and you will find a shop called "The Edenburgh Woolen Mill". When we google this name , we come to know that there are a lot of branches spread over the country. We need to find one that is in the image. Modify your keyword and search for "The Edenburgh Woolen Mill" street "Corner" , this query will match the exact keyword in our search results.

Now that we know that this particular branch is located in Blairgowrie , we can easily locate the coffee shop that is opposite to this store. Use google maps to find out the coffee shop. Switch to street view on the map for better visualization Once we find the location of this shop we can answer all the questions that are asked.

By looking at the image above , we find our cofee shop name.

Next questions in the queue are all related to the coffee shop , Use google maps , try finding the next relevant information from the facebook page of the coffee shop

Task 6 : Reverse your thinking

Another way to extract information from images is to search the target image on the internet using different tools and google itself.If you are sucessfull in finding the exact image , this will lead to uncovering usefull information related to the target.Reverse image lookup will give you the desired results , as the image might have been indexed by multiple search engines.At times you need to resize/crop the image in order to get an exact match image result on the search engine as using different key words or cropped image can lead to you different results.

In this challenge we are going to utilize the RevEye browser extension that will perfrom a reverse image lookup across multiple search engines.

Challenge Questions:

1. Which restaurant was this picture taken at?
2. What is the name of the Bon Appétit editor that worked 24 hours at this restaurant?

We need to answer above questions by referring to the image below

Lets us install the RevEye Extension to our browser. I am using chrome , so I would download by navigating to the google chrome extensions. After you have installed the extension , it will appear on the top right corner your browser

You can find your answers by uploading the target image on google images.I found the answers solely by using google images , but the same can acheived by using the RevEye tool

Alternately you can also use the RevEye tool by right clicking on the image and searching that image on different search engines. At times you wont be able to find the required information from a particular search engine so it is a good option to cycle through each one of the search engines seperately

The next question requires a google search

Task 7 : Locate this sculpture

Now that we have hand on practice of different tool and techniques , let use that knowledge to crack the below challenge questions by using the image provided

Challenge Questions:

1. What is the name of this statue?
2. Who took this image?

Upload this image in yandex search engine as doing so will yeild you a lot of results

A little google search will tell us that the motor Deer sculpture is in Oslo.Navigating to the link of outside sculptures in Oslo will tell us the name of the sculpture and the image author

Task 8  : ...and justice for all

Continuing are reverse image search , lets try to figure out the answers of the challenge questions using the image provided

Challenge Questions:

1. What is the name of the character that the statue depicts?
2. Where is this statue located?
3. What is the name of the building opposite from this statue?

Upload the image in google images and we are going to find the name of the character that statue depicts

Yandex reverse image search will exactly tell us landmark name.

Google the name of the landmark and you will find the location of the statue

In order to find out the name of the building opposite to The US Courthouse , use google map

Task 9 : The view from my hotel room

The next challenge involves extracting information from a video clip. The challenge is bit difficult as you have to go through the video clip and extract a particular frame in order to get the required result

Here we are going to be utilizing a tool called FFmpeg for extraction of frames from the video provided in the challenge

Challenge Question : What is the name of the hotel that my friend is staying in?

The FFmpeg Tools needs to be installed , Follow this guide and you would be good to go. The guide is provided by Nixintel.

Once you have correctly installed FFmpeg tool , use the following command to extract frames.

Remember there will more than 500 frames that will extract in the selected folder. We need to cycle through it untill we find the image that is our target to be explored.

Lets do a search using the clarke quay central

Clarke Quay Cenral is shopping mall in singapore. The video was made somwhere near this shopping mall, so lets explore the areas surrounding it

Switch to street view and explore the places around.Refer to the video again and you are going to find riverside point and a building structure that look liked the following. So our hotel is near somewhere. We need explore a bit more

If we go to click on the D'Pelangi weddings , we find our hotel. This is the hotel from where the view of the Riverside Point and Clarke Quay Cenral was quite clear as we see in the video

The name of the hotel is novotel singapore clarke quay as we refer back to the video we have the similar street view as seen below

Conclusion

By using Image and Geo Spatial Intelligence we can uncover a lot of information of the target under investigation. Some time all we need is a thorough search on the publically available resources using simply google. The more you practice and think analytically the more you will get comfortable with extracting required information related to the target

I hope you enjoyed the write up!!!

About Me

I am a Network Security Engineer pursuing my Master’s in Information Security and trying to get into a full-time cybersecurity career. You can follow for more write-ups and walkthroughs here.