[1.3: TryHackMe Searchlight-IMINT Writeup]

This is the header of this room.

Here is the link to the challenge if you want to try em’ out:

TryHackMe | Searchlight - IMINT

IMINT is imagery intelligence. We will be dealin’ anything visual related(yes, that also included video)

So, let us jump into the writeup/walkthrough

Task 1: Welcome to the Searchlight IMINT room!

Main point:

Basically just run through the basics covered in this room:

[The basics covered in the room]

- Getting into the right mindset and how to be analytical

- Visually extracting key data points from an image or video

- Applying different tools to assist you in geolocation and answering context questions

and you need to send the answer like this: sl{flag}

Communication links for futher exploration:

Twitter(@Zewensec)

Searchlight Discord

Task 2: Your first challenge!

Compared to the Geolocating Images room writeup, this room combines the note part and the question.

This will be quite long writeup compared with Geolocating Images one just preface

Note:

We will use our eye for this task.

There are 5 really important elements that you need to see in an image:

1. Context (hint regarding the production/source of the image)
2. Foreground (the one that really close to you)
3. Background (the surroundings)
4. Map Markings (symbols on a map)
5. Trial and error (just plain luck)

Here are some questions that you need to run through while try to geolocate the image:

• Are there any obvious data in the image that reveals the location, like a street name or storefront signs?
• Can you determine the country or region of the image by, for instance, which side of the road they drive on, language or architectural characteristics that may reveal a country or continent/region?
• Do you recognize road sign styles, nature and environmental characteristics, or popular motor vehicle brands or vehicle types?
• What is the quality of any visible infrastructure like? Is the road paved or do you see gravel roads?
• Do you see any unique landmarks, buildings, bridges, statues or mountains that can help you geolocate the image?

These questions is really familiar train of thought when you play geoguessr :)

If you read my post chronologically, I did cover a room covering really basic stuff on Geoguessing image and I have done a really basic flowchart on how to geoguess an image:

This is the flowchart that I’ve done for the Geolocating Image room. As expected, this is really primitive as far as flowchart for geolocating image goes.

The notes above elaborate more on the “Look for small detail that can identify the location”.

Oh and if you didn’t jump on the geoguessr bandwagon, just go here. It’s fun and well challenging.

Question: What is the name of the street where this image was taken?

the hint for this question

The picture that you’ve download in this task:

As you can see here, the location here is Carnaby Street

Answer: sl{Carnaby Street}

Task 3: Just Google it!

basically we need to google the pic. Since we have experience reverse search the image, we will use that instead.

here is the image give, clearly seen that we are in London underground subway and located at at ly circus station (based on the pic). So, let us see the results using the reverse image search

Result 1: Google. They instantly figured out that the location of this pic is piccadilly circus underground station

Result 2: Bing. They also got the location with the OCR of the text available in the image.

Result 3: Yandex. We given a spoiler for this room and also the location.

Result 4: Bing. They only give the spoiler for this room

So, in this situation Google and Bing outperforms the Tineye and Yandex.

This is kinda expected because the picture is a really famous tourist spot in London

For further references to compare the search engine, you can refer to this tweet here:

The pic is horribly cropped here so to see the pic properly go here: https://twitter.com/i_intelligence/status/1397102419197284356/photo/1

[Both Q1 and Q2 I’ve covered above]

Q1: Which city is the tube station located in?

A1: sl{London}

Q2: Which tube station do these stairs lead to?

A2: sl{piccadilly circus}

[Q3 and Q4 need to be searched on the wikipedia page here: https://en.wikipedia.org/wiki/Piccadilly_Circus_tube_station?oldformat=true]

Q3:Which year did this station open?

There are 2 dates here both in 1906

A3: sl{1906}

Q4: How many platforms are there in this station?

There, we have 4 platforms

A4: sl{4}

Task 4: Keep at it!

Basically the continuation of the previous task.

There are 2 identifier that we can use to google the location of this location: the .ca top level domain indicating that we are in canada and YVR connects which we will google em’

but first, let us try the reverse image search (just an experiment)

Result 1: Google. It dosen’t work

Result 2: Bing. The OCR did not detect the text in the image properly

Result 3: Yandex. The only hint we’ve got here that the pic is an airport (and the spoiler of the room again)

Result 4: TinEye. We only have a stock image website link.

Case in point, we can’t use reverse image search in this case.

We need to google “yvr connects”

As you can see, it shows Vancouver International Airport

[Q1 and Q2 covered above]

Q1: Which building is this photo taken in?

A1: sl{Vancouver International Airport}

Q2: Which country is this building located in?

A2: sl{Canada}

Q3: Which city is this building located in?

available on the wikipedia page here: https://en.wikipedia.org/wiki/Vancouver_International_Airport?oldformat=true

As you can see here, the city is Richmond

A3: sl{Richmond}

Task 5: Coffee and a light lunch

Just again a task to reinforce what we’ve learned before

This is the picture given in the task.

Q1:Which city is this coffee shop located in?

The only hint that searchable here is “the edinburgh woollen mill scotland in the corner”

At this point, you just browse through the Edinburgh Woolen Mill untill you got to this shop. This shop match our profile. Now let us see the cafe.

The name of the cafe is The Wee Coffee Shop. I think the picture is taken in the spot that I’ve highlighted there.

A1: sl{Blairgowrie}

Q2: Which street is this coffee shop located in?

The 360 view is not sufficient for this question so we need to zoom out and see the surroundings of the cafe

As you can see, the answer here is Allan St

A2: sl{Allan Street}

Q3: What is their phone number?

Scrolling down the google card for the cafe, you got the phone number

A3: sl{+447878 839128}

Q4: What is their email address?

This facebook link looks interesting. Let see if we can get the email from there.

As you can see, I can’t access the Facebook page without these annoying log in or register query (the language that you’re seeing here is Malay since Facebook auto translate Facebook to Malay in Malaysia)

Yes, I did try register but there’s some error that disable me to register.

So, I have to google “the wee coffee shop email address” and this is the closest that I’ve got. Granted this is taken verbatim from a writeup but I have to improv here.

A4: sl{theweecoffeeshop@aol.com}

Q5: What is the surname of the owners?

In Facebook, you can’t found the surname.

You need to go here: https://www.barba.org.uk/blairgowrie-and-rattray-businesses/the-wee-coffee-shop

As you can see, the surname is Cochrane

A5: sl{Cochrane}

Task 6: Reverse your thinking

We kinda used this specific way (Reverse image search) in Task 3 and Task 4, so I think we’re familiar with em’ at this point

The resources if you want to read more on the topic:

Guide To Using Reverse Image Search For Investigations - bellingcat

Tips and Tricks on Reverse Image Searches

Oh yea, if you’re first time here there are 2 extension that I think will smoother your process doing reverse image search

1. Fake news debunker by InVID & WeVerify (available on chrome and firefox only)
2. RevEye Reverse Image search extension (available on chrome, firefox and microsoft edge)

I think I will link these 2 articles to get the feel on how to use em:

1. https://datasociety.net/wp-content/uploads/2020/03/How-To-Verify-Online-Census-Media-final.pdf
2. https://citizenevidence.org/2019/12/11/how-to-use-invid-the-swiss-army-knife-of-digital-verification/

Simply after you download the extension, right click and choose what you want.

This is for the Fake news Debunker one. As you can see, there are 2 more search vector added compared to the RevEye one which is Baidu and Reddit

This is for the RevEye. As you can guess, I use this on the previous tasks out of habit.

The pic given in this task:

Look like some sort of restaurant

Q1: Which restaurant was this picture taken at?

The hint for this question

Let us apply the reverse image search in this image:

Result 1: Google. We’ve got the location straight away

Result 2: Bing. Got the location with less detail than Google

Result 3: Yandex. Still got the link to the location not the location itself

Result 4: TinEye. Well, there’s none.

So, besides TinEye all got the location which is Katz’s Deli

A1: sl{katz’s deli}

Q2: What is the name of the Bon Appétit editor that worked 24 hours at this restaurant?

The hint for this question. I kinda ignored the hint for this one.

Simply we search “katz’s deli bon appetit”

We’ve got the answer which is Andrew Knowlton

Here is the link of the top article for reference: https://www.bonappetit.com/story/katzs-deli-24-hours

A2: sl{andrew knowlton}

Task 7: Locate this sculpture

The picture that is given for the task

Q1: What is the name of this statue?

Let us apply the reverse image search used on Task 3, Task 4 and the last Task.

Result 1: Google. We got the name of the sculpture straight away

Result 2: Bing. The search engine can detect web page that have this picture which is a writeup of this room in secjuice (if I scroll down, there are no indicator that the search engine got the location)

Result 3: Yandex. The search engine only queries Tjuvholmen Sculpture Park (I’ve open the link and there are no mention of the scuplture)

Result 4: TinEye. The only result shows here is another writeup for this room. No location in sight.

A1:sl{rudolph the chrome nosed reindeer}

Q2: Who took this image?

The hint for this question.

So, we need to visit the visitoslo website to find the answer (this is a weird sentence, we need to visit the visit website)

Outdoor sculptures in Oslo

Scroll down to a map within the website and find the sculpture

This is the map. As you can see, the name of the photographer is Kjersti Stenstrud

A2: sl{Kjersti Stenstrud}

Task 8: …and justice for all

the room maker attach this for reference:

here is the link: https://www.youtube.com/watch?v=_jHmjs2270A

This video basically highlights the importance of art to enhance our visual intelligence. Everything warrants a second closer look to interrogate the details in that image. We need to be able to communicate what we see(and what we can’t see) properly. Now, the talk as per standard of a TED talk designed to make you start talking about a topic not to learn in depth about content in the talk. This topic warrants a more in depth look on the details (pun intended there) so I decided to watch another video to get better insight on the topic, granted the video is much longer than the TED one.

here is the link: https://www.youtube.com/watch?v=4v_tn4nyjwE

I want you to ask a simple question:

Is it true that people can see the same thing from 2 different side?

Now, if it is in a visually sensitive situation situation like homicide witness and x ray scan, which one of em’ is correct?

The best strategy here is to sharpen your visual perception

The video above walks more in depth on this topic

[The takeaways from the video]
1. Everything deserves a second look. What you see is not true most of the time
for the first time
2. Big picture and small details equally important
3. Lay the groundwork before showing your genius (if you think that the
information is damn obvious, tell that info first because no one can see what you
see)
4. Be creative and resourceful
5. Self-perception is critical to professional growth

the pic given in the task.

Q1: What is the name of the character that the statue depicts?

So, let us try running reverse image search

Result 1: Google. We got the name of this sculpture which is Lady Justice but no location of this pic because this pic is a stock image

Result 2: Bing. The search engine only shows a The verge article with this picture (which means nothing because this one is a stock image)

Result 3: Yandex. The search engine only shows multiple article with this picture (which means nothing because this one is a stock image)

Result 4: TinEye. Just shows mutiple the verge article with this pic.

A1: sl{lady justice}

Q2: where is this statue located?

As we establish earlier, reverse image search not yield a good result.

The hint for this question

For this one, I gathered 3 different location with the claim of being “the birthplace of a nation”

Location 1: Independence Hall, Philadelphia

Location 2: Alexandria, Minnesota

Location 3: Virginia

So, I brute-force search “lady justice <location>” to confirm the sculpture’s location

Result 1: Philly. We do have the hint for this lady’s location but so far no specific location picture tagged here

Result 2:Minnesota. Nothing valuable here

Result 3: Virginia. As you can see here, Albert V. Bryan U.S. Court House is specifically tagged here so the location of this sculpture is in Virginia.

Let us google “ Albert V.Bryan U.S Court House” to see the specific location of this courthouse

The location is Alexandria, Virginia

A2: sl{Alexandria, Virginia}

Q3: What is the name of the building opposite from this statue?

The hint for this question. Basically we need to search hotels/restaurant/cafe around the courthouse.

Open the google map of the courthouse, you will find the answer for this question immediately

So as you can see, our answer here is The Westin Alexandria Old Town

A3: sl{The Westin Alexandria Old Town}

Task 9: The view from my hotel room

Here’s the writeup given by the room creator (this writeup is done by nixintel using tool called FFmpeg):

https://nixintel.info/osint-tools/using-ffmpeg-to-grab-stills-and-audio-for-osint/

Q1:What is the name of the hotel that my friend is staying in?

For this one, I will pause and note the landmarks available in the video since I am genuinely curious if we can do this manually

Landmark 1: A boat port called Riverside Point

Landmark 2: A mall Clarke Quay Central

Landmark 3: This sculpture.

Landmark 4: A bridge close with the riverside point and the hotel orange colored.

So, piecing together this landmarks we got “Riverside point singapore”

Let us google that.

Opening the google map, changing it to satellite view and plugging in the landmarks that we’ve seen before, we can see that the orange hotel here is the hotel that the video taken but usually for a famous hotel, in google maps it will show up the hotel. For now, let us zoom on the hotel first.

The most recent picture of this hotel taken (september 2020) shown that this hotel is under rennovation which meant that this hotel is not operational anymore.

Any premise that is closed forever will not be shown in google maps. We’re screwed.

Let us change the map to the Google earth (since this one is satellite view so we can see the top of the hotel)

We can see the name of the hotel is Novotel

So, linking eveything together we got novotel clark quay singapore as our answer

Just for check, let us check this location in google maps

As you can see, the hotel is closed. Probably due to COVID-19 tho.

A1: sl{Novotel Singapore Clarke Quay}

This is a long writeup so if you’re here, pat yourself in the back. You finished this room :) As always, just message me on twitter (@thisisfinx) if there’s any error here.

Thank you for reading this writeup :)