Searchlight IMINT

Difficulty = Easy

Hola👋 Welcome back. Here is a walkthrough on Searchlight IMINT based on TryHackMe. It covers learning the discipline of IMINT/GEOINT, which stands for Image Intelligence and Geospatial Intelligence.

What is IMINT and GEOINT 🤔 ?

Image Intelligence (IMINT): Involves utilizing publicly available images, photographs, and visual media from open sources to gather intelligence.
Geospatial Intelligence (GEOINT): Involves leveraging publicly available geospatial data, maps, satellite imagery, and other spatial information from open sources to gather intelligence.

Let get started 😆

Task 1: Welcome to the Searchlight IMINT room!

This room introduce us to several topics within IMINT, among them:

Getting into the right mindset and how to be analytical
Visually extracting key data points from an image or video
Applying different tools to assist you in geolocation and answering context questions

The flag format is: sl{flag} - this means that every answer needs to be submitted within the brackets, sl{your answer}. No capitalization is needed.

Q1: Did you understand the flag format?

Answer: sl{ready}

Task 2: Your first challenge

Before we begin answering questions, I would like to bring up some important words mentioned in the room so we can have a better understanding of what we are doing.

Let’s introduce you to your first tool - your eyes!

Before we can apply a tool or a methodology for finding the location of an image, we should use our eyes to scan the image for important information. Extracting key data points from the image will allow you to apply the right tool, craft a good Google search or identify which part of the world the image might have been taken in.

There are 5 elements of IMINT that you should consider when looking at an image, according to Geoint expert Benjamin Strick:

Context
Foreground
Background
Map markings
Trial and error

A geolocation challenge like this lacks one important factor, which is the context or the source of the image. In real-world cases, you usually have a context in which the image was produced or shared, usually called context clues. Most of these challenges will not have context clues but you may find clues in the titles and descriptions, or if you’re stuck you can use the hint function.

Here are some questions you should ask yourself while looking at the upcoming challenges:

Are there any obvious data in the image that reveals the location, like a street name or storefront signs?
Can you determine the country or region of the image by, for instance, which side of the road they drive on, language or architectural characteristics that may reveal a country or continent/region?
Do you recognize road sign styles, nature and environmental characteristics, or popular motor vehicle brands or vehicle types?
What is the quality of any visible infrastructure like? Is the road paved or do you see gravel roads?
Do you see any unique landmarks, buildings, bridges, statues or mountains that can help you geolocate the image?

Download the attached image and let begin

task2

Q1: What is the name of the street where this image was taken?

Using our first tool, which is our eyes, we can see a welcome message on a billboard in the city: Welcome to Carnaby Street.
Answer: sl{Carnaby Street}

Task 3: Just Google it!

We are introduced to our first tool, Google! If you see anything in the image that can be extracted into a keyword, phrase, a company name, telephone number, or any other question you may have as a result of scanning the image up and down: GOOGLE IT!

Let’s start by downloading the given Task.

task3

Q1: Which city is the tube station located in?

By looking at the image carefully, we can identify the building; most of us know this is London 😂.
But let’s research the image to confirm if we are correct. By carefully looking at the image, we can see three words: public subway, circus, and "underground. Let’s research it on Google.
I then used Google maps at street level to make sure I had the exact same one:

map

map 2

I take a lok back in our search result then we can see many results about London

1111111111111111111

Answer: sl{London}

Q2: Which tube station do these stairs lead to?

Taking a look at the Wikipedia page, we found our answer, which is Piccadilly Circus.

Answer: sl{Piccadilly Circus}

Q3: Which year did this station open?

55s

Answer: sl{1906}

Q4: How many platforms are there in this station?

Answer: sl{4}

Task 4: Keep At It!

Downloads the given tasks

task4

Q1: Which building is this photo taken in?

By carefully looking at the image, we found YVR Connect. Let’s make research about it and then we found…

Answer: sl{vancouver international airport}

Q2: Which country is this building located in?

Answer: sl{canada}

Q3: Which city is this building located in?

Looking at the Wikipedia page.
Answer: sl{richmond}

Task 5: Coffee and a light lunch

Download the given task

task5

Q1: Which city is this coffee shop located in?

We are given a hint: Scotland
By carefully looking at the image, we found “Edinburgh Woollen Mill.” Let’s also look it up on Google and found…

looking it on google maps

123

Bingo 😂 we found the coffee shop

142

Answer: sl{blairgowrie}

Q2: Which street is this coffee shop located in?

So after I found the name of the coffee shop, I conducted research on it and was able to obtain the address and street.

food 1

Answer: sl{allan street}

Q3: What is their phone number?

You can see the phone number in the above graphic
Answer: sl{+447878 839128}

Q4: What is their email address?

By clicking on the site, we can find more information about them, and we can see that they have a website.

Inkedfood_LI

So the website led me to the official Facebook page, and there I found their email.

food 4

Answer: sl{theweecoffeeshop@aol.com}

Q5: What is the surname of the owners?

By examining another website, I managed to discover the owner. Or researching who the owner is will definitely provide the answer.

owner

Answer: sl{cochrane}

Task 6: Reverse your thinking

0gFwCSO

Reserve Thinking: This means that we are searching for the image itself online, and if the image has been indexed by search engines we may find the exact image or we can do a visual search or crop search to help us find similar images.
“You can Perform a search by image. Choose between the image search engines Google, Bing, Yandex, TinEye and Baidu.”
Download the given task we have:

task6

Q1: Which restaurant was this picture taken at?

By using Google Image Search, we found many items, and we also discovered the logo of the restaurant.

tes

I made a research on the name and was able to find many things, and I also took a look at the Wikipedia page. And i found the all about the company

tes 3

Answer: sl{katz’s deli}

Q2: What is the name of the Bon Appétit editor that worked 24 hours at this restaurant?

Researching, I found the answer.

tes 4

Answer: sl{andrew knowlton}

Task 7: Locate this sculpture

vDAqWCZ

Now that we have hand on practice of different tool and techniques , let use that knowledge to crack the below challenge questions by using the image provided:

task7

Q1: What is the name of this statue?

By using Google Image Search or other tools, I found a lot of sites about the sculpture.

Inkedtek 7_LI

Checking on that website only provided me with the location of the sculpture, but I didn’t know its name.

111

So what I did next is that I conducted an OSINT search on the motorcycle sculpture in Tjuvholmen, Oslo, and I found a site that provided me with the name. BINGO 😂

222223

222

Answer: sl{rudolph the chrome nosed reindeer}

Q2: Who took this image?

Then, after I found the name of the sculpture, I conducted research on it as well. I found a site that provided me with the name of the individual who took the image.

333

444

Answer: sl{kjersti stensrud}

Task 8: …and justice for all

Continuing our reverse image search, let’s try to figure out the answers to the challenge questions using the provided image.

task8

Q1: What is the name of the character that the statue depicts?

By using Bing image search, I quickly obtained the name of the statue.

Inked111_LI

Answer: sl{lady justice}

Q2: where is this statue located?

Using Bing image search, I needed to identify the name of the building. I continued cropping the image until I found the full name.

222

333

Then BINGO 😂 i found it

4444

Making a research on the name to locate it on Google Maps, then I found it location

ttttt

Answer: sl{alexandria, virginia}

Q3: What is the name of the building opposite from this statue?

Viewing around i found the opposite building 😆

777

Answer: sl{the westin alexandria old town}

Task 9: The view from my hotel room

vQJdwUh (1)

Geolocating videos aren’t much different from geolocating images. A video is just a string of images, usually played at 24 frames(or images) per second. In other words, a video will hold a whole lot more images that can be analyzed, reversed and scrutinized by you.
Q1: What is the name of the hotel that my friend stayed in a few years ago?
I took a look at the downloaded video and found many interesting buildings.

3) vid 1

Making research on the Riverside Point building using Google Image Search, I quickly found it is located in Singapore from the search results.

vid 6

By using Google Maps to verify if I am correct.

vid 10

vid 9

By viewing and examining the street map, I found the hotel where the video was taken. As you can recall from the videos, you can see the pool and the roads.
It is amusing that Google Maps didn’t show the name of the building. I had to conduct research on it again, and then I found the name.

VID 12

Answer: sl{novotel singapore clarke quay}
And we are done! 👋 That’s all, friends. Thank you for reading up to this point. I know it was a long read. I will try to make it shorter next time. I would like to hear your feedback on anything that was not clear here. Here is my Twitter account @T3chnocr4t. Feel free to DM me if you have any issues with my write-up. Thanks!

Go Back Home

T3chnocr4t:~#

Looking 🔭 For Something Hidden....