Welcome to the Searchlight IMINT room!
In this room we will be exploring the discipline of IMINT/GEOINT, which is short for Image intelligence and geospatial intelligence. This room is suited for those of you who are just beginning your OSINT journey or those brand new to the field of IMINT/GEOINT.
This room will introduce you to several topics within IMINT, among them:
- Getting into the right mindset and how to be analytical.
- Visually extracting key data points from an image or video.
- Applying different tools to assist you in geolocation and answering context questions.
When you have completed this room you should be comfortable applying tools and methodologies to geolocate and answer context questions based on visual intelligence alone. This room will prepare you for harder CTF challenges in this category as well as real-world geolocation work.
Any thoughts, feedback or issues can be forwarded to me directly on the THM or Searchlight Discord. You'll find me there as zewen.
The flag format is: sl{flag} - this means that every answer needs to be submitted within the brackets, sl{your answer}. No capitalization is needed.
If you are stuck or you want someone to discuss these challenges with, head on over to the OSINT Curious Discord server. You can also find me on Twitter if you have any questions!
Questions
Task 2: "Your first challenge!"
Q1: What is the name of the street where this image was taken?
With this being an introductory question, the answer is pretty straightforward. The street name is on the sign Carnaby Street.
Task 3: "Just Google It!"
For starters I won't be using reverse image search, because where's the fun in that. Instead I will explain the thought process I had while analyzing the image. With that said, the first thing I noticed was the European architecture of the buildings in the background. Next, I noticed the Circus St... on the sign above the stairway. After doing a Google search with the information gathered Public Subway Underground Circus Station, I was able to obtain the information needed to answer the questions.
Q1: Which city is the tube station located in?
The station is located in London.
Q2: Which tube station do these stairs lead to?
The first result shown after the Google search was a Wiki page for Piccadilly Circus, which lines up with the circus portion of the sign.
Q3: Which year did this station open?
"Piccadilly Circus tube station was opened on 10 March **1906, on the Bakerloo line, and on the Piccadilly line in December of that year." - Wikipedia
Q4: How many platforms are there in this station?
Googling "How many platforms are there in Piccadilly Circus?" returns 4.
Task 4: "Keep at it!"
Right off the bat I see a banner which says "YVR Connects" and "YVR.CA" which leads me to think this building is located in Canada. This is enough intel for me to start doing some research.
Q1: Which building is this photo taken in?
After searching "YVR Connects" on Google, the first result I was presented with was the Vancouver International Airport Wikipedia page.
Q2: Which country is this building located in?
Canada
Q3: Which city is this building located in?
"Vancouver International Airport (IATA: YVR, ICAO: CYVR) is a Transport Canada designated international airport[5] located on Sea Island in **Richmond, British Columbia."
Task 5: "Coffee and a light lunch"
This task requires you to do a bit more searching than the others. After searching the name of the store across the street, "The Edinburgh Wollen Mill" You are presented with numerous results. My approach to near down the choices was by adding "Coffee shops near..." at the start of the initial Edinburgh search. After doing so, a couple coffee shops popped up in the results, but I narrowed my choices down to two coffee shops "The Wee Coffee Shop" and "Courtyard Coffee Shop". I made my final decision by doing a Google Street View for both coffee shop and The Wee Coffee Shop was the right coffee shop. With that I was able to gather the intel needed to answer the questions.
Q1: Which city is this coffee shop located in?
1 Allan St, Blairgowrie PH10 6AB, United Kingdom
Q2: Which street is this coffee shop located in?
1 Allan St, Blairgowrie PH10 6AB, United Kingdom
Q3: What is their phone number?
+447878839128
Q4: What is their email address?
theweecoffeeshop@aol.com (Can be found on their Facebook page which is linked on their businesses Google maps panel.)
Q5: What is the surname of the owners?
Debbie and David Cochrane (Can be found by searching "The Wee Coffee Shop Owners")
Task 6: "Reverse your thinking"
This task will require you to do a reverse image search since there is no text that stands out in the image. The quickest way to do an reverse image search is by dragging and dropping the image into the Google search bar. After doing so you will be presented "Katz's Delicatessen"
Q1: Which restaurant was this picture taken at?
Katz's Deli
Q2: What is the name of the Bon Appétit editor that worked 24 hours at this restaurant?
Andrew Knowlton (Can be found by searching "Katz's Deli Bon Appétit Editor")
Task 7: "Locate this sculpture"
For this task I started off with another reverse image search on Google. After doing so the first link to pop up was 
Q1: What is the name of this statue?
Rudolph the Chrome Nosed Reindeer
Q2: Who took this image?
Kjersti Stensrud
Task 8: "...and justice for all"
Once I opened the image, the first thing that stood out to me was The Verge watermark in the bottom right corner. I made sure to keep the watermark in mind once proceeding to the reverse image search. After doing a RIS I realized that I can't always rely on JUST Google RIS, it gave me results differing from Bing's RIS. On Google the RIS returned the name "Blind Justice Man", Bing returned "Lady Justice". After a bit of scrolling through the related images on Bing my trail went cold. My thought process was to see if I could find any images of the statue from a wider angle to see if I could possibly find the building name. So I decided to transition over to Yandex and do a RIS there, I had better luck there because I found this as a related image 
On Yandex you can search by image fragment, doing this you can crop just the text in the image and search for related images based on that fragment. After searching by fragment, I found this related image.
We can now see the text "T V. Bryan United States Court". I then search, "V. Bryan United States Court" on Yandex since I'm already on the site, and was then presented with the full name of the courthouse and it's location. With that, I gathered enough information to answer the last question.
Now that I had the name of the court I went to Google Maps Street View and got the name of the building opposite of the courthouse.
Q1: What is the name of the character that the statue depicts?
Lady Justice
Q2: Where is this statue located?
Alexandria, Virginia
Q3: What is the name of the building opposite from this statue?
The Westin Alexandria Old Town
Task 9: "The view from my hotel room"
For this task, we are presented with a video to analyze. A couple seconds into the video we can see a building with the sign "Riverside Point". We can pause the video at this frame, screenshot it and do a RIS on this frame.
On Yandex I was presented with this related image, on the bottom left we can see the location of the building.
Now that I know the location of the building, I do a search on Google Maps for "Riverside Point Singapore". Once I've navigated to the location, I head back over to the video to have a look at the angle the Riverside Point building was recorded from. I've marked the location I believe the video was recorded from on the map.
I then confirmed my suspicions by heading into street view to have a look at the building. Google Street View's last update of this building shows it was under construction as of February 2021.
Although, after searching around the building in Street View, if you click on this entrance to the construction site
It actually reveals an older 3D street view from 2018 before the construction. Once I came across the older street view model, I then noticed the name "Tanyoto". I then searched "Tanyoto Singapore Hotel", and was given the result Novotel Clarke Quay - Singapore, 177a Riv Vly Rd. My guess is Tanyoto is the older name of the hotel before it's reconstruction.
Q1: What is the name of the hotel that my friend is staying in?
Novotel Singapore Clarke Quay
Connect With Me 🙂
Top comments (0)