Geolocation with OSINT: My Experience as an OSINT Specialist

Over the weekend, in a bid to further enhance my investigative skills, I participated in a TryHackMe Challenge that involved the use of OSINT to find places. The challenges I encountered in this room involved looking for hotels, coffee shops, courthouses in the U.S., and even an airport.

The tasks seemed to be getting more difficult, with the most difficult being the very last task, and I’d tell you why when the time comes.

Tools I Used

I used a variety of tools for this challenge; some provided good info, others provided a bit, and some were not really useful to my task, but I used them either way. This is something I’d advise you to adopt: an ability to look everywhere. If your mind tells you something, look!

• I used Google Search (The normal way of searching for things)

• Google Dorking: A method of using specific Google keywords to narrow down search results, giving better accuracy.

• Google Reverse Image Search using Google Lens.

• Google Maps

• Google Earth provides more realistic imagery for geospatial searches.

• A Chrome extension called RevEye: This extension aggregates Google Lens, Yandex, Bing search, and TinEye to find similar images with precision.

• Exiftool: A command-line tool used to extract image metadata. It works on Windows, Linux, and Mac.

NOTE: Tasks 1 and 2 were just trivial questions, that’s why I omitted them.

Task 3: Somewhere in the U.K.

I intentionally blurred out the answers because I wanted you to find them yourself. If you are truly stuck, this article, combined with the images I provided, will give you very obvious clues to the answers. I just want you to do some brain work.

The first image directly answers the first two questions, while the second requires several keywords.

Good luck!

Task 4: Airport

The second task was locating an airport, and it was pretty easy because all I had to do was do a reverse image search using Google, arguably the best reverse image search tool out there. Just rinse and repeat the first task, but with more text search than image.

As usual, the first leads to the second and third. It’s just how problem-solving works.

Task 5: Coffee Shop

Here is where the real brain quizzes begin.

I downloaded the said image, entered my downloads folder via PowerShell, and used exiftool to extract relevant details from the image.

So, initially, I used exiftool, but it didn’t help, and I had to look deeper and saw that I needed to zoom my image and extract that text. On second thought, I decided to also try Google Lens again.

On zooming the image, I saw the text: "The Edinburgh Woolen Mill”, I noted that down and moved into Google Lens.

Zoomed image of the building opposite the restaurant this picture was taken. Searching this on Google will return many different locations, which is indicative of the fact that that won’t lead us closer to our goal fast.

Now, on uploading the full picture:

We saw something substantial, a coffee shop, and luckily for us, many others have taken pictures from that same spot, further helping the investigation.

Like every other question before it, the image above answers all the remaining questions presented below: Just take a look to your right, where the shop info is. A bunch of good Google searches will give you what else you are looking for.

Task 6: Nickname?

This particular one was easy and difficult for me. I found it using Google Lens, but the challenge was looking for a nickname, and I didn’t know because I don’t like using the hint feature until I am getting exhausted.

The nickname was just a form of the original name in style, and it is just there, staring you right in the face. This is why OSINT goes beyond the use of tools. Your eye is a potent tool itself, armed in synchrony with the brain’s ability to spot what’s out of the ordinary, it can be used to do great.

Task 7: Weird Robot

Finding a weird Sculpture. This was where I began to use Google Earth, Maps, and other tools because it had gotten tough. I easily found the sculpture’s location, but the person who took the image was a headache to find. It was looking at me closely, but I just needed to spot the ordinary before I could find the name.

How did I find it? I wrote every single name I found in any blog containing the precise image I got from the challenge, and cross-referenced them with the term ‘photography’. One checked, and I tried. It was him, but later on, I realized that his name was even on SERP, hidden in plain sight by Google.

Task 8 Finding Justice

Looking at the sculpture, I was able to determine the name. It’s Lady Justice. Using some refined keywords and a bit of AI’s help, I was able to quickly find the exact building where that statue was located.

You know why it was so? Many courthouses have that exact statue in front of their building, which meant that I had to look beyond the statue, I had to find backgrounds that matched what was in my task, and that was how I was able to pinpoint the exact courthouse I was looking for.

But the real headache was trying to find the actual building in front of the courthouse. I used Google Maps’ 360 scan to look at every building in front of that courthouse, but couldn’t place an exact name.

After some back and forth, I finally found it by cross-referencing every name I saw there with the input parameters TryHackMe gave us.

Task 9: Data from Videos

This particular one was a nightmare for me. It took me hours to find, and even at that, I was still unable to find the answer.

I had to look for an answer online, after an entire day, and then it struck me that the reason I was unable to find the answer was that the answer wasn’t on Google Maps. Well, unless I explicitly search for it, but if I were hoping to find it by simply drawing dots around a perimeter based on my available data, I may never find it.

The hotel has been permanently closed and scrapped. Not all permanently closed buildings get removed like that from Maps, but this one was, which meant that my only hope of finding it on maps was using an archive map, and since Google Maps isn’t an archive map, I couldn’t see it, even when I filtered by Hotels in that area.

There was another reason why I was unable to find it. The exact tool they suggested wasn’t working right, but that was minimal because VLC allowed me to pause and play it at different times in the video, allowing me to clearly have an image-like view of every scene in that video.

I am still going to hide the answer, but provide you with some important details to aid your search.

• Riverside Point by the far right of the hotel.

• Clarke Quay Central is located opposite the far west.

• A marked road (zoom and look around, increase your perimeter to extend beyond the distance between Riverside Point and Quay Central)

• Use Street View to see all available streets.

With these, you can quicken your search!

Ending

I hope this helped you! If you are stuck on any task in this room or any OSINT room at all, reach out in the comments section, let’s collaborate and work it out! Happy OSINTing!

Note: I didn’t name them with what was on TryHackMe, I adopted my names, but the task numbers can be your guide.