An OSINT Path — In TryHackMe

Photo by Ryoji Iwata on Unsplash

Hello Friends,

I have recently fallen in love, I had NO idea that OSINT could be so fun and exciting. One of the many great features about TryHackMe is their “Paths” area, they would put together a collection of rooms that are related in concept to created a kind of curriculum for students to follow. They have a few of these, like the “Offensive Pentesting” path, “Cyber Defense” path, even a “Jr. Pentester” path, and others.

Surprisingly I didn’t see an “OSINT” path or module, yet when I searched for “OSINT” a few rooms popped up, so out of curiosity I decided to do one, and boy did that take me down a rabbit hole, and before you know it, I’m in my 4th OSINT room craving more!

So in this post, I’m going to break down the rooms that I have found interesting, this will be in 3 sections to help create somewhat of an un-official path if your are interested in going down this amazing rabbit hole of awesome. All the rooms are labeled as “Easy” with the exception of one labeled “Medium” which I will point out. Now please take that with a grain of salt. If I have learned anything from previous CTFs, its that these labels are not set in stone, and are subject to the wonderful creators who make them. But they all are super engaging, and you’ll learn at least one new thing, and you’ll have a blast doing it, especially if you love pretending to be a detective, or a digital Batman of sorts.
Lets do this.

// Section 001 — The Basics.
OhSINT: This was the room that started it all for me, its a very short room, you are simply given a picture, and you are prompted to find information about the person who took that picture. Its great for getting your feet wet.

Google Dorking: This room was very informative, it will help you with searching in general, but dorking will come in handy in future OSINT rooms.

// Section 002 — Honing Skills.
SearchLight: IMINT/GEOINT. This room was a lot more involved then OhSINT. It focuses on Image Intelligence and Geospatial Intelligence. With each task, you are given a new picture, and new questions to answer. You get to do a lot of Reverse Image searching, and you will even have to work with a video on the last task, and learn a couple of new tools (at least they were new for me).

Geolocating Images: This room was very interesting, “SearchLight” focused on you honing Reverse Image searching, this room askes you NOT to use that technique, on many of the tasks. It wants you to instead look at each image, find landmarks, and do some “leg work”. Reason being, sometimes Reverse Image Search may not give you the right answer, so they help you hone the skill of being able to do it manually. It was actually a lot of fun, and I was surprised how much I was able to do by just looking at the details of the images provided.

// Section 003 — The Narratives.
This by far is my FAVORITE kind of rooms, you are basically given a target, and its your job to use OSINT techniques to investigate said target.

WebOSINT: You are given a website that doesn’t exist, or used to exist, and you have to gather intel on the site, as well as the person who used to run the site, as the plot thickens with every new task.

Sakura by OSINT Dojo: A cyber criminal hacked into OSINT Dojo’s site, and left them a note to taunt them. From that note, your investigation goes into full gear, as you track down the digital crumbs to catch this person before they flee the country. Epic action adventure.

KaffeeSec SoMeSINT:
NOTE: Difficulty — Medium.
You are a private eye, and were hired by a mysterious entity to tracked down a suspect. You will be learning a new tool called Spider Foot for this one, and doing some Social Media Intelligence. Feels very noir, and that is cool by me.

// Conclusion
There you go, you can pick and choose which ones you want to do. The path I had taken was “OhSINT > SearchLight > Sakura”. Basically one from each section, but I ended up loving OSINT so much that I went back and worked on the others. once you feel comfortable, then make sure to try and lend your skills to Trace Labs, they rely on OSINT people to help them find missing people, and what a great way to use your newly acquired superpower.

I hope that was helpful.
Go (ethically) Hack The Planet.
[R/F]

--

--

--

Sudanese / Blogger / Pen Tester / Python Charmer / Lover Of Outer Space / Coffee Drinker (https://www.buymeacoffee.com/execodeable)

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Are Computer Cloud Services a Secure Option for Your Business?

DigiCert’s Commitment to Keeping the Public Trust

SourceLess Blockchain: Introducing the New Web

{UPDATE} Super Arcade Racing Hack Free Resources Generator

Checking the status of Windows update with Osquery

Setting Up A Keycloak Server For Authenticating To FileMaker: Part 3: Installing A SSL Certificate

How to design GDPR compliant consent

3 BEST MARITIME CYBERATTACK CONTROL METHODS

Anonymous computer hacker in white mask and hoodie. Obscured dark face using laptop computer for cyber attack

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
[ ryn0f1sh ]

[ ryn0f1sh ]

Sudanese / Blogger / Pen Tester / Python Charmer / Lover Of Outer Space / Coffee Drinker (https://www.buymeacoffee.com/execodeable)

More from Medium

TryHackme: Overpass by NinjaJc01

Plotted-TMS Writeup

Lame | Hack The Box writeup

TryHackMe Writeup —  VulnNet Internal