An OSINT Path — In TryHackMe

Photo by Ryoji Iwata on Unsplash

Hello Friends,

I have recently fallen in love, I had NO idea that OSINT could be so fun and exciting. One of the many great features about TryHackMe is their “Paths” area, they would put together a collection of rooms that are related in concept to created a kind of curriculum for students to follow. They have a few of these, like the “Offensive Pentesting” path, “Cyber Defense” path, even a “Jr. Pentester” path, and others.

Surprisingly I didn’t see an “OSINT” path or module, yet when I searched for “OSINT” a few rooms popped up, so out of curiosity I decided to do one, and boy did that take me down a rabbit hole, and before you know it, I’m in my 4th OSINT room craving more!

So in this post, I’m going to break down the rooms that I have found interesting, this will be in 3 sections to help create somewhat of an un-official path if your are interested in going down this amazing rabbit hole of awesome. All the rooms are labeled as “Easy” with the exception of one labeled “Medium” which I will point out. Now please take that with a grain of salt. If I have learned anything from previous CTFs, its that these labels are not set in stone, and are subject to the wonderful creators who make them. But they all are super engaging, and you’ll learn at least one new thing, and you’ll have a blast doing it, especially if you love pretending to be a detective, or a digital Batman of sorts.
Lets do this.

// Section 001 — The Basics.
OhSINT: This was the room that started it all for me, its a very short room, you are simply given a picture, and you are prompted to find information about the person who took that picture. Its great for getting your feet wet.

Google Dorking: This room was very informative, it will help you with searching in general, but dorking will come in handy in future OSINT rooms.

// Section 002 — Honing Skills.
SearchLight: IMINT/GEOINT. This room was a lot more involved then OhSINT. It focuses on Image Intelligence and Geospatial Intelligence. With each task, you are given a new picture, and new questions to answer. You get to do a lot of Reverse Image searching, and you will even have to work with a video on the last task, and learn a couple of new tools (at least they were new for me).

Geolocating Images: This room was very interesting, “SearchLight” focused on you honing Reverse Image searching, this room askes you NOT to use that technique, on many of the tasks. It wants you to instead look at each image, find landmarks, and do some “leg work”. Reason being, sometimes Reverse Image Search may not give you the right answer, so they help you hone the skill of being able to do it manually. It was actually a lot of fun, and I was surprised how much I was able to do by just looking at the details of the images provided.

// Section 003 — The Narratives.
This by far is my FAVORITE kind of rooms, you are basically given a target, and its your job to use OSINT techniques to investigate said target.

WebOSINT: You are given a website that doesn’t exist, or used to exist, and you have to gather intel on the site, as well as the person who used to run the site, as the plot thickens with every new task.

Sakura by OSINT Dojo: A cyber criminal hacked into OSINT Dojo’s site, and left them a note to taunt them. From that note, your investigation goes into full gear, as you track down the digital crumbs to catch this person before they flee the country. Epic action adventure.

KaffeeSec SoMeSINT:
NOTE: Difficulty — Medium.
You are a private eye, and were hired by a mysterious entity to tracked down a suspect. You will be learning a new tool called Spider Foot for this one, and doing some Social Media Intelligence. Feels very noir, and that is cool by me.

// Conclusion
There you go, you can pick and choose which ones you want to do. The path I had taken was “OhSINT > SearchLight > Sakura”. Basically one from each section, but I ended up loving OSINT so much that I went back and worked on the others. once you feel comfortable, then make sure to try and lend your skills to Trace Labs, they rely on OSINT people to help them find missing people, and what a great way to use your newly acquired superpower.

I hope that was helpful.
Go (ethically) Hack The Planet.
[R/F]