├── OSINT Exercise 1
├── OSINT Exercise 001.md
├── ans_pics
│ ├── osint_001_pic1.png
│ ├── osint_001_pic2.png
│ ├── osint_001_pic3.png
│ ├── osint_001_pic4.png
│ ├── osint_001_pic5.png
│ └── osint_001_pic6.png
└── osint_001_task_photo.jpeg
├── OSINT Exercise 10
├── OSINT Exercise 010.md
├── ans_pics
│ ├── DK_Getty_in_Jan_2012.png
│ ├── first_photo_of_DK.png
│ └── second_photo_of_DK.png
└── osint_ex_10_task.webp
├── OSINT Exercise 12
├── OSINT Exercise 012.md
├── ans_pics
│ ├── pic1_website_of_photo.png
│ ├── pic2_match_of_coastline.png
│ ├── pic3_search_query_in_esp.png
│ └── pic4_jan_2017.png
└── osintexercise012.webp
├── OSINT Exercise 14
├── OSINT Exercise 014.md
└── ans_pics
│ ├── Google_earth_view.png
│ ├── camera_corner.png
│ ├── filtered_shops.png
│ └── translation.png
├── OSINT Exercise 15
├── OSINT Exercise 015.md
├── ans_pics
│ ├── Tower_1_coordinates.png
│ ├── pic01_initial_search.png
│ ├── sample_image.webp
│ ├── telescope_at_uni.jpg
│ └── top_view_on_maps.png
└── ex15_task_photo.png
├── OSINT Exercise 16
├── OSINT Exercise 016.md
├── ans_pics
│ ├── ac_10_thunderbolt_more_photos.png
│ ├── article_dated_may_31_2017.png
│ ├── fuller_photo_desc.png
│ ├── image_15.webp
│ ├── may_29_strikes.png
│ ├── may_30-strikes_part2.png
│ ├── may_30_strikes.png
│ ├── pear_land.png
│ ├── photo_album_view.png
│ ├── river_island.png
│ ├── river_island_marker.png
│ ├── stories_button.png
│ ├── task_photo_territory.png
│ └── water_bodies.png
└── osint-exercise-016-big-picture.jpeg
├── OSINT Exercise 17
├── OSINT Exercise 017.md
└── ans_pics
│ ├── article_2_greg_date.png
│ ├── date_published_article_1.png
│ ├── date_published_article_2.png
│ ├── date_published_article_3.png
│ └── greg_date_art3.png
├── OSINT Exercise 19
├── OSINT Exercise 019.md
├── ans_pics
│ ├── ghent_to_sea.png
│ ├── mosque_in_ghent.png
│ ├── nearby_stuff.png
│ └── travel time_liege_to_sea.png
└── osintexercise019.png
├── OSINT Exercise 2
├── OSINT Exercise 002.md
├── ans_pics
│ ├── pic10_focus_apartments.png
│ ├── pic1_fs_platform.jpg
│ ├── pic2_top_view_ge.png
│ ├── pic3_orientation_of_photographer.png
│ ├── pic4_view_of_buildings_at_street_level.png
│ ├── pic4_view_of_buildings_new.png
│ ├── pic5_google_maps_of_3.png
│ ├── pic6_about_art_c_melb.png
│ ├── pic7_eureka_tower.png
│ ├── pic7_missing_blue_building.png
│ ├── pic8_place_to_begin_mandrop.png
│ └── pic9_facade_check.png
└── osint_002_task_photo.png
├── OSINT Exercise 20
├── OSINT Exercise 020.md
└── ans_pics
│ ├── 2 search bars.png
│ ├── captures_on_wb.png
│ ├── congrats_for_finding.png
│ ├── faq_found.png
│ ├── initial_404_msg.png
│ ├── summary_2000.png
│ ├── x_2000.png
│ ├── x_2000_tools.png
│ ├── x_about_us.png
│ ├── x_management_html.png
│ └── x_on_wb.png
├── OSINT Exercise 21
├── OSINT Exercise 021.md
├── ans_pics
│ ├── chocolate with map.png
│ ├── cover_of_choco.png
│ ├── google_map_view.png
│ ├── google_map_view_with_features.png
│ └── matching view as in the bars.png
└── osint-exercise-021-big-picture.png
├── OSINT Exercise 22
├── OSINT Exercise 022.md
├── ans_pics
│ ├── 2023_truck_found.png
│ ├── camera_device_code_ip_address.png
│ ├── camera_live_image_example.png
│ ├── camera_shortlisted.png
│ ├── correct_hino_model.png
│ ├── hino_ranger_results.png
│ ├── mandrop_voew.png
│ ├── one_more_camera_shot_with_the_same_name.png
│ └── second_link.png
├── osintexercise022-a.png
└── osintexercise022-b.png
├── OSINT Exercise 23
├── OSINT Exercise 023.md
├── ans_pics
│ ├── deviantart_info.png
│ └── reformatted_art.png
└── first_snapshot_of_art.png
├── OSINT Exercise 24
├── OSINT Exercise 024.md
├── ans_pics
│ ├── group1_google_search.png
│ └── group2_top_results.png
├── ex24_group1.png
├── ex24_group2.png
└── ex24_group3.png
├── OSINT Exercise 25
├── OSINT Exercise 025.md
├── ans_pics
│ ├── image_2_address.png
│ ├── image_3_subway_link.png
│ ├── image_4_older_article.png
│ ├── image_5_sykes_datatronics_bg.png
│ ├── image_6_pillar_anarchy.png
│ └── image_one_sale.png
└── osint_25_task_photo.png
├── OSINT Exercise 26
├── OSINT Exercise 026.md
├── ans_pics
│ ├── Possible photo of Samarkand.jpg
│ ├── pic01_origin_country.png
│ ├── pic02_halva_trip_advisor.png
│ ├── pic03_samsung_as_portfolio.png
│ ├── pic04_samsung building.png
│ ├── pic05_bus_stop_with_samsung.png
│ ├── pic06_plot_of_places.png
│ ├── pic07_zoom_in_on_train.png
│ ├── pic08_taken_in_car.jpg
│ ├── pic09_samarkand_brownish_hills.jpg
│ ├── pic10_scene_in_summar.jpg
│ ├── pic11_siyab_bridge.jpg
│ ├── pic12_road_crossing_with_traintrack.jpg
│ ├── pic13_distance_travelled.jpg
│ ├── pic14_measured_distance.jpg
│ ├── road crossing across train track.mp4
│ ├── samsung_galaxy_pics.jpg
│ └── tashkent_metro.svg
├── osintexercise026.jpg
└── zip_folder_content
│ ├── IMG_2677.MOV
│ ├── IMG_2747.jpg
│ ├── img_01.jpg
│ ├── img_02.jpg
│ └── img_03.jpg
├── OSINT Exercise 27
├── OSINT Exercise 027.md
├── ans_pics
│ ├── lapel_snapshot.jpg
│ └── lapel_snapshot_clearer.jpg
└── osintexercise027.png
├── OSINT Exercise 28
├── OSINT Exercise 028.md
├── ans_pics
│ ├── hotel_balcony_photo.jpg
│ ├── medal_photo.jpg
│ ├── part_11_hotels_by_the_sea.jpg
│ ├── part_8_distance.jpg
│ ├── part_9_walking_route.jpg
│ ├── part_five_europol_event.jpg
│ ├── part_four_mastadon.jpg
│ ├── part_four_no_result.jpg
│ ├── part_one_device_type.jpg
│ ├── part_seven_geolocating_task_photo.jpg
│ ├── part_six_event_location.jpg
│ ├── part_ten_distance_potential.jpg
│ ├── part_three_twitter.jpg
│ └── part_two_build_name.jpg
└── osint_ex_28.jpg
├── OSINT Exercise 29
├── OSINT Exercise 029.md
├── ans_pics
│ ├── exerpt_one.jpg
│ ├── exerpt_two.jpg
│ ├── osintexercise029_inverted.jpg
│ ├── part_one_book_found.jpg
│ ├── part_three_coach_h_seats.jpg
│ ├── pic_one_potential_candidate.jpg
│ ├── pic_two_train_types.jpg
│ └── zoomed_in_words.jpg
└── osintexercise029.jpg
├── OSINT Exercise 3
├── OSINT Exercise 003.md
├── ans_pics
│ ├── pic1_ge_shows_facade_of_meeting.png
│ └── pic2_final_ans.png
└── osintexercise003.webp
├── OSINT Exercise 30
├── OSINT Exercise 030.md
├── ans_pics
│ ├── 01_youtube_video.jpg
│ ├── 02_map_of_b_camp.jpg
│ ├── 03_all_projects.webp
│ ├── 03_bulengo_areas.jpg
│ ├── 04_bulengo_area.jpg
│ ├── 05_aerial view_bulengo.jpg
│ ├── 06_UN_photo_bulengo.jpg
│ ├── 07_crater_lake_vicinity.jpg
│ ├── 08_vantage_point.jpg
│ ├── 09_camera_pan_comparison.jpg
│ ├── 10_tent_vicinity.jpg
│ ├── 11_tent_placement.jpg
│ ├── 12_tent_polygon.jpg
│ ├── 13_copy_of_un_photo.jpg
│ └── 14_comparison_photo.jpg
├── osint_ex_30.png
└── video_frames
│ ├── frame_0.jpg
│ ├── frame_1.jpg
│ └── frame_2.jpg
├── OSINT Exercise 31
├── OSINT Exercise 031.md
├── ans_pics
│ ├── pic01_giraffe_numbers.jpg
│ ├── pic02_birthdate_01.jpg
│ ├── pic03_birthdate_02.jpg
│ ├── pic04_sitemap.jpg
│ ├── pic05_snapshot_of_section.jpg
│ ├── pic06_news_of_newborn.jpg
│ ├── pic07_wayback_archive.jpg
│ ├── pic08_zooborns.jpg
│ ├── pic09_patches_match.jpg
│ ├── pic10_sitemap.jpg
│ ├── pic11_news_on_giraffe.jpg
│ ├── pic12_news_on_willow.jpg
│ ├── pic13_willow_new_location.jpg
│ ├── pic14_giraffe_herd_DAK.jpg
│ └── pic15_willow_and_jr.png
├── osintexercise031.png
└── right_profile.jpg
├── OSINT Exercise 4
├── OSINT Exercise 004.md
├── ans_pics
│ ├── pic1_google_maps_oan_appearing.png
│ ├── pic2_oan_resort_coordinates.png
│ ├── pic3_google_earth_eye_level.png
│ └── pic4_more_sand.png
└── osint_ex_04_task_photo.jpg
├── OSINT Exercise 5
├── OSINT Exercise 005.md
├── ans_pics
│ ├── SanDiegoZooPolarBearCam.avif
│ └── pic2_polar_bear_enclosure.png
└── osint_ex_5_task_photo.webp
├── OSINT Exercise 6
├── OSINT Exercise 006.md
├── ans_pics
│ └── osintexercise006.jpeg
└── osint_ex_6_pic.webp
├── OSINT Exercise 7
├── OSINT Exercise 007.md
├── ans_pics
│ ├── building_with_wall.png
│ ├── flagpoles_behind_the_structure.png
│ ├── found_the_egyptian_poster.png
│ ├── locating_art_in_gmap.png
│ └── more_pics_with_the_figure.png
└── osint_ex_7_pic.png
├── OSINT Exercise 8
├── OSINT Exercise 008.md
├── ans_pics
│ ├── google_search_of_shen_yun.png
│ ├── image_search_shenyun.png
│ ├── search_result_on_eversion.png
│ └── task_photo_origin.png
└── osint_ex_8_pic.png
├── OSINT Exercise 9
├── OSINT Exercise 009.md
├── ans_pics
│ ├── Potential Street.png
│ ├── Tirana_with_traffic.png
│ ├── highlighted_street.png
│ ├── inspect_page_2023.png
│ ├── red_building.png
│ └── with traffic layer.png
└── osint_ex_9_pic.png
└── README.md
/OSINT Exercise 1/OSINT Exercise 001.md:
--------------------------------------------------------------------------------
1 | # OSINT Exercise 001
2 | [Link to full briefing](https://gralhix.com/list-of-osint-exercises/osint-exercise-001/) of OSINT Exercise 001
3 | Creator of Exercise: Sofia Santos
4 |
5 |
6 | ## Task Goal:
7 | To identify the coordinates of where the photo was taken.
8 |
9 | 
10 |
11 | ### Write up and Thought-Process
12 | **Part 1: Initial Clues**
13 | a. City name mentioned -- Kiffa.
14 | Quick check on [Google Maps](https://www.google.com/maps/place/Kiffa,+Mauritania/@16.6201938,-11.4283135,14z/data=!3m1!4b1!4m6!3m5!1s0xe8b1f14d26e8c71:0x7799d6879ffe8fc4!8m2!3d16.6258353!4d-11.4055282!16zL20vMGIxeGdr?entry=ttu) shows its a city in Mauritiana.
15 |
16 | b. Observations from the photo: shows a road leading out of the city? Why out -- the buildings stop, and its greenery on either side of the road. Handy when looking up roads and matching terrain in google maps.
17 |
18 | c. Road is not looking like a highway. Dust on either side, would probably be a smaller-road, or side road.
19 |
20 | **Part 2: Investigation on Google Maps**
21 | Altered the Google map view to have the satellite (helps with distinguishing the terrain colours) and street view (to drop the pin, and have a view of the surroundings).
22 |
23 | Street view in this city is very limited. There are 3 small areas with a successful photo sphere, the rest of the city's streets aren't captured.
24 |
25 | 
26 | Screenshot of Kiffa with the roads highlighted and 3 blue dots indicating photo spheres (only documented parts of the road).
27 |
28 | Streetviewing these 3 spheres, they're showing that they aren't the accurate coordinates.
29 |
30 | So, to proceed, let's explore the city in Google Earth.
31 |
32 | **Part 3: Investigation on Google Earth**
33 | On Google Earth, after zooming into Kiffa, we can modify the layers like how we did with Google Maps.
34 |
35 | As the photo shows a road, that's paved, and tarred, let's investigate the major roads heading out of the city from above. And also, from Part 1, we know that there's a part of the road with greenery on both sides.
36 |
37 | 
38 |
39 | Attempted a man-drop, but it's only a view from the top. So from the top-view, let's roughly see the area of buildings that are the likely coordinates.
40 |
41 | From the photo, on the right-hand side of the road, there is a building, and some trees right next to it.
42 |
43 | On the left-hand side of the road, a building, and some electrical cable poles. But these things are not very clearly visible in satellite photos. They could be blurry.
44 |
45 | 
46 | Shortlisted road from which photo could've been taken
47 |
48 |
49 | One good way to test/confirm their presence is if they emit shadows. For that area, we can try to toggle the timing of the satellite photography with the timeline bar at the top. After toggling to the past (suggested date: 11/2010, and 1/2017) those are visible.
50 |
51 | 
52 | Snapshot from the past (Nov 2010)
53 |
54 | 
55 | Snapshot from the future (Jan 2017)
56 |
57 |
58 | The rough area of the road has been narrowed down. Therefore, a suggested coordinate might be:
59 | 16°36'34.10"N, 11°23'51.99"W. (OSINT SS Ex 1 Placemark)
60 |
61 |
62 | 
63 | Estimated coordinates with placemark in Google Earth
64 |
65 | Pushing the placemark a little more to the left of the road, as that's roughly where the camera person stood.
66 |
67 | ### Credits:
68 | Full credits to Sofia Santos for putting together this exercise
69 |
70 |
71 |
72 |
73 |
74 |
75 |
76 |
77 |
78 |
79 |
80 |
81 |
82 |
83 |
84 |
85 |
--------------------------------------------------------------------------------
/OSINT Exercise 1/ans_pics/osint_001_pic1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 1/ans_pics/osint_001_pic1.png
--------------------------------------------------------------------------------
/OSINT Exercise 1/ans_pics/osint_001_pic2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 1/ans_pics/osint_001_pic2.png
--------------------------------------------------------------------------------
/OSINT Exercise 1/ans_pics/osint_001_pic3.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 1/ans_pics/osint_001_pic3.png
--------------------------------------------------------------------------------
/OSINT Exercise 1/ans_pics/osint_001_pic4.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 1/ans_pics/osint_001_pic4.png
--------------------------------------------------------------------------------
/OSINT Exercise 1/ans_pics/osint_001_pic5.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 1/ans_pics/osint_001_pic5.png
--------------------------------------------------------------------------------
/OSINT Exercise 1/ans_pics/osint_001_pic6.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 1/ans_pics/osint_001_pic6.png
--------------------------------------------------------------------------------
/OSINT Exercise 1/osint_001_task_photo.jpeg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 1/osint_001_task_photo.jpeg
--------------------------------------------------------------------------------
/OSINT Exercise 10/OSINT Exercise 010.md:
--------------------------------------------------------------------------------
1 | # OSINT Exercise 010
2 | [Link to full briefing](https://gralhix.com/list-of-osint-exercises/osint-exercise-010/) of OSINT Exercise 010
3 | Creator of Exercise: Sofia Santos
4 |
5 | ## Task Goals
6 | A Twitter user shared three photos of an event.
7 |
8 | Find the following details about the photos:
9 | I) Which event is being celebrated in the photos?
10 | II) Which two photos were taken by the same person?
11 | III) The two photos mentioned above were taken in the same city. The photographer was previously in a different city. Find out the name of that city.
12 |
13 | 
14 |
15 | ### Write up and Thought-Process
16 |
17 | **Part 1: Photograph location and creator**
18 | After attempting a rough image reverse upload of the screenshot with the tweet, a couple of results came together. One that explained a little more was at this [link](https://tripfreakz.com/offthebeatenpath/voodoo-festival-in-benin). This gives a hint that these are pictures from a Voodoo Festival in Benin, and a little write-up of how it came to be. The write-up also mentions that an important city for voodoo practitioners is Ouidah, Benin. There's a chance the photos in the Twitter post could come from there or not, as the article also mentions other countries this is practiced in. From the photo gallery attached to the post, the 1st and the 20th photo from the gallery match the ones published in the Twitter post.
19 |
20 | So it could be roughly confirmed that this is a celebration of a Voodoo festival in Benin. Let's try to find another search result from the image look-up, to confirm this.
21 |
22 | One other handy result, was this one from [GettyImages](https://www.gettyimages.it/immagine/voodoo-festival-celebrated-in-benin). This is a further confirmation that the festival took place in Benin, specifically, in a city called Ouidah. So chances are, this photographer, has indeed been to Ouidah, Benin, to capture this [photo](https://www.gettyimages.it/detail/fotografie-di-cronaca/zangbetto-performs-during-a-voodoo-ceremony-on-fotografie-di-cronaca/146328923?adppopup=true).
23 |
24 | 
25 |
26 | We've found that photographer, Dan Kitwood, took and uploaded the above photo. He's also the owner of this [photo](https://www.gettyimages.it/detail/fotografie-di-cronaca/egungun-spirits-stand-during-a-voodoo-ceremony-fotografie-di-cronaca/146313088?adppopup=true).
27 |
28 | 
29 |
30 |
31 | **Part 2: Where had the photographer gone before Ouidah, Benin?**
32 | For the final task, to find out where the photographer was, it would be useful to see if he publishes more details about where he visits as he travels.
33 |
34 | The first approach was to look up in his collection of Getty Images. After doing a custom search of 31st Dec 2011 to 31st Jan 2012, some images that come together from this are some photos he took in Contonou.
35 |
36 | Intriguingly, when looking across his photos of Cotonou, between these two in his portfolio, we see a jump in dates. The one on the left was created on 13th Jan 2012, and the one on the right was on 6th Jan 2012.
37 |
38 | 
39 |
40 | Given that his write-up of his Voodoo pictures from above mention that he captured them on Jan 9th, and Jan 10th respectively, there's a feasible chance, the photographer was in Cotonou before going to Ouidah.
41 |
42 | Therefore, the solutions to the tasks are:
43 | I) Voodoo Festival in Ouidah, Benin
44 | II) Photos were the one on the left side and the bottom right
45 | III) Based in Cotonou before coming to Ouidah
46 |
47 | ### Credits:
48 | Full credits to Sofia Santos for putting together this exercise.
--------------------------------------------------------------------------------
/OSINT Exercise 10/ans_pics/DK_Getty_in_Jan_2012.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 10/ans_pics/DK_Getty_in_Jan_2012.png
--------------------------------------------------------------------------------
/OSINT Exercise 10/ans_pics/first_photo_of_DK.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 10/ans_pics/first_photo_of_DK.png
--------------------------------------------------------------------------------
/OSINT Exercise 10/ans_pics/second_photo_of_DK.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 10/ans_pics/second_photo_of_DK.png
--------------------------------------------------------------------------------
/OSINT Exercise 10/osint_ex_10_task.webp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 10/osint_ex_10_task.webp
--------------------------------------------------------------------------------
/OSINT Exercise 12/OSINT Exercise 012.md:
--------------------------------------------------------------------------------
1 | # OSINT Exercise 012
2 | [Link to full briefing](https://gralhix.com/list-of-osint-exercises/osint-exercise-012/) of OSINT Exercise 012
3 | Creator of Exercise: Sofia Santos
4 |
5 | ## Task Goals
6 | The screenshot below shows satellite imagery from a coastal area. Each red pixel represents a 30 metre centre point containing a thermal anomaly. The data is from January.
7 |
8 | Find out the following:
9 | I) To identify the website that made the task photo
10 | II) Which country is the task photo of
11 | III) The screenshot shows a photo of a specific date. When was it captured?
12 |
13 |
14 | 
15 |
16 |
17 | ### Write up and Thought-Process
18 |
19 | **Part 1: Initial Thoughts about Task photo**
20 | With regard to website, there is a certain stylised way the zoom buttons, the length markers and the various action icons of the photo are of the photo. So that's something specific to look at.
21 |
22 | That fact that a coastline is present tells us, that the country cannot be landlocked.
23 |
24 | Next, of the area itself: there is a coastline, and inwards that, loads of greenery. Potentially a forest? And most of these thermal hotspots are scattered in the greenery portion of the photo. Assuming the greenery indicates forests, is this an image of a forest fire?
25 |
26 | Finally, considering that the data came from January, then it might be forest-fire season in an area that is experiencing high temperatures/low rainfall. Could it potentially be the Southern Hemisphere?
27 |
28 | So the first to consider, is the website this image is from.
29 |
30 | **Part 2: What website does the photo belong to?**
31 |
32 | Perhaps, instead of a image reversal search, let's consider what initiatives monitor data like this. It could be along the lines of a hotspot weather watching initiative. With those ideas first, let's attempt a google search.
33 |
34 | One potential query to try was: "websites that monitor thermal anomaly around the world", and here was its [result](https://tinyurl.com/3dk9tyhy).
35 |
36 | And let's explore the first result, the one of NASA's FIRMS. And interestingly, this looks very similar to our task photo, in terms of the User experience, and map toggle buttons!
37 |
38 | 
39 |
40 | Therefore, that's the first part solved: the website is [FIRMS](https://firms.modaps.eosdis.nasa.gov/map/#d:24hrs;@0.0,0.0,3.0z) - Fire Information for Resource Management System.
41 |
42 | **Part 3: Trying to identify the country**
43 | With the timeline button, there's a possibility to see fires that happened in January. However, it is worth considering that the photograph showed one coastline area, at one time, in one day of January.
44 |
45 | But one good thing, in the FIRMS UX, is that, it is not possible to rotate the map. At best, one can zoom in and zoom out. Therefore, a good chance that the zoomed in picture, at 10km-10 miles, is of a coastal place with the sea in the North-Western-ly direction. (Unless, there is a way to rotate the view, and I hadn't found it). One nice thing to note are the two small snowspots also, in our task photo.
46 |
47 | So, before checking the coastline of all the countries in the world that have water in the NW direction, let's first see if this coastline can be found anywhere on the internet first.
48 |
49 | **Part 4: Narrowing the country of thermal activity**
50 | By Image Reversal of the task photo, here is one [candidate](https://southamericawineguide.com/bio-bio-and-itata-fires-2023-information-and-how-to-help/) and it mentions Chile.
51 |
52 | Chile is a potential country as it has the water by its NW-direction, and it's a Southern Hemisphere country. By navigating along the Chilean coastline, in this case, going north, helps us find, that coastline with the 2 snow spots. And the coastline shape matches the task photo's.
53 |
54 | 
55 |
56 | As per the cursor on the FIRMS webpage, the rough coordinates of those snowspots are Lat: -35.425° and Lon: -72.429°. That roughly translates to being in Chile.
57 |
58 | **Part 5: Narrowing the date of thermal activity**
59 | When toggling across the dates in FIRMS, it's becoming clear that Jan 2023, didn't have this massive fire in Chile. But looking back at the task qn, it's some January, but not in the recent years. There's a chance it can be historical data, and that's recorded here in the app.
60 |
61 | Therefore, one thing to do was to see the firemap across the entire of Jan, in that Chilean portion of the coastline, and see how the fires have been for a month.
62 |
63 | In the FIRMS website, I chose the setting in the dates to include 31 days of data from the date I was toggled at. So, to get the whole January data, one idea is to choose cut-off date of Feb 1st, of the current year, and set the number of days to be 31, so that 31 days leading up to Feb 1st, the fire data will get plotted. With 31 days of data plotted, the next is to check through each past year, and see how the plot changes.
64 |
65 | And in that manner, one potential year was 2017.
66 | 
67 |
68 | As the aggregated fire data in Jan of all previous years were not as intense, 2017 was a potential candidate.
69 |
70 | And so, the best thing might be to look up forest fires in the Chilean domain, or in the local language (like OSINT exercise 007). Taking the idea from the walkthrough, this was a rough search result to use:
71 |
72 | 
73 |
74 | Combining this query and 2017, more narrowed results will appear. Amongst them, the [wikipedia page](https://es.wikipedia.org/wiki/Incendios_forestales_en_Chile_de_2017) has been useful, with the daily report section. That gives a range of Jan 15th - Jan 30th 2017.
75 |
76 | When toggling back in FIRMS, with the day interval set to 1 Day, and cut off date at Jan 30th, and working backwards, the task photo's spread of the forest fire points matches that of [Jan 26th's](https://firms.modaps.eosdis.nasa.gov/map/#d:2017-01-26;@-72.12,-35.52,9.81z)
77 |
78 | Therefore: the solutions to the task are:
79 | I) The photo coming from the FIRMS website - https://firms.modaps.eosdis.nasa.gov/
80 | II) The satellite photo is of Chile
81 | III) The date of the captured data being Jan 26, 2017
82 |
83 | ### Credits:
84 | Full credits to Sofia Santos for putting together this exercise.
85 |
--------------------------------------------------------------------------------
/OSINT Exercise 12/ans_pics/pic1_website_of_photo.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 12/ans_pics/pic1_website_of_photo.png
--------------------------------------------------------------------------------
/OSINT Exercise 12/ans_pics/pic2_match_of_coastline.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 12/ans_pics/pic2_match_of_coastline.png
--------------------------------------------------------------------------------
/OSINT Exercise 12/ans_pics/pic3_search_query_in_esp.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 12/ans_pics/pic3_search_query_in_esp.png
--------------------------------------------------------------------------------
/OSINT Exercise 12/ans_pics/pic4_jan_2017.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 12/ans_pics/pic4_jan_2017.png
--------------------------------------------------------------------------------
/OSINT Exercise 12/osintexercise012.webp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 12/osintexercise012.webp
--------------------------------------------------------------------------------
/OSINT Exercise 14/OSINT Exercise 014.md:
--------------------------------------------------------------------------------
1 | # OSINT Exercise 014
2 | [Link to full briefing](https://gralhix.com/list-of-osint-exercises/osint-exercise-014/) of OSINT Exercise 014
3 | Creator of Exercise: Sofia Santos
4 |
5 | ## Task Goals
6 | The video below was recorded during an earthquake.
7 | Find out the following:
8 | I) What was the magnitude of the earthquake?
9 | II) What are the coordinates of where the camera was likely located in order to record this scene?
10 |
11 | [](https://www.youtube.com/watch?v=myTG1LpMN7g)
12 |
13 |
14 | ### Write up and Thought-Process
15 |
16 | **Part 1: Initial Thoughts about Task photo**
17 | Some clues are in the thumbnail photo above, of the video. 24th Sept, 2016. Video was recorded from 02:18am to 02:20am in the local time. Caption below on the right hand corner specifies Terminal 3? Some camera from the airport or transport hub?
18 |
19 | No particular feature of the roads, buildings or landmarks indicate any particular country at this time.
20 |
21 | First thing to do is to confirm where the location of the video.
22 |
23 |
24 | **Part 2: Narrowing the city/country this took place in**
25 | Attempting a google search of [earthquakes in Sept 2016](https://tinyurl.com/y2k2twjf) gives a number of reports of the various countries quakes had struck at.
26 |
27 | Amongst the result, one potential candidate is a quake that occurred in [Romania](https://www.volcanodiscovery.com/earthquakes/quake-info/1422939/mag5quake-Sep-23-2016-Romania.html). The quake's recorded time is close to the one reflected in the video. Potential chance that the video recorded an aftershock. Furthermore, the link also elaborates that the quake was felt in nearby countries like [Chișinău, Moldova](https://www.volcanodiscovery.com/earthquakes/quake-info/1422939/mag5quake-Sep-23-2016-Romania.html#:~:text=Quakes%20in%20Romania-,NEARBY%20PLACES,-The%20closest%20larger).
28 |
29 | To check it further, under the "Videos" tab, there is a [video link](https://www.youtube.com/watch?v=lvGpouFqmJ0), that's the original uploader, who shared the exact same video under a different link, and at the same date as the Romanian earthquake, and the video's time frame. Its description mentions Chișinău.
30 |
31 | Given that the earthquake originally happened in Romania, and after vetting through a number of search results, the earthquake quoted to be at a 5.3-5.7 magnitude on the Ritcher Scale. The Moldovan Press described it as a [5.8](https://www.moldpres.md/en/news/2016/09/24/16007583).
32 |
33 |
34 | **Part 3: Coordinates of the camera that captured the video**
35 | So, it's confirmed that the video was from Chișinău, MDA. And the original video also has a location called "Terminal 3". Being the capital of Moldova, the first place to investigate would be its airport. But its understood that there is only [one single terminal](https://www.cestee.com/airport/chisinau-rmo/terminal) in their RMO airport. That means that "Terminal 3", might not be an actual place.
36 |
37 | So it's better to look at the thumbnail for more clues. There's a main road, 3-lane into and outside of the area. The foreground shows a parking square with flags in front of it. Plus, there's a white building in the background. And a very brightly lit building on the left side of the video.
38 |
39 | That can be one clue: what building is very brightly lit at 2am in the morning? That's a high electricity bill. And that building is only 1 storey high. Is it a showcase type building? Car Showcase perhaps?
40 |
41 | Similar to the Ex 12, let's find the Romanian version for the phrase:
42 |
43 | 
44 |
45 | And insert that into Chișinău's view in Google Maps:
46 |
47 | 
48 |
49 | And investigate this further, we can pay attention again to the video thumbnail. It's a large road with 6 lanes total. It curves against the brightly lit car shop. So with that road curve in mind, let's narrow a shop down in Google Maps.
50 |
51 | After a lot of zoom-ins and cross-checking against the solution video, the car dealership was this [one](https://g.co/kgs/ezRK58t).
52 |
53 | And from this location, the next thing to do is to find the camera's coordinates.
54 |
55 | **Part 4: Camera Coordinates**
56 | The video's thumbnail shows a few more details that would be good to explore in Google Earth instead. There's a car park, and a couple of flag poles. From the earlier OSINT Ex 3, those tend to get captured well enough to find a good estimate of a coordinate.
57 |
58 | After inserting the address of the car dealship shop, and rotating the view on Google earth, a rough picture of the vicinity can be narrowed down.
59 |
60 | 
61 |
62 | In addition, the facade of the L-shaped building also looks similar to the one in the video. It would make sense that the camera was sitting in one of the higher floors of the square-ish building in the foreground.
63 |
64 | In Maps, that building is called the V Continental Business Centre. Given how much of the L-building is captured, it would be in the top left hand corner of the building. That's roughly here as per Maps.
65 |
66 | 
67 |
68 | As per that, the rough camera coordinates would be: 47.017475, 28.852795.
69 |
70 | Therefore, the solutions to the questions would be:
71 | 1. At a 5.8 magnitude (quoting the country's press agency's link).
72 | 2. Coordinates of the Camera: 47.017475, 28.852795.
73 |
74 | ### Credits:
75 | Full credits to Sofia Santos for putting together this exercise.
--------------------------------------------------------------------------------
/OSINT Exercise 14/ans_pics/Google_earth_view.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 14/ans_pics/Google_earth_view.png
--------------------------------------------------------------------------------
/OSINT Exercise 14/ans_pics/camera_corner.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 14/ans_pics/camera_corner.png
--------------------------------------------------------------------------------
/OSINT Exercise 14/ans_pics/filtered_shops.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 14/ans_pics/filtered_shops.png
--------------------------------------------------------------------------------
/OSINT Exercise 14/ans_pics/translation.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 14/ans_pics/translation.png
--------------------------------------------------------------------------------
/OSINT Exercise 15/OSINT Exercise 015.md:
--------------------------------------------------------------------------------
1 | # OSINT Exercise 015
2 | [Link to full briefing](https://gralhix.com/list-of-osint-exercises/osint-exercise-015/) of OSINT Exercise 015
3 | Creator of Exercise: Sofia Santos
4 |
5 | ## Task Goals
6 | The image below is a screenshot taken from a CIA declassified document.
7 | It depicts a caption report of an undisclosed photo taken by an agent. The text mentions a telescope “being assembled at factory“.
8 |
9 | Find out the following:
10 | I) A photo that matches the description on the caption report.
11 | II) The exact location of where the telescope was placed once completed.
12 |
13 | 
14 |
15 | ### Write up and Thought-Process
16 |
17 | **Part 1: Initial Thoughts about Task photo**
18 | Starting first to make out what fields are written here clearly:
19 | Geographic Coordinates: 52 31 N, 13 34 E
20 | Country: Germany
21 | Province: Berlin
22 |
23 | Title: Telescope, built at the (H/A)skania factory for the University of Bonn. (Being assembled at the factory). The field is 20 times the size of the Mount Palomar. Telescope; Camera is 20 feet; weight 3 tons. Starts of the 23rd Size can be seen.
24 |
25 | Date of Picture: Jan 18, 1953
26 |
27 | CIA's Approved for release: 1999/09/20
28 |
29 | There is not much of a context to be deciphered as of yet, except for the fact that it's about a telescope, its specifications and its abilities. Looking at the date of the photograph, it might be a vintage photo, or something in the archive of city records? Or of the university itself?
30 |
31 | Even though it is a photo that was green-flagged for release to the public, it might only be published by specific sites relating to CIA archives or something to that effect to get its fully history and details.
32 |
33 | **Part 2: Finding a photo to match the description**
34 | After an initial search of this in Google:
35 |
36 | 
37 |
38 | It's clear that this telescope is a big deal. A few sources quote that manufacturing the telescope is a huge step post-war, and it's meant for advancing the astro-sciences. Amongst the results, of a few, is this [eBay link](https://www.ebay.com/itm/375475001451). When looking at both the front and the back of the photo, we can see the actual photo and the date it was made at the back: 18th Jan 1953.
39 |
40 | Furthermore, the write-up in the back, also matches the title from the CIA report card of the photo, mentions the factory name (Askania), Mount Palomar, and similar magnifying effects of the telescope.
41 |
42 | Therefore, this could count as a fitting photo for the caption report.
43 |
44 |
45 | **Part 3: Location of telescope after manufacturing**
46 | So, from the CIA card of the photo, there are some things to recap about the telescope:
47 |
48 | Weight is 3 tons
49 | It's camera is 20 feet (long?)
50 | Meant for Bonn University
51 |
52 | One site that comes up, when attempting the google search of "Askania factory telescope university of bonn 1953" is the [Portal to the Heritage of Astronomy](https://web.astronomicalheritage.net/index.php/show-entity?identity=114&idsubentity=1). That sounds like a suitable place to know about the historical equipment that was used in certain observatories.
53 |
54 | And interestingly, University of Bonn is also listed there.
55 |
56 | The website features photos and illustrations dating back to the 1830s, and it can serve to understand the timeline of what has been happening in the University for the Astro department at this time.
57 |
58 | In our case, a telescope from a factory in Berlin, is coming to Bonn University, in 1953. As of Jan 18th 1953, it was recorded to have been under assembly. Therefore, its completion and delivery can come after that. Therefore, when browsing in the website, there's a section of [Modern Instruments since the 1950s](https://web.astronomicalheritage.net/index.php/show-entity?identity=114&idsubentity=1#:~:text=Modern%20Instruments%20since%20the%201950s%20%2D%2D%20Hoher%20List%20Observatory) and interestingly, the 2nd equipment listed is "34/50cm Schmidt Telescope, Askania of Berlin, 1954". When crosschecking the archival photo with what we've seen previously, we can see some similarities in the stature of both telescopes.
59 |
60 |
61 | |From Part 2's eBay link|From Astro Heritage link|
62 | |:-:|:-:|
63 | |||
64 |
65 | When revisiting the Astro Heritage link, it mentions that the telescope is placed at the Hoher List, Tower 1. When finding the term "Hoher", we can see the website mentions it earlier, that it is an observatory to which the telescope is based at. Therefore, chances are, the telescope, after manufacturing, would've gone to the Hoher List Observatory, Tower 1.
66 |
67 | The next is to find its proper coordinates.
68 |
69 | **Part 4: Telescope's Coordinates**
70 | It's narrowed down to Tower 1 of the Hoher List Observatory. The same website has listed that Observatory's coordinates at: "Lat. 50° 09′ 42″ N, long. 6° 50′ 55″ W, elevation 549m above mean sea level." This will mean that Tower 1 is near that area.
71 |
72 | One thing to also note is that the Hoher-List observatory was closed, but its history has been recorded elsewhere. Another [website](https://www.hoher-list.de/en/historie/) also confirms its history. When investigating the website further, under its "Instruments" section, we can see a [labelled photo](https://www.hoher-list.de/en/instrumentarium/) of the observatory! And to double confirm, Turm is the german word for "Tower"! Now we know, which is Tower 1.
73 |
74 | 
75 |
76 | Comparing this top view from Maps, vs the labelled picture in the instruments section of the website, we can see that Tower 1 is the first circular dome from the left.
77 |
78 | 
79 |
80 | And therefore, its respective coordinates are: 50.1618227350251, 6.84829822860176.
81 |
82 |
83 | ### Credits:
84 | Full credits to Sofia Santos for putting together this exercise.
--------------------------------------------------------------------------------
/OSINT Exercise 15/ans_pics/Tower_1_coordinates.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 15/ans_pics/Tower_1_coordinates.png
--------------------------------------------------------------------------------
/OSINT Exercise 15/ans_pics/pic01_initial_search.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 15/ans_pics/pic01_initial_search.png
--------------------------------------------------------------------------------
/OSINT Exercise 15/ans_pics/sample_image.webp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 15/ans_pics/sample_image.webp
--------------------------------------------------------------------------------
/OSINT Exercise 15/ans_pics/telescope_at_uni.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 15/ans_pics/telescope_at_uni.jpg
--------------------------------------------------------------------------------
/OSINT Exercise 15/ans_pics/top_view_on_maps.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 15/ans_pics/top_view_on_maps.png
--------------------------------------------------------------------------------
/OSINT Exercise 15/ex15_task_photo.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 15/ex15_task_photo.png
--------------------------------------------------------------------------------
/OSINT Exercise 16/OSINT Exercise 016.md:
--------------------------------------------------------------------------------
1 | # OSINT Exercise 016
2 | [Link to full briefing](https://gralhix.com/list-of-osint-exercises/osint-exercise-016/) of OSINT Exercise 016
3 | Creator of Exercise: Sofia Santos
4 |
5 | ## Task Goal
6 | On November 25, 2020, a Twitter user shared the photo below. It depicted a military aircraft flying over an “undisclosed location”.
7 | The task is to disclose that location.
8 |
9 | 
10 |
11 | ### Write up and Thought-Process
12 |
13 | **Part 1: Initial Thoughts about Task photo**
14 | Just re-iterating here the properties of the photo:
15 | Published on Nov 25, 2020
16 | 5:08AM was the supposed time of upload -- Mind, this is the upload time in the viewer's timezone, not the original poster's.
17 | Caption says: An Air Force A-10 Thunderbolt II flies in an undisclosed location after receiving fuel from a KC-10 Extender. Air Force "camera emoji" by Staff Sgt. Michael Battles
18 |
19 | **Part 2: Piecing together some first thoughts**
20 |
21 | So, it's probably speaking about an Air-Force mission after it was over. Given that it was written in English, it might need to be some Anglo country's Air Force.
22 |
23 | The upload time, is quoted to be early morning. For this, I'll rule out any EU or African countries, because it's highly unlikely that missions will get spoken about that early in the morning. It might only happen in the evening times, or EOD after missions.
24 |
25 | With those 2 clues, chances are this is a photo "post-mission" potentially from US or Canada.
26 |
27 | Googling the "A-10 Thunderbolt II", one [potential link](https://www.af.mil/About-Us/Fact-Sheets/Display/Article/104490/a-10c-thunderbolt-ii/) that came in is from the US Air Force. This is a brief link to the history of the aircraft, and its features. To take note: it says "Close air support for ground forces" and "can be used against ... ground targets, including tanks and other armoured vehicles". What this shows is that the Thunderbolt II can conduct airstrikes.
28 |
29 | So the first to be confirmed is that, it's an striker aircraft of the US Air Force, and that tweet would've been published at the EOD once it was over.
30 |
31 | **Part 3: Finding what a KC-10 Extender means**
32 | Once again, the same website, also helps give us some details about the other thing mentioned in the tweet -- the ["KC-10 Extender"](https://www.af.mil/About-Us/Fact-Sheets/Display/Article/104520/kc-10-extender/). The main point here is that, the KC-10 helps out in aerial refuelling of other Air Force aircrafts.
33 |
34 | So the fuller story of the tweet could be:
35 | The Thunderbolt received fuel from the Extender. And highly likely, either the Sgt himself or his staff was airborne at the time this was taken, along with the Thunderbolt.
36 |
37 | **Part 4: More directive clues from websites**
38 | One very beautiful feature the air force website provides is that, at the end of the fact sheet, of both the AC-10 and the KC-10, there is a link that provides us access to more photographs taken of the same model of the planes like so:
39 |
40 | 
41 |
42 | Chances are, for such military photos to be published onto social media, some kind of parameters would've been set for the photo to have before becoming worldwide knowledge. Hence, one other avenue to ensure the image could be from is in this [DVIDS link](https://www.dvidshub.net/feature/a10featurepage). However, when checking each respective aircraft's DVIDS link, this particular photo by S.Sgt Michael Battles was not available. So this is not fully useful, we'll need to try another route.
43 |
44 | Should we consider looking up the actual name of the officer who took this photo? And by doing so, his actual link to his portfolio on, none other than, [DVIDS itself](https://www.dvidshub.net/portfolio/1094284/michael-battles) was made available. But scanning through the images shown in 2020 yielded no photo from the tweet, so let's try another route.
45 |
46 | **Part 5: Googling once again**
47 | It turns out, that there was a more direct result that appeared by just googling ["staff sgt michael battles Thunderbolt II"](https://tinyurl.com/47w2c6xh). The second result, from the Department of Defence gave a [promising lead](https://dod.defense.gov/OIR/gallery/igphoto/2001755712/).
48 |
49 | The link mentions that this photo was taken when Operation Inherent Resolve was taking place in May 2017. Intriguingly, with that new piece of information, and filter out the images taken by Battles' in DVIDS link (for the whole of May in 2017) we get this [result](https://tinyurl.com/3562rsub). Therefore, multiple photos of the same Thunderbolt aircraft was taken, when it was supporting Operation Inherent Resolve.
50 |
51 | 
52 |
53 | Having found the original task image on the DVIDS webpage, here's it's fuller description:
54 |
55 | 
56 |
57 | With more details of the photo found out, let's carry on.
58 |
59 | **Part 6: Narrowing the countries this aircraft was flying above**
60 |
61 | From the Department of Defense website, there's a small description about [Operation Inherent Resolve](https://dod.defense.gov/OIR/). Bottom line up front: Its goal was to defeat ISIS. That helps narrow a region down - into Syria and Iraq. In that same webpage, there's a More Stories Button, and potentially, that can help us narrow down, what happened on the day the photo was taken.
62 |
63 | 
64 |
65 | One feature to be grateful for in this archive of stories of this Operation is that each story has a date listed. Here, the article with the date May 31, 2017 onwards would be useful to know if this particular airstrike is mentioned, and possibly its path, or target.
66 |
67 | After a bruteforce-like search, the article dated May 31, 2017 is [Officials Provide Details of Latest Defeat - ISIS Strikes](https://www.defense.gov/News/News-Stories/Article/Article/1197495/officials-provide-details-of-latest-defeat-isis-strikes/). It's closer to the top as it's nearer to the end of the Operation.
68 |
69 | 
70 |
71 | When reading that archived report, we can see that it includes details of air strikes that took place on May 29, 2017 at:
72 |
73 | 
74 |
75 | In that same manner, when we look at the [next report](https://www.defense.gov/News/News-Stories/Article/Article/1198981/us-coalition-continue-strikes-to-defeat-isis/), the areas mentioned are:
76 |
77 | 
78 |
79 | Further along, one other [report](https://www.defense.gov/News/News-Stories/Article/Article/1200604/strikes-continue-against-isis-targets-in-syria-iraq/) mentions May 30 strikes too:
80 |
81 | 
82 |
83 | From there, when looking at the other articles written that come afterwards, there's no more mention of strikes in May. The next one mentions June 2nd.
84 |
85 | However, for the sake of argument, we could also assume that the plane might've finished the strikes in May, prepared itself by refueling and proceeded to another area in June for its operation. Let's also navigate quickly what regions were mentioned for the report that speaks about [strikes in June 2nd](https://www.defense.gov/News/News-Stories/Article/Article/1201992/).
86 |
87 | Let's now compile out the areas of the region to consider as the Thunderbolt's path.
88 |
89 | **Part 7: Areas and Cities to consider before delving into Google Maps/Earth**
90 |
91 | So, from the above articles: the areas of interest in that time window have been:
92 |
93 | 1. Raqqa, Syria
94 | 2. Beiji, Iraq
95 | 3. Mosul, Iraq
96 | 4. Abu Kamal, Syria (in the strikes of June 2nd)
97 |
98 | **Alongside this**, one other source that can help was our narrowed photos gallery of the day from the [DVIDS link](https://tinyurl.com/3562rsub). Interestingly, from the gallery, the photo next to our task one, shows a huge water body. When inspecting Image 8, 15, 16, and 13 from [here](https://www.dvidshub.net/image/3441689/kc-10s-fueling-oir-fight), they show physical features that are a good bookmark to begin with.
99 |
100 | Therefore, for starters, let's begin with finding that water body first.
101 |
102 | **Part 8: Water body first, and then the other areas**
103 | On Google Earth, using Raqqa's coordinates and investigating the surrounding areas, the narrowed water bodies are these:
104 |
105 | 
106 |
107 | Amongst the gallery photos, let's have a look at [Image 15](https://www.dvidshub.net/image/3441689/kc-10s-fueling-oir-fight), as that one clearly shows the water body the ThunderBolt flying over.
108 |
109 | 
110 |
111 | We can see that the land below has a very unique feature (that pear shaped piece of land), and it's at a water body. In Google Earth, that same area could be spotted when inspecting the borders of the biggest water body. Placemarking that piece of land on Earth (37°41'29.05"N, 38°20'52.42"E).
112 |
113 | 
114 |
115 | So we can see there's a rough region over which the Thunderbolt was above. Let's reinspect the task photo, and see what other physical features can help us.
116 |
117 | 
118 |
119 | Closer look at the area, we can see a green-ish river below the plane. We can see that it's also got river islands (the natural greenery sticking out of the river) And near the right wing tip, a whitish hill. And interestingly, in Google Earth, in the Northwest of the pear land, we can see rivers of a greenish tinge.
120 |
121 | 
122 |
123 | Looking up in the white-ish, rocky areas of the rivers, there's a possible area with such a river island.
124 |
125 | 
126 |
127 | Placing a marker here: it's coordinates are roughly
128 | 37°39'31.08"N, 38°5'43.51"E.
129 |
130 | 
131 |
132 | ### Credits:
133 | Full credits to Sofia Santos for putting together this exercise.
--------------------------------------------------------------------------------
/OSINT Exercise 16/ans_pics/ac_10_thunderbolt_more_photos.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 16/ans_pics/ac_10_thunderbolt_more_photos.png
--------------------------------------------------------------------------------
/OSINT Exercise 16/ans_pics/article_dated_may_31_2017.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 16/ans_pics/article_dated_may_31_2017.png
--------------------------------------------------------------------------------
/OSINT Exercise 16/ans_pics/fuller_photo_desc.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 16/ans_pics/fuller_photo_desc.png
--------------------------------------------------------------------------------
/OSINT Exercise 16/ans_pics/image_15.webp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 16/ans_pics/image_15.webp
--------------------------------------------------------------------------------
/OSINT Exercise 16/ans_pics/may_29_strikes.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 16/ans_pics/may_29_strikes.png
--------------------------------------------------------------------------------
/OSINT Exercise 16/ans_pics/may_30-strikes_part2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 16/ans_pics/may_30-strikes_part2.png
--------------------------------------------------------------------------------
/OSINT Exercise 16/ans_pics/may_30_strikes.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 16/ans_pics/may_30_strikes.png
--------------------------------------------------------------------------------
/OSINT Exercise 16/ans_pics/pear_land.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 16/ans_pics/pear_land.png
--------------------------------------------------------------------------------
/OSINT Exercise 16/ans_pics/photo_album_view.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 16/ans_pics/photo_album_view.png
--------------------------------------------------------------------------------
/OSINT Exercise 16/ans_pics/river_island.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 16/ans_pics/river_island.png
--------------------------------------------------------------------------------
/OSINT Exercise 16/ans_pics/river_island_marker.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 16/ans_pics/river_island_marker.png
--------------------------------------------------------------------------------
/OSINT Exercise 16/ans_pics/stories_button.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 16/ans_pics/stories_button.png
--------------------------------------------------------------------------------
/OSINT Exercise 16/ans_pics/task_photo_territory.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 16/ans_pics/task_photo_territory.png
--------------------------------------------------------------------------------
/OSINT Exercise 16/ans_pics/water_bodies.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 16/ans_pics/water_bodies.png
--------------------------------------------------------------------------------
/OSINT Exercise 16/osint-exercise-016-big-picture.jpeg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 16/osint-exercise-016-big-picture.jpeg
--------------------------------------------------------------------------------
/OSINT Exercise 17/OSINT Exercise 017.md:
--------------------------------------------------------------------------------
1 | # OSINT Exercise 017
2 | [Link to full briefing](https://gralhix.com/list-of-osint-exercises/osint-exercise-017/) of OSINT Exercise 017
3 | Creator of Exercise: Sofia Santos
4 |
5 | ## Task Goal
6 | The majority of countries around the globe use the Gregorian calendar. However, there are other systems to measure and organise time. Below you will find three news articles from countries that have not adopted the Gregorian calendar.
7 |
8 | The task is to find their publication dates, in Gregorian date format.
9 |
10 | 1. “ኢትዮጵያዊው አትሌት የቶኪዮ ማራቶን ባለድል ሆኗል !” [Link](https://www.hatricksport.net/%e1%8a%a2%e1%89%b5%e1%8b%ae%e1%8c%b5%e1%8b%ab%e1%8b%8a%e1%8b%8d-%e1%8a%a0%e1%89%b5%e1%88%8c%e1%89%b5-%e1%8b%a8%e1%89%b6%e1%8a%aa%e1%8b%ae-%e1%88%9b%e1%88%ab%e1%89%b6%e1%8a%95-%e1%89%a3%e1%88%88/)
11 | 2. “प्रहरीमा ५ हजार ४४४ जनाका लागि भर्ना खुल्यो” [Link](https://www.onlinekhabar.com/2016/01/381827)
12 | 3. “در پنجمین شب جشنواره موسیقی فجر کدام گروهها پا به صحنه میگذارند؟”[Link](https://www.yjc.ir/fa/news/8369785/%D8%AF%D8%B1-%D9%BE%D9%86%D8%AC%D9%85%DB%8C%D9%86-%D8%B4%D8%A8-%D8%AC%D8%B4%D9%86%D9%88%D8%A7%D8%B1%D9%87-%D9%85%D9%88%D8%B3%DB%8C%D9%82%DB%8C-%D9%81%D8%AC%D8%B1-%DA%A9%D8%AF%D8%A7%D9%85-%DA%AF%D8%B1%D9%88%D9%87%E2%80%8C%D9%87%D8%A7-%D9%BE%D8%A7-%D8%A8%D9%87-%D8%B5%D8%AD%D9%86%D9%87-%D9%85%DB%8C%E2%80%8C%DA%AF%D8%B0%D8%A7%D8%B1%D9%86%D8%AF)
13 |
14 | ### Write up and Thought-Process
15 |
16 | **Part 1: First Article**
17 | For the 1st article, a quick eye into their Instagram shows they're based out of Ethiopia. That is consistent with the agency's logo, as it's comprised of the Pan-African flag colours (also present in Ethiopia's flag). Plus, once translated to English, the [contact page](https://www.hatricksport.net/about/) also lists a number beginning with that country code.
18 |
19 | In the article, the date is not spelled out in DD/MM/YYYY format. But there's an icon that says the article was published 4 years ago. When right-clicking that, and choosing the "Inspect" option, there's an actual date of publication recorded behind the scenes.
20 |
21 | 
22 |
23 | As per that datetime, it was taken back on March 1st, 2020. To confirm that order of YYYY-MM-DD, a confirmation [link](https://en.wikipedia.org/wiki/2020_Tokyo_Marathon) from Wikipedia, also shared the same winner and the winning time he completed the marathon in.
24 |
25 |
26 | **Part 2: Second Article**
27 | For the 2nd article, there's a contact email and phone number. As per the country code published there, this article is from Nepal. In addition, this URL mentions "2016/01/381827" - there's a chance that this article might have come from 2016 January. But it'll need to be confirmed.
28 |
29 | Similarly, as in the first article, inspecting the clock icon next to the author shows the date it was published. Interestingly, it's written in the same Nepali script.
30 |
31 | 
32 |
33 | So some translation between the scripts is required, so let's dig further.
34 |
35 | Copying that date time here: २०७२ माघ १७ गते १८:२४. Let's break it up into a table and check each character against the [numbering system](https://en.wikipedia.org/wiki/Numbers_in_Nepali_language), and a simple Nepali to English convert for the characters.
36 |
37 | With a side-by-side comparison with the numbering system's link above: the year, date, and time comes to: 2072-MAGHA-17, on 18:24.
38 |
39 | | Year | Month | Date | Extra Char | Time |
40 | | -------- | ------- | -------- | ------- |-------- |
41 | | २०७२ | माघ | १७ | गते | १८:२४ |
42 | | 2072 | MAGHA | 17 | ON | 18:24 |
43 |
44 | While it would've been lovely to see a news article from the future, this shows that it's not quite the Gregorian calendar's date. So for that, we can try out a [date converter](https://www.hamropatro.com/date-converter) and for our Nepali date above, the corresponding Gregorian date is: 31st January, 2016.
45 |
46 | 
47 |
48 | **Part 3: Third Article**
49 | For the 3rd article, at the bottom, the agency calls itself the "World's Largest Persian Language News Agency". Also, in the link, the country domain is ".ir" -- matching it to Iran. That checks out with the language it's published in.
50 |
51 | 
52 |
53 | One thing to note: the Persian script goes from the right to the left, and that's why the time has come before the date.
54 |
55 | | Time | Full Date |
56 | | -------- | ------- |
57 | | ۱۱:۱۷ | ۰۲ اسفند ۱۴۰۱ |
58 | | 11:17 | 02 1401 Esfand |
59 |
60 | Once again, after translating the [numerals](https://sites.la.utexas.edu/persian_online_resources/numbers-1/) and the [calendar month](https://sites.la.utexas.edu/persian_online_resources/numbers-1/calendar/), the publication date, anglicised is 11:17, 02 1401 Esfand. In [Gregorian](https://www.iranchamber.com/calendar/converter/iranian_calendar_converter.php), that translates to 21st Feb, 2023.
61 |
62 | 
63 |
64 |
65 | Therefore, the publication dates of the articles, in the Gregorian form are:
66 | 1. 1st March, 2020
67 | 2. 31st January, 2016
68 | 3. 21st February, 2023
69 |
70 |
71 | ### Credits:
72 | Full credits to Sofia Santos for putting together this exercise.
73 |
--------------------------------------------------------------------------------
/OSINT Exercise 17/ans_pics/article_2_greg_date.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 17/ans_pics/article_2_greg_date.png
--------------------------------------------------------------------------------
/OSINT Exercise 17/ans_pics/date_published_article_1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 17/ans_pics/date_published_article_1.png
--------------------------------------------------------------------------------
/OSINT Exercise 17/ans_pics/date_published_article_2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 17/ans_pics/date_published_article_2.png
--------------------------------------------------------------------------------
/OSINT Exercise 17/ans_pics/date_published_article_3.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 17/ans_pics/date_published_article_3.png
--------------------------------------------------------------------------------
/OSINT Exercise 17/ans_pics/greg_date_art3.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 17/ans_pics/greg_date_art3.png
--------------------------------------------------------------------------------
/OSINT Exercise 19/OSINT Exercise 019.md:
--------------------------------------------------------------------------------
1 | # OSINT Exercise 019
2 | [Link to full briefing](https://gralhix.com/list-of-osint-exercises/osint-exercise-019/) of OSINT Exercise 019
3 | Creator of Exercise: Sofia Santos
4 |
5 | ## Task Brief & Task
6 | The text below is a partial transcript of a phone call in which you can only read one side of the conversation. Despite the text being completely fabricated for this exercise, the location described is real. Your task is to geolocate where the person was at the time of this fictitious phone call.
7 |
8 | 
9 |
10 | ### Write up and Thought-Process
11 |
12 | **Part 1: Initial Thoughts**
13 | Taking it sequentially. Starting with the person who was dropped at the destination - addressing them as 'A'.
14 |
15 | In sum, taking out the main point from each line both of them speak:
16 |
17 | **Gist per line: A's Dialogue**
18 | 1. Got dropped off by a group to some destination. Destination might have some event, so A's punctual. Says the destination looks different than what they were informed about.
19 | 2. Mentions a new carpet. Reminds A of a swimming pool. So the place's new carpet's potentially blue?
20 | 3. Got scolded for making fun of a blue carpet?
21 | 4. Met someone the caller asked about. Managed to chat before prayers. Place might be a place of worship.
22 | 5. Talks about it being a safe city. Not a native. So A's potentially a foreigner.
23 | 6. Knows German.
24 | 7. Mentions about another language. Native language of the place?
25 | 8. Feels no hurry about learning the previous language. Can get by with German for the time being.
26 | 9. Wonders if a cousin can teach them the native language, asks about cousin's residence.
27 | 10. Cousin's residence is 1.5 hours from where A is: Assuming he's taking the call at the place of worship post prayers.
28 | 11. Got asked about interest to see the sea... a country with a shore/beach. A river also near the worship place?
29 | 12. River and sea is apparently connected. Caller got promised by A they'll go to cousin's place soon, and cuts the call. So cousin might be near the sea?
30 |
31 |
32 | **Part 2: Narrowing a suitable country, and suitable city**
33 | From the breakdown of the gist per line, there are some things to assume to start narrowing down the country first.
34 |
35 | There's mention of German being spoken, and another possible language. A language more native in the country. Potentially a place in the EU.
36 |
37 | Has a river that connects to the sea, near the place of worship, so that will narrow a couple of countries to start.
38 |
39 | Upon Googling which countries speak german, the 4 countries listed are:
40 | 1. Germany
41 | 2. Austria
42 | 3. Belgium
43 | 4. Luxembourg
44 |
45 | Amongst the 2, ruling out Luxembourg and Austria, as these guys are landlocked, and no access to the sea. Leaving behind Belgium and Germany.
46 |
47 | Now, let's consider Belgium. There's a better chance it's Belgium, as in the phone call: German is mentioned, and another language apart from that. Belgium has two others in its official belt: Dutch and French. More so than Germany, let's dig deeper within Belgium.
48 |
49 | Taking a quick peek into a favourite Youtuber called Geography Now, in his Belgium episode. There's mention of a [German speaking minority area in BEL](https://youtu.be/0TuMvWCbM-g?si=LmcDKPD4DR0G9XdV&t=164) in Liège. Let's potentially start there, and see if water bodies can be spotted.
50 |
51 | **Part 3: Water features of Liège, Belgium (and others if necessary)**
52 | The next big clue to consider in Liège, Belgium is its water features, looking especially for a river and its connection to the North Sea. Starting with a [Google Map of Liège](https://tinyurl.com/mr3he5ww), we can see the river (Meuse) cutting through the city. We've also learnt that Meuse, is a river, that drains into the North Sea.
53 |
54 | However, one other thing to note from the call is that, the travel time between the place of worship to the cousin's residence, is nearly 1.5 hours apart. And one assumption to make is that the cousin might be residing near the sea. So chances are, A will need to be a city that's at a travel time of 1.5 Hours away from sea.
55 |
56 | And Liège cannot be it, as its travel time is double that was quoted above.
57 |
58 | 
59 |
60 | So, let's cut the distance in half, and explore instead from, potentially Ghent. That's a major city for train exchanges, so there's a chance there.
61 |
62 | 
63 |
64 | And so, Ghent is a better option to geolocate the places of worship for A's phone call.
65 | Let's see if there are notable places of worship near or along the Meuse river within Ghent.
66 |
67 | **Part 4: Places of worship in Ghent**
68 | Let's first begin with Mosques in Ghent. There are other places of worship to consider, but taking into account that A is relatively new, the use of the term "prayers", and upon googling sample interiors of churches and mosques, there's a higher likelihood that there's a chance it's a Mosque. Given how vast the carpets would need to be, and being rectangular, it can look like a pool (provided it's also blue).
69 |
70 | And behold, when narrowing down the mosques, a promising result does appear: the Moskee Okba Ibn Nafi.
71 |
72 | 
73 |
74 | When cross referencing more pictures of the mosque, in its [Facebook profile](https://www.facebook.com/okbaibnnaafi.gent/), we can see a change in the carpet colours. It's changed from maroon and gold to the blue.
75 |
76 | When looking into its surroundings better, it's near the main station of Gent, plenty of bus stops nearby, a canal - the Achterdok and a stream/river - the Leie.
77 |
78 | 
79 |
80 | Upon further look-ups, the Leie itself is not a major river, but it acts as [a tributary](https://en.wikipedia.org/wiki/Scheldt#:~:text=(Hofstade)-,Lys/Leie%20(Ghent),-Mandel%20(Wielsbeke)) for the larger river that flows across France, Belgium and Netherlands - the Scheldt.
81 |
82 | Hence, the geolocated Mosque is: [Mosque Okba Ibn Nafi](https://maps.app.goo.gl/HpYGUKFuZjqwxnXE7) at the coordinates 51.05809805541387, 3.736810988350337.
83 |
84 | **Credits**
85 | Full credits to Sofia Santos for putting together this exercise.
86 |
87 | Additionally, as a crash course of Belgium to start the investigation: [Geography Now's Belgium Episode](https://www.youtube.com/watch?v=0TuMvWCbM-g)
88 |
--------------------------------------------------------------------------------
/OSINT Exercise 19/ans_pics/ghent_to_sea.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 19/ans_pics/ghent_to_sea.png
--------------------------------------------------------------------------------
/OSINT Exercise 19/ans_pics/mosque_in_ghent.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 19/ans_pics/mosque_in_ghent.png
--------------------------------------------------------------------------------
/OSINT Exercise 19/ans_pics/nearby_stuff.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 19/ans_pics/nearby_stuff.png
--------------------------------------------------------------------------------
/OSINT Exercise 19/ans_pics/travel time_liege_to_sea.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 19/ans_pics/travel time_liege_to_sea.png
--------------------------------------------------------------------------------
/OSINT Exercise 19/osintexercise019.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 19/osintexercise019.png
--------------------------------------------------------------------------------
/OSINT Exercise 2/OSINT Exercise 002.md:
--------------------------------------------------------------------------------
1 | # OSINT Exercise 002
2 | [Link to full briefing](https://gralhix.com/list-of-osint-exercises/osint-exercise-002/) of OSINT Exercise 002
3 | Creator of Exercise: Sofia Santos
4 |
5 |
6 | ## Task Goals
7 | To identify:
8 | I. The name of the train station seen in the photo
9 | II. The name and height of the tallest structure seen in the photo?
10 |
11 | 
12 |
13 | ### Write up and Thought-Process
14 | **Part 1: Initial Clues**
15 | Dividing the photo into 3 portions:
16 | a. Foreground: train tracks
17 |
18 | b. Middle ground: the train platform itself. Name here mentioned is Flinders Street.
19 |
20 | c. Background: A lot of buildings towards the right half. The left half has a building's spire.
21 |
22 |
23 | **Part 2: Investigation on Google**
24 | For Goal I: The photo itself has the train station name published ~ Flinders Street.
25 |
26 | Some Googling of its platform shows this is a station in Melbourne, AUS. But there could be multiple stations with the same name in the world.
27 |
28 | Verified with a google search of "Flinders Street Platforms", and seeing results.
29 | The font of the station name matches across in other pictures like this one below, and [this photo's link](https://wongm.com/2022/03/empty-platforms-at-flinders-street-station/) indeed verifies that the station is based in Melbourne:
30 |
31 | 
32 |
33 | Now, it's confirmed the station is in Melbourne, next is to check its vicinity in Google Earth.
34 |
35 | **Part 3: Investigation on Google Earth**
36 | After copying the coordinates of Flinders Street from Maps, and inserting it into Google Earth, we get this neighbourhood of buildings, and the train tracks.
37 |
38 | 
39 |
40 | The next thing is to orientate and see the area as if the photographer would if he were elevated.
41 |
42 | 
43 |
44 | That way, we can roughly see the buildings and their heights. To confirm even more, let's do a man-drop and see that same cluster of buildings from a street view.
45 |
46 |
47 | 
48 | And there we are! Even though these buildings were blocked by the platform in the first photo, we can see from this street view, they match the tops of the buildings that were there. We see
49 | 1) the spire,
50 | 2) the round white building,
51 | 3) HWT brown angular building,
52 | 4) IBM brown angular building,
53 | 5) and that fancy white hotel? building.
54 | 6) the blue building
55 |
56 | Now, amongst the 6, let's decipher who's the tallest.
57 |
58 | **Part 4: Who's the Tallest?**
59 | By observing, we can ignore the hotel and round white buildings, and focus on the other 4, as the photos indicate that they're not as high-rising. And so, for Goal II, it could be between the HWT, IBM buildings, the spire, and the blue building.
60 |
61 | Let's first establish: who does the spire belong to?
62 |
63 | 
64 | Back in Google Maps, using 3D view (roughly) the building with the spire belongs to Arts Centre Melbourne.
65 |
66 | Its [website](https://www.artscentremelbourne.com.au/exhibitions-collections/preserve) shows a wireframe logo with the spire and its [Wikipedia page](https://en.wikipedia.org/wiki/Arts_Centre_Melbourne) confirms the spire belongs to the centre.
67 |
68 | Also, the about summary of Wikipedia mentions its [height](https://en.wikipedia.org/wiki/Arts_Centre_Melbourne#:~:text=Arts%20Centre%20Trust-,Height,-162%C2%A0m%20(531)), at 162m.
69 |
70 |
71 | Moving on to the brown buildings.
72 | From the pictures, we can roughly see the tower names: the first is HWT and the other is IBM.
73 |
74 | With some help from Google, these two buildings are part of a [Southgate Complex](https://www.suntecreit.com/southgate-complex.html). This indicates that HWT Centre is 25-storeys, and IBM Building is 30-storeys.
75 |
76 | With extra searching, it's found out that
77 | [IBM Building](https://www.skyscrapercenter.com/building/ibm-australia/13493) is 131m tall. But to verify that HWT Centre is shorter, [this](https://mapcarta.com/W27165313) confirms its height, at around 111m.
78 |
79 | Moving on to the blue buildings
80 | From the street view, it's looking like the blue building is probably the tallest of them all. When cross checking in Google Maps, it looked like it appeared to be missing...?
81 | 
82 |
83 | There's a chance that our view from above is not the most up to date, but regardless of pushing the clock to the most recent time, it still appears to be flat.
84 |
85 | Let's then see if Google Maps, might give a clue. Given the rough arrangemnt of the buildings, we might need to do a mandrop into those lightly outlined streets in yellow.
86 |
87 | Something to note about our blue building is its red-ish top (from the task photo). As the building is diagonally behind the IBM one, there'll be a few buildings' facades to crosscheck.
88 |
89 | A rough place to begin the mandrop on Maps, might roughly be near this traffic junction.
90 |
91 | 
92 |
93 | While man-dropped, and checking the facades, some can get removed as an option due to no sighting of the red top.
94 |
95 | For one, that isn't clear, we can find what the building is after clicking it, and checking its exterior. One potential candidate is Focus Apartments, as part of its exterior photos, we can see the rough red item on the top. But let's find more details about the building.
96 |
97 | 
98 |
99 | Its official [website](https://focusmelb.com.au/) also shows a picture of the building with the red top, and by cross-checking its quoted address on google map, and this site that mentions the [building's specifications](https://www.skyscrapercenter.com/building/focus-melbourne/38852), it's quoted to be 166m.
100 |
101 |
102 | Hence, the final answers are:
103 | Goal I - Train station name is Flinders Street.
104 | Goal II - The tallest building is the FOCUS Apartments Building, with a height of 166m.
105 |
106 | ### Credits:
107 | Full credits to Sofia Santos for putting together this exercise
108 |
109 |
110 |
111 |
112 |
113 |
114 |
115 |
116 |
117 |
118 |
119 |
120 |
121 |
122 |
123 |
124 |
--------------------------------------------------------------------------------
/OSINT Exercise 2/ans_pics/pic10_focus_apartments.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 2/ans_pics/pic10_focus_apartments.png
--------------------------------------------------------------------------------
/OSINT Exercise 2/ans_pics/pic1_fs_platform.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 2/ans_pics/pic1_fs_platform.jpg
--------------------------------------------------------------------------------
/OSINT Exercise 2/ans_pics/pic2_top_view_ge.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 2/ans_pics/pic2_top_view_ge.png
--------------------------------------------------------------------------------
/OSINT Exercise 2/ans_pics/pic3_orientation_of_photographer.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 2/ans_pics/pic3_orientation_of_photographer.png
--------------------------------------------------------------------------------
/OSINT Exercise 2/ans_pics/pic4_view_of_buildings_at_street_level.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 2/ans_pics/pic4_view_of_buildings_at_street_level.png
--------------------------------------------------------------------------------
/OSINT Exercise 2/ans_pics/pic4_view_of_buildings_new.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 2/ans_pics/pic4_view_of_buildings_new.png
--------------------------------------------------------------------------------
/OSINT Exercise 2/ans_pics/pic5_google_maps_of_3.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 2/ans_pics/pic5_google_maps_of_3.png
--------------------------------------------------------------------------------
/OSINT Exercise 2/ans_pics/pic6_about_art_c_melb.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 2/ans_pics/pic6_about_art_c_melb.png
--------------------------------------------------------------------------------
/OSINT Exercise 2/ans_pics/pic7_eureka_tower.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 2/ans_pics/pic7_eureka_tower.png
--------------------------------------------------------------------------------
/OSINT Exercise 2/ans_pics/pic7_missing_blue_building.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 2/ans_pics/pic7_missing_blue_building.png
--------------------------------------------------------------------------------
/OSINT Exercise 2/ans_pics/pic8_place_to_begin_mandrop.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 2/ans_pics/pic8_place_to_begin_mandrop.png
--------------------------------------------------------------------------------
/OSINT Exercise 2/ans_pics/pic9_facade_check.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 2/ans_pics/pic9_facade_check.png
--------------------------------------------------------------------------------
/OSINT Exercise 2/osint_002_task_photo.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 2/osint_002_task_photo.png
--------------------------------------------------------------------------------
/OSINT Exercise 20/OSINT Exercise 020.md:
--------------------------------------------------------------------------------
1 | # OSINT Exercise 020
2 | [Link to full briefing](https://gralhix.com/list-of-osint-exercises/osint-exercise-020/) of OSINT Exercise 020
3 | Creator of Exercise: Sofia Santos
4 |
5 | ## Task (Pre)-Goal
6 | To find the original OSINT Task that's on this particular URL above.
7 | Right now, it's giving a pseudo-404, and a message from our creator.
8 |
9 | 
10 |
11 | ### Part 0: Hunting the OSINT Exercise
12 | To move past this, one good tool to use is the [Wayback Machine](https://web.archive.org/) - an initiative that helps us look into the archived/older versions of the website. When we insert in the URL of the 20th OSINT exercise, we can get this calendar of the days this URL was captured.
13 |
14 | 
15 |
16 | Going to the earliest capture of the exercise, on 28th August 2023, we can see a confirmation of finding it, and a fuller form of the exercise.
17 |
18 | 
19 |
20 | From this [archive link](https://web.archive.org/web/20230828083935/https://gralhix.com/list-of-osint-exercises/osint-exercise-020/), let's proceed with the task goals.
21 |
22 | ## Task Briefing & Goals
23 | The internet is a digital ecosystem in constant transformation. Websites change appearance, domains change owners, businesses open and close, and accounts are created and deleted.
24 |
25 | In July 2023, x.com went from being an almost blank page to redirecting to twitter.com.
26 |
27 | The task is to go back in time, until the year 2000, and find the following information within the x.com website:
28 |
29 | 1. The Frequently Asked Questions page.
30 | 2. The list of members of the management team in July.
31 |
32 | **Part 1: Initial Thoughts**
33 | The website of interest to check in the Wayback Machine is "x.com". That's a [starting point](https://web.archive.org/web/20240000000000*/x.com), and taking it from there. And there's a cut off of 2000.
34 |
35 | 
36 |
37 | This had been the online bank founded by Musk and his team at the time. When glancing quickly into its [Wiki page](https://en.wikipedia.org/wiki/X.com_(bank)), we can see a merger had taken place in 2000, and it subsequently got renamed into Paypal in 2001. Accounting for that, let's look at the 2000's records of this website to see what other features there are.
38 |
39 | **Part 2: FAQ URL**
40 |
41 | 
42 |
43 | Subsequently, across the calendar shots in 2000, the 404 error kept appearing for the FAQ hyperlink that came in each scrape of the X.com website. However, one thing to note, but it could differ, is the listed URL of the FAQs site page: it's listed as "https://secure.x.com/help_faq.asp".
44 |
45 | One computing concept to know between ASP files, and the HTML files (that are often considered the skeletons of websites), is that, in order for a user to interact with a dynamic website, the user's computer will need to interact with a server. In order for that dynamic quality to appear, [server side directives](https://www.differencebetween.info/difference-between-asp-and-html#:~:text=ASP%20is%20used%20to%20embed%20programming%20and%20server%20side%20directives%20into%20an%20HTML%20web%20page.) will need to be embedded within a HTML file. Therefore, this is a hint that our FAQ site page above, is the .asp file. So a corresponding HTML file will need to have been captured by Wayback at some point.
46 |
47 | Hence, to save time of inspecting each calendar capture of the website, let's try another feature from the top.
48 |
49 | Therefore, another tool from the top was required.
50 |
51 | 
52 |
53 | For these, the first to explore was the Site Map. However, when attempting the exercise in Aug 2024, the Map for 2000 didn't render well. So another tool was required.
54 |
55 | The next tool explored is Summary. Here, I played with the year start and end a little more, and got a more narrowed view of the URLs in our x.com domain.
56 |
57 | 
58 |
59 | When clicking the "Explore x.com URLs" from the above screenshot, its results are listed as ["https://web.archive.org/web/*/x.com/*](https://web.archive.org/web/*/x.com/*).
60 |
61 | From there, when exploring the URLs, there are 2 search bars we can use to find our FAQ and Management URLs.
62 |
63 | 
64 |
65 | It just so happened, that Wayback Machine is limited to the results it can render. It can give the latest 10,000 URLs of the x.com site it has scraped, and nothing else earlier. Unfortunately, our links from 2000 are older than that. Therefore, we'll need to narrow the link further in the upper search bar.
66 |
67 | How can we try to find the FAQ URL? We have a clue from earlier. From exploring the calendar shots of 2000, we can see that consistently, the FAQ URL has been this: "https://secure.x.com/help_faq.asp" -- So let's modify our search to "x.com/help..." and let's take it from there.
68 |
69 | 
70 |
71 | After clicking that link, we're taken to the calendar shots of that FAQ HTM page, and we can see it was captured 3 times successfully in 2000. Trying the one in June 2000, that gives us the successfully scraped shots of the [HTML page of the FAQ page](https://web.archive.org/web/20000618112127/http://x.com:80/help_faq.htm).
72 |
73 | **Part 3: Finding the Management URL**
74 | Similarly, for finding the management URL, it's worthwhile to explore the HTML capture of the website from above, and see the structure of the website.
75 |
76 | The one potential area this management section could be in is in the "About X" section.
77 |
78 | 
79 |
80 | Therefore, it's worth repeating the URL search again with "x.com/about... " and taking it from there with the results. Also, rearranging the results with the earliest one at the top, we can see a feasible result.
81 |
82 | 
83 |
84 | From there, and going to its calendar and choosing the July 6th 2000 capture, we arrive at the [management result](https://web.archive.org/web/20000706205553/http://x.com:80/about_management.htm) from July 2000.
85 |
86 | **Credits**
87 | Full credits to Sofia Santos for putting together this exercise.
88 |
--------------------------------------------------------------------------------
/OSINT Exercise 20/ans_pics/2 search bars.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 20/ans_pics/2 search bars.png
--------------------------------------------------------------------------------
/OSINT Exercise 20/ans_pics/captures_on_wb.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 20/ans_pics/captures_on_wb.png
--------------------------------------------------------------------------------
/OSINT Exercise 20/ans_pics/congrats_for_finding.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 20/ans_pics/congrats_for_finding.png
--------------------------------------------------------------------------------
/OSINT Exercise 20/ans_pics/faq_found.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 20/ans_pics/faq_found.png
--------------------------------------------------------------------------------
/OSINT Exercise 20/ans_pics/initial_404_msg.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 20/ans_pics/initial_404_msg.png
--------------------------------------------------------------------------------
/OSINT Exercise 20/ans_pics/summary_2000.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 20/ans_pics/summary_2000.png
--------------------------------------------------------------------------------
/OSINT Exercise 20/ans_pics/x_2000.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 20/ans_pics/x_2000.png
--------------------------------------------------------------------------------
/OSINT Exercise 20/ans_pics/x_2000_tools.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 20/ans_pics/x_2000_tools.png
--------------------------------------------------------------------------------
/OSINT Exercise 20/ans_pics/x_about_us.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 20/ans_pics/x_about_us.png
--------------------------------------------------------------------------------
/OSINT Exercise 20/ans_pics/x_management_html.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 20/ans_pics/x_management_html.png
--------------------------------------------------------------------------------
/OSINT Exercise 20/ans_pics/x_on_wb.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 20/ans_pics/x_on_wb.png
--------------------------------------------------------------------------------
/OSINT Exercise 21/OSINT Exercise 021.md:
--------------------------------------------------------------------------------
1 | # OSINT Exercise 021
2 | [Link to full briefing](https://gralhix.com/list-of-osint-exercises/osint-exercise-021/) of OSINT Exercise 021
3 | Creator of Exercise: Sofia Santos
4 |
5 | ## Task Goal
6 |
7 | Maps can appear in the most unique places. In this case, it's in a chocolate bar. Next to it, is a satellite view of the same location.
8 |
9 | The goal is to find the coordinates of the location seen in both images.
10 |
11 | 
12 |
13 | ### Write-up and Thought Process
14 |
15 | **Part 1: Initial Thoughts & Observations**
16 | Chocolate tablet looks fantastic. Chances are this is probably from a niche chocolatier as it features a map on it, which is very rare. There's no obvious signature or name of the chocolatier except for the top right corner: a "Do it Right" symbol. It might be in reference to best practices for chocolate manufacturing, and it could be in the small scale.
17 |
18 | It can act as a first clue for looking up the chocolatier.
19 |
20 |
21 | **Part 2: Looking up the chocolatier**
22 | When googling "Chocolate with map 'do it right'", one promising result is by [Cocoa Runners](https://cocoarunners.com/blog/do-it-right-with-puchero/). They have a write up of a maker called Puchero. Pivoting off that, we can find its [official website](https://somospuchero.com/en/category-product/chocolate-en/).
23 |
24 | When looking up the [bars](https://somospuchero.com/en/category-product/chocolate-en/) Puchero sells, and hovering over each image, they showcase the chocolate as having a similar map to the ones in the task photo.
25 |
26 |  
27 |
28 | Therefore, we can confirm that Puchero is the chocolatier we're interested in for this task.
29 |
30 | **Part 3: Geolocating the map on the bars**
31 | While each bar showcases ingredients from various places around the world, one thing that is good to note is that the map imprinted on **all** the bars is the same. That means, it is a location of utmost importance: it might be the founder's home, or even the locality map of the Puchero factory. As not a lot is mentioned about the founder's hometown (apart from the country they were in previously before starting Puchero), let's first start with the factory's address.
32 |
33 | When navigating to the [Get in Touch](https://somospuchero.com/en/contact/) page of Puchero, there is a Google Map of their location in Valladoid, Spain. This is confirmed as well in the write-up by [Cocoa Runners](https://cocoarunners.com/blog/do-it-right-with-puchero/#:~:text=specialty%20coffee%20roastery%20and%20now%20a%20craft%20chocolate%20factory%20in%20Valladolid%2C%20Spain.). When comparing that address's satellite view, against the task image, there are some similarities but more needs to be done.
34 |
35 | Similar to the task's satellite photo, the google map images has these similarities in common, like this triangular land, and the half-cloud one:
36 |
37 | 
38 |
39 | Therefore, it needs to be rotated 180°, to match the orientation of the chocolate bar's map.
40 |
41 | 
42 |
43 | Coincidentally, even the Puchero Factory location falls within the screenshot of the map. Using that marker, and finding its coordinates to roughly be
44 | 41.35209215391813, -4.689901804676438.
45 |
46 | **Credits**
47 | Full credits to Sofia Santos for putting together this exercise.
--------------------------------------------------------------------------------
/OSINT Exercise 21/ans_pics/chocolate with map.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 21/ans_pics/chocolate with map.png
--------------------------------------------------------------------------------
/OSINT Exercise 21/ans_pics/cover_of_choco.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 21/ans_pics/cover_of_choco.png
--------------------------------------------------------------------------------
/OSINT Exercise 21/ans_pics/google_map_view.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 21/ans_pics/google_map_view.png
--------------------------------------------------------------------------------
/OSINT Exercise 21/ans_pics/google_map_view_with_features.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 21/ans_pics/google_map_view_with_features.png
--------------------------------------------------------------------------------
/OSINT Exercise 21/ans_pics/matching view as in the bars.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 21/ans_pics/matching view as in the bars.png
--------------------------------------------------------------------------------
/OSINT Exercise 21/osint-exercise-021-big-picture.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 21/osint-exercise-021-big-picture.png
--------------------------------------------------------------------------------
/OSINT Exercise 22/OSINT Exercise 022.md:
--------------------------------------------------------------------------------
1 | # OSINT Exercise 022
2 | [Link to full briefing](https://gralhix.com/list-of-osint-exercises/osint-exercise-022/) of OSINT Exercise 022
3 | Creator of Exercise: Sofia Santos
4 |
5 | ## Task Goals
6 | The two images below come from a security camera overseeing a port. They were taken almost nine years apart. Both have a vehicle highlighted.
7 |
8 | The goals are to find:
9 | 1) Find the link to the camera’s live feed.
10 | 2) Geolocate the security camera.
11 | 3) Find the license plate* of the vehicle highlighted in blue.
12 | 4) Find the licence plate* of the vehicle highlighted in orange.
13 |
14 | *For Goals 3 & 4:
15 | Only provide the bottom half of the licence plate containing 2 sets of numeric values, as such: [XX]-[XX]
16 |
17 | 
18 |
19 | 
20 |
21 | ### Write-up and Thought Process
22 |
23 | **Part 1: Initial Thoughts & Observations**
24 | In both pictures, there are hints in the top left and right corners. The top left mentions "Yamoto Fishing Port" and the right the datetime with the JST timezone. It's helped narrow that this is in Japan.
25 |
26 | Another feature to note is that on the building in the bottom right hand corner, is a mascot drawing. So that can be one confirmation that the buildings are correct.
27 |
28 | **Part 2: Link and Geolocating the Camera**
29 | With a Google Map search of Yamoto Fishing port, we're brought to [this address](https://maps.app.goo.gl/H6ntLDwr6UXfsxhe7). When doing a man-drop into the address, and getting a 360° view, it can be confirmed the same.
30 |
31 | 
32 |
33 | Seeing the difference in the height and how nearby the cartoon building is, chances are the camera is in the nearest pole/tallest structure from the building.
34 |
35 | Therefore, a viable candidate is this pole, and from the image in Google maps, we can see a camera being attached to it.
36 |
37 | 
38 |
39 | And, from a bird's eye view of the area, the pole is being a shorter wall. So by roughly estimating that, the coordinates of the camera would be: 38.409480, 141.244609.
40 |
41 | **Part 3: Finding that camera's live feed**
42 | The next goal was to find the camera's live feed. Googling "Yamoto fishing port" kept feeding me back a couple of other OSINT walkthroughs, which was nice, but not what we're after. Until the final search result helped:
43 |
44 | 
45 |
46 | That search result showed the same indication it was of Yamoto Fishing Port again in the top left hand corner. This was a first promising result. The result's title is "mx10-20-227-180 MultiView".
47 |
48 | That's one good start. And searching that up, confirmed some details about the camera that was installed at the fishing port.
49 |
50 | 
51 |
52 | When investigating the [link](http://202.239.224.34/control/eventplayer?get_image_info_abspath=/var/www/server/events/10_20_227_180/002/965/A00001.jpg), the images match the vicinity and angle of the Yamoto fishing port.
53 |
54 | Therefore, the camera feed's link would be: http://202.239.224.34 - and entering this address at a time of day when the port is busy, can give a screenshot of the vicinity as shown:
55 |
56 | 
57 |
58 | **Part 4: Finding the 2023 Truck and its license plates**
59 | When doing a man-drop into the fishing port in Google Maps, coincidentally, there was a truck that matches the specifications of the one in the 2023 photo.
60 |
61 | 
62 |
63 | The painted on the truck is "Aizawa Suisan". Looking it up, it's a business name, and its official website of heritage, history, and produce can be found [here](https://www.aizawasuisan.com/). The entreprenuer behind this is doing incredible things.
64 |
65 | However, the website couldn't provide what we were specifically looking for. And so, another approach is required.
66 |
67 | Often, there's a chance that when looking up a place in Google Maps, details about it would appear on the left side, beneath the seach bar. Trying that again for our fishing port, we do get a website appearing!
68 |
69 | 
70 |
71 | And when visiting the [link](https://en.machindo-higamatsu.com/aizawa-suisan), we see our entrepreneur (Tadashi Aizawa) again from above of Aizawa Suisan! Potentially, this link could give more details!
72 |
73 | At the bottom of the landing page, there's a Facebook page, once again about himself and his business! His photo albums could give a clue perhaps.
74 |
75 | And yes, a photo, from the Facebook album does provide the license plate number to his truck that made the appearance in the 2023. This particular truck also matches in terms of the markings as shown in the screenshot of 2023 - in the Mobotix camera and in Google Maps. Therefore, as per the task goals, its respective numbers are found [here](https://www.facebook.com/aizawasuisan/photos/pb.100054424002192.-2207520000/607440969405874/?type=3).
76 |
77 | **Part 5: Locating the Truck from the camera shot of 2015**
78 | Finally, the last goal: gathering the numerical values from the truck screenshot by the camera in 2015.
79 |
80 | Here, we're going off the assumption that this older truck can also belong to the company, Aizawa Suisan, and not another truck from someone else driving by. Given that the photo was captured in 2015, one thing to do, is to see if more photos are captured from that year, in his socials and his website.
81 |
82 | Therefore, revisiting his [website](https://www.aizawasuisan.com/) again, and exploring the options of it. When translated in English, mentions a "Speciality Seaweed Making 2018". And it acts as a dropdown, [with the same content dating back to 2015](https://www.aizawasuisan.com/%E3%81%93%E3%81%A0%E3%82%8F%E3%82%8A%E3%81%AE%E6%B5%B7%E8%8B%94%E3%81%A5%E3%81%8F%E3%82%8A2018/%E3%81%93%E3%81%A0%E3%82%8F%E3%82%8A%E3%81%AE%E6%B5%B7%E8%8B%94%E3%81%A5%E3%81%8F%E3%82%8A2015/).
83 |
84 | Thus, we can explore if there is more media from 2015 that could hint at the truck. And rightly so, at the bottom of section, in a photo carousell, one potential candidate appears. When full-screened, it appears in the final photo of the album: the 55th one.
85 |
86 | When looking at the photo, there's not much clarity on its side profile. When we revisit the screenshot from 2015:
87 |
88 | 
89 |
90 | And zooming it in, there's a fair bit of obstruction to make out more details of its design. Apart from the white body, we can see its door is decorated with 2 windows.
91 |
92 | One idea could be to snip the bit of the photo from the album above, and attempt a google image search on that, maybe to discover more about its model, and see if the door could match with the specifications.
93 |
94 | **Part 6: Narrowing the model of the truck from the 2015 album**
95 | As I've had to snip a bit of the picture with that vehicle, with a prominent plate number: I'll share the part of its search results.
96 |
97 | So one interesting result that appeared is that the truck can be related to a model called the Hino Ranger.
98 |
99 | 
100 |
101 | When looking at a couple of the results more, there is a model that matches the same window patterns at the doors of the truck.
102 |
103 | 
104 |
105 | Therefore, with a high probability, there's a chance that the truck from the camera's screenshot could be the one from [this album's last photo here](https://www.aizawasuisan.com/%E3%81%93%E3%81%A0%E3%82%8F%E3%82%8A%E3%81%AE%E6%B5%B7%E8%8B%94%E3%81%A5%E3%81%8F%E3%82%8A2018/%E3%81%93%E3%81%A0%E3%82%8F%E3%82%8A%E3%81%AE%E6%B5%B7%E8%8B%94%E3%81%A5%E3%81%8F%E3%82%8A2015/). Also because, by the screenshot in the camera, there is some cargo loaded on it. And in that photo from the carousell in the website, we can see a little bit of load on the top right hand corner of the window.
106 |
107 | **Credits**
108 | Full credits to Sofia Santos for putting together this exercise.
109 |
--------------------------------------------------------------------------------
/OSINT Exercise 22/ans_pics/2023_truck_found.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 22/ans_pics/2023_truck_found.png
--------------------------------------------------------------------------------
/OSINT Exercise 22/ans_pics/camera_device_code_ip_address.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 22/ans_pics/camera_device_code_ip_address.png
--------------------------------------------------------------------------------
/OSINT Exercise 22/ans_pics/camera_live_image_example.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 22/ans_pics/camera_live_image_example.png
--------------------------------------------------------------------------------
/OSINT Exercise 22/ans_pics/camera_shortlisted.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 22/ans_pics/camera_shortlisted.png
--------------------------------------------------------------------------------
/OSINT Exercise 22/ans_pics/correct_hino_model.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 22/ans_pics/correct_hino_model.png
--------------------------------------------------------------------------------
/OSINT Exercise 22/ans_pics/hino_ranger_results.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 22/ans_pics/hino_ranger_results.png
--------------------------------------------------------------------------------
/OSINT Exercise 22/ans_pics/mandrop_voew.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 22/ans_pics/mandrop_voew.png
--------------------------------------------------------------------------------
/OSINT Exercise 22/ans_pics/one_more_camera_shot_with_the_same_name.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 22/ans_pics/one_more_camera_shot_with_the_same_name.png
--------------------------------------------------------------------------------
/OSINT Exercise 22/ans_pics/second_link.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 22/ans_pics/second_link.png
--------------------------------------------------------------------------------
/OSINT Exercise 22/osintexercise022-a.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 22/osintexercise022-a.png
--------------------------------------------------------------------------------
/OSINT Exercise 22/osintexercise022-b.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 22/osintexercise022-b.png
--------------------------------------------------------------------------------
/OSINT Exercise 23/OSINT Exercise 023.md:
--------------------------------------------------------------------------------
1 | # OSINT Exercise 023
2 | [Link to full briefing](https://gralhix.com/list-of-osint-exercises/osint-exercise-023/) of OSINT Exercise 023
3 | Creator of Exercise: Sofia Santos
4 |
5 | ## Task Brief & Goals
6 | Sometimes online footage contains more information than meets the eye. In October 2023, I uploaded a video to my YouTube channel where, for a split second between minute 3 and 4, my desktop wallpaper is partially visible.
7 |
8 |
9 | The goals are to find:
10 | 1) Find the title of the illustration, as given by the artist.
11 | 2) Find how much it would cost for the artist to create a similar piece, in size and detail
12 |
13 | ### Write-up and Thought Process
14 |
15 | **Part 1: Initial Thoughts & Observations**
16 | Already, a lot of initial clues are given in the brief: it's looking for a small lapse in a video from October 2023. And exploring the channel, there is only one video that had been uploaded in that month: the one called ["Filetype: The Best Advanced Search Operator for OSINT Investigators?"](https://www.youtube.com/watch?v=z9gr8yRSPZg).
17 |
18 | It's in this video, we could expect to see the small "lapse" of the wallpaper.
19 |
20 | **Part 2: Finding the Wallpaper Moment**
21 | Moreover, the brief also says that this wallpaper moment appears between the 3rd and 4th minute. Indeed, when playing the video, between this smaller duration of 3:35 to 3:39, the wallpaper appears.
22 |
23 | However, playing it at 0.25 speed was not enough to capture it, and so to see it frame-by-frame, the [<,] and [>.] buttons had to be pressed to toggle to a suitable frame, the wallpaper was visible enough.
24 |
25 | And by doing so, this is the wallpaper for the task:
26 |
27 | 
28 |
29 | With this found, onwards to the tasks ~
30 |
31 | **Part 3: Finding the title of the artwork**
32 | Naturally, the first way to go for finding some clues about the artist was to attempt an image reverse search. And intriguingly, there was a direct thread result from Reddit's r/Art subreddit. The [thread](https://www.reddit.com/r/Art/comments/z3ogno/involuntary_rat_queen_me_digital_2022/), also mentions its title, which is called the "Involuntary Rat Queen". Crosschecking the title, it also publishes the same artwork, in various forums like DevianArt, Inprnt, and ArtStation. The artist also has the same username across all the platforms.
33 |
34 | **Part 4: Cost for the Artist to make the artwork, with the same size and details**
35 | After exploring their profiles in the platforms, the most detailed one, is the [Deviantart](https://www.deviantart.com/adamscythe/art/Involuntary-Rat-Queen-938419928) version. Just below the artwork, there are various hyperlinks that tell us more about working with the artist. And amongst the options, one of them is the one about Commission Info.
36 |
37 | 
38 |
39 | And when clicking into [Commission Info](https://www.deviantart.com/adamscythe/journal/Commission-Info-789285042), we can see that the "Involuntary Rat Queen" will fall within the "Complete Illustration" background ~ it comprises of the main character, her side royal subjects, and some kind of detailed background tying both together. And as per their quotes, the _minimum_ cost for making such a piece is $190 (potentially USD).
40 |
41 | **Credits**
42 | Full credits to Sofia Santos for putting together this exercise.
--------------------------------------------------------------------------------
/OSINT Exercise 23/ans_pics/deviantart_info.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 23/ans_pics/deviantart_info.png
--------------------------------------------------------------------------------
/OSINT Exercise 23/ans_pics/reformatted_art.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 23/ans_pics/reformatted_art.png
--------------------------------------------------------------------------------
/OSINT Exercise 23/first_snapshot_of_art.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 23/first_snapshot_of_art.png
--------------------------------------------------------------------------------
/OSINT Exercise 24/OSINT Exercise 024.md:
--------------------------------------------------------------------------------
1 | # OSINT Exercise 024
2 | [Link to full briefing](https://gralhix.com/list-of-osint-exercises/osint-exercise-024/) of OSINT Exercise 024
3 | Creator of Exercise: Sofia Santos
4 |
5 | ## Task Brief & Goals
6 | There are countless armed insurgent groups spread throughout the globe. The three images below depict individuals associated with internationally recognised terrorist organisations.
7 |
8 | Your task is to identify to which group they have pledged their allegiance.
9 |
10 | **Part 1: Group featured in first photo**
11 |
12 | 
13 |
14 | When looking at this photo: the first stand out clue, is the colours of the group: being red and black. And also, there's a white coloured letter N in the emblem, as seen on the left band of the person on the right.
15 |
16 | There is also some inkling of an circular emblem from the sleeve of the person on the left.
17 |
18 | Having a look at the surroundings, the vegetation looks as if it's from the tropical zones of the planet. There's a realistic possibility that this group might originate from countries near the equator.
19 |
20 | When looking up "insurgent groups with red and black", there's a promising result of a group called the ELN (Ejército de Liberación Nacional), based out of Colombia.
21 |
22 | 
23 |
24 | **Part 2: Group featured in second photo**
25 |
26 | 
27 |
28 | The most useful symbol here, is the logo of the red star in the yellow circle. When looking up insurgent groups with that symbol, a few results appeared.
29 |
30 | 
31 |
32 | One potential result is the association to Kurdistan. More specifically, the Kurdistan Workers' Party (PKK). In the [Wikipedia write-up](https://en.wikipedia.org/wiki/Kurdistan_Workers%27_Party) of the PKK, there are various sub-groups that have allegiance to the PKK. Amongst them, is the Free Women's Unit or the YJA-STARS.
33 |
34 | Seeing the flag logo of the YJA-STARS and that our photographed subject is female, it's a good starting point to explore, and look up more photographs of this specific branch of the PKK.
35 |
36 | When looking up "YJA-STARS" in a Google image search, there is a good number of results that show the similar type of camouflage uniform as the subject in the photograph. In addition, the star emblem was also visible and located in the rifle's coverings. There's one such example [here](https://anfenglish.com/news/yja-star-carries-out-actions-in-memory-of-july-14-prison-resistance-53468). Furthermore, [one other article](https://anfenglishmobile.com/women/yja-star-guerrillas-call-on-women-to-join-the-freedom-struggle-72200), also helps to verify the camouflage color of the uniform as well.
37 |
38 | Therefore, the group of this second photograph is the YJA-STAR group, based out of the geo-cultural region in West Asia. Its full form is "Yekîneyên Jinên Azad ên Star" in Kurdish, and the Free Women's Units in English.
39 |
40 | **Part 3: Group featured in the third photo**
41 |
42 | 
43 |
44 | Now, onto the third photograph. The most prominent feature is in the flag behind the second trainee from the left. It shows a white triangle in a logo against a black background. With that as a starting point, let's begin looking up some results.
45 |
46 | Amongst the search results, one such result is of a Jihadist Group in Iran, called ["Jaish ul-Adl"](https://www.reddit.com/r/vexillology/comments/ep4ou0/flag_of_jaish_uladl_army_of_justice_a_jihadist/?rdt=42945). A number of the results showcase a few photographs with the same flag appearing, as seen [here](https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcQcCIzeAcSbnAo-HZyRqstavQxBH9CwLH2C4w&s), and [here](https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcRuSLxOKNk1_zbhqC4DXC2vWIo-QK5mKdELDw&s). Not only that the uniform and the shoe colours also match across the images. Its [Wikipedia page](https://en.wikipedia.org/wiki/Jaish_ul-Adl) also confirms the same flag.
47 |
48 | Therefore, the group in the third photograph is the "Jaish ul-Adl" group, operating out of the Sistan and Baluchestan province in Iran.
49 |
50 | **Credits**
51 | Full credits to Sofia Santos for putting together this exercise.
--------------------------------------------------------------------------------
/OSINT Exercise 24/ans_pics/group1_google_search.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 24/ans_pics/group1_google_search.png
--------------------------------------------------------------------------------
/OSINT Exercise 24/ans_pics/group2_top_results.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 24/ans_pics/group2_top_results.png
--------------------------------------------------------------------------------
/OSINT Exercise 24/ex24_group1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 24/ex24_group1.png
--------------------------------------------------------------------------------
/OSINT Exercise 24/ex24_group2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 24/ex24_group2.png
--------------------------------------------------------------------------------
/OSINT Exercise 24/ex24_group3.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 24/ex24_group3.png
--------------------------------------------------------------------------------
/OSINT Exercise 25/OSINT Exercise 025.md:
--------------------------------------------------------------------------------
1 | # OSINT Exercise 025
2 | [Link to full briefing](https://gralhix.com/list-of-osint-exercises/osint-exercise-025/) of OSINT Exercise 025
3 | Creator of Exercise: Sofia Santos
4 |
5 | ## Task Brief & Goals
6 | The world is full of anonymous quotes. Several are written in the unidentifiable building like the one below.
7 |
8 | The goals of the task are to find:
9 | 1. Building location
10 | 2. Find the quote with the word "anarchy" in it.
11 |
12 | 
13 |
14 | **Part 1: Initial Thoughts**
15 | When analysing the task photo, there are a couple of features to take note of: the first is the fact that the quote is written in a brick wall. The second is the rough green tinge in the middle of the quote, and the third is the type of pillar shape that's seen to the right of the quote.
16 |
17 | **Part 2: Looking up the quote**
18 | When looking up the quote, the same image appears to be available in various websites.
19 |
20 | 
21 |
22 | The most prominent example is in the last result, which mentions "In Stock", in its subheading. Therefore, chances are likely that it's part of a photographer's portfolio for sale. When entering that [link](https://www.stephanieavery.com/ruins/p/adventure), there's a description of where that location is.
23 |
24 | 
25 |
26 | This tells that the photographer took it at an abandoned computer factory in Rochester, USA. And could be a good location to look for, as the picture also features that green tinge in the middle of the quote, and a very similar brick wall background. With this as a start, there's enough to try and locate the building next.
27 |
28 | **Part 3: Locating the building**
29 | When looking up the description the photographer's website used, a very interesting, and thorough link, by the [Rochester Subway](https://www.rochestersubway.com/topics/2013/09/inside-the-abandoned-sykes-datatronics-building-rochester-ny/) about the abandoned Sykes Datatronics building from 2013, comes in. When glancing through the pictures, it could potentially be it, as the pillars featured in the photos also match the one seen in the task photo.
30 |
31 | But to further verify, at the bottom of the write-up, there's a credit to an even [older article](https://www.colorblindedphoto.com/blog/2009/10/11/exploring-sykes-datatronics/), that deserves a look in. And its in this older article, we see the photo of our quote get featured again, while talking about the same Sykes Datatronics building.
32 |
33 | 
34 |
35 | Therefore, the location of the quote is the abandoned Sykes Datatronics Building in Rochester, New York. Its address is roughly 392 Orchard Street, Rochester, NY based on this [Google Map link](https://www.google.com/maps/@43.1633824,-77.6345503,3a,75y,246.04h,117.8t/data=!3m7!1e1!3m5!1szBBNqfM7rOzQRa6e4FxnRg!2e0!6shttps:%2F%2Fstreetviewpixels-pa.googleapis.com%2Fv1%2Fthumbnail%3Fcb_client%3Dmaps_sv.tactile%26w%3D900%26h%3D600%26pitch%3D-27.799999999999997%26panoid%3DzBBNqfM7rOzQRa6e4FxnRg%26yaw%3D246.04!7i13312!8i6656?entry=ttu&g_ep=EgoyMDI0MTExMC4wIKXMDSoASAFQAw%3D%3D), that was mentioned in the Rochester Subway link. Its coordinates are roughly 43.163489350707025, -77.63413612553865.
36 |
37 | **Part 4: Looking up a quote with the word "Anarchy"**
38 | Next, is to find a specific quote within the building that had the word "Anarchy" in it.
39 |
40 | When looking up "Syke Datatronics Rochester building anarchy", a few pictures feature a quote on a pillar, and [ending with the required word](https://www.flickr.com/photos/axle81401/4854252066/in/album-72157621958651052). The quote being: This office was a prison for our brothers and sisters in wage slavery. Let's make it a carnival for our brothers and sisters in anarchy.
41 |
42 | 
43 |
44 | **Credits**
45 | Full credits to Sofia Santos for putting together this exercise.
46 |
--------------------------------------------------------------------------------
/OSINT Exercise 25/ans_pics/image_2_address.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 25/ans_pics/image_2_address.png
--------------------------------------------------------------------------------
/OSINT Exercise 25/ans_pics/image_3_subway_link.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 25/ans_pics/image_3_subway_link.png
--------------------------------------------------------------------------------
/OSINT Exercise 25/ans_pics/image_4_older_article.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 25/ans_pics/image_4_older_article.png
--------------------------------------------------------------------------------
/OSINT Exercise 25/ans_pics/image_5_sykes_datatronics_bg.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 25/ans_pics/image_5_sykes_datatronics_bg.png
--------------------------------------------------------------------------------
/OSINT Exercise 25/ans_pics/image_6_pillar_anarchy.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 25/ans_pics/image_6_pillar_anarchy.png
--------------------------------------------------------------------------------
/OSINT Exercise 25/ans_pics/image_one_sale.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 25/ans_pics/image_one_sale.png
--------------------------------------------------------------------------------
/OSINT Exercise 25/osint_25_task_photo.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 25/osint_25_task_photo.png
--------------------------------------------------------------------------------
/OSINT Exercise 26/ans_pics/Possible photo of Samarkand.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 26/ans_pics/Possible photo of Samarkand.jpg
--------------------------------------------------------------------------------
/OSINT Exercise 26/ans_pics/pic01_origin_country.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 26/ans_pics/pic01_origin_country.png
--------------------------------------------------------------------------------
/OSINT Exercise 26/ans_pics/pic02_halva_trip_advisor.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 26/ans_pics/pic02_halva_trip_advisor.png
--------------------------------------------------------------------------------
/OSINT Exercise 26/ans_pics/pic03_samsung_as_portfolio.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 26/ans_pics/pic03_samsung_as_portfolio.png
--------------------------------------------------------------------------------
/OSINT Exercise 26/ans_pics/pic04_samsung building.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 26/ans_pics/pic04_samsung building.png
--------------------------------------------------------------------------------
/OSINT Exercise 26/ans_pics/pic05_bus_stop_with_samsung.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 26/ans_pics/pic05_bus_stop_with_samsung.png
--------------------------------------------------------------------------------
/OSINT Exercise 26/ans_pics/pic06_plot_of_places.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 26/ans_pics/pic06_plot_of_places.png
--------------------------------------------------------------------------------
/OSINT Exercise 26/ans_pics/pic07_zoom_in_on_train.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 26/ans_pics/pic07_zoom_in_on_train.png
--------------------------------------------------------------------------------
/OSINT Exercise 26/ans_pics/pic08_taken_in_car.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 26/ans_pics/pic08_taken_in_car.jpg
--------------------------------------------------------------------------------
/OSINT Exercise 26/ans_pics/pic09_samarkand_brownish_hills.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 26/ans_pics/pic09_samarkand_brownish_hills.jpg
--------------------------------------------------------------------------------
/OSINT Exercise 26/ans_pics/pic10_scene_in_summar.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 26/ans_pics/pic10_scene_in_summar.jpg
--------------------------------------------------------------------------------
/OSINT Exercise 26/ans_pics/pic11_siyab_bridge.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 26/ans_pics/pic11_siyab_bridge.jpg
--------------------------------------------------------------------------------
/OSINT Exercise 26/ans_pics/pic12_road_crossing_with_traintrack.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 26/ans_pics/pic12_road_crossing_with_traintrack.jpg
--------------------------------------------------------------------------------
/OSINT Exercise 26/ans_pics/pic13_distance_travelled.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 26/ans_pics/pic13_distance_travelled.jpg
--------------------------------------------------------------------------------
/OSINT Exercise 26/ans_pics/pic14_measured_distance.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 26/ans_pics/pic14_measured_distance.jpg
--------------------------------------------------------------------------------
/OSINT Exercise 26/ans_pics/road crossing across train track.mp4:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 26/ans_pics/road crossing across train track.mp4
--------------------------------------------------------------------------------
/OSINT Exercise 26/ans_pics/samsung_galaxy_pics.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 26/ans_pics/samsung_galaxy_pics.jpg
--------------------------------------------------------------------------------
/OSINT Exercise 26/osintexercise026.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 26/osintexercise026.jpg
--------------------------------------------------------------------------------
/OSINT Exercise 26/zip_folder_content/IMG_2677.MOV:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 26/zip_folder_content/IMG_2677.MOV
--------------------------------------------------------------------------------
/OSINT Exercise 26/zip_folder_content/IMG_2747.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 26/zip_folder_content/IMG_2747.jpg
--------------------------------------------------------------------------------
/OSINT Exercise 26/zip_folder_content/img_01.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 26/zip_folder_content/img_01.jpg
--------------------------------------------------------------------------------
/OSINT Exercise 26/zip_folder_content/img_02.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 26/zip_folder_content/img_02.jpg
--------------------------------------------------------------------------------
/OSINT Exercise 26/zip_folder_content/img_03.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 26/zip_folder_content/img_03.jpg
--------------------------------------------------------------------------------
/OSINT Exercise 27/OSINT Exercise 027.md:
--------------------------------------------------------------------------------
1 | # OSINT Exercise 027
2 | [Link to full briefing](https://gralhix.com/list-of-osint-exercises/osint-exercise-027/) of OSINT Exercise 027
3 | Creator of Exercise: Sofia Santos
4 |
5 | ## Task Brief & Goals
6 | The image below shows a group of people sitting in front of a large screen that reads "Lectura en Movimiento en Lima". A speaker can be seen standing on the left-hand side in front of the three large flags.
7 |
8 | The task goals are to find:
9 | 1. Speaker's name
10 | 2. Identify what he was wearing on his lapel.
11 | 3. Find footage of his speech.
12 |
13 | 
14 |
15 | **Part 1: Initial Thoughts**
16 | To try and execute some initial translation first. "Lectura en Movimiento en Lima" from Spanish translates to "Reading on the Move in Lima".
17 |
18 | Using this, starting out search engine queries.
19 |
20 | **Part 2: Finding details about this talk**
21 | A google search on the original Spanish title of the talk, brings us to [two interesting results](https://www.google.com/search?q=Lectura+en+Movimiento+en+Lima&sca_esv=4dc0f076ae9218b7&source=hp&ei=hJIoZ_ufGOr54-EP_c6koQ8&iflsig=AL9hbdgAAAAAZyiglMKcsWtBie7afGeXP53KO0qWcSRZ&ved=0ahUKEwj78bKtrcKJAxXq_DgGHX0nKfQQ4dUDCBg&uact=5&oq=Lectura+en+Movimiento+en+Lima&gs_lp=Egdnd3Mtd2l6Ih1MZWN0dXJhIGVuIE1vdmltaWVudG8gZW4gTGltYTIFEAAYgAQyBRAAGIAEMggQABiABBiiBEj6BVCLA1iLA3ABeACQAQCYAT2gAT2qAQExuAEDyAEA-AEC-AEBmAICoAJPqAIKwgIQEAAYAxjlAhjqAhiMAxiPAcICEBAuGAMY5QIY6gIYjAMYjwGYAxCSBwEyoAfuAQ&sclient=gws-wiz).
22 |
23 | The first is this [article](https://oei.int/oficinas/peru/noticias/lectura-en-movimiento-en-lima-una-iniciativa-que-une-a-14-entidades-para-promover-la-lectura-en-el-pais) by OEI, Organización de Estados Iberoamericanos. This was published on 18th July 2023. Their logo is also on top in the slide's header, showing they might be the major organisers behind this.
24 |
25 | Reading through the article, we see a photo of our speaker of interest, and we can find out that he's Juan Carlos Luiz, the director of OEI Peru.
26 |
27 | For footage of his speech, comes from the second result: [a Facebook publication of the event's speech by Cultura24.tv](https://fb.watch/vEjxKI2mO8/). This was the day's speeches broadcasted live of the event. And Juan's speech, begins at the 9:40 mark of the video, and ends at 18:12.
28 |
29 | And in this segment, his lapel is more visible.
30 |
31 | **Part 3: What's there in his lapel?**
32 |
33 | Taking a small screenshot of the lapel shown:
34 |
35 | 
36 |
37 | From the shape of the lapel, it looks like a white circle with OEI in it, and a ribbon shape attached to it. To specifically find it, googling the speakers name, also shows another photo whereby he's wearing the lapel, like [this one](https://www.google.com/imgres?q=lectura%20OEI%20Peru%2C%20Juan%20Carlos%20Ruiz&imgurl=https%3A%2F%2Fmarketdata.com.py%2Fwp-content%2Fuploads%2F2023%2F07%2Ff1cc0328618806f898fa0b2eeb24657dc142602c.jpg&imgrefurl=https%3A%2F%2Fmarketdata.com.py%2Fnoticias%2Finternacionales%2Fperu-y-la-oei-promocionan-la-lectura-en-las-calles-y-el-transporte-publico-de-lima-112311%2F&docid=Rgl0Wi7WjKSRIM&tbnid=ek_2yHLrgl99MM&vet=12ahUKEwiLuvfMs8KJAxXnTGwGHaz2PJcQM3oECBwQAA..i&w=1920&h=1080&hcb=2&ved=2ahUKEwiLuvfMs8KJAxXnTGwGHaz2PJcQM3oECBwQAA), and the same event's name is in the background.
38 |
39 | 
40 |
41 | Therefore, it's safe to say that the lapel worn by the speaker is a pin that has both the OEI logo and an orange ribbon.
42 |
43 | **Credits**
44 | Full credits to Sofia Santos for putting together this exercise.
--------------------------------------------------------------------------------
/OSINT Exercise 27/ans_pics/lapel_snapshot.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 27/ans_pics/lapel_snapshot.jpg
--------------------------------------------------------------------------------
/OSINT Exercise 27/ans_pics/lapel_snapshot_clearer.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 27/ans_pics/lapel_snapshot_clearer.jpg
--------------------------------------------------------------------------------
/OSINT Exercise 27/osintexercise027.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 27/osintexercise027.png
--------------------------------------------------------------------------------
/OSINT Exercise 28/OSINT Exercise 028.md:
--------------------------------------------------------------------------------
1 | # OSINT Exercise 028
2 | [Link to full briefing](https://gralhix.com/list-of-osint-exercises/osint-exercise-028/) of OSINT Exercise 028
3 | Creator of Exercise: Sofia Santos
4 |
5 | ## Task Brief & Goals
6 | Sometimes, the fastest way to geolocate an image is to track down the movements of the person behind the lens.
7 | Photographer took the image on 20th Sept 2023, at 08:11 local time.
8 |
9 | The goals of this task are:
10 | 1. To determine the device used to take the photograph.
11 | 2. Where the photographer was headed
12 | 3. How far the photographer was from the entrance of their destination.
13 |
14 | Bonus Task: to determine the hotel the photographer used.
15 |
16 | 
17 |
18 | **Part 1: Initial Thoughts**
19 | Looking at the image, two striking features are: the gate having a number "55" on it, and potentially, a green mailbox.
20 | As for the first question, there's a good chance we can determine that from the photograph's metadata.
21 |
22 | **Part 2: Finding out the device**
23 | First, before utilising external tools: tried Windows' built-in Properties tab. And within in, the "Details" subcategory, there's a good clue in the Camera make and model.
24 |
25 | 
26 |
27 | There's a high possibility that the photo was taken with a Samsung device, of that particular model code: SM-A125F. Looking up this code, this shows us that [it's one variation of Samsung's Galaxy A12](https://doc.samsungmobile.com/SM-A125F/MID/doc.html)
28 | When crosschecking another feature from Properties, we can see that it matches a particular build number that was released back in late June 2023.
29 |
30 | 
31 |
32 | **Part 3: Direction the photographer was going towards**
33 | As this was an exercise involving our creator, one big clue (and permission) is that something about this day could be mentioned in their social media accounts.
34 | Double checking the social media channels our creator is a part of: chose to narrow down into Mastadon and Twitter.
35 |
36 | Given the date of the photo, a bit of Google Dorking was necessary.
37 |
38 | The search done to narrow it on Twitter was: "site:twitter.com/@gralhix" with a date range of the last ten days of September.
39 |
40 | 
41 |
42 | Intriguingly, to execute the same on Mastodon, with a date range: it didn't give anything promising.
43 |
44 | 
45 |
46 | But once the date parameters are removed, Gralhix's profile appears.
47 |
48 | 
49 |
50 | Having a look into the Mastadon profile manually, there was a promising result both accounts showed, and that was the Europol event called:
51 | SIRIUS CTF Finale, and the role of women in OSINT Investigations. Looking across the photographs of the post, it appears that it was held in a Europol HQ, in the Hague, in Netherlands.
52 | In addition, the final photo, that showcases the event's presentation, it matches the date the task photo was taken. And so, it could be a fair inference that Gralhix would've taken the photo enroute to the event, as it's also quite early in the morning.
53 |
54 | 
55 |
56 | Specifically, Europol's HQ address is: Eisenhowerlaan 73, 2517 KK Den Haag, Netherlands
57 |
58 | **Part 4: How far was the photographer from their destination?**
59 | In essence, we found out that Gralhix was headed to the Europol HQ in the Hague, NL.
60 |
61 | And looking back at our task photo, we see a number 55 on the gate of the building. As a first guess, it feels like both buildings could be along the same street.
62 | And seeing that they're both odd numbers, 55, and the HQ being at 73 Eisenhowerlaan, the first action was to geolocate 55 Eisenhowerlaan.
63 |
64 | And interestingly enough: 55 Eisenhowerlaan is the location of the task photo.
65 |
66 | 
67 |
68 | When zoomed in, the same house, gate, green mailbox, the slender shaved tree(?) and the number 55 plaque all match.
69 |
70 | But, when walking along the route with the man-drop, it wasn't fully clear where the entrance of Europol's HQ was for people coming in by walking.
71 | Given that this was a larger event, and that many attendees would've been required to come or conduct some security check, and to collect their event pass.
72 | A specific entrance must've been there.
73 |
74 | So looking back at what we've narrowed: we now need to find a walking route into the Europol HQ. Looking at [this part about entrances](https://www.europol.europa.eu/contact-us#:~:text=Building%20and%20Parking%20Entrances),
75 | it specifies a certain way to enter the building if choosing to walk.
76 |
77 | 
78 |
79 | Now, the next goal is to trace and measure that in Google Maps.
80 |
81 | 
82 |
83 | It can come as a potential distance, but given the route: it might come within this range, possibly plus or minus 10m.
84 | With the rough measurements, the walking route might be 180.23m.
85 |
86 | **Part 5: Bonus - What's the potential hotel Gralhix might've stayed at?**
87 | For this, I had to revisit the photos featured on the social media platforms. Amongst the 4, this one, [of her medal](https://pbs.twimg.com/media/F6zCiJmW8AAUW3I?format=png&name=900x900),
88 | might be a best bet in figuring out a potential hotel - as two are of the event and another is the certificate she was awarded.
89 |
90 | The background is blurry, but some stand out buildings are as follows:
91 |
92 | 
93 |
94 | In blue: the taller three black buildings
95 | In purple: the series of orange roofs
96 | In green: the white building with a window-heavy facade.
97 |
98 | In addition, it's a room with a balcony. So a good chance, it might be a place with a better view. As NL is a flat country, it could be facing the sea.
99 |
100 | With 3D feature enabled in Maps, and looking up hotels by the Pier/beach: some potential options come up:
101 |
102 | 
103 |
104 | And interestingly, the black and white, zebra-esque buildings are seen near the Museum Beelden aan Zee, and near that, are roughly 3 orange roofs.
105 |
106 | Following that line of view, the hotel with the $144 marker could be a candidate. That hotel, is the [ibis Style Den Haag Scheveningen](https://maps.app.goo.gl/NsHNVwdYwU1HGigQ7).
107 | To see if it indeed matches, looked through a couple of photos from its publicly available album on Maps, and found a similar photo from a balcony with the same few buildings.
108 |
109 | 
110 |
111 | It roughly matches the blurry background, and therefore, the hotel would be this ibis Style Den Haag Scheveningen.
112 | **Credits**
113 | Full credits to Sofia Santos for putting together this exercise.
114 |
--------------------------------------------------------------------------------
/OSINT Exercise 28/ans_pics/hotel_balcony_photo.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 28/ans_pics/hotel_balcony_photo.jpg
--------------------------------------------------------------------------------
/OSINT Exercise 28/ans_pics/medal_photo.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 28/ans_pics/medal_photo.jpg
--------------------------------------------------------------------------------
/OSINT Exercise 28/ans_pics/part_11_hotels_by_the_sea.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 28/ans_pics/part_11_hotels_by_the_sea.jpg
--------------------------------------------------------------------------------
/OSINT Exercise 28/ans_pics/part_8_distance.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 28/ans_pics/part_8_distance.jpg
--------------------------------------------------------------------------------
/OSINT Exercise 28/ans_pics/part_9_walking_route.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 28/ans_pics/part_9_walking_route.jpg
--------------------------------------------------------------------------------
/OSINT Exercise 28/ans_pics/part_five_europol_event.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 28/ans_pics/part_five_europol_event.jpg
--------------------------------------------------------------------------------
/OSINT Exercise 28/ans_pics/part_four_mastadon.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 28/ans_pics/part_four_mastadon.jpg
--------------------------------------------------------------------------------
/OSINT Exercise 28/ans_pics/part_four_no_result.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 28/ans_pics/part_four_no_result.jpg
--------------------------------------------------------------------------------
/OSINT Exercise 28/ans_pics/part_one_device_type.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 28/ans_pics/part_one_device_type.jpg
--------------------------------------------------------------------------------
/OSINT Exercise 28/ans_pics/part_seven_geolocating_task_photo.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 28/ans_pics/part_seven_geolocating_task_photo.jpg
--------------------------------------------------------------------------------
/OSINT Exercise 28/ans_pics/part_six_event_location.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 28/ans_pics/part_six_event_location.jpg
--------------------------------------------------------------------------------
/OSINT Exercise 28/ans_pics/part_ten_distance_potential.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 28/ans_pics/part_ten_distance_potential.jpg
--------------------------------------------------------------------------------
/OSINT Exercise 28/ans_pics/part_three_twitter.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 28/ans_pics/part_three_twitter.jpg
--------------------------------------------------------------------------------
/OSINT Exercise 28/ans_pics/part_two_build_name.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 28/ans_pics/part_two_build_name.jpg
--------------------------------------------------------------------------------
/OSINT Exercise 28/osint_ex_28.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 28/osint_ex_28.jpg
--------------------------------------------------------------------------------
/OSINT Exercise 29/OSINT Exercise 029.md:
--------------------------------------------------------------------------------
1 | # OSINT Exercise 029
2 | [Link to full briefing](https://gralhix.com/list-of-osint-exercises/osint-exercise-029/) of OSINT Exercise 029
3 | Creator of Exercise: Sofia Santos
4 |
5 | ## Task Brief & Goals
6 | This photo was taken whilst riding a train in the UK. Sofia's preference is for quiet areas where no one can be seated behind her because, in a public
7 | place, no information is truly private.
8 |
9 | The task is to find the following:
10 | 1. What the person in front is reading.
11 | 2. Identify the train model.
12 | 3. Identify Sofia's seat number.
13 |
14 | 
15 |
16 | **Part 1: Initial Thoughts**
17 | A few observations first of the train's interior.
18 | 1. There's a grey and red colour scheme. Grey hardseats, with red linen-cushioning.
19 | 2. A baggage rack above.
20 |
21 | And as the image is laterally inverted, some mirroring tool is required to get a better decipher of the text on the kindle device.
22 | One such inverting tool I'd opted for was [Img2go](https://www.img2go.com/).
23 |
24 | The resulting image was in this form:
25 |
26 | 
27 |
28 | When zoomed in more thoroughly, some of the words that are visible in the screen are:
29 |
30 | 
31 |
32 | 1. "leather gloves"
33 | 2. "have seen better days"
34 | 3. "She has the letters from William's cousin, James, in her <> and..."
35 |
36 | Amongst the decipherable words, the final sentence shows some promise. And so, using that, let's try to find out a potential piece of literature this can come from.
37 |
38 | **Part 2: Finding out the reading material**
39 | With that decipherable longest phrase, a search on Google to find potential books was done. And this was a promising result: The Fair Botanists.
40 |
41 | 
42 |
43 | And within the [book](https://tinyurl.com/mvbswc97), the exerpt that was shown through from the reflection, was just found in the previous page, and had the same words
44 | found earlier from the zoomed in mirror image.
45 |
46 | 
47 | 
48 |
49 | Therefore, the reading material is called: The Fair Botanists, by Sara Sheridan.
50 |
51 | **Part 3: Identifying the train model**
52 | Reverting back to the inverted photo:
53 |
54 | 
55 |
56 | The color scheme of the train interior is a hint: grey chairs with red linen and cushioning.
57 | There's also a foldable tray table as seen in the reflection.
58 | As for the seats: there's a grey "curve" at the top, and for its back, there's a "molding" that looks like an angular indentation.
59 |
60 | A luggage rack
61 | A QR code at the back of every seat.
62 |
63 | And while it's not fully confirmed, and seeing the opposite side's luggage rack quite close, it feels like this is a train model with a 2 x 2 seating arrangement.
64 |
65 | The first thing to do, is to look up "UK Trains with a grey and red interior". Amongst the results, this [article by Railsmatr](https://railsmartr.co.uk/sheffield-to-london-trains/) talks about an option.
66 |
67 | 
68 |
69 | In its article, it shortlisted a train type called the LNER (London North Eastern Railway). And the featured picture is of Standard Class on a LNER.
70 | The back of the seat matches what the inverted task photo depicts. And there's visibility of a tray table.
71 |
72 | There's a high possibility it can be this LNER train variety, it has another alias called Azuma and that it's from its Standard Class cabin.
73 |
74 | To find it's official model name: investigated a little into the LNER's wikipage. Under the [Rolling Stock section](https://en.wikipedia.org/wiki/London_North_Eastern_Railway#Rolling_stock), and within its current fleet: this key [sentence](https://tinyurl.com/nham38d6):
75 | about Class 801 trains being based on Hitachi A-train design and LNER retaining the Azuma brand for those units. When going into [its hyperlink](https://en.wikipedia.org/wiki/British_Rail_Class_801),
76 | this model appears to match the task photo best.
77 |
78 | Hence the model's full name would be the British Rail Class 801 Azuma trains, that is part of the London North Eastern Railway fleet.
79 |
80 | **Part 4: Identifying the seat number**
81 | And finally, to narrow down the seat number. For this, it's worth to revisit the original task photo.
82 |
83 | From the photo, we see an inverted right hand holding the kindle. Therefore, it's the passenger's right hand side that's closest to the window, same as the photographer.
84 | In addition, in the task brief, it was mentioned that Sofia prefers a seat where no one will be seated behind her. Plus, her right side does have access to the window.
85 |
86 | Using this as a hint, the next is to find out Azuma's seating plan, in the Standard Class cabins.
87 |
88 | And so, from the FAQ portion of LNER, there's a link to [LNER's seat maps](https://www.lner.co.uk/support/on-board-faq/seating/lner-seat-maps/), and in that [slideshow](https://www.lner.co.uk/globalassets/_page-structure/azuma-content/azuma-seat-maps-aug2021-min.pdf), some interesting bits of information appears.
89 |
90 | 1. Azuma Trains, come in 3 varieties: a 5-coach, 9-coach, and 10-coach trains.
91 | 2. There is one train type: the 9-coach, that appears to feature a Quieter Coach, in Coach H.
92 |
93 | And the slides also confirm this layout in its various train types.
94 |
95 | 
96 |
97 | The first standout is this quiet coach H in the 9-er train, so let's dig into that seat map.
98 |
99 | 
100 |
101 | Given that there's a preference to not be seated infront of anybody, and there's a window on the right hand side of Sofia, either Seat #6 or #83 would be the possible candidates.
102 |
103 | To narrow it down further, the best way is to revisit the task photo.
104 |
105 | 
106 |
107 | The top of the photo shows a reflection of the passengers from below. There's one gentleman we can witness, and behind him, are 2 extra seat rows.
108 | As it's possible to see more of his front, chances are he's at a booth table.
109 |
110 | Matching these three seats that face the photographer with a table, the best bet would be at seats 59, 63, 67 (where the gentleman would've been) and the table.
111 | The next best option would've been 57, 62 and 66. But from Seat #6, that's quite a distance, and there's a bit of uncertainty if the reflection might've captured there.
112 |
113 | Hence, Sofia's seat is highly likely #83.
114 |
115 | **Credits**
116 | Full credits to Sofia Santos for putting together this exercise.
--------------------------------------------------------------------------------
/OSINT Exercise 29/ans_pics/exerpt_one.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 29/ans_pics/exerpt_one.jpg
--------------------------------------------------------------------------------
/OSINT Exercise 29/ans_pics/exerpt_two.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 29/ans_pics/exerpt_two.jpg
--------------------------------------------------------------------------------
/OSINT Exercise 29/ans_pics/osintexercise029_inverted.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 29/ans_pics/osintexercise029_inverted.jpg
--------------------------------------------------------------------------------
/OSINT Exercise 29/ans_pics/part_one_book_found.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 29/ans_pics/part_one_book_found.jpg
--------------------------------------------------------------------------------
/OSINT Exercise 29/ans_pics/part_three_coach_h_seats.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 29/ans_pics/part_three_coach_h_seats.jpg
--------------------------------------------------------------------------------
/OSINT Exercise 29/ans_pics/pic_one_potential_candidate.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 29/ans_pics/pic_one_potential_candidate.jpg
--------------------------------------------------------------------------------
/OSINT Exercise 29/ans_pics/pic_two_train_types.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 29/ans_pics/pic_two_train_types.jpg
--------------------------------------------------------------------------------
/OSINT Exercise 29/ans_pics/zoomed_in_words.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 29/ans_pics/zoomed_in_words.jpg
--------------------------------------------------------------------------------
/OSINT Exercise 29/osintexercise029.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 29/osintexercise029.jpg
--------------------------------------------------------------------------------
/OSINT Exercise 3/OSINT Exercise 003.md:
--------------------------------------------------------------------------------
1 | # OSINT Exercise 003
2 | [Link to full briefing](https://gralhix.com/list-of-osint-exercises/osint-exercise-003/) of OSINT Exercise 003
3 | Creator of Exercise: Sofia Santos
4 |
5 |
6 | ## Task Goal
7 | To identify:
8 | Name and coordinates of the location in the published photo
9 |
10 | 
11 |
12 | ### Write up and Thought-Process
13 | **Part 1: Initial Thoughts**
14 | Photo clearly shows an official looking building. Has both diplomats' countries' flags on either side. Chances are it could be an official building used to host other international figures by Türkiye.
15 |
16 | Attempting a Google reverse image look-up of the photo below without the headline.
17 | Link of [image](https://gralhix.com/wp-content/uploads/2023/08/osint-exercise-003-picture.jpg) to use.
18 |
19 | **Part 2: Image Reverse Lookup**
20 | After uploading the image, there are a number of matches shown [here](https://lens.google.com/search?ep=gsbubb&hl=en-SG&re=df&p=AbrfA8qvt3ZIQiBOG8JHdv1py0Pdxi5vkxOwJAnwLiQf96jersH66JAxgxVfFipSHSVjTbssxQgDgs1nBQXxFQe2Rsl6Aa7zw_HH2x5XWWz8FKtWv1VMlHBaWUXUerpSgPYf8FOzRtq3mmMoJ6Dm6Ze8VFpteSX2oRViBNidUOKAwSncWlDzFt1VbqScq_--nqcYVSKhtqYTzWLcMxCrj_kvGzZBJDYjetxQuwtZSNAKo29fPKWtA_fCM4WdZKLtbOZoban5WGNiPpJlhXgiouL-rnUCkRKC2jt7BnPMuhI6cdw%3D#lns=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsIkVrY0tKR0l3WmpZelpqSXpMVGN6TW1FdE5EbGlNQzA0TWpjekxUSTVOakkzTkRZM1lXUmxZaElmU1hoM2VFbFlTRzlGZVRCWU9FZHRjM3A0VFdaRGJIWXpZelJuVUVOb2F3PT0iLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsWyIxYjk2ODEwMC1mZGQ4LTQ5ODktODI4Ni1mNzViZThhNWU5NWMiXV0=) that this is an official building that Türkiye uses for meeting foreign dignitaries.
21 |
22 | Let's explore an articles from this search result, and see if it would explain the location more.
23 |
24 | Amongst the search results (at the time of writing), is this [article](https://www.reuters.com/world/europe/turkish-parliament-approves-finlands-nato-accession-2023-03-30/).
25 | This also indicates the same location for another meeting, and the footnote of the photo in that article states Ankara, Türkiye. The first clue is that this building is in Ankara.
26 |
27 | A quick google search of "Ankara Türkiye official buildings" showed some potential candidates. One of them is the [Presidential Complex](https://en.wikipedia.org/wiki/Presidential_Complex_(Turkey)).
28 |
29 | From here, after attempting a [google image search](https://www.google.com/search?sca_esv=8d785069c21da656&q=presidential+complex+turkey&udm=2&fbs=AEQNm0BKxFXqFZETuC92mLOmXO9xJMdcEc6vsS8xotR_o6JIE2lxJVbfbQf0QBF0bvfl3GFNBPTQACMdFh6XPuV1Z0Eg9hjj1mCoiKv3FGCZSoL8LFWndMdM2XR4aGD0cSNlCtcWfG2Uxx1VHbESZZGtTLqJIpWorIEiBwoLHBotrxsca8c17DXljhODP05SZ-xKH05k1jwUlGV8PNmYih-FkegBBuFe9w&sa=X&ved=2ahUKEwiq0rmFz56HAxUFV2wGHQL2BloQtKgLegQIDRAB&biw=1536&bih=695&dpr=1.25#vhid=mAR2RyZQ2pkTiM&vssid=mosaic) of "presidential complex Türkiye", the facade of the building looks similar to the published image.
30 |
31 | But one confirming image was [this](https://images.app.goo.gl/8MjryAAaghC92hVt7) article's photo.
32 |
33 | Hence, it is indeed the **Presidential Complex of Türkiye**.
34 |
35 | **Part 3: Narrowing the entrance**
36 | To narrow down the part of the palace these 2 delegates met, let's use other clues in the surroundings.
37 |
38 | From Google Earth, after narrowing down the entrance to the palace, the next is to confirm the buildings where they snapped the photo. It would need to be at the first building from the entrance, because press and media people would be gathered there, and it can't be too interior of the palace.
39 |
40 | With that hint and the "wind-back-the-clock" tool in Google Earth, this is the rough building at which the photo was taken. The flagpoles are a big clue indicating the entrance.
41 |
42 | 
43 |
44 | Hence, by zooming into the entrance of the building, in the image below, this might be the potential place for the photo.
45 |
46 | 
47 |
48 | Its coordinates are:
49 | 39°55'52.05"N,32°47'58.75"E.
50 |
51 | ### Credits:
52 | Full credits to Sofia Santos for putting together this exercise
53 |
--------------------------------------------------------------------------------
/OSINT Exercise 3/ans_pics/pic1_ge_shows_facade_of_meeting.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 3/ans_pics/pic1_ge_shows_facade_of_meeting.png
--------------------------------------------------------------------------------
/OSINT Exercise 3/ans_pics/pic2_final_ans.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 3/ans_pics/pic2_final_ans.png
--------------------------------------------------------------------------------
/OSINT Exercise 3/osintexercise003.webp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 3/osintexercise003.webp
--------------------------------------------------------------------------------
/OSINT Exercise 30/OSINT Exercise 030.md:
--------------------------------------------------------------------------------
1 | # OSINT Exercise 030
2 | [Link to full briefing](https://gralhix.com/list-of-osint-exercises/osint-exercise-030/) of OSINT Exercise 030
3 | Creator of Exercise: Sofia Santos
4 |
5 | ## Task Brief & Goals
6 | The refugee crisis in Central Africa has been ongoing for decades.
7 | With millions of people fleeing violence, humanitarian agencies play a critical role
8 | by providing assistance, including emergency shelters.
9 |
10 | The video below, published in Oct 2007, shows the situation in a refugee camp in the Democratic Republic of the Congo.
11 | The structures seen in the footage are long gone, as the conflict in the regions waxes and wanes. Geolocating temporary accommodations is often challenging,
12 | as satellite images are scarce and the situation on the ground is volatile.
13 |
14 | It is, however, still possible.
15 |
16 | The task, is to find the exact location of the white tent seen in the video below at the 1:16 mark.
17 |
18 | 
19 |
20 | **Part 1: Initial Thoughts**
21 | Possibly, the first way of going about the exercise is to first try and find the source video the screenshot above is from.
22 | Seeing the bottom border of the video, it's three and a half minutes long, and given the widgets, it's available on Youtube to this day, as they're up to date.
23 |
24 | After looking up the displaced gentleman's name, with two additional search filters of type as "Videos" and duration as "Under 4 minutes" like so:
25 |
26 | 
27 |
28 | It's the 2nd video, [uploaded by UNHCR](https://youtu.be/BRoQva6wX24?feature=shared), it's more plausible in terms of its upload date, and the duration.
29 | Potentially, this video can help us narrow down the part of the country this camp could be based in.
30 |
31 | **Part 2: Summary, and clues from the video**
32 | The video opens up with the title of "Helping the displaced in North Kivu".
33 |
34 | In summary, the video speaks about new clashes that have occured in the eastern part of DRC that has limited humanitarian aid from reaching to those in need.
35 | The alternative to that has been to assist as many as possible with 20 makeshift campsites in the North Kivu province. This particular exodus of people mentioned in this video
36 | had been triggered by a clash between the Congalese Army and rebel soldiers who are loyal to Laurent-Nkunda from the previous week.
37 | (Given the upload date of the video, potentially the week of 14th - 20th Oct 2007).
38 |
39 | Specifically, in one particular camp: the Belengo(?) Camp in West Goma, rebel soldiers were forcibly conscripting any man they can find. Then, we hear from Faustin, the gentleman from the task photo.
40 | He too did have the rebel soldiers come after him to conscript.
41 | The video then continues to elaborate on the problems the campsites are facing, with the increasing number of displaced people.
42 |
43 | **Part 3: A potential location**
44 | So, the area of interest in the DRC has been narrowed down to the North Kivu province.
45 |
46 | Given the editing of the video, and the timing of Faustin's statements, the potential camp featured in the background might be Belengo(?) Camp in West (of?) Goma.
47 | Looking up some search results, it turns out its name was [Bulengo Camp](https://www.unhcr.org/us/news/unhcr-moves-displaced-new-camp-north-kivu) and it has reached its capacity at the end of September 2007.
48 |
49 | To find its location, the following google search gave a promising result with [ReliefWatch](https://reliefweb.int/report/democratic-republic-congo/democratic-republic-congo-humanitarian-disaster-north-kivu-demands-urgent-response).
50 | Seeing the description of the camp from the video, it is westwards of Goma.
51 |
52 | 
53 |
54 | Oddly, when looking up "Bulengo Camp" in Maps, there's a chance to keep getting directed into an address within Goma. That's actually not the camp itself, and so, a bit of toggling is required.
55 | From the map above, we can see that the original Bulengo camp and Goma are along the perimeter of a water body. Using that as an outline, and looking up "Bulengo", there are some options available.
56 |
57 | 
58 |
59 | When looking at the Bulengo area in general, and in Terrain mode of Maps, this is visible as satellite image.
60 |
61 | 
62 |
63 | Using the Map coordinates of "SITE DES DÉPLACÉS BULENGO" (-1.622056052517671, 29.119089459327675), looking that up more thoroughly in Google Earth.
64 |
65 | **Part 4: Inspecting the Bulengo Area more**
66 | The same coordinates in Google Earth, didn't provide the best images on Bulego Camp back in 2008. It just provided blurry images instead.
67 | Therefore, another avenue is needed to try and find aerial photo of the camp instead. Or like Ex 29, potentially a blueprint PDF of the camp (if that's possible).
68 |
69 | Luckily, there is one result of Bulengo Camp, from [another UN resource](https://media.un.org/photo/en/asset/oun7/oun7665707). As per its description, it is possible to view
70 | Bulengo camp in the background.
71 |
72 | 
73 |
74 | Given the broader view of the landscape Bulengo Camp is in, there are geographical features that are possible to geolocate this vicinity. The highlight to look for here is the crater lake.
75 | Going back to Google Maps, with the above coordinate, it is shown that it's called Green Lake. The next two features are the shoreline and the hilly/volcanic islands jutting out of the water.
76 |
77 | 
78 |
79 | So, let's now use Green Lake's coordinates instead, to narrow down into the direction of Bulengo Camp. Interestingly, there's a vantage point up in Green Lake, that can come in handy, called Lac Vert.
80 | With this, we can try and orient on Google Earth to match the photo we see. The coordinates for this point are: -1.6116429071796978, 29.13732921426638.
81 |
82 | 
83 |
84 | Using this, let's return back to Google Earth. And indeed, we've narrowed down the potential Bulengo area more steadily, and drew in a rough outline that could be there.
85 |
86 | 
87 |
88 | Now, the next part is to estimate coordinates and review the video once again for more landmarks to find the position of that tent from 2007.
89 |
90 | **Part 5: Finding the coordinates of the white tent**
91 | Revisiting the video, there were some useful time markings on more geographical clues around the white tent. A couple of potential points in the video include:
92 |
93 | 1. The presence of a thicker set of trees just directly behind the tent, and a few of the windows and doors that are visible in the tent.
94 | 
95 |
96 | 2. The background having a coastal line, and a mountain poking out of the water.
97 | 
98 |
99 | 3. The tent being visible right at the edge of the frame. And behind the registration table, a tree being there in the right hand side of the scene.
100 | 
101 |
102 | The biggest feature to hunt for next is the hill visible in the last frame, with the denser trees being present at its foot.
103 | The video shows the hill as having a flatter top, and so the rough coordinates for it could be 1°37'24.59"S, 29°7'45.97"E on Google Earth.
104 |
105 | Therefore, the tent would be in the vicinity of the foot of that particular hill, in that orientation.
106 | Looking at the first photo, the tent has several physical features behind it. There are two hills and more dense trees right behind.
107 | Hence, there's a good chance, the tent might be in this vicinity, in front of the hills and trees.
108 |
109 | 
110 |
111 | Seeing the area from a bird's eye view: this can be the potential position of the tent. To estimate that, accounting for the tree that might've been there (assuming it's around roughly in 2014 from 2007), and the tent
112 | being at that estimated distance, this can be the position of the tent from 2007.
113 |
114 | After making the polygon, and modifying its properties a bit, there's a way to make it into a building: with altitude, and extending it to its sides.
115 |
116 | 
117 |
118 | **Part 6: Verifying the tent**
119 | So for now, on Google Earth, a polygon building has been made for the tent. And in order to verify it, there is a need to confirm it against the aerial photo from the UN.
120 | Going back to this [source from Part 4](https://media.un.org/photo/en/asset/oun7/oun7665707).
121 |
122 | Downloading that and taking a zoomed-in look, the white tent could possibly be this one.
123 |
124 | 
125 |
126 | And comparing them both the UN photo, and the polygon building in Google Earth:
127 | 
128 |
129 | Based off the tent polygon created, the white tent from 2007 has the estimated coordinates of -1.623558, 29.128217 (1°37'24.81"S, 29° 7'41.58"E).
130 |
131 | **Credits**
132 | Full credits to Sofia Santos for putting together this exercise.
133 |
--------------------------------------------------------------------------------
/OSINT Exercise 30/ans_pics/01_youtube_video.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 30/ans_pics/01_youtube_video.jpg
--------------------------------------------------------------------------------
/OSINT Exercise 30/ans_pics/02_map_of_b_camp.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 30/ans_pics/02_map_of_b_camp.jpg
--------------------------------------------------------------------------------
/OSINT Exercise 30/ans_pics/03_all_projects.webp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 30/ans_pics/03_all_projects.webp
--------------------------------------------------------------------------------
/OSINT Exercise 30/ans_pics/03_bulengo_areas.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 30/ans_pics/03_bulengo_areas.jpg
--------------------------------------------------------------------------------
/OSINT Exercise 30/ans_pics/04_bulengo_area.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 30/ans_pics/04_bulengo_area.jpg
--------------------------------------------------------------------------------
/OSINT Exercise 30/ans_pics/05_aerial view_bulengo.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 30/ans_pics/05_aerial view_bulengo.jpg
--------------------------------------------------------------------------------
/OSINT Exercise 30/ans_pics/06_UN_photo_bulengo.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 30/ans_pics/06_UN_photo_bulengo.jpg
--------------------------------------------------------------------------------
/OSINT Exercise 30/ans_pics/07_crater_lake_vicinity.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 30/ans_pics/07_crater_lake_vicinity.jpg
--------------------------------------------------------------------------------
/OSINT Exercise 30/ans_pics/08_vantage_point.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 30/ans_pics/08_vantage_point.jpg
--------------------------------------------------------------------------------
/OSINT Exercise 30/ans_pics/09_camera_pan_comparison.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 30/ans_pics/09_camera_pan_comparison.jpg
--------------------------------------------------------------------------------
/OSINT Exercise 30/ans_pics/10_tent_vicinity.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 30/ans_pics/10_tent_vicinity.jpg
--------------------------------------------------------------------------------
/OSINT Exercise 30/ans_pics/11_tent_placement.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 30/ans_pics/11_tent_placement.jpg
--------------------------------------------------------------------------------
/OSINT Exercise 30/ans_pics/12_tent_polygon.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 30/ans_pics/12_tent_polygon.jpg
--------------------------------------------------------------------------------
/OSINT Exercise 30/ans_pics/13_copy_of_un_photo.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 30/ans_pics/13_copy_of_un_photo.jpg
--------------------------------------------------------------------------------
/OSINT Exercise 30/ans_pics/14_comparison_photo.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 30/ans_pics/14_comparison_photo.jpg
--------------------------------------------------------------------------------
/OSINT Exercise 30/osint_ex_30.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 30/osint_ex_30.png
--------------------------------------------------------------------------------
/OSINT Exercise 30/video_frames/frame_0.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 30/video_frames/frame_0.jpg
--------------------------------------------------------------------------------
/OSINT Exercise 30/video_frames/frame_1.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 30/video_frames/frame_1.jpg
--------------------------------------------------------------------------------
/OSINT Exercise 30/video_frames/frame_2.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 30/video_frames/frame_2.jpg
--------------------------------------------------------------------------------
/OSINT Exercise 31/OSINT Exercise 031.md:
--------------------------------------------------------------------------------
1 | # OSINT Exercise 031
2 | [Link to full briefing](https://gralhix.com/list-of-osint-exercises/osint-exercise-031/) of OSINT Exercise 031
3 | Creator of Exercise: Sofia Santos
4 |
5 | ## Task Brief & Goals
6 | 
7 |
8 | This newborn giraffe seen in the photo belongs to an endangered species. Individuals such as this one, born in captivity, often participate in conservation programs. This may include transfers to accredited facilities for carefully planned breeding efforts aimed at ensuring the survival of their species.
9 |
10 | Your task is to find the following information regarding the individual seen below:
11 |
12 | 1. Location and date of birth.
13 | 2. Current residence and date of arrival.
14 | 3. A photo in its current habitat.
15 |
16 | **Part 1: Initial Thoughts**
17 | First off, what a sweetie.
18 |
19 | Secondly, let's start with some small research of Giraffes and conservation of them first to get a better understanding of what our parameters are for this exercise:
20 | i.e. how many subspecies are there, some facts about them.
21 |
22 | **Part 2: The David Attenborough Takeover - Giraffes**
23 | Looking up some cursory reading in the [Giraffe Conservation website](https://giraffeconservation.org/giraffe-species/), it turns out that there are 8 subspecies of giraffes that are about.
24 | Amongst the eight, our little one belongs to one of them.
25 |
26 | Also, when looking at some [facts](https://giraffeconservation.org/facts-about-giraffe/14-fascinating-facts-about-giraffe/) about the Giraffe here, one interesting fact is that each giraffe has its own unique coat pattern.
27 | As for [about baby giraffes](https://giraffeconservation.org/facts-about-giraffe/faqs-about-baby-giraffe/), we can make a rough estimation of how long the calf would've been with its family
28 | before moving elsewhere to another residence (to keep in mind for RFI #2).
29 |
30 | Now, we can try and do an image reversal of the sweetie's photo next.
31 |
32 | **Part 3: Image Reversal Findings**
33 | More OSINT walkthroughs appeared than the actual result, but one promising lead, is the website called [Zooborns](https://www.zooborns.com/zooborns/2009/10/baby-giraffe-calf-at-the-virginia-zoo.html#more).
34 |
35 | Here, we find out that our sweetie was born in Virginia Zoo, in Norfolk, VA, in the USA. The blog has two conflicting dates about its birth: it's quoted as the 23rd Oct 2009 above, and later below, 21st Oct 2009.
36 |
37 | 
38 |
39 | 
40 |
41 | So, to verify further, the next best thing is to try and look at an older version of the Virginia Zoo website.
42 |
43 | **Part 4: Winding back the clock to 2009**
44 | For this step, the WayBack Machine proved to be more handy than Google Dorking. As we have narrowed down dates for the newborn, we can zoom into a snapshot of the website in October 2009.
45 | With the snapshot taken on [Oct 22 2009](https://web.archive.org/web/20091022052823/https://virginiazoo.org/), and navigating into sitemap, there's a section that comes up called "New Arrivals and Births".
46 |
47 | 
48 |
49 | There's a good chance that news of our newborn would be around there.
50 |
51 | 
52 |
53 | However, when navigating into the section, the latest news of that screenshot is from Sept 2009.
54 | When navigating into that particular "New Arrivals and Births" section, the Wayback URL is now specific to New Arrivals and Births.
55 | It's no longer the general Virginia Zoo one.
56 |
57 | Therefore, the next best thing to do, is to toggle across the snapshots of New Arrivals and Births in the top right corner with the blue arrows.
58 |
59 | And sure enough, proceeding to the [next snapshot](https://web.archive.org/web/20091031015448/http://www.virginiazoo.org:80/about-the-zoo/new-arrivals.asp), there could be news
60 | published of our sweetie in question. Plus, the reporting lingo is almost similar to the ZooBorns website.
61 |
62 | 
63 |
64 | Comparing the photos between the Wayback Snapshot, and ZooBorns, 2 photos are common in both sites.
65 |
66 | 
67 |
68 | 
69 |
70 | The photo that needs verifying is the 3rd photo in ZooBorns, which is the task photo.
71 | For that, we will try and compare the task photo with a photo that shows the newborn's right side.
72 |
73 | **Part 5: Verifying the newborn**
74 |
75 | Comparing against the task photo, this photo (that's on both sites), on the giraffe's right profile show a couple of matching patches.
76 |
77 | 
78 |
79 | Therefore, both sites are speaking about the same newborn, and as per the [snapshot](https://web.archive.org/web/20091031015448/http://www.virginiazoo.org:80/about-the-zoo/new-arrivals.asp) of the official write-up from the zoo, it has quoted that
80 | the newborn was born in Oct 21st 2009, 9:15pm local time (located at the Virginia Zoo, Norfolk, VA, USA).
81 |
82 | **Part 6: News about the Newborn**
83 | So, it's established that this newborn giraffe was born at the Virginia Zoo on Oct 21st 2009. As per the Conservation website found in Part 2, [calves would tend to depend on their mother's milk for 9 - 12 months](https://giraffeconservation.org/facts-about-giraffe/faqs-about-baby-giraffe/#:~:text=For%20how%20long%20will%20a%20giraffe%20rely%20on%20its%20mother%E2%80%99s%20milk%3F).
84 | It's probably in this segment of time, more news about the newborn's health will get published.
85 |
86 | Once again. navigating to the sitemap, there are several snapshots we can try. At this point, this [sitemap](https://web.archive.org/web/20100412202519/http://www.virginiazoo.org:80/about-the-zoo/site-map.asp), snapshot,
87 | is from April 2010, and health of the newborn giraffe would be around. Given the categories listed, it's highly likely updates will be given in the "News and Press" category.
88 |
89 | 
90 |
91 | **Part 7: Movement of the newborn giraffe, Willow**
92 |
93 | As suspected, more news of the newborn giraffe is shared in the press releases. One article verifies she's now called [Willow](https://web.archive.org/web/20100613032941/http://virginiazoo.org/zoo-happenings/MeetWillow.asp), and has begun to spend [time outdoors](https://web.archive.org/web/20100613033106/http://virginiazoo.org/zoo-happenings/willowexhibit.asp).
94 | This article also mentions her parents are Imara (Mom), and Billy (Dad).
95 |
96 | 
97 |
98 | It's in the article about Willow spending time in the outdoor exhibits, it is written she's in the Masai subspecies of giraffes. Now the next thing to do is to find out, where Willow went, after growing up in Virginia Zoo.
99 | For this, once again, choosing a later capture of the sitemap will work well. From part 6, we've learnt that newborns will be with their mums for 9-12 months. Counting from Oct 2009, going to Oct 2010, any further news of her would happen
100 | after she's grown up to some extent. So adding in an extra side of caution, it's best to look up a [Newsroom snapshot from 2012](https://web.archive.org/web/20120818011926/http://www.virginiazoo.org/zoo-happenings/news-and-press.asp).
101 |
102 | 
103 |
104 | And there's one article that's a good hint, the article called ["Nearly Six Feet at Birth"](https://web.archive.org/web/20120719173610/http://virginiazoo.org/zoo-happenings/20110729_Baby_Giraffe.pdf.pdf).
105 | This article speaks about another offspring Willow's parents had, and at the bottom, it is mentioned that Willow was then at Disney's Animal Kingdom in Florida (as of July 2011).
106 |
107 | 
108 |
109 | So the article gives us a hint that Willow had left before July 2011, and with a simple google search of "willow giraffe disney's animal kingdom", one article by [Windsor Palms Florida](https://www.windsor-palms-florida.net/latest-news/disneys-animal-kingdom-gets-a-new-baby-giraffe)
110 | shared Willow came to Disney's Animal Kingdom (Florida, US), on Oct 12th, 2010.
111 |
112 | **Part 8: Is Willow still in Florida's DAK?**
113 | The other thing the Windsor Palms Florida article had hinted at is Willow being part of a herd that will eventually get released into Kilimanjaro's Safari Ride. The question is if as of 2025, if she's in Florida, Kilimanjaro, or elsewhere.
114 |
115 | 
116 |
117 | *Okay, my mistake*, the Kilimanjaro Safari Ride is an attraction of Disney's Animal Kingdom (DAK). So for now, let's find more evidence if Willow is still at the DAK.
118 |
119 | When googling more on "willow giraffe in Disney's Animal Kingdom", there's a [2024 video](https://youtube.com/shorts/DZ4A3dkiKs8?si=XtadsAao2XimOyAJ) that verifies it's Willow.
120 |
121 | And back at her baby picture, that heart patch is indeed visible.
122 |
123 | 
124 |
125 | With a high probability, we'll assume the 2024 video is the most recent media of Willow, and find how her habitat in DAK is. When looking up more results of Willow in the DAK, there's
126 | a report that [she's became a mother in 2020](https://www.clickorlando.com/theme-parks/2020/12/04/disneys-animal-kingdom-welcomes-pair-of-masai-giraffe-calves-to-savanna/). While this was sometime back,
127 | the article is focused heavily on Willow and her offspring. And not only that, the article's second and fifth photo features Willow, once again with the heart patch visible.
128 |
129 | 
130 |
131 | Therefore, the 2024 video shows Willow in her habitat (but only a small segment of it), and the photo from when she became a Mum, shows a more extensive version of her habitat.
132 |
133 | **Credits**
134 | Full credits to Sofia Santos for putting together this exercise.
135 |
--------------------------------------------------------------------------------
/OSINT Exercise 31/ans_pics/pic01_giraffe_numbers.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 31/ans_pics/pic01_giraffe_numbers.jpg
--------------------------------------------------------------------------------
/OSINT Exercise 31/ans_pics/pic02_birthdate_01.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 31/ans_pics/pic02_birthdate_01.jpg
--------------------------------------------------------------------------------
/OSINT Exercise 31/ans_pics/pic03_birthdate_02.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 31/ans_pics/pic03_birthdate_02.jpg
--------------------------------------------------------------------------------
/OSINT Exercise 31/ans_pics/pic04_sitemap.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 31/ans_pics/pic04_sitemap.jpg
--------------------------------------------------------------------------------
/OSINT Exercise 31/ans_pics/pic05_snapshot_of_section.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 31/ans_pics/pic05_snapshot_of_section.jpg
--------------------------------------------------------------------------------
/OSINT Exercise 31/ans_pics/pic06_news_of_newborn.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 31/ans_pics/pic06_news_of_newborn.jpg
--------------------------------------------------------------------------------
/OSINT Exercise 31/ans_pics/pic07_wayback_archive.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 31/ans_pics/pic07_wayback_archive.jpg
--------------------------------------------------------------------------------
/OSINT Exercise 31/ans_pics/pic08_zooborns.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 31/ans_pics/pic08_zooborns.jpg
--------------------------------------------------------------------------------
/OSINT Exercise 31/ans_pics/pic09_patches_match.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 31/ans_pics/pic09_patches_match.jpg
--------------------------------------------------------------------------------
/OSINT Exercise 31/ans_pics/pic10_sitemap.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 31/ans_pics/pic10_sitemap.jpg
--------------------------------------------------------------------------------
/OSINT Exercise 31/ans_pics/pic11_news_on_giraffe.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 31/ans_pics/pic11_news_on_giraffe.jpg
--------------------------------------------------------------------------------
/OSINT Exercise 31/ans_pics/pic12_news_on_willow.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 31/ans_pics/pic12_news_on_willow.jpg
--------------------------------------------------------------------------------
/OSINT Exercise 31/ans_pics/pic13_willow_new_location.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 31/ans_pics/pic13_willow_new_location.jpg
--------------------------------------------------------------------------------
/OSINT Exercise 31/ans_pics/pic14_giraffe_herd_DAK.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 31/ans_pics/pic14_giraffe_herd_DAK.jpg
--------------------------------------------------------------------------------
/OSINT Exercise 31/ans_pics/pic15_willow_and_jr.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 31/ans_pics/pic15_willow_and_jr.png
--------------------------------------------------------------------------------
/OSINT Exercise 31/osintexercise031.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 31/osintexercise031.png
--------------------------------------------------------------------------------
/OSINT Exercise 31/right_profile.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 31/right_profile.jpg
--------------------------------------------------------------------------------
/OSINT Exercise 4/OSINT Exercise 004.md:
--------------------------------------------------------------------------------
1 | # OSINT Exercise 004
2 | [Link to full briefing](https://gralhix.com/list-of-osint-exercises/osint-exercise-004/) of OSINT Exercise 004
3 | Creator of Exercise: Sofia Santos
4 |
5 |
6 | ## Task Goals
7 | To identify the features of this photo of a resort located on an island:
8 | I. What is the name of the resort?
9 | II. What are the coordinates of the island?
10 | III. In which cardinal direction was the camera facing when the photo was taken?
11 |
12 | 
13 |
14 | ### Write up and Thought-Process
15 | **Part 1: Image Reverse Lookup**
16 | Just executed [Google Image search](https://lens.google.com/search?ep=gsbubb&hl=en-SG&re=df&p=AbrfA8pCRFjCWnWQJ-SSOuiQrdxwdZNOTGwW_R8gW29cTqgqE4BwZ6PVPLtwRo6qeyaCwWMw26buqS2y7sLB-Q7vrpM4l9v4V5WDta0qguHdqrsodEfgwArkYGGykN-ENOvFIWGNSCRzcI8SkCmD2lNsbasB4D_sHMkw6Hx6MKcklSI_5KQQLOVT3zlw4Ok5jTV01wjvDeKW6BhLuhPgS-PspgjeIwroeB6bisO29CdGhL9lERut98-m26s9X_6NLR1aIw2cq-Q9Ympf3W_DhdXF-DnC9Aiu5TAEzQPNWnb8hqg%3D#lns=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLDEsIkVrY0tKREEzTW1NMlpEUm1MVGd5Wm1RdE5EVTVaQzFoT1dVMkxUWm1OMkZpTURjNU16TmxPQklmYXpSRVkxWjBVM0o2VEVGaWMwWldkMUYzZG5veE4wVXlMVmRGY0VOb2F3PT0iLG51bGwsbnVsbCxudWxsLDEsbnVsbCxbbnVsbCxudWxsLFswLDAsMTAwMDAwLDEwMDAwMF1dLFtudWxsLG51bGwsW11dLFsiODEwYjg1YTctNmNjMC00MmY5LTk1Y2ItMzllN2Y2OWU3M2JiIl1d) on the photo from the write-up and looked for exact matches.
17 |
18 | The [second result](https://www.facebook.com/oanresort/) is a Facebook profile for an "Oan Resort". Amongst its photos is the [same one in the write-up](https://www.facebook.com/photo.php?fbid=493724296086908&set=pb.100063480255744.-2207520000&type=3).
19 |
20 |
21 | **Part 2: Coordinates of Island**
22 | Looking up "Oan Resort" more, its [official website](https://oanresort.wixsite.com/chuuk/about) is also published. This has an introductory video of where Oan Resort is located. It mentions its part of the Federated States of Micronesia, and zooms into one of its island states, the Chuuk state. And within that state, into the Chuuk Lagoon.
23 |
24 | Using this clue, let's investigate on Google Maps.
25 |
26 | 
27 |
28 | After zooming into the Lagoon more, interestingly, an Oan Resort icon shows up.
29 |
30 | Therefore, we can decipher the resort's coordinates like below in the photo:
31 | 
32 |
33 | And in a similar manner using Maps, the coordinates of the island at roughly:
34 | 7.363490783966962, 151.75577412425892.
35 |
36 | Let's now insert this coordinate into Google Earth to see the terrain, and play around with the views better.
37 |
38 | **Part 3: Camera position & direction**
39 | From seeing the island up close, it's coming together that Oan Island itself is photographed. But it's the background that give a bigger clue on which direction the camera had to be pointed towards.
40 |
41 | 
42 |
43 | When revisiting the task photo from above: we can see a short island, and part of an atoll with its cluster of islets.
44 |
45 | Orientation of Google Earth was crucial here, so toggling with the shift key and arrow keys to get close to an eye-level view like so:
46 |
47 | 
48 |
49 | With this orientation, it is easy to just press Shift + left/right, and get a 360° view.
50 |
51 | Coincidentally, the rough shapes based of Google Earth matches with what is seen in the first eye level picture. However, choosing to "wind-back-the-clock" to see the satellite imagery from a few years back, close to 2022/2021. Reason being, we can see any changes that happen to Oan's coastline.
52 |
53 | As Micronesia is a place that's subject to a lot of physical geographical change, it's good to see if we can come close to how it did look at the time the photo was taken.
54 |
55 | And likely so, in 2022, the sand in the satellite image of 2022 was more obvious, as it had been in the task photo.
56 |
57 | 
58 |
59 | Hence, we can confirm this was the direction the camera was facing: North-West.
60 |
61 | So, the results for the goals in this exercise:
62 | I) Oan Resort
63 | II) Coordinates of island: 7.363490783966962, 151.75577412425892
64 | III) Camera's facing the North-West direction
65 |
66 | ### Credits:
67 | Full credits to Sofia Santos for putting together this exercise.
68 |
69 | Additionally: to help decipher the physical geographical aspects of FSOM: [Geography Now's Micronesia episode](https://www.youtube.com/watch?v=_gSBvcYOuu4)
70 |
--------------------------------------------------------------------------------
/OSINT Exercise 4/ans_pics/pic1_google_maps_oan_appearing.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 4/ans_pics/pic1_google_maps_oan_appearing.png
--------------------------------------------------------------------------------
/OSINT Exercise 4/ans_pics/pic2_oan_resort_coordinates.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 4/ans_pics/pic2_oan_resort_coordinates.png
--------------------------------------------------------------------------------
/OSINT Exercise 4/ans_pics/pic3_google_earth_eye_level.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 4/ans_pics/pic3_google_earth_eye_level.png
--------------------------------------------------------------------------------
/OSINT Exercise 4/ans_pics/pic4_more_sand.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 4/ans_pics/pic4_more_sand.png
--------------------------------------------------------------------------------
/OSINT Exercise 4/osint_ex_04_task_photo.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 4/osint_ex_04_task_photo.jpg
--------------------------------------------------------------------------------
/OSINT Exercise 5/OSINT Exercise 005.md:
--------------------------------------------------------------------------------
1 | # OSINT Exercise 005
2 | [Link to full briefing](https://gralhix.com/list-of-osint-exercises/osint-exercise-005/) of OSINT Exercise 005
3 | Creator of Exercise: Sofia Santos
4 |
5 |
6 | ## Task Goals
7 | To identify the following from the screenshot of a zoo live cam:
8 | I. In which zoo are these polar bears located?
9 | II. What was the temperature at the time of the screenshot?
10 | III. The exact coordinates of where the bears were lying down?
11 |
12 | More details of the image:
13 | The image below is a screenshot from a zoo live cam. It was taken on January 15, 2023 at around 2pm local time.
14 |
15 | 
16 |
17 | ### Write up and Thought-Process
18 | **Part 1: Google Search and Image Reverse Lookups**
19 | Did a simple Google search of [polar bear enclosure webcam](https://tinyurl.com/2rays3fm) and got these results.
20 |
21 | Navigated to the first search result, the San Diego Zoo link, and delved deeper. The live cam view of the polar bear enclosure in San Diego didn't budge, and the watermark from the top right hand corner was missing too.
22 |
23 | After which, I proceeded to an image reverse look-up, but it wasn't the best way. Tineye, and Yandex didn't help. And Google brought other OSINTers write-ups of this exact task.
24 |
25 | Attempted this one more time with Bing, to see if it gave anything, and this image appeared, with a similar watermark on the top right hand side.
26 |
27 | 
28 |
29 | The screenshot helped affirm that the enclosure was the correct one. Plus, the [article](https://www.makeuseof.com/tag/virtual-travel-experiences-family/) the picture was from mentioned the San Diego Zoo.
30 |
31 | **Part 2: Temperature on Jan 15th, 2023, 2pm Local Time**
32 | Google searched up "historical temperature san diego" and used this [Weather Underground tool](https://www.wunderground.com/history/daily/us/ca/san-diego/KSAN/date/2023-1-15) and looked up the temperature for the day. At close to 2pm, it's roughly 63°F (or 17.2°C).
33 |
34 | **Part 3: Coordinates of Polar Bears Lounging**
35 | So, it's established that they're part of a Polar Bear enclosure in San Diego Zoo. Let's first find that on Google Maps.
36 |
37 | 
38 |
39 | Estimating that the polar bears were lounging roughly where the pinpoint is for for the polar bear plunge on Google Maps, at thereabouts: 32.734453180155164, -117.15457469249506. It's quite accurately inside the enclosure and after toggling the camera views of the pictures captured of the enclosure, that could be where the polar bears were lounging within the enclosure.
40 |
41 | So, the results for the goals in this exercise:
42 | I) San Diego Zoo
43 | II) 63°F (or 17.2°C)
44 | III) Rough coordinates of lounging: 32.734453180155164, -117.15457469249506
45 |
46 | ### Credits:
47 | Full credits to Sofia Santos for putting together this exercise.
48 |
49 |
--------------------------------------------------------------------------------
/OSINT Exercise 5/ans_pics/SanDiegoZooPolarBearCam.avif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 5/ans_pics/SanDiegoZooPolarBearCam.avif
--------------------------------------------------------------------------------
/OSINT Exercise 5/ans_pics/pic2_polar_bear_enclosure.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 5/ans_pics/pic2_polar_bear_enclosure.png
--------------------------------------------------------------------------------
/OSINT Exercise 5/osint_ex_5_task_photo.webp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 5/osint_ex_5_task_photo.webp
--------------------------------------------------------------------------------
/OSINT Exercise 6/OSINT Exercise 006.md:
--------------------------------------------------------------------------------
1 | # OSINT Exercise 006
2 | [Link to full briefing](https://gralhix.com/list-of-osint-exercises/osint-exercise-006/) of OSINT Exercise 006
3 | Creator of Exercise: Sofia Santos
4 |
5 | ## Task Briefing
6 | On January 19, 2023, a journalist with almost 140k followers on Twitter shared an image of a destroyed vehicle amidst a large cloud of smoke and fire. The tweet said: "BREAKING: TTP carried out a suicide attack on a police post in Khyber city of Pakistan that killed three Pakistani police officers."
7 |
8 | ## Task Goals
9 | The photo is not of the event described by the journalist.
10 | a) Verify the statement above.
11 |
12 | 
13 |
14 | ### Write up and Thought-Process
15 | **Part 1: Google Searches of the headline**
16 |
17 | Tried a google search of the headline, and it did get confirmed that this report of the attack happened. Some links include:
18 | I) A [news agency](https://www.thenews.com.pk/latest/1032268-khyber-agency) from Pakistan
19 | II) Another [article](https://www.mashaalradio.com/a/three-policemen-killed-in-suicide-attack-in-khyber/32230945.html) sharing the same thing.
20 |
21 | But the next is to find the source of where the image came from: we'll do an image reverse lookup for that blast photo used.
22 |
23 | **Part 2: Original Source/News of the blast photo**
24 |
25 | 
26 |
27 | Using the photo above, I attempted a reverse image look-up, to see if there was another news article that reported this.
28 |
29 | From the [search results](https://tinyurl.com/48vjm8r5) one article about a blast in [Turkish-Controlled Syrian Town](https://english.aawsat.com/home/article/2549496/18-killed-bombing-turkish-controlled-syrian-town) makes use of the same photo, and a number of articles use them for reporting about radical violence in various places on the planet. The search results also gave the actual journalist's link to his tweet from above.
30 |
31 | Amongst the links, [this one](https://en.m.wikipedia.org/wiki/File:WaziriyaAutobombeIrak.jpg) caught attention. It is an example of archival records of the photograph used through the years.
32 |
33 | It mentions that the source is an old one from 2006. Likely, the photo was snapped back in Aug 2006 in Iraq. And scrolled down, it has details of the device used to take the photo as well.
34 |
35 | So to roughly conclude:
36 | There is a good chance that an attack did take place in Khyber back in Jan 2023, but the photo used wasn't an accurate one.
37 |
38 | ### Credits:
39 | Full credits to Sofia Santos for putting together this exercise.
40 |
41 |
--------------------------------------------------------------------------------
/OSINT Exercise 6/ans_pics/osintexercise006.jpeg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 6/ans_pics/osintexercise006.jpeg
--------------------------------------------------------------------------------
/OSINT Exercise 6/osint_ex_6_pic.webp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 6/osint_ex_6_pic.webp
--------------------------------------------------------------------------------
/OSINT Exercise 7/OSINT Exercise 007.md:
--------------------------------------------------------------------------------
1 | # OSINT Exercise 007
2 | [Link to full briefing](https://gralhix.com/list-of-osint-exercises/osint-exercise-007/) of OSINT Exercise 007
3 | Creator of Exercise: Sofia Santos
4 |
5 | ## Task Goals
6 | To find the following details about the photo:
7 | I) Where was the photo taken?
8 | II) In which year was the photo taken?
9 | III) The big poster in the right contained a link. What was the link?
10 |
11 | 
12 |
13 | ### Write up and Thought-Process
14 | **Part 1: Google Searches of the headline**
15 | Attempted a image reverse look-up, and from the results, [this link](https://tinyurl.com/4t4tatz2) looked promising, especially a few pictures in the photo rolodex. The stand-out photo is [this](https://tinyurl.com/9evpyt68).
16 |
17 | The location of this photo is mentioned to be Centro Comercial Vasco de Gama, at Parque das Nações, Lisboa, PT.
18 |
19 | Verifying this with a google search, and narrowing it to images shows a few more images with the same art figure.
20 |
21 | 
22 |
23 | And so, the location is indeed at the shopping mall Centro Comercial Vasco de Gama, in Lisboa, Portugal.
24 |
25 | **Part 2: Verifying the year the photo was taken**
26 |
27 | Referring to the task photo once again:
28 |
29 | 
30 |
31 | One potential big clue is in the Egyptian Mummy poster on the upper right hand corner of the photo.
32 |
33 | Next thing is to verify, what that building is, that's opposite to the shopping mall, and seeing if there were any potential Egypt-related events in that vicinity.
34 |
35 | The first was to attempt a man-drop in the area of where the photo was taken, so that we could then orient ourselves into the street. The landmark to find near the mall is the art figure.
36 |
37 | On Maps, from a top view, with the satellite layer activated, the area this art structure is at, is at the back of the mall.
38 |
39 | 
40 |
41 | And from the task photo, it's understood that it's a pedestrian friendly area, a man-drop could be done to orientate facing the building with the egyptian photo.
42 |
43 | After man dropping, the vicinity could be verified because the flagpoles behind the structure were still around:
44 |
45 | 
46 |
47 | In addition, there was a feature called "See more dates", which means it show photos of the same area in the past. After toggling a little bit to the past, there was a photo from the past with the Egyptian poster.
48 |
49 | 
50 |
51 | The rough date of the photo was Oct 2019.
52 |
53 | **Part 3: Getting the link on the poster**
54 | One thing to note, when maneuvering Maps' drop-man, while it might navigate the user to pedestrian friendly areas, there's a chance the date could change. That's what I had encountered when trying to move closer to the wall with the Egyptian poster when the date was set to Oct 2019.
55 |
56 | Let's first see if any results happen when looking up Egyptian events in October 2019, in Lisbon.
57 |
58 | Using Google Lens, zooming into the poster, the [name of the king on exhibit](https://tinyurl.com/yc6rkaa4) was "Tutankhamun". However, searching "Tutankhamun Lisbon 2019" into Google didn't fully help. One other thing to do was to try the Portuguese domain of google. With that, some of the more promising results began to show. A number of images with the similar [poster began to appear](https://tinyurl.com/3wcabwu3)
59 |
60 | From the results, it could be seen that the link in the poster was: "www.tutankamon.pt".
61 |
62 | And so, the results of this Exercise are:
63 | I) Centro Comercial Vasco de Gama, in Lisboa, Portugal
64 | II) Year was 2019
65 | III) Link was "www.tutankamon.pt"
66 |
67 | ### Credits:
68 | Full credits to Sofia Santos for putting together this exercise.
69 |
70 |
--------------------------------------------------------------------------------
/OSINT Exercise 7/ans_pics/building_with_wall.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 7/ans_pics/building_with_wall.png
--------------------------------------------------------------------------------
/OSINT Exercise 7/ans_pics/flagpoles_behind_the_structure.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 7/ans_pics/flagpoles_behind_the_structure.png
--------------------------------------------------------------------------------
/OSINT Exercise 7/ans_pics/found_the_egyptian_poster.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 7/ans_pics/found_the_egyptian_poster.png
--------------------------------------------------------------------------------
/OSINT Exercise 7/ans_pics/locating_art_in_gmap.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 7/ans_pics/locating_art_in_gmap.png
--------------------------------------------------------------------------------
/OSINT Exercise 7/ans_pics/more_pics_with_the_figure.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 7/ans_pics/more_pics_with_the_figure.png
--------------------------------------------------------------------------------
/OSINT Exercise 7/osint_ex_7_pic.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 7/osint_ex_7_pic.png
--------------------------------------------------------------------------------
/OSINT Exercise 8/OSINT Exercise 008.md:
--------------------------------------------------------------------------------
1 | # OSINT Exercise 008
2 | [Link to full briefing](https://gralhix.com/list-of-osint-exercises/osint-exercise-008/) of OSINT Exercise 008
3 | Creator of Exercise: Sofia Santos
4 |
5 | ## Task Goals
6 | To find the following details about the photo:
7 | I) What was the audience applauding?
8 | II) When was the photo taken?
9 | III) What is the name of the venue?
10 |
11 | 
12 |
13 | ### Write up and Thought-Process
14 | **Part 1: Quick details to pick out from the image**
15 | Number of clues are in the image about a couple of things:
16 | - The date: article was reported on 2023, January (月 translates to month), 12th (日 translates to day).
17 |
18 | - Couple of English names/phrases are present in the reporting: "Michael Hinterseer", "Kiobel Blanco"
19 |
20 | - The E-version/website of the same newspaper appears to be present in the top left: "www.da(ji)yuan.co.uk" --> assuming its "ji" in the brackets, might be another character.
21 |
22 | Maybe worth a shot to find hints of this article online in the website first.
23 |
24 | **Part 2: Investigating the website**
25 | Entering this website from above to try and see if there's an online version of the article, or something else.
26 |
27 | Entering that, brings us to: https://www.epochtimes.com/
28 |
29 | Within that, tried to search up a term used in the article. Decided to give the "Hinterseer" term a go.
30 |
31 | 
32 |
33 | While the date was not the same, as the newspaper, it was worth digging in, as the term appears quite frequently. And intriguingly, so did the other name: "Kiobel Blanco".
34 |
35 | Also, [their photo](https://www.epochtimes.com/b5/23/1/8/n13902211.htm#:~:text=Owner%20of%20century%2Dold%20German%20family%20business%20praises%20Shen%20Yun%20for%20displaying%20traditional%20values) from the newspaper articles appears once again.
36 |
37 | So, this is an article mentions about Shen Yun North American Art Troupe's performance. From their tour in Jan 2023.
38 |
39 | **Part 3: Gathering details of the task photo**
40 | So we've narrowed the performance group, and the news agency that reports on them. But let's see if there are more searches we could do, to narrow out that photo used in the article.
41 |
42 | 
43 |
44 | So a bigger picture is coming to place, this artistic troupe is often spoken about by the new agency. And respectively, for each global branch of the troupe, there is a collection of articles. In our case, we're keen on the [North American one](https://www.theepochtimes.com/shenyun/shenyun-north-america-company). Unfortunately, this didn't give the best results. And kept getting stuck at a paywall. So the next approach was to try an image search.
45 |
46 | 
47 |
48 | This resulted in the task photo appearing again as part of the results. Clicking into the photo, the article features the task photo [here](https://en.minghui.org/html/articles/2023/1/13/206159.html#:~:text=Shen%20Yun%20North%20America%20Company%20at%20the%20Chrysler%20Hall%20in%20Norfolk%2C%20Virginia%2C%20on%20January%207.%20The%20company%20presented%20three%20performances%20in%20Norfolk%20January%207%E2%80%938%2C%20all%20to%20packed%20houses.%20(The%20Epoch%20Times))
49 |
50 | 
51 |
52 | It shows us the venue: Chrysler Hall, Norfolk, Virginia. For the show taken place on Jan 7th 2023.
53 |
54 | And so, the results of this Exercise are:
55 | I) A performance by the Shen Yun Troupe. In the case of the photo, by the North America company
56 | II) Taken on Jan 7th, 2023
57 | III) Venue was Chrysler Hall, Norfolk, Virginia
58 |
59 | ### Credits:
60 | Full credits to Sofia Santos for putting together this exercise.
--------------------------------------------------------------------------------
/OSINT Exercise 8/ans_pics/google_search_of_shen_yun.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 8/ans_pics/google_search_of_shen_yun.png
--------------------------------------------------------------------------------
/OSINT Exercise 8/ans_pics/image_search_shenyun.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 8/ans_pics/image_search_shenyun.png
--------------------------------------------------------------------------------
/OSINT Exercise 8/ans_pics/search_result_on_eversion.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 8/ans_pics/search_result_on_eversion.png
--------------------------------------------------------------------------------
/OSINT Exercise 8/ans_pics/task_photo_origin.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 8/ans_pics/task_photo_origin.png
--------------------------------------------------------------------------------
/OSINT Exercise 8/osint_ex_8_pic.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 8/osint_ex_8_pic.png
--------------------------------------------------------------------------------
/OSINT Exercise 9/OSINT Exercise 009.md:
--------------------------------------------------------------------------------
1 | # OSINT Exercise 009
2 | [Link to full briefing](https://gralhix.com/list-of-osint-exercises/osint-exercise-009/) of OSINT Exercise 009
3 | Creator of Exercise: Sofia Santos
4 |
5 | ## Task Goals
6 | To find the following details about the photo:
7 | I) To the best of your knowledge, at what time was the video recorded?
8 | II) Find the coordinates of where the person was walking at the time of the recording.
9 |
10 |
11 | 
12 |
13 | ### Write up and Thought-Process
14 |
15 | **Part 1: Quick details to pick out from the image**
16 | The screenshot gives a good number of hints. It's in Tirana, Albania. A video of a sunset, and the name of the photographer. (Big hint, we might need to have a look at the original photographer's works for this video instead.)
17 |
18 | The date of the posted video by the Visit Tirana account also gives a clue: chances are, it would need to be a video they borrowed from the photographer before the upload date. So let's browse through the photographer's portfolio from before Feb 16th 2023, 10:07pm local time.
19 |
20 | **Part 2: Looking up the photographer's work**
21 | After some digging, there was a potential alias the photographer used. With an IG handle of (four_s34sons), and looking at the portfolio from Feb 16, 2023 and earlier, there was the [video](https://www.instagram.com/p/CouwRhAjsQ6/) that was used.
22 |
23 | To check the time it was recorded, had to dig into its metadata. Opening the video in a new tab, and using the Inspect tool. That would give a clue on the video recording time.
24 |
25 | Assuming the video is taken in 2023, let's look for "2023" in the inspect page of the upload.
26 |
27 | After looking for the string "2023" in the index, there came a potential datetime:
28 |
29 | 
30 |
31 | Given that timestamp, chances are it was uploaded at 16:48:43 local time in Tirana, on Feb 16th, 2023.
32 | Therefore, for recording the video, and pushing it up immediately after: perhaps 16:45-16:46 local time.
33 |
34 | The displayed date is showcased as 17th Feb 2023 here because of being located in a timezone ahead of Tirana.
35 |
36 | **Part 3: Coordinates of where the video was recorded**
37 | So, a few more hints to consider: it was taken at sunset, roughly at the local time of 16:48. Using these hints, we can try to manipulate the layers in Google Maps, and see what shakes.
38 |
39 | Another clue to note is that the photographer is walking towards a flashing green sign - a potential pharmacy. And there was a tall red building to his right side. Also, he's walking towards the sunset, so some west direction is there as well.
40 |
41 | With these clues, let's look into Tirana on Google Maps.
42 |
43 | 
44 |
45 | For this view of Tirana, I chose to add pharmacies in the area, a typical traffic situation at 4.45pm local time, and look for a street that extends out towards the West.
46 |
47 | With those features, it narrowed the street down to this one:
48 | 
49 |
50 | Seeing the traffic on either side of the video, given the car density, the red portion of the street is a good place to start "walking down" from. To that area, let's try a man drop.
51 |
52 | **Part 4: Mandrop into Street**
53 | After mandropping into the street, it shows us that it's at Kavaja Street. There is a pedestrian divider as shown in the video. Walking towards the direction of the sunset, I'd almost missed the area the red building would've been at, because the date time went back. After choosing to update the date on Google Maps, it could be confirmed that the area matches the video.
54 |
55 | 
56 |
57 | Backtracking a few steps, from the building, the rough coordinates, along Kavaja Street, would be: 41.326760, 19.806688
58 |
59 | ### Credits:
60 | Full credits to Sofia Santos for putting together this exercise.
61 |
--------------------------------------------------------------------------------
/OSINT Exercise 9/ans_pics/Potential Street.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 9/ans_pics/Potential Street.png
--------------------------------------------------------------------------------
/OSINT Exercise 9/ans_pics/Tirana_with_traffic.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 9/ans_pics/Tirana_with_traffic.png
--------------------------------------------------------------------------------
/OSINT Exercise 9/ans_pics/highlighted_street.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 9/ans_pics/highlighted_street.png
--------------------------------------------------------------------------------
/OSINT Exercise 9/ans_pics/inspect_page_2023.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 9/ans_pics/inspect_page_2023.png
--------------------------------------------------------------------------------
/OSINT Exercise 9/ans_pics/red_building.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 9/ans_pics/red_building.png
--------------------------------------------------------------------------------
/OSINT Exercise 9/ans_pics/with traffic layer.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 9/ans_pics/with traffic layer.png
--------------------------------------------------------------------------------
/OSINT Exercise 9/osint_ex_9_pic.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Ragmthy/gralhix_osint_exercises/c02b8b3ca7eea54ff6dccb6ec217e85dd66d8ba1/OSINT Exercise 9/osint_ex_9_pic.png
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # gralhix_osint_exercises
2 | Repository for write-ups of OSINT exercises
3 | Link to exercises: https://gralhix.com/list-of-osint-exercises/
4 |
5 | Links to Individual Exercise's Writeup:
6 | [Exercise 1](https://github.com/Ragmthy/gralhix_osint_exercises/blob/main/OSINT%20Exercise%201/OSINT%20Exercise%20001.md)
7 | [Exercise 2](https://github.com/Ragmthy/gralhix_osint_exercises/blob/main/OSINT%20Exercise%202/OSINT%20Exercise%20002.md)
8 | [Exercise 3](https://github.com/Ragmthy/gralhix_osint_exercises/blob/main/OSINT%20Exercise%203/OSINT%20Exercise%20003.md)
9 | [Exercise 4](https://github.com/Ragmthy/gralhix_osint_exercises/blob/main/OSINT%20Exercise%204/OSINT%20Exercise%20004.md)
10 | [Exercise 5](https://github.com/Ragmthy/gralhix_osint_exercises/blob/main/OSINT%20Exercise%205/OSINT%20Exercise%20005.md)
11 | [Exercise 6](https://github.com/Ragmthy/gralhix_osint_exercises/blob/main/OSINT%20Exercise%206/OSINT%20Exercise%20006.md)
12 | [Exercise 7](https://github.com/Ragmthy/gralhix_osint_exercises/blob/main/OSINT%20Exercise%207/OSINT%20Exercise%20007.md)
13 | [Exercise 8](https://github.com/Ragmthy/gralhix_osint_exercises/blob/main/OSINT%20Exercise%208/OSINT%20Exercise%20008.md)
14 | [Exercise 9](https://github.com/Ragmthy/gralhix_osint_exercises/blob/main/OSINT%20Exercise%209/OSINT%20Exercise%20009.md)
15 | [Exercise 10](https://github.com/Ragmthy/gralhix_osint_exercises/blob/main/OSINT%20Exercise%2010/OSINT%20Exercise%20010.md)
16 | Exercise 11 --> As a reflective piece
17 | [Exercise 12](https://github.com/Ragmthy/gralhix_osint_exercises/blob/main/OSINT%20Exercise%2012/OSINT%20Exercise%20012.md)
18 | Exercise 13 --> New Twitter interface launched since. Might need new techniques to figure it out
19 | [Exercise 14](https://github.com/Ragmthy/gralhix_osint_exercises/blob/main/OSINT%20Exercise%2014/OSINT%20Exercise%20014.md)
20 | [Exercise 15](https://github.com/Ragmthy/gralhix_osint_exercises/blob/main/OSINT%20Exercise%2015/OSINT%20Exercise%20015.md)
21 | [Exercise 16](https://github.com/Ragmthy/gralhix_osint_exercises/blob/main/OSINT%20Exercise%2016/OSINT%20Exercise%20016.md)
22 | [Exercise 17](https://github.com/Ragmthy/gralhix_osint_exercises/blob/main/OSINT%20Exercise%2017/OSINT%20Exercise%20017.md)
23 | Exercise 18
24 | [Exercise 19](https://github.com/Ragmthy/gralhix_osint_exercises/blob/main/OSINT%20Exercise%2019/OSINT%20Exercise%20019.md)
25 | [Exercise 20](https://github.com/Ragmthy/gralhix_osint_exercises/blob/main/OSINT%20Exercise%2020/OSINT%20Exercise%20020.md)
26 | [Exercise 21](https://github.com/Ragmthy/gralhix_osint_exercises/blob/main/OSINT%20Exercise%2021/OSINT%20Exercise%20021.md)
27 | [Exercise 22](https://github.com/Ragmthy/gralhix_osint_exercises/blob/main/OSINT%20Exercise%2022/OSINT%20Exercise%20022.md)
28 | [Exercise 23](https://github.com/Ragmthy/gralhix_osint_exercises/blob/main/OSINT%20Exercise%2023/OSINT%20Exercise%20023.md)
29 | [Exercise 24](https://github.com/Ragmthy/gralhix_osint_exercises/blob/main/OSINT%20Exercise%2024/OSINT%20Exercise%20024.md)
30 | [Exercise 25](https://github.com/Ragmthy/gralhix_osint_exercises/blob/main/OSINT%20Exercise%2025/OSINT%20Exercise%20025.md)
31 | [Exercise 26](https://github.com/Ragmthy/gralhix_osint_exercises/blob/main/OSINT%20Exercise%2026/OSINT%20Exercise%20026.md)
32 | [Exercise 27](https://github.com/Ragmthy/gralhix_osint_exercises/blob/main/OSINT%20Exercise%2027/OSINT%20Exercise%20027.md)
33 | [Exercise 28](https://github.com/Ragmthy/gralhix_osint_exercises/blob/main/OSINT%20Exercise%2028/OSINT%20Exercise%20028.md)
34 | [Exercise 29](https://github.com/Ragmthy/gralhix_osint_exercises/blob/main/OSINT%20Exercise%2029/OSINT%20Exercise%20029.md)
35 | [Exercise 30](https://github.com/Ragmthy/gralhix_osint_exercises/blob/main/OSINT%20Exercise%2030/OSINT%20Exercise%20030.md)
36 | [Exercise 31](https://github.com/Ragmthy/gralhix_osint_exercises/blob/main/OSINT%20Exercise%2031/OSINT%20Exercise%20031.md)
37 |
38 |
39 |
--------------------------------------------------------------------------------