Learn to use AI like a Pro. Learn More

A journey in open-source intelligence and hacking challenges

I took a CIA test

Estimated read time: 1:20

    Learn to use AI like a Pro

    Get the latest AI workflows to boost your productivity and business performance, delivered weekly by expert consultants. Enjoy step-by-step guides, weekly Q&A sessions, and full access to our AI workflow archive.

    Canva Logo
    Claude AI Logo
    Google Gemini Logo
    HeyGen Logo
    Hugging Face Logo
    Microsoft Logo
    OpenAI Logo
    Zapier Logo
    Canva Logo
    Claude AI Logo
    Google Gemini Logo
    HeyGen Logo
    Hugging Face Logo
    Microsoft Logo
    OpenAI Logo
    Zapier Logo

    Summary

    In a humorous and adventurous attempt to complete a CIA test, Bog embarks on a journey through various open-source intelligence (OSINT) techniques, capture-the-flag challenges, and cyber detective work. This adventure includes translating binary code, hunting for metadata in images, and navigating complicated hacking quests on the internet. As Bog grapples with technical challenges and the depth of information available online, the journey turns into an engaging exploration of cyber knowledge and perseverance, albeit with a few hilarious stumbles along the way.

      Highlights

      • Bog explores the TryHackMe platform for beginner-friendly hacking challenges. πŸ’»
      • Struggles with translating binary code revealing a simple message. 🀯
      • Accidentally stumbles upon complex cryptographic challenges and OSINT techniques. πŸ•΅οΈβ€β™‚οΈ
      • Encounters and bypasses technical issues while exploring metadata. πŸ”
      • Realizes the importance of using available internet resources skillfully. πŸ“š

      Key Takeaways

      • OSINT skills can be developed by tackling fun, online challenges! πŸ•΅οΈβ€β™‚οΈ
      • Sometimes the answers are hidden in plain sight, inspect thoroughly! πŸ”
      • Perseverance is key, even if you're stuck for hours. Keep going! πŸ’ͺ
      • The internet is a vast resource; leverage it smartly! 🌐
      • Learning from experts online can speed up your understanding immensely. πŸ“š

      Overview

      Bog set out to complete a CIA test, diving into the world of OSINT with enthusiasm and a touch of humor. Armed with just curiosity and a little prior knowledge, he browsed the TryHackMe platform, hoping to find beginner-friendly challenges. Despite an initial struggle with understanding the platform’s intricacies, such as translating binary codes, he pressed on with determination.

        Throughout the journey, Bog faced several hurdles, including cracking cryptographic codes and navigating social media trails to hunt down user information. Each step presented new learning opportunities and insight into the complexities of online intelligence gathering. His experiences highlighted the importance of perseverance, as he kept trying different methods to solve each puzzle, even when the answers seemed elusive.

          The adventure was both educational and entertaining, ultimately illustrating that the internet can offer vast resources for learning and development. Bog leveraged the help of online guides and expert advice to enhance his understanding and skills. This endeavor became a testament to creative problem-solving and learning in the digital age, offering both challenges and laughter along the way.

            Chapters

            • 00:00 - 00:30: Introduction The introduction chapter introduces the concept of a platform (Haack me.com) that offers beginner-friendly hacking challenges and CTF (Capture the Flag) events with lucrative prize pools. A free plan provides personal hackable instances for practice, and the platform includes competitive elements like King of the Hill leaderboards. The narrator expresses apprehension about the challenges involving Linux systems, which they were not expecting, initially thinking the platform might have been related to the CIA.
            • 00:30 - 05:00: First OSINT Challenge In this chapter, the first OSINT (Open Source Intelligence) challenge is introduced, emphasizing the importance of practice in mastering techniques. The narrator suggests that practice can sometimes be more beneficial than theoretical learning. The focus is on using a variety of OSINT techniques to tackle the challenge prepared by Dojo OSN. The chapter highlights the concept of open-source intelligence, which entails gathering data from public and legal sources to meet specific objectives. The narrator humorously mentions 'yoinking' the test from Rainbow, who had previously made a video on the subject, illustrating a light-hearted approach to the serious task of information gathering.
            • 05:00 - 10:00: Discovering Metadata In this chapter, titled 'Discovering Metadata', the narrator describes their experience with a test revolving around OSINT (Open Source Intelligence) techniques. They initially view only 20 seconds of the test, which seems to focus on various intelligence-gathering strategies. Participants are cautioned against using active techniques like contacting account owners or resetting passwords to solve challenges. The narrator experiments with clicking on an OSINT link on a website, discovering a dictionary feature that aids in the task. They humorously recount the process of figuring out where and how to provide answers, leading to their eventual success in completing the challenge.
            • 10:00 - 15:00: Struggling with GitHub Information In the chapter titled 'Struggling with GitHub Information,' the storyline revolves around a cyber attack on the OSI n Dojo. Administrators, while conducting forensic analysis, found an image purportedly left by the attackers. This chapter highlights the significance of images in cyber forensics, explaining how images can hold both visible and embedded information. This information can include metadata like the creation or modification date, which could potentially offer clues about the attackers.
            • 15:00 - 20:00: Searching for the LinkedIn Profile The chapter discusses the process of investigating digital files, focusing on extracting metadata. It describes the steps taken to identify the username used by an attacker, emphasizing the challenges with binary code language and the initial approach of downloading an image to explore its metadata for relevant information.
            • 20:00 - 25:00: Uncovering the Dark Web Link In this chapter, the protagonist, Sakura, is trying to uncover information related to a mysterious SVG file. She checks the metadata for any security details, owning up to being the file owner, but finds nothing significant or related. Faced with this dead end, Sakura decides to try translating binary code found within the file using a binary translator, but is unsure about the process, pondering whether to read the binary code from left to right.
            • 25:00 - 30:00: Investigating Attack Route In the chapter titled 'Investigating Attack Route,' the narrative seems to revolve around deciphering or troubleshooting a problem related to data or information presentation. The speaker acknowledges a possible mistake in data entry, specifically mentioning a missing zero. The phrase 'a picture is worth a thousand words' is discussed, leading to the conclusion that while a picture conveys significant information, metadata (the underlying data about data) holds even greater value. The conversation ends with the speaker reflecting on the time-consumed resolving the issue, ultimately recognizing the higher value of metadata over visual data representation.
            • 30:00 - 35:00: Final Attempts and Realizations In the chapter titled 'Final Attempts and Realizations,' the protagonist is deeply engrossed in unraveling the mystery by searching for clues in the metadata of files. Driven by the realization that metadata might hold the key, they decide to utilize an online tool to search for such information. Upon investigating the document, they discover a significant amount of metadata, including names like 'honed letter' and 'home Sakura snow angel IO.' Eventually, they stumble upon a file name 'Sakura s Angel,' which feels like an important breakthrough. With cautious optimism, they submit the information, suspecting they are getting closer to identifying the attacker.
            • 35:00 - 40:00: Reflection and Lessons Learned In this chapter, the focus is on a critical error made in operational security, where the attacker reused their username across various social media platforms. This oversight provides an opportunity to gather more information about the attacker by finding their other social media accounts. The chapter discusses using the attacker's username, identified in a previous task, to conduct an open source (OS) investigation. The goal is to collect additional identifying information while being cautious of false negatives. The specific task includes identifying the full email address used by the attacker.

            I took a CIA test Transcription

            • 00:00 - 00:30 try Haack me.com this is going to be interesting solve daily beginner-friendly challenges with over 100 billion worth in prizes up for grabs oh didn't expect this to require an investment but there's a free plan personal hackable instances CTF challenges what does that mean oh Capture the Flag I knew what that means is it actually Capture the Flag here though compete let's compete King of the Hill leaderboards okay King of the Hill there's a bunch of Linux logos that scares me I have no idea how to do this I thought this was going to be a CIA
            • 00:30 - 01:00 test learn practice reinforce your learning let's try to practice without First Learning which is a great idea okay here we go I think this is the one use a variety of os n techniques to solve this room created by the dojo OS n this really shows how well prepared I am for this test it means open-source intelligence refers to a process of gathering information from public legal data sources to serve a specific function okay boink now I'm yoinking this test from rainbow who made a video
            • 01:00 - 01:30 completing this test I have seen around 20 seconds of it so that's how I managed to find it this room is designed to test a wide variety of different OS in techniques do not attempt any active techniques such as reaching out to account owners password resets Etc to solve these challenges what happens if I click on OS i n t open source intelligence how useful there's a dictionary within the website boom here we go logged in type in let's go in the answer box below to continue is this trick question I can't type it in oh there we go let's let's go boink correct
            • 01:30 - 02:00 background the OSI n Dojo recently found themselves the victim of a Cyber attack during this forensic analysis or admins found an image left behind by these cyber criminals perhaps it contains some clues that could allow us to determine who the attackers were we've copied the image left by the attacker you can view it here in your browser boink you've been pwned okay instructions images can contain a treasure Trove of information both on the surface as well as embedded within the file itself you might find information such as when the photo was
            • 02:00 - 02:30 created what software was used author and copyright information as well as other metadata significant to an investigation answer the question below what username does the attacker go by okay there's an image a bunch of ones and zeros so it's probably the what's the language called binary code okay binary language but I'm very lazy to try to translate this so let's first try to download this image and see if there's any way to find the username in the metadata wait before I do that let's go show more options and properties is
            • 02:30 - 03:00 there anything here SVG file security details owner that's me Sakura pwned letter previous versions okay how to view image metadata right click on the file select properties in the dropdown select the details tab in the properties window to view metadata so it doesn't seem to be anything related to this well I guess I'm going to have to translate these ones and zeros binary translator here we go 0 1 0 0 0 0 0 1 wait do I go left to right
            • 03:00 - 03:30 probably okay I'm up until here does this give me anything eight piure is wo probably mistyped one of these this one seems to be missing a zero the picture is W okay does this make sense now a picture is worth 100 words that took a while a picture is worth 1,000 words but the metadata is worth far more so I just did this for no
            • 03:30 - 04:00 reason love red herrings but there's nothing in the metadata there's attributes what if I look for a tool online that lets me search for metadata check files for metadata info okay view metadata upload the file ooh there's a lot more here document name honed letter export file name home Sakura snow angel IO oh wait is this it Sakura s Angel surely this has to be submit correct easy it appears that our attacker made a
            • 04:00 - 04:30 fatal mistake in their operational security they seem to have reused their username across other social media platforms as well this should make it far easier for us to gather additional information on them by locating their other social media accounts in order to answer the following question use the attacker's username found in task 2 to explain the OS n investigation into other Platforms in order to gather additional identifying information on the attacker be wary of false negatives what is the full email address used by
            • 04:30 - 05:00 the attacker what's the attacker's full real name ooh this is getting serious so I'm going to need this username to find the real name and the email address if you put something inside of quotation marks when Googling it's only going to search for that specific thing without any suggestions so let's see what that gives us a GitHub account okay let's try GitHub IO sakuras No Angel IO looks like the person I'm looking for so how do I now get an email address from this CPU Miner CPU Miner for Litecoin and Bitcoin what if I go inside here license maybe
            • 05:00 - 05:30 the license has a full name authors no that's not it IO public hello world and then test what's test interesting pgp public pgp Keys okay how do I find out an email address of someone who has a GitHub account looks like it could be a hacker because there's a CPU minor application in his GitHub account there's a Reddit account are there any posts comments no wait how do I find out the email address or the name is it going to be hidden somewhere in these projects here I surely hope not ethereum
            • 05:30 - 06:00 minor with opencl Cuda and Statum support okay let's go through these project and maybe find an email address password at mining pool interesting pgp public key block what's pgp pretty good privacy is an encryption system used for both sending encrypted emails and encrypting sensitive files what a great name just pretty good privacy I don't see any emails here though Bitcoin oh this could be anywhere oh I think four worked means that these are projects
            • 06:00 - 06:30 that he copied and enhanced somehow so I should probably only be looking at his own projects that's most likely to have an email how to find out GitHub users email within the GitHub profile overview tab click on any pinned or popular repository okay there are a bunch of pinned repositories so let's just go into CPU minor click on the unique ID which you'll find right after the following verbiage latest commit code pull requests actions projects security oh I wish I knew how to use get Hub ooh
            • 06:30 - 07:00 repositories click on the unique ID huh activity I'm just clicking random stuff find the commit by the user code commits code two commits oh okay so this is a commit here hello world Okay add patch to the end of the URL patch didn't work oh I need to click on this thing yes now I'm in their commit history and now if I add patch here oh sakuras No Angel users. reply. github.com is this the email address but it seems like this is a GitHub email address so do I just add
            • 07:00 - 07:30 at gmail.com or maybe they might not be using Gmail okay note GitHub has a privacy option to enable masking user email some users enable that privacy option in that case you'll notice an email that looks similar to this username at users no reply github.com in that case you should ignore the email maybe try an older repository ooh okay I just tried the newest one this was created 3 years ago what about pgp keys go in here patch no it still has no
            • 07:30 - 08:00 reply. github.com very clever that's cool that you can do this by the way or not cool if you don't know that you can leak your email address like this all of the old ones are forked which leaves me with only pgp keys what if I search through all of his repositories ooh so the email is masked everywhere I'm pretty sure I found the right account here looks like things a hacker would be interested in or maybe it's another red herring okay I'm a little stuck here let's look for more of this user Sakura
            • 08:00 - 08:30 room try hack me well there is someone telling me how to do it not going to go there what if I search without quotation marks Sakura lover IO but I want Snow Angel attacker's full real name well since their name here is IO probably that's the name and maybe that's actually the email they want I doubt it but I can try this one here first let's try the name doesn't submit did the website crash reload oh answer format four stars and then three stars so it's probably ask me for a full name not just
            • 08:30 - 09:00 the first name wait is this his Twitter profile checking out some last minute cherry blossoms before heading home no more forgetting my apis when I get new phones this looks like a fake profile set up by the test so maybe I wasn't even supposed to be looking at the GitHub but I still need his last name silly me I forgot to introduce myself hi there I'm IO Abby 3 that must be his full name right IO Abby and what is this profile then ooh okay so this seems to be his actual profile maybe there's an
            • 09:00 - 09:30 email address seems to only be two posts what is this uh-oh voltage. Co loading wait is this his YouTube profile no it's voltage Channel at least I know that his name is IO Abby submit correct let's go do I risk this email I really don't think this is the right email or is it going to be just his first and last name and then at gmail.com or it might be sakuras no angel gmail.com cuz he's been using that username everywhere or it might be IO Abby [email protected] so many
            • 09:30 - 10:00 possibilities okay let's just try this email please be good what if I just do at gmail.com doesn't let me submit format a bunch of stuff.com so what if I do ioab gmail.com doesn't seem like it is there a way to find an email address from any of these posts looks like my last paste got removed when the website changed domains adding a new one to remember results for something regular Wi-Fi and passwords Anon October 14th not too concerned about someone else
            • 10:00 - 10:30 finding them on the dark web anyone who wants them will have to do a real deep search to where I pasted them so close to home can't wait to finally be back my final layover time to relax how do I find the email LinkedIn seven iiko Abby profiles Japan maybe it's this one chief of staff contact info sign in to view io's full profile oh my God what if I look up for this username this is going way slower than I expected maybe it's this full entire thing I really don't
            • 10:30 - 11:00 think so no sakuras no angel gmail.com no wait I'm struggling so hard with the email how do you do the email easy I don't see anything easy about this what is this what if I translate this post a story event an otherworldly first date for two in love is now being held at the Magic World Prince and the enchanted nightmare what is the time that you two spend together in the world where you were born what what about the hashtags
            • 11:00 - 11:30 Magic World nightmare Magic World event so he's attended some event I think am I sure that the email cannot be found on GitHub no more forgetting my APS when I get new phones wait a minute what's an AP in a phone mobile application processor a system semiconductor that is installed on smartphones what can you do with an AP number many of you put your AP numbers into notability or program on your iPad wow I'm really stuck with the email what is this we website I'm afraid
            • 11:30 - 12:00 to click this link wait I just can't find the email I can't maybe it's in Reverse Abby IO io. Abby but I'm guessing I shouldn't be guessing I should know the email surely it has to be on the GitHub right maybe it's this but again I'm guessing this is taking way too long I'm definitely not passing the CIA test there's IO Abby Instagram a Facebook profile studied at Kyoto Japan
            • 12:00 - 12:30 doesn't seem like it's him that's an old lady wait this is supposed to be easy I've been at it for like 1 and 1/2 hours trying to find this guy's email took a little break let's continue the investigation while I was eating my brain thought about this number here surely it has to do something with this not sure what it is yet he says no more forgetting my APS when I get new phones can you find out something about a person with their IP address wireless access access point repeated scanning of
            • 12:30 - 13:00 a specific AP address can reveal when a person is typically at home or their usual routines oh it's also known as the Mac media Access Control address what if I Googled the address oh my screenshot tool has OCR let's yoink these numbers boom okay what if I Google this try hack me sakur room write up don't read any of the answers md5 reverse what's md5 message digest algorithm is a cryptographic hash function that produces es a hash value it was designed
            • 13:00 - 13:30 to generate a unique fixed size output from input data of any size what if I do md5 reverse reverse I have no idea what's going on okay let's try Googling from md5 md5 can be used as a check sum to verify data Integrity against unintentional corruption reverse md5 hash these words are getting complicated reverse calculator md5 to string sorry not found oh this is the later one one did he added let's yoink this one maybe
            • 13:30 - 14:00 this gives me something oh regular Wi-Fi and passwords that's what it says here what no more forgetting my APS when I get new phones regular Wi-Fi and passwords so what does that mean doesn't seem to be leading to an email address surely it has to be one of these at this point I'm starting to get okay with just guessing IO Abby well there is an Instagram account that I can't access what about sakuras No Angel IO gmail.com the same as his username what about not
            • 14:00 - 14:30 capital letters okay the point of me finding the email is actually finding it not guessing what it is but how I don't see his email anywhere what if I search gmail.com here okay maybe let's search for more accounts with the username Sakura sow Angel IO maybe something else other than GitHub or Twitter comes up what about a Reddit account there's nothing about a Reddit account wait wait wait wait wait hey remember to censor your address this is
            • 14:30 - 15:00 his address or something hold up IO pswd eu1 ethermine.org how does this work look up ethereum wallet maybe go to etherscan.io we're here and enter the ethereum public address starting with o x in the search bar oh there it is it's in the link visit eth vm's website and input the ethereum public address in the search field oh you can use several blockchain Explorers so that's it search results for Io also I think it needs to
            • 15:00 - 15:30 end with this EF here wait there are 491 results that's not great maybe I shouldn't put this last part in maybe like this not sure what I'm looking at but these don't seem like email addresses transactions sent latest 179 days ago balance zero but how do I look up who it belongs to wait maybe this is an email address I mean it looks like an email address probably not yes remember to censor your address what if I go inside of this commit and do dot wait
            • 15:30 - 16:00 what was the thing I needed to put here oh dot patch dot patch no it's still the weird one from GitHub so it must have something to do with this surely so he removed this and then added this eth wallet. worker ID so I think this is the worker ID oh no the worker ID is IO and this is his password at mining pool so password and this is the mining pool no idea what any of those mean but it fits nicely into this so password comes after
            • 16:00 - 16:30 the semicolon and so pswd1 is the password and I assume this is the E wallet look up who owns this eth wallet based on the search results the ethereum wallet address appears to be associated with an individual named IO Abby this wallet is linked to a GitHub account with a username sakuras no angel IO the owner of this wallet also has a LinkedIn profile under the name IO Abby ooh so I need to go to his LinkedIn profile which one is it though is it this one contact info sign in to
            • 16:30 - 17:00 view io's full profile okay show contact info there's no email how is there no email more show all activity nothing to show really maybe this is not the right profile okay what about this one contact info no Singapore he's from Japan right because on his other profile there was some Japanese text so maybe it's this one contact info no emails exist interesting so maybe the email address might be in some other repositories or commits that he's done before one commit eth two commits I don't think it reveals
            • 17:00 - 17:30 any information here patch no wow the email address is destroying me I'm in some weird cryptocurrency Rabbit Hole Images Oh wait there is a LinkedIn profile try hack me oh probably wasn't supposed to look there cuz it's from the website that's giving me this test whoops could be considered this cheating maybe I need to look through more profiles see it's not here it doesn't show up in the search results Sakura lover IO how do I get an email address for Kura room exactly the email address
            • 17:30 - 18:00 is horrible wait is it one of these profiles but why doesn't it show the profile name I'm opening all of them and checking each one even the women can you find someone's email with their crypto wallet address no you cannot directly find someone's email address by using only their crypto wallet wallet addresses are designed to provide a level of pseudonymity in cryptocurrency transactions if the wallet address is associated with a known Exchange service the owner's
            • 18:00 - 18:30 identity may be known to that platform yeah I don't think the email is happening when I look for contact info it just gives me the profile link that's it no email how to find out someone's email on LinkedIn check the contact info section low successor use Chrome extensions ask the person directly use first deegree connections okay guessing by these snowflakes which I would definitely see
            • 18:30 - 19:00 in the real life hacking tracking scenario there's a bunch of them Doom so it must fit Aura lover IO at Yahoo or something doesn't fit see there are pictures of this on medium that I can't see what if I just Google Georgia Institute of Technology Institute of Technology has this LinkedIn profile been removed surely it has to be this one I just can't figure out the email that's it what if I go to the next task
            • 19:00 - 19:30 does it show me what cryptocurrency does the attacker own a cryptocurrency wallet for oh I know this isn't etherum no or is it eth no what is the attacker's cryptocurrency wallet address wait surely it's this yes so how is this not ethereum he's receiving ethereum so how is the cryptocurrency not it either way what mining pool did the attacker receive payments from on January 23rd January 23rd 2021 transaction hash do I click on this what mining pool maybe this is it ether mine it is oh okay
            • 19:30 - 20:00 let's just ignore the email for now what other cryptocurrency did the attacker exchange with using their cryptocurrency wallet so this is ethereum why is it not wait what cryptocurrency does the attacker own a crypto currency wallet for surely it's ethereum look up crypto wallet yeah it is ethereum they're one blockchains with results to search ethereum address balance zero okay let's just go back here let's filter by asset tether USD so tether oh got them so
            • 20:00 - 20:30 there are no other ones except ethereum or tether maybe I didn't spell it right I didn't spell it right okay so we're currently missing the reconnaissance email address but just did the fourth one so I'm moving on to step five answer the questions below what's the attacker's current Twitter handle why are the questions getting easier boink what is the URL for the location oh so it's a website what is the BSS ID for the attacker's home WiFi interesting so now it definitely has something to do
            • 20:30 - 21:00 with this I found out that this means regular Wi-Fi and passwords good to know Wi-Fi SS IDs let's figure out what that is service set identifier is a unique name that identifies a wireless network it serves as a crucial component in the functioning of Wi-Fi networks allowing devices to locate and connect to specific networks what's the URL for the location where the attacker saved their Wi-Fi and ssids and passwords he said not too concerned about someone else else finding them on the dark web how do
            • 21:00 - 21:30 website addresses look on the dark web Alpha numerical string the domain names consist of a random series of numbers and letters making them difficult to memorize for example onion onion yes it does look like onion so maybe it's just https colon double slash and this updated ID here this do onion no it's not okay so I know that it's a dark web address anyone who wants to find them will have to do a real deep search to find where I pasted them wait let's read
            • 21:30 - 22:00 the background just as we thought the Cyber criminal is fully aware that we're gathering information about them after their attack they were even so Brazen as to message the OS in N Dojo on Twitter and taunt us for our efforts the Twitter account which they used appears to use a different username than what we were previously tracking maybe there's some additional information we can locate to get an idea of where they are heading to Next we've taken a screenshot of the message sent To Us by the attacker you can view it in your browser here oh I just completely missed this okay IO Abby
            • 22:00 - 22:30 3 senior SD former Microsoft don't think I don't see what you're doing you won't catch me by the way I'm already heading back home by okay in order to answer the following questions you will need to view the screenshot of the message sent by the attacker to the OS n Dojo on Twitter and use it to locate additional information on the attacker's Twitter account you will then need to follow the leads from the Twitter account to the dark web and other Platforms in order to disc discover additional information
            • 22:30 - 23:00 wait I will have to go to the dark web for this uh-oh at least there are some hints let's not use them yet okay so I went to go to the io ABI 3 account this one here but it has only these tweets while I can tell that he's Japanese because this is Japanese I hope yes it's Japanese so since he's posting Japanese presumably he's from Japan I have a feeling this will be harder than the email wait it's four it's HTTP then h CTP colou slash. onion of course it
            • 23:00 - 23:30 doesn't work okay let's read task number six what airport is closest to the location the attacker shared a photo from prior to getting on their flight what airport did the attacker have their last layover in what lake can be seen in the map shared by the attacker as they were on their final flight home what city does the attacker likely consider home oh based on their tweets it appears our criminal is indeed heading home as they claimed the Twitter account seems to have plenty of photos which should allow us to piece together their route
            • 23:30 - 24:00 back home in OS int there's often times No Smoking Gun that points to clear and definitive answer instead an analyst must learn to synthesize multiple pieces of intelligence in order to make a conclusion of what is likely unlikely or possible okay let's skip the dark web questions and move on to location questions because I don't want to cave in and take the hint yet what airport is closest to the location the attacker shared a photo from prior to getting on their flight so I'm assuming this is the photo wait this is January 25th this is
            • 24:00 - 24:30 also January 25th so close to home can't wait to be back so it's all the same day and this is presumably inside of the airport can I just reverse image search this or wait first class Lounge Sakura Lounge J surely that's the airport name j airport Japan Airlines ooh International Airport guide J the question is what airport is closest Five Star Airline skyra first class Lounge Aura Lounge what if I just Google Sakura
            • 24:30 - 25:00 Lounge Tokyo International Airport Sakura Lounge Tokyo International Airport oh the answer is three letters so J submit it's not what airport did the attacker have their last layover in so this is J it's not okay Japan Airlines this looks very similar to the lounge o and it has the same logo here J L so he was in the Tokyo International Airport TI a is it Tia then why am I guessing everything how is it not this is exactly the same place where he was
            • 25:00 - 25:30 the logo is even the same here skyx skyx J oh it's just Airlines Airlines isn't an airport I'm an idiot airport is closest to the location not what airlines so this is the map of all airports where these airlines operate so he's going from somewhere to Japan international airport lounges so this airline has a bunch of lounges in many different airports Lounge list let's do East Asia there are a lot of lounges here now it's it's just a matter of finding the right one let's look at all
            • 25:30 - 26:00 the cities okay only these two have three letters in their name so is it bgs it's not is this bgs no which leaves us only with this one which is also wrong how is this an easy problem I have a whole new appreciation for people who do this stuff I haven't figured out the email so I have very low confidence for all of these questions H not only these questions but the dark web questions as well if I get this one correct about the airport I'm just happy
            • 26:00 - 26:30 this is insanely hard I decided to give up and look for the email okay some people may or may not consider this cheating but this medium article has a LinkedIn URL is copying it from here cheating probably yes but I just can't find his profile on LinkedIn so I'll copy it from here and check if it exists so it doesn't exist anymore and I just wasted like 3 hours looking for the email oh I'm so happy does doesn't exist anymore maybe LinkedIn banned the
            • 26:30 - 27:00 profile or something so if I were to have found the LinkedIn profile I would have probably found the email as well boom it's the next day I've come up with a new strategy during my sleep so let's work on finding the location because I'm pretty sure I'm going to fail badly on the dark web stuff so from this picture I need to figure out which airport is closest now there's a plane flying there so there's an airport pretty close by and how am I supposed to know where this is there's some kind of Monument there maybe that tells me something and there's a River here on the right that tells me nothing okay so maybe I also
            • 27:00 - 27:30 need to look at this picture here there's an island with a weird shape and there's a bigger island here that he's flying over so if he's flying over this island the flight path must lead over this island obviously and then I can go look for flights that happened on January 25th 2021 if that's possible and see which ones flew over this island what the hell is this island Google Maps I'm guessing it's somewhere close to Japan because in his tweets he used Japanese oh my there's so many islands
            • 27:30 - 28:00 could be these little blips as well then there's no way I'm going to find that know they seem pretty close to each other so I think I should look for that of course this could be like anywhere wait this is it this is the island look there this is the lake wait was there a question about the lake what lake can be seen in the map shared by the attacker as they were on the final flight home not even going to try to pronounce this let's go what city does the attacker likely consider home not sure about this yet okay so this is Japan and
            • 28:00 - 28:30 he's flying somewhere here so I need to find airport locations in Japan there's probably going to be tons airports in Japan ooh there aren't so many wait can I see this on Google Maps o okay so here's the lake and he said it's closest to home which is probably this airport sandai airport right I'm assuming he's flying up there and not like this or not down there for some reason so I think he's Landing here maybe not who knows what airport did the attacker have have their last layover in what airport disclosed the location the attacker
            • 28:30 - 29:00 shared a photo from prior to getting on their flight can I see flight history Flight Radar 24 database advanced search search for airport origin airport destination airport aircraft flight so we need a flight number okay I don't have any of these that's crazy that I found the lake checking out some last minute cherry blossoms before heading home could he still be in Japan though what if I reverse image search this image visual matches okay it doesn't seem like that's going to help is he flying from within Japan to another
            • 29:00 - 29:30 Japanese airport or is this another country what in this image could reveal the country I mean that Monument there that's pretty revealing I would say and there's a building there with a little pointy ending but finding a country based on that is so far out of my league what else well there are sakura trees which countries do sakura trees grow in oh there's a map it's only Japan and some of these islands so he must have been flying from within Japan or here from New Zealand this is New Zealand
            • 29:30 - 30:00 right yes why did I doubt myself there Japan pointy Monument not really what I'm looking for or New Zealand pointy Monument oh this is exactly what it looks like Achilles Point Lookout doesn't look like there's a mountain there but this and this looks very similar it's here in New Zealand so New Zealand airport wait where was it this this is the airport Auckland Airport akl this has to be it akl submit how is it not wasn't that
            • 30:00 - 30:30 Monument somewhere there so if I just go in between this does not look like the same place very much not the same place or I could reverse image search this it could be this as well Michael Joseph Savage Memorial Park well it's a park and this seems similar I think not really this looks the most similar ke's Point look out oh the climate is completely different here compare this and this no way New Zealand ooh I'm so lost what about Taiwan does it have
            • 30:30 - 31:00 Sakura trees yes it does I thought 100% I was going to find this I mean he could have been in South Korea as well why didn't I consider this South Korea pointy monument Washington Monument there's no way he's in Washington there are sakura trees in Washington no way I wasn't thinking there at all it's the Washington Monument okay let's drop our little guy here somewhere there's the monument looks like it's under construction here there's a river I don't see any Sakura trees of course they might not blossom at this time of
            • 31:00 - 31:30 year because it doesn't look like it's the fall yet Washington Monument sakura trees there are pictures so it must be here why did I make the assumption that our hacker was flying from somewhere close to Japan he was flying in from the United States okay so Washington Monument is here and which airport is the closest oh it has to be this one the Ronald Reagan Washington National Airport rrw no great but if the monument is here this is the closest airport DC oh DCA correct oh I just tried so many
            • 31:30 - 32:00 random airports if this was a one answer quiz there's no chance I would have gotten it he was flying from Washington DC that's crazy what airport did the attacker have their last layover in so now I know that he flew from here to Japan and most likely to an airport close to this lake so probably somewhere here maybe so now I probably need to find the flight track or something where it shows flight history use a flight tracking website such as Flight Aware or flight radar okay Flight Aware search by
            • 32:00 - 32:30 flight or search by Route okay so origin so he went from DCA Airport DCA ran National yes it's kdca two Japan airports he was flying over this lake so most likely this airport or this airport wait if the flight was like this then he probably stopped in Hawaii but if it was like this then he could have stopped anywhere let's assume that he went to this airport no flights to display for the selected origin and destination airport ooh okay what about this one no
            • 32:30 - 33:00 flights oh maybe I should have chosen an International Airport cuz it's an international flight obviously okay we have some results beautiful now I can filter by Airlines so Japan Airlines only but this website only shows current flights not the history of flights how do I find history of flights 2 years back flight stats Airline flight number date oh there's date oh there's only one week of dates flight radar o there are a
            • 33:00 - 33:30 bunch of flights happening so maybe through here I can search for it flight by Route okay no flights were found for that route please try another route no direct flights were found matching your search criteria well that's because it wasn't a direct flight he stopped here oh wait he stopped somewhere my final layover so I need to search for locations of these Sakura lounges surely it wasn't inside of this airport no surely not inside of this one it was what so I got this completely
            • 33:30 - 34:00 mixed up completely oh so he flew in from Washington to this airport here and then from this airport he flew within a domestic airport within Japan that's near to this Lake and since the picture the lake is here to the right I'm assuming he's flying somewhere here here's the lake so the city that he calls home is probably this city here no it's not what I am so confused so far these answers were just guesses then how is that not the city that he calls home
            • 34:00 - 34:30 that's the largest city next to this airport where he's probably flying to could he be flying here I don't think so okay let's try Sendai no it's not so if he's flying here and the lake is there and it's probably a domestic flight and it has to be the city there well why am I assuming that it was a domestic flight maybe he just stopped in Japan but then he speaks Japanese I mean he could be flying up as well which means this airport is also an option and this city is an option A Mori no wait maybe my assumption was wrong all along maybe
            • 34:30 - 35:00 this is not Japanese so what if I do something like detect language it is Japanese so then he's more likely than not to live in Japan and if the lake is here and the plane is flying from here over here then where else would it go if not this airport doesn't make any sense I'm so bad at this I'm just guessing everything these airports were just lucky my initial answers were way off like on the other side of the planet wrong oh that's how I could have known it was Washington because there's a city
            • 35:00 - 35:30 called Bethesda here and he retweeted this image which says today in Bethesda the beginnings of cherry blossom season oh so this was another clue maybe the plane is going like this I really don't know which city he might consider home I tried this one I tried the top one could he be going to this island there but then how would I know which one of these airports once again how is this easy I've been stuck here for hours that's enough exploring let's take the hint pink use information collected from the entire investigation not just the most
            • 35:30 - 36:00 recent section oh that tells me nothing so maybe it's something to do with the Wi-Fi password that I still haven't found out okay I'm going to try to answer these questions and maybe they give me some location information that I can then use to answer this question which city does the attacker likely consider home so we're definitely going to have to use this screenshot here don't think I don't see what you're doing you won't catch me by the way I'm already heading back home by doesn't give us that much information though it
            • 36:00 - 36:30 says here that these alternative accounts may contain information not seen in their other accounts and also should be investigated thoroughly so it has something to do with this account and the only thing I've figured out from this account is that he's Japanese maybe there's more to figure out this is # magicworld nightmare ooh so maybe this event that he went to is close to his home City Magic World event Japan I don't think this gives me any
            • 36:30 - 37:00 information other than that he's interested in anime what other things can I find out from this 13 followers he follows a bunch of accounts related to anime what does that tell me probably an Arch Linux user as well what does this mean looks like my last paste got removed when the website changed domains so his website on the dark web changed domains adding a new one to remember I'm not sure what to do with this number here I have zero knowledge about the dark web so this is
            • 37:00 - 37:30 going to be insanely hard so I'm going to use the hint I know I know this is really not going well and asking for a hint makes it worse maybe I shouldn't ask for the hint the dark website for this answer may go up and down for hours at a time if the website has been down for multiple days or if you do not feel comfortable searching the dark web you can view this screenshot to help complete the tasks in this section oh I'm not comfortable searching dark web okay let's view the screenshot so
            • 37:30 - 38:00 probably that's the link that I was supposed to find how the hell was I supposed to find this deep paste V3 your deep Hoster for special results for this okay so this is what he wrote down saving here so I do not forget school Wi-Fi computer lab GT device this is the password McDonald's Buffalo g19 d0 so he lives near McDonald's School Wi-Fi GT visitor City free Wi-Fi hirosaki free Wi-Fi he lives
            • 38:00 - 38:30 in hirosaki that's how I was supposed to find out the address so hirosaki got him wait where is it on the map oh it's up here so maybe he was flying to this airport and then he was driving there or he may have been flying to that airport and then driving from this city to hirosaki but how was I supposed to find this link inside of the dark web how would I have even looked for this what's the URL for the location where the attacker saved their Wi-Fi SS IDs and passwords so isn't this whole thing the URL surely it is HTTP colon double slash
            • 38:30 - 39:00 this it is how was I supposed to find this was it on his GitHub or something I was meant to find it from this I'm so Bamboozled it's crazy what's the other question what's the bssid for the attacker's home Wi-Fi okay first here we have home Wi-Fi what's a bssid BSS ID is typically represented as a 48-bit number that follows Mac address conventions the BSS ID is usually derived from the MAC address of the ap's wireless interface o if an ap's Mac address is this this
            • 39:00 - 39:30 could also serve as its BSS ID so I need to find this guy's Mac address okay give me a hint oh this does not look good when you have found the site to search for the BSS ID register an account and use the advanced search so I need to find a site to search for the BSS ID wireless network mapping so I know the city and then I know there's McDonald's there so maybe this is how I find it somehow okay register for an
            • 39:30 - 40:00 account okay that took a while let's get back to Japan hero sakis right here I need to find all McDonald's wait why am I looking for McDonald's okay but wait how do I search for stuff here click the verify Link at the email that was sent to your email to verify oh I haven't verified my email okay I've created two accounts already one here and one on my laptop and it doesn't seem to send me any verification emails so I guess let's try searching okay here we go so it needs either an SSID or B SS ID and I have the SS ID here so if I do dk1
            • 40:00 - 40:30 f-g doesn't seem to find anything or does it wait there's a little thing un verified email address oh you have to be kidding me click on link in verification email for this account I go to the account page there's no verification here I go to my email there's no verification code am I going to have to wait 24 hours to get this SS ID but at least it's here it pinpointed exactly the location of the home or the location of the Wi-Fi that is crazy only to see it I need to verify my email that I
            • 40:30 - 41:00 can't do I guess I'll try creating another account okay boom it let me verify on my laptop so let's do SSID dk1 f-g and filter okay there it is bssid right here let's go see if it fits and there we have it let's hope this is it damn did I mistype it how is it not it that's his home Wi-Fi hold up a minute oh my God it says too many requests of this type today for this account oh it's the third account I create for this website no and the the other two accounts I can't verify I think I just clicked randomly on the map and it
            • 41:00 - 41:30 showed this one I didn't actually click on the location that's why I see this one and now I can't see anymore because it blocked me for submitting too many requests wait if I zoom in enough it shows the MAC address 1 second please there is a security flaw in this website 84 afcc that's probably an a 34 FC f8 maybe that's the one is it I thought this was it I said CC it is this was so much harder than I expected and it's meant to be easy I haven't even finished
            • 41:30 - 42:00 everything I don't have the email address yet but I don't think it's possible to get this one because his LinkedIn account got blocked or something I used the easiest possible route to get here all the hints have been used I tried typing in the airport like 10 times and it still took me 4 and 1/2 hours that's insane how am I so bad at this I still don't even have the email it's 93% complete no way it took me this long to do this also it shows how much someone someone can figure out by looking at their Twitter posts and
            • 42:00 - 42:30 not that many posts I'm looking at the video where I got this idea from and he just found the username of the guy by just inspecting this image boom and he found it right there it took him like 30 seconds after reading the question I didn't even consider to inspect it what oh I could have found out the email I should have used the code that I found on GitHub so it was actually possible he saved this file as an ASC file imported it to this program called Cleopatra then put in this PG GP public key block and then it decoded it and then it told him
            • 42:30 - 43:00 the guy's email wow yeah I spent like 2 hours on the email and got nowhere close to doing something like this he's just speed running this that's insane okay I'm happy that he used one hint because he didn't want to go into the dark web understandable so it makes me feel slightly less bad definitely go watch this video and there's one more thing I wanted to mention if you want to learn how to make videos like the one you just watched without having to go through the trouble of failing over and over again until you actually learn how to do it or
            • 43:00 - 43:30 most likely quit like most beginners because it's incredibly demotivating in the beginning when all you can see is just fail after fail and so if you want to learn how to apply the three-step system that I use to get millions upon millions of views every single month if that sounds at all interesting I'll leave a link in the description I'm super proud of it it doesn't really matter what you know or if you know anything at all if you have the right system you can learn how to make videos that strangers on the internet want to watch and so if that sounds interesting I left a link in the description where
            • 43:30 - 44:00 you can check it out okay that's it goodbye element of