An Intro To OSINT — THM Walkthrough

Apr 06, 2025 • 20:00 / 5 min read
#osint #thm #ctf
Table of contents

Introduction:

Hello everyone! My name is Pex and today I am going to post a brief writeup on the OSINT Level 1 Room on TryHackMe, created by the incredible F1NDX. If you are interested in getting started in OSINT, click the link below to get started!

THM OSINT Level 1 Room — https://tryhackme.com/room/osintintel

With that being said, let’s get started!

Task 2: Google Dorking

Google Dorking is a fundamental skill used by any OSINT professional. Google Dorking, as described by the room is “a search technique that uses advanced search operators to refine Google search results. It allows investigators, cybersecurity professionals, and researchers to uncover publicly available, but hard-to-find, data/information.”

 

Google Dorking is expansive, and Task 2 does a great job of explaining the very basics. If you are interested in learning more, feel free to take a look here for a cheat-sheet: https://gist.github.com/sundowndev/283efaddbcf896ab405488330d1bbc06

Task 2 asks us 3 questions:

  • What is the name of the Chief Financial Officer of the CFPB as mentioned in the PDF?

  • What was the Total Fund Balance with Treasury in 2024?

  • What is the duration of the CFPB Supervisor Development Seminar?

To find the answers, we can use basic Google Dorking, and OSINT researchers best friend, Ctrl + F to find specific answers to these questions. Test your skills by answering those questions here. If you think you have it right, go and submit the flag inside the room!

Task 3: Introduction to OSINT

“OSINT (Open-Source Intelligence) refers to the collection and analysis of publicly available information to generate actionable insights.” And OSINT, it is really cool! There are many reasons to use OSINT, but the main part of OSINT is finding publicly available information, not anything you have to use unethical, or illegal means to achieve. *Note: OSINT is NOT always free, some information is trapped behind a paywall, but always make sure you are doing your due-diligence to find proper information before paying anything!

 

There is one question from this section I would like to highlight. Where did Lip-Bu Tan work before joining Intel Corporation? There are several ways to solve this question:

1. Wiki Page:

Usually, for public facing people, they will have information available all over the web. The old adage is true, however. Do not trust Wikipedia, without doing further research! Anyone can post here, so it is your job as an investigator to ensure you are doing your best to confirm this!

2. Social Media Accounts

Lucky for us, Lip-Bu Tan has a social media account! However, this is another thing we may not be able to take at face value, as people lie, so lets confirm this for the third and final time! (Bonus points if you can find a solid way to connect Lip to the company. I.E Photos at banquets, pictures with board members, ect.)

3. News Outlets/New Corporations

If you see the same thing over and over again, it may be true. Intel, Lip-Bu Tans new employer, published the below article to congratulate him, and to talk about his background.

Now that we did our due-diligence, we can now proceed with 100% certainty we know where Lip’s previous place of employment was.

Task 4: Metadata Extraction

“Metadata is hidden data stored within files (PDFs, images, and documents) that can expose who created them, when, where, and with what device or software!” This challenge, we are given a photo, and asked to use various tools to perform analysis. MetaData2Go is what I used to solve this challenge, an entirely web-based Metadata analysis tool.

Using out Metadata tool, we see various information, but the most important here? The Description! We see something out of the ordinary…

It looks… encoded? Checking a tool like dcode.fr and using their cipher identifier, we can check what type of cipher this is. We know it has a key, and checking the hint shows us it is a Vigenère Cipher. Knowing this, we can than solve the challenge with the provided key!

Task 5: SOCMINT

“SOCMINT (Social Media Intelligence) is a branch of OSINT that focuses on collecting, analyzing, and interpreting information from social media platforms” This section, by far, is my favorite. Every single person needs to know about OPSEC, or Operational Security, aka, how likely would people be able to find you based on what you post/do on the internet? This section does a great job of explaining how SOCMINT is used, but just know, the Internet Never Forgets.

Read this section, seriously, you will not regret it.

Task 6: OSINT Fusion

OSINT Fusion is the culmination of everything we have learned, so lets get started!

At first, we are provided a task file. Downloading, and opening the task file, we have this image.

There are 3 questions to answer:

  1. What is the name of the Artist that sent the image?

  2. We have found that the user has a Twitter / X account. What is their handle?

  3. Looks like that image has a secret key that is encrypted, and our investigators need your help to decipher it

Since we have an image, we are going to first start with reviewing the Metadata. We see 2 interesting things, number one, the comment, and number 2, the artist!

We already have answered 1/3! C*** ** is our artist, and we are part of the way to answering the 3rd. For now, lets answer the social media question. Since I am now on the superior social networking platform (follow me on bluesky: @pex-x.bsky.social) my X account is gone!

 

There is a tool I love for social media intelligence called xcancel. (You can find xcancel here: https://xcancel.com/) XCancel Bypasses those annoying walls when you try to search twitter. Using XCancel is entirely anonymous, and it is what I use now for my investigations.

When we search C*** , we see the following.

C*** does have an account, and just like that, we answered question 2.

For question 3, good luck! I would suggest cooking a nice meal with a Cyber Chef (hint hint). :)

Conclusion:

OSINT. Is. Awesome. The number one thing this lab does a particularly great job at is explaining the ethics behind OSINT. With great power, comes great responsibility, and we need to ensure that our up-and-comers who practice OSINT, are practicing #OSINT4GOOD. I hope you learned a thing or two from this, and go check out F1NDX and the THM Room! Thank you!