top of page

A Walk on the Wild Side: OSINT Capture-the-Flag Walkthrough Part II

  • Jemma Ward
  • May 6
  • 10 min read

Welcome to our second solutions blog for our April capture-the-flag challenge A Walk on the Wild Side. We’ll look at some approaches and tradecraft to help solve the second ten challenges—as always, you may have come up with a different technique to retrieve a solution!


Busy As A 

Text game challenge on a dark background. Title: Busy As A. Task: Find a Bluesky handle for a World Wildlife Day post.

For this challenge, we are given an image that was posted on a Bluesky account.

Four night-vision photos of beavers. Beavers swim, chew branches, and explore a dark, wooded riverbank. Monochrome and serene mood.

Reverse image searching might help – but in our challenge testing, we found that it did not always retrieve the result from the correct account or sometimes involved a few extra steps. It can, however, help us to identify the creatures that are picture – a pair of beavers.


Like most social media platforms, Bluesky allows us to conduct both hashtag and keyword searches. Unlike Twitter/X, Bluesky is quite an open platform – it doesn’t require us to set up an account to conduct searches. So, let’s consider the information that we’ve been given – the image was posted on World Wildlife Day, so it’s likely to be mentioned somewhere in the post, along with the name of the creatures. Let’s use hashtag searching to find posts featuring both of these terms as hashtags.

Search bar showing hashtags "#WorldWildlifeDay #Beavers" with a search result prompt below. Clean, minimal design.

The second post in the search results will achieve the correct post, and we have our answer: ‘southdownsnp’.

Beavers in black-and-white images, active near water at night, surrounded by branches. Text mentions #WorldWildlifeDay, #SouthDowns, #Beavers.

Get Rotated!

Text on a dark background reads "Get Rotated! 300 1/3 attempts", followed by a question about a shark named Rocket and a hint to answer in lowercase.

There is a vast and often quite surprising amount of open-source information available, and animal tracking data is one of the more niche examples that we’ve come across. You won’t find these specific datasets in our OSINT Combine bookmark stack (they’re probably a little too niche), but for researchers who are interested in environmental changes, habitat monitoring or climate change monitoring, these are worth bookmarking.

A quick Google search for ‘shark tracking’ should reveal the first option, OCearch, which provides tracking data for a range of GPS-tagged marine animals, including sharks. We can enter our shark’s name (Rocket) in the search page:

Map interface with filters for species, location, and names. "Rocket" is selected in the name field. Options for drawing track-lines.

This should retrieve one result, showing that Rocket was last tracked near Vanuatu in 2022:

Map of Vanuatu highlighting one animal near Ngaloparuia. Blue ocean background with text: "SHOWING 1 ANIMALS" in a blue box.

High Seas


Text on a dark background reads: "High Seas, 300, 1/3 attempts." The message discusses a trawler called 'Starfish' suspected of illegal fishing.

We have another marine tracking question here – in this case, a vessel that has been linked to illegal fishing activities. Coast guard authorities and environmental monitoring groups can use public marine tracking data to identify locations and details about vessels that may be conducting illegal activities. Let’s revise some of the key marine tracking websites from Part I of our blog:

If we search for the ship’s name (‘Starfish’), we’ll discover that there are actually lots of vessels with this name – ship names are not, of course, unique, so this complicates our flag retrieval a little bit.

Search page displaying ship results for "Starfish," listing vessels with flags, types, and names. Various ship types shown without images.

We have another piece of information, though – the ship is involved in fishing activities. If we use Vessel Finder’s search filters to just retrieve ‘Fishing Ships’, that narrows down our results somewhat:

Search results for "starfish" on a vessel database webpage, showing four fishing ships with flags and names. Search and reset buttons visible.

We could now investigate each of these ships individually and check for their last locations, but one of them is sailing under the Nigerian flag, which seems the most likely lead. We can confirm that we have the correct vessel by checking the ship’s last location:

Map showing ship's last position off West Africa, 74 days ago. Weather: 28°C, 13.8 kn, 0.7 m waves. "Track on Map" button visible.

Sure enough, it’s in the area we expect it to be, operating near the Gulf of Guinea, so we can confirm that the flag the ship is sailing under is Nigeria.


Nocturnal

Text on dark background reads: "Nocturnal 300 1/3 attempts. What kind of creature is this fine fellow?" Instructions follow for answering in lowercase.

Search engines might not be particularly helpful for this question – we have an image to work with, but it’s far too dark to make out what kind of creature is pictured! Most OSINT professionals are well aware that the classic trope of ‘Enhance, enhance!’ when it comes to blurry or pixelated images doesn’t really do much good. However, image manipulation tools can still come in handy when we’re dealing with imperfect images.


Some free image manipulation tools that you’ll find in our bookmark stack are:

As always, we want to exercise caution when uploading images to browser-based tools. At a minimum, we need to confirm that the images don’t contain sensitive or illegal data, and we should also be aware that image hosting platforms may store data for long periods of time. In this case, though, there are no sensitivities that we need to worry about. Let’s take a look at how we can use LunaPic to help us solve this challenge.


First, you’ll need to upload the file in question. Next, we can take a look through the various manipulation adjustment options. In this case, adjusting the light levels seems like a good approach!

Toolbar with editing options on a screen. "Adjust Light Levels" is highlighted in orange. Background features menu tabs and faint text.

If we reduce the shadows, and increase the highlights, an image of a bird takes shape quite quickly.

Digitally distorted bird image with vivid colors. Editing sliders for contrast, highlights, shadows, and gamma are visible above.

We can then use this version of the image to conduct reverse image searches to identify the correct critter, which, of course, is a potoo.


Safari Time

"Safari Time" in white text on a dark background, with a puzzle about identifying an African island. Mood is curious and challenging.

This one is a classic geolocation question! We have an image, and we need to find out where in the world this is.

Dirt road beside a stone monument with engraved text in a grassy area near trees. Part of a vehicle is visible in the foreground.

We have quite limited clues, here. We know that this is an island in Africa, somewhere, and the terrain can certainly help us narrow things down a little. For a deep dive into image geolocation techniques, check out our blog ‘A Geolocation Walkthrough’. As a starting point, we can list some of the key features and characteristics from the image, including:

  • Vehicle – some sort of jeep-style vehicle that might be used for safaris

  • Sandy terrain

  • Grass and foliage lining the sides of the road

  • Road marker with signage to a number of locations


Straight away, we can see that the most useful information is likely to be on the road marker itself. Not all of the text is legible, but there are portions that can help us construct a search – for example, we can almost ‘fill in the gaps’ to better understand the lettering on this post. The first line might read ‘PARK’ or ‘PARX’, depending on how we interpret the fourth letter. One of those is a word (that makes sense in this context) and the other isn’t, so we can deduce that other letters that look like ‘X’ might actually be ‘K’, and so on. In the picture below, there are a few examples of ‘tricky’ letters circled, which can help us to figure out the spelling of the locations.

Stone sign with engraved text listing destinations and distances, including Park HQ and Laban Rata. Rock and foliage in the background.

With a bit of close examination, we should be able to infer that the bottom line, here, reads ‘Lukaya Ranger Post’, and that gives us a solid lead to Google.

Google search results for "Lukaya Ranger Post" show links to Flickr and Wikipedia with a red-circled text about Rubondo Island.

Although Google might order search results differently based on our past search history or location, we should be able to see some references to our flag, ‘Rubondo Island’, within the first few results.


Safari Time II

Text image with "Safari Time II," "200," and a question about the "Island favourite" animal. Instructions specify lowercase, one-word answer.

Now that we’ve solved ‘Safari Time’, we have unlocked a second challenge – this time, we are asked to check out the Google reviews for Rubondo Island, and find a reference to an animal that is considered the ‘Island favourite’.


Google reviews (or entries on other review sites, like Yelp or TripAdvisor) can be surprisingly illuminating when it comes to researching locations and travel patterns of entities of interest. They can include user-submitted photos, descriptions, personal information, and timestamps.


To solve this flag, we need to head to Rubondo Island on Google Maps, which includes reviews for a given area.

Map of Rubondo Island with a 4.3-star review. Left shows lush greenery and a pond, right a map bordered in red. "Reviews" circled in red.

Scanning through the reviews (the correct one should be at the top!) reveals our phrase, and the flag for this challenge – ‘chimpanzee’.

A review by Oliver Reginald mentions staying on an island, enjoying activities, and seeing wildlife like bushbucks, elephants, and chimpanzees.

Peak Weather

"Text reads 'Peak Weather 400.' A prompt about a mountain peak webcam and identifying a chalet's name in lowercase is displayed."

We have another geo challenge here – this one is a little harder and involves a few more steps!

Snow-capped mountains under a clear blue sky, with rocky slopes and patches of greenery. Rugged and tranquil alpine landscape.

Reverse image searching reveals some possible locations of this peak, but the results aren’t as straightforward as some of the other challenges. A number of visual matches should reference New Zealand, and matching the outline of the peak to some of the matches will reveal that the mountain in question is Mt Aspiring, on the South island of New Zealand.

Snowy mountain peak under a blue sky; rocky foreground. Text reads "Dragonfly Peak" and describes a hiking trail in New Zealand.

Our next step is to find out which weather station webcam is positioned to capture Mt Aspiring. Live CCTV and webcam captures can be a useful source of information for area monitoring – although there’s no guarantee that a specific area of interest will be captured by a public webcam, for many places there’s a good chance that publicly available webcam feeds will provide information about weather, traffic, and activity levels nearby. Some of the resources you’ll find in our bookmark stack include:

 

Windy is particularly useful for this challenge, as it’s a weather-focused site, harvesting feeds from a vast number of weather stations. If we look for weather cams in Windy in the area around Mt Aspiring, we can identify one that provides the same apparent vantage point as our picture.

Mountain view from a wooden deck with railing, showcasing cloudy skies and rugged peaks. Text below mentions "Queenstown-Lakes District: Mt Aspiring."

The link to the provider’s site shows that the weather station webcam is at Whare Kea Chalet. You can also confirm the correct location by comparing railings in the webcam footage to the pictures on Whare Kea Chalet website.


Singsong

"Text on a dark background reads: 'Singsong 400, 1/3 attempts,' followed by a nature-themed riddle about a bird's name with two colors."

Sometimes we might not have an image or piece of text as a starting point for our investigations – in this case we have a recording of birdsong! Sounds – as well as imagery – can be a useful tool for geolocation of videos. Birdsong is particularly useful, as it can narrow down possible locations and time periods based on habitats and season.

 

While there might be a few ornithological experts out there who can identify birdsong with their ears alone, most of us require a little assistance. There are several dedicated applications that can be used to identify sounds – Shazam and SoundHound are well-known music identification apps – and bird sounds are no different.


For this task, Birdnet is a little easier to use as it lets us upload our birdsong sample directly without registering or downloading an application.

Audio analysis interface showing bird song spectrogram and waveform. Highlighted text identifies Red-winged Blackbird. Blue probability bars chart.

In this case, we’re given two examples – the second example is actually the correct one (which goes to show that tools aren’t always one hundred percent correct the first time), but the hints in the challenge (the bird has two colours in its name) should ensure that we can identify the right answer.

 

Generative AI tools can, of course, be useful for this sort of identification exercise – uploading the birdsong sample to ChatGPT did, eventually, lead to the correct answer, although required further prompting based on the question content and the hint. It also provided samples of birdsongs for comparison – so, while this method was a little more time-consuming, it offered a neat workaround in case existing tools became unavailable.

 

Falling Fell

Text reads: "Falling Fell, 500, 1/3 attempts." Explains using OpenStreetMap to find natural features, asks for the southernmost fell in Norway.

For this challenge, we are asked to identify a specific piece of information based on OpenStreetMap data. OpenStreetMap is a free mapping data wiki, with information contributed by a community of users. Because of user contributions, there’s loads of details and features that you won’t find in Google or Apple maps.

 

To better understand the underlying data in OpenStreetMap, we can use the OpenStreetMap Wiki. It contains information about the map features, which lets us better understand how things are labelled in OpenStreetMap. For example, we can see that ‘fell’ is a value within the key ‘natural’. There’s also a description and, usually, an image.

Wiki page table on "Natural Vegetation" with categories like "fell," "grassland," "heath." Includes descriptions and nature images.

So, now that we know how a ‘fell’ is classified within the OpenStreetMap system, we just need to figure out how to find the one we’re looking for. Technically, we could probably use a mixture of research and the OpenStreetMap itself to locate likely locations of fells, but this would be quite time consuming! Luckily, there’s a tool we can use.

 

Overpass Turbo is a browser-based tool that lets us query OpenStreetMap data based on key map features and shows us the data on an interactive map. Creating and running complex queries requires a bit of knowledge of the bespoke query language used – however, there is a query wizard that can help us set up a simple query, showing examples of expected inputs.

Query Wizard interface showing examples and a search bar. Green and blue buttons labeled "build and run query" and "build query."

While we can navigate to the area of the world we want to query and run a generic search for ‘natural=fell’, it’s a little quicker to build an extra parameter into the query itself (when the query runs, you’ll still need to navigate to the area of interest anyway). Either way will work. Noting the examples given in the query builder, and our knowledge of the data structure based on the OSM wiki, we can use a basic query to list ‘fells’ in Norway:

Search bar with text "natural=fell in Norway" highlighted in red. Buttons below read "build and run query," "build query," and "cancel." Checked box for "add query comments."

Here's what our query looks like:

Screenshot of Overpass Turbo code for querying natural features labeled "fell" in Norway. Includes comments and code with JSON output.

This should populate the map with all of the locations classified as ‘fell’ in Norway – you’ll notice that there are quite a lot! These are our results.

Map of Norway and Sweden with clusters of red and pink circles marking locations, set against a light blue sea and labeled cities.

From here, it’s a matter of identifying the fells that include extra tags (we know from the wording of the challenge that the fell in question includes extra information like a name). The dots are colour-coded, so a bit of a scroll around should reveal that the yellow dots are the ones with names, and then it’s just a matter of finding the southernmost fell with a name.

Map of southern Norway with clusters of concentric circles in pink, orange, and blue, indicating data points near cities.

And here it is – clicking on the southernmost fell (shown as yellow to denote that it has extra tags), we find our answer: ‘Kubbekleiv’.

Map interface showing node 2292736253 with coordinates 60.095242, 9.073028, and details about "Kubbekleiv." Background has faint map outlines.

Kitty Cats

Text on dark background: "Kitty Cats 500, 1/3 attempts". Instructions for finding a two-word phrase linked to cats.

This challenge is a little more like a traditional digital forensics-style question. We’re given a zip file containing four images (all of very tigers!), and we need to identify pieces of information from these images to retrieve our flag.


The tigers themselves don’t seem to reveal any clues, but what about the image metadata? Metadata is just a set of characteristics for a digital file. There are a couple of ways that we can examine image metadata. One of the most straightforward ways is to look at the file’s properties (right click and select ‘Properties’ and then navigate to ‘Details’). When we do this for the first image, we can see that there’s a string of letters in the ‘comments’ field.

Two images of tigers in a file explorer window, labeled "four" and "onetiger." File properties show text "ZmVhcm" circled in red.

We could also use an EXIF extraction tool like Jimpl. If we upload our first tiger, it shows us an overview of the image details:

Tiger prowling in a forest, vivid orange with bold black stripes. Background features blurred foliage. Intense, alert expression.

But if we scroll down a little further, we can see the full metadata, which includes the string in the ‘comment’ field:

Text interface showing data fields, including ResolutionUnit set to inches and XResolution at 120, with XPComment "ZmVhcm" circled in red.

Either method is fine to use, although always exercise caution when it comes to uploading images into browser-based tools. If we extract the strings from each tiger image’s metadata and put them in the same order as the filenames, we end up with:

ZmVhcmZ1bCBzeW1tZXRyeQ==

It doesn’t seem to mean anything, but the ‘=’ signs at the end might immediately give you insight into what kind of encoding has been used, here. If not, tools like Dencode will automatically attempt to decode using a whole range of methods, and, in this case, we can see that our string seems to be Base64 encoded, as it’s the only option that provides a decoded line of text – ‘fearful symmetry’:

Online encoder tool showing encoded text as Base64. The decoded text, fearfully symmetry, is circled in red. Various encoding options are listed.

There are, of course, lots of other tools that can help with encoding and decoding data – we really like CyberChef, as it contains numerous operations to help us interrogate and process open-source data.


That was our final challenge for A Walk on the Wildside! Congratulations to everyone who took part – we hope that it was a great learning experience for those new to OSINT, and a fun way to revise some tradecraft and techniques for the more experienced OSINT practitioners out there!


We’re looking forward to hosting more OSINT Capture-the-Flags in the future, so stay tuned.

bottom of page