A Walk on the Wild Side: OSINT Capture-the-Flag Walkthrough Part II
- Jemma Ward
- 5 hours ago
- 10 min read
Welcome to our second solutions blog for our April capture-the-flag challenge A Walk on the Wild Side. We’ll look at some approaches and tradecraft to help solve the second ten challenges—as always, you may have come up with a different technique to retrieve a solution!
Busy As A

For this challenge, we are given an image that was posted on a Bluesky account.

Reverse image searching might help – but in our challenge testing, we found that it did not always retrieve the result from the correct account or sometimes involved a few extra steps. It can, however, help us to identify the creatures that are picture – a pair of beavers.
Like most social media platforms, Bluesky allows us to conduct both hashtag and keyword searches. Unlike Twitter/X, Bluesky is quite an open platform – it doesn’t require us to set up an account to conduct searches. So, let’s consider the information that we’ve been given – the image was posted on World Wildlife Day, so it’s likely to be mentioned somewhere in the post, along with the name of the creatures. Let’s use hashtag searching to find posts featuring both of these terms as hashtags.

The second post in the search results will achieve the correct post, and we have our answer: ‘southdownsnp’.

Get Rotated!

There is a vast and often quite surprising amount of open-source information available, and animal tracking data is one of the more niche examples that we’ve come across. You won’t find these specific datasets in our OSINT Combine bookmark stack (they’re probably a little too niche), but for researchers who are interested in environmental changes, habitat monitoring or climate change monitoring, these are worth bookmarking.
A quick Google search for ‘shark tracking’ should reveal the first option, OCearch, which provides tracking data for a range of GPS-tagged marine animals, including sharks. We can enter our shark’s name (Rocket) in the search page:

This should retrieve one result, showing that Rocket was last tracked near Vanuatu in 2022:

High Seas

We have another marine tracking question here – in this case, a vessel that has been linked to illegal fishing activities. Coast guard authorities and environmental monitoring groups can use public marine tracking data to identify locations and details about vessels that may be conducting illegal activities. Let’s revise some of the key marine tracking websites from Part I of our blog:
If we search for the ship’s name (‘Starfish’), we’ll discover that there are actually lots of vessels with this name – ship names are not, of course, unique, so this complicates our flag retrieval a little bit.

We have another piece of information, though – the ship is involved in fishing activities. If we use Vessel Finder’s search filters to just retrieve ‘Fishing Ships’, that narrows down our results somewhat:

We could now investigate each of these ships individually and check for their last locations, but one of them is sailing under the Nigerian flag, which seems the most likely lead. We can confirm that we have the correct vessel by checking the ship’s last location:

Sure enough, it’s in the area we expect it to be, operating near the Gulf of Guinea, so we can confirm that the flag the ship is sailing under is Nigeria.
Nocturnal

Search engines might not be particularly helpful for this question – we have an image to work with, but it’s far too dark to make out what kind of creature is pictured! Most OSINT professionals are well aware that the classic trope of ‘Enhance, enhance!’ when it comes to blurry or pixelated images doesn’t really do much good. However, image manipulation tools can still come in handy when we’re dealing with imperfect images.
Some free image manipulation tools that you’ll find in our bookmark stack are:
As always, we want to exercise caution when uploading images to browser-based tools. At a minimum, we need to confirm that the images don’t contain sensitive or illegal data, and we should also be aware that image hosting platforms may store data for long periods of time. In this case, though, there are no sensitivities that we need to worry about. Let’s take a look at how we can use LunaPic to help us solve this challenge.
First, you’ll need to upload the file in question. Next, we can take a look through the various manipulation adjustment options. In this case, adjusting the light levels seems like a good approach!

If we reduce the shadows, and increase the highlights, an image of a bird takes shape quite quickly.

We can then use this version of the image to conduct reverse image searches to identify the correct critter, which, of course, is a potoo.
Safari Time

This one is a classic geolocation question! We have an image, and we need to find out where in the world this is.

We have quite limited clues, here. We know that this is an island in Africa, somewhere, and the terrain can certainly help us narrow things down a little. For a deep dive into image geolocation techniques, check out our blog ‘A Geolocation Walkthrough’. As a starting point, we can list some of the key features and characteristics from the image, including:
Vehicle – some sort of jeep-style vehicle that might be used for safaris
Sandy terrain
Grass and foliage lining the sides of the road
Road marker with signage to a number of locations
Straight away, we can see that the most useful information is likely to be on the road marker itself. Not all of the text is legible, but there are portions that can help us construct a search – for example, we can almost ‘fill in the gaps’ to better understand the lettering on this post. The first line might read ‘PARK’ or ‘PARX’, depending on how we interpret the fourth letter. One of those is a word (that makes sense in this context) and the other isn’t, so we can deduce that other letters that look like ‘X’ might actually be ‘K’, and so on. In the picture below, there are a few examples of ‘tricky’ letters circled, which can help us to figure out the spelling of the locations.

With a bit of close examination, we should be able to infer that the bottom line, here, reads ‘Lukaya Ranger Post’, and that gives us a solid lead to Google.

Although Google might order search results differently based on our past search history or location, we should be able to see some references to our flag, ‘Rubondo Island’, within the first few results.
Safari Time II

Now that we’ve solved ‘Safari Time’, we have unlocked a second challenge – this time, we are asked to check out the Google reviews for Rubondo Island, and find a reference to an animal that is considered the ‘Island favourite’.
Google reviews (or entries on other review sites, like Yelp or TripAdvisor) can be surprisingly illuminating when it comes to researching locations and travel patterns of entities of interest. They can include user-submitted photos, descriptions, personal information, and timestamps.
To solve this flag, we need to head to Rubondo Island on Google Maps, which includes reviews for a given area.

Scanning through the reviews (the correct one should be at the top!) reveals our phrase, and the flag for this challenge – ‘chimpanzee’.

Peak Weather

We have another geo challenge here – this one is a little harder and involves a few more steps!

Reverse image searching reveals some possible locations of this peak, but the results aren’t as straightforward as some of the other challenges. A number of visual matches should reference New Zealand, and matching the outline of the peak to some of the matches will reveal that the mountain in question is Mt Aspiring, on the South island of New Zealand.

Our next step is to find out which weather station webcam is positioned to capture Mt Aspiring. Live CCTV and webcam captures can be a useful source of information for area monitoring – although there’s no guarantee that a specific area of interest will be captured by a public webcam, for many places there’s a good chance that publicly available webcam feeds will provide information about weather, traffic, and activity levels nearby. Some of the resources you’ll find in our bookmark stack include:
Windy is particularly useful for this challenge, as it’s a weather-focused site, harvesting feeds from a vast number of weather stations. If we look for weather cams in Windy in the area around Mt Aspiring, we can identify one that provides the same apparent vantage point as our picture.

The link to the provider’s site shows that the weather station webcam is at Whare Kea Chalet. You can also confirm the correct location by comparing railings in the webcam footage to the pictures on Whare Kea Chalet website.
Singsong

Sometimes we might not have an image or piece of text as a starting point for our investigations – in this case we have a recording of birdsong! Sounds – as well as imagery – can be a useful tool for geolocation of videos. Birdsong is particularly useful, as it can narrow down possible locations and time periods based on habitats and season.
While there might be a few ornithological experts out there who can identify birdsong with their ears alone, most of us require a little assistance. There are several dedicated applications that can be used to identify sounds – Shazam and SoundHound are well-known music identification apps – and bird sounds are no different.
For this task, Birdnet is a little easier to use as it lets us upload our birdsong sample directly without registering or downloading an application.

In this case, we’re given two examples – the second example is actually the correct one (which goes to show that tools aren’t always one hundred percent correct the first time), but the hints in the challenge (the bird has two colours in its name) should ensure that we can identify the right answer.
Generative AI tools can, of course, be useful for this sort of identification exercise – uploading the birdsong sample to ChatGPT did, eventually, lead to the correct answer, although required further prompting based on the question content and the hint. It also provided samples of birdsongs for comparison – so, while this method was a little more time-consuming, it offered a neat workaround in case existing tools became unavailable.
Falling Fell

For this challenge, we are asked to identify a specific piece of information based on OpenStreetMap data. OpenStreetMap is a free mapping data wiki, with information contributed by a community of users. Because of user contributions, there’s loads of details and features that you won’t find in Google or Apple maps.
To better understand the underlying data in OpenStreetMap, we can use the OpenStreetMap Wiki. It contains information about the map features, which lets us better understand how things are labelled in OpenStreetMap. For example, we can see that ‘fell’ is a value within the key ‘natural’. There’s also a description and, usually, an image.

So, now that we know how a ‘fell’ is classified within the OpenStreetMap system, we just need to figure out how to find the one we’re looking for. Technically, we could probably use a mixture of research and the OpenStreetMap itself to locate likely locations of fells, but this would be quite time consuming! Luckily, there’s a tool we can use.
Overpass Turbo is a browser-based tool that lets us query OpenStreetMap data based on key map features and shows us the data on an interactive map. Creating and running complex queries requires a bit of knowledge of the bespoke query language used – however, there is a query wizard that can help us set up a simple query, showing examples of expected inputs.

While we can navigate to the area of the world we want to query and run a generic search for ‘natural=fell’, it’s a little quicker to build an extra parameter into the query itself (when the query runs, you’ll still need to navigate to the area of interest anyway). Either way will work. Noting the examples given in the query builder, and our knowledge of the data structure based on the OSM wiki, we can use a basic query to list ‘fells’ in Norway:

Here's what our query looks like:

This should populate the map with all of the locations classified as ‘fell’ in Norway – you’ll notice that there are quite a lot! These are our results.

From here, it’s a matter of identifying the fells that include extra tags (we know from the wording of the challenge that the fell in question includes extra information like a name). The dots are colour-coded, so a bit of a scroll around should reveal that the yellow dots are the ones with names, and then it’s just a matter of finding the southernmost fell with a name.

And here it is – clicking on the southernmost fell (shown as yellow to denote that it has extra tags), we find our answer: ‘Kubbekleiv’.

Kitty Cats

This challenge is a little more like a traditional digital forensics-style question. We’re given a zip file containing four images (all of very tigers!), and we need to identify pieces of information from these images to retrieve our flag.
The tigers themselves don’t seem to reveal any clues, but what about the image metadata? Metadata is just a set of characteristics for a digital file. There are a couple of ways that we can examine image metadata. One of the most straightforward ways is to look at the file’s properties (right click and select ‘Properties’ and then navigate to ‘Details’). When we do this for the first image, we can see that there’s a string of letters in the ‘comments’ field.

We could also use an EXIF extraction tool like Jimpl. If we upload our first tiger, it shows us an overview of the image details:

But if we scroll down a little further, we can see the full metadata, which includes the string in the ‘comment’ field:

Either method is fine to use, although always exercise caution when it comes to uploading images into browser-based tools. If we extract the strings from each tiger image’s metadata and put them in the same order as the filenames, we end up with:
ZmVhcmZ1bCBzeW1tZXRyeQ==
It doesn’t seem to mean anything, but the ‘=’ signs at the end might immediately give you insight into what kind of encoding has been used, here. If not, tools like Dencode will automatically attempt to decode using a whole range of methods, and, in this case, we can see that our string seems to be Base64 encoded, as it’s the only option that provides a decoded line of text – ‘fearful symmetry’:

There are, of course, lots of other tools that can help with encoding and decoding data – we really like CyberChef, as it contains numerous operations to help us interrogate and process open-source data.
That was our final challenge for A Walk on the Wildside! Congratulations to everyone who took part – we hope that it was a great learning experience for those new to OSINT, and a fun way to revise some tradecraft and techniques for the more experienced OSINT practitioners out there!
We’re looking forward to hosting more OSINT Capture-the-Flags in the future, so stay tuned.