Points Unknown: A Learning OSINT Project
Project Intro and Purpose:
Welcome to my blog! I’m starting this project with a clear goal: to turn my interest in open-source intelligence (OSINT) into practical skills. How? By challenging myself to solve Gralhix’s OSINT Exercises.
There are currently 27 exercises available, and I’m committing to complete as many as I can before August 1st — just 50 days from today. Here’s my plan:
- For each exercise, I’ll first try to solve it on my own, without peeking at Gralhix’s solution or the answers submitted by other learners. Once I’m satisfied with my attempt, I’ll check the provided solution to see if my efforts were on point.
- Regardless of whether I solve the exercise correctly or not, I’ll write up my thought process and share it here. If I make mistakes or get stuck, I’ll explain what I missed and learned from the solutions provided by Gralhix and the community.
If this sounds interesting and you’re ready to dive in, great! Just click here to join me on the first exercise.
But if you’re wondering who I am, what OSINT is all about, or why I’m doing this, keep reading — I’ve got you covered.
What is OSINT?
If you’re looking for a textbook definition of Open Source Intelligence (OSINT), the SANS Institute provides an excellent summary. But let me tell you why OSINT matters, even if it doesn’t have the same glamorous appeal as the James Bond kind of cloak and dagger intelligence.
Picture this: I once worked for a non-profit in a major city, serving a neighborhood that faced numerous challenges, including a group of poorly maintained properties with serious safety issues. Residents had complained to the city, but nothing changed. The city couldn’t even contact the owners. Dead end, right?
Not quite. Here’s where OSINT comes in. The key principle of OSINT is that valuable information is often freely available if you know where to look. In this case, property records are public, and thanks to the internet, they’re often just a few clicks away. I pulled the records for the properties in question and discovered they were held by a limited liability corporation (LLC).
Now, LLCs can be used to hide ownership, but another tenet of OSINT is that seemingly disparate pieces of information can be combined to reveal deeper insights. With a bit of digging, I uncovered the names of the LLC members, their mailing addresses, and phone numbers. But I didn’t stop there. I also found a public database of complaints to city agencies.
By combining all this information into a comprehensive report on a dozen neglected properties, all owned by the same LLC, I gave the city the ammunition it needed to take action. The result? The owners were held accountable, and the community became a safer place to live.
This example demonstrates the power of OSINT in action. It’s not just about gathering freely available information; it’s about knowing how to find it, verify it, and use it to make a real difference. OSINT practitioners must be resourceful, curious, and persistent in their search for relevant data. They must also be skilled at analyzing and synthesizing information from multiple sources to uncover actionable insights.
In today’s digital age, the possibilities for OSINT are endless. From social media posts to satellite imagery, there’s a wealth of information waiting to be discovered and leveraged for the greater good. And that’s what makes OSINT such a powerful tool in the hands of researchers, investigators, and everyday citizens alike.
My Motivation: Why am I doing this?
So, who am I and why am I diving into OSINT? Well, I’m no stranger to the field. I’ve dabbled in it for some time, and always had a knack for “internet detectivery.” But lately, I’ve felt a growing desire to do more than just admire the work of investigative reporters or listen to podcasts. I want to actively contribute to the field.
Let me share another example from the same neighborhood I mentioned earlier. It’s a story that struck a chord with me and underscores why I believe in the power of OSINT.
Shortly after I arrived in the neighborhood, something happened that shook me to the core. Just a few blocks from where I lived, someone overdosed on the street. The people who found him placed his body in a refrigerator box, rolled it into the street, and set it on fire. I learned about this from the neighbors and the local funeral director. But when I searched for news coverage, I found nothing. No newspaper articles, no TV stories. It was as if it never happened.
I couldn’t wrap my head around it. How could something so tragic and shocking go unreported? But my new neighbors weren’t surprised. This was a part of the city that polite society preferred to ignore. It was a place filled with uncomfortable truths and messy realities that defied easy solutions. And so, the story of that man in the refrigerator box remained untold.
This is where I see the true potential of independent journalism powered by open-source research. When mainstream media and institutions turn a blind eye to the stories of those on the margins, OSINT practitioners can step in and shine a light on the truth. The information is out there, waiting to be discovered by those with the curiosity, skills, and determination to find it.
And that’s why I’m here. I want to be part of a community that uses OSINT to uncover the stories that matter, no matter how uncomfortable or complex they may be. I want to contribute to a field that gives voice to the voiceless and holds the powerful accountable. Because in the end, that’s what OSINT is all about: using freely available information to make a real difference in the world.
Introducing Grahlix by way of Bellingcat
As I explored ways to get involved in OSINT work, I found myself drawn to the Bellingcat community. For those unfamiliar with the name, Bellingcat is a heavyweight in the world of open-source research. Founded in 2014, they’ve established themselves as one of the premier practitioners of OSINT, producing top-notch independent investigative journalism that makes a real impact.
From the downing of Malaysian Airlines Flight 17 to the poisoning of Sergei and Yulia Skripal, and numerous other high-profile cases, Bellingcat has consistently demonstrated the power of OSINT in uncovering the truth. They not only conduct investigations but also develop tools, publish guides, and set the standard for what it means to do OSINT research well.
When I discovered Bellingcat’s Discord server, I knew I had found a home. It’s a welcoming space for both OSINT novices and seasoned professionals, a place where I could learn from the best and contribute to the conversation. And that’s where I first heard about Gralhix.
I was browsing the server when I saw an announcement for a “Bellingcat Stage Talk” by someone named Gralhix. The title immediately caught my eye: “Getting Started in Open Source Research.” It was exactly what I had been looking for. I didn’t know anything about Gralhix at the time, but I figured that anyone invited to speak on Bellingcat’s main stage must be pretty darn good at what they do.
So, I marked my calendar, set a reminder, and counted down the days until the talk. Little did I know that Gralhix’s insights would not only inspire me but also provide the roadmap I needed to take my OSINT skills to the next level.
About Grahlix
So, who is Gralhix? That’s the nom de plume of Sophia Santos, an open-source researcher and team lead at the Centre for Information Resilience. And let me tell you, her talk was nothing short of outstanding.
From the moment she started speaking, it was clear that Sophia knew her stuff. She was prepared, knowledgeable, and engaging, with a gift for making complex concepts accessible to everyone in the audience. But what really set her apart was the personal touch she brought to the presentation.
Sophia shared how adversity in her own life had led her into the world of OSINT before she even knew the term existed. She talked about the challenges she faced and the skills she developed as she navigated difficult circumstances. It was a powerful reminder that sometimes the toughest experiences can be the ones that shape us into who we’re meant to be.
As she described her journey from OSINT novice to professional researcher, Sophia’s passion for her work was palpable. She loves what she does and is exceptionally good at it. Her story is an inspiration to anyone who has ever faced obstacles or doubted their own abilities.
But I don’t want to give too much away. Sophia’s story is hers to tell, and she tells it far better than I ever could. So, if you haven’t already, I highly recommend checking out her talk for yourself. Trust me, it’s well worth your time:
So Let’s Get this Project Started:
And with that, let’s dive into the first exercise and put our OSINT skills to the test.
Gralhix’s first challenge can be found on her blog, but I’ll give you a little sneak peek right here. Take a look at this image:
At first glance, it might not seem like much to go on. A dusty street, some buildings, a few people milling about. But as any OSINT practitioner knows, there’s a wealth of information hiding in plain sight. The question is, can you find it?
Your mission, should you choose to accept it, is to determine where in the world this photograph was taken. Sounds simple enough, right? But before you fire up your search engine of choice, take a closer look. What clues can you glean from the architecture, the landscape, the people? What little details might help you narrow down the location?
I’ll be sharing my own thought process and solution in a future post, but I would love to hear from you. What strategies did you use? What challenges did you face? And most importantly, what did you learn to better tackle future challenges?
I’m thrilled to embark on this OSINT learning adventure, and I’m grateful for the opportunity to learn from Gralhix and other experienced practitioners. As I dive into these exercises, I look forward to the challenges, insights, and growth that await me. To those who choose to join me in solving the exercises or simply follow along on this journey, I extend my heartfelt appreciation. Together, we can learn, collaborate, and explore the vast potential of open-source intelligence. Let’s take the first step together.
