The creator tackles an entry-level OSINT challenge on TryHackMe.com by using AI tools to extract and analyze metadata from an image, uncovering details like the user’s identity, location, Wi-Fi SSID, and password through cross-referencing online sources. The video highlights how AI enhances cybersecurity investigations by automating data extraction and contextual analysis, making complex information easier to synthesize and solve.
In the video, the creator embarks on an “entry-level” OSINT (Open-Source Intelligence) challenge on TryHackMe.com, using AI tools like large language models (LLMs) to assist in gathering information from a single image file. The challenge involves extracting as much information as possible from the image to answer specific questions such as identifying the user avatar, the city the person is in, the SSID of the Wi-Fi network they are connected to, and the person’s password. The creator emphasizes the importance of context engineering to effectively use AI in solving such challenges.
The process begins with downloading the image file and using AI to suggest initial steps for extracting useful data. The creator uses metadata extraction tools to uncover hidden information within the image, such as GPS coordinates and usernames. By feeding this metadata back into the AI, they identify key details like a username “O Flint” and GPS coordinates pointing to a location in northwest England. This information is then cross-referenced with online sources, including blogs, GitHub, and social media profiles, to build a more complete profile of the individual.
Further investigation reveals additional clues, such as the user’s email address found on GitHub and hints about their location and activities. The creator uses AI to analyze these findings and confirm answers to some of the challenge questions, including the user’s personal email, the city they are associated with (London), and the avatar image (a cat). This demonstrates how AI can help synthesize scattered pieces of information into coherent answers.
The more challenging parts of the task involve identifying the SSID of the Wi-Fi network and the person’s password. The creator uses online tools and databases to convert a BSSID found in the image metadata into an SSID, successfully identifying “Unilever Wi-Fi.” For the password, they analyze the HTML source code of the user’s blog page with AI assistance, uncovering a suspicious string “penidropper” that fits the expected password format. This step highlights the power of combining manual investigation with AI-driven analysis to uncover hidden data.
In conclusion, the video showcases how AI tools can significantly enhance the efficiency and effectiveness of OSINT investigations by automating data extraction, contextualizing findings, and guiding the investigative process. The creator expresses enthusiasm for using AI in cybersecurity challenges and plans to explore more complex tasks in the future, such as cryptography and other hacking-related puzzles. The video serves as an engaging introduction to leveraging AI for practical cybersecurity learning and problem-solving.