spoiler-free hints for osint challenges.

what osint ctf challenges look like

OSINT challenges give you a photo, a username, a name, or a domain and ask you to find something using only public information — a location, a hidden account, a real identity, or an exposed server. the work is following clues from one source to the next, never touching the target directly.

common osint challenge types

• geolocationidentify where a photo was taken — read signage, language, architecture, license plates, road markings, and sun position. confirm guesses in Google Street View.
• reverse image searchfind where else an image appears. run it through Google Lens, Yandex (best for faces/places), and TinEye. crop to the distinctive part for better matches.
• username enumerationpivot a single handle across platforms with Sherlock or WhatsMyName to find linked accounts and leaked profile details.
• domain & WHOIS reconcheck WHOIS, DNS records, and certificate transparency (crt.sh) to find subdomains, registrant info, and related infrastructure.
• social media investigationreconstruct a timeline from posts, replies, follower graphs, and tagged locations. archived versions (Wayback Machine) recover deleted content.
• metadata / EXIFdownload the original file and read EXIF with exiftool — GPS coordinates, device model, and timestamps are often left in uploaded images.
• Google dorkinguse site:, filetype:, intitle:, and inurl: operators to surface exposed documents and pages that contain the answer.

useful tools

Yandex / Google Lens / TinEye for reverse image search · Google Street View for geolocation · Sherlock / WhatsMyName for usernames · exiftool for metadata · crt.sh and dnsdumpster for domains · the Wayback Machine for deleted content · Google dorks for exposed files.