Synoslabs

Nous contacter

Cody Bernardy – Challenge 02

adm_synoslabs

Reading Time: 5 minutes

, , , , , ,

In OSINT and GEOINT, the context is often (always?) important.

Link to the OSINT challenge video: https://www.youtube.com/watch?v=dOSvhAD2kSc

I urge you to try by yourself before looking at this solution

Solution

Contrary to the previous challenge, where the video was directly uploaded on Youtube, here we also have another link pointing to the "raw" video hosted on Dropbox:
file
https://www.dropbox.com/s/1c9j08hziu20z3n/Video%20May%2017%2C%2014%2021%2007.mov?dl=0

The could allow us to investigate inside a better environment because the video could have been compressed by Youtube, resulting in a lost of quality.

But here, the quality isn’t important. Why? Because we won’t solve this challenge by using the video…

How is that possible then?

For every created media (photo, video, pdf, word document), "invisible" data is inserted inside that media.

It could contain the author name, creation date, comments, GPS coordinates (👀) and so on.

We call that EXIF metadata.

Most of the websites remove them for privacy and security purpose when you post a photo or video online. But not all of them.

Some websites on which you are allowed to upload photos, videos and files such as WordPress, Mega.nz, Github, Dropbox, Google Drive do not erase the metadata.

Now that we know a bit more about EXIF, we’ll try to extract that data from the raw video.

There are tools online to automate this process but I do it on my own device.
I use WSL on Windows with an Ubuntu Linux instance on which I installed exiftool.
This is a very famous program to deal with metadata and EXIF. It allows you to add, modify, remove EXIF data from a file.

If you want to install exiftool on your system, you can follow this link

Here we just want to visualize what’s written in this file.

Download the video from the Dropbox share and run exiftool on it:

There’s a lot of information and most of them are useless. But if we scroll down until the end…

Some GPS coordinates are specified.

If we use Google Maps to validate the location:

https://www.google.com/maps/place/48%C2%B015’49.0%22N+122%C2%B044’56.8%22W/@48.2637925,-122.7510022,518m/data=!3m1!1e3!4m4!3m3!8m2!3d48.2636!4d-122.7491?entry=ttu

It points to a coast which seems to fit with what we see during the entire video.

If we zoom out, we’re not far from Seattle:
file

Ok and so what?

Do you remember at the beginning when I said that the context is very important?
This is where we use that context to confirm our assumption.

Search for "Cody Bernardy" social media. We find his Github account:
file

He lives near Seattle so the GPS coordinates are more than likely to be correct.

Unfortunately there’s no Street View to validate the coordinates but we can find another way.

A point of interest called Hastie Lake County Park is very close to our location. Maybe it has photos taken by people that show the same point of view as in the video?


https://bit.ly/49orl5I

The same tiny pole can be seen from the video at the exact same place:

The landscape is the same.

We can be confident that the location is correct.

Answer

GPS coordinates: 48°15'49.0"N 122°44'56.8"W

In decimal: 48.263611, -122.749111