OSINT Writeups
Preview
Write-ups for Osint tasks by Kata. English is not my main language, so I might have problems with explanations.
Admin's Fuel
Rumor has it that our admins can survive solely on this wonderful drink.
This blend of malt and hops is known throughout Belarus.
Can you find the place where our fuel is produced?
Flag example: grodno{grodno{Сity_Main_Square_1}From the description it becomes clear that we are talking about a brewery. There is also an interesting pinned message in the Telegram group:
‼️Аліварыя - лепшае беларускае піва‼️
which translates as Olivariya - the best Belarusian beer
Flag format is grodno{Сity_Main_Square_1}
So the flag is grodno{Minsk_Kiseleva_Street_30}
Regular GoogleMaps
I was browsing Google Maps looking for interesting views, when I suddenly saw THIS.
I wanted to share this find with friends, but I ABSOLUTELY accidentally closed the tab, cleared my history, and completely forgot where it was.
Can you help me find it?
Flag format: grodno{State_City_Street}
Using RIS (Reverse Image Search) we can see that this image is present in a large number of TikToks and Reels, in the comments of which I found the place itself: Moorpark, Arroyo Drive
The flag is grodno{California_Moorpark_Arroyo_Drive}
New Year's Eve
This is the last photo I took in 2025.
It's hard to describe in words how many emotions you can get from celebrating the New Year in such a stunning place.
And you need to find the official website of this ski resort)
By the way, this is really my last photo in 2025) But where was it taken?
The photo shows a ski resort, it remains to be seen which one
Our favorite Reverse Search shows:
So we learn that there are several ski resorts in Belarus, and we can simply look through their websites in the flag, but if we google the most popular ones, we can find the exact location where the photo was taken.
This is the Logoisk ski resort and their official website: https://logoisk.by/
And the flag: grodno {https://logoisk.by}
Flight of the grinch
After Santa took off to deliver Christmas presents around the world, something strange appeared in the sky.
The Grinch decided to leave his own “holiday decoration” not on a Christmas tree, but high above the ground, visible only to those who were watching the skies carefully.
The drawing was made by an aircraft, leaving a distinctive track that formed a recognizable shape.
You need is to determine the exact date when the pilot who created this sky drawing received their pilot certificate.
Flag format: grodno{MM.DD.YYYY}
And again, the reverse search gives us the result.
By entering the tail number on the website https://www.flightaware.com/live/flight/N6914W we can find out that it is registered to Timothy M. Pearson
The next step is to go to the FAA and search for the pilot by name:
And we see the pilot we need TIMOTHY MARTIN PEARSON
The flag is grodno{01.29.2021}
Visiting Belorussian Grandfather
I visited my grandfather this summer while he was on vacation. He started working in December, so I wanted to come visit him and help him out, but I forgot where his house is. I have a photo of his assistant, and I remember his house is somewhere on the border in the forest.
Can you help me?
Flag format: grodno{Name_of_the_Forest}
It's very easy chall so I don't want to waste your time or mine. RIS shows us that this place is in Belovezhskaya Pushcha.
Flag: grodno{Belovezhskaya_Pushcha}
Beginning of the NorthWind
During preparations for the holiday, an unknown APT group called “NorthWind” kidnapped Santa Claus, and now New Year's is in danger.
We have found the contact of the person coordinating the operation. His current nickname on Telegram is @vvanuss
Find the information hidden in his previous nickname; it should help us move forward with the investigation.
We have a Telegram account username @vvanuss
Telegram has a HUGE number of OSINT bots, so we'll use one of them for this solution: @Funstat_fbot
Let's enter the user's ID and get our flag:
Flag: grodno{f1rst_st3p_0f_1nvest1g@tion}
Admin's Setup
Author: @vvanuss
Many people already know almost everything about me, but can you find the name of my laptop processor?
Flag format: grodno{Pentium_4}
The author of this task has a Telegram channel, which you can scroll to find a screenshot from the btop.
And we see the full name of the processor: Ryzen 7 6800H
I admit that there is a problem with the flag format, since based on it the flag will be: grodno{Ryzen_7} but the real flag is grodno{Ryzen_7_6800H}
babyOSINT
On December 31st, an employee of one company posted a photo from a corporate party with the caption:
"Best New Year in 10 years 🎅"
The account was deleted a day later.
Find the address of this establishment:
Flag format: grodno{Main_Square_1A}
RIS shows that this photo was taken at the bar named Spichki.
CTF is held in Grodno, so it's logical that the bar is also located in Grodno.
