This is part two of my stream of consciousness/brain dump while working my way through Kase Scenarios‘ latest offering, “Orkla: Bounty Hunt.” If you’re looking for a walkthrough, you should start at Part I. If you don’t know what OSINT is, you should look…somewhere else for now, because I haven’t written that blog yet. I will.
Anyway, jumping into it; Orkla, who I just met on the Internet and obviously trust, has more work for me:
I honestly thought this was going to be difficult, but a quick Google search did it. Hint; use Google Tools to narrow down the date range.
Not to overuse the same tool/technique, but if it works, it works. This took a little bit of Google dorking, and the first search result was the report I was looking for. It’s on the Internet Corporation for Assigned Names and Numbers (ICANN) website.
“For reasons not important to you” makes it sound like I’m involved in something really sketchy. I’ve made it this far; no backing out now.
This was tricky. I’ve worked a little bit with IP addresses in the past, but this is diving a little deeper — I love it! You’ll want a tool that provides historic DNS info. There are a few free ones available. I used viewdns.info.
Wow. This was hard, but I figured it out eventually — it took me at least an hour. I went through every normal whois lookup that I know of, and just. Kept. Missing. All of them. I plugged in “bunkr.ru” and kept digging through the records. ICANN? Crickets. Whois365? Nope. Who.is? Ha, nice try.
What I should have done from the outset was pay more attention to the hint, find the country code top-level domain (ccTLD) for Slovenia, and try the same URL with the appropriate ccTLD. I eventually stumbled on this. From there, it was a simple matter of figuring out that other countries have their own whois databases. I found the one for Slovenia, plugged in the appropriate URL, and that spit out the email address I was looking for.
Lesson learned, and hammered home with a brief exchange with a moderator on the (very active and supportive) Discord channel: Stop overthinking. Think critically. Don’t be afraid to go back a step if you’re stuck.
After beating my head against the wall for the better part of an hour to solve One. Freaking. Question, I decided to take the win and hang it up for the evening.
My initial assessment stands; I think this scenario is appropriately difficult. It seems to be getting harder as I progress, though the Slovenian website was the one thing that really slowed me down today. Some people (not me) will breeze through this with nary a second thought. Some will take longer. Some will need help – and the beautiful thing about the OSINT community is that there are people willing to help.
As always, if you bother to read this and have feedback or questions, feel free to drop a comment here, or an email at [email protected].
Seriously. Leave a comment. It’s lonely here. Make fun of me. Point out an unfortunate typo. Tell an embarrassing story about my childhood. (Mom, I’m kidding; please do not post any of those on the Internet).
Part III will be up this weekend. Cheers!
Can I post photos instead?
That would still be telling a story; a picture is worth 7 words, or whatever the axiom is.