picoCTF Solutions
OSINTFoundations

Open-Source Intelligence

Open-Source Intelligence (OSINT) is the discipline of gathering and analyzing information from publicly available sources. In CTFs it maps to a concrete set of skills: extracting hidden metadata from files, recovering data that survives poor redaction, geolocating images from coordinate clues, reading network traffic for identity traces, and hunting credentials through breach databases. These techniques are used daily by threat-intel analysts, investigative journalists, and security researchers.

4 steps·8 challenges
  1. Step 01

    Redacted? Not Quite

    Organizations regularly publish documents they believe are sanitized, but the data often survives. A black rectangle drawn over text in a PDF is a cosmetic layer - the words beneath are still extractable. An SVG file stores its shapes as XML, so a flag hidden as a text node is invisible on screen but readable in the source. These challenges build the habit of looking at what a file actually contains rather than what it renders.

    Enhance!

    picoCTF 2022

    Medium

    Redaction gone wrong

    picoCTF 2022

    Medium
  2. Step 02

    Geolocation from Evidence

    Images and coordinate data reveal location even when no one intends them to. Reverse geocoding turns GPS coordinates into place names; satellite imagery lets you match landmarks in an untagged photo. Mr-Worldwide encodes a flag by mapping coordinates to city names, and Blast from the Past tests your understanding of how EXIF timestamp fields are structured and what it takes to verify or backdate them.

    Mr-Worldwide

    picoCTF 2019

    Medium

    Blast from the past

    picoCTF 2024

    Medium
  3. Step 03

    Network and Protocol Footprints

    Network traffic carries identity. A BitTorrent session broadcasts an info_hash that identifies the exact file being downloaded, and that hash traces back to a named torrent in public indexes. A captured Wi-Fi handshake contains enough cryptographic material to crack the passphrase offline using a dictionary. These challenges show how protocols designed purely for function leave an investigatable trail.

    Torrent Analyze

    picoCTF 2022

    Medium

    WPA-ing Out

    picoGym Exclusive

    Medium
  4. Step 04

    Credential Intelligence

    Billions of credentials from past data breaches circulate in public dumps. OSINT investigators query them to surface accounts, identify password reuse patterns, and understand a target's digital habits. Password profiling tools like CUPP generate targeted wordlists from personal details gathered through open sources. These two challenges sit at the intersection of OSINT and credential security.

    Password Profiler

    picoCTF 2026

    Easy

    Credential Stuffing

    picoCTF 2026

    Medium
All guided paths