Saturday, August 7, 2021

Post #32 - Storm Spy Saga, Part 3: Houston, We Have a Golf Ball

I am an artist. I do film, animation, digital art, etc. A lot of my art involves pictures I've taken over the years—some as far back as a decade ago. In order to sustain this collection process, I'm always looking for things to capture with my camera. Many of these things I see while I'm walking, shopping, or even vacationing. Sometimes, though, I choose to use other cameras to obtain my footage, or even to scout potential future areas for scenes/inspiration.

Well, during the course of this obsession, the urge to catalog interesting/aesthetically pleasing radars struck me. But how was I going to find them? I already knew where the Bismarck, ND radar was located, but I was fairly certain there would be at least a couple of radars in each state. I just had to find a way to locate them.

Following my own advice, when one has nowhere else to start, Google is the place to go! So, off I marched to type the first phrase I could think of into the search bar: "map of doppler radar sites". Believe it or not, I not only got useful results, but I got official results in the form of a NOAA page.

There is both a .JPG and .PDF version of the map, and the .PDF version allows for increased detail as you zoom. But what are all those letters? My guess would be some sort of callsign or designation, but once again, I turned to Google for clarification. This time, I decided to try focusing on what looked like the New York radar, KOKX, since that would be the closest to home for me. My search query this time was "kokx wsr-88d".

The first result returned was another NOAA page, this one referencing a SLEP refurbishment for the radar's pedestal (we learned about SLEP—the Service Life Extension Program—while looking into the Bismarck radar.) We also learn from this new page that the radar is located in Upton, New York. That's good to know, but we're not going to dive any deeper on that... at least not in this blog post. Instead, we continue looking through our search results.

The next page of interest we discover belongs to the Atmospheric Sciences school of Northern Vermont University, and it lists the 88D locations throughout the US as of 1983. That may seem old, but considering the existence of SLEP, it's fair to say many if not most of the radars on this list are still in service.

The most important parts of this table, though, are the latitude and longtitude provided for each radar. Armed with these numbers, we should be able to precisely find any radar we want! So, returning to KOKX, we are given a lat/lon of 405156/0725150. That means our next step is clear; we need to plot those coordinates and locate this radar. Now, if you've never worked with lat/lon coordinate formats and Google Maps/Earth, it is surprisingly unintuitive. As a result, I am going to exert some extra labor here and explain the issue, the concepts, and a way to speed things up.

First, the problem. Let's step into my definitely fictional time machine for a moment and pretend we've already solved this issue. By doing that, I can provide some contrast that will illustrate the problem.

NVU's format: 405156/0725150

DMS format: N40°51'56", W72°51'50"

Google's format: @40.8655281,-72.8667767

...see the issue? NVU isn't bad; all you have to do is realize that the leading zero in the lon means it is negative, or West. After that, you just add a decimal after every second digit. That basically gives you DMS (degrees, minutes, seconds) format. Google, though... that format is ugly and dang near unusable, but that's because it is in DD (decimal degrees) format, and that's the format you have to enter in to Google Maps/Earth if you want to travel directly to those coordinates. Luckily, I have a solution in the form of a website that will help you convert between formats with ease.

All we have to do is remember the rule I mentioned (convert leading zeroes into South or West, then add a decimal after every second digit) and enter the DMS format, and the converter will automatically give you the DD format. From there, just paste each of those values into Google Maps/Earth with a comma between them, and you'll be able to head precisely to their location.

Speaking of which, we're still in the future. Ah, the heck with it. While we're here, we might as well use the DD coordinates for KOKX we just generated and take a gander on Google Earth (since we're looking for a distinct structure, as I stated in the first part of this series.)

And once again, my technique proves itself accurate. Look at the round, white shape just beneath and to the right of the map marker. Doesn't that look like a big, friendly golf ball to you? I'd sure love to have confirmed this via Street View (and maybe decide if the area would be good for future film projects), but sadly there were no available locations nearby.

And yes, I checked cameras, too. That having been said, I did eventually get to see this radar at very, very close range online, but that's something we're going to cover in a future entry.

For now, we're headed down to Texas for the second part of this blog. "But... why?" you ask, not seeing any logical jump from any of the work we've done thus far. That's a fair inquiry, so allow to me explain.

While I was doing all of this research, I was giving a friend of mine play-by-play details. In response, my friend mentioned that they drive by a Doppler radar every day on their way to work. I already knew the city in which they lived, so they challenged me to find the radar. That's where this part of our story begins.

The city? Houston, TX. The goal? Find a Doppler radar my friend drives by every day.

To start, let's refer to our two sources we identified earlier in this blog:

Well, according to both sources, there is only one Doppler radar in Houston: KHGX. Our table tells us that the co-ordinates are 292819/0950445, or 29.4719444,-95.07916666666667 in DD format. The map pin looks close to what we saw on the NOAA resource, too.

Following my own procedure, I verified the location of the radar in Google Earth, then dropped in for a closer look in Street View.

I immediately sent the Street View image to friend with a gloating tone... only to be told I was wrong, and that the radar they drive by is literally in the middle of the highway. "Which highway?" I asked instinctively. In response, they sent me a picture of the radar as a hint.

Okay, let's examine this image for potential data points.

• The treeline, as it is only on one side of the road and will help orient us.

• The radar itself, which is on the opposite side of the road as the treeline.

• This roadsign, which gives us the name of two nearby roadways.

• A one way street that, with the treeline, sandwiches the radar.

Now, of course, I know there are other things on here (and there were more in the original image, as I'm sure you've noticed) that give away the location exactly. But in the spirit of challenge, I ignored those. Aside from the four things I've marked here, my only other data point provided by my friend was that the radar was on the Grand Parkway. Which, uhhh...

Basically, it surrounds Houston. To start out, we want to narrow down our range, and the names of the roads on that sign seems the perfect way to do it.

That should help us out quite a bit. Now that we have the stretch of road narrowed down, we can switch to Earth to look for any section of road that only has trees on one side.

That's definitely the radar my friend sent me, so the challenge is completed. However, we are left with a burning question: why was this radar not listed on either of my sources? To begin to seek the answer to this question, I first had to research what TDWR was and what it might mean in the context of our quest.

Very quickly I found my way to a Wikipedia page, and right away I found the answer as to why this did not show up in my other two sources. To quote the article, "Terminal Doppler Weather Radar (TDWR) is a Doppler weather radar system with a three-dimensional "pencil beam" used primarily for the detection of hazardous wind shear conditions, precipitation, and winds aloft on and near major airports situated in climates with great exposure to thunderstorms in the United States."

And here's the map provided in the article.

These radars are not a part of the NWS NEXRAD system, using a different technology funded by the FAA. They exist to support airport operations in areas with frequent inclement weather. Which, as it turns out, leads me to the final rabbit hole and end of our blog post.

I decided to Google some things, just because I could. I started with "tdwr houston", but tweaked my term to "tdwr" "houston" instead . I ended up in a very interesting place, to say the least.

Basically, several federal agencies have the responsibility of investigating reported radio intereferences and having them shut down, and potentially imposing sanctions on the offenders (you know how every electronic device you've ever owned has that whole "This device may not cause harmful interference" thing going on? Yeah, this is why.) Otherwise, airports may find themselves in a situation where they miss critical weather updates, and that's not an ideal situation for them to be in, generally speaking.

So, for fun, I just did a cheeky CTRL+F on this page for "houston", and I actually found two cases from 2010. They were both on the same date and for the same address, but for different businesses, and while one of them was simply a matter of unlicensed operation, the other was a bit more serious.

I'm just gonna take a stab here and say that causing interference with an airport's weather radar is not exactly going to win you any points with the FCC.

And thus concludes another part of this saga. There is plenty more to come, but in the meantime... good luck weathering the storm!

Thursday, July 22, 2021

Post #32 - Storm Spy Saga, Part 2: Twitch Once More, For I-94!

Content that I had successfully located the golf ball radar shown in the KRDN weather stream on Twitch, I turned my attention to another feature of the stream that caught my eye.

I wanted to find this camera. To me, that meant either seeing the camera itself, perhaps from a Street View car, or actually accessing the camera and watching its feed directly. Let's get started by analyzing the still image from the KRDN Twitch stream and highlighting some areas of interest.

So, item by item, we'll step through the image:

• The shrubbery I've highlighted in blue. It's only on one side of the road, which will help us narrow things down from perhaps Google Maps or Google Earth. Also, it will help orient us.

• The sign above the road I've also highlighted for basically the same reasons.

• The flow and shapes of the road I've highlighted, again, as it will help us narrow down candidate areas on a map, especially when combined with the first two highlights.

• ...and the camera information quite literally gives us the road name and city.

The best place to start is obviously the information at the bottom of the camera feed. The three main data points that I gathered from this information were I-94, Mandan, and NDDOT.

Okay, that was easy enough. The preview of I-94 shows that Mandan is just slightly west of Bismarck. Now, to find some candidate cameras. For widespread, often government-maintained cameras, my first choice tends to be Windy.

Dang. Thought we might get lucky, but nope. So, if Windy doesn't have any other traffic cameras in the area, where could we possibly view them? Well, it actually occurred to me, only now, to review the "Provider's Website" link on Windy, which I had never done before.

That link leads us to this page, which then leads us to another page. Both of these pages, as you might have noticed, belong to NDDOT, just like the camera still from our Twitch stream revealed. We're getting closer.

The NDDOT page we've discovered gives you the ability to filter by traffic cameras, so I did that and started looking for cameras that matched the layout of the road as we noted earlier.

I definitely made myself proud here, as I picked the highlighted camera first based on the curvature of the road and was actually correct!

Let's compare the footage from this camera (right) to the still image we saw on Twitch (right).

Skewed aspect ratio aside, we definitely located the exact camera in use by KRDN for their weather broadcasts! Sadly, this particular camera only provides image snapshots once per minute, but nevertheless, we were able to look through the very same lens we saw on a news station broadcast, and that's kinda neat!

Good luck weathering the storm. I'll be back with Part 3 as soon as I can!

Sunday, July 18, 2021

Post #32 - Storm Spy Saga, Part 1: Twitch, Google, and a Golf Ball

For those who are unaware, I grew up in Kansas. Please, dispense of your Wizard of Oz jokes now; I've heard them all before.

Anyway, we had awesome storms in Kansas. I'm talking powerful winds, torrential downpours, massive hail, majestic lightning, deafening thunder, and of course tornadoes. I wanted to be a storm chaser for a long time, and for anyone who has attended my Morning Minute streams, you'll know I used to sit around and watch the Weather Channel just for fun almost every day.

In mid-May 2021, I discovered the wonderful genre of analog horror on YouTube. I was hooked, and I immediately consumed every channel I could possibly find. I hyperfixated, and eventually, I had caught up on the entire genre in less than a month. I wanted more.

A screenshot from Gemini Home Entertainment's "STORM SAFETY TIPS"

The genre of analog horror frequently relies on the use of local television stations and the associated programming, such as news or weather broadcasts. I won't delve into the psychology, but this really works for me as a vehicle for subversion into eventual horror. At any rate, I needed something to hold me over while I waited for one of the dozens of channels I had just discovered to post a new video.

Unfortunately, analog television is very close to its demise after the mandated digital transition came to a conclusion in July 2013. Beyond that, the graphics and sound of modern Weather Channel broadcasts just aren't the same. Nevertheless, I tried locating some sort of broadcast that would satisfy my need for a mostly slide-based, chill music aesthetic. I found the answer, of all places, on Twitch.

To my surprise—both at having found something and only having found a single thing—I located only one stream, running 24/7, of a local station in Bismarck, North Dakota. It was perfect. Just the right graphics, the right text-to-speech, the right music (with a modern update, of course.) I watched it all day as ambiance while working from home in my office/studio. It was so relaxing (and not uncommon amongst neurodivergent folks, I later discovered via some chats on Twitter.)

Alas, OSINT brain never turns off, and I saw a few things on some of the slides that started turning gears in my skull. This is where our saga truly begins.

I needed to find that golf ball. I don't know why, but I needed to find it. The question was, where to start?

Well, to be honest, I was not familiar with radar models at the outset of this saga, so I simply Googled "bismarck weather radar" to see what I could find. The web results didn't immediately inspire me, so I changed to the image results instead.

...well, that seems like a promising start. I could do a few things here. Just for my own knowledge, for example, I could map out all of those other places in relation to Bismarck.

Good to know, just for future reference, but not particularly helpful in tracking down our current target. So, let's return to the page where we found that radar outage image. On this small page containing only a handful of paragraphs, we learn a number of things that are either interesting or may help us later on down the line in our research:

• The upgrades began in March 2021.

• The radar is a Weather Surveillance Radar 88-Doppler (WSR-88D).

• This particular notice was issued by the Bismarck, ND Weather Forecast Office.

All of this information is important. Firstly, it tells us the upgrades started only two months before our research began, so the information on this page is very likely still applicable and viable. Second, we now have a better search term in the form of the radar model. Finally, we know who, specifically, manages this particular radar. That last bit is where we're going to pivot from next. Well, after I made a little detour to read up on the WSR-88D, that is.

Heck, why not just search "Bismarck, ND Weather Forecast Office" and see what we find? As I am fond of saying when discussing OSINT, always Google things. Always.

Uhhh, that was easy, right? The next step here would be to look at this location in Google Earth. We're looking for a distinct architectural structure, so scanning the area in Earth is likely going to be more fruitful than the ground-level perspective we'd get in Street View. In fact, I've used basically this exact strategy in my earliest OSINT post on this blog.

That certainly looks like our friendly neighborhood WSR-88D. How about we drop into Street View and take a closer look?

Yep. That's it. That's exactly the Doppler radar we're looking for!

And that's where we are going to stop for now. This is only the first in a series of posts related to this saga. Additional entries will follow in the near future, and I don't have a definitive end in sight.

See you next time. In the meantime, good luck weathering the storm.

Friday, July 16, 2021

Post #31 - CISSP Certification Compendium

I passed the CISSP in April of 2021. I studied for 1.5 years, during a pandemic, and I felt totally unprepared walking into the exam, but in the end I passed.

I have already added all the study resources I used to my Newcomer Security Packet (contact me directly if you’d like a beta copy. I still have yet to format a live copy for this site), but given the scope and reputation of this exam, I figured it deserved its own blog post. For one, this will serve to discharge my mind of the remaining fragments of stress and framing related to the exam. More importantly, it will give me a resource to which I can point anyone who might ask me about the overall CISSP experience.

Two quick preliminary things before we begin the proper part of this blog:

Firstly, I owe a big thanks to Cassie. Though I didn’t end up using 100% of the resources she provided to me, I did use a few of them, and her belief and support after passing the exam herself was instrumental in driving me to pursue it in the first place.

Secondly, for those who prefer audio/video information delivery or a more casual atmosphere, I did a cheeky little Twitch stream wherein I talked about my CISSP journey while playing Minecraft.

Now that all of that is out of the way, let’s get started.

In late 2019, shortly after passing my CEH exam, I made the decision to start studying for my CISSP exam. My job was keen on me obtaining this certification, and they were willing to pay for the cost of the exam. The decision having been made, the next step was to craft a study plan. I have a fairly well-established methodology for doing this by now, so let’s describe that a bit.

• I diversify the medium of the content I consume. By that, I mean that I never limit it to just reading or just videos. I try to study from as many formats as I can.

• I never study from the same format back-to-back if I can help it. If I read a study guide, the next thing I do will be watching a video series or taking practice exams, for example.

• I will not move past any media that has practice material until I can consistently get 90% or greater on each section in one pass.

Now, as a caveat, I am not saying that my methods are advisable or empirically sound. In fact, Tarah Wheeler gave a great talk at GRIMMCon 2020 about the marginal utility of study time. This is just the method that has always worked for me.

So, once I decided to take the exam, the obvious question presented itself to me: what study material should I use to prepare?

My answer came in the form of an amalgamation of past study material providers, official material, work-provided material, and Cassie’s suggestions.

The absolute first thing I did was look for any CISSP study material provided by my company. I did have access to one video course through my job, but because it isn’t publicly available, I won’t cover it here.

After completing that video course, I searched up the official study guide, which wasn’t too expensive as an eBook. I read through it completely and went over the chapter quizzes until I was able to complete all chapters in one go with a 90% or greater score for all chapters.

Once I finished with the official study guide, I moved on to PocketPrep, both because I’ve used it before for CEH and because I had already done both video and book-based content up to that point. My view of PocketPrep for CISSP hasn’t changed much from CEH: the interface and the availability of a mobile app really make it worth the cost in my opinion. Additionally, the ability to see which subject areas are your weakness and to create custom quizzes using only flagged questions really help shore up the areas where you aren’t as strong.

Next, I purchased a subscription to Cybrary so I could take the Kelly Handerhan CISSP course. This money was extremely well-spent. Regardless of the content Kelly covers, the framing in which she provides it is absolutely key to passing the exam. I’ll talk about that more a bit later. In the meantime, I’ll just say that the Cybrary course combines video presentations from Kelly’s live classes with eventual practice exams. While the video section can be a bit jarring because Kelly interacts with chat members whose messages you can never see, the framing is invaluable.

Now, because of the pandemic and certain other life events, the Cybrary course itself took what felt like an eternity for me to finish. So, by the time I finished it and passed the practice exams with satisfactory scores, I had very little time before my scheduled exam date. As a result, I moved on to another written resource: the Eleventh Hour study guide. A breezy but dense 200+ page tome, the Eleventh Hour book focuses only on the absolutely essential topics and concepts with zero fluff. Very good for tying together all your loose ends at the home stretch.

This is where I normally would have stopped and ran straight into the exam, but a few last second notes and resources are absolutely worth mentioning here.

To start, Boson. I really, truly love Boson’s practice exams. I wish they supported mobile studying more robustly, but their content and wording is fantastic. I used them for CEH, and I had planned to use them for CISSP, but I ran out of time.

Finally, I panicked. I posted on Twitter about my reservations and hesitations and self-deprecations, and I was provided with two resources that were not originally on my list.

And here we again return to Kelly Handerhan, this time in the form of a video entitled “Why You Will Pass The CISSP”. This video is everything, again not because of the content, but because of the framing. The absolute, most critical piece of advice Kelly (and by extension, myself) can give you is this: in the context of the CISSP, you are not there to fix problems. You are a risk advisor, a counselor to decision makers. You are there to facilitate good, sound, risk-based decision making that will not result in pitfalls to the organization. You support the implementation of processes and procedures, but you don’t implement them. There’s some additional nuance to this short video—such as the value of human life above all else—but the overwhelming message is clear: you are an advisor/manager, not a technician/engineer.

With that context in mind, I turned to the final last minute resource I was pointed toward via Twitter replies: the "CISSP MindMaps" created by Destination Certification. There are effectively 29 videos on this playlist, totalling in at 6 hours combined. I will tell you right here, absolutely every second of this playlist is worth it. If you read the Eleventh Hour book, watch Kelly’s “Why You Will Pass The CISSP”, then finish off with this the week before the test, you will have a much easier time glueing everything together. Where Kelly succeeded in providing a potent razor for generally attacking all questions, the MindMaps playlist offers a way to contextualize and understand the entirety of CISSP as it fits together, painting it as one massive, beautiful puzzle. If you can understand the foundations in the earlier videos, you will begin to see how everything falls naturally, step by step, domain by domain, from the initial concepts discussed.

And those are the things that I studied to prepare for the CISSP exam. I still felt totally unprepared going into it. To make matters worse, the CISSP exam, as of this writing, uses adaptive computerized testing, meaning that while there is a set time limit, there is not a set number of questions. The exam modifies the questions that it throws at you based on your answers; if you seem to be doing well, it throws difficult, high-point questions at you, but if you aren’t doing well, it throws easier, low-point questions instead. So, conceivably, if you do very well, the test can be over very quickly.

This gave me a ton of anxiety, as every time I submitted an answer and another one turned up, I convinced myself more and more that I was failing, at least until one answer triggered the end of the test. I was still convinced I had bombed, and yet, I passed handily. From the replies I received on Twitter after my panic session, it seems that this is by far the norm.

So, if I had to summarize my experience and my advice heading into this exam, I’d do it thusly:

• You’re a risk manager, not a technician. Advise, don’t fix.

• Understand how it all fits together, from the bottom up.

• More likely than not, you will feel totally unprepared. That’s okay.

We have, at last, reached the end of my little CISSP study guide compendium and experience/advice blog post. Please feel free to reach out to me on Twitter if you want to discuss anything regarding the CISSP.

Thank you very much for stopping by, and good luck with all of your future certification/education endeavors!

Wednesday, February 17, 2021

Post #30 - TryHackMe Write-Up: Searchlight - IMINT

For those who are not aware, I'm a member of the Searchlight team (Twitter/Discord). And if you were again unaware, Searchlight published a TryHackMe room for IMINT in late 2020. I recently completed taking all my notes, screenshots, etc. for this room. That means it is time for a clean, well-polished write-up!

It should be noted that many things involving intelligence of any kind can have a large number of potential solutions, so please do not interpret this guide as a definitive manual for solving these challenges. There are many ways to get your answers, and they are no less valid that the methods I used.

Task #1

This is quite literally just checking to make sure you understand the flag format. Not much to say here.

Task #2

This task should also be fairly obvious. The name of the street is right on the sign itself.

Task #3

For this task, we are given the below image and set of questions:

Which city is the tube station located in?

Which tube station do these stairs lead to?

Which year did this station open?

How many platforms are there in this station?

Firstly, let's determine the country in which this "tube station" is located. If the name "tube" or the logo for the Underground aren't immediately recognizable to you, searching Google for "public subway underground" and looking through the results should very quickly lead you to the fact that it is, in fact, in London.

That's an easy answer for our first question. Sometimes just googling words you see in the photo can pay dividends if you take the time to comb through query results.

Now, we need to find which station we're looking at. Once again, I turn to the text in the image itself, this time adding in the context I've discovered thus far. I can clearly see a "CIRCUS STA" on the blue sign above the stairs. Since we're talking about stations, I expand that out to "circus station" and add in "london", since we've determined that's where we're currently located.

We see "Picadilly Circus Station" as a top result, and it does look like the same blue sign has an "LLY" on it, so we'll pivot to that location in Google Maps and drop into Street View to check out findings.

Comparing the original image (left) and an approximate Street View (right), we can pick out a few distinguishing characteristics to determine that, in fact, Picadilly Circus is the name of the station to which these stairs lead.

Next, we need to determine what year this station opened and how many platforms it has. I grouped these questions together because if we find one answer, we may very likely be able to find the other at the same time.

Adjusting our Google query to "Picadilly Circus station", we immediately see a useful card (as well as a link) to Wikipedia for the station. If we check out the Wikipedia entry, we'll notice answers to both our questions in short order.

Task #4

On to the fourth task. Here is our picture and the associated questions:

Which building is this photo taken in?

Which country is this building located in?

Which city is this building located in?

Once again, I start by parsing any written text in the image. We've got a few things we could look at and research, but the thing that stands out to me right away is a domain name in the bottom-right of the "YVR Connects" sign, "".

Well, this effectively answers two of our questions. It's Vancouver International Airport. However, in the event that you didn't know that Vancouver is the name of a place in Canada, you can google "Vancouver International Airport", and you'll find out that not only is it in Canada, the city in which it resides is Richmond.

By the way, I knew this was a Canadian airport immediately upon opening the image thanks to the song "YYZ" by Rush, a Canadian band. The song title is a reference to Toronto Pearson International Airport.

Task #5

For the fifth task, we're given two pictures:

Which city is this coffee shop located in?

Which street is this coffee shop located in?

What is their phone number?

What is their email address?

What is the surname of the owners?

And we're off again to look for clues inside of the images themselves. Nothing in particular leaps out at me as a starting point in the second picture with all of the food, but in the first picture, I do see what looks like the name of a business across the street. From what I can make it, it says "The Edinburgh Woollen M". I head off to Google with this potential partial phrase, knowing from the task description that we are looking for some place in Scotland. Thankfully, Google autocompletes the query for us.

The Edinburgh Woollen Mill is a chain establishment with a large number of locations throughout Scotland and beyond. In fact, you can search their locations via their website.

Conceivably, one could check every single location on this map and eventually find the answer, but that seems very time consuming. Instead, I turn to Google Maps.

When in Google Maps, your queries automatically adjust based on your zoom level. To that end, I focused my window on Scotland only and entered my search term, "The Edinburgh Woollen Mill".

That's a much smaller list than the locations listed on the website. However, we can help speed our search along even further if we examine some specific characteristics of the store in the original picture.

The sign and the street appear to be curved. This leads me to believe we can narrow down our search by zooming in to each location on the map just far enough to see the layout of the street. If it isn't curved and doesn't have a building approximately opposite of it, it's not our store.

With those parameters in mind, we get busy checking each store one-by-one.

In less than five minutes, we come to a store on a street with a layout that looks strikingly similar to our source image. As always, let's drop into Street View and compare against our source image.

Yeah, there is no way that this isn't our shop. Perfect. Now we can answer some questions.

There it is. According to the Google entry for this particular location, it is in Blairgowrie. To answer the next question, we'll need to look across the street and determine the exact location and name of the coffee shop.

The Wee Coffee Shop is on Allan St. That's two questions down and three more to go.

Now that we have some more details, we can return to Google. After a quick Google search of the business name and city, I landed on their Facebook page, and this gave me the answer to the third question regarding their phone number.

For the email address, I returned once again to Google, relying as usual on operators to ensure I get the most relevant results.

NOTE: Surrounding a word or phrase in double-quotes in Google tells Google to only return results that contain that word/phrase.

The second-listed result gives us the answer to not only the question regarding the businesses email address (hover over the "Email Business" button to see their email address), but also gives us the surname of the business owners.

Task #6

Task number six is much breezier than its predecessor. In this task, we are given a single image and two questions, and the task revolves around reverse image searches.

Which restaurant was this picture taken at?

What is the name of the Bon Appétit editor that worked 24 hours at this restaurant?

Well, since it is a reverse image task, let's just go to Google Images and upload our image.

Easy victory on the first question. This is Katz's Deli in New York. Now that we have that answered, we can look into the Bon Appétit editor question. We turn once again to Google. First, I decided to look for the website of Bon Appétit. Once I found that, I used the site: search operator in Google to ensure that the results I received were only from Beyond that, I included the full name of Katz's Deli in the search with double-quotes.

And with a single, well-crafted Google query, we have our answer.

Oh, and as a New Yorker, do you have any idea how many films/television shows have been shot in Katz's Deli? "When Harry Met Sally..." may be the one many people think of first, but there's actually a whole list.

Task #7

We've arrived at the seventh task. This time, we have a single image and only two questions (well, sort of.)

What is the name of this statue?

Who took this image?

Since I have a photo, the first thing I am going to try is dropping it into various reverse image search tools (Google, Yandex, TinEye, etc.) There are pros and cons to each (Yandex has a built-in cropping tool and is better at identifying architecture, but primarily returns non-English results, for example), so trying them all is generally a good idea. In this particular case, I had the most luck with Yandex. I also had to resize the original file for it to upload properly, which I've never had to do, so just be aware of that.

Remember when I said that we "sort of" have two questions to answer? Well, in order to actually answer those two questions, we may have to answer a couple more questions along the way. That may not necessarily be true for you, but in my case it was.

Thanks to Yandex, I now know that this statue is in Tjuvholmen Sculpture Park in Oslo, Norway. That will be helpful later on. For now, we keep looking through the results.

Okay, "motor deer sculpture" isn't our answer (believe me, I tried), but perhaps it will get us closer, especially if we tack the word "oslo" onto our Google query.

"Rudolph", eh? Let's click through this Alamy image.

And there we have our first answer, "Rudolph the Chrome Nosed Reindeer". On to the next question: who took the original picutre?

I got very, very stuck here. I tried so many variations of reverse image searches, pivots, cropping, Google search queries, etc. I ended up using the hint, but I reverse engineered how I should have gotten the answer without it, and I am very mad this wasn't my first action.

...I just ended up googling "Rudolph the Chrome Nosed Reindeer oslo".

If we check the results one at a time, the second result for Visit Oslo will yield us an interactive map of all the outdoor sculptures in the area. There aren't too many, so if we check them one-by-one, we'll eventually find our original photo, along with the photographer.

Task #8

Task #8 is the pentultimate challenge for this room. For this room we're given a single picture:

Wait, no! Not that picture!

Much better. Now, for the questions.

What is the name of the character that the statue depicts?

Where is this statue located?

What is the name of the building opposite from this statue?

In the event the James Hetfield meme I included above didn't give it away, the name of this task ("...and Justice For All") is a reference to Metallica's 1988 album of the same name. To that end, I knew the answer to the first question right away, but just in case you didn't grow up listening to thrash metal and skateboarding, let me show you a different way to get the answer. But first, what happens if we try to reverse this image on, say, Google?

Yeah, we're not going to get any useful results with an image that has been seen so many times on the Internet. Trust me, I looked through the results for a while.

So, what should we do instead? Well, how about we just try to describe the statue we see in the image? We may get lucky.

Sometimes, it really is that simple. "Lady Justice" is the name of this statue. That should make finding it super easy, right?

Well, no, actually. Lady Justice is a figure, and there are many statues of her throughout the world. So, what can we do? What's the next step?

The first thing I did was note unique characteristics in this picture. Firstly, that this Lady Justice has scales in each hand, whereas others have a set of scales in one hand and a sword in the other. Secondly, there is a reflection of a brick building in the window. Those are both good to note. If we upload the image to Yandex instead of Google, though, we actually get a ton of hits for the same statue from different angles!

With photos like the one above, I started trying a bunch of different Google queries, such as...

"lady justice scales both hands"

"lady justice brick building"

"lady justice united states court"

"lady justice floating feet"

...but to no avail. As I realized how narrow my chances of success were by just picking the right query and then taking the time to dig through all the results, I went back to my Yandex results and took a different approach.

Most professional journalistic outfits will provide credit for any photos used in their article. It stood to reason, at least to me, that if I kept checking Yandex results belonging to English news sites I would eventually find a pivot point. I was right, at least to a degree. None of the Yandex results directly worked for me, but eventually I started right-clicking all the different angles of the statue in my Yandex results and searching for them via Google Images in Chrome. After a few tries, I got a good hit.

"Photo by Dan4th Nicholas at". Well, let's take a look at Dan4th's most popular works on Flickr, shall we?

That first photo definitely looks like our lady.

Wow! We got both a map of where in the world the photo was taken and Dan4th's description, which places this statue precisely at the Albert V. Bryan Courthouse in Alexandria, Virginia (the city and state are our answer to the second question, by the way.)

All we have to do now is find the courthouse on Google Maps and find out what building is across the street. You don't have to drop into Street View here, but I did it anyway because I wanted to demonstrate something.

Remember earlier when we saw the "United States Court" in one of the Yandex results? Well, here we are in Street View, and there it is! That's a good bit of confirmation that we've got the right place. Now, to the building across the way!

The Westin is our answer—well, that's what the sign on the building says, but it helps to click the icon on the building itself to get the full name, which is our third answer.

Task #9

And so we've arrived at the ninth and final task. This time, we're given a video to inspect instead of a still photo. We're also given a single question to answer.

What is the name of the hotel that my friend is staying in?

Now, I did not personally need to extract frame-by-frame images from this video in order to solve the challenge, but I did it anyway so I could demonstrate a few things—and so I could have some images to drop into this write-up.

NOTE: This is also part of a technique for making custom .GIF files from a video clip. You can extract the frame-by-frame images, then select "Open as Layers" in GIMP and output them as a .GIF file!

If you don't already have it, grab a copy of ffmpeg. Once you've got it, run the following command to convert the video into individual frames:

ffmpeg -i "C:\Users\prescomm\Downloads\task9.mp4" -r 29.97 -f image2 "C:\Users\prescomm\Downloads\task9-images\image-%07d.png"


-i - This specifies the input file, in this case our task #9 video file.

-r - This specifies the framerate of the input file. You can check the video file's properties to determine this.

-f image2 - This specifies the output file format for our images. For this task, we've selected image2.

%07d - This specifies a variable part of the output file names. In this case, we are numbering them incrementally with a seven-digit integer.

If everything turns out correctly, you should have 1426 output files. That's the total number of frames in the entire video, and if the video is running at 29.97 frames per second, we can say that 1426/29.97 is equal to 47.58. Since our video is 47 seconds long, our math checks out.

As we watch the video or progress through our frames, we're looking for anything that might narrow down where in the world this video might have been taken, however vague. At the 15 second mark (or approximately frame 449), I spot something that may offer us a clue.

I see a place called "Riverside Point", and I see some vessels in the water that I suppose to be ferries. With that knowledge in mind, I turn once again to Google, this time with the query "Riverside Point ferry".

The top result looks promising, so I click through.

That looks an awful lot like the same Riverside Point we located in our video, so it's worth our effort to check it out on Google Maps.

Assuming we have the right River Point, based on the angle of the video, I have drawn a line from where I think we need to drop into Street View. Once we're there, I start "walking" toward River Point so I can orient myself in relation to frame 449. I come to a stopping point when I notice a familiar set of buildings.

Where have we seen this before? Why, none other than the first frame of our video!

Okay, between River Point and this set of buildings, we're starting to build a list of reference points to build out some angles. In fact, here's a shot from that exact same spot on Google maps, but with our backs turned to the set of buildings in the first frame:

There's River Point. I'm confident that from where we are "standing", we may be able to see the target of our investigation. Let's return to the video and look for more clues now that we have some angular context.

This is frame 361. Those odd umbrella canopy structures look like the things we were standing under in Street View. Good, good. Let's keep looking.

And this is frame 285. Back in Street View, let's see if we can locate them. They look familiar.

Oh, they were visible from our Street View standing position. In the video, the camera had just swung down to look at the street, and these building were basically directly beneath the balcony on which our cameraperson is positioned. All we really need to do is find something with the relative height and distance that could look directly down and see these buildings while also catching the set of buildings in the horizon and River Point further to the right from those first two shots.

Well, that building looks very promising. I had actually taken this screenshot earlier as I was approaching the general vicinty of River Point. Turns out, it's the same building on the left side of the photo containing the colorful buildings on the street below. This building has the word "Novotel" emblazoned vertically on it's facade, but that is not our answer. Let's go back to Google! I type in "Novotel Singapore" and submit my query.

Well, there are two Novotels in Singapore. So, which one are we looking at for this challenge? Incidentally, I already captured the answer to that in one of the earlier pictures.

Yep. Novotel Singapore Clarke Quay is the building from which our video was shot, making it our final answer for not only this task but also the entire room.

I sincerely hope you enjoyed both this write-up and the room (if you've done it). I look forward to tackling further challenges from the Searchlight team. In the meantime, be sure to hit myself and/or the team up on Twitter or Discord. It would be our pleasure to chat with you.

See ya soon!