Former CIA Officer: How to Find Anyone's Exact Location Online

Can I, a former CIA officer, pass the viral CIA test? tryhackme.com tryhackme.com. This is going to be interesting. So, here's the deal. A buddy of mine reached out to me and he said, "Hey Jason, have you seen this viral CIA test?" And I said, "I have no idea what you're talking about. I've never heard about it. I I mean, I said it was it Is it uh actually by the agency?" He said it's by a private company. They're calling it a CIA test. And I said, "Okay, tell me what the heck's going on." So, basically, there's this company they're called tryhackme.com and it is a CIA hack test is what they're calling it. Uh keep in mind, I am My expertise is more physical security. So, we will see how good I can do this. So, here's what I'm going to do. I'm going to I'm going to see how my skills are. Don't get excited. But, you're probably going to be disappointed here. Okay, so we This is the link he sent me. tryhackme.com/room/sakura. All right, so let's see. I'm I'm just going to read exactly what I'm seeing. It says, "Use a variety of OSINT techniques, open-source intelligence." So, open-source intelligence is a great way to great way to collect intelligence, but it is literally public available public information. So, you can find it online, you can see it boots on the ground, but it's open-source. It's not classified, not hard to get to. The general public can access it. So, it says, "Use a variety of OSINT techniques to solve this room created by the OSINT Dojo." Okay, still not sure what in the heck I've got myself into and what in the heck exactly this is, but let's find it out. It says, "Task one, welcome to the OSINT Dojo Sakura room. This room is designed to test a wide variety of different OSINT techniques." Let me just scan through it real quick. I'll be asked a bunch of information. And again, this is ethical hacking. So, we're trying the {quote} "CIA hack [music] test" but ethical hacking. And they're going to give me some questions. They're going to tell me whether I can uh pass the CIA test or not as a former agency employee. Okay, so let's just get started. Yeah, I read directions directions smirections. Okay, ready to get started? Type in "Let's go" in the answer box below. Do I have to type it exactly or are they going to Are they going to ding me if I Well, why can't I even get in the box? Why isn't it letting me in the box? Let's see. Well, I failed the first test. Join this room, but he won't even let me type in the box, man. All right, there we go. So, I have to click "Join this room" first. And let's see. Let's go. I'm on my buddy's computer, so I can't even type today. Geez, not used to this computer. Okay, I don't have my question or my uh exclamation point. Well, this We'll see if they allow me. Oh, they do want me to literally type it exactly how it is. So, capital G exclamation point. Is there anything else we screwed up in there? Okay, here we go. All right, my self-esteem just rose. Okay, so that is number one. Now, let's go to the next task. Is the tip-off. Let's see what the heck the tip-off is. The OSINT Dojo recently found themselves the victim of a cyber attack. Seems there's no major damage. During a forensic analysis, our admins found an image left behind by the cybercriminals. Bum bum bum. Perhaps they found some clues or has some clues that could allow us to determine who the hackers are. We've copied the image left by the attacker. You can view it here. So, let's click on this bad boy. Okay, you've been What is that? Pawned? However you pronounce that. And it's got a binary code. that much. I don't know a whole lot about cyber, but I know at least that much. [music] So, we've got a binary code left by the hacker in this picture. Okay, let's go back to the website. Images contain can contain a treasure trove treasure trove of information. Um obviously, images can have can have embedded information. So, let's see what is embedded in this information, what other meta metadata is out there to see if it can help us find out. So, what username does the attacker go by? Well, let's find out the what we can about this image. Okay, so what I've done is I've downloaded the image. You can see the image right here on the computer. Now, here's the thing which most most people don't realize. A hacker is not really going to leave the obvious the world's obvious code. So, all these ones and zeros we see, this binary code, it's probably gibberish. It's probably not going to lead us to anything. I imagine there's something there's metadata that's embedded that we [music] can't see that's going to reveal the true identity of the attacker. However, because there's probably message in here, it's probably going to say you're the world's biggest idiot for typing this in. But, if we go to a binary decoder and we type in this image exactly like it, so we've got 0100 Oh my goodness. All right. Then, we're going to have to type this in. We're going to have to fast-forward this part cuz it's going to take a while. But, there's plenty of binary decoders on the internet. We'll type that in there and you'll see me start doing this and then we'll find out what the image is, which again is probably like, "I can't believe you just spent all that time typing this in here." Okay, so we finished uh with our binary decoder. Spent way too much time. I'm a man of little patience, so I definitely want to do this again. But, our [music] our message is, "A picture's worth a thousand words, but my data is worth much more." So, like I said, probably not going to reveal the name of the attacker or the hacker. Obviously, not going to be so easy where they're just going to spell it out right there. But, again, we've got a a cute little text. Uh "A picture's worth a thousand words, but my data is worth much more." Now, we need to dig even deeper [music] inside this picture to see if we can find out who the criminal is. All right, now what I'm going to do is because when we use the binary code that isn't telling us anything useful, I'm going to go in here and we're going to inspect the metadata on this. So, let me uh go to inspect. And that is a lot of information. So, I'm going to have to scroll through this. Again, we're probably going to have to fast-forward this part cuz I'm going to have to read all this and see where the hidden message is. I assume there's a hidden message in here. There's the metadata. There it is. All right, I think I found it. Actually, found that faster than I thought I would. Okay, it looks like the name is Sakura Snow Angel Aiko. Sakura Snow Angel Aiko. [music] So, where in the heck is that thing? What is it What is it tiger? I'm wondering if they're going to make me put all one word. Sakura Again, I'm using my buddy's computer. Sakura snow Got to need to I'm going to do a capital angel Aiko. Okay, Sakura Snow Angel Aiko. Let's see if they hate me, they love me. All right, higgity diggity. Okay, task three, reconnaissance. Let's find out what task three is. Okay, the attacker made a fatal mistake in their operational security. They seem to have reused their username across other social media platforms as well. This should make it far easier for us to gather additional information on them by locating their other social media accounts. Okay, I'm going to read this through. Yad yad yad yad yada. Okay, so what is the full email address used by the attacker? So, if I go back to again what we just did, the tip-off, we know the name that this hacker is using is Sakura [music] Snow Angel Aiko Aiko whatever. So, I'm going to copy that. I'm going to go going to Google. And you know what? I'm just going to copy and paste his Oops, we're going to copy paste it here, put it in quotes because remember, human beings are lazy. So, if this is his username, most likely he uses in some type of social media. Most likely this person using in something because again, we all do it. We're all lazy. So, let's see if anything comes up for Sakura Snow Angel. Okay, GitHub is the very first one. Uh and some other stuff. But, remember, this is a this is a [music] challenge. So, some of that stuff's about it. So, we're just going to go GitHub because that's the very first one that comes up here. And then we're going to scroll down and let's see. Go to repositories. [music] PGP keys. So, pretty good privacy. All right, so what we're going to do now is we are going to copy and paste this into this tool we're going to use and see if we can get his email address out of this. And it looks like Sakura Snow Angel 183@protonmail. Okay, so let's see if that's right. Let's go Let me go there. Go back to reconnaissance. Go back here. Full email address Sakura Snow Angel 183@protonmail.com. Let's check it. All right, three of 10 questions answered. Okay, so now I'm going to take his email address. I'm going to go back into Google. Put in the email address cuz we got to find the names. So, let's see if any Miguel Santarino. But, we got to keep Okay, so we're going to keep going here. All right, so it says Miguel Santarino. So, for the heck of it, we'll just type that in before we go deep dive in here here. Miguel Spell again. Miguel Santarino. Let me Santarino. Let me make sure that's the the correct name I got. Miguel Santarino. And we'll check. And negative. Our answer is incorrect. All right, we got to deep dive more. We got to go We got to go down the rabbit hole more and find out how we're going to find this this guy's name. Oh yes, we're sorry Miguel Santarino, whoever you are. All right, so Miguel is not the person we're looking for. Uh let's So, let's copy this in here. And this time, we're going to go back to Did I put No, I Now I can't remember if I put put quotes last time or not. Now I'm putting quotes. I can't remember. Did I quote or did I not quote? Let's see. Let's see if that Medium, LinkedIn. What I'm looking for here is I'm looking to see if I can come across any social media. So, let's go down. Let's go to page two. Page nobody ever goes to. No, but that's not it. I'm looking for like uh Oh, well, shoot. I think that just gave me the answer. But, guess what? We'll take it. So, I was looking It says, "Aiko Abe through their active Twitter handle." I did not see that pop up, but I'm going to take it. We're going to see if it's Aiko Abe. Uh let's go back to Aiko Abe and check. All right, we'll take it. All right, and on to the next step. Oh, by the way, like you might be watching this thing like, "Oh my gosh, this is crazy confusing." Here's the good news. >> [music] >> Most people leave such a digital trail on social media, you're not going to have to go through a bunch of crazy steps or anything. You're going to be able to go to their Facebook page [music] or Twitter account or Instagram or whatever and find the information about them there. So, that's the good news. You don't have to be some genius hacker or anything like that. All right, so next step. Okay, it says, "It seems the cybercriminal is aware that we are onto them. As we were investigating into their GitHub account, we observed indicators that the account owner had already begun editing and deleting information in order to throw us off the trail. It is likely they were removing this information because it contains some sort of data that would add to [music] our investigation. Perhaps there is a way to retrieve the the original information that they provided." Okay, now the instruction part. "On some platforms, the edited or removed content may be unrecoverable unless the page page was cached or archived on other platforms. However, other platforms may possess built-in functionality to view the history of edits, deletions, or insertions. When available, this audit history allows investigators to locate information that was once included, possibly by mistake or oversight, and then removed by the user. Such content is often quite valuable in the course of an investigation. In order to answer the below questions, you will need to perform a deeper dive into the attacker's GitHub account for any additional information that may have been altered or removed. You will then utilize the information to trace some of the attacker's cryptocurrency transactions. All right, so the question The first question we need to answer is what cryptocurrency does the attacker own a cryptocurrency wallet for? Okay, so we just got their Twitter information from their GitHub account. So now we need to go back to their GitHub account. Okay, then after we're in the GitHub account, now we're going to go to repositories, and I see several cryptos. I see Ethereum, I see Bitcoins. So I'm just going to for the heck of it just choose Ethereum first, only because it's the most prominent one that's on here. I'm going to go to mining script, then we'll go over here to history. And on the mining script, let's see what data was left behind on the comments here. So let's check this out. All right, and so there it is. Awesome. See this little string right here that I'm highlighting? This right here is where we're going to search to see if we can find their crypto wallet. And since this is an Ethereum wallet, I'm simply I mean, I'm not going to do anything fancy. I'm just going to go to Google, and I'm going to type in Ethereum wallet lookup. I'm just going to use this go with this top one right here, Etherscan. I'm going to copy and paste the address and hit search, and boom. Awesome, there it is. All right, so we can go back and answer question question one. They say, "What cryptocurrency do they have?" And we know the answer is Ethereum, so we're going to type that in for question one. Okay, got it. We got Yeah, we got that right. And next, all we're going to do is punch in that crypto wallet address. All right, booyah, good to go. We got that, too. All right, the next question is what mining pool did the attacker receive payments from on January 23rd January 23, 2021. All right, so I'm going to do right now is go back to that Etherscan site because we're pretty much in there now, so we can find out the transactions. We can find out that January 21st day that we need. So I'm just going to scroll down here. I'm going to see if I see if I can find anything. I'm going to hit view all transactions, and let's All right, let's see here. Let's let's keep checking. Let's scroll away. Getting a little bit closer, hopefully. All right, and we came across right here. We can see it right now, January 23rd, and the mine pool as we can see right here is called Ethermine. And you don't have to be some genius cuz it literally says mine in the name. Okay, so we're going to type that in right now, Ethermine. Good, we got it. It worked. Okay, and our next question. We knocked those out pretty quickly, those first one, two, three. Next question is, "What other cryptocurrency did the attacker exchange with using their cryptocurrency wallet?" Okay, so once again, we're just going to go back to that Etherscan site. All right, so right now we're looking for a token, so we're going to look through token transfers. And the only tokens we can see right now the token transfers are all on the right here, and let's see. We see token tether, so let's just go ahead and try that one. Good, it worked. We're in business. Okay, section four is now done, so let's move on to next. All right, and remember as I said earlier, you don't need to be a genius. I realize this looks a little confusing, but if you know basic information, if you can search social media, if you know a little bit about crypto wallets, you know, kids can do this. All right, so next where I'm at, it says, "Just as we thought, the cybercriminal's fully aware they were gathering information about them after their attack. They were even so brazen as to message the open-source intelligence Dojo on Twitter and taunt us for our efforts. The Twitter account which they used appears to use a different username than what we were previously tracking. [music] Maybe there is some additional information we can locate to get an idea of where they are headed to next." We've taken a screenshot of the message sent to us by the attacker. You can view it here on your browser. All right, let's view it right now. And all it says is, "Don't think I don't see what you're doing. You won't catch me, by the way. I'm already heading home or I'm already heading back home. Bye." All right, just looking at this here, just looking at this message, I don't think there's anything that's going to give us as much of data we need. So we need to go back. Okay, so in this section No, we didn't read the instructions. I got to read the instructions. We just read the background. So the instructions are, "Although many users share their username across different platforms, it isn't uncommon for users to also have alternate accounts that they keep entirely separate, such as for investigations, trolling, or just as a way to separate their personal public life. These alternative accounts might contain information not seen in other accounts and should also be investigated thoroughly. In order to answer the following questions, we have two questions we need to answer. You will need to view the screenshot of the message sent by the attacker to the open-source intelligent the OSINT Dojo account on Twitter and use it to locate additional information on the attacker's Twitter account. You will then need to follow leads from the Twitter account to the dark web and other platforms in order to discover additional information. So the two questions that we need to answer for this one is, "What is the attacker's current Twitter hand Twitter handle, and what is the BSSID for the attacker's home Wi-Fi?" All right, actually I think we already were there. So everything is I I have is XID account out for what we're doing earlier. All right, there it is, Sakuralover Aiko. Okay, check. Good deal, we're in business again. All right, now what is the BSSID for the attacker's home Wi-Fi? All right, so this is going to be tougher. This is going to be more difficult because we're trying to find the Wi-Fi information of where they are where their home is, where they're physically located. All right, so the next what we're going to do is because the Twitter account is really all we have, that's where we're going to go next. So we're going to check out the Twitter account. just go over everything. So we can see, you know, Sakuralover Aiko joined January 2021, one following, 191 followers, not followed by anyone I'm following. We can see the message of January 23, 2021. Go scroll through here some of this. Not too concerned about someone else finding them on the dark web. Anyone who wants to wants them will have to do a real deep search to find where I pasted them. Just go through that. So are they asking us to go on the dark web? Is that what they're trying to do? You see, "So close to home. Can't wait to find them and be back. [music] My final layover, time to relax." So yeah, just here. Okay, checking out some last-minute cherry blossoms before heading home. All right, you know what it looks to me? It looks like they're trying to get us to go on the dark net, which is a something a big no-no, something definitely that we're not going to do for a YouTube video like this. Well, let me keep digging around. Fun fact, by the way, in case you didn't know it, and this may seem obvious, is the majority not the majority, but a significant number of people on the dark web are actually law enforcement. So it's law enforcement trying to catch people doing illegal things on the dark web, which is why you don't want to be there. All right, I'm going to fast-forward a little bit of this cuz I don't want to bore you to death. So this is going to take me a much longer time, so I'm going to get to work, fast-forward, and hopefully get through this. All right, so long story short, I've been going through this, and I'm a little man of I'm a little man. I'm a man. Maybe some people think I'm a little man. I'm a man of little patience. This would have taken hours and hours and hours, so I took a shortcut. I went and got a clue, and that's because I'm exhausted, I'm tired, I have a newborn child, and I don't want to spend 10 million hours going on the dark web, which I don't want to do anyway. All right, going through all this stuff, we uh using the shortcut, we came across this basically a website, a text website where they put all their information. And yeah, they they laid it all out, which unfortunately some people do. Not that we're going to the dark web, but some people just like advertise to the world, and that's what this person did right here. All right, so now that we have the home Wi-Fi of this person, now we're just going to go to Google, and we're going to click here on the top here, which is Wigle, and hopefully this here is going to tell us the details we need about finding this guy's home Wi-Fi info. Okay, I'm going to type in DK1F-G. I'm going to hit search here. All right, good deal. I think we found it. Okay, we're going to copy and paste this. All right, awesome. It worked. All right, numbers one through five are done. We're on the final task, task number six called Homebound, and so I'll read these real quick to you. The background is, "Based on their tweets, it appears our cybercriminal is indeed heading home as they claim. Their Twitter account seems to have plenty of photos which should allow us to piece together their route back home. If we follow the trail of bread crumb bread crumbs they left behind, we should be able to track their movements from one location to the next all the way back to their final destination. Once we can identify their final stops, we can identify which law enforcement organization we should forward our findings to." Instruction: In OSINT, there's often times no smoking gun that points to a clear and definitive answer. Instead, an OSINT analyst must learn to synthesize multiple pieces of intelligence in order to make a conclusion of what I can't even speak today. Anyway, making a conclusion conclusion of what is likely, unlikely, or possible. By leveraging all data available, an analyst can make more informed decisions and perhaps even minimize the size of data gaps. In order to answer the following questions, use information collected from the attacker's Twitter account as well as information obtained from previous parts of the investigation to track the attacker back to the place they call home. So the questions we have in this one, then there's four of them. What airport is closest to the location the attacker shared a photo from prior to getting on their flight? Number two, what airport did the attacker have their last layover in? Number three, what lake can be seen in the map shared by the attacker as they were on their final flight home? And last, what city does the attacker likely consider home? Okay, four last questions, and we are hopefully getting this right and done. so I'm just going to first take the take the easiest route possible is I'm going to go back to that weird website that text website we found because I believe it shows where their home is on this site. All right, so just looking at from this here, looking at city names, the only thing I see is Hirosaki and Buffalo. So we will try those both. All right, [music] type it in Buffalo here. Okay, not Buffalo. All right, next we're going to type in Hirosaki. See if this one works. And golden, it works. Good. All right, so let's see exactly where Hirosaki is located, and it is a city in Japan, which it sounds like a city in Japan. Okay, so we know that much. All right, so we got three questions left, and it said to start with the Twitter account, so we'll go there. All right, so this has got plenty of clues for us, so I'm just going to scroll through here, and it looks like we got some type of map here. All right, I'm going to check it out. I've no idea how relevant this is actually going to be, but we'll still look at it. It doesn't look anything promising [music] so far. Okay, now I can see we got this first class lounge. It says Sakura Lounge, and of course we know the the handle name is Sakuralover. All right, let's take a look at this tree. I wonder if this this tree right here is a Sakura tree. So let's check that out. Okay, it is a Sakura tree, yes. And it's the same thing as a cherry blossom, which I used to go see in the DC area where I was born and raised. So okay, so he loves sakuras, so it looks like he's traveling around taking pictures of the sakuras. [music] And as I just mentioned, I'm from the DC area. As I'm looking at this picture, that looks like it could be the Washington Monument to me. Okay, so it's it says he's that's the last picture he's taken before heading home. Okay, so I know all the airports in the Washington DC area, so it's an advantage, so it's probably Washington Dulles, could be Reagan, could be BWI, Baltimore Washington International. So it's probably one of those three. I'm just going to Google it to make sure I'm not missing anything here because several of the ones I put in have not worked. I don't know what Reagan's airport code is, so we'll check that out. I mean, I know Washington's IAD, Baltimore's BWI. So it was the last one I checked. It was Reagan, it was DCA. It was not Washington Dulles, it was not BWI. Okay, next question is what airport did the attacker have their last layover in? We've only got two more questions and we're hopefully home free. Okay, so first class lounge they're in, and it looks like it's Japan Airlines based on the image literally says Japan Airlines. All right, so all signs are pointing that he is heading right back to Japan. All right, so I'm just going to Google like hubs of of like what I can see of Japan Airlines and I come up with two, Haneda Airports. I'm just going to try Haneda Airport because it's the first one. Okay, it is HND. All right, that that one was the luckiest fastest one yet. So yes, it is HND. I got it. It worked. We're golden. All right, so the final question is what lake can you see from the attacker on their final flight looking at the map? Like what lake are they? So this is the final question we have and we're done. We're wrapping up this show. Okay, so we see this lake looking at his X account. We got this lake in the middle of this land mass. First, I'm just going to simply Google map of Japan. I'm going to just Google Maps. I'm going to zoom in, see what it looks like, check them out. All right, so I see this land mass and it looks pretty darn similar to the same one that was on their X account picture. And it's Lake Inawashiro. Yeah, let me see, Lake Inawashiro in Fukushima, Japan, if I'm pronouncing that right. And I believe this is the correct lake. I'm 99% sure. I'm confident this is what it is. We'll find out. Let's pop it in here and see. All right, awesome. It worked. Oh man, it even congratulates me. It says, "Great work, Jason Hanson. Room completed. My skills are skyrocketing. My self-defense is sky self-defense. My self-confidence is skyrocketing." So we did it. We uh we completed our mission. So again, I realize that might have looked complicated, but when you think about it, I didn't use any super ninja code, uh nothing like any cyber attacker genius would have to have. Uh I just used some skills and go through TryHackMe and was able to complete it. So what I used for this was simply I used Google, I used X, I used some like crypto tools at either scandal lookup, but nothing like over the top crazy. I didn't have to go to the dark web or do any of that. This is opsec failure 101. Opsec means operational security, so protecting information about yourself. And this hacker just handed me the keys to the front door without even knowing it. So as a former CI officer, we would call this a gift. You never leave identifying information in your files ever. Step two, username enumeration. Now that I have a username, I can start building a profile. So one identifier opens the door to pretty much everything else. That is one of the first things you learn in intelligence work. So this is exactly how you build a target profile as an intelligence officer. You find one piece of information and you just keep going down and pulling that thread. So every platform they use is another data point for us, another piece of the puzzle. Step three, digital breadcrumbs. And most people see GitHub just as some simple clo- coding platform. You know, somebody investigating sees this as a goldmine. So digital breadcomes crumbs are everywhere. Attackers and targets rarely cover all their tracks because they don't think like an analyst. They're not asking themselves, "What does every piece of data I post online reveal about me?" And we cross ref cross-reference the email against their Twitter and LinkedIn, and now we have their real name. So from one simple SVG file, we now have a username, an email address, a real name, and multiple social media profiles. This is a complete intelligence profile, and we're not even halfway done through this challenge. Step number four, follow the money. So here's a rule that applies whether you're tracking terrorists or hackers or whatever, follow the money. As a good FBI friend of mine and I were recently talking about, follow the money. He's a CPA. Even in cryptocurrency, there are trails. So most people think crypto is completely anonymous, but it is not. Every transaction is recorded on a public blockchain. And if you connect a wallet address to an identity, which as you saw we just did, you can trace every single transaction they've ever made. In a real intelligence operation, this level of financial intelligence could take a take a lot long time to develop. So just, you know, through traditional means, it's going to take a long time, but we did it in minutes using the public publicly available information. Step number five, geolocation. So now I'm going to show you something that surprises a lot of people. The hacker posted a photo on Twitter, just some simple casual travel photo. They had no idea what they were giving away. I'm going to run this through a reverse image search and cross cross-reference it with Google Maps and Google Earth, and they posted a map screenshot showing a lake and some landmarks near their home. I'm going to feed all of this info into a geolocation analysis, basically what is called an intelligence mosaic, and each piece alone means very little, but together they can reveal everything. So from one image file, we now have their name, email, crypto history, travel platforms or travel patterns, and home location. So challenge complete. Now, let me tell you why this is cool, why this impresses me, what TryHackMe has built here. The challenge I just walked you through, those are real techniques, the same methods intelligence professionals and investigators use every single day in cybersecurity investigations and national security work, and TryHackMe teaches all of it hands-on in your browser right now. So this is learning by doing, not reading a textbook, not watching a lecture. You are actually hacking real machines and solving real investigations in real time, and this is how intelligence analysts, this is how intelligence investigators, private investigators, they are trained this way. You learn by doing the work. So here is what makes it different from everything else out there. You don't have to a bunch of his expensive equipment. You don't have to have some crazy complicated setup. You open a browser and you start. So I started this challenge, you know, just a few minutes ago with zero setup time. So they have an AI tutor called Echo that gives you guidance when you get stuck, and you can talk to this AI tutor 24 hours a day, 7 days a week. It's like having some senior analysts on call whenever you need them. And, you know, intelligence trainees like you have this when back in the day, people didn't have this. So over 6 million users worldwide are learning these skills right now. Cybersecurity, OSINT, digital forensic, ethical hacking. So they are not just learning interesting skills, they're in some of the most in-demand skills in the job market at the moment. Obviously, the cybersecurity talent shortage is real and it's massive, and there are structured learning paths that take you from complete beginner, which is what many people are, all the way to advanced analyst. So you got clear progression like a real [music] training program. If you want to try the exact challenge that I just attempted, the link to the sakura room is in the description. It is completely free to start. And if you want full access to everything that TryHackMe offers, use code Jason CIA25 at checkout. I'll say that again, JasonCIA25 at checkout for 25% off an annual premium plan. You have unlimited rooms, faster machines, advanced courses, and complete learning paths. Link in the description, code JasonCIA25. So listen, most people watch videos like this and think that, you know, investigation is only possible for government agencies or some cyber whiz kid who's a genius, and you've got to have massive budgets and a secret database. It is not. Everything I just did, I did with publicly available information and free tools, the same tools TryHackMe teaches you to use. The hacker in that challenge made some mistakes like most do, small mistakes, leaving a username in a file, posting a casual travel photo, sharing a map screenshot. Each alone is harmless, but together they gave me everything I needed. So that can work both ways. Understanding how investigators track people down is also how you can protect yourself from being tracked. So these skills matter in today's day and age, whether you want a career in cybersecurity, whether you want to protect your own privacy, or just you want to see what people are calling this quote-unquote viral CIA test yourself. So link in the description, code JasonCIA25 for 25% off. I will see you in the next challenge.