TryHackMe Writeup – SoMeSINT

By / OSINT, TryHackme, Walkthrough / Leave a Comment /

Welcome, everyone, to another exciting TryHackMe’s OSINT investigation! Today I’m role-playing as Aleks Juulut, a seasoned private investigator, who is new to OSINT and will apply his skills to unravel the truth.

I’m thrilled to guide you through the room that we’ll be solving which is TryHackMe – SoMeSINT.

TASK – 2 : STORY

Background Information:

You are Aleks Juulut, a private eye based out of Greenland. You don’t usually work digitally, but have recently discovered OSINT techniques to make that aspect of your job much easier. You were recently hired by a mysterious person under the moniker “H” to investigate a suspected cheater, named Thomas Straussman. 

After a brief phone-call with his wife, Francesca Hodgerint, you’ve learned that he’s been acting suspicious lately, but she isn’t sure exactly what he could be doing wrong. She wants you to investigate him and report back anything you find. 

Unfortunately, you’re out of the country on a family emergency and cannot get back to Greenland to meet the deadline of the investigation, so you’re going to have to do all of it digitally. Good luck!

Okay so we have some information to start with and as you can see we go by the name of Aleks Juulut who is a private investigator and has recently started using OSINT techniques as part of his investigation methodologies.

Now let’s talk details of the case and what do we know till now :

  • Have to investigate a person called Thomas Straussman
  • Hired by a mysterious person that under the moniker “H”
  • Wife of Thomas, Francesca Hodgerint feels something is off about her husband and wants us to investigate further.

Now let’s look at the questions presented to us.

First question asks us whether we know who hired us, well we are yet to reveal the real identity of that person but yes we do know an alias for that person.

Next question is about the name of the person we are investigating, well that is quite obvious!!!

TASK – 3 : LET’S GET STARTED!!

Background Information:

How exciting! Through talking to people who know Thomas, you’ve found out that he has a very guessable online handle: tstraussman. With this handle, we can find his social media accounts, and start off this room.

I see we have some additional information about our target. We got an username for their social media accounts and this will make our task very easy (it already is)

The first thing that I would do after getting a username is to take aid from Sherlock to figure out on what social media platform this username is used.

As mentioned in the disclaimer of this challenge, the accounts are only going to be on Reddit & Twitter, so we will just interact with them only and leave others as it is.

Next thing to do is to check out the Reddit account for more information. There is only one post from our target on his Reddit and it is about him celebrating his 30th Birthday.

It also has some comments below this post which really doesn’t seem relevant but for now let’s also check his twitter account.

Okay so now that we have his twitter account, we might be able to get our hands on some more relevant and personal information.

Some of the things that I noticed instantly are :

  • Only 6 posts
  • We got a photo of Thomas
  • Thomas follows only 8 people
  • Has a Buddha image in banner
  • Has a buddha quote in his bio, along with a bit of liking towards of X-mas

Now let’s see if we are able to answer the questions with this information or do we need to dig a little deeper.

First question asks about Thomas’s favourite holiday and I believe we have the answer for that from his bio.

Moving on, next is about his birth-date. This can be found from Reddit as there is a post about his birthday. We need to figure out the date when he posted it and that is going to be his birth-date.

Third question asks us about the twitter handle of his fiancee/wife which can be found in the following list on Thomas’s twitter handle.

Last one is about the background picture on his twitter profile, which is very obvious.

TASK – 4 : Spider… what?

For this we need to first install a CLI tool called SpiderFoot and then we need to load it, by running it on the terminal and then visiting the localhost address.

We’ve to put the username in the Scan Target field and click on start running.

When the scan is finished we get to see the results.

Now the next question is about the source module which can be found by going through the Browse tab.

Also it is going to list the link to visit the shadowban API, upon which we can look for the value of search.

TASK – 5 : Connections, connections..

Background Information:

There are a few key types of information that we want to find from socials:

  • Images of places that contain clear identifiers like buildings, signs, monuments, or landmarks (For IMINT/GEOMINT purposes).
  • Clear images of the subject’s face (For reverse image searches and possibly finding more accounts/sources of info).
  • Clear images of the subject in a group of people (Family photos, friend groups, other information that can give context to their relationship with the group).
  • Personal information in their bio, or other personal data from their profile itself (Where they grew up, currently live, went to school, etc..).
  • Relevant posts that may contain information on their whereabouts or personal habits (Do they smoke? Drink? Go to bars often? Love to vacation to specific places? All this information can help in an investigation.)

The information mentioned in above pointers can be found and explored by going through the social media accounts of our target and his associates.

For images of places, we have a few of them gathered from twitter account of Francesca

In the 2nd point we are supposed to have images of their faces which can be gathered from their profile pictures




Now let’s take a look at the questions and try to answer them.

First one is about where Thomas and his wife took the vacation, which can be found by looking at one of the tweets made by Francesca.

In the next one we need to find the birth-date of Francesca’s mother which can be again figured out by looking at one of the tweets made in that regard.

In the third one we need to find the name of Francesca’s cat, which is mentioned in one of the tweets posted by Francesca.

For the last one we have to find what show Francesca likes to watch, and it can be answered by looking at the last tweet that Francesca reposted.

TASK – 6 : Turn back the clock!!

Apparently in this task we are going to work with Wayback Machine which is a website that has the internet archived by taking snapshots of it in different intervals of time.

Now upon visiting the birthday post on Reddit again and sending it to the Wayback Machine to see different snapshots of it, we will come across an instant where there is a message posted by one of Thomas’ colleagues.

Although I got the first name of the colleague from the post itself, weirdly enough I’m not able to see the username of either of the people in the posts.

So the only thing left for me to do at this point was to right click and go to the inspect page. And after that I need to find any mention of the colleague’s name other than in the comment.

Which brought me to this……

There you go, we have his full name and with that we can look for his account on Reddit which can provide us more information.

Found the account ( ˶ˆᗜˆ˵ )

Now we’ll have a go through of this account and see if we can find anything of relevance.

Upon visiting his posts and comments, one thing that stuck out for me was that Hans was thanking Thomas because he got a new job and apparently Thomas helped him in it. The weird part is that there is no reply from Thomas’s end for congratulation or celebration.

Looked here and there but couldn’t find anything else so went back to read the description again and then I thought of trying to visit his account from old.reddit.com & see what I can find.

This is what his account looks like in the previous version, which is quite similar to the current one.

Now let’s try Wayback Machine on this page and see what we can find.

There are multiple snapshots taken throughout the course of 3 years (from 2021 to 2023) and there are a total of 4 snapshots in 2021 itself.

  • 4th Jan
  • 10th Feb
  • 23rd March
  • 27th March

I went on to check all of them and I found out a link to pastebin on 10th Feb.

I went on to check what is pasted in this link but that paste was removed by the owner.

I found another link but this time it was a Ghostbin link posted on 23rd March which was an email for Thomas where Hans was blackmailing him that he would reveal his secret of having a mistress unless Thomas pays him money.

We have a few things to note here :

  • Link: https://ghostbin.com/paste/JENxv/
  • Password: 1qaz2wsx
  • The last line contains the word “H” signifying that Hans is “H”, and H is the one who hired us. This means that Hans hired us to investigate Thomas and unravel the secret of him having a mistress.

Now we need to visit the link provided to us in this email and then we can gather more info about this case.

Upon putting it into the URL and adding the password after it we can finally see the actual email which was written by Thomas to his mistress.

The email content tells us that there were some arguments going on between Thomas and his mistress about helping some Nigerian prince with $9000 and Thomas eventually agrees to give it to her.

As we wrap up our journey through this OSINT investigation, I hope you’ve found it as intriguing as I have. We’ve unravelled the digital puzzle surrounding Thomas Straussman and pieced together a clearer picture of his actions. It’s been a rewarding experience.

Remember, the world of Open-Source Intelligence is an ever-evolving landscape, with countless opportunities for exploration and discovery. Keep nurturing your skills, and never stop seeking knowledge in the realm of cybersecurity and online investigation.

I appreciate your company on this investigative journey, and until our next pursuit, stay curious, stay vigilant, and continue embracing the fascinating world of OSINT.

If you’re as passionate about OSINT and cyber-security as I am, feel free to follow me on Twitter – @ANShrivastava03 for the latest updates and connect with me on LinkedIn – Aditya Narayan to stay in the loop with my posts and insights in the world of digital sleuthing. Let’s continue this fascinating journey together!

Related Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top