OSINT Walkthrough: Bellingcat #1


Everything you need is already out there, you just need to know where to look.
I have always been pretty excited about learning new skill sets, and OSINT has always been one of them. Along with solving malware samples and RE challenges, I wanted to understand the intelligence genre of cybersecurity. So let’s start learning together.
We are going to choose the Bellingcat challenges. The challenges are pretty cool and fun to solve. Again, our goal will be to solve them in the simplest way possible. Nothing is rocket science; all you need is some patience and consistency. If I can do it, so can you.
Let’s get started :)
This is the link to the challenge: https://challenge.bellingcat.com/
Let’s start with the challenge below.
Let’s open this challenge and understand what it wants us to look for.
Let’s break down the challenge. If you read the entire information given about the challenge, here are the key points to consider:
The image is a screenshot from a newspaper article.
The year is 2013, which matters to us.
Footage of this interview is available on YouTube.
We need to find the code present at the end of the link. So let’s analyze the image first to see what information we can extract from it.
I open the image in a new tab (you need to right-click to see the option), and then right-click again to search with Google Lens, as shown below:
We can see useful results on the right-hand side below:
This website appears to have an image that resembles the one on this site. However, we’ll go through a few more things before diving into the highlighted website for now.
The results may vary for you, you might not see this result (I wasn’t getting it earlier either), which is why I’ll show you the raw approach.
In the image, we can also spot some text mentioned.
We’ll use Google Lens to look up the highlighted text and gather more information about it.
I wanted to understand which language it is, as this could be a good hint for us.
Here, we can see that the detected language is Croatian. So, we need to narrow our search to this language and also focus on Eliot Higgins. The year is another important factor to consider.
I’ll use the following Google Dork:
"eliot higgins" site:.hr 2013
"eliot higgins" : Searches for exact mentions of Eliot Higgins.
site:.hr : Limits results to Croatian domains (e.g., news outlets, blogs, etc.).
2013 : The year to which the challenge has been referring.
We found the exact image (we had also come across it during our Google Lens search, but this confirms it).
We’re not done yet. Let’s open the first link and see what information we can find, as we need to identify the YouTube video footage.
Let’s translate it into English. We need to find the YouTube link, so we’ll look for the author. As you can see below, we’ve found the author.
Therefore, it is most likely that this author interviewed him. We can try our luck and check on YouTube. We’ll search for both names on YouTube, as shown below.
And we find the same image in the first YouTube video.
Opening the video, we look for the footage and find it.
I’ve also highlighted the code we need to add to complete the challenge.
And we have successfully solved the challenge!
I hope this walkthrough was useful. Let’s keep learning together and solve more challenges, they’re a great way to upgrade our skills.
Thank you to Sofia Santos and the Bellingcat team for creating such wonderful challenges.
I’ll be back soon with more walkthroughs :)
Subscribe to my newsletter
Read articles from Shrutirupa Banerjiee directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by
Shrutirupa Banerjiee
Shrutirupa Banerjiee
👩💻 Security Research Lead @ QuickHeal | 🧠 Full-time Philomath, Part-time Human 🔐 I break stuff (ethically), solve CTFs for fun. 🎤 If there's a mic and malware involved, I'm probably giving a talk. 📚 Always learning something new or pretending to until it makes sense. ✍️ Writing because I’ve got too many thoughts and not enough conference slots. 👀 Welcome to my window – peek in, stay curious, and let's learn together (or fail gloriously trying). 📺 Also on YouTube: CryptoW@re – because why reverse malware quietly when you can do it on camera?