scratching tiger,
hidden keeper

I think RGBAttack, or Relationship Graph Based Attack, is the most creative solution I've had in recent memory. It originally came about when a New York friend of mine was opening a tattoo shop named CatScratch Studio. She wanted the Instagram username @catscratch, but sadly, this account appeared inactive or abandoned, with no signs of life since 2011.

We had a problem: a desirable handle tied to an account with no visible contact info. What were we to do?

To understand the situation better, let me digress a bit. By the time my friend contacted me, I had already discovered that the popular facial recognition search engine PimEyes was leaking premium search result data through the URL parameters of its free-tier search results (I love base64). PimEyes describes its service as “an online face search engine that goes through the Internet to find pictures containing given faces.”

After attempting responsible disclosure to PimEyes for months with no response, I published the poor data obfuscation here: Pimeyes-Free-POC on GitHub. (Note: This has since been patched.)

Unfortunately, this alone wasn’t enough. Although the account contained a few pictures of people, they didn’t return results on PimEyes. Still, some of the old users that had interacted with the account were findable. That led us to other anonymous, abandoned accounts, such as on Tumblr.

The problem now became finding the identities of people in pictures with those contacts—i.e., their second-degree connections. As you can imagine, this quickly turned into a graph traversal problem.

Even with a custom client to better leverage PimEyes' API, the complexity became overwhelming. Manually researching friends-of-friends-of-friends was tedious and unreliable—especially when any link in the chain might be a dead end.

So I built a system to manage the search for me.

That became RGBAttack, or Relationship Graph Based Attack. The full code is available here: facefinder-public on GitHub. You can also preview the interface and outputs on my website at bdayatk.com under Projects → RGBAttack.

RGBAttack supports recursive facial recognition search using an OpenCV model, image metadata extraction, and relationship graph notes. It even allows you to export the data as an Excel .xlsx file for offline analysis.

Using it, we found someone who could connect us to the original owner of @catscratch via an old Facebook account. Sadly, they no longer had access to it—and didn’t want to go through Instagram support to recover it. Fair enough. That’s human.

RGBAttack began as a fun side project with a specific goal, but it became a demonstration of how creative thinking, tooling, and persistence can uncover non-obvious connections. While the @catscratch handle remains elusive, the journey proved that systems thinking and automation can turn an impossible task into a solvable challenge.

That’s the mindset I bring to every domain I work on—whether that’s security, health tech, or beyond. If nothing else, I hope this leaves you thinking about dead ends. With enough creativity and structure, even dead ends can lead somewhere interesting.

And who knows? Catscratch might just be one of them.