4 hours 29 minutes 55 seconds
🇬🇧 English
Speaker 1
00:08
Hello everyone and welcome to this 4 and a half hour edition of open source intelligence or OSINT fundamentals. My name is Heath Adams and I'm going to be your instructor for this course. A really quick who am I? I'm a husband, hacker, teacher, gamer, sports fan, and owner of way too many animals.
Speaker 1
00:28
I'm the business owner and CEO at TCM Security. We are a cybersecurity consulting firm and educational resource. So we do anything from cybersecurity consulting, risk assessments, and ethical hacking. Really, companies pay us to attempt to break into their networks or attempt to break into their devices or buildings, you name it, we'll try to break into it.
Speaker 1
00:53
On the other side of that, we educate users on how to become ethical hackers and a lot of the different things that we do in this industry. We've taught over 200, 000 students at this point and the number seems to be growing every day. If you're interested in following me on social media, here are the links. I'm very approachable.
Speaker 1
01:11
You can come check me out on LinkedIn or Twitter, Twitch, or even here on YouTube. We have a ton of great ethical hacking and cybersecurity content so please do hit that like button, subscribe, comment down below. We have full courses similar to what you're watching here today on ethical hacking and other related materials so please do give those a look as well. If you're interested in learning more about TCM security, we have the business side which is tcm-sec.com, the educational side which is the academy, and the certification side is the certifications.
Speaker 1
01:45
And now on to the course curriculum. So this is going to be the first 4 and a half hours of a nine-hour course called Open Source Intelligence Fundamentals. Looking at the curriculum, we're going to cover what is open source intelligence. We'll talk briefly about note-keeping and we'll talk about the creation of sock puppets.
Speaker 1
02:06
And then we'll start getting into some of the fun stuff. We're going to talk about all different types of open source intelligence and how we can gather information through various methods. So we'll look at search engine OSINT and see what kind of information we can gather through search engines. And then we'll look at image OSINT and talk about reverse image searching and looking at EXIF data and identifying physical locations based on an image, which is really fun to do.
Speaker 1
02:32
We'll talk about email OSINT and how we can identify email addresses based on certain factors. We'll look at password OSINT and talk about breach databases. We're gonna look at username OSINT and how we can tie a username from 1 location to perhaps another location or another website or resource and what tools are available for us to do that. We'll talk about people OSINT, how can we search for people?
Speaker 1
02:58
How can we look for phone numbers and birthdates and resumes and voter records. And then lastly, we'll talk about looking through social media. So we're going to talk about different types of social media that are out there. Twitter, Facebook, Instagram, et cetera, et cetera.
Speaker 1
03:13
That is where the course is going to stop. Now the second half of the course does cover website OSINT, business OSINT, wireless OSINT, and then we build out a lab. So we actually use Linux and we'll go into a lab and we start working with tools to do a lot of this process and automate a lot of the process that you've seen before. And then we'll build out actual scripting and automation to automate even more of the process.
Speaker 1
03:37
We'll talk about different OSINT frameworks. We'll talk about report writing. We'll have a course challenge where you are challenged to identify different various items through open source intelligence. And then we'll even provide more resources after that.
Speaker 1
03:52
Now this is the only point during this whole video I'm going to try to sell you on anything. The first 4 and a half hours of this course is free. If you're interested in paying for the full course and getting the second 4 and a half hours, you're welcome to do so. The price of this course is $29.99.
Speaker 1
04:09
I will link in the description a link to the Academy again. And just a little bit else about us is we do have tons of other courses. We have courses on ethical hacking, escalation, pen testing, Python 101, we've got Linux 101 courses for people who are more beginner, courses on phishing and malware analysis and mobile application penetration testing. And we're adding new content monthly.
Speaker 1
04:37
So we have new courses all the time. Our courses are highly rated. Our authors are well vetted and we provide high quality content for no more than $30 a course, Or if you're interested, we also offer courses at a discount through bundling, and we offer courses through an all access pass where you can access all of our courses for $30 a month. So With that being said, that's the only time I'm going to pitch you throughout this entire video.
Speaker 1
05:04
We're going to go ahead and move on now to the open source intelligence fundamentals course.
Speaker 2
05:15
So before we start learning about OSINT, I must make an important disclaimer. This course is going to teach you some incredibly powerful techniques on finding information on individuals, on organizations, and just as a whole. This information that you gather and these techniques that you gather should be used from an ethical standpoint.
Speaker 2
05:42
At no point should you be researching anybody with malicious intent or be using this information for any other reason than you have been told or have a contract to do so. So unless you are a part of an investigation or in part of a client that has told you I want you to research us or a person in particular, this information that you learn should only be used against yourself for the time being. With that being said, I want to make sure that you understand again, this is a fundamentals course. This is something that is going to teach you I would say 70 to 80 percent of the techniques that can be used.
Speaker 2
06:23
You can absolutely go more thorough. You can absolutely take this deeper, build out your own tools and take a lot of techniques and apply them in other places. This is a methodology based course. I'm going to again, teach you the methods.
Speaker 2
06:38
And that's what I want you to take away from this. Make sure you're understanding that the methods here are what's important. The tools come and go. Websites go away all the time.
Speaker 2
06:47
Tools break. They just don't work anymore. The methods do not change significantly. Okay, so make sure you understand that.
Speaker 2
06:55
Make sure that you're using this in ethical matter. This is very, very dangerous. Potentially that you can use this can be weaponized. This is something that the good guys use and the bad guys use.
Speaker 2
07:07
And I'm putting this course out there for the good guys. So make sure that you are using this ethically, make sure you're understanding the methodologies you go through this and make sure that you're not only respecting your own privacy but the privacy of other individuals. So with that being said, I'm really ready to start into the course. I'm excited.
Speaker 2
07:27
Let's go ahead and get this done. We're going to go ahead and start talking about what is OSINT in the next video. I'll see you over there. Welcome to the first real video in this course.
Speaker 2
07:43
And it's just going to be a brief, brief introduction. We've already talked about this in the course introduction, but I do want to add in an intelligence lifecycle into the conversation so that you understand what this is. So again, what is OSINT? OSINT is open source intelligence.
Speaker 2
08:01
So we're going to be using a multitude of methodologies in this course, in order to gather information on people on businesses and other items that is all publicly available. This is all public information. Okay, so this is open source to us. So with that being said, I've already talked about this, I really want to talk about the intelligence lifecycle just for a minute.
Speaker 2
08:25
So when we talk about the intelligence lifecycle, there are 5 parts to the intelligence lifecycle. Now there's planning and direction. So those are your who, what, when, where, why type deal. So let's say that somebody has instructed you to gather information.
Speaker 2
08:42
Maybe you have signed a client and the client says, I want you to gather as much information about us that you can. And you say, okay, we'll do that. So then you start doing your planning. Who are we gonna target?
Speaker 2
08:55
What are we gonna target? Why are we gonna target them? When are we gonna do it? These are all identified in the planning and direction phase.
Speaker 2
09:02
Once you have identified and your target, you've done your planning, you're ready to move on, then you go into the collection phase. And majority of this course is about collection. That is the methodology that we're going to be doing. How do we gather image information?
Speaker 2
09:20
Or how do we gather data from an image? What can we tell about the image? How do we gather the image itself? How do we gather names from an organization or people that work at an organization?
Speaker 2
09:31
Or how do we gather information about people? This is all collection. So the majority of our time in this course is going to be spent in the collection phase of the intelligence lifecycle. From there, we're gonna move on to processing and exploitation.
Speaker 2
09:45
We're not gonna do any exploitation or really any processing. Processing is about taking the data that you've gathered and starting to interpret it. You're starting to process the data, okay? That moves into analysis and production, which is similar in the sense that you're analyzing the data and you're putting it into, I guess, an intellectual form.
Speaker 2
10:10
You're starting to take all the data points that you've gathered and you process and you're saying, hey, this data point ties to this data point that ties to this data point. And this is why. Okay. And then you.
Speaker 2
10:22
Produce a report. You produce some sort of document, you provide that, and you put that into the last phase, which is dissemination. And you present that to your client or your customer, whoever it may be, that requested the information and you make sure that they can understand it. So from the get go, this is a never ending life cycle.
Speaker 2
10:43
Okay. And this doesn't have to be done in a specific order, you can start doing your planning, right. And then when you get into the collection phase, you might realize, okay, I'm starting to gather some data, but I don't know how to what to do with it, go back to planning and add more stuff in, right, Do more planning, go back to collection. Or you can be processing the data and analyzing the data as you're collecting it.
Speaker 2
11:06
And then going back and collecting more data to provide more evidence for what you're collecting. So this lifecycle is always ongoing. I just want you to understand that this lifecycle exists. This is 1 of the core things I think that are taught in most intelligence type courses.
Speaker 2
11:22
And we're briefly going over it. I feel like you could do an entire
Speaker 1
11:25
course on this, I just want you to understand that this lifecycle exists. This is 1 of the core things I think that are taught in most intelligence type courses. And we're briefly going over it, I feel like you
Speaker 2
11:26
could do an entire course on this, I just want you to understand that in this course, we are primarily going to be on the collection phase, we're going to do a challenge that gathers some information, and we'll analyze some of the information. And then we will put that into a report and understand what a report looks like. But we're not going through the full lifecycle in the in a true sense, we're going to work work more on collection phases.
Speaker 2
11:50
But I want you to be aware that the lifecycle exists, and that it's super important for the intelligence field. So that being said, we're going to go ahead now and move on to the note taking part of our course. Before we can start diving into the meat of this course, I want to make sure we talk about taking effective notes. There are a lot of different note keeping tools that are out there.
Speaker 2
12:18
And I kind of want to show you some of the favorites that I have show you a little bit about how I take notes and just give you an idea of how you should be working through this course and taking notes and even with your OSINT. And when you're doing OSINT on somebody else, how you should be taking those notes as well. So the first thing I wanna point out is I'm gonna show you my notebooks and then we'll kind of get into tools. So here's 1 notebook that I've used.
Speaker 2
12:42
If you've ever taken a course with me, you've probably seen me point this out and this is called Keep Note. Now Keep Note is quite old. I think it's 7 or 8 years old since the last time it's been updated. So there is a little bit of dating to this, but it's still very effective.
Speaker 2
12:57
I like using it, and it's just very, very simple. So you can see here, at 1 point I was studying, and I have group notes in here for different things, but I was studying for CyberArk and I was studying for Thykotic, which are different privilege access management tools, and I was taking notes on these. So I was watching some videos and there were different things for these different potential exams or courses that I was doing for cyber art. And they had different sections.
Speaker 2
13:23
So what I like to do is like to come in here and say, Okay, here's this exam I'm taking. So you could see a CSP and then they have different subtopics. And in those subtopics, you can have, see, I just numbered them 123, whatever, but you can also come in here and just create a node. So say there's a subtopic of a subtopic.
Speaker 2
13:40
You can also come in here and just create a new child page and have a subtopic here, And you can just say something like subtopic, right? And this is great. So what I come in here and say is I'll take maybe screenshots of something that was interesting, like a slide. I might put some notes in here for myself.
Speaker 2
13:58
And I'm not gonna come in here and tell you exactly how to take notes. I'm coming in here and telling you how I take notes and giving you ideas. If there's something that works better for you, if you're not visual, I'm very visual. So I like to see, instead of typing this all out, I like to see kind of a picture of everything.
Speaker 2
14:15
So you'll see me take a lot of screenshots and pictures of different tools, and then put them into my notes, because that's how I remember things, unless it's something that specifically, I want to copy and paste. And I'll kind of show you that as well. But it's good to have good notes, organized, easy to click on. If I want to know something about DevOps, I just come in here and click on it and read more about the CyberArk DevOps.
Speaker 2
14:36
Now this is KeepNote. KeepNote is fantastic. But I understand people don't wanna use an outdated tool or they're not on Windows or something else. So, oops, I just pulled it up and then clicked off of it.
Speaker 2
14:48
So maybe you wanna use something different. This tool is called Notion. Now, Notion is a little bit different from a note-taking perspective, but you could still resolve the same thing. There's a lot of nice templates here where you can actually have it.
Speaker 2
15:01
You see, I have a workspace. You can have this in the cloud. You could share links out. You can say, Hey, I want to share my notes with somebody.
Speaker 2
15:08
You can have that out there, or you can make these private. It's very, very flexible, but you'll see that I do similarly the same thing. Like here's web app stuff. These are just my notes, but you can see I have some notes on GraphQL.
Speaker 2
15:22
I want to see more about GraphQL. Here's when I was studying GraphQL. I came through here and again, I'm very visual. So I was taking pictures, right?
Speaker 2
15:29
And this just helps me. I can go through. It's almost like a slideshow. And then I take some notes here if I need it.
Speaker 2
15:35
If I'm looking at cross-site scripting, maybe I come in here, and I have different things I wanna look at, like here's more within cross-site scripting, stealing cookies. Okay, now here, I've got actual code put in here. And I could just come copy this code if I want to. And these are different ideas about stealing cookies that I've written in my notes.
Speaker 2
15:54
I take pictures, et cetera. So there's different ways here to do this, right? Now, before we get into the note-taking tools, I also want to go back and I wanna show you 1 other part that I think is very important. So let's go to the subtopic.
Speaker 2
16:08
Let's say you're typing some stuff, typing some stuff, right? You got notes and you wanna take a picture, a screenshot of something. I use a tool called GreenShot. Now, GreenShot looks like this.
Speaker 2
16:19
You can take a print screen. You can see that this comes up now on the screen. And if I want to like copy something like this and this copy, actually that was terrible. Let's copy like the side of the notebook here.
Speaker 2
16:32
I wanna copy the side of the notebook. I can hit copy. I can open an image editor. Let me show you the image editor.
Speaker 2
16:39
You can bring it here. And there's some nice things. Like I use this to this day when I'm doing assessments or any sort of just nice picture taking, you can come in here, you can add a border, you can invert this if you want to, or re-invert it there, have your border, right? You can highlight different areas, like say I wanna point something out specifically, this is very nice.
Speaker 2
17:00
If I wanna obfuscate some data, I can come in here and say, Oh, that's very sensitive. Let's go ahead and obfuscate that. So there's a lot of flexibility in the tool. I'm not going to walk you through every single thing.
Speaker 2
17:09
I'm just saying that there's a lot of flexibility and ease of use here that is great for note taking. Then you can save the file or you could just say copy. So say I want to just copy the image. Now I can take it back and put it in my notebook.
Speaker 2
17:21
And there it is. I just paste it in my notebook. Super easy stuff. So you're able to snip exactly what you want.
Speaker 2
17:26
There's editing that you can do. You can take full screen pictures, all kinds of stuff just with this tool. Okay, so fantastic tool. Now let's get onto the tools here.
Speaker 2
17:38
I've highlighted a few and I've highlighted Keep Note. So keepnote.org, you can come here, you can download it. It does work on Windows, Linux and Mac OS. If you want to use that, absolutely fine.
Speaker 2
17:51
Other options, cherry tree, very great. Cherry tree is kind of like the updated keep note, you can see it's very similar. Let me make this a little bit bigger here. You can see that it's very similar on the side here where you have kind of that parent node, the child node, extra children underneath, whatever the verbiage is for that.
Speaker 2
18:08
But this is exactly what it looks like. So you can come in here and type all your stuff. I think it's great. There's different themes and stuff that you can organize here as well.
Speaker 2
18:17
If you don't like the dark theme or the light theme, however you want to take it. OneNote of course is great. You can store out in the cloud. Fantastic.
Speaker 2
18:24
If you use Microsoft OneNote, I think it's awesome. Notion is the 1 I was showing you, notion.so, same deal. I think this is fantastic. Being able to publish your notes in the cloud.
Speaker 2
18:34
Great idea. Uh, Joplin is another 1. I hear very good things. I've never used this, but here are very good things about Joplin.
Speaker 2
18:41
So again, just expanding the horizons. If you use 1 of these great, If you're not into note-taking, get into note-taking. I'm gonna provide you a bunch of options. If you look below this video, you will see the references.
Speaker 2
18:53
The references will have all of these there. You can pick 1. You could pick all of them if you want. Play with them, see which 1 works best for you.
Speaker 2
19:00
Now, GreenShot. GreenShot, I believe, is for Windows only. So yeah, it's Windows PC. If you do not have a Windows PC, then there is a tool called Flameshot.
Speaker 2
19:10
Flameshot you can use on Linux, okay? And I believe it works on Mac as well. You can see the different options it has, like where you can click and just grab screenshot here. It's showing you right here about all the different things that you can do.
Speaker 2
19:23
Same thing as green shot, flexible, easy to use. Very, very awesome when it comes to note taking. So that's really it. I just wanted to kind of walk you through these things.
Speaker 2
19:33
Again, I will provide the links and the references below, but if you aren't taking notes, take notes now. There's gonna be a lot of information that I'm gonna provide to you, and it's gonna seem potentially overwhelming. There's a lot of websites, a lot of methodology, et cetera. You're going to want to have a good, concise notebook when it's all said and done.
Speaker 2
19:53
So that's my spiel. Hopefully you listen. I can't force you to take notes, but I strongly recommend it. So That is it for this video and this section.
Speaker 2
20:01
I will see you in the next section when we start talking about sock puppets. All right, now let's talk about sock puppets. If you've never heard the term sock puppet before, you can think of it as this online identity that is not who you are, or it's a misrepresentation or somebody you're not. That's the most simple way to put it.
Speaker 2
20:31
You think of a sock puppet as a fake account, alternate identity, etc. And the point of having a good sock puppet is to not draw attention back to yourself. Okay, so if we're doing say an OSINT investigation or if we're looking into research, we're looking at other people, our goal is to never let the person know that we're looking into them. So ideally, we're going to create this fake identity or fake person.
Speaker 2
21:03
And this fake person might have a Twitter account, might have a Gmail address or proton mail or something along those lines, they might have a Facebook. And this should never tie back to you. Meaning it should never really tie back to your IP address. It should never be used on a device that links to your personal information should never be used on a phone that ties to you.
Speaker 2
21:26
There's a lot of depth that we can go into to avoid tying our name to a sock puppet. But the purpose is really to be able to have an account that looks legitimate. So that means creating content on these accounts, you know, making sure that you don't just create a bunch of fake accounts and then start doing research on somebody, there should be some history of these accounts. We need to make sure that if we have a Twitter that we're posting on Twitter, if that were on Facebook, maybe we have some Facebook connections and we post on our wall.
Speaker 2
21:56
Um, you know, we need to make sure that we establish some data to us And so that we look more legitimate. Okay. But the the main goal of the sock puppet is to do research and to try to investigate others or use the internet or etc. There's a lot of purposes, but for OSINT to investigate others without being able to identify back to yourself.
Speaker 2
22:18
And we're going to use that in this course, at least just as an introduction, I'm going to teach you the methodology and some of the steps that I would take. And then we're not going to go through all those steps because they're incredibly on the paranoia side, but they're a good practice, but we're not going to do that for the purpose of this course. I'll introduce them to you. We'll walk through them, but there's no purpose for this course that you're going to need to do those.
Speaker 2
22:40
So this is a brief introduction of what a sock puppet is, why they might be important, and the next video, we'll actually walk through how to create some sock puppets. Okay now let's talk about creating sock puppets. What I want to introduce you to are a few different blog posts and I'm going to link these down below. These were essential for me when I was learning about sock puppets and why they were important and the differences between types of sock puppets and all that.
Speaker 2
23:13
This is extra homework if you would say. Okay, the first 1 is from Jake Kreps. I think he does a very good blog on how to create sock puppets. The methodology is pretty straightforward.
Speaker 2
23:25
And there's some things that I really kind of want to point out. Skipping over the methodology, He kind of talks about the different types of sock puppets that you could have. So saying right here, he's talking about there's 2 different types of sock puppets. You could have a sock puppet that is a full on.
Speaker 2
23:41
You go all the way to make sure that you have this person that you create or this persona that you create that is fake. They have that history we're talked about in the past, and it takes a lot of time. Now, your sock could be identified. There are there's what's called sock hunters.
Speaker 2
24:00
They can easily pick up on you and say, hey, this person's a sock, let's just, you know, acknowledge this account as a sock, and then your whole persona is gone, you have to start all the way over again. Okay, another thing that he points out is there is something else. There's actually known sock accounts. He points out a really good 1 that I've known about for a while here is Shakira Security, right?
Speaker 2
24:24
Shakira Security is not Shakira, right? But it is an account that has 2, 500 followers. It's somebody that posts relevant information and they are respected in the community, but nobody knows who they are. They're obviously, they know that this person is not Shakira.
Speaker 2
24:44
They know that this person is a fake personality, but they're still respected. So there's a couple of ways that you could take the SOC accounts. For this purpose and what we're doing, this is for investigative purposes. So we're creating a persona, but you could still have this kind of secondary option where it's an account that you can still relate to OSINT.
Speaker 2
25:04
It doesn't have to tie to you. There's quite a few people in the industry that have these sorts of accounts that are very popular and you have no idea who's behind the account. So something to think about, but for the sake of creating an actual sock puppet, we're going to kind of take option 1 and go through it. I think this is a fantastic read.
Speaker 2
25:20
I think it's really good to point out he kind of goes through his steps and what he would do. I think it's great. I'm going to link that. Same thing with this another article on how to create a sock puppet, what a sock puppet is.
Speaker 2
25:31
I think it's important. I'm providing my methodology and what steps I would take. I think it's important to understand other people's methodology, what steps they might take, what they might do in their process and their thoughts through it, okay? This is very beginner OSINT.
Speaker 2
25:47
I'm not trying to take you down the depth of the rabbit hole that could be a sock puppet. I kind of want you to understand the general basics, why they're created, how we can do it, and kind of go from there. So there's also this great Reddit post here. Let's block these notifications, that goes on and just says, here's his process for creating a an account.
Speaker 2
26:08
And I found this about a year ago. And I thought, you know, this is perfect. This is something that is absolutely in my wheelhouse. So what I want to show you is kind of what it is, why he walks through it this way.
Speaker 2
26:21
We're also just going to kind of generate some random stuff, figure this out on our own. And then we'll kind of go back to his details. And I'll explain some of this because we're not going to go out and buy a SIM card. We're not going to go out and buy a phone, but there is importance to this.
Speaker 2
26:33
So I think that you should read this. I think that you should understand what the next steps would be if you were doing these things and how you can take this even further, but we'll kind of talk about creating our identity first and then we'll come back to a thought like this. Okay. So the first thing that we're going to do is if you look below the video, there is a fake name generator.com.
Speaker 2
26:52
You can click that link. You can also just type this into a browser and we're going to generate a random person. Now you can come in here. You could say my person is random.
Speaker 2
27:02
We could be a male, we could be a female. We could say, you know, we are American from the United States, blah, blah, blah. We can set different types. So for the United States, we have American, or it says American and Hispanic, but here we are American.
Speaker 2
27:16
And there's thought here too. 1 of these articles, if you take the Art of the Sock article here, talks about the benefit of being a female because men, let's face it, are gullible, especially when there's a female around. Many of the great OSINT and social engineers are women. They're great at it.
Speaker 2
27:35
And I feel like men, we are, we're vulnerable. Um, so having a woman personality, regardless if you're a man or a woman could be a good idea. Um, again, these articles go into the reasoning and the why, and I think they're great. So, but here, let's just say we generate somebody at random, shows up to be this Roger T.
Speaker 2
27:52
Davis. You get all kinds of great information here. You can get a fake mother's maiden name, social security number, coordinates, phone number, birthday. Let me make this bigger just so everybody can for sure see it.
Speaker 2
28:06
You can have a fake email address, all different sorts of stuff here, right? Passwords, whatever you want. I think this is really great. It's great for just kind of getting some ideas and maybe tailoring this person to who you wanna be.
Speaker 2
28:21
So let's say we have a Roger. Say we come up with Roger, Roger's gonna be our personality and what we're gonna do. So we could take Roger and we can go and maybe create a picture for him. There's a great website here that is this person does not exist.
Speaker 2
28:37
So you can see here that this person, there's a person here, but this is completely AI generated. Okay, so let's refresh this until we maybe get somebody that we feel like might be a Roger. So we got this guy, maybe this guy could be it. We do have an age on our persona, it doesn't really matter.
Speaker 2
28:53
Okay, 64 years old, obviously this isn't gonna be him, but we don't have to keep the age or date, okay? It could be a younger Roger if we want. And then we could take this picture. And the nice thing about this picture is if you were to put this, which we haven't covered it yet in the course, but if you were to put this in a Google reverse image search or you were to put this in like a 10-I or a Yandex, this image is not gonna come back.
Speaker 2
29:16
This person doesn't exist. We have seen failures in the past of where sock puppet accounts or fake accounts use somebody else's photograph, right? We've all heard of that. When we talk about like online dating, we've heard of the term catfish, right?
Speaker 2
29:34
Catfish being somebody using fake photos to catfish other people or act like they're not, you can think of it the same way. A lot of those people have been busted. And if you watch the show on MTV, which is actually called catfish, You will see that they go and they actually take the images that people have been sent and they put them through a reverse image search to see if those have been found a lot of times they'll pick up fake accounts or fake people because they'll tie to other users. And that's exactly what you don't want to have happen.
Speaker 2
30:02
Again, remember, if you put in a lot of effort into your sock account, you don't want your sock account to get immediately busted by having a reverse image search, identifying you as somebody else or a fake person. So this is a great idea to come in here and have an image, fake persona, et cetera, this person does not exist. Once you do that, it is recommended that you get things or start tying this person to accounts that do not tie back to you whatsoever. That could mean using a laptop that you would use specifically for your investigations that does not have any, you would never log into your personal Twitter, your personal Facebook, whatever accounts you have, you would never log in on that account would never tie to you.
Speaker 2
30:43
Okay. Um, that could mean also going out and getting a burner phone. A lot of people in OSINT recommend having a burner phone if you're doing investigations. Now this course isn't related specifically to investigations as stated earlier.
Speaker 2
30:56
I'm not an investigator though I have done some investigation work. This is just a broad view of OSINT as a whole. There are much deeper topics on this subject. But what we can do is say we wanna go out and buy a cell phone.
Speaker 2
31:11
We can have this privacy.com credit card. Okay, we can go buy a burner phone, we can use a credit card like this. And if you were to log in or sign up to create an account here, what you can see behind the scenes is that you have the ability to create credit cards. Let me actually bring this up.
Speaker 2
31:27
Okay, so here's an account I created. And What we have here is the ability to fund this card, okay? And then you have a virtual credit card and you can have as many virtual credit cards as you want. This gives you the ability to have a spending limit, to have, say like there's a subscription you wanna try out for 9.99, just as an example.
Speaker 2
31:47
And you only wanna try it out for a month. We're so terrible with subscription sometimes. We just let them go. I've got an Audible subscription that I have just let sit and charge me $15 a month for the last 5 months now that I still need to cancel.
Speaker 2
32:00
This would be a great alternative. Use a virtual card. It goes to charge you the second month, it doesn't work. You have your, a card that doesn't tie to your name or your identity or anything else.
Speaker 2
32:11
It's all virtual. This is perfect. So say you want to buy a burner phone. Say you want to buy a SIM card for that burner phone.
Speaker 2
32:19
Now you'll see that people recommend Mint. You can use a Mint SIM to use in your phone, you can get it off Amazon, and you could take that path. And this is exactly what this person recommends here, right? They recommend using a Mint Mobile setup.
Speaker 2
32:33
They're fairly cheap. They said it's 5 bucks on Amazon to get 2 SIM cards. You can use your phone then to go and use it as a phone verification method. So if we think about like Facebook or sometimes Twitter, any of those things, you're gonna wanna set up either verification or 2 factor or whatever.
Speaker 2
32:52
And the goal here is to use these accounts to actually, or use this phone to actually sign up for it. As soon as you're done signing up, you change those over to something that you control, like a Google Voice account, and then you get rid of the SIM card you never have access that SIM card again destroyed nothing is related to you. Okay again highly recommend reading this but the idea here is that you create things that don't tie back to you. So with that being said, the other thing that's important to talk about are IP addresses.
Speaker 2
33:22
Ideally, you do not want to do this on your own IP address. Okay, you do not want this to tie back to you. When you're creating these accounts, you don't want to tie back to you. You could in theory use a VPN.
Speaker 2
33:36
The VPN, the issue with VPNs is places like Facebook and other sites might pick it up that you're on a VPN, want additional verification. And then you're kind of SOL if you can't provide that because you have a fake account. So you need to be cautious about using VPNs. Try to identify VPNs that maybe would work if you're trying to create a full sock account.
Speaker 2
33:57
Ideally, it should be in the location that you're trying to do it in. So if you're doing a, say you're in St. Louis, Missouri in the United States, if you're in St. Louis you're saying your characters from St.
Speaker 2
34:06
Louis then you should ideally use a VPN that can get you into St. Louis and create those accounts so that you look like you're coming from where you are. Same thing with the phone number. You should try to get a phone number out of St.
Speaker 2
34:17
Louis. Make your persona as legitimate as possible. Okay, now mobile networks work really great. You don't have to be on your home network, you can be on a mobile if you can't use a VPN or if that's getting picked up.
Speaker 2
34:31
So just think about things, try to create them through. Now, what I want you to do is I want you to practice. I want you to follow this setup as best as you can. Don't go buy a burner phone.
Speaker 2
34:41
Don't go do any of that unless you absolutely want to practice this full fledge. Again, we're not going into the weeds in this course. We're scratching the surface. If this interests you, then dig deeper, go further.
Speaker 2
34:52
I fully encourage it. But for right now, just go create a fake persona, come into the random name generator, create a fake persona, Create a fake picture, make an account, make a Twitter, make a Facebook, make anything that you would want. Don't worry so much about the IP address, don't worry so much about the phone number. I will tell you, this is from personal experience, the very first sock puppet account that I created, I used it on Facebook, okay?
Speaker 2
35:17
This is a life lesson, I used it on Facebook. I used it on Facebook and then I never had any issues with it until the day that I logged into Facebook with my phone. Immediately, it started pulling down contacts and people who I may know and that ties me immediately to those other people from my phone. OK, and guess what happens on the other side?
Speaker 2
35:37
People that I know or may know are seeing me pop up as who they may know. And this person doesn't exist, obviously. But why am I showing up? So you need to be very cautious about not logging in with your phone, not logging in anywhere that is not tied to you.
Speaker 2
35:53
Don't search people on your sock, Facebook account. If you don't need to don't search people that are related to you or anything. Use a separate account for that even if you have to. But think about creating a Twitter, a Facebook, maybe an Instagram, maybe a LinkedIn.
Speaker 2
36:08
You can create these accounts. For the purpose of this course, I'm gonna be straight forward with you. I'm gonna use my own personal accounts. We're gonna do OSINT on my own personal accounts.
Speaker 2
36:17
I'm going to use my Twitter account when we're doing Twitter. I'm going to use well, I don't have a Facebook, so I will create a Facebook account, but I'll show you how to search through things using my own stuff. But for the purpose of correct OPSEC, for the purpose of doing this the right way, you should be thinking about the things I'm telling you. Read through these 3 articles.
Speaker 2
36:37
That is definitely your homework. Read through these 3 articles. Take time, don't just jump into the next video, really take time to think about how you create a sock puppet, how you would go about it and understand why it's important. Okay.
Speaker 2
36:49
Understand why it's important. There's more meaning to a sock puppet beyond OSINT investigation. There's more meaning beyond this course. I just want you to understand why we're doing it, what the purpose is and how you can do it effectively.
Speaker 2
37:03
Okay, so from here, we're gonna go ahead and move on into our actual OSINT stuff. So we're gonna start off with some search engine OSINT, and I'll see you in the next section when we dig into that. Now on to search engine operators and search engine OSINT. So what we're going to be looking at is pretty much the first step that I would take when I'm looking up somebody or something or business or whatever it is that I'm investigating or researching, I typically go out to a search engine.
Speaker 2
37:41
Usually my preference is Google. Here in a second, I'm going to show you a bunch of different search engines, we'll kind of talk through them. And we'll talk through the different operators. And of course, I will provide references.
Speaker 2
37:52
And I'll provide even some cheat sheets for you to look through these different operators and search engines. And you can apply those how you see fit. So let's go ahead and switch over. For this part of the course, I'm going to start using my Linux machine.
Speaker 2
38:05
There's no expectation for you to use that. I'm just using that because I have my Firefox and we're going to eventually transition into Linux a little bit later. But for right now, I'm just using the browser. You can use it pretty much wherever you want.
Speaker 2
38:16
So what I've gone ahead and done right now is I've searched my name, I've searched my name here in Google, I've searched it in DuckDuckGo in Bing, Yandex, and then a couple more search engines down here. Okay. So I've got Baidu, actually, this is just Yandex operator. So I want to show you the results and kind of why maybe I have some preference towards Google, but I'm searching myself.
Speaker 2
38:40
So I'm just searching my name here in Google. You can search me if you want, you can search yourself, however you want to do this And what comes up is Twitter, LinkedIn, Udemy, these are all me. Innocent Lies Foundation, that's me. All these are me.
Speaker 2
38:55
The Cyber Mentor, Veteran Sec, Wild West Hacking Fest, Reddit, yep, This is all about me. The only thing that's not me is this here. Search is related to me, my net worth, Udemy, Age, Twitch, Twitter, LinkedIn, OSCP. So yeah, these are pretty much all about me.
Speaker 2
39:14
If you come over to DuckDuckGo, which is more of a privacy based search engine. It kind of gets a little bit different here. You could see that it comes back with me pretty much right away. And then you see Twitter, LinkedIn, Innocent Lives Foundation again.
Speaker 2
39:31
Then we get Herbalife, somebody in South Carolina, a Dr. Heath Adams from Tasmania, and then a bunch of different pictures, most of which are not me. So it gets interesting. It's not really picking me up as much as it was.
Speaker 2
39:47
Now I'm down here again. Some of the other ones down here, TCM Security, Udemy, those would be me. Any of these are not related to me whatsoever. So I do think that Google does a better job.
Speaker 2
40:00
And you'll see again here, I'll kind of breeze through this. The first few are me. This presentation is actually me. These are not.
Speaker 2
40:08
And then again, it looks like it goes to South Carolina and just different kind of more of people search people, OSINT record type deal, which we'll get into a bunch of these later. But it's picking up other people. It looks like Yandex is a Russian based search engine. It actually does a pretty good job of picking me up in the next section.
Speaker 2
40:27
We'll kind of talk about Yandex and why where I find it more important or where I find it more useful in terms of being a search engine, but for, for now I don't really use Yandex for, um, Operator searching. I use it more for image searching, which is the next section. And then here you'll see Baidu. I don't really show up.
Speaker 2
40:46
This is more of Asian based. Uh, and it doesn't do a very good job in my opinion for if you're searching anything, us-based or even European based, I don't find this to be very great, but I wanted to point it out because obviously we will have Asian students if you use Baidu. Great, a lot of the operators I'm gonna show you pretty much flow through to all of these. Okay, so I'm gonna search on Google, but most of these flow through across the board.
Speaker 2
41:10
Again, I'll provide references and resources so that you can go ahead and check these search engines out. Try it on your favorite search engine, give it a go. Um, for the most part, everything's the same. There are some slight tweaks and operators, but, um, for most of what I'm going to show you holds true.
Speaker 2
41:25
Okay. So let's go back to Google. Now we can take a look at some things I want to search and we'll just go through my life recently. So in my life recently, I am going to go back to undergrad, I'm working on getting some classes for my PhD.
Speaker 2
41:42
And I am planning on attending WGU. So WGU is a university. Now with WGU, there's a bunch of courses that are in this curriculum. And I kind of want to know more about those courses, I kind of want to research those courses and find out information.
Speaker 2
41:59
And what I might do is I might say something like WGU calc 1, like I have to take calculus 1, right? So calculus 1 and search that. Now what should come back is a WGU page, you can see that there's Reddit, there's videos on YouTube, there's a course hero. So it's kind of just all over the place.
Speaker 2
42:21
There's some flashcards. And what I kind of want to find out is, well, what is what is WG use course called? Well, it looks like if you ask me, what we see c 282, And then we see a C 958. So I'm thinking within the last year or 2 here, it says 958.
Speaker 2
42:39
So maybe here, I want to say something like WGU C 958, because we might get some different returns on those results. And now you're seeing, okay, so we're getting calculus, calculus, calculus. And maybe because we search calc 1, we're we didn't get all of these. So we're getting different types of pages here just by changing our search results just a little bit.
Speaker 2
43:03
Another thing that we can do is say like, I really don't care about seeing WGU's website unless I wanna see the course study. Like maybe I am after WGU, maybe I am after some other things. But here I'm actually interested in Reddit. So I might type in Reddit, which will help a little bit, like it'll bring up Reddit posts, but it might start bringing up other posts that aren't via Reddit.
Speaker 2
43:26
So what I like to do here, if I'm searching something, I might just say, site Reddit. Okay, so you type in site, Reddit, and I messed that up, reddit.com would be the correct 1 site, reddit.com. And then you come in here and you see, okay, now all we're going to get our Reddit websites, okay? Reddit websites only.
Speaker 2
43:49
So anything that's a reddit.com, we're gonna come here and we're gonna see. So now I can say, okay, wguc958 site reddit.com. Maybe I want it to include, maybe I wanna say, you know, I want everything included to say WGU and c 958. Maybe I want it to be like that.
Speaker 2
44:10
Okay, so now it might change things out, what we're looking for is the term WGU, which is showing here in in the address bar, and then it's also going to control with c 958, which is going to show somewhere in here. So somewhere in here, c 958. And WGU. Now, maybe instead of saying and with the operators, I wanna just have these combined.
Speaker 2
44:34
I want the search term to be like this. So it has to be in this order, this is specific, we're putting quotes around it. So we say WGU C958, and we don't find anything. All right, so, but here's an example.
Speaker 2
44:48
You see the C958 calculus. So if we typed in C 958, calc, you list just like this on Reddit. Now we're going to find some stuff where it shows C 958 calculus in this order. Okay, so we can narrow down searches like this.
Speaker 2
45:05
And it's really nice. So we might come in here. And now I can go to specifically what I want to see on this Reddit page. And there could be something like, I know for a fact, let's take away this.
Speaker 2
45:19
But I know for a fact that there is a professor that is on YouTube called Professor Leonard for this, okay? And Professor Leonard teaches calculus. He's known as a good resource for teaching calculus and a lot of people use him at WGU. Maybe I want to find every post on Reddit that references Calculus and Professor Leonard or maybe just C958 because just like that And let's see what we get.
Speaker 2
45:47
We get 139 results. Okay, but now we see okay, Professor Leonard, Professor Leonard, it's in here, c 958 in here. If we wanted WGU to be in there as well, we could say and WGU. And just like this.
Speaker 2
46:02
Now we have conditional operators, we could say C958 or Professor Leonard on Reddit. So maybe we bring up different pages. So look, this 1 now has changed, this has nothing to do with WGU. Somebody's just saying Professor Leonard is better than Khan Academy when it comes to calculus.
Speaker 2
46:21
Okay, and then somebody's talking about they like somebody else better than Professor Leonard. Nothing related to WGU here, because we changed that or operator, right? So these things matter, these things change. There's a lot of different things that we can do with these operators.
Speaker 2
46:39
Now this is a WGU example. But maybe we want to maybe we want to look at something different. Maybe we want to put a wildcard and maybe you want to look for me you know I'm I'm Keith Adams you're gonna put me a quote and you see people call me the cyber mentor but maybe you're like I don't remember what they call him maybe you know he's a something mentor you could say something like the wildcard mentor And that will start bringing up anything with that wildcard there. So you can wildcard here and look for the and mentor and you'll see cyber comes up.
Speaker 2
47:12
Okay, this is another way to look for different things. Now, we can start getting investigative. Say I'm looking for a an organization. I'm going to pick on Tesla.
Speaker 2
47:23
I like picking on Tesla because I love Tesla. Say I'm looking for Tesla and this is actually something that happened. I was reading in a bug bounty not that long ago. There was a bug that happened where somebody was searching for passwords on Google for Tesla.
Speaker 2
47:39
They happened to find 1 that hit the search engine. It literally hit within like a day or 2 of them finding it and it was only there for a day or 2. They found it, it was credentials that allowed them to log into, I believe, a help desk type deal, like a ServiceNow, and they got into their ticketing system and they gained access to sensitive information at Tesla. And you can absolutely do this with the search engine.
Speaker 2
48:02
So I kind of want to show you now how we can take a search engine and start maybe hunting a password or hunting, hunting something along those lines. So what we might do here is say we're looking at Tesla. So we know we want to look at site Tesla. All right, so site Tesla.com.
Speaker 2
48:18
And maybe we'll want to look for the word password. And that's gonna bring up some meds is okay, we get the we get the reset your password. You know, this is going to be, perhaps not really great for us, we could probably improve this, right? Maybe we're not going to look for the word password in a regular website, like we're not gonna look for here, maybe instead, we want to look for it on like, I don't know, a PDF, or maybe like a doc X, or maybe an Excel or CSV.
Speaker 2
48:52
So we can come in here and say like file type. Okay, and now we can say file type PDF. So we're searching is we're saying, Hey, I want to look for the word password in the site Tesla with a file type of PDF. Hit Enter.
Speaker 2
49:07
You get 83 results. Now all we're seeing are PDFs with the word password. Now PDF might not be the best 1. Maybe, you know, they stored it in an Excel document.
Speaker 2
49:17
So, xlsx, like this, hit Enter, and let's see, we got nothing back. All right, so that didn't work. Maybe we can try something else. What if we just deleted the term password?
Speaker 2
49:31
Just as an example. Okay, and what's coming back is that there's absolutely no Excel type files here on Tesla. So that's interesting. But if we were to search this, maybe we'll search like Doc X instead.
Speaker 2
49:46
Okay, there's, there's 2 files here. There's an investor relations file in residential electric vehicle. Okay, so nothing, nothing great here. But some ideas that we might do is we might say something like xlsx, we might say password.
Speaker 2
50:04
And maybe passwords, not it, maybe it's pass like this, or maybe we're looking for pwd, or something along those lines, you have to think not just the word password, but other alternatives of it. Okay, so you can start really narrowing down, but you don't have to be looking for just a password in an Excel document. You could perhaps just find a sensitive document here. I've seen all kinds of crazy stuff pop up when I'm looking, and you don't have to limit it to the website.
Speaker 2
50:31
You could say, Hey, I want to look at PWD xlsx for anything that just says tesla.com in it. Okay, and see what happens there. We get 1 result. So here's an Excel file from the EPA gov.
Speaker 2
50:47
There's PWD ID, and we have no idea what this is. So we might want to dig into that we might want to say something like pass in here. And this is how I would research this. This is literally how I would go if I had a client, I would look through for this client, I would say, can I find a password related to anything that they have anything sensitive that they're leaking?
Speaker 2
51:09
Are there any documents out there that might be of interest to us and go through all of these types of deals? Now, like I said, there was a bug bounty that was found not that long ago, just by doing this same methodology. Now there's more things that we can do, say that we're looking for subdomains of a website. Now if you're not familiar with subdomains, you have like a www.tesla.com.
Speaker 2
51:34
But I also saw something come up like ir.tesla.com, or forms.tesla.com. These are all sub domains of the tesla.com website. So what you can do is you could say, hey, I wanna look at site tesla.com, but I really don't care for the www. Please don't show me anything with www in it.
Speaker 2
51:54
And now you can see that takes out anything that had www in the front. So we have shop, we have forms, Appleizer or App Player, sorry, more shop, more forms. Maybe, you know, I know about the forums, I don't care about the forums, they're wasting space in my search results. Let's take those out.
Speaker 2
52:11
And look, 61, 000 just went down to 7980. So now we get shop and you could keep going through here now like we found a live stream API. So this is a good way to come through using Google and just finding potential subdomains here that we didn't know about. If we're investigating a website and we're doing some sort of investigation there which we'll cover website OSINT later on in the course.
Speaker 2
52:34
But these are just kind of overviews of how you can take these and just kind of manipulate that. But it's the same thing, like if you wanted to search for me again, say, search for Heath Adams, but you don't want anything related to the cyber mentor. Maybe you can get rid of that. Maybe you can get rid of also the word mentor and just kind of eliminate a lot of these things.
Speaker 2
52:57
So where have I been potentially? Or maybe you don't even want me. You don't want anything to deal with me, you want somebody else. Okay, now you're pulling up Heath Adams, partners and lawyers.
Speaker 2
53:06
Remember, we're seeing that on other pages, Dr. Heath Adams, Heath Adams on Facebook, scholar, cardiologist. So now you're starting to see different people, different results. I'm not here anymore, because you took me out of the equation.
Speaker 2
53:19
So these are just again, different operators that you can use and throw into the mix, that would be incredibly useful. You just have to think about the logic behind how you're going to do things. Now, there's a couple more that I want to show you before we wrap it up here. So we can do something called in title in URL in text.
Speaker 2
53:39
I like saying things like this, like, look, we could look for in text. So we're say in text password. I want to see if there's anything related to me with the with password in the text. So you're going to come through here and see where what do I have related to password.
Speaker 2
53:58
So I've got some things here with breach parse, which tool I wrote some things that we were talking on Twitter, I was saying something about password on Twitter. Now this could be a way to search through my Twitter. If you wanted to, you could say I want to see if he has ever said if I ever said the word password on Twitter, So site, twitter.com. Or we could say the cyber mentor site, twitter.com and start looking here.
Speaker 2
54:24
So like here I was talking about I love political season password spraying. You know, like there's different things here that I talked about and you could find that for me. So that's in text. Now we could say something more like in URL.
Speaker 2
54:39
Now in URL is going to be looking at the URL and seeing if the word password exists there. Now it's not going to for something like Twitter. Let's see if we can find URL and a password. There's not many great resources here.
Speaker 2
54:50
So it really just depends. Like these are just weird websites that are showing up. But if there's a hunch that you have something is in the URL, it's always good to know, you know, the in URL exists. In text is probably my most commonly used 1 because I could just search for a term that I want to show up on that webpage and I know that I need it to be there.
Speaker 2
55:11
So in text is great. But if you have the same situation with in URL, that's great. Another thing is in title. So you can say in title password.
Speaker 2
55:18
So we should pull up some results here. 439. So here in the title, you can see that password shows up. So anywhere where password shows up in title, you're good.
Speaker 2
55:28
So there's a bunch of different options that you can do here. Okay. And I think that these are I think that these are great. I actually don't even know what this site is.
Speaker 2
55:37
So something somebody wrote a blog on a hacking tutorial. And it looks like they've got, you know, different types of hacking here that somehow tied into me. So it's very interesting to see some of these things when you're searching yourself and searching for other results. Alright, 1 more thing.
Speaker 2
55:54
Last thing I want to show you, mostly everything that I've shown you at this point is something that you can utilize on all the other search engines. So, um, if you find difficulty or something not particularly working very well, definitely check the cheat sheets, but for the most part, everything's about just about the same. Now, if you don't want to go through and deal with all the operators and remember them, which I think you should. I think it's great practice.
Speaker 2
56:21
It really helps those who can Google, those who can search very well will do great things. Google has paid for my education. Google has paid for my job. Google has made me who I am today.
Speaker 2
56:34
I'm not even kidding. Um, when the first interviews I'm sidetracked a little bit, 1 of the first interviews I ever had, I had a job interview for a help desk position and he said, what would you do if you didn't know the answer? I'd say, well, I'd ask somebody or I'd Google it. And his response to me was, that's perfect.
Speaker 2
56:50
I say that I feed my family on Google and that has stuck with me because it's really true. The better that you can do research and really hunt things down, it becomes so useful just beyond OSINT, beyond this here. It becomes incredibly useful. But OK, look, all the things that we've been talking about here, we have this google.com slash advanced underscore search, all you have to do is come in here and type the words that you want.
Speaker 2
57:14
So say we want Heath Adams. All right. So you would say this exact search, you put it in quotes, he that is telling you how to do it. Any of these words, none of these words.
Speaker 2
57:26
So maybe you don't want www like we talked about, you can come in here and say site or domain and you say, you know, we'll look at Twitter, twitter.com. And we'll just see, actually, we don't want to eliminate www, because that might not show up anything. And you type in an advanced search. And what's it do for you?
Speaker 2
57:44
It does it for you. It's amazing. Everything is here for you. You don't have to put in the quotes, you don't have to put in the site.
Speaker 2
57:50
And if there's things that you're trying to think about that maybe you're like, you know, I really want to narrow this down to a language, I wanna narrow this down to a region, a certain timeframe, et cetera. And that's 1 other thing that I could show you too, is if you come into the tools, you can look at any time, past hour past 24 hours, I think this is fantastic. So what have I posted in the past week on Twitter, You can see 4 days ago, 7 days ago, et cetera. I'm pretty active on Twitter.
Speaker 2
58:19
You can see what pictures are there. Like this is something I posted out that long ago. I retweeted this picture. So, yeah, there's all different kinds of stuff.
Speaker 2
58:28
I look the OSINT course. So, yeah, there's there's a lot of stuff going on out there, right? And even within the past week, even probably within the past 24 hours. So you can find different stuff about me, you know, that's pretty interesting, and yourselves or whoever you're researching.
Speaker 2
58:43
And then you have, like, you can say all results verbatim, you can clear this out. I think it's very nice. We haven't even gotten into news or images or any of this stuff, but you can go into images and see what you can find. Can you find me?
Speaker 2
58:57
That's a little provocative, but you can find funny pictures of me that are showing up on search engines, all different kinds of stuff, right? So, I mean, it's interesting, like, that's me, that's my wife, like, there's you to me, there's all different kinds of stuff in here. Those are my cats. And this is just from Twitter.
Speaker 2
59:16
This is just from what I posted on Twitter. Look, there's my dog. So you can find a lot of stuff about somebody in a very short period of time with just doing some basic searches. You wanna find videos about me, you can come in here, look at different videos from Twitter that I may have posted.
Speaker 2
59:34
You know, and it's, it's very interesting and how this all narrows down. So what I want to say and take you, I'm going to go back to the, the advanced search, you can do this here and really think about it. If there's a specific region or specific timeframe or specific anything, Here's the file formats that you can search for. It's all possible here.
Speaker 2
59:53
So think about how you want to search things, practice with this, play with this, improve with this. And the best person to search, I think, is yourself. If there's some stuff that you think might be out there about you and you kind of want to figure it out, put your name in Google, start searching it. Search in text with like the first 4 or 5 digits of your address, for example, and see if you pop up or your city or something like that.
Speaker 2
01:00:17
See different things that might show up and see how you search yourself. So that's really it for this video and that's really it for this section. From here, we're gonna move on to image OSINT and talk about how we can identify stuff just from a picture. So I will see you over in the next section.
Speaker 2
01:00:38
On to the image and location. Oh, sent section. We're going to start off with reverse image searching. Now in an earlier section we were talking about sock puppets and I talked about the show Catfish.
Speaker 2
01:00:52
I was talking about people using pictures and they're being reverse image searching and possibly being able to identify people who are using pictures that aren't theirs, it's really quite easy to do. So in this section, if you look at the resources, what I have done is I've included a picture of me, though you can use any picture that you want. I'm going to be using this picture right here to kind of show you. So I've got this picture right here.
Speaker 2
01:01:20
I'm going to use this in 3 different search engines to kind of show you what the results are. And we'll kind of talk about each of the search engines. So I've got this picture, this picture I pretty much use on LinkedIn, on Twitter, et cetera, This is kind of my main go to right now. So what I'm going to do with this image is I'm going to go out to first images.google.com.
Speaker 2
01:01:41
And this will be provided in the resources down below as well. But if you go to images.google.com, you can follow along here, All you need is an image. So what we're going to do is we're going to take the image. And we're going to just drag this in here.
Speaker 2
01:01:57
And it should search. Let's see what happens when it does that. It identifies me as the image like 237 results. And it says you may be looking for Heath Adams.
Speaker 2
01:02:10
This is what tied in. So what it's looking for is any image right now that matches this specific size. And then it says, Hey, let's go ahead. You can say I want to find all sizes.
Speaker 2
01:02:21
I want to find this picture small, medium and large. And there's some pictures that look kind of like me, but aren't me. So your results may vary when you click on these, but when you come through here, it's absolutely me, right? Like you see here, okay, you're pulling up Heath Adams.
Speaker 2
01:02:38
If we were to go to Twitter and check it out, we can confirm. So if we're playing like a scenario based situation here, we're say, somebody decided that this was a great picture, they're gonna use this as their sock puppet or their dating profile, and we're suspicious of this account, so we just take this picture, throw it into a reverse image search, and see what we can find. So here's what we found. We found, hey, this belongs to me.
Speaker 2
01:03:04
And you can also find different areas where it might be here. So like you have the same options, by the way, you can use this photo and say you don't want anything from Twitter, you could take out twitter.com as an example, and then just see results now for LinkedIn, for Udemy. And there you have these results. And then it will go back to filtering down to Twitter and everything else once it runs out of options.
Speaker 2
01:03:28
So these are, um, matching images, but not exact matches to this image. So it depends on how you want to narrow this down. But with that being said, we can do this in another location, 2 other locations. There's quite a few reverse image searching.
Speaker 2
01:03:44
These are the 3 that I use the most. Um, if I don't find it on 1 of these 3, it's maybe probably less likely that you're going to find it. In my opinion, it doesn't mean that 1 of the other search engines won't have it. It's just unlikely.
Speaker 2
01:03:58
So Yandex has come back again. And we talked about yandex in the the search engine, oh, since section, and now we're back to yandex.com. All I did was click on images. And I'm going to drop this image here as well.
Speaker 2
01:04:10
We're just going to see what happens. I've actually not done this. So let's see what happens. What I do like about Yandex is that not only will it pick up this picture here, but it will pick up similar images of this picture.
Speaker 2
01:04:25
What that means and where that's useful is say that you're trying to hunt down somebody. And I've had this happen with missing persons. And when we're doing trace labs and things along those lines for those competitions. If you dump this into Yandex, maybe that's the only photo that you found is the only 1 that exists of that person.
Speaker 2
01:04:44
But maybe just maybe you have them show up again in another photo that's similar. It could be similar time frame like similar like say there was a just second part of this headshot or like an off take or something along those lines. Or it could be a similar that same person in a different picture, but because it looks or the features so similar, they use this matching mechanism to say, Hey, I think this is who it is. So that's what's going on here.
Speaker 2
01:05:09
They're trying to match this person, you can see that it found it here on these websites, which it looks like it's pulling up this TW UGI, which is off of Twitter, it looks like. If you come here and you click on this, you can click on similar images and see what pulls up. And this is on TW Stock. So this is some sort of Twitter stock type deal here that it's pulling up.
Speaker 2
01:05:32
So you could look through the picture, say you're looking for other people. This is kind of where you have to kind of eyeball it and say, Hey, does this person exist? What are we looking for here? Um, click back on me and you could see maybe there would be some sort of similar images, but there's not.
Speaker 2
01:05:46
So it's just kind of giving you ideas. It's not perfect, but sometimes Yandex does a great job of picking up other pictures that you just wouldn't have identified because where they're looking here a lot of the times for the exact photo and here as well for 10, I which I'll show you in a second, Yandex is looking for more than that they're they're looking at slight variations and not just the same photo but slight variations of that photo or photos where it could be that person. So this is always good to look through and see if you can identify that anywhere else. Now the last 1 I want to show you is 10i.
Speaker 2
01:06:22
10i is great. You can just come in here and say, hey, upload. So 10i.com. You come in here and you do a reverse image search.
Speaker 2
01:06:30
And this 1 I did try out and you can see here that look, it doesn't do as great of a job as Google does. I think Google does the best here. But TinEye can find something perhaps different. Like look, it found this technology solutions that North State.net.
Speaker 2
01:06:45
What does that say? Well, if we click on this, and say I'm your subject and you're researching me, well, you just found an article written by me in 2018, talking about pen testing techniques. So now you have maybe a potential place where I used to work. You have that I've written articles you have that maybe I'm a subject matter expert on a specific topic.
Speaker 2
01:07:08
So now you're identifying additional information on me based on maybe a website that did not show up previously. So maybe that wouldn't show up here. Right? So you have to be aware and of using all of your options.
Speaker 2
01:07:21
And that's why I like to show more than 1 website. Yes, because a website can go away, not that Google or Yandex are going to go away. But it's always good to see alternatives and see why 1 thing might pick something up and then something might not pick it up on the other search engine. So it's always good to use multiple search engines when you're doing Googling, when you're doing searching, or when you're doing any sort of reverse image searching.
Speaker 2
01:07:44
And you'll see that throughout the course where we use something different we find a different result. So that's it for this video. We're going to move on to Exif data in the next video. Now let's talk about viewing EXIF data.
Speaker 2
01:08:02
What is EXIF data? Well, EXIF is exchangeable image file and there is data that belongs to that. Now, EXIF data can be very telling and can provide a lot of information. When you snap a picture, there can be data left behind that can be tied back to you.
Speaker 2
01:08:25
This used to be very, very true in the older days than it is now, as there's more protection mechanisms put in place by cell phones by websites such as Twitter location data is very much more secure but it doesn't mean it's incredibly secure. You can see here in a second that X of data is prominent. It can tell you an exact location, it could tell you an exact device. There's a lot of details that can be found.
Speaker 2
01:08:53
Now I am pulling up a picture that I had stored on my hard drive. And I literally pulled up the first photo because I knew this type of photo was taken maybe close to 10 years ago. And I knew the data would be there. I knew because there were no real thoughts about protection, especially when I took it on this device.
Speaker 2
01:09:13
That's anything about location or date or any of that, there's no real thoughts about it. So what we're going to go through is viewing exit data. You're going to see what you can see on some of the stuff. And in terms of exit data.
Speaker 2
01:09:26
In a real world scenario, I have seen it as recent as the last 6 months when doing an investigation, where there was a picture that I was looking at and it had data that tied not only to the phone, but also tied to the person's location, exact location, and told me where they lived, what type of phone they were using, when the photo was taken, And it is rock solid when it comes to evidence. And it's rock solid when it comes to having something that can be concrete in an investigation. So let's go ahead and take a look at this. Now, we can go to a web browser.
Speaker 2
01:10:00
And if you go to exif dot regex dot info, again, this will be in the description down below, you will come to Jeffrey's image metadata viewer. Now there are ways to do this in Linux. And we'll show that as we get to the tool section. But using our manual methodology here, we're going to go ahead and use this website.
Speaker 2
01:10:20
All you have to do is take the picture, which I provided a picture in this section, go ahead, and I'm just gonna go to browse pictures. And then there's this image here, which isn't really showing, but I'm going to load it, say I'm not a robot. And then we're gonna have to select some parking meters. Verify that.
Speaker 2
01:10:38
Let's see what we can find on this picture. Alright, it didn't like me there in my Linux machine. So I'm going over to my Windows machine and trying the same image. I'm just going to view the image data here.
Speaker 2
01:10:48
Let's see what happens this time around. All right, this is more like it. So this is a picture of my dog, my old dog, Layla. And she, we were going on a walk.
Speaker 2
01:11:01
So this is all I have is just a basic photo that I took in my my phone at the time, we're going for a walk somewhere and I have no idea where we were. I really did not know here. But you can see some information on this. Let me actually make this a little bit bigger.
Speaker 2
01:11:16
So you can see that this was taken from an Apple iPhone 4S. So at 1 point, uh, if you saw this on a page of mine, or you saw this somewhere where I uploaded it now, Twitter has pretty good protections in place, Facebook, et cetera. Um, better protections nowadays, But say I put this like on a website, say I had it on a blog of mine or something and the exit data was not stripped out before uploading, then you might be able to pull down this information. You can see that at some point I owned an Apple iPhone 4S.
Speaker 2
01:11:46
Here's the lens, here's the exposure. Flash was not on when this picture was taken. Here's the date. This was taken on March 11, 2012.
Speaker 2
01:11:55
So you can see what today's day is and how long ago this was. And you get a latitude, longitude, okay, Which I think is super important. So you can just click on something like Google. They take you to any of the maps that you want, but Google here, let's just go ahead and say Google, and that'll open up Google maps.
Speaker 2
01:12:13
And this will tell you exactly Where it was taken latitude and longitude and what do you see Wildwood Toledo, Ohio? So at some point I was in Toledo, Ohio at some point in 2012 I was walking my dog in this park in Toledo, Ohio Okay, so this can tell you a lot about somebody. This could tell you a lot. What do we just find out about me?
Speaker 2
01:12:39
I have a dog. I took that dog for a walk. I have an iPhone or had an iPhone for us. I at some point was present in Toledo, Ohio on a specific date and time.
Speaker 2
01:12:50
That is the power of EXIF data. Okay. Now, if you are curious, you can actually scroll down and see the full EXIF data. So it'll tell you pretty much anything and everything you want to know about the picture, you got the shutter speed, aperture, etc.
Speaker 2
01:13:06
But what we're really interested in would be the the GPS information, the device type, the date that this was taken, And this really could help us when it comes to an investigation. So this is this is awesome information. So if you have a photo of something, say it's your subject, say it's whatever you're investigating, always look at the exit data, You never know what you're going to pull down. Again, it's less likely on a platform such as Facebook or Instagram or Twitter as they've started stripping those out.
Speaker 2
01:13:43
But it still doesn't hurt to look when you find something, especially if somebody sends you a photo or they were sent a photo, it's much more likely to have this exit data in there. And again, I've seen this in an investigation within the last 6 months, where a photo was sent in a fraud case, and we were able to look at that photo, identify where the person was at and hand that over to the appropriate authorities. Okay, so important, important stuff here. And that's really it for this lesson.
Speaker 2
01:14:13
So we're going to go ahead and move on into geographical data. And it's going to get pretty interesting and pretty fun in the next few videos. So I look forward to seeing you over in the next video. Next up is physical location OSINT.
Speaker 2
01:14:31
Now as a pen tester and consultant, I've done quite a bit of this as we are sometimes asked to do some legal breaking and entering and what's called a physical penetration test. So what we'll do is we'll take satellite imaging and we'll look at the satellite images to see if we can identify any useful information from looking at the satellite images. And then we can also go out on site, and we'll have tools such as a drone that we might fly from a mile away and see if we can identify any useful information. So let's take a look at a map and then I'll kind of walk you through what information we might be looking for here.
Speaker 2
01:15:08
So if we look at this map, all I've done is go to Google here. If you go to google.com and then get to the map section. I've gone ahead and just typed in Tesla HQ. So what we're looking at is Tesla headquarters here at 3500 Deer Creek Road.
Speaker 2
01:15:24
So if you wanna follow along, you can. If you just wanna watch, you can as well. So it's got pictures here, which could be useful if you wanna look at the different photographs from the ground, but you can also come in here and click on the satellite view. Now, depending on the satellite view that you get, sometimes you might get an address for a client, I've had this happen before, where we've gotten an address and the building was so new that the satellite actually didn't even have a picture of the building.
Speaker 2
01:15:50
So we had to go around and I don't have a great secondary, but you can go around and just try to look up different satellite imaging and see if there's anything out there that would have a an improved image. So it's always good to have an idea of maybe getting a backup image on this just to be sure. Um, but if you want to look at this, what we're trying to see is how do we gain access to this building? What is the surrounding area?
Speaker 2
01:16:15
So if I'm doing reconnaissance here and I'm trying to look for physical OSINT, I not only want to look at what's going on at this building, I want to look at what's going on around here. Because like I said, if I'm driving a drone or drying, if I'm flying a drone, I want to make sure I can drive to a location that I can fly the drone from and not really seem suspicious. So it could be good in a parking lot that could be maybe, you know, either empty or saturated, depending on the building, a remote location, which it looks like we've got nothing but over here, and just somewhere where we can sit and maybe not look so suspicious. So it looks like even some of these off roads back here, you might be able to just park and hang out in a situation where you could then fly it across here, depending on the actual mileage and distance.
Speaker 2
01:17:01
But anyway, with that being said, besides doing on site reconnaissance, well with a drone, and you could actually drive around if possible, just to see if you can see anything physically while you're there. But what we want to identify is if you're coming in on this road, is there any private access? Like if I'm just driving down the street, and I need to get into Tesla, this HQ area? Is there a private access?
Speaker 2
01:17:25
Is there a blocked path? You can think of it like if you've ever seen like the movie theaters, not theaters, but like the movie sets where they have the guard waiting for somebody to check you in. And I always see that in movies. But if you see something like that, where there's a guard desk here, and you have to be able to show ID and say why you're there to build even drive on.
Speaker 2
01:17:44
This is probably not going to be the path of entrance that you want to get through unless you're preparing to do some sort of social engineering. So you're looking for does it have any protection measures in place here? Are we seeing any guards? Which if I'm driving around the building, I'm not seeing any guards.
Speaker 2
01:17:59
Is there anywhere that I can park in this parking lot that wouldn't be too suspicious. Now you want to see, OK, there's a parking lot here. There's also a parking lot over here. And looking at a lot of these cars, a lot of them look like Tesla's.
Speaker 2
01:18:14
So Especially in the back here, it looks like most of these are Teslas. So maybe you don't want to try to park back here with all the Teslas. Maybe there's a reason that they're back there. Maybe you want to just try to park in what looks like an employee parking lot over here.
Speaker 2
01:18:27
This looks like more like visitor parking up over here. So my hunch would be that if you're looking at this building, this right here is well, right here is probably this right here. This is probably HQ where you're walking in the front door in this receptionist area would be my guess. So if you're parking here, this is high visibility.
Speaker 2
01:18:49
This is probably high traffic here. Now, what we can try to do too, is get lower onto the ground and try to have like a street view if we can and get this person and let's see if we can get into the street view over here. Okay. There's Street View.
Speaker 2
01:19:04
So yeah, look at all the different testers around here. So we can try to click through and see if we can find anything. What we're kind of looking for is, are there any other not gonna let us click through anymore? Are there any doors that might be of interest?
Speaker 2
01:19:17
Like, do we see a door and what's on the door? Is there badging? You know, can we find or identify any sort of like badge readers, card readers? Are employees going to these specific areas to smoke?
Speaker 2
01:19:30
Like, is there a smoke area back here behind the building? Because that's a really good place to target as well. If you're trying to do social engineering or you're trying to, you know, just navigate your way in, a lot of times employees will just prop doors open. Or if you go outside and have a cigarette with an employee and you just kind of chat them up, they're more likely to just let you in and hold the door open for you and you just kind of navigate once you're in.
Speaker 2
01:19:53
It's better than going through the front door and having to try to deal with reception and social engineering your way in there. Though that is an option as well, depending on the building. So you wanna identify, is there security here? What are the people doing?
Speaker 2
01:20:06
What are the people wearing? You can tell, like this person is pretty business casual. He's got slacks on, looks like a dress shirt tucked in, got a backpack, So that's not out of the ordinary. It looks like they have a backpack, nice shoes.
Speaker 2
01:20:19
It looks like a lot of these people are wearing red. So it looks like maybe there's some sort of Tesla employee dress code if you're working right here. Maybe these people are doing some sort of, you know, checking people in and checking people out, depending on how it's coming in. So maybe driving this way might not be the best area.
Speaker 2
01:20:38
Here's another person walking right here. This looks like a booth in the middle of the street. This could actually look, this could be a security guard area as well. So we don't know.
Speaker 2
01:20:47
So it's good. This is good to check out and see what's going on. So if you try to drive right past here, maybe there's a security guard and they're gonna stop you before you turn in. So maybe you might wanna turn in and drive here.
Speaker 2
01:20:59
Maybe you wanna go around the back where we are looking as well. And you can come down this street and kind of maybe look and see what else you can find when you're down here. So you can see like the, the Tesla sign here. And the satellite view really didn't offer a lot of that, but if we click down and come down this road, I'm going to try to click through here real quick.
Speaker 2
01:21:16
But if we come down here and see, remember, there's that back entrance, maybe we can turn him back here. And there's no, no safety protection measures or anything back here, if we can get him back here. Let's see, here's another person walking looks like across the street, I wonder if they're trying to get in or where they're walking from. Looks like this is actually fenced off right here.
Speaker 2
01:21:34
So there's no way to to get in perhaps without looking too suspicious. There's a Tesla coming out of this entrance here. So let's see what's going on right here. Let's see, they've got a gate here.
Speaker 2
01:21:46
And we can't really click our way in. So all we can do is best practices, look right here and see what we can see. So it looks like there's possibly some steps right here, possibly leading to a door. There looks like maybe some sort of work van.
Speaker 2
01:22:01
And then there's this gate that's open. So who knows if there's somebody that's watching this as you drive through or what's going on. So this is where having the on-site reconnaissance either driving by trying to drive to the parking lot or anything along those lines or flying a drone over just to get a feel for where this is at, um, is a good idea as well. Like there's a person right here.
Speaker 2
01:22:21
I don't know if they're smoking or what they're doing. So it's always good to get a feel on site as well. But looking at a satellite like this can tell you at least some idea of what's going on, what protection measures might be in place, and what you might need to do in order to, you know, attack this building. And I'm thinking of it from a pen tester, physical security mindset.
Speaker 2
01:22:43
If we're doing an investigation, it still can tell you about the area. Say if you're passing an address off to somebody, you might want to identify, does this person live in a remote location? What are the roads that can get into that house or where this person is staying? Is the area, Is it remote?
Speaker 2
01:23:01
How would you take the roads in? How could you be the most discreet? And maybe that's not really your job as an OSINT investigator, but maybe it is. Maybe you provide that information to the police, but they're probably gonna do their own reconnaissance there as well.
Speaker 2
01:23:11
But any information that you can provide for location is really good. But I always go to my my hacker mindset. So this is an example in a building, but you can absolutely apply this to people as well. So hopefully that makes sense.
Speaker 2
01:23:24
In the next video, we're going to talk about identifying geographical locations, which is really difficult to do. But We'll talk about some strategies and some potential games if you're interested in playing this, and then we can kind of just go from there. So I look forward to seeing you in the next video. Let's talk about identifying Geographical Locations.
Speaker 2
01:23:47
Let's say you have an image and you really don't know where the image is taken. There's no exit data. Nothing really tells you where this image was taken, where the person maybe in the image was, etc. You just have to kind of figure it out on your own.
Speaker 2
01:24:05
And there's a lot of different things that go into this to help identify geographical locations. We're going to skim the surface on this, and I'll show you why once we get into it. Well, let's take a picture and you hear that a picture says a thousand words, it really does. Here's a picture that I want to show you.
Speaker 2
01:24:22
This is a random picture that I found on the internet. Now let's say, just play pretend that this picture was posted by somebody that we were investigating. They said, Oh, look at my new car. I just, you know, I just got this blah, blah, blah.
Speaker 2
01:24:39
Alright, so say we're looking at this, this picture, what can we tell from this picture? What is out here? There's a lot of information. First of all, let's start with the car.
Speaker 2
01:24:51
Okay, the car, we look at it, we can zoom in a little bit, we can actually zoom in a lot more. We look at it here, we're looking at a Cadillac. Okay, we have a Cadillac, We could identify where Cadillacs are sold, though it does not mean that this is not imported, but it gives us a hint. Also, what about this Cadillac?
Speaker 2
01:25:11
It is parked on the right side of the road. The steering wheel is on the left side of the vehicle. And so this tells us that the country that this car is parked in most likely is going to be a country that drives on the right side of the road. We can also see a license plate down here, though it doesn't say anything related to a state.
Speaker 2
01:25:33
So maybe maybe this is not in the States. Maybe this is not in the United States. Maybe this is somewhere else. So this could be a hint as to who does their license plate like this.
Speaker 2
01:25:44
So this could be something to look into and research. Another thing that we see, well, we see snow on the ground. If there's snow on the ground, chances are that this picture was not taken in the southern hemisphere. There's a good chance that this is taken somewhere where it at least snows or potentially is just a cold location.
Speaker 2
01:26:07
We also have some architecture behind us, right? Look at the stuff that we see behind us, we see a church. Okay, we can identify that based on the cross that's right here. So this looks like some sort of church that has a tower built into it.
Speaker 2
01:26:23
Possibly who knows what's over here, possibly that's an extension of the church. This also looks like it's a bridge right here. We can see the different architecture for the bridge, we can see that there's water right here, we can also see that there are street signs. Now we can't read the street signs.
Speaker 2
01:26:41
But if we could, maybe we could identify them. Or maybe we can identify the different things based on the street signs, right? So maybe the architecture of the street signs or the architecture of the building. And there's a lot more to go off of here.
Speaker 2
01:26:54
So there's a lot that can be said or thought of just from this picture. Now, if you are curious, this is actually a place called German church in Sweden. We've actually brought this over for you in a larger image size, but you could see that this is indeed the same church, uh, same everything right on the water here So we can identify those key features and we can research those features. Now we could have taken the image that we had in front of us, this image, and we could have put this perhaps into a Google image search.
Speaker 2
01:27:26
We could have put this into Yandex. We could put this in different places and see if we can identify this anywhere, or the backgrounds. And we're going to have a challenge here in just a second. But before we do that, what I want to do is I want to come out of full screen here.
Speaker 2
01:27:41
And I want to show you this game. Now this game is called geo guesser. This is a way to potentially get better at some of this. Basically, what you do is this will take you and put you into a location and you have to identify the location.
Speaker 2
01:27:57
Now you get 1 free play a day unless you pay for this. However, they do have a free GeoGuessr game as well, if you scroll down just a little bit. So basically you could say, hey, I wanna play for free. You come in here and play this free version, which is just a 2D map.
Speaker 2
01:28:13
And we get brought to a map and you get 5 rounds basically. So now we are given this location, which we have to kind of try to identify. Now there is a little bit of usage of the map and the details that they give you here that you can help identify where you might be. Like, I think this picture is kind of hard, but if you look at where you're pointing on your compass, you can identify where the sun is facing, whether it's in front of you, behind you, left of you, and then you can identify your location.
Speaker 2
01:28:44
So This compass kind of gives hints, but we're on a looks like a small road. We don't really see much in terms of the buildings. It doesn't look like it's, you know, a very I don't want to say rich area. It looks like it's, you know, a little bit of unique architecture.
Speaker 2
01:29:01
It looks like perhaps there could be I don't know if there's water nearby because of how this house is built. This could be something that's near the water, if you would ask me, but I'm not entirely certain. This looks like some sort of flood protection. And then we're on just this road, we can't really see the cars that much.
Speaker 2
01:29:18
I don't know if we can zoom in. But that would be what I want to look at. Are there any lines in the road? Are there any street signs?
Speaker 2
01:29:24
What can we identify? So from here, I mean, your guess is as good as anybody as to where this might be without using the compass location and identifier. I would guess this is somewhere somewhere on the water. I'm just going to throw this somewhere random over here and see if we can't figure this out.
Speaker 2
01:29:41
But we'll put this like. I'll say like Virginia Beach area, even though I don't think it is. And it'll tell you where it is. And we weren't we were kind of OK.
Speaker 2
01:29:55
We were definitely like it's definitely an island. Obviously, it wasn't Virginia Beach, but here we were. We are by the water. And yeah, we can identify some features that say, hey, you are by the water.
Speaker 2
01:30:06
And then you come in, you play the next round, and you get another picture and you try to identify. So now when we see this, what can we identify? Well, we can identify that There is, you know, we can identify the language here on the building. It looks like it could be Spanish is my guess.
Speaker 2
01:30:22
I'm not a language expert by any means. You can look at the buildings that are right here as well and just see if you can identify any writings, any sort of vehicle, how they're driving, they're driving. It looks like this could be a 1 way street. So this maybe isn't the best idea as where as for how this would be.
Speaker 2
01:30:38
But you could also look at the road signs, look at the different stop lights that are here as well. And the, you know, different surrounding areas and what we're looking at. So if I had to guess, this would be some sort of Spanish speaking country. Although I'm not sure I would put this somewhere maybe in Spain over here, but I wouldn't know exactly where this would be.
Speaker 2
01:30:59
So I'll just say it's Madrid And we'll guess. I was very wrong. It is in. It is in Santiago.
Speaker 2
01:31:08
Okay, so this is just an example, though, I'm not going to sit here and play at this whole time. But what I do want to share with you is a blog post that I think is fantastic based on this game. Now, this is an incredibly long blog post, and I'm gonna make this bigger, that tells you the things to think about. And while it was based on this game, and while you can play this game and come in here and try to identify stuff, you can come in here and read this article, you don't have to read it fully, but it just gives you an indication.
Speaker 2
01:31:35
It tells you what what letters are you looking for on street signs? Like what different types of languages look like? What this is telling you how to how to look at it from the compass. But if you scroll through here, it talks about the different roads, how you know, the North and South America have like this yellow line down the middle, where Europeans have looks like a white line down the middle.
Speaker 2
01:31:58
Looks like dash lines for Sweden, Norway, Iceland. So this is something interesting. So if you see a road in your picture, also the rumble strips that we have here in the United States. And then this will go through, I mean, I'm scrolling and scrolling and I'm still at the top, but this goes through all kinds of information.
Speaker 2
01:32:16
What countries drive on the right side? What countries drive on the left side? What are the speed limit signs look like in different countries? This is fantastic that you can come through here and just say, Okay, I see something I'm going to try to research it based on this.
Speaker 2
01:32:31
And that's the point I want to get at. I'm not trying to make you an expert by any means in guessing games here. But I do want you to think about how you could start looking at pictures differently. When you see this picture, I don't want you to see, oh yeah, it's a car parked outside.
Speaker 2
01:32:47
I want you to see it as, oh yeah, there's a car parked outside. Here's the license plate I'm seeing. It's in front of a church that has a bridge that's on the water that's in the snow. And start narrowing down where these locations can be.
Speaker 2
01:33:02
And this is what makes you a good investigator. You're not gonna be able to most times just look at a picture and say, I know that location, but you can dump this picture maybe into a Google reverse image search, maybe into a Yandex, or go through the identifying marks that you see through a blog like this and really try to identify What it is you might be seeing and this goes through look Japanese highways Swedish highways all different kinds of stuff So if you're patient and you really try to figure this out like a good investigator you'll have a lot more luck than just pointing and clicking. But there are some people on YouTube that I watched play this game, and they're absolutely amazing, where they can just see a picture and within seconds, just click and know exactly where it's at. So I think that's very impressive.
Speaker 2
01:33:45
Anyway, that's it. What I want to do now is I'm going to show you a few pictures in the next video. I went on vacation recently and I want to show you a few pictures. And I want you to determine where I was at in those pictures.
Speaker 2
01:34:00
Okay, so I'm gonna show you 3 pictures. I want you to determine what places I traveled to, and where maybe I stayed. And you'll see that my OPSEC is not very great. So all right, we'll see you in the next video when I give you your challenge.
Speaker 2
01:34:18
All right, let's play Where in the World is TCM Part 1. Let's take a look at these pictures. The first picture here is a picture of my wife and me. We're sitting on a bench somewhere and we are just taking a little selfie.
Speaker 2
01:34:33
And the next picture is somewhere from a rooftop. Now this rooftop is the hotel that I stayed in during this trip. And then there's also this picture of where I was staying during the trip. So what I want you to do is I want you to take these 3 pictures and I want you to identify where I was at, where was TCM.
Speaker 2
01:34:58
Okay, so this picture, I want you to tell me the location. What is this place called right here? In this picture, tell me what hotel I was staying in so that I could take this photograph. And then this picture, all I want you to do is tell me what city I was in.
Speaker 2
01:35:14
So that's your challenge. Tell me where I was at in the first picture, what hotel I was in in the second picture, in the third picture, tell me what city I was in. Hope you're ready for this challenge. Best of luck to you.
Speaker 2
01:35:25
I'll catch you in the next video as we cover how to find the answers to this. All right, did you find me? Let's see how well you did. So what we're gonna do is we're going to take a look at the first picture, and I'm gonna go ahead and move over to Google.
Speaker 2
01:35:46
Now I'm gonna start with a Google image search. So I'm gonna take this picture, and I'm just gonna drag and drop it over here. And we're gonna see what happens on the Google image search. And Google image did a very great job of picking me up.
Speaker 2
01:35:59
So this is absolutely correct where I'm at, by the way, this is Copley Square in Boston, Massachusetts. Alright, so if you come here, I've got the picture, it says here's Copley Square. So it says possible related search to Copley Square. Let's just take a quick picture of this or quick look at this and go to images and see what it shows you.
Speaker 2
01:36:21
And look, this 1 wasn't that hard, was it? A quick reverse image search, even though the image was not found anywhere else, it still shows you that, hey, this is Copley Square. And if you look at this picture and I open the other picture back up, you can see that sure enough, we were sitting right here and park bench in front of Copley Square. OK, so with that information in mind, Let's try to look for the second location Now the second location was actually taken off of the rooftop of the hotel that I was in So that's why I said hey Go ahead and give it a go try to find the hotel that I was staying in so let's go ahead and just drag and drop this and see if it works in our old Google search and All we get out of this is what?
Speaker 2
01:37:13
Commercial we don't get anything of use. Let's go ahead and try looking at yandex as well. So I'm going to just go to images and drag and drop. And we'll just see if it does anything for us.
Speaker 2
01:37:25
Now we can look at the exit data here, but the exit data does not exist, or it's been stripped out. So we're looking at this. And let's see if we can identify anything in this picture. So this is saying Melbourne.
Speaker 2
01:37:39
Given that it's all on the same trip, and we have that knowledge, it's not likely to be Melbourne, We can click through here and see if there's anything in here that might be of interest. It's just giving us a bunch of city skyline. So this time, the reverse image search isn't really working out in our favor. It's trying but it's not really doing anything.
Speaker 2
01:37:59
And if we close out of this and go back to the image that we have, it tries to point out some things to us like saying, Hey, I know what this building is, you could try to click on that and see. But even then, it doesn't look like it's finding the right stuff here. Alright, so this looks like their buildings in Russia, which this is a Russian, Russian website. So I'm assuming it's going to try to look there first, but it's just not it's not picking up the right location.
Speaker 2
01:38:24
At least it doesn't look at the image that we're seeing. So with that being said, let's go to the image itself. I want to look at the image 1 more time. Because we haven't done any investigation on the image.
Speaker 2
01:38:35
I'm going to zoom in as much as possible. What are some things that we can see from this image, we can maybe make out that we're in a city, right? We're in some sort of big city. We don't know where the big city is, but it definitely looks like there's skyscrapers, there's tall buildings.
Speaker 2
01:38:55
And there's some words back here that I can't really read here. I can't really read that either. I see the something and I see I can't tell what that is. I do see some interesting stuff though.
Speaker 2
01:39:06
First of all, I see the Westin Hotel. So that could be interesting. I see a sign that says 95 to New York. So this is saying 95.
Speaker 2
01:39:16
It looks like that says South to me, it's very hard to read, but this is 95 South. So if I'm 95 South, if I go look at a map and look on the highway, Interstate 95 runs down from North to south in the United States on the east coast. So I would have to be somewhere above New York in order for this to happen. So I can narrow it down.
Speaker 2
01:39:39
It also looks like there's an American flag flying right here. So a good indicator that we're probably in the United States. Now you can also see cars are parked on the right side of the road over here, which is another indicator. And then this architecture of this building looks older.
Speaker 2
01:39:56
We don't know really like there's this building looks like it stands out and the fact that it's older. Comparatively, most of the architectures of these other buildings look like they stand out as maybe newer. So with that being said, and having the clue or the hint that we were in Boston before, we're above New York, what might that tell us? That might tell us something.
Speaker 2
01:40:18
Oh, and look, there's a Prudential building, okay? So Prudential building, the West End. So if we're looking at this, we need we need to be facing the prudential building from this side, and we need to be right next to what appears to be the Westin in order to kind of get this. So where is there a prudential building?
Speaker 2
01:40:37
And where is there a Westin? So the first thing I might do is I might go out to Google and I might just try to say, where is the prudential skyscraper? Let's see if we can find that anywhere. Prudential Tower skyscraper in Boston, Massachusetts.
Speaker 2
01:40:59
So that's pretty good. So that looks potentially to be our building. Right? That looks pretty, pretty darn close to what we saw here.
Speaker 2
01:41:09
So I'm going to go back to the picture 1 more time. That looks like the building to me that's spot on. So That's definitely the building. So what I think I want to look at is the Westin and the Westin in Boston, Massachusetts.
Speaker 2
01:41:26
Okay, let's see what they have for us. They have Boston the waterfront. They also have Boston and Copley place. Let's go ahead and look at Boston and Copley place.
Speaker 2
01:41:36
Since we already know that I was somewhere in Copley place. Let's go ahead and see if we can actually look at the location. Alright, So we've got this right here. And what does that look like?
Speaker 2
01:41:51
So that that is Copley place, right? So we'll actually here is here is the Westin. So let's see if we can get to a street satellite view right here. Let me try to get down here.
Speaker 2
01:42:07
This might not work for us. Let me do 1 more thing. Let me try to just go back. We'll do the Westin Copley, And then we're going to put this into a search for maps here.
Speaker 2
01:42:21
Let's see if we can't get a better view of this. Alright, so here's the Westin Copley. Here's Copley Square, by the way. Okay, So if we could see the Westin Copley in front of us, depending on how it looks in front of us, could be of interest.
Speaker 2
01:42:37
So let's try to navigate satellite down here and see what we can see. All right, so if we look that picture that was taken was the bench was right here. And here's the Copley Square. Now, if we look this building right here, let's see if we can get on the ground.
Speaker 2
01:42:56
Let's get let's get right here. And see how this looks. Alright, So there's there's that picture, right? There's the copy square.
Speaker 2
01:43:08
If we turn around, look, here's the Weston. And if we face this direction, There's the building that should have the American flag flying on it. Yes, it does the prudential buildings out here Here's that New York sign right here, and I that might not be 90 Might be 95 that might be a that might be a 90 West sign actually I could have been wrong on the 95 there. So still, we identified the Westin, the Prudential building, and then we were able to correlate since we were close to the Westin where we might be if we turn around to where there's a rooftop right here.
Speaker 2
01:43:45
What is this? This building right here is called the Fairmont Copley and that is where we stayed on our vacation. So this was part 2. Hopefully you were able to figure that out and find that.
Speaker 2
01:43:58
Hopefully you found it challenging as well, but you can see, click right here, the Copley Plaza, the Westin Copley, Fairmont Copley, there you go. So, and there's the building. So, okay, so that's number 2. Number 3, I tried to throw you for a little bit of a loop.
Speaker 2
01:44:14
So, here's number 3. This looks a little bit different than the other 2, especially in the skyscrapers and everything else. What can we see from this picture? And I'm gonna skip reverse image searching.
Speaker 2
01:44:28
You can try that if you want. If you did, that's great. But I'm trying to take out what I can see. So I see some I see maybe some art down here.
Speaker 2
01:44:38
Looks like there's some art. It looks like potentially well, this car is parked on the left side of the road, but these cars are parked on the right side of the road. So it's hard to say where this image was taken for sure. This is definitely a larger city for sure.
Speaker 2
01:44:52
There's some color to it. There's not really a lot telling us besides maybe some of the architecture that's up here what the design might be, and where this might have been taken. But the 1 thing that maybe stands out to me, and it's really hard to see back there, what that reads, but this 1 reads PS FS. And that's the only thing I can make out, I make out some architecture, it looks like there's a blend of maybe older and newer architecture, but without being able to see anything else, my best guess is we're in a major city somewhere that possibly drives on the right side of the road, but I do not pick up anything else.
Speaker 2
01:45:29
PSFS is the only thing here that would be standing out to me. So what I'm going to do is I'm going to go back and just search PSFS as a building and see if I can identify where this was at. So if we go back to Google, we do PSFS. And that is in Philadelphia.
Speaker 2
01:45:46
So let's do PSFS building. You can see that it says, Hey, we're in Philadelphia. Let's look at images. And that looks to me like the same building that we're seeing.
Speaker 2
01:46:00
So yes, this image here, if you were able to find this and look this up, and of course, there are different ways, by the way, to do this, but this is in Philadelphia. Just because I'm showing you 1 way doesn't mean that you couldn't have found it another way, or even you could have said, hey, I lived in Philly or I've been through Philly, I know exactly where that's at. You have opportunities here to be able to use what you know as well. But these are just different ways that I would look at pictures for information.
Speaker 2
01:46:25
And that's really what this challenge is about. To look at pictures for information and try to identify what you can do. So number 1 was pretty easy. Number 3 was pretty easy.
Speaker 2
01:46:34
I thought number 2 was a little bit more challenging because you had to identify the actual building that the picture was taken from and not just what city you were in. Um, so hopefully you found that a little bit more challenging on that side. So that is it for this section and this lesson. We're gonna go ahead and move on from here onto email OSINT.
Speaker 2
01:46:53
So I'll catch you over in the next section.
Speaker 1
01:47:00
Okay, so there's 1 tool that is not included in the course that I wanted to include on YouTube and it's a pretty creepy OSINT tool and I want to show that to you. So it's going to be in the description below. However, if you want to find it easily, You can also just type in YouTube like I have here, the creepiest OSINT tool, and you should find the creepiest OSINT tool to date.
Speaker 1
01:47:23
And watch this video before you move on to the next 1 because it just shows you what we are capable of doing just from an image and how 1 picture can identify a bunch of other pictures and a bunch of information maybe you didn't even know existed about you or about your resource out there. So with that being said, we're going to go ahead and move on to the next video in this course.
Speaker 2
01:47:50
Welcome to the email OSINT section. We're going to talk about discovering email addresses and this is something that I do on a weekly basis. So I'm gonna show you the most common tools that I use to actually look up email addresses and try to find people and what you can do to kind of verify email addresses.
Speaker 2
01:48:14
So I'll show you some of my favorite tools and concepts. And this is something that I do because not only for OSINT and doing it for investigative type work, but think about sales. If I'm trying to find a lead or I'm trying to find multiple leads within an organization, I have to figure out where the emails are, who the people I'm trying to email are. So maybe I'll Google them and say, who is the CISO or chief information security officer for this company?
Speaker 2
01:48:45
And I might find that it's Bob Jones. And we go look up Bob Jones and we say, OK, well, how do I get Bob Jones's contact information? Can I find it via Google? Maybe, maybe it's out there in the public, but maybe we have to dig a little deeper.
Speaker 2
01:49:00
Maybe we have to kind of do some guestimation and see if we can figure it out. So that's what we're going to do today is, is look at the email addresses, formats, and try to determine if we can find some emails. So let's go ahead and move over to the Kali Linux machine that I've got. And the first website is 1 of my favorites.
Speaker 2
01:49:22
So hunter.io, you just come to hunter.io, you get like 50 or 100 free searches a month. I don't remember what it is. It's it's a fair amount. You can come here and basically just type in a company name.
Speaker 2
01:49:35
So like say I want to type in TCM security, TCM dash SEC. And you can see TCM security here, we get 1 result on the email address. So we'll click it and see what happens here. And looks like we're have like an info at TCM dash sec.com.
Speaker 2
01:49:52
It tells us, hey, there's 5 sources that identify this. So we see TCM dash sec.com. There's an about blogs, this is where they're finding it. Okay.
Speaker 2
01:50:02
A better example, maybe something that has more users like Tesla. Tesla has
Speaker 1
01:50:07
468
Speaker 2
01:50:08
users. If we come in here and we look, well, we can see that they have a pattern identified here. So their pattern they're identifying is first initial, last name at Tesla.com. And that's really what we want to see.
Speaker 2
01:50:23
And then we can gather email addresses here if we want. But say like we knew Bob Jones, again, going back to that example, Bob Jones. So maybe Bob Jones works at Tesla, maybe his email would be B Jones at Tesla calm. So it's something to think about.
Speaker 2
01:50:40
Now we can sign up and get actual information here, you should be able to sign up with a Gmail account. Sometimes this does not work depending on the country that you are in. So be cognizant, you might have to use a different email address, but I just tried signing up with a Gmail account that I have on here and it worked just fine. So I'm going to go ahead and try to log in.
Speaker 2
01:51:01
I'm going to sign in with Google with what's already here. And just now I'm logged in. So we can go back now and try searching Tesla again. And you'll see that the results actually come back.
Speaker 2
01:51:13
So we get information here. Now we get and let me make this a little bit bigger. We get information as to, OK, here's the vice president. This is the vice president's email address.
Speaker 2
01:51:23
Project development manager. Maybe you want to talk to somebody in human resources so you can click here and go to human resources. And then here are the different human resources emails that are here. So, and then the sources that they found these email addresses.
Speaker 2
01:51:40
So this isn't a particular person in HR, but it's still human resources email addresses. So this looks like it's probably for Hong Kong. This is for Berlin. This is Gigafactory.
Speaker 2
01:51:50
So they have different email addresses based on where they are. Now, if you looked up TCM security here, you're really not gonna find much on us because we don't have a ton of email addresses out there, but I think that we can find more in other ways. Now, so we only get so many users here. We'll just keep thinking about this as we move forward.
Speaker 2
01:52:09
So a hundred.io great, great resource. They have plugins if you want them. Um, I think it's fantastic place to look. Phonebook.cz is the next resource I want to show you.
Speaker 2
01:52:20
This 1 is fantastic. Let's start with TCM dash sec.com and see. So we're gonna go TCM dash sec.com. And we're going to search email addresses here.
Speaker 2
01:52:29
So they do domains and URLs as well, which I think is awesome. But let's just search for email address, see if anything comes back. No, no results. Okay, that's okay.
Speaker 2
01:52:38
Let's try Tesla. And see what comes back there. Okay, a lot more. So we get quite a few email addresses, we could see Elon Musk all over the place, we got Elon dash Musk, Elon, we've got a Musk over here.
Speaker 2
01:52:55
And we get a ton of emails, look at this. So what's nice about this is we can sit here and try to identify what the possible email addresses are. So again, first initial last name looks like it's showing up quite a bit outside of maybe like the Elon Musk's of the world. We're getting a bunch of mostly first initial last names in here.
Speaker 2
01:53:19
So I think that's pretty spot on with this. The other thing that we can do is we could utilize this list. Say we're we're trying to do something called credential stuffing, which we'll talk about in the next section, actually, when we talk about breach credentials. But say we're trying to gather a bunch of usernames and test and see if we can log in with those usernames anywhere.
Speaker 2
01:53:40
Or maybe password spraying, not so much the credential stuff, but password spraying, where we take all these usernames and we just throw it at a login form and say, hey, summer 2020 exclamation point, see if that logs into any of these accounts. And you would be surprised, it happens quite a bit. So, this is valuable information, even if we don't know exactly, maybe we're not just hunting for 1 email, maybe we're hunting for an entire domain. This is a great way to get free entire domains with a quick copy and paste capability.
Speaker 2
01:54:15
Like we have the Tesla here, we can export the CSV from hunter.io, but you only get so many results that you can export into a CSV. Here you get a bunch. There's no guarantee these are all valid, but there's still, it's still information. Information is what we want.
Speaker 2
01:54:30
This is all we're trying to gather is as much information as possible. So these are all potential email addresses for tesla.com. I think it's a great, great resource. Now, we could also use something like Voila, no bear.
Speaker 2
01:54:46
Now this 1, you can get 50 more leads for free. I'm not gonna show you. It's the same kind of deal as 100.io. They're showing you how to utilize it here.
Speaker 2
01:54:54
Basically, you can just search for people and see to try to find their email addresses. There is 1 I wanna show you that I do use and I have quite a bit of success with, and that is called Clearbit. And Clearbit has to be used in Chrome. So I'm gonna bring up this here.
Speaker 2
01:55:10
Clearbit has to be used in Chrome. So you can download the Chrome extension for Clearbit. And all you have to do is go to Google, let me log in really quick. And then I'm going to just select the free account, we get so many searches 100 emails a month.
Speaker 2
01:55:27
So basically, you're going to search for Clearbit Connect. And you would just say, Hey, Clearbit Connect, I'll put a link down below, by the way. But Clearbit Connect is awesome. You'll see why here in a second once I authorize this.
Speaker 2
01:55:40
Okay, we're gonna come down here acknowledge probably give out our first born. And then now we're gonna say, hey, I wanna find emails. And here's all different kinds of things that we can sit here and search for. You can see TCM securities in here.
Speaker 2
01:55:54
These are some searches that I've done. These aren't any clients of mine. These are just searches that I've done in the past, maybe looking for information or looking for possible leads or anything. So if I come in here and I say, hey, I wanna look for TCM security, you could type that in.
Speaker 2
01:56:09
I'm gonna just click on TCM security. And look what it discovered that the others didn't. It discovered me. Okay, and if I click on me, look, it says heath.tcm-sec.com.
Speaker 2
01:56:25
Where did that come from? And then look, it has my LinkedIn right here as well. That's amazing. That's awesome.
Speaker 2
01:56:30
And it says here, you can email Heath, just click this button. And then it's also got Rizwan. Rizwan's on my sales team. Look, it's got rizwan.tcm-sec.com.
Speaker 2
01:56:39
What does that tell you? That tells you that we're using a first name basis for our email addresses. It's awesome. Now let's come in here and maybe we want to look at Tesla.
Speaker 2
01:56:49
Maybe let's try Tesla 1 more time Maybe we're looking for the see so of Tesla Tesla has a see so You could come in here and look like Elon Musk is right here obviously CEO But you could come in here and maybe go by role. And they have different roles in here. So CEO, let's see if we can find any sort of CISO. I don't see 1, but I do see information technology.
Speaker 2
01:57:09
So maybe we can find somebody in the information technology department or IT department. And then here we go. We've got quite a few IT people. Here's a CIO, this could be somebody of interest that we might wanna reach out to.
Speaker 2
01:57:22
And we could just scroll through this list and find people. So say we wanna reach out to the CIO, just click on this, we get first initial, last name, just like we thought we would we get this person's linked in page, we get their location website. This is awesome. Awesome.
Speaker 2
01:57:38
Awesome. So I typically will start with a Google search. If I'm trying to hunt something down, I will start with a Google search, I will say who is in this role at this company, if I'm looking for a specific person at a company, then I will go to phonebook.cz, or hunter.io, try to identify the formatting of the email, and then try to find that person or guesstimate that once we get to that point, I try not to burn through these clear bits unless I need to, but clear bit is very good at identifying this. Once we get to that point, we can take this email, say like this, this email, or we'll even try a different email, I'll show you a couple.
Speaker 2
01:58:16
But we could take this and we can go try to verify this. So there is a website called email hippo, you can go to tools dot verify email address dot IO. And all you have to do is type in an email address here. Sometimes you can get false positives if they're good or bad.
Speaker 2
01:58:33
Here I typed in this email address a couple times and just got a bad result. This is an email address that does not exist. Now let's try an email address that we saw info at TCM dash SEC calm. See if it works.
Speaker 2
01:58:49
Result is okay. So it says, yeah, this email address works. So we're verifying that this is up. So say that you get somebody and you see that they have a potential email address, you can come here and try to verify it first and see if it works.
Speaker 2
01:59:03
Before you go fire off an email, or don't you don't have to fire off an email, you don't have to do anything or interact. So this is the benefit, like if you're from a sales perspective, and you're doing OSINT here, the this is the benefit not having to email get waste your time, get it rejected, you can come in here and just validate. If you're doing an investigation, you don't want to interact with the person or company that you're investigating. You want to come in here and just verify without any interaction.
Speaker 2
01:59:29
This is the way to do it. Same thing with this website here. Email checker dot net slash validate email dash checker dot net slash validate. Say, hey, checking the email, I put the same email address here, you can see it says bad, we could try again with info at TCM dash sec.com and see if that works.
Speaker 2
01:59:47
And it says, Okay, so again, this is doing a great job. There are possibilities of false positives. There are so many searches that you can do per month on these, I do believe they have API's, which is nice. If you want to automate this or script this out, but I think this is this is fantastic.
Speaker 2
02:00:06
This is great stuff. Now, there are plenty of other ways to verify email addresses. In the next section, we'll talk about that even more as we talk about breach data. Because if somebody shows up in a data breach, guess what, that email address has been used in the past.
Speaker 2
02:00:23
If you look at something like a have I been pwned, which we'll talk about in the next section, and they show up, guess what, that person's email address has existed. So we're trying to verify if an email address exists, who that address might belong to, etc. Now this is more has been from a business perspective. Some of this hunting down of emails may be more difficult to do if you're trying to find a specific individual.
Speaker 2
02:00:46
That's where breach data comes into play in a lot of this research. And what I'm going to show you in the next section, we'll try to hunt down individuals with maybe having loose pieces of information, like a name or a username or something along those lines, breach data can come in handy very, very well. So this is kind of scratching the surface. Now there's 1 last thing I want to show you 1 last little tip and trick.
Speaker 2
02:01:08
Do not underestimate forgot passwords. Do not underestimate them. Let's go to Google. For example, Right now I am logging in under an account that is please don't hack me sir, please.
Speaker 2
02:01:20
So it's please don't hack me sir, PLZ, I do believe. I'm gonna go ahead and try hit next on that. Okay, so first of all, it said, Hey, welcome. And what does this mean?
Speaker 2
02:01:34
This means that we have a valid account here. That's great. This is validating that this Gmail account exists. Here's something else.
Speaker 2
02:01:42
We can use this to tie to potentially another account or help validate. Say we know that this email belongs to somebody that's harassing somebody else. We don't know who this person is. They're using this spoofed email, but maybe we have 100.
Speaker 2
02:01:57
Maybe we don't. Maybe we just want to try to get more data. You can come to forgot password. And it's going to say, what's the last password you remember using?
Speaker 2
02:02:05
I don't know, let's try another way. You come down here and it says, Hey, let me make this bigger, Google will send a verification code to H. And it says, look, it shows you the rest of the digits here, and then at TC, da, da, da, da, here. That would give you a pretty good indication if you're tracking who your subject is that this email could tie to somebody else.
Speaker 2
02:02:27
Look, this is heathattcm-sec.com. Okay, so this email belongs to me, this is tying back to me. Now you have another point here. So if you knew about this email address, and now you have the link, the connection to guarantee that this person, this is evidence right here.
Speaker 2
02:02:44
Say you were doing something, which we'll learn about again in the next section where you're looking through breach data, you find a username that matches this email address and also matches this email address. But people can reuse usernames, there can be multiple people who use the same username. So you need to verify or some link, this would be a proof of a link between those are pretty strong proof if you ask me, if you can say, hey, I identified 2 email addresses with the same username, I did an account recovery, came in here and saw that this had this same first character and first domain name, I think that's a pretty strong correlation. So things to think about wheels to be spinning, try to identify email addresses any way possible.
Speaker 2
02:03:27
We'll cover this more in depth in the next section. And I'm really excited because password hunting is 1 of my favorite things. So let's go ahead and move on to the next section when we talk about password OSINT. Welcome to this section on password OSINT.
Speaker 2
02:03:46
Password OSINT is 1 of my absolute favorite things to do. I've given talks at conferences in the past on hunting down breach credentials and using credential stuffing and doing password spraying. But there's so much information that we can get from just looking up passwords from an OSINT perspective. Now when we're talking about password OSINT, we're talking about going and looking for breach credentials, or credentials that have shown up due to breaches or data breaches.
Speaker 2
02:04:16
So you can think of like the LinkedIn breach or the Adobe breach. All these breaches, if there are credentials that are dumped out, a lot of times they'll find their way to the internet, they'll find their way to databases, and then we can use those databases to search through them and try to find information about either the target we're after, whether it's an individual or organization, and then we go and see what information we can identify. It's more than passwords. And I'll show you that here in a second.
Speaker 2
02:04:46
Now there are some great websites and tools that we can utilize for this. For now, I'm going to kind of just show you the web format. Again, we're not going to use any tools until later on in the course. But for now, I'll kind of show you how we do the web searching and what we can do there.
Speaker 2
02:05:01
Before we get into that, I kind of want to show you just a brief example of what information we can find. So this is a little tool that I wrote. And it basically goes through and just looks through a database that is local. Now we're going to show databases that are out on the web and are easier, faster to search through.
Speaker 2
02:05:19
But this is great just for something, if you wanna quick search on a database, you wanna look up Breach Credentials. Now, I went ahead and just searched for Breach Credentials for Tesla. We'll cover this later in the course on how to use this tool. But here I can identify some information about Tesla.
Speaker 2
02:05:36
Now we talked about email OSINT and identifying email types, right. So we can see here that for Tesla, we're seeing a lot of first name dot last name. So it's possible first name last name is the the usage or format over at Tesla. Although we do see some shark which looks like could be just like a s hark or maybe that's actually shark.
Speaker 2
02:05:58
We could see different things here where there may be some different formats with Tesla. So what we notice too is sometimes as companies grow, sometimes the companies start off with 1 format and then migrate to other formats as they get bigger. The other things that we can identify though are who's been involved in a breach. Here on the left side is the username or the email.
Speaker 2
02:06:18
And then on the right side is the password. And I keep like hovering over this 1 here because this is a repeat offender. If I'm looking for information on a specific company or a person and I see that their passwords change only ever so slightly, or they have the same password over and over and over in a breach, then guess what, I can have a pretty good assumption that that password might work somewhere else, or some variation of this password might work somewhere else. So it's always good to check these out and see if you can identify patterns, whether it be username pattern, or any sort of password pattern, anything like that, even as I scroll down, we can see 12345 down here.
Speaker 2
02:06:58
Yeah, it's a terrible password. But it's always something to look into and see if there's any sort of repeat offenders. Now we're going to cover this more in depth in the next video as we start talking about hunting down breach credentials. I just kind of want to show you an overview of what we're actually looking at, where these come from, why we're looking at that.
Speaker 2
02:07:15
And then in the next video, we're going to cover this even more in depth. So I'll catch you over in the next video. Okay, let's talk about hunting breach credentials. And let's get hands on.
Speaker 2
02:07:30
Now before we get started, I know I stressed this in the beginning of the course, I'm going to stress this again, what I'm going to show you here could change. Now I released a course about a year ago, which was on ethical hacking, we talked about breach credentials, And I utilize a website called we leak info, we leak info was then eventually shut down. And I got all kinds of emails saying, Hey, this is shut down, I don't know what to do. There's more out there.
Speaker 2
02:07:58
Okay, there's always more out there. What I'm showing you is the methodology. I could show you on a specific website, which I'm going to do. That website could go down tomorrow.
Speaker 2
02:08:08
We never know. But what you need to retain is the thought process and the methodology behind what's about to happen. From there, you could take that and utilize it elsewhere. So if a website does go down, you still have the same thoughts why you're doing it and why you're thinking about it.
Speaker 2
02:08:23
So let's go ahead and move over to a website now. So I want to take you to a website called the hash. Now this is d hash.com. I do not expect you to be able to follow along at this point, because this costs money.
Speaker 2
02:08:39
Okay, it's 5 bucks for a week. So $150 for a year. This is only used to take credit card, they only now take Bitcoin, I do believe or some sort of cryptocurrency. Absolutely worth it, in my opinion.
Speaker 2
02:08:52
Even get a week, get a week, see if you like it. It's amazing. There's gonna be tools I show you later on the course that will go through and we can do it locally, like the 1 I just ran in the last video. I ran BreachParse, right?
Speaker 2
02:09:05
This is something that I put together and set up, but and it's free, but the database isn't maintained. It's a slow search. I don't get the results back as instantly. And I can't tie it to as many data points as a website like this can.
Speaker 2
02:09:18
I think this website is great. Now let's talk about what D hash can do now that I'm logged in. We have the ability to search by let me make this a little bit bigger. We have the ability to search by email, username, IP address, name, address, phone number, VIN.
Speaker 2
02:09:36
OK, think about this. Say we know a email address. OK, we know an email address. Say it's Bob, bob at tesla.com.
Speaker 2
02:09:47
We're not going to search this yet. We take Bob and we know Bob has an account and we're looking for him. We search him, Bob shows up and we see Bob shows up and we see maybe his name, like Bob Jones or something like that shows up, maybe something that he's been leaked in has his address. Or maybe there was an IP address tied to the client you're looking for, the person you're looking for.
Speaker 2
02:10:11
This can all be identified. What if Bob has a username? It's like Bobrocks123. Okay, well, we can search that username in here and see if that username has repeated itself at all, which is great.
Speaker 2
02:10:24
We could search by password. So say Bob's password was Bob rocks 123. We could search that password. And if it's unique enough, then maybe we can actually do some advanced searching.
Speaker 2
02:10:36
Like if we go back to the example from last time, like this last video, we saw this 907 DADE
Speaker 1
02:10:44
814.
Speaker 2
02:10:45
We could put that into a search engine and see if that comes back to something else. Maybe that comes back to a user that is not at a tesla.com, but maybe it's like Bob at gmail.com. And then guess what?
Speaker 2
02:10:59
Now we have Bob's personal account, or now we have Bob tied to another email account, especially if we search by name or something that we can tie them together, we need to start being able to relate other accounts to each other. We can do that with hashing, we could do that with passwords, there's a lot of things that we can do. And we want to start tying this together. As a real world example, when I am looking at an organization, and I'm doing research on on hashing, or I'm doing research on breach credentials, I'm trying to think, okay, first, if my client, If my client is tesla.com, I might come in here and search at tesla.com.
Speaker 2
02:11:34
And I might come see how many results are in here. Let's see what happens. Okay, here's George at tesla.com. George has been in a shared data.
Speaker 2
02:11:43
So there's no actual, any details here besides a potential username, a name, email. Okay, same thing with safety, we'd have to scroll down and see if we can find something that okay, here's Adobe. Now Adobe will have a there's actually a Bob at Tesla. Bob at Tesla has a hash password here.
Speaker 2
02:12:02
Okay, so now we can say, well, first of all, we can go see if we can figure out what this hash is, which we'll talk about in a second. We can also go and say, okay, Bob, does Bob exist anywhere else? Does this hash exist anywhere else on this website? Can we tie it to another account that maybe even if we don't crack the password, then we can say, Okay, this Bob, this ties to bob at gmail.com.
Speaker 2
02:12:26
So like, I would note this down. And I would take this and copy it. So from a real world example, I would take all the data that I see on this website, I would collect all of the passwords, all of the usernames, everything. So like Tesla 9, all of this, I want to know what the passwords are, I want to know who the people are, I want to know all the data.
Speaker 2
02:12:46
Because if I could start finding patterns, if I could start putting things together, maybe I can even relate these back to their personal email accounts, like we're talking about. And then I can see password patterns there or other passwords and just start tying this down. Because my goal is to break into an organization. If I'm doing a pen test, my goal is to break into an organization.
Speaker 2
02:13:05
So I'm going to take that data. And if I can find other passwords related to a personal account, I'm not going to go attempt to break into a personal account. But I will take that data and I will put it together and maybe try to break into their work email account with those passwords that information. This can tie to an investigation as well.
Speaker 2
02:13:23
If you're hunting down an individual, you're trying to tie them to other accounts. This is incredibly useful if you can find their data in a breach database and have a password. And that password is unique. You can search it, maybe find them somewhere else.
Speaker 2
02:13:37
You find an IP address, you find a name. There are often IP addresses in here, which we can tie to a location possibly. And see, here's that 09:07, 8 or DADE814. We could take this and maybe search it and see if it comes back anything.
Speaker 2
02:13:53
Who knows? Shark at Tesla, Shark at Tesla. Okay, shark at mail.ru. Look, this is a new email address.
Speaker 2
02:14:01
We didn't know about this 1 before. And look, it does us a favor. We search da de. But here's the capitalize we didn't search for capitalize.
Speaker 2
02:14:10
We're not searching specific. Okay, and now we're getting more information. Look, here's 1 for Dropbox. Okay, so it tells you where this is coming from and how you can tie it in.
Speaker 2
02:14:20
If we can get any sort of name out of this, any sort of anything, that would be amazing, we can get a person's name or IP address, and we can start tying them down. But when you're doing different searches like this, you need to start almost, you know, like in the investigations where they have like the red yarn and it's going from 1 pinpoint to another, you kind of have to zigzag that back and forth and really try to tie this down. And you'll see that when we get into reporting how you might take 1 individual, and really just see like a password tied to an account tied to this. And this was the exact methodology that we took to get to that point.
Speaker 2
02:14:57
Because when you write a report, you want to make sure that the investigative person or the say you're handing off to the police or whatever, you want to make sure that the person that is doing what what you did, or they can replicate what you did with ease, and there's no, no question about it. So this is some of the searching that we can do. Now if we come to the hash, again, we can come here and we can search by email, username, name, anything. So you can put your name in here.
Speaker 2
02:15:26
I mean, if you want to search on here, I think it's great. You can come through here and just search for your name. Let's go back, let's search Tesla again. I saw a hash in there.
Speaker 2
02:15:35
The Adobe hashes are kind of interesting. They're not the easiest to pick up, but let's see, let's find this Adobe hash. So let's say we get a hash like this. We could try to identify what this hash is, we can try to crack this hash, we can see if it's been cracked somewhere else.
Speaker 2
02:15:51
This hash as of right now, we have no idea. But we know Bob at Tesla calm, we can maybe paste this in here, first of all, and see if it ties back to anything. And there's 22 results back. You know, I would probably be looking for somebody that has this password with the name of Bob, it's probably not going to be like a Brett or Michael, you know, we might want to see if we can find another account somewhere else.
Speaker 2
02:16:17
But these are all tying down to a hash from Adobe. So depending on how they were hashing this data, we might not find anything else of interest. But you can see all the things here all the different opportunities that are here for us to just do research and tie down information. Now we can go to a website called hashes.org.
Speaker 2
02:16:36
And if we come here, we have the capability to actually try to search for this hash. So we could search hashes and see if we can find it. So you can come in here and just paste it. And again, it doesn't do a great job, in my opinion, with the Adobe hashes.
Speaker 2
02:16:54
Sometimes they crack, but a lot of times it says it can't find them. Oops, there we go. Let's try hitting a search here. Okay, so it says not a valid hash.
Speaker 2
02:17:04
Now, if you put this into Google as a search, you can see it didn't come back with anything either. So we wanna make sure that when we're searching this, you know, we try all options. There is an Adobe database that if you do put in a hash, and it does show up, there's a GitHub Adobe database that will actually show up here. So with that being said, this is kind of what I want you to start thinking about when we're hunting down breach credentials.
Speaker 2
02:17:30
How can I take a person or company that I'm looking into? So if you have a company, you can just go at company name dot com or dot net or whatever it is, search in here, see how they show up. If you have a person, maybe a personal email account, if you can find that person, If you know their email account, you come in here and say bob at gmail.com. Maybe you don't know what their email address is.
Speaker 2
02:17:54
Then maybe you come here to the main page, you go, okay, I'm gonna look for a name. I'm gonna look for Bob Jones and search for that. And then you start taking this and trying to find the patterns. If you know, Bob lives somewhere, maybe you could find an address for Bob, or maybe you know, Bob lives in like Arizona, you could search Bob Jones and see if Bob shows up.
Speaker 2
02:18:15
And then kind of take it from there. And there is some search operators that you can utilize, you can see Bob Jones is taking forever, you can put this in quotations and search it again, and kind of narrow down your results here. So if we click on this, you can see like, here's a name of how we got a lot of results. But here's named Bob Jones.
Speaker 2
02:18:33
This is a very common name. So but you could see like, if we're trying to look this down, we can start searching and adding operators in here and trying to see if we can figure out to tie a username or something to them. So again, get your wheels spinning, don't rely on just de-hashed, but just rely on thinking about this. This is the thing you should be thinking about.
Speaker 2
02:18:54
Again, de-hash could go down tomorrow. But if you're thinking about it, in the way that the credentials and the information can be interwoven. Remember that red yarn again? That's really what I want you to take away from this.
Speaker 2
02:19:07
So we're going to do another video on this. I'm going to show you some more, I guess, tools that are out there and some other things that you can do, offer alternatives to this. And then we'll wrap up this section. So I'll catch you over in the next video.
Speaker 2
02:19:25
Okay, hunting breach credentials, part 2, dive right into this. So I'm going to show you a few websites. These websites here, the first 3 I'm going to show you, and actually maybe reorganize this a little bit. The first 3 I'm going to show you are sites that I am not entirely sure on.
Speaker 2
02:19:46
I do believe they're valid. I believe they're legitimate. I believe they're also databases. I think the hash is the best.
Speaker 2
02:19:53
These also have their own searching as well. Now we leak info was absolutely amazing. We leak info again, as I said in an earlier video got shut down. This is somebody that brought it back up.
Speaker 2
02:20:06
I don't know for sure if it's the same database what's been brought back. It appears to be almost identical as to what was there. They do have a $5 trial so might be worth something that you can go in and just check this out. Same thing with this leak check and this snus base.
Speaker 2
02:20:24
They're both great websites that I can just I'll put down in the description. You can check them out, kind of feel it out, See which 1 you like the best again $2.99 for a sign up here And this 1 I believe is fairly cheap as well and even has maybe some free Searching up to a hundred searches or something like that so you could definitely check through these see if there's anything here that you would like to look at. And then go from there. So I just want to offer alternatives in case something does happen to D hash, I don't think it will.
Speaker 2
02:20:53
Um, from there, 1 of the most well known websites out there is have I been pwned now, this is great, you know, we, we know about the, say the shark at tesla.com, right? So we get a shark at tesla.com. We come here and look for it. Has it been pwned?
Speaker 2
02:21:11
Has it shown up anywhere? Oh, yes, it has. It's been shown in 5 breach sites in 1 paste. Now this will tell you okay, it's been in these different pastes here and where the breach has happened.
Speaker 2
02:21:23
Okay, and then here's a paste that you were found in. This is great for yourself. This is great. If you want to kind of search through this and see if you can find information specific to the target that you're looking for.
Speaker 2
02:21:34
Have I been pwned is a great resource. What have I been pwned is not going to tell you is it's not going to specifically tell you the password related to that account. But it's a good resource to identify whether account has actually shown up in a database. This is actively updated with the latest and greatest database dumps and everything else.
Speaker 2
02:21:54
So this is awesome. You could set up, there's API for this, you could set up alerting so there's a notify me if your account shows up. I always recommend this to clients to put in their domain and in case anybody shows up, it's just another name that you know, if it shows up in a breach, you have to kind of, you know, work around that. So I think these are great.
Speaker 2
02:22:15
This is a fantastic website and something that should be mentioned in any basic sort of OSINT investigation. Now this last 1, Skyala, Skyla, I don't know how to say it. I've never have. This is put together by Hyperion, who is Alejandro or Alex.
Speaker 2
02:22:32
He is the founder of Hyperion Grey. This is a great, great website. It's not going to be as thorough. It's not going to have as much information as say a de-hashed, But it does have information.
Speaker 2
02:22:47
You can see right here, there's who knows how many pages. You can come through here and there's the domain will say, hey, this is where the leak came from. Like there's collections of different passwords, a LinkedIn breach on this 1. You know, there's different types here that you can look through this one's Fitbit.
Speaker 2
02:23:04
So you can come in here and say, Okay, I want to search for a specific user or specific email. So we could say like, email, and then we can do shark at tesla.com and see what happens. And look, you could see shark at Tesla calm came back, there is looks like a hash password here, we could run that through hashes.org. We can run that through Google, see if it pops back with anything.
Speaker 2
02:23:30
Here, we do get a clear text password. So we can search by email, we can search by domain, say you want to know anybody that was involved in the LinkedIn.com breach. Okay, and that might not pull back anything. Let's go back to.
Speaker 2
02:23:47
So let's say LinkedIn, maybe I put it in wrong, we'll try 1 more time. Or maybe there were too many search results. So we can try linkedin.com. And maybe we want to know a password of 12345.
Speaker 2
02:24:00
Let's try a search like that. There you go. It's possible that I had too many results there too. So anybody that potentially had a password of like 12345, or something showed up here, even though we're getting a bunch of x's here and no's, We could see also that we have email addresses.
Speaker 2
02:24:18
Actually, this showed up as emails password, so it might assert that a little bit differently. But this is the way that you could search through and kind of look in, I guess, kind of grep through this information, if that makes sense. So if you're looking for let's go back to the email of shark at tesla.com. This is similar to the same thing that we were doing before, right?
Speaker 2
02:24:41
We could see if this password showed up anywhere else. So we want to put the same logic into our searching. So this password show up anywhere. And it does look, this just identified a second account for us shark at mail.ru.
Speaker 2
02:24:56
You see same password. And then here, it's not again as thorough. Remember, we are missing the account with the dA dE and all lowercase. We're not finding that we would have to kind of figure that out or see if it showed up somewhere else.
Speaker 2
02:25:09
But now we have another email address. Now we can come in here and we can say email and say okay, there's shark at mail.ru. Alright, so it's going to find other sharks, but for the most part, look at this. Shark at mail.ru has been caught a bunch of times, right?
Speaker 2
02:25:29
And you know, this is interesting in the sense of what's happened here. So this is the kind of data back and forth that you want to go through and try to search. Now, there is an API for this, you have the capability, it shows you the API here to search, We have the capability to run this through tools like hate mail is a tool that we can use. And I'll show you this later in the course when we get into the actual tool section.
Speaker 2
02:25:55
But this is a fantastic database just to come quickly search, I recommend putting in your own email address or a password that you use and see if it comes through here. It doesn't hurt to see if you've been owned in any of these databases beyond the have I been pwned. So it's always good to know that and this is another great website, just another resource. Usually you're going to have to pay for anything above and beyond.
Speaker 2
02:26:19
So that's why D hash has a paywall. That's why all these sites you see up here have a paywall. This is probably closest it's going to get to it being free and having a nice little area where you could at least do a quick search on the email address or domain and see if you can find anything. So again, if you're looking for like Tesla.com, you come in here and say at Tesla.com and see what you can find in here.
Speaker 2
02:26:43
Okay, and then you can see what comes back for anything with at Tesla.com, although we'll get some a little bit of Tesla.com at Yahoo, we'll get some of those, but we can weed those out, maybe find some other things in here that we haven't seen before, etc. So this is nice. This is a good way to just go through it. And again, the the red yarn, think about the interweaving and the moving pieces and how you can tie everything together.
Speaker 2
02:27:08
That's the drum I'm beating over and over because there's so much information that you can gather from a breach database. If you're willing to connect the dots, you have to be willing to connect the dots and really think through it. And if you can do that, there's, I don't want to say endless opportunities, but a lot of opportunities out there to gather really good information. So that is it for this section.
Speaker 2
02:27:32
Hopefully you found it useful and you kind of understand at least the concepts behind it and where we can apply this. This goes beyond just stuffing credentials and putting it into trying to break into environments, though this is used a lot. A lot of the hacks that we see, they come from this. There was something on the news not even that long ago about a baby monitor getting broken into.
Speaker 2
02:27:54
It was due to finding a breach credential and running it through the baby monitor and doing credential stuffing. You can gather this information and we've seen this information go out in attempted phishing emails. There was 1 not that long ago, maybe within the last year, that was a porn email saying, hey, I know what kind of porn you watch. And this is how I know because this is your password.
Speaker 2
02:28:17
And all they did was look up email addresses in these breach accounts and say, hey, send me money or I'm gonna tell everybody because this is your password. And all they have to do is find a few people to say, oh my God, that's my password. I'm gonna go ahead and just pay them money. And it's just a scam.
Speaker 2
02:28:32
So these can be used in many different ways, of course, can be used in investigations, we could tie this to people, we could tie this to IP addresses. And we can really put together a thorough investigation on undercover, or uncover other accounts that we didn't even know about, tie those into even more of our investigation, find maybe usernames, add that into our investigation, and keep going further. So the more data that we can collect, the more artifacts that we can collect, the better off we're going to be in the long run. So that's really our goal is to collect as much data as we can and as much as possible.
Speaker 2
02:29:06
So get your wheels spinning about all the different things that are here. There are really close to endless possibilities when we are using breach data. So that's it for this video. And that's it for this section.
Speaker 2
02:29:16
I will catch you in the next section. On to hunting usernames and accounts. Now This is pretty straightforward, but I wanna show you some different tools that we can utilize that are web-based and just kinda get your wheels spinning on what you should be doing and what you should be looking for when you are hunting usernames and accounts. Now, there are also tools that are great in terms of being able to use on Linux, and we'll cover those later in the course.
Speaker 2
02:29:51
But for now we'll stick with the website based tools. Now, when we talk about hunting usernames, let's say that we have somehow identified a username, or maybe that's all we're given. Sometimes when we have an investigation, say somebody's harassing somebody else, just as an example, all we have is a username in that person. And perhaps we could take that username and try to find if it's been used anywhere else and then start chaining our information together.
Speaker 2
02:30:16
So that's kind of what we're gonna look for now is how can we start hunting down usernames and tying them to other accounts, or how can we tie them to other profiles? So you can do this on your own, by the way. I think this is a good trial run to just see if you have any accounts out there for any of these profiles that maybe you forgot about and you want to delete etc. But what I'm going to show you is This website here called name check now these first 3 websites all do the same thing What's going on on this website And I'll put this in the resources, by the way, and it's na m e ch k calm, what it's doing is it's actually seeing what usernames are available.
Speaker 2
02:30:57
So if you search for a username, and it's not available, then it will show you that it's not available. So it's trying to help you find accounts for these websites. So what we can do is we can come in here and just say like the cyber mentor, and we search and it'll say, Hey, what's available. So the cyber mentor.com not available.
Speaker 2
02:31:17
I have that as a website, so that makes sense. But any of these other websites are available. But when we come down to usernames, there is no YouTube, Twitter, Twitch, Reddit, or Pinterest, or Medium, or Keybase. That's interesting, I don't even, if there's a Cybermentor Pinterest, this is news to me, Let's go ahead and check it out and see what's there.
Speaker 2
02:31:38
And it just says something went wrong. So this could be a false positive right here. But this tells you kind of where I might have accounts and where I don't have accounts. And then this 1 says there's too many redirects.
Speaker 2
02:31:48
So we don't know for sure. But all these other places, I don't have accounts. So what you're doing is you're trying to see, okay, where does this user have an account, this user has an account on YouTube, I'm going to check out this YouTube account. And now you found me right here, right?
Speaker 2
02:32:01
So there's my YouTube and here's my Twitter and here's my Twitch. And so say you actually had a user that you were doing research on or username, you could start tying these different accounts here. And that's all that these websites really do is you're just looking to see if you can tie them in. Now, Pastebin, Trip, I don't know what Trip is, Hacker News, some of these stuff I don't even know.
Speaker 2
02:32:23
So sometimes these could be false positives, but there's useful information here in terms of Telegram, potentially Pastebin, although Pastebin's kind of been really restricted as of late. And then you can come in here to these other websites too. And just because 1 says 1 thing, you might want to check other websites and just see. Now this will look up x rated materials as well.
Speaker 2
02:32:45
So just be careful when you're searching for this stuff. You can do the alt exclude which is the default When I show you later with recon NG how to do this, this will actually include the x-rated stuff as well so just make sure that you're cognizant and aware and Etc. But X-rated is good depending on the investigation you're doing. If you're trying to find, say, like a child predator or something, and maybe they're on X-rated websites, or somebody that's involved in that kind of stuff that you might be hunting down, it doesn't hurt to try to find usernames in bad places too, because sometimes it's where you might have to look.
Speaker 2
02:33:19
But here you can see again, Keybase, Spotify, Medium, Twitch, Telegram, Patreon, the Internet Archive, Reddit and Twitter. So you can come through here. It also has the category link. You can dump this out to Excel or CSV or PDF.
Speaker 2
02:33:33
So this is really nice. And it just kind of tells you, you know what you've got out here. Last 1 name, name, checkup.com. Same thing, I'm not going to run this again.
Speaker 2
02:33:44
Now, what I do want to show you are a couple of other neat tricks that I've found in the past. 1 is that if you're looking for other accounts, maybe accounts that just don't show up here, and I'm thinking mobile apps, okay? So I'm not gonna get on mobile and show you, but start thinking of the mobile apps that you might use, like a TikTok or a Kik or Snapchat or Telegram, which was on this name checker, and what things that you might be able to see from this. So I just typed in random names here.
Speaker 2
02:34:13
I went to Kik.me and forward slash Mav because I tried typing in Maverick to see. Now, this came up as a user of Virginia Thompson. Say we had a username of Mav that we were searching, but maybe say it's like Mav something unique, like 123725I don't know. And that tied back to this person.
Speaker 2
02:34:30
Now we have a confirmed, hey, here's a name that ties to this account. Maybe at this point, we didn't have a name at all. So this could be a potential tie to a name. Even better, what happens sometimes is you're searching, say something like Kick, and you have somebody like this, where the name is Heat.
Speaker 2
02:34:47
This 1 says Ad Lux Hustler. But here you can see that there's an image. And the really nice thing is you can right click and you can open this image in a new tab. And guess what?
Speaker 2
02:34:58
You see that little crop. You get the whole image. Now, what can you do with this image? You could save this image.
Speaker 2
02:35:03
You can try to go and you know see if you can find this on a reverse image search. This in particular looks like it has to deal with Michael Jordan and you could see the Space Jam Michael Jordan, the Chicago Bulls Michael Jordan. So this is interesting as well, but doesn't really have any ties to anything right here. But the nice idea is what you could see is you can right click, view the image, actually go back and then start working with this image as well if you can find that.
Speaker 2
02:35:28
Same thing with Snapchat. A lot of these companies have username enumeration. So if there is a particular email or particular username, you want to try and see if you can find that account exists, you can come in here, just type it in and then try logging in. So I just came in and typed in the cyber mentor.
Speaker 2
02:35:45
And I went and just type this, hit login, you can see it says cannot find the user. Now, if you try something else, I'm going to try I saw a Dell, I'm just gonna see if that works. I'm trying something just common that would perhaps work. This 1 says cannot find the user either.
Speaker 2
02:36:00
So if you had a working username, it should work here where it says, Hey, this is a valid user, same thing with the email. And then the other thing that you can do, and this happens on a lot of applications, is you can come in and this is just a picture I grabbed, but this if you ever use Snapchat, if you slowly type in the username, you perhaps can see possible usernames, see how they're typing in Adele, and you see Adele, but they also see this Adelaide Crows. You have options here where maybe you see this, but like if you're hunting a specific username, the other thing that you might see is you might have this username down here, but then you have a full name, just like the kick, right? Like the Virginia Thompson, somebody might have their full name in here when you type in that username.
Speaker 2
02:36:46
And then again, you just have more information disclosed to you. So that's what you're looking up here. I'll provide all these references down below, but what I want you to be thinking about is doing these name checks, finding out where a username could exist or does exist and correlating those to other accounts, digging in and seeing like Reddit's a great 1. Like if I go to Reddit, what post history do I have for this user?
Speaker 2
02:37:09
What do they have? You see, I'm posting all about my YouTube here, but like you could see different sorts of things that I posted. Maybe I have a Reddit history that discloses information about me, or something along those lines, right? Like, this is the stuff that you could start tying in more and more and more information and verifying, you know, that it belongs to that person as well.
Speaker 2
02:37:29
But once you have that in mind, as well, Think about things that aren't on this list, perhaps like Skype, kick, Snapchat, telegram, tick tock, think about all the different types of apps where you might be able to type in a name or an email address or something, and then correlate that back. So get your wheels spinning, start thinking, thinking like an investigator thinking outside the box and just try to start rely on tools as well rely on manual methodology is the point I'm trying to get at. So that is it for this lesson and this section and I will look forward to seeing you in the next section. Have you ever typed your name into Google just to see what happens and you see some information about yourself, whether it be your phone number, your address, your work address, your email, any of that stuff, and you're just wondering how the heck is this information gathered?
Speaker 2
02:38:27
Well, that's a lot of us. I think that's probably happened to a good majority of us. And this data is gathered from all different sorts of locations. It's data that can be sold from 1 location to another.
Speaker 2
02:38:39
It could be perhaps from a data breach, perhaps from voter records, perhaps from your credit report. There's a lot of places this data could be sourced from. But the big point to note is that this data is out there. So what I'm going to show you are a bunch of websites, and I'll link them all down in the description below.
Speaker 2
02:39:00
And there are plenty more beyond what I'm even going to show you. I'm just going to show you what the websites are, what they do, and the techniques behind them. The only caveat is for this video in particular, I am not going to show you any searching. I think that privacy is important.
Speaker 2
02:39:19
I think that we should not be looking into people in particular when it comes to names, addresses, phone numbers. I will show you 1 on myself so that way you can see it because it's going to come up again in a later section. And I am comfortable showing it because it's me. But otherwise, I do not want to reveal anybody's information, but I will show you these.
Speaker 2
02:39:37
So please use these responsibly. Now I've kind of got these ordered in the way that I would use them. White pages and true people search are 2 of the best in my opinion. Now, again, these are also kind of grain of salt.
Speaker 2
02:39:52
If somebody knows how to go into 1 of these and ask for their information to be removed, that can happen, though I would guess that a good majority of people aren't doing that, but somebody who's trying to cover their tracks might. Now on all these websites, they kind of have the same thing across the board. Basically, what you are using are search engines for people. So you can come in here and a lot of these are US based.
Speaker 2
02:40:16
Now I understand that not everybody watching this course right now is in the US. A lot of these are US based, although some of this can be used to tie to other people. And it could be used to tie to other countries. I'm sorry that this section is kind of us ish, but please just kind of follow along and then use the concepts, apply the concepts to your location, just understand that this data is out there and do a little bit of your own Google OSINT and find where you're at and how it can tie.
Speaker 2
02:40:45
Now, some of these places like White Pages might have an extension for other countries like whitepages.com is the US. They might have other white pages for other countries. So keep that in mind as if you want to change the address here to your country code, it might actually work and allow you to access as well. And you might be able to search through this down here, but I'm just gonna proceed with the US version of this.
Speaker 2
02:41:08
So with this being said, you can come in here and search for people by name and then city, state, zip, if you want, or zip. You could do reverse phone number, reverse address. So say you have an address, but you don't have a name. So you have a phone number, but you don't have a name.
Speaker 2
02:41:23
Say you have a business you want to search. That's basically what all of these up here do. Okay, 1 form or another Now white pages and true people search, in my opinion, at this time of this recording, are the best at at the game. It used to be that there was a website called people that I really liked P IPL, they kind of moved off of that platform into like a paid platform and now it's just some weird site.
Speaker 2
02:41:49
Here for this, for the free resources, True People Search and white pages are fantastic. Same thing with reverse phone, reverse address search. I have typed in people's phone numbers in here. I will always type a phone number that's calling me into Google to see who it is.
Speaker 2
02:42:05
Not every time does it show up. A lot of times I come into white pages, type that in and sure enough, it's accurate. So this is something to keep in mind. I know we haven't gotten to phone number OSINT yet, But this is something to think about as well, is just typing in a phone number, typing in a name, trying to find a location of a person.
Speaker 2
02:42:21
So you can use this to narrow down information on people. You might be able to find, say, a middle name where you didn't have a middle name before, or a middle initial. You might be able to find an age, or a birthday, or an address. You might be able to find relatives or people that are similar to these people.
Speaker 2
02:42:38
There is potential for false information on here. I looked myself up on all these pages. I don't think I actually showed up on many, maybe 1, and there was quite a bit of false information on there. So sometimes this will say that people have criminal records and stuff like that, where that's just not the case.
Speaker 2
02:42:54
I think it's trying to make you buy more information. But for the most part, you can take what you see and use that and do further research and see if you can verify the data that you are seeing in front of you. So white pages, 2 people search, really good. Fast people search, similar website.
Speaker 2
02:43:10
Fast background check, really similar website to this. Web me, web WMII is a good 1. I just searched my name in here and you could see what comes up about me. Now, not all of this is accurate.
Speaker 2
02:43:22
Again, TCM security from LinkedIn, my Twitter profile. I do not have a public Facebook, nor is this me on Instagram, But they are coming through and seeing that maybe there's results on a hacker. I would be surprised that I'm in any of these videos. But this is me right here.
Speaker 2
02:43:41
Actually, this is a review on my course I didn't even know existed. So I'm finding stuff here that that I didn't even know about. So here is potentially some public record information. Here are people that I might know, which I'm looking through all of these.
Speaker 2
02:43:57
And outside of maybe this last little bit here, I know Chris Roberts, Chris Hadnagy, and Neil Fallon. The rest of these, I don't really recognize the names, so they're trying to pull the data down here. They're pulling down images and videos and stuff like that from Google. A lot of this is tied to me.
Speaker 2
02:44:14
So this is, again, just more information that you can put out here. A lot of this is also not me. So you kind of have to go through and do your research and see what you can find what you can find. PQ, another resource, 411, another resource, Spokio, another resource.
Speaker 2
02:44:31
And then that's them is a another resource as well. You can use this for phone, you can use this for people, addresses, IP addresses, and a lot of these have the ability to search by IP address as well. So if you find an IP address, say you have an IP address, it's like harassing you, or something that you've been able to capture. Again, I'm going back to harassment.
Speaker 2
02:44:51
But if you have something where you have an IP address, and you need to research it, you can come here and try to research this IP address. Same thing with the data breaches, too, you could potentially research it there, You could try to track down an IP address to a location or at least this might provide a specific location, but you can also identify IP addresses is to at least a generic location. So here I searched me in Heath Adams in Charlotte, North Carolina, because this is where I used to live. I wanted to see what they can find out about me.
Speaker 2
02:45:23
Here they have my old address, which we'll find out in a later video where they're likely pulling this address from and how easy it is to kind of pull these addresses. But here's an example of this address. You can click on this address and perhaps it'll say who else has lived here. So this person lived there before me, which is accurate.
Speaker 2
02:45:43
My wife, which is accurate. My wife, which is accurate. So you could pull down information this way as well. And then, yeah, you just keep clicking through, getting information, going from there.
Speaker 2
02:45:56
On top of that, the other thing I wanna show you is that we have Google. Don't forget about Google. Now do we identify any information about me here we have Heath Adams, Heath M Adams. Okay, so here you can see if we type Heath Adams and Charlotte, not a whole lot comes through, you might find some business information on me.
Speaker 2
02:46:18
You see some of my courses, maybe some pictures, there's actually my resume, so that could be of use. But if you come through here and you start saying like, Heath M. Adams, Charlotte, now Spokio comes up, okay? And then you might be able to find what my middle name is or what my birthday is, stuff like that.
Speaker 2
02:46:37
Like you could start trying to dig in and seeing if I come up here. You found like, here's an example of a business address that I have. This is a, if you actually go to this address, this is just like a UPS box. But like they have stuff that ties back to me.
Speaker 2
02:46:52
The more you search, the better off you're gonna be. This was an old, old, old address that I lived at in Ohio when I was in Ohio. So there is potential here. Again, if you wanna search for a middle name or you could search for a full name, you could search through some of these websites.
Speaker 2
02:47:07
There's also cache data here, which we haven't talked about cache data, but you can click in here and see the cache. Maybe it's something that's been deleted, but Now you can go back and search the cache and see if there's anything that's changed from here. So a lot of thought that you can do, a lot of maneuvering that you can do. I would say start with websites, but do not forget about Google.
Speaker 2
02:47:26
Google is your best friend. And then you can use some of your advanced searching here as well if you want to try to really narrow it down and look for certain things. But that's it for this video. We're gonna go ahead and start talking about different topics and more specific on the hunting and what you can do, but this is a good overview of just searching for people through search engines.
Speaker 2
02:47:47
So I'll catch you over in the next video. What I'm about to show you is an incredibly powerful or potentially powerful way to gain information. I know I stressed this before and I keep stressing this, but please only use this tactic or this method as a way to obtain information in an active investigation that you have full permission to be conducting. So with that being said, voter records.
Speaker 2
02:48:21
Here in the United States, we have to register to vote. When you register to vote, some states make your voter record information public. That includes a lot of details. I want to kind of show you what this looks like, because I am actually a victim of this.
Speaker 2
02:48:41
So if we look at voter records, you can actually go to voter records dot com. You can see the states here and District of Columbia that you could actually look at and search for for the states that have public records. Now again, it's no secret that I've lived in North Carolina. North Carolina has public voter records.
Speaker 2
02:49:04
You come here, you type in my name. The more specific you can be, the better off you are. If you're in the US and you're 1 of these states, go ahead and try giving it a go. Come here and you hit search.
Speaker 2
02:49:14
And fairly straightforward, You can see where I definitely have been registered twice on this list. There's 40 pages, but at least twice I see 1. I see 1 in Ohio. This is me.
Speaker 2
02:49:28
You can see, hey, he's 31. And then there's another 1 down here, right here, for Charlotte, North Carolina. Heap them atoms, let's click it. And now look what you see about me.
Speaker 2
02:49:39
Look, you see that I was listed at this address. Remember, we saw this address before. This is the address that I registered at. This is public information.
Speaker 2
02:49:49
Had I been registered in the last 2 years or however long it is, as long as I'm actively registered or inactively registered actually, a lot of times you can gather this information and find out where somebody lives. So again, here's my old address, you can see what party I'm affiliated with, I'm a white male, what county I'm registered in, etc. So you can come down here, you can see when my registration date was, if I'm verified, all this wonderful information about me. And then there's detailed voting records and stuff down here that this goes to Truthfinder.
Speaker 2
02:50:22
So this is kind of like not this is salesy. I wouldn't click on that stuff. But from this point like at least you have this information in front of you. Now if there is a person that you're searching for in these types of records, you can go to that specific state, if you can find them, and try to search through that state's voting records or that county's voting records and see if you can gather any more information.
Speaker 2
02:50:46
Although this will really tell you the address, it will tell you if they're active, like here's a voter status active, which just means that the registration hasn't expired. So you know that within the last 2 years, I was registered to vote at some point in time. So I mean, this is useful information if you're tracking down a subject or you're conducting an investigation, you're trying to find information on somebody within a specific county, you can have perhaps at least a known address at some time or perhaps the actual address that that person is at. So, this is a short video but powerful video.
Speaker 2
02:51:19
I think this information is I don't think should be public. I'm anti releasing this kind of information because even even as an investigator, I just I think that, You know, I don't think it should be out there, but that's that's my personal opinion. But anyway That's it for this video. We're gonna move on to the next video and continue on with people OSINT Now let's talk about hunting phone numbers.
Speaker 2
02:51:50
Now there's a few different ways that we can hunt phone numbers and I've sourced these from a collection of different OSINT resources, but here's kind of the methodology that I would try to use or take and I kind of mentioned this in an earlier video I'm gonna go back to this and just kind of talk through it. Now we have a few different things that we can do. I think Google is the best first resource that we should take and we can just kind of go to Google. Anytime I'm getting a phone call, I just rush to Google and try to type it in and see.
Speaker 2
02:52:19
I don't like answering the phone if I don't know the number because they're mostly spam nowadays. So I'll go to Google, I'll try searching it. And what you might have happen is something like this, you might search, like I'm going to give an old number that I used to have
Speaker 1
02:52:33
9678163
Speaker 2
02:52:35
and try to search this. Okay, and you get phone lookupper and you get these different things and you really don't see any sort of information. We could try opening these We could tell that the caller is coming from Albuquerque, New Mexico, but we really don't know.
Speaker 2
02:52:51
And a lot of these websites are kind of sketch. We really don't have any idea what they are. Now this is saying that we're getting a Leap Wireless, aka Cricut. So maybe somebody with Cricut owns this phone number now.
Speaker 2
02:53:03
Again, this is an old 1 for me, so who knows. But when I was on it, I was not on Cricut. Same thing here, we try to do a search and who knows what we find out, nothing here. These are just trying to tell you if they're a safe caller or not.
Speaker 2
02:53:17
We don't have any sort of information on this. So Google searches hit or miss if it's a person sometimes it shows up if it's a business, it'll show up a lot more. There's also different ways to search for this. So we're searching without hyphens.
Speaker 2
02:53:32
Let's try searching with hyphens. And again, this mostly applies to the US, but the same methodology can be used for other locations as well. So if you come here and you try searching, you can see that it brought up different searches. Now we've got 996 results.
Speaker 2
02:53:48
So if you think that maybe you have a name that you could try to tie to it, there are different websites that you could try down here as well, but it's always kind of iffy. Some of the websites we talked through, again, on the search engines, like the whitepages.com, for example, when I used white pages to search a number, it'll show up even though it's not showing up in Google. So that is something to think about as well. But the different syntax that you can have here and the different phone number types that you can have here could change things up.
Speaker 2
02:54:17
Like you might wanna put this in quotes here, but like 505, 967, and then you wanna try to search for different things and see if you can get this to pull up in any different kind of way. But other things that I've seen of interest. Now, I have seen things spelled out before. So I've done this myself.
Speaker 2
02:54:36
So say that you like are posting your an ad online. So you're posting an ad on Craigslist. And you're trying to sell something and you want people to text you or call you, but you don't want your phone number to get picked up by automated bots, which will happen if you post your phone number like this, a bot will just come scrape this, pick it up, and you'll get phone calls or all kinds of weird stuff. So what people might do is they might come here and they might say something like
Speaker 1
02:55:02
505.
Speaker 2
02:55:03
And then they might spell it out completely, like 967. They might do variations of this, they might do
Speaker 1
02:55:10
9678163.
Speaker 2
02:55:14
So there's different ways that you might have to try to search this. And you might have to just see what works best for you. So it really depends.
Speaker 2
02:55:23
Like I don't assume this is gonna show up, but maybe something like this, and then you have different searches here, where 505 is part of the search, and you see if you can draw anything else here. But these can get pretty complicated because you can have a bunch of and statements or or statements here. Or they would be or statements, but different or statements to see if you can get this to to come out. But the other thing that I've seen to our emojis might work when you're doing searching.
Speaker 2
02:55:50
So if you like look up a phone emoji, you can copy and paste the phone emoji into here like this mobile, like say this 1, for an example, use copy this. And some websites use this if you're trying to search for a phone number. So like you might be looking for a specific business or something like that that uses this. And they might show up in their in their searching as well.
Speaker 2
02:56:13
So it's interesting to use emojis. These are kind of just like wonky search tactics. But my go to in my methodology here would be to just kind of come through here and just do a search on the number search and white pages, see if you can find it. There are a couple of databases that you could also look through.
Speaker 2
02:56:30
Truecaller is 1 true caller is basically like a caller ID system that you have to log into. So I would not log in on anything that you care about or a phone number, because this does pull down your contacts. You can have this on your phone and you can have this online. I'm using a Gmail account for a free search.
Speaker 2
02:56:48
Now you can come in here and try to do a quick search. So we'll try this again, the
Speaker 1
02:56:53
505-967-8163
Speaker 2
02:56:56
and see if this pulls down anybody. And what this is doing is going through different, different phones that have stored this number, like if this number has been stored, it gets added to this database. And then you get to see, okay, here's the person who maybe has this phone number.
Speaker 2
02:57:12
And then you could see here, they're on Verizon Wireless in Albuquerque, New Mexico. Alright, so we don't know if this person is actually the the right person or not. But this is somebody at 1 point named Jolin Peters had this phone number because they were stored in somebody's phone that logged in with the true caller app. So again, this is why you do not want to use Truecaller with your own personal information because then it'll upload the contacts here.
Speaker 2
02:57:38
The other thing that you can do is you could take this, just copy it, and you could put it into this caller ID test, which I did here. If it pulls up anything of interest, you will see a name come back, but all we're seeing here is that, hey, it's Verizon out of Albuquerque, and that's it. So remember when we saw that cricket earlier? That cricket phone service was actually incorrect.
Speaker 2
02:58:00
So it looks like this was was a better a better option here. Now, you only get 5 searches, 5 searches a day with this. So you have to come in here and just clear your cache or you see I'm in a window. So it really just depends if this had a name to it, it would bring up the name here.
Speaker 2
02:58:19
So there'd be a name instead of this. They actually just changed their design within the last few days on this page. Again, this is how OSINT is or how all these technologies are. You can be on a website literally a couple of days ago and the design has completely changed.
Speaker 2
02:58:34
So with that being said, that's just another way to just quickly check. This is kind of the order that I would go in. Now, there's a few things that I wanna point out. Say you have a potential number for a contact and you have a potential email.
Speaker 2
02:58:52
Again, I do not I cannot stress enough the potential of using the forgot password feature on websites. Like 1 that I'm gonna pull up is Yahoo. Yahoo will produce a phone number for you. So somebody this is just an image I pulled online, so I didn't want to go search and try to find somebody's phone number.
Speaker 2
02:59:11
But you can come through here and you can put in a Yahoo email and say, Hey, I forgot my password, I need to recover this account. And sometimes it will say, Hey, here's an email address. And you say, Yeah, I don't have this email address, then it'll say, or potentially, it'll say a phone number, it'll say, Hey, can you verify this phone number. So here you have what the first 2 digits last 2 digits that number.
Speaker 2
02:59:34
If you had a number and you thought it tied to your person and you thought they maybe had an email address as well, you can come in here and do this. Now, got to be careful though, because the other side of this is, here's an example of something that I did do just to pull up as an example here. Now, I did search for somebody just a very basic first name, last name with a number after it to see what happened. Now I said I forgot the password, it pulled up this username, which we can kind of guess what it might be here.
Speaker 2
03:00:04
And then it pulled up a full domain, full domain. This was a private domain, by the way, custom, custom business domain. And what happened, though? Why is this dangerous?
Speaker 2
03:00:16
This sent a verification code, this alerted this person of this email that somebody is trying to log into their email address, or somebody is said, Hey, I forgot the password here. So you got to be very careful when you do this, make sure you have test accounts, you understand how the systems work when you're searching for, for different emails and different things, because this easily could alert and trigger the person that you're investigating, and then they're on your tracks, they know, okay, so as somebody who has a public lifestyle, and I, you know, I have accounts online, I get password reset requests all the time. So depending on who you are and what you're dealing with, I see this kind of stuff all the time. But if somebody's paranoid or thinking maybe they're under investigation, This could trigger something and completely change the landscape of investigation.
Speaker 2
03:01:05
So you gotta be very, very, very careful. So there's 1 other website that I wanna show you that's called InfoBell, and I won't hover on this too quick. I just wanna kind of really quickly show you, I'm not gonna search anything. If you come here, this has the ability to perhaps search countries in all different locations.
Speaker 2
03:01:23
So it starts out in French, but you can change your language up here to quite several languages up here. So let's say English. And then you could select the country where you wanna try to search, and it'll take you to a page where you can search a phone number for that country. I've already exhausted kind of the US side of things, but if you were looking for something, say United Kingdom, let's see what happens here.
Speaker 2
03:01:45
It takes you to the United Kingdom. So this is like, for those of you looking to search other areas and locations, this is a great, great website. But for the US base, you can utilize pretty much anything that I've already shown you as an example. And so that's it for this video.
Speaker 2
03:02:00
I just wanted to give a brief overview of how we look up phone numbers, and again, spin the wheels on thinking outside the box. There's a bunch of tools and services, but even with the Google search, maybe we have to change our syntax up a little bit. Maybe we use emojis or something in there to throw it into the loop. Maybe we spell words out.
Speaker 2
03:02:18
There's all different unique ways to kind of hunt down, you know, nitty gritty on some of these phone numbers. But thinking outside the box with like a password reset or searching for a phone number in different locations, you know, where there's applications that might use a phone number and see if there's a username tied to those or anything along those lines. There's a lot of different things that you can do. And OSINT is kind of like overlapping in a lot of these tool sets.
Speaker 2
03:02:45
So I know we've shown the password reset feature before I want to show it again. There's all different kinds of things that you can do. But I want your wheels to always be spinning and thinking outside the box when it comes to investigating. So that is it for this video.
Speaker 2
03:02:58
I'll catch you over in the next 1. Now let's talk about discovering birthdates. This is going to be a very short video, but I kind of want you to have an idea. Now we've come across birthdates already with the people search engines.
Speaker 2
03:03:17
There's a good chance that you're going to find birthdates there. But there's also a possibility to find birthdates in other locations. And the 1 I'm going to show you today is Google or a search engine. So let's take me for example, my birthday is public so I don't mind sharing this information but if you come out here and you just say something like I don't know Heath Adams birthday what might you find a whole lot of really of nothing just just not nonsense right there's nothing here related to my birthday what happens if you were to say something like in quotations Heath Adams birthday anything change here Me wishing somebody a happy birthday on Twitter.
Speaker 2
03:04:06
And here's me saying happy birthday to you. So maybe I am wishing a birthday. I said, hey, it's my birthday. So maybe here I found my birthday, right?
Speaker 2
03:04:16
So come through here, we look at this. And somebody said it was my birthday, too. Let's click into this. So yes, I said it's my birthday.
Speaker 2
03:04:24
I'm 31. This is on June 29. So this will tell you exactly my birthday exactly my age. Let's say we didn't find it so fast.
Speaker 2
03:04:31
A next thing that we could do would be something like in text birthday, right, these are just things that we already know, but we want to see the word birthday somewhere in in text. And maybe we want to see something like happy birthday in text like this. So somebody might be saying it to me and it's not just me saying it but it here's 1 of me saying it but it could be somebody saying it to me as well. You know, like right here, or I was saying that to somebody else, but it's possible to see that what we like, oh, here, somebody said at the cyber mentor, happy birthday.
Speaker 2
03:05:08
And if you wanted to look by username, you could do that as well. So you could say the cyber mentor, change that up. And then we can look and see if there's birthday here. The other thing that you might want to put in here is you might want to say something like site and just do twitter.com.
Speaker 2
03:05:26
And so I would say something like having a name, having an in text of some sort of birthday or, you know, birth dates or something like that could work. But usually these like congratulation type things on social media is a really quick way to find these. Same thing with Facebook would be another way to do this, you can just go facebook.com and do a search there and see what works out. But if you're looking for a birthday, this is a quick and easy way to do this is just to think about your search engine, your quick searching and how you might do this.
Speaker 2
03:06:00
But yeah, even on even even LinkedIn is another 1 that you could use. Any of the social media sites that have a birthday out there or public birthdays, Facebook and LinkedIn are really big, but Twitter's another 1. Just 1 of those where you can kind of catch it out there outside of the the basic sites again. So if you're searching somebody's, you know, like, like, if you're just searching somebody on a people search engine, you are, I don't wanna say likely, but there's a good chance that you'll find a birthday if you can find the person on 1 of those sites as well.
Speaker 2
03:06:31
So this is just another alternative in case you aren't finding birthdays. And that's really it for this lesson. So I'll catch you over in the next video. Another useful item that we can hunt for are resumes.
Speaker 2
03:06:47
When we're looking for people especially, resumes can tell us a lot of information and can give us even more clues about a person or even a company, for example. Now there are websites like LinkedIn that we can look at about people and understand more about their background, where they work, and that would be pretty good for a resume. The other side of that though is sometimes resumes disclose personal information like a phone number, an email address, a personal address, et cetera. So we're going to go ahead and look at Google for resumes and we're just gonna pick on me again You can search yourself and just see if you can find any information out there I don't want to search for any random name and try to find resumes or just loosely search because I don't want to show somebody's personal information or potentially show that.
Speaker 2
03:07:34
So what we're gonna do is just type my name in. I'm just gonna say Heath Adams resume. We're gonna see what happens here and you could see that a couple of things show up. So this on Twitter where I publicly share my resume.
Speaker 2
03:07:49
Yeah, that's a thing that I did. And the other thing though is that there are images. Now you can click on the images and actually see the resume as well. I'm gonna go on to Twitter and just show you it.
Speaker 2
03:08:02
But the images are a really good place because there's a couple of different ways that we might be able to see a resume. We might see it in like a document form. So we might be able to say like Heath Adams resume and then file type PDF And see if we can find it. Now that might not be the best search, we might have to do something like Heath Adams resume, and see if that comes down.
Speaker 2
03:08:27
And here is a, here's a resume, somebody used my resume here. And it says created by Heath Adams, a cyber mentor. So they put a resume up here, I'm not going to click on this, because it could reveal personal information. But here's an example of a resume, right, that showed up.
Speaker 2
03:08:43
Now we could say, file type doc, we could try doc X as well here, just to see if we can find it. Now we can also remove the file type. And we could say something like site, site, Google would would be good site, Google, because Google will include or should include any of the subdomains. So drive.google like you saw it recommend drive drive.google.docs.google.
Speaker 2
03:09:11
Any of those might have this a website like dropbox.com, for example, might have this a website, for example, like scrib, scrib, d.com might have this as well, I'm not going to keep searching, because it'll yell at me eventually and make me verify myself and stuff. But What we're gonna do here is we're just kind of hunting down this information and trying to find it and see what we can do. The other thing that we can just do is just look up Heath Adams and then look up site, linkedin.com and see if you can find me. And here I am.
Speaker 2
03:09:45
And my information's a little obfuscated here and it's gonna try to make me sign in. We can actually try to look at the, nope, it won't let us look at the cash version of this, but I'm not gonna click on it. But basically you can come in here and look and see. There's some misinformation on my LinkedIn, although I don't think most people are gonna do that.
Speaker 2
03:10:03
I definitely have a different location. I have a, I don't tell what schools I went to. I don't tell any of that stuff. So there could be some misinformation there, but you can come in here and look at the resume that I posted and see some certain things.
Speaker 2
03:10:20
You could see that I have a degree, right? I have a master's, I have a bachelor's in accounting. You see what certifications I have. You see the different companies that I worked for.
Speaker 2
03:10:32
Now this is intentionally obfuscated, but if this wasn't, there could be information here. There could be an address, phone number, email. So I want you to just begin thinking about what are the things that could be disclosed on a resume? How can we utilize that?
Speaker 2
03:10:45
We can maybe find a current job like here you see present job, you maybe find a current job, current address, current phone number, current email address, a lot of stuff can be found. So just think about your searching, search for Google search for docs, Google Drive, Google, Scribd works really well. Just do image searching. You're not always going to hit the jackpot on just searching somebody's name and finding the resume.
Speaker 2
03:11:10
But this is just something that you should add to your checklist of Hey, did I do this. And at the end of the course, I will share these flow charts. They're out there by Intel techniques. They're pretty much what everybody uses.
Speaker 2
03:11:22
I think they're fantastic. And you can just kind of take the information that you see and just kind of have like a checklist. And it's really, really good stuff. So I'll share that as like a resources towards the end of the course.
Speaker 2
03:11:32
But that's it just short video, kind of get your wheels spinning about other things to think about what could be out there that could relate to other people. And hopefully this was useful. So we're gonna move on now and cover the next section. Welcome to this section on social media.
Speaker 2
03:11:54
Oh, sent the first platform that I want to start out with is Twitter. Now Twitter can provide an abundance of information, we're going to look at how to search Twitter, we're going to look at the different tools that you can use for Twitter, and then we'll show you 1 cool tool that I really like that I think deserves kind of its own video. So let's go ahead and just go to Twitter. Now for this section, you can use your personal Twitter account if you want or some sort of Twitter account that you have.
Speaker 2
03:12:21
It will be better if you have some sort of Twitter account if you want to follow along to just kind of navigate this. Okay, so here is my homepage. I'm logged into my Twitter account at the moment. Now we can come in here and we can take a look and see what we could do with searching Twitter.
Speaker 2
03:12:38
So say that I want to search Twitter. And the first thing I'm going to show you is just clicking on it, we can search for people, topics or keywords. Now, what's going on in the world? Well, the let's see, we've got we've got different things going on over here.
Speaker 2
03:12:55
This is all political. Let's see if we could find a keyword that's not really political. MBA draft. Okay, so let's search MBA.
Speaker 2
03:13:02
I like that. So we can search by just a keyword and say MBA and search that. And we can see everything that's going on right now in the top right top of top means the top post the ones that are kind of trending in the MBA, we could see anytime that somebody just recently said the word MBA come through here as well. We can look at people related to MBA.
Speaker 2
03:13:25
So that'll bring up actual MBA and maybe any of the reporters, something along that. Photos, videos, etc. So it's a very broad search, but just proving that we can do a search. Now we can also do a keyword search.
Speaker 2
03:13:40
And we could say we saw NBA draft was trending. So we just say NBA draft, do this. And you can see the top tweets. So it looks like this one's from November 12.
Speaker 2
03:13:50
But if we look at the latest tweets, we can see now that November 17, which is today, we can look at these tweets. Okay, so this one's from now this one's from now anybody that's used this tag, you can see come through with the with the tag here. So we can kind of narrow our search down if we're using these hashtags. We can also do something similar to Google where we say like MBA draft.
Speaker 2
03:14:18
Maybe we'll say something like MBA draft pick. And now we're looking for specific words that say NBA draft pick all in a row. So we're looking for a specific string that we want to search. You can see within the last hour, this has been used at least once.
Speaker 2
03:14:33
We can look at the top posts that have come through here and November 12th again was 1 of the top posts and we just kind of look through. So depending on how we want to search, we could search by different phrases. So if we know a phrase or something that we're trying to investigate, we can search via that way as well. But what makes probably the most useful when we're on Twitter is the from, to, and mentions.
Speaker 2
03:14:56
So if we're looking at somebody, we might say from the Cyber Mentor. Let's just search me. So we're gonna search all the things from me. Okay, you want to go the latest, you can look at the latest, these are all my posts.
Speaker 2
03:15:10
If you want to look at my top posts, you can see some of my top posts in the last looks like last month or so. And you can perhaps see photos. So here's photos that I'm posting. You can go on to my profile, of course, if you wanted to just look at my profile.
Speaker 2
03:15:26
If you go to a user's profile, you can look at their different tweets, who they're replying to. So this is not just me tweeting, this is me replying to people, what posts I'm actually hitting the like button on. And then you can see what media I'm posting as well. So you can go through my media and kind of just look through my photos, basically anything that has a photo or video or something along those lines, you can see that data here as well.
Speaker 2
03:15:50
So depending on the number of tweets that I have, here you see I only have 742. So if you wanted to go through and find out information about me, you could. Like look, this is an example. It says, I copped these today.
Speaker 2
03:16:01
I bought a couple hats recently. What does this tell you? Well, this tells you that I like I like a certain team if you figured out what this logo was. This is a Dallas Mavericks logo.
Speaker 2
03:16:10
I love the Dallas Mavericks. I love basketball. So you could tell for about me that I like the Dallas Mavericks. So maybe I have ties to Dallas, maybe something along those lines, something about me likes Dallas.
Speaker 2
03:16:21
So that's something that you can add to your profile. You could tell that I have a dog who doesn't know how to use a pillow, but I have a dog and it's a small dog, Chihuahua. So I like animals. We keep coming through here.
Speaker 2
03:16:32
We can just see different things. Here's a picture of inside of a car. So maybe if you were able to look at this, you can determine what type of car this is. You know, if you brought this to a specialist, maybe they could tell you what type of car this is based on the the leather or pleather or the threading or the design here.
Speaker 2
03:16:52
There's a lot of opportunities. So the more that you look through these, you could tell like, here's a picture of going back to school. Here's the different coursework I'm going to take. So this talks about the college that I'm going through.
Speaker 2
03:17:03
So pictures say a lot, a ton of information if you go through the media of somebody and what they're doing. So there's a lot that you can find out on social media and Twitter. This is not just tied to Twitter, but Twitter is very easy in that media is public, public, public. Unless this profile is private, all this information is gonna be public here.
Speaker 2
03:17:23
So that's really nice. The other side of this though, is okay, we've got from, but what about to? So let's look at to. So anybody talking to me.
Speaker 2
03:17:33
So there's people sending pictures to me because I'm still on the photos tab. So you can see what people are saying recently to me with photos. You could also go top. And you could see who's talking to me.
Speaker 2
03:17:43
Oh, look, Nam Sec's talking to me. You can see different types of people here that are mentioning me the latest people that are mentioning me, we can also look at people. And just me, right. So okay, and then last 1 that you can do here that's of interest would be the at symbol, anybody that tags me.
Speaker 2
03:18:04
So if you go top, that's an ad, you come through here, you could just see anybody that's tagging me like john Hammond here just tagged me not that long ago. Another tag here. And then anybody that's also responding to me, you can also look at the latest, same thing. So if you're investigating somebody, you need to look at the from to and mentions to really pull down some good information.
Speaker 2
03:18:28
Now, we can get even further down in this narrowing. So let's say, let's go back to my profile really quick. Look, I've got, I don't know, I've got 6, 445 tweets. If you were to scroll through this, it would take forever to get through all these tweets.
Speaker 2
03:18:44
And honestly, like, I don't know if it will even take you that far. I forget what the limit is, but I do believe that there's a limit. So as you're going through all these tweets, you just have to scroll and scroll and scroll. That's not the way to do this.
Speaker 2
03:18:57
So something that you can do is you could say from, you could say the Cyber Mentor. So any tweet that I posted, and now we know by looking at my account that I joined in February. So maybe I wanna see some of my earlier tweets, okay? So let's think about this.
Speaker 2
03:19:14
I joined in February of 2019. So I wanna say since, and I'm gonna say
Speaker 1
03:19:20
2019,
Speaker 2
03:19:22
and then 02, and then maybe 01. I don't know exactly when in February I joined. And then I want to see everything I posted in February.
Speaker 2
03:19:29
So let's go back and say, we'll say until
Speaker 1
03:19:33
2019,
Speaker 2
03:19:35
we'll just say 03-01. So I wanna see the first month that I was active on Twitter. What were the first tweets that I put out there?
Speaker 2
03:19:41
I'm gonna search that. And here you go. Let's see, I don't even know what my first tweet is. So we could scroll down and see if I have a very first tweet.
Speaker 2
03:19:50
It looks like they're, they're scattered, I'd have to look at it in the latest. But these are all the tweets I was making. February 8 was 1 of the, the first tweets that I was making here. So It's very interesting to see this.
Speaker 2
03:20:02
If you had a specific timeline, you can come through here and look and say, you could say the same thing. Did I post any photos? I did. Look, I went and did bone marrow donation, okay?
Speaker 2
03:20:13
I went and at least volunteered to be a donator. So this is something, more details you can find about me that you would have to scroll all the way to the bottom of the first creation of an account. So what this is saying is if you have the ability to identify a tweet range or when somebody maybe was active on Twitter or some specific area that you want to you want to find out, you could do this. You could also do this.
Speaker 2
03:20:37
Don't, don't think it just related to a from or a to, but you could do it too. You could say, Hey, who mentioned me during this time? Let's see. I'm trying to show you the possibilities.
Speaker 2
03:20:47
Okay, well, during this time, I was messaging with Davey Rogers. My wife said, you are hot, thank you. So there's different things that you could see people talking to me through here. So people I was interacting with, But again, you can come through here and you can see if anybody said NBA draft pick during that 1 month.
Speaker 2
03:21:09
All right, and sure enough, in February 13th of
Speaker 1
03:21:11
2019,
Speaker 2
03:21:12
the top post was related to this NBA draft pick about Patrick Ewing. So it's very interesting that we can very specifically narrow down tweets. So even though that I have 6000 something tweets, you can really fine tune it if you want to find a specific area or time frame.
Speaker 2
03:21:28
Now, you can also do something like did did the cyber mentor ever say MBA? I have, here you go. So you could see that I was watching the NBA finals, you could see how I mentioned the NBA here, those are the top posts. And you could see like different things about me.
Speaker 2
03:21:48
So and then here's a photo, right? So it just, it really depends on how you want to search this. But keep thinking about all the operators that you can bring into this. Now, the last thing I want to show you would be geocodes.
Speaker 2
03:21:58
So geocodes will identify a specific location. So I'm going to bring up 1 here, I'm just going to do do this as an example. But if you go out to Google, and I'll use this again later. So just leave this open.
Speaker 2
03:22:12
But if you go out to Google, and you search, I searched Los Angeles, California, you can search literally wherever you want by search Los Angeles, California. And what I grabbed from up here is these geo coordinates right here. So you see the geo coordinates up top, let's just copy these. So say that we want to look at a specific area.
Speaker 2
03:22:32
This is more useful, I'd say back in the day, not that it's not useful now. But it's more useful when there was geolocation everywhere all over the place, you kind of have to have geolocation turned on, which some people do. But it's, it's less than it used to be. But either way, we can still say geocode.
Speaker 2
03:22:50
So we want to look at geocode, we want to search that specific location, we can actually we have to add in the kilometer. So say we wanted to do let's do 10 kilometer range, any tweets going on in the last 10 kilometers of this Los Angeles. So let's do latest and just take a look at this. And here we'll get a lot.
Speaker 2
03:23:11
So 27 seconds. Here's 1 right here. I'm just gonna click on this and see. It doesn't specifically say that they're coming from Los Angeles.
Speaker 2
03:23:19
Let's click on the profile and see if it says that they are out of Los Angeles. It does not. Oh, Malibu. So they're in California.
Speaker 2
03:23:27
So yeah, we're identifying tweets coming from a specific location or area. So if you're trying to locate somebody in a specific area or you have their address or something along those lines, you can really narrow this down. You can bring this down to 1 kilometer and see within a specific area here. You can see this is just tweets from L.A.
Speaker 2
03:23:46
And these aren't even that latest like this is November 14. So this is 3 days ago. So you can see the different advisories, advisories depending on where you actually land. So if you know a specific house or specific address, and you want to look like within 1 kilometer, you can get very specific in your geo codes.
Speaker 2
03:24:03
And then again, you can combine these like this isn't going to this isn't going to come out with anything. But let's say within 1000 kilometers was I did I ever tweet from Los Angeles within 1000 kilometers? No, I didn't. Did anybody ever tweet to me from Los Angeles within a thousand kilometers?
Speaker 2
03:24:22
Yes, somebody did. Okay, so this is how you can get, you can find perhaps places where people live. Like this, I don't know where this person lives. Los Angeles, California.
Speaker 2
03:24:31
Look at that. All right. So and you can see this person follows me. They have their information public as to where they're located.
Speaker 2
03:24:38
There you go. So you can get very, very interesting information based on these sorts of things, And then you can start connecting people as well. So say you're investigating me, and you think that I live in Los Angeles. Well, maybe you do a search like this to identify who's communicating for me from within Los Angeles to see maybe if I know those people.
Speaker 2
03:25:00
It's more likely, I wouldn't say more likely, but there's a good chance that I might know those people more so than somebody from another country. Not that I don't know that person, but there's a better chance that I interact with those people on a day-to-day basis. But we'll talk about those sorts of tools and how we can track interactions and everything else in the next video as we start going over tools. But these are some of the basic search operators that hopefully you will find useful and we can move forward with when we're doing our OSINT on Twitter.
Speaker 2
03:25:26
So that's it for this video. I will catch you in the next video as you look at the different web tools that we can utilize to give us an advantage at looking up analytics and data on Twitter users. So I'll catch you over in the next video. Just kidding.
Speaker 2
03:25:39
I'm back. I completely forgot that I wanted to show you 1 more thing before I sign off and we go to the next video. There is this advanced search feature. So everything that I was just showing you now, and this is similar to Google's advanced search feature from way earlier in this course, you can come through here and you can just type in the words.
Speaker 2
03:25:57
So if you want all these words, exact phrase kind of stuff that we went over, You also have the ability to do or, or and or none of these words. So think about that. Think about the language, what accounts to these accounts mentioning same thing we talked about here, the different engagement here. So if you want to see a specific engagement, this is something of interest and then updates as well.
Speaker 2
03:26:20
So this is something that you can come through and just kind of do an advanced search on and utilize this to generate a specific, specific search if you want to. So now that's it. I will add this as well into the description and the resources, but this is what I wanted to show you before we go on to the next video. So for real this time, I will catch you over in the next video.
Speaker 2
03:26:47
Moving on, let's talk about Twitter in a different way. Now in the last video we focused on looking at Twitter and searching from Twitter. Now in this video we're going to look at the different tools that are available to us from the web that we can utilize and log into and use in our OSINT. So let's go ahead and go out to the web.
Speaker 2
03:27:10
Now, if you look at the references below, you'll see that I have a bunch of websites laid out for you. These are all different websites that provide similar purposes. Now they're going to be analytics based or looking into user type deal, something along the lines of just doing a little bit more research on somebody on Twitter or an individual or company or whatever on Twitter. Now, again, I'm going to point this out.
Speaker 2
03:27:35
Things change. Even in the recording of these videos, there were websites that I had planned. Those have gone down. So just keep in mind that if you try this video at a date later than this recording, or you try a website at a date later than the recording of this video, it might be different.
Speaker 2
03:27:51
So just understand the reasoning of these tools. If 1 goes down, do a quick Google search and say, hey, what's a replacement for this tool? I'm sure you'll find it. So what I have done here is I'm just going to come out to these different websites, I kind of want to show you what some of them offer.
Speaker 2
03:28:05
So the first 1 is social bearing.com. What I'm going to do with all these websites, I'm going to log in, you're welcome to log in via your Twitter account, or your sock Twitter account, however you want to do this. I'm just going to log in with my own Twitter account, I really don't care at this point. So just because this is for a demonstration, I'm going to log in with my actual Twitter account, I'm going to come in here and now we have access.
Speaker 2
03:28:27
So who do we want to search, we want to search for a specific keyword, hashtag website, we want to search geolocation, handle people, etc. So maybe we're going to search for a handle. And I'm going to come in here and just say the cyber mentor and see what happens. I'll just copy this because we'll be using it quite a bit, I'm sure.
Speaker 2
03:28:45
So let's go ahead and search the cyber mentor and see what happens here. It might take a second to load the data. But there could be some useful data here that we can find. You see, it's starting to pull down interesting stuff.
Speaker 2
03:28:56
So I was trying to analyze my tweets. You can see by sentiment, it says here, if I'm like, it's great, or if it's terrible, like, am I happy? Am I sad? What's going on?
Speaker 2
03:29:06
Do I reply? Do I tweet a lot? So I reply way more than I tweet, it shows you how many people I reach, this is the estimated followers that I have, how many impressions I have, etc. So this shows you a bunch of different analytics based on just what they're seeing here.
Speaker 2
03:29:23
And this can tell you some information. So what do I share? I share Twitter quite a bit, YouTube, Twitch. I share my Academy website, Porsche Design.
Speaker 2
03:29:34
There were some shoes I was looking at recently. So let's pick that up. What languages do I tweet English primarily. So this can tell you, what are some of the hashtags that I tweet.
Speaker 2
03:29:44
So this is recent, these aren't all the hashtags, These are recent, we can sit up here and just load more tweets, collect more data if we want. You can see the last 200 tweets were over 19 days. Now 400 was over 29 days, we pick up more data here. So you can see that it just picks up like Active Directories in here.
Speaker 2
03:30:02
I am for ILF, which is for a Innocent Lives Foundation. So there's different tags in here that we can follow and track down and see about a user. We have all kinds of stats on the side over here, which could be interesting. What kind of words that I like to use very often.
Speaker 2
03:30:18
And then you can come through here and see what my recent tweets are. And then how it rates them, like red for exclusion is rating it as bad or terrible here. So you can come through and see where handsome is rated as good. So it's interesting how it does this, but you can come through and just see a nice little map of my tweets that are in here, which is of course very interesting.
Speaker 2
03:30:42
So there's that and then you can scroll down the data on the side over here and you can see the different things. But there is some things, there are some things that we can look at as well, like the contributors. You can see the people that I interacted with recently. This could give you an indication as to who I talk to, who I might be friends with, and who I associate with.
Speaker 2
03:31:04
So if you're hunting down somebody, you might want to look into who they're associating with and maybe even go through more tweets than the last 30 days and see who we've been associating with. Scroll through the tags. You can also look through, let's see if it has it on here, yes, the Twitter sources. This could tell you some information as well.
Speaker 2
03:31:23
What does Twitter source here tell you? It tells you a couple things. Well, I post from the Twitter web app quite a bit, But I also use Android. So Android is half my tweets.
Speaker 2
03:31:33
So I'm tweeting from my phone half the time, a little under half the time. And then Streamlabs Twitter, I do a lot of streaming. I use Streamlabs to post a 1 tweet every time I stream. So in the last 30 days, I've streamed 11 times is what this is telling you.
Speaker 2
03:31:47
That tells you that I have a Streamlabs account. And then Zapier, I have a Zapier account that ties into when somebody like, say another content creator produces some sort of content releases it, I have Zapier go out, identify that and then post a tweet for me saying, Hey, this person has released a new some new content. So this is what this is kind of what it looks like. This is just 1 form of analytics.
Speaker 2
03:32:12
There's a lot of analytics that you can gather from here. So we're going to do is we're just going to kind of go through these and just kind of sign in, I'll show you the differences between them. Some of these here are really not that significantly different. Like I don't think these 2 are significantly different here.
Speaker 2
03:32:27
But we've got Twin Otomi as well. You can do the same thing, you can look at your own timeline, you can do analytics, you can analyze your own profile. So if you click on this here or analyze other people's profile, same thing. It'll tell you the amount of tweets between a certain timeframe, it'll show you the tweets, It'll show you the latest followers, the tweet history, just different ways to look at tweets.
Speaker 2
03:32:50
So you can see the people that I interact with again. Here's the person I've retweeted the most would be Joe. The user I mentioned the most outside of my own company would be Joe. So you might have a indication that I might be decent friends with Joe, or there might be some connection to Joe and I.
Speaker 2
03:33:06
Here's the different hashtags that I've used, et cetera. So you can come through here and look at the data again. Down here, you can see the hours of the day that I'm active. So it's interesting because you see that I'm, you could perhaps find, you know, some data here that would say or suggest that I'm active during certain times of the day and I'm sleeping during times of the day.
Speaker 2
03:33:28
Like you would assume based on these right here that I am sleeping during 9am 10am and 11am. That's not true. Even though I'm active during the night, I just have a really weird sleep schedule where I'm up all different kinds of hours. Now I'm usually up at 8am and 9am 10am.
Speaker 2
03:33:44
And I may wake up here and read my tweets or respond to some. But during 9 to 11, I'm typically sleeping. At 12 o'clock, I'm up and I'm streaming, so this indicates, and then as I wake up and progress through the day, you can see my tweets increase. So this is 1 way to look at it.
Speaker 2
03:34:02
There's actually something else over here that I won't go into, but I'll drag it over. It's this website called Sleeping Time. You could sign in with Twitter and also search people. But this, I think, is a great indicator as well for times of the day.
Speaker 2
03:34:14
It's all it's doing is analyzing and saying, Hey, what time does this person sleep? It's just interesting data that you can correlate and suggest maybe that you know where they live. It's a possibility that you can identify this person sleeping from, you know, 8 a.m. Or 8 p.m.
Speaker 2
03:34:29
To 6 a.m. Or 10 p.m. To 6 a.m. Maybe they're on the East Coast or if it's 12 p.m.
Speaker 2
03:34:35
To 6 a.m. Etc. So and this I just realized this is UTC by the way So this could have me pinned down to where this is actually a little bit different here Anyway, so with that being said sleeping times another 1 of these mention maps a great a great tool as well You could sign in with Twitter, which I'll do really quick. Authorize this app.
Speaker 2
03:34:54
And what it's gonna do is just start pulling down data on the latest mentions that you have as a user. You could search other users, you could search mentions, hashtags up here in the corner. I'm not gonna dive too deep into this, but you could see it's starting to pull down data of who I talk to, and then who the people I talk to talk to, and what tags I use, et cetera. And this does cost money if you want to go deeper into this.
Speaker 2
03:35:19
But you can see that like, again, Joe shows up. So what is that showing you that's showing you that there's probably some strong correlation between Joe and I. And then when you look at Joe, if you want to look at Joe, you can see who Joe talks to, and what people he associates with, and maybe there's connections here as well. So just another tool to analyze the analytics or the data of all this.
Speaker 2
03:35:41
The next tool I wanna show you is TweetBeaver. So TweetBeaver is a neat little tool. Let's just sign in here real quick. And I realize I'm going fast through these.
Speaker 2
03:35:52
A lot of these are just repetitive, so I don't expect you to be following along and signing into all these. More or less, just take notes and play around with these once this video's over, as you kind of go through all this information. So the 1 benefit, okay, there's some benefits here as a actual Twitter user. The 1 big benefit I think is that you can convert a name to an ID.
Speaker 2
03:36:13
So if you want to come in here, you can say, hey, the cyber mentor, let's convert that name to an ID. Now I have a Twitter ID. This is good because say that I were to change my Twitter name, this Twitter name would change and then I would be lost. If we're tracking somebody that changed their Twitter name, we could possibly lose them.
Speaker 2
03:36:33
So then what we could do is actually use the number, we can go back and use the number to find the ID instead. So we can convert Twitter ID to a number or to a name. And then we can see that cyber mentor. So I ever changed my handle on Twitter, or if the person we're investigating ever changed their handle on Twitter, then we can find them with their Twitter ID.
Speaker 2
03:36:53
So this is useful to just have. So say you track somebody down, it's always good if you go to Twitter, grab their ID and store that somewhere in case it ever changes. You could also do everything that's in here. So you could check if 2 accounts follow each other.
Speaker 2
03:37:07
Some of the interesting things down here is you can find common followers, you can find common friends, you could find conversations between 2 users. You can also download your data and data of followers, data of everything. So up to a certain amount, like this 1 goes up to 3, 200 tweets. So what you could do is like say the cyber mentor, and then I've got 1 here, I was doing a demo with Nomsec, so Ben.
Speaker 2
03:37:29
Ben and I communicate quite a bit. So if I was looking on Twitter, and I saw that Ben and I were communicating, Ben, and I might want to see what the the conversation between Ben and I is like, so I'm going to come in here, this might take it says allow up to a minute for a search to complete. But what's going to happen is it's going to show all the history within the last 3, 200 tweets that we have between us. So it's analyzing all that data for us, and now it'll come back and it'll say, hey, do you wanna download this?
Speaker 2
03:37:55
Do you wanna display on screen? I'm just gonna say display it on the screen. And then you can see this goes back to July 8th of 2009 all the way through and then comes down to recently. So within November, so this can tell you some interaction.
Speaker 2
03:38:13
This is a great way to just search how people are interacting. So going back to the Joe example, if you saw that Joe and I were interacting, and you wanted to see what the deal was between Joe and I, you could just go here, say the cyber mentor, say Joe's handle, and then submit and see what's going on between us and how we're conversing and maybe if we know each other, there's some details that leak out, et cetera. So all you're looking for in all of this are just details. Any sort of data that can provide any sort of trend or information related to you.
Speaker 2
03:38:43
So another 1 of these would be Spoonbill. Spoonbill's a great website. You don't have to log in, you can connect with a Twitter account, but if you go to spoonbill.io, and then I'll actually paste this for myself in the references, but if you go to Twitter, data, and then the username here, you could pull down the information. Now what this does is it tells you every time that I have ever changed my data here.
Speaker 2
03:39:08
So you know how you go to Twitter, you see somebody's profile page? Anytime my profile page has changed, this will tell you if it's changed. So you can actually scroll all the way down to when I first created my Twitter account. You can see that I added a website right away, and then I added a bio.
Speaker 2
03:39:23
And then over time, I've done some changes, you can see where the changes have happened, you can see the changes to my pin tweets as well as things change here. And then I have changed my name on Twitter a few times as well. So there's there's useful information here where, you know, you could be tracking somebody in perhaps the indicator here is perhaps somebody had their actual name. So you see I have my name in here.
Speaker 2
03:39:47
Perhaps they had their actual name at 1 time. And then they said, No, you know, that's not a good idea. Let's change it to a handle, let's change it to something else. So you don't know what kind of information might be disclosed in Twitter or the history of Twitter.
Speaker 2
03:39:59
So Spoonbill is just another great website to come out to. And then TinfoLeak is another 1. I'm not gonna log into this, but basically you can come in here, let me just hit okay. I can come in here and you can search for leaks.
Speaker 2
03:40:12
You just basically type in a username, an email address, tell them you're not a robot, and they'll send you leak information or potential leak information. I'm going to show you my report here. So they'll send you a link, this is what it looks like. This will just tell you, hey, when was this account created?
Speaker 2
03:40:28
Is the user verified? What's their ID? Here's another way to get the ID. Where's their location?
Speaker 2
03:40:34
You know, and go through these sorts of different things. Again, you can tell the different applications that I'm using here, like Twitter for Android, or Zapier, or Streamlabs. And you can tell where I'm tweeting from, what was the first use of these? When was the last use of these?
Speaker 2
03:40:47
Although the first use of Twitter for Android was not 1027. So this is only going back so far in the history. Now, this will tell you some interesting analytics, what are the hashtags that I've used recently? What are the user mentions that I have, who am I mentioning, who am I talking to, etc.
Speaker 2
03:41:05
So this is another way to look at communications, I'm going to kind of scroll through this. And then another way here, user mentioned detail, the counts, the likes that the post got, etc. So another way to look through this, and just different types of data that comes through here. So I think it's very, very interesting to see this kind of data.
Speaker 2
03:41:26
And there's always again, with with all different tools, it's good to look at the the variety because you might see something on 1 tool that you don't see on the other. So that's really it. I just kind of wanted to cover the analytics here. There's 1 more tool that I want to show you that I think deserves its own video.
Speaker 2
03:41:42
So we're going to cover that in the next video. And then we'll move on to a different social media platform. But I do really want to talk about a tool called tweet deck. So we're going to go ahead and chat about that in the next video.
Speaker 2
03:41:58
The last tool I want to show you is tweet deck. And I think it deserves a video of its own. So let's take a look at TweetDeck and see how powerful that it really is. Now let's go ahead and look here.
Speaker 2
03:42:13
Now you can go to tweetdeck.com that'll redirect you to tweetdeck.twitter.com. You will need to be logged in, so please do log in if you want to follow along with this. I've gone ahead and cleared out my deck here so you can see what it looks like with a blank screen. What is nice about TweetDeck?
Speaker 2
03:42:30
Well, let's take a look at it. You can see everything in basically a 1 page view with columns. So if we go here and say, add a column, and say I wanna add my homepage. I just wanna see anything that is happening here.
Speaker 2
03:42:43
So I'm gonna hit add, and I'm gonna see what happens. And we'll see here now that I've got any tweets that have come on my homepage from anybody that I'm following right here. So this is what's going on right now. I can also come in here and add notifications.
Speaker 2
03:42:58
So now I can track my notifications and my homepage in 1 screen. So if a notification comes through, I'll see that. If something on my homepage comes through, I'll see that I don't have to click around, I'll have to look at notifications. If I want to add my messages, which I won't disclose my messages, but if I want to do that, I can do that mentions followers.
Speaker 2
03:43:16
So if I get any new followers, I can come in here and just say hey, who are my new followers? But where it becomes interesting is you could see other things as well Like let's take a look at trending we could take a look at trending here and say, okay the bachelor The bachelorette is trending right now. Let's just click on the bachelorette. That'll add its own tab So anytime that anybody mentions the hashtag of the Bachelorette, now I've got that in my tweet deck, and it's coming through and I'm seeing it live in action.
Speaker 2
03:43:44
So you can use this, I'm going to delete these, by the way, because I don't want to follow the Bachelorette. But if I want to use this to track a specific user, I can come in here and say user. And now I know I picked on Joe in the last video, I'm going to pick on Joe 1 more time and just say at Joe, helly and come in here and hit enter. Here he is.
Speaker 2
03:44:04
And I'm gonna add a column for him. So now, anytime Joe tweets, I'll know about it. I can see it happen right here in real time. So if I have a board just up and watching, I can see what happens.
Speaker 2
03:44:16
And you can see somebody here just, just tweeted to me. Somebody just mentioned me, or here's my notification where they're responding to me. Okay. So this just updated here within the last 45 seconds as well, while we're recording this.
Speaker 2
03:44:29
And this will give you a pretty good timeline on when I'm actually recording this video. But the other interesting thing that we can do is remember, we talked about search operators in the very first video, we can utilize search operators when we're having or using our tweet deck. So let's say just as a broad example, we want to use Los Angeles, let's go here, let's say I want to look at and you can see some of the ones I've used before. But let's say that I want to look at Los Angeles, I already brought this up, just to make it easy.
Speaker 2
03:44:59
So if you go to Google Maps, you type in Los Angeles, get the location up here, I'm just going to copy this little part. And I've got the coordinates. And I'm going to come back. And then we're just going to say, geo code.
Speaker 2
03:45:15
Paste that in, I'm gonna say anybody within 10 kilometers, this is gonna be a lot of Los Angeles, I wanna see any tweets coming in that area. And you could see 1 minute, 1 minute, 1 minute, 34 seconds now. So what this means is if you have a person that you know lives in a specific area, we have the ability to track them based on a geolocation. If they're sharing that geolocation, we can actually just sit here and watch the tweets come through.
Speaker 2
03:45:46
So if you know where their house is, you can set this to their house and then set this to like 1 kilometer as an example, instead of 10 kilometers. And as soon as it starts updating, it takes a minute for these to come through, but as soon as it does, I mean, these tweets will start flying through depending on how broad we make this search. So this is this is nice, we can come through here and now I have screens, I can see who's talking on my timeline. See, there we go.
Speaker 2
03:46:11
It starts to it starts to fly through as tweets come through. I can see who's talking on my timeline, I can see who's talking to me, I could see what Joe's up to. If I'm investigating Joe, I'm watching Joe now. I can also see anything that's happening.
Speaker 2
03:46:22
Say Joe lives in Los Angeles, I could see what's happening in and around Los Angeles. This is just a small touch of what can be done. Okay, so there's a lot of options here, you can use your search queries, you can look at different lists, you can see the trending users. This is very nice, especially if you want to follow specific hashtags, specific list of people.
Speaker 2
03:46:44
If you want to weed out some of the stuff that you don't want to see on Twitter, this is just talking from experience, and not talking about like just investigation. But if you want to use this as a Twitter user, I think is 1 of the great tool as well, just to be able to have in your back pocket. So something to think about. But this is a fantastic tool beyond the OSINT space, but it has a lot of OSINT power and that's why I kind of wanted to share it on its own.
Speaker 2
03:47:10
So that is it for this video and that is it for the Twitter OSINT. We're gonna move on into the next social media site. So I will see you over there. Let's talk about Facebook OSINT.
Speaker 2
03:47:27
Now Facebook OSINT is difficult to keep up with. There used to be a lot of graph searching that just does not exist anymore. And now we're kind of in this cat and mouse game with Facebook as they update the capabilities to search the platform and to gather information off the platform. It's not a bad thing.
Speaker 2
03:47:48
It's bad for the investigator, but it's good for privacy. So it's kind of this cat and mouse game right now. And I'm going to show you the techniques and some of the things that I know. And some of it might be kind of obvious, some of it's just kind of where the trends are.
Speaker 2
03:48:01
And I'll show you a couple tools that might help you with searching. And we can kind of go into the weeds a little bit. So let's go ahead and go out. Now for Facebook, I actually do not have an account.
Speaker 2
03:48:12
So we're just going to use a fake account that I have. And we're going to just kind of search through it. So this is my my fake Facebook account. And I think when everybody does OSINT, everybody, if you go watch OSINT tutorials, everybody picks Mark Zuckerberg is like the thing to do.
Speaker 2
03:48:31
It's like the hollow world of Facebook, OSINT, apparently. So I'm just going to stick with the trends because I don't want to dive into real people. Not that he's not a real person, but I want to make sure that I don't dive into anybody to not famous, if that makes any sense. So what we're gonna do is we're just gonna try to find him.
Speaker 2
03:48:51
That's the first thing that we wanna do up here. So we're just gonna go to search and we're just gonna say Mark Zuckerberg. All right, and we'll search for Mark Zuckerberg and see what happens. Now we're just getting all sorts of posts that come up, right?
Speaker 2
03:49:06
We're looking at all we're getting posts. We're getting articles. We're getting all kinds of information here about Mark Zuckerberg. And this could be good if we're doing an investigation and looking for somebody specific.
Speaker 2
03:49:16
Uh, but maybe we'll want to find his profile. So we'll go to people first. Now we can specify even more, more down here. We could say, Hey, I want to look at the city.
Speaker 2
03:49:26
I want to look for somebody with specific education or work. So if you know something about somebody like, Hey, I know Mark Zuckerberg went to Harvard, but he has it here as well. You might want to put in education that you know, I'm looking for Mark Zuckerberg from Harvard and we can update the search and see if he shows up and sure enough. He's the only 1 that shows up.
Speaker 2
03:49:46
Okay, so there's 1 way of searching. You can come through here. We can also come through and say, hey, I wanna look at photos of Mark Zuckerberg, and these are public photos. Obviously, this could be people that have posted this.
Speaker 2
03:49:59
It doesn't have to be coming from his account in particular. So we don't know where these are coming from, but it's always good to look at. Videos, Marketplace, Pages, Groups, et cetera. Anything on the side here that you think you could click into I think we're kind of at the point now where some of this is redundant, so I'm not gonna keep hammering home the different things that we can click on, but just think about what you might wanna click on here.
Speaker 2
03:50:20
Now, I'm gonna open up Mark's page, and because we're gonna talk through a little bit of this, I'm gonna just kind of come over here and right-click it, and open it in a new tab, and we have Zuckerberg here. You can see facebook.com slash the Zuck. We'll talk about that in a second. The other thing that I want to point out is that you can search different things.
Speaker 2
03:50:39
So we have, we have Mark Zuckerberg, and we look at photos, right? But these are public photos. What you can do a little trick is you can come in here and you can say something like photos of Mark Zuckerberg. And then you're gonna have not just the photos that you were seeing, but you're gonna have photos that people tagged him in.
Speaker 2
03:51:02
Now this is super interesting because if this person has a super restrictive profile, like say we clicked on their user here and we couldn't see anything, there's no pictures, which is very common with Facebook. Facebook is now super restrictive. A lot of times when you go to somebody's page, unless they've intentionally made it public, you don't get to see much. So Mark Zuckerberg obviously has a very public page.
Speaker 2
03:51:23
But for us, if we wanted to see somebody maybe that was out there that had a public page, we could take a look at this like and I was looking through this earlier. This is very interesting. You come through here and you say, okay, photo of Mark Zuckerberg. Look, this only has 2 likes.
Speaker 2
03:51:38
This only has 4 shares. And this was from
Speaker 1
03:51:41
2006.
Speaker 2
03:51:43
Okay, this is like early, early, early era Facebook. This is like Facebook when it still had.edu addresses Facebook. So this is somebody this account, by the way, has been on Facebook for a long time as well.
Speaker 2
03:51:55
If you open it up, you can see, hey, his name is Aaron. So you can imagine that he's been on there for quite some time. Now, if we're thinking about this somehow, some way, uh, and some point Aaron and Mark interacted now, this is 14 years ago, but they still interacted. And that's the benefit of, if we were just looking at photos with Mark Zuckerberg, we might not see that where if we looked at photos of Mark Zuckerberg, we might see all the different places he was tagged.
Speaker 2
03:52:21
Look, here's another 1. I don't know exactly what their connection is, but clearly they were together at some point. This was in 2005. So you can see that this was even even earlier.
Speaker 2
03:52:32
So they go way back. Right. And then you can see here, this looks like more of a, yeah, I see a more recent photo. So here is a more recent photo from 2019.
Speaker 2
03:52:41
Another person that has met him tagged him in a picture. Now, he's very famous, So he might get tagged quite a bit on a site like this. But even to see like, look at these photos from Harvard. This is 2005.
Speaker 2
03:52:53
He's posting these photos of himself. But, you know, some of these photos could be from somebody else like this is from 2012. So it's very interesting to see the different things here on these websites. So another thing that I want to point out is there are a couple of search engines that we can use to kind of sift through some of this stuff.
Speaker 2
03:53:13
Now 1 of these is this so dust on GitHub, and I'll post a link to this below. And this intel x.io has is a great resource, by the way, is like an overall kind of resource, but it's good that it has a Facebook search as well. And it has kind of like this built in, if you look at the alternate, it's based on the so dust code. So it is like a 2 in 1 tool just has all this already, but I'll provide them.
Speaker 2
03:53:36
So it says, Hey, look, you need to be logged into Facebook, you can search for a particular post by keyword by month, by interval, and then by UID. So there's not a whole lot that you can search for. You can see like, there's, it's so limited nowadays and what you can do. So there's only some tips and tricks that you might want to look through.
Speaker 2
03:53:56
But you can come down here and you can look at the posts. And you can look at different things like say we want to look for posts. Now we want to look through posts by a specific user, it says entity, well, we need an entity ID, we can still still filter by date filter by keyword. And this will do the search for us, we have to make sure that we have a keyword in here.
Speaker 2
03:54:14
And I'm going to show you how to get to the key or the entity ID here in a second, but I know that his entity ID is 4. And then we'll just come in here and type in a keyword. We'll just say something like Harvard, we know he went to Harvard. So I want to see posts about Harvard from from Mark Zuckerberg himself.
Speaker 2
03:54:31
So let's open up in a new window. And let's see what happens. OK, so it looks like we don't really get a whole lot here, and this is this isn't that great of a of from him. Like, I don't see anything in here that actually ties to Mark.
Speaker 2
03:54:48
So these searches are kind of hit or miss. The thing is though, you don't wanna leave this blank because actually this is why, let's add a filter and then let's try to open this up. Let's see if I screwed up here. Okay, so here is our post about Harvard.
Speaker 2
03:55:04
And this is the thing that makes makes it interesting is like, see, you had to be very specific here with the post or else we were limited. So my mistake was actually a good example here. But here you can see where he's talking about Harvard, you can limit that to a specific date and time like here, these are all from 2000. Well, 2017 2015.
Speaker 2
03:55:22
But maybe you're looking for like 2013. You come in here and limit that date. If you don't put anything in here, it'll put a wildcard in this does not usually return anything. Yeah, the wildcard search feature for whatever reason has stopped working.
Speaker 2
03:55:35
You can see that it's pulling down Mark Zuckerberg, but it's not pulling anything down. Now there are features that you can go out there and use tools to pull down the ID of an account, which you see I have the ID of 4 here. There's actually a quick way to do it too that I kind of just want to show you. You could Google a tool and say, hey, I want to know the ID of this account.
Speaker 2
03:55:54
It takes a little bit. If you just right click on a user's page and you say to view the page source, You can come in here and all you have to do is a Ctrl F. And then if you search user ID like this, you can see that it comes up right away for right here, user ID for So it should be 1 of the first things that you see. Here's the user vanity, a Zuck, and I'll make this a little bit bigger so you can see it real quick.
Speaker 2
03:56:22
But like you can see the user vanity is Zuck, but the user ID is 4. We can no longer search on user vanity. We can only search on the ID. So that's where this is becoming important if you want to use tools like this to use the ID number.
Speaker 2
03:56:37
Now, of course, this could change immediately after releasing this because Facebook does change so much. Actually, let me make this a little bigger. But say we do find a person's profile. I kind of gone gone bouncing around a little bit.
Speaker 2
03:56:52
Say we do find a profile. We want to look around, want to see what we can find out about a person. A lot of information here about Mark, who he's married to. You could see the different, you know, the he's founded CEO, where he works, where he went to school, where he lives, where he's from, you could see different pictures of him, life events, you can look through his friends and see if there's any correlation between his friends and who he knows.
Speaker 2
03:57:16
There's also any of the like. So again, photos, videos, you come to more and you can see where he's checked in. So has he checked in somewhere? Here's all the places he's checked in and been.
Speaker 2
03:57:28
You could see if he's checked in somewhere recently, where he's going, where he's gone. Does he like sports? Well, who are his favorite athletes? You can find all kinds of information, and this could be just, you know, you don't you don't know where this could end up being useful.
Speaker 2
03:57:42
So if you have the opportunity of finding a public Facebook profile like this, it's always good to jot down as much information as you can. And again, when you're looking at photos, remember, pictures say a thousand words. You can see all kinds of stuff from just looking into a photo. Like here, it could be a challenge to say, Hey, where is he at?
Speaker 2
03:58:04
Obviously, he's at the European Parliament. He's telling you, but you could say, Hey, where is he at in the world right now? And if you do any sort of like like the CTS or like trace Labs or 1 of those type deals, you might come across users photos and pictures and it might say, Hey, you know, what kind of phone do they have? Or where are they?
Speaker 2
03:58:24
Where are they at? Where was their last known location? You know, can you get a picture of a of a vehicle or anything along those lines? So if you can identify that, it really helps.
Speaker 2
03:58:34
1 time I was doing a trace lab CTF and I saw somebody on their Facebook page had a selfie. And the selfie reflected behind them, the the back window reflected back of their car and you were able to actually make out the model of the car on the steering wheel based on the selfie. So it's very interesting on what you can determine from a picture, especially when somebody is thinking, Oh, I'm taking a selfie in a car, when really, you're giving out a lot of information on what kind of car they're in, maybe what kind of day was outside, what kind of phone they have. There's a lot of information that can be found.
Speaker 2
03:59:07
So if you do find a public Facebook profile, look through it. Otherwise, the photos feature is a very good feature to search through if you go through the photos of, And you just kind of look through and try to see who knows who, how do they know them, try to tie it down. Sometimes, you know, if you go to a friends, they might not have any friends that are public or you can't see it. So if it's really locked down, again, you might have to kind of just make this assumption again, with the trace labs, a lot of times when we're looking for like a say, like a missing person, we might find the missing person, it might be locked down, but we might be able to find photos of them or look through family members or find something where they're interacting, or they're posting recent pictures of them.
Speaker 2
03:59:44
And then we know, hey, maybe this person isn't missing anymore, or something along those lines. So there's a bunch of different scenarios that could happen, but these are just kinds of things that I've seen as I've been going through it. So again, there's not a ton as it's getting more restrictive for Facebook, but there's still options out there to look through. I feel like a lot of it's obvious, so I don't wanna hammer down on all of these, but just do your due diligence when you're doing research on Facebook and make sure you can try to track down as much information as possible and then use the little tricks I showed you by viewing the source and then you can utilize that for some of these other tools that will help you search through it and maybe get through some of this a little bit easier.
Speaker 2
04:00:21
So that is it for this video and that's it for the Facebook OSINT. We're gonna move on into the next social media platform. See ya. All right, let's talk about Instagram OSINT.
Speaker 2
04:00:37
Now Instagram is going to be going right back to the pictures say 1000 words type spiel that you've heard me say over and over again. But on top of that, we have some tools available to us that we can look at, there's not a I don't wanna say there's not a wealth of information. It's just another platform that we can look at, though, it's kind of limited in the searching that we can do. So I'll kind of give you a look into the world of Instagram.
Speaker 2
04:01:02
So if we take a look at my Instagram posts, or in my Instagram page here, if you want to look at a particular user on Instagram, you can go to instagram.com and then forward slash the user. Now you can come in here and look at their pictures. It is limited. Sometimes you can look at the pictures without being logged in Instagram, but it really does get limited into what you can click on, what you can see, etc.
Speaker 2
04:01:26
When you look at Instagram, too, as well, if you come into some of these posts, if you see something in the corner like this, that means there's multiple pictures. So you could see the Boston pictures that I had taken. And I was saying, Hey, you know, kind of look at these, tell me if you could see where I was at. Here's that picture from earlier.
Speaker 2
04:01:44
Now, if you look and look, somebody can identify the Fairmont Hotel is is right here. So people are can identify just from being there knowing it. So but like you can look through pictures and see different things. Obviously, I've harped on that we're not going to harp on that I just kind of want to tell you what we can search for.
Speaker 2
04:02:00
Now you could try to come up here and search for people and see like my name is TCM on here are the cyber mentors, you're probably not going to find me but you can try coming in here and searching an actual person's name. You can say like Heath Adams and see if you can find somebody named Heath Adams. And here are all the people named Heath Adams, you come in here and look for the person that you might be looking for. I wish there was a better way.
Speaker 2
04:02:25
Really, there's not in this sense. You can come in if you have a username, you could search by username. So say the cyber mentor, you could do that and look, it'll pull me up and then see I'm under TCM. So if you were going to search for me, you'd actually have to search for TCM.
Speaker 2
04:02:38
You could also come in here and look for tags. So if you say tag the cyber mentor, you could see that there have been 8 posts about me on Instagram. And then you can come through here and just click on these and see, you know, who has posted about me, what are they saying, etc. You can come kind of look through that as well.
Speaker 2
04:02:57
What you can do, though, is if you are on a user's profile, let's just go to a user's profile. Let's see if we can click on 1 that is not private. Okay, this one's not private. So you can go and look at who these people are following, and see who they're following and if they have any relationship.
Speaker 2
04:03:13
So if I'm looking at people, The first thing that I kind of tend to look at is I tend to look at like, what's the subject's name that I'm looking at? So say it's Adams And I'm probably gonna search through the people that they're following and see if I could find anybody with the last name Adams now It's not as good of a search tool here, when we're looking at it on the website, if you actually use the app on your phone, you have the ability to come through and search. So you can search like last name, first name, whoever, if you're looking for somebody in somebody's friends list, But this is just a nice tool to come through here and just say, hey, I'm looking. You can see if they're following any hashtags as well.
Speaker 2
04:03:50
You can see who's following them, what posts they've made, et cetera. So this is just kind of what you're looking for. You would wanna see, okay, where is this person posted? Has this person been tagged in anything?
Speaker 2
04:04:01
And kind of look at it like that. So I'm going to go back now say my profile was not public. Let's see if I can go back. If my profile was not public, then you would not be able to access any of this information, it would be completely private to to me.
Speaker 2
04:04:16
So depending on who you get might depend on that. Now, if you can associate it, or associate that profile or that name, if it's unique with perhaps another profile, sometimes we see people with multiple Instagrams or multiple Twitter accounts. If you can find another profile that has family members or something related to them or friends or whatever, you can then look at those friends profiles, see if they're public, and then see if you can find pictures of that subject or that person on the profile and just kind of go through it. So as long as you have other ways to tie an individual to somebody else, that's kind of what you're looking for if you're finding yourself up against a private profile.
Speaker 2
04:04:52
But even here, you can come in here and see tags, where was I tagged, who tagged me, blah, blah, blah, and just kind of see who I associate with as well. So you can really spin a web pretty quick if these profiles are public. Now there's a couple other things that we can do. You can see that I have this picture here.
Speaker 2
04:05:11
You can come online actually this isn't the 1 but if you go to this Wopita, I think is how you say it, or Wopida. And you just come in here and you search the Cyber Mentor. You can see that it'll pull up some information here. There are some sites out there that if you look, and we'll go to Google here in a second, but if you look on Google, it'll tell you, like, if the page was ever public and it had some posts or pictures, you might be able to see them in cash form or they might have them stored on their site.
Speaker 2
04:05:38
But you can also come through here and just see this kind of laid out as opposed to what we were seeing like pictures like this. You can actually just kind of see it laid out. This obviously has ads on this page, so it's hit or miss, but you can close out once the ads load. But this is a decent page to click through.
Speaker 2
04:05:54
The other thing is we've talked about the user ID. We talked about finding the user ID on Twitter. It's the same thing here with Instagram. If the user ID ever changes, you can come find the user ID, store that information, and then bring it back later in case they ever changed their username.
Speaker 2
04:06:11
You guys come back and find out where this user is now with this user ID. Another thing that we can do is say that we find a profile and we want to grab that information. And then I know I'm kind of going a little bit quick here with the the names up here, this code of ninja or code of a ninja was the find the Instagram user ID. This is again, all in the resources down below.
Speaker 2
04:06:31
So if you want to click on those and follow along, please feel free. But the other side of this too, is this insta dp.com, you do forward slash profile forward slash the username, you can come in here and say you want to see the image that's here, you can go full size. And then you can see a full size of this image. So now what can we do, we can save this image, we can use this to maybe reverse image search, try to hunt down this image somewhere else.
Speaker 2
04:06:57
And we've been through that drill already, right. So again, we have an image. And that's what we're tracking. Same thing with this website, imagein.com.
Speaker 2
04:07:06
If you do imagein forward slash the account that you're looking at, you come here, you can look at the post, you can see the download next to the image up here, you can download this, Or you can download any of these posts that you see here. So any of these posts. Why is that important? Because if you were on say Instagram here and you right click, sometimes it doesn't let you save the picture.
Speaker 2
04:07:27
If it tries to save this, it might save it as like a HTML or something that's not right. You can come in here and actually just download the actual image from the site. And that's nice, you get the full image, nothing like you don't have to crop, you don't have to try to screenshot, do anything, you just get the full image. So this is a nice way to come through and download artifacts in case you need them later to have a report or for your case or however it may be.
Speaker 2
04:07:51
And then lastly, please don't underestimate Google. So you might have a search where it's just like the cyber mentor and then you might say site Instagram.com All right. So anybody that search for or any anywhere the cyber mentors come up, obviously my page, but if somebody mentioned me somewhere on here, or maybe if we just search for the cyber mentor without or we put in quotations, or we just say like the cyber mentor like this. Think about the ways that you might be searching this.
Speaker 2
04:08:21
You might even just say the cyber mentor and no site. You might just say something like Instagram and see if it finds anything about me somewhere else. So you can see the like these different websites that show up here with Instagram photos, and you might be able to pull that down and as well and see if there's anything of there that maybe is not on my profile anymore that I have pulled down, or that maybe I deleted, etc. So just things to get your wheels spinning and thinking about.
Speaker 2
04:08:50
Again, it's just more of the same as you go across these different profiles. The techniques change a little bit, but the concepts and the methodology really doesn't. So that's it for Instagram OSINT. We're gonna move on to the next social media platform.
Speaker 2
04:09:08
This is going to be an incredibly short video because Snapchat doesn't have a ton of OSINT in my opinion, in the sites that are out there, like, there's a site called snap decks, I don't think it's really that great. So I kind of want to show you 1 other feature, because we've already covered how I would enumerate Snapchat. Basically, if you're you're looking for OSIN on Snapchat, you can use the username search feature, you can correlate usernames that way, you could try slow typing and seeing if something comes up and you could find a user that way as well. Perhaps there's a name in the username and it ties to an individual.
Speaker 2
04:09:44
We've already covered those kind of thoughts in the username section. There's 1 other thing that could be useful. And just 1 thing I kind of want to point out, and it's that Snapchat has a map, you can access the Snapchat map by going to map.snapchat.com. Now this is a feature if you've ever used a Snapchat app, this is actually a feature within the app as well.
Speaker 2
04:10:09
You can scroll into specific locations, and you can kind of see the hotbeds where there's a lot of pictures being taken. And what this is, is when somebody takes a picture on Snapchat and then they go and they post that publicly It shows up here. So you could really narrow down to specific locations And I'm always it's always dangerous to click on these sometimes because you have no idea what you're gonna see. But let's say that we're trying to look at Jacksonville, maybe this specific area.
Speaker 2
04:10:37
Here's looks like an airport. Let's just click on this and see what comes up.
Speaker 1
04:10:42
All
Speaker 2
04:10:42
right, and we can see some pictures here. It really just depends on what you're going to see. So on the post, sometimes people reveal their personal information.
Speaker 2
04:10:53
Sometimes they reveal like a snap code where you can add them. This is just another feature of things that we could potentially look for in this app. Just try to narrow something down if we're looking for a specific location within, um, within an area. So if you're trying to find out information, say in, at this airport, or if you know, somebody who's at the airport, maybe it doesn't hurt to look on Snapchat, but this is kind of 1 of those, I don't wanna call it advanced OSINT, but just something else that you should know about if you're looking at Snapchat for this feature and you have a location.
Speaker 2
04:11:25
Other than that, like I said, short video, we're gonna go ahead and just move on to the next topic within social media. So I'll see you in the next video. Again, another short video because we've kind of already covered Reddit a little bit, but we're going to revisit Reddit and we're going to just show how we can find a treasure trove of information fairly easily on Reddit with either Reddit searching or Google searching. So let's go ahead and go out to the internet and I'm gonna go to reddit.com And there are a few benefits here.
Speaker 2
04:12:03
So we can search here on Reddit. And remember, we can search for a specific username as well if we use any of our name check tools that we used. But you can always come into Reddit and say if you want into the taskbar, but you could go reddit.reddit.com slash you slash say the cyber mentor if you wanted to check out and see if that user existed. That's 1 way to find me, of course, name check would be another 1.
Speaker 2
04:12:28
But say you're on Reddit, and you want to search, you can come out and just say the cyber mentor. And you could see here, well, look, there is a, there is a are the cyber mentor, which is funny, because I don't actually didn't even know about this. So this is new. There's a user, the cyber mentor, which is me, somebody must have put this together, created May 13th,
Speaker 1
04:12:50
2020.
Speaker 2
04:12:51
So somebody did this, but that's cool. Anyway, there is also like any post you could see it's highlighted where somebody has put the cyber mentor in here. You can find that, or if somebody potentially talks about me like in these OSCP or these hacking channels, there's a good chance that somebody was mentioning me somewhere within these.
Speaker 2
04:13:11
Because the TCM is another 1. If you tried searching for TCM, you're probably going to find like Turner classic movies and all kinds of other stuff. But you can come in here and you'll see you're looking at best results, relevance, sort by relevance, post from all time. You could sort by hot, if there's any like trending posts with my name in it.
Speaker 2
04:13:31
You could sort by if there's any new posts with my name in it. So you can kind of go through this. And this is just best results, you can come through posts as well and just see how this works out. Another thing is that you can come in here and actually put this into quotes.
Speaker 2
04:13:45
So and see if that produces anything better and more specific. Now we kind of get out of some of the same results, but we also, it looks like this is a little bit different. So potentially depending on how you search and if you use quotations or not, you can change things up. Let's look at the the new posts again, and see how that's changed.
Speaker 2
04:14:07
And the new post now is from 14 days ago is last time it was from 4 days ago. So depending on how we search, this is more specific. You could also search by my name say Heath Adams, etc see if that works out the other thing that you could do is you can come to Google and You could just search like the cyber mentor and then just say site Reddit comm now read it by far is is 1 of my favorite resources to use. I tell this to people when I'm giving them advice.
Speaker 2
04:14:38
It is 1 of the best ways to do research. The chances are, if you have a question and you want that question answered, chances are somebody's already asked that question on Reddit. So I will literally go to Reddit for almost any of my questions first before even saying, hey Google, how do you answer this? I'll say, hey Google, cite Reddit, how do you answer this?
Speaker 2
04:14:57
Because there's almost always something on there. So here you can see that there are 2, 600 results of people mentioning me somewhere on Reddit. You can try narrowing this down. You can even type in like, again, you could say like Keith Adams.
Speaker 2
04:15:16
And then you can even narrow this down more. This is just getting back into Google Foo, but you could say maybe they want to reference the OSCP. So somewhere in text, OSCP. Now we narrow that down to
Speaker 1
04:15:28
806,
Speaker 2
04:15:30
et cetera. So we can just see how this works and how this goes through. But please do not underestimate Reddit for a research potential.
Speaker 2
04:15:40
Now, the other thing too, before we go, is you saw me as a user. You have the ability to come in here and see, okay, these are my posts. You can see what posts I make, but you can also see what comments I've made. So you could see the comments here and what I was posting when I was last active.
Speaker 2
04:16:00
I have seen people give out their name, I've seen people give out their location, I've seen people put some crazy stuff in here. There was actually 1 time where I was investigating a case and in that case, this person was posting some really nasty stuff on Reddit. Well, what they had done is they had just put in tiny bits of information like, hey, I am a graduate student at this school. And then they said, hey, I have this certification.
Speaker 2
04:16:31
And it didn't take long before there were only so many people at that school that had that certification that really could be narrowed down. And we were able to identify who the individual was. So you have to be very careful what you post because even the tiniest shreds of information, even though you have no name or anything posting here, you know, it's really easy to just put out enough little bits of information that somebody can eventually identify you. So the comment history and post history is always important when you're looking through this.
Speaker 2
04:17:02
A user might not have a lot of posts, like you'll see in here that I've got a lot of posts, but they might have a lot of comments, or it might be the other way around where they're just posting a bunch but not really commenting. So it depends on the user depends on the account. But again, this is something that you should not underestimate from a research perspective. I think Reddit is 1 of the most information wealthy platforms that's out there.
Speaker 2
04:17:23
So that's it for this video. We're going to move on to the next video in the section. Let's take a look at LinkedIn OSINT. So LinkedIn is the social media for business professionals and it can reveal a wealth of information about people.
Speaker 2
04:17:46
So I'm going to go ahead and switch over. I'm going to show you a fake LinkedIn profile I have but I'm going to try searching for myself and see what information that we can find about me. This might not be bad practice for you if you have a LinkedIn to maybe search from a profile that's not yours and see what you've got out there. I don't know how actually limited my profile is.
Speaker 2
04:18:06
I do remember making it kind of limited, so we'll see what we can actually find on me. Now you can see here that I'm a third plus connection, so I might not be able to see much results about me. Here, you can see that, well, there is this backdrop. So let's take it step by step and see what we can see from my profile.
Speaker 2
04:18:25
My image is hidden. So obviously, I'm not showing my image to people that aren't a connection of mine, or maybe a first or second connection of mine. So there's no image here. Um, but there's still information now say there were an image.
Speaker 2
04:18:39
You should be able to right click it here, open image and new tab. And then you would be able to reverse image search that. Unfortunately, since that's not there, we don't have that opportunity. You have the ability here with the same, this concept with this image, we can grab this banner image here, full size, go take it and then try to reverse image search that and see if there's anything of particular.
Speaker 2
04:19:00
Another thing that we can point out, maybe we have a unique username up here. Maybe this is something different than what we've been using, or maybe we've tied this to our profile based on this username, but there could be some potential for going out to Google, checking on this username, seeing what we can find here. Other stuff that we might be able to identify. Well, we might be able to come in here and see if there's contact info.
Speaker 2
04:19:24
So if you look at contact info, you can see sometimes people's phone numbers are in here, Their birthdates are in here, their email addresses are in here. There's a lot of personal information that I have seen just on a contact info page. So if you're watching this, check your contact info, make sure you're not disclosing any information that you don't want to, because it's very easy to accidentally do that on LinkedIn. Now here, you can see that I am a member, a paid member of LinkedIn.
Speaker 2
04:19:50
I've got a premium badge. You can find out some information about me. It says that I live in Washington, DC in the United States. So we can find location information.
Speaker 2
04:20:00
We can also see the activity that I have. So I'm going to open this in a new tab, but you can come through here and just kind of see what I've been up to. So what have I been posting? Even though my picture is private, I still have all this stuff here where I'm posting.
Speaker 2
04:20:13
You can see everything about my life and just kind of what's going on here. So you can go through my history in this sense. The other thing that you can do too, is you could say, okay, well, what else is here? Well, I'm a founder of something called TCM security.
Speaker 2
04:20:30
So if I right click and open that up, that could lead to a whole another avenue. Look, we have a new image to look for. We can look at about, we could look at the different postings that we have. Here's a phone number.
Speaker 2
04:20:44
We have the ability to look at where this company's headquartered. So that might tell you, you know, where I live or where I have lived. You could see what people are on LinkedIn for this. So, you know, who works at my company would be a good place to start.
Speaker 2
04:21:00
And you can see, depending on where you're at and, you know, who you have connections with, the better LinkedIn works for you. So if you have an account that's connected to quite a few people, if you connect with like say LinkedIn open networkers, they're called Lions. If you connect with those sorts of peoples, and let's see if we can just kind of type in lion and see if it comes up. Basically, if you accept those people or you reach out to these people, they will accept your friend requests.
Speaker 2
04:21:28
The issue is if you reach out to people and they don't know who you are and they say they don't know who you are, those people can say, I don't know who you are and LinkedIn will eventually shadow ban you or completely ban you for just going out and just applying to people like that or requesting people like that. So my suggestion is to come out to some of these LinkedIn people and try to connect with some of these open networkers and see what you can do. But here going back through you can see all the different jobs or experience that I have and that I've worked. You could see potentially what education I have, although I have my education obfuscated here.
Speaker 2
04:22:06
I did not go to Ohio State Beauty Academy or Ohio State College of Barber and Styling. I'm just kind of being facetious when I put that stuff up there. But same thing with licenses, you can kind of understand what education I got when I got it, possibly where I was during certain timeframes. So that's a wealth of information.
Speaker 2
04:22:26
You can see who's endorsed me and for what. So a lot of people have endorsed me for ethical hacking, penetration testing, coaching. You can also see people that have given me, or yeah, given me recommendations. So I might know somebody here, like you could see Heath worked directly with Cage in the same group.
Speaker 2
04:22:46
So this is somebody that I worked with. This is somebody that I did not work with. And it tells you that. And it even says, hey, who have I given a recommendation to, which tells you who I've worked with in the past.
Speaker 2
04:22:55
So this will give you an indication as to some of the people that I actually know directly enough, well enough to either receive a recommendation from or to recommend. We have different projects here that I work on and you can get more information possibly from there, publications, any sort of interest. So you could see like this is a accounting firm, Epic was a group in Toledo, Ohio that I was in. There's all different sorts of things, like a veteran network.
Speaker 2
04:23:22
So that might indicate that I was part of the military. There's a lot of stuff that you can find. There's a possibility too, if you're able to make a connection, then you can go through the individual's connections and actually see who their connections are and kind of go through it kind of step by step. So there's all sorts of things here that we have the ability to see.
Speaker 2
04:23:42
And again, I'm not going to go through every single possible detail. I feel like we've kind of covered that as we've gone through the course. Your wheels should be spinning now on how you can collect information and everything is value. If you find a profile like this, you should be taking notes on everything that is pertinent to your investigation or your research.
Speaker 2
04:24:06
So I would be going through my activity, seeing what I can do here. And it also tells you like, look, 16, 000 followers on LinkedIn. That tells you how many connections beyond, potentially beyond I have, even though connections and followers are slightly different, you can tell that there's probably a high correlation. So there's thoughts here, right, that you can go through and look through this stuff.
Speaker 2
04:24:28
And hopefully this is starting to make sense now. So my recommendation is, if you're going to make a fake profile, you're gonna make a sock account, maybe reach out to some people that you don't know to build your network, these people are usually well connected. And when they're well connected like that, you tend to start to reach out because with LinkedIn, how it works, you need to be like a third connection or a second connection. You saw when I searched myself, I was a third plus.
Speaker 2
04:24:51
So I need to find somebody maybe that's connected to me or yeah, to me if I wanted, and then I would go in there, add that person and then get them. And now I'm a second connection to myself. That makes sense. I know it's a little bit of inception, but my fake account would then be a second connection to this account.
Speaker 2
04:25:10
So something to think about how you might approach that. Definitely don't approach the wrong people because you can get your account banned, possibly even shadow banned from LinkedIn. So just be careful when you approach it that way and just try to be discreet when you're reaching out to some of these people as well. So hopefully that all makes sense.
Speaker 2
04:25:29
That is it for this video. We're gonna go on and move on to the next video in this social media section. So I'll catch you over in the next video. And 1 final short video for this section, We're going to take a look at TikTok.
Speaker 2
04:25:48
Now TikTok is 1 of those applications that when it first came out, holy crap, it was not secure whatsoever. There was so much information that was being leaked out there. They have actually done a better job when it comes to preventing some of the data leakage and have kind of helped stop us in our tracks a little bit. I'll show you some of the information that you can gather.
Speaker 2
04:26:11
Back in the day, it used to be a platform called Musically. And Musically, you could see pretty much any information that you wanted. And I'll kind of bring up this page here. And this is just a popular TikToker here.
Speaker 2
04:26:25
So if you come up to tiktok.com and you just put the app and then the username, you could search that individual and find them here. What you used to be able to see, not only were all the public videos here, you could also see the likes. So you could see users' likes. Back in the day on TikTok as well, you could come in here and you were able to see a lot of stuff.
Speaker 2
04:26:50
Like if a user, say you come in here and you like this video and then the user deleted the video, it would still be stored in somebody else's likes. You would always be able to go back and access that. Even if the profile went private or anything along those lines, there was a lot of flaws that existed with this in all kinds of crazy stuff on that platform. It was the wild, wild west back in the day.
Speaker 2
04:27:12
Nowadays, it's kind of locked down a little bit more. You can't even click in here and see who this user is following. You can't really see who their followers are. You just be able to click on these sorts of things and get information.
Speaker 2
04:27:24
Some of the things you can do is obviously look at their videos, see the information that is possibly available to you and kind of try to gather that sort of data. The other thing similar to TikTok as well is that you can right click on a picture, open that image in a new tab, and then guess what? You have this image in full size now that you can go and do reverse image searching on. So there's still data that we can gather off of profiles like this, and this might seem redundant because we've shown it before, but I do think it hammers down the concepts in your brains just a little bit.
Speaker 2
04:27:58
So keep in mind, pictures, videos, however you want it to be, say a thousand words. This image here can be reverse image search. We can do a lot of stuff that we can kind of try to tie back to other users. Even though TikTok has done a good job of locking a lot of things down, there's still some OSINT that we can do based on a profile.
Speaker 2
04:28:16
Again, you can do Google searching and try to find information on that user for specifically for TikTok. See if there's any historical data out there. There's a lot of stuff that we can do that I'm not gonna keep repeating over and over, but this is just another platform to be thinking about. And as new platforms come up, as new platforms are arriving on the scene, I think as of right now, there's a new platform out there, Parler.
Speaker 2
04:28:38
There's just like they keep coming up. So like, keep thinking about all the different platforms that are out there and ways that you could perhaps be searching these platforms for for information when you're looking for an individual or you're looking for information about something specific. So that is it for this section. From here we're gonna move on to 1 of my favorite topics which is website OSINT and I will see you over in that section.
Speaker 1
04:29:06
We have reached the end of our 4 and a half hours together. I hope that this course has been enjoyable for you. And again, If you are interested in seeing the other half of this course, you can do so at the TCM Security Academy.
Speaker 1
04:29:22
I'll provide a link in the description as always. And please, please do consider hitting that like button and hit that subscribe button, hit the bell so you get notifications when we post more content like this course or like other ethical hacking courses or any cybersecurity related content at all. We would love to have you as a subscriber and keep you up to date on the latest cybersecurity trends and tools and news. So until next time, my name is Heath Adams, aka The Cyber Mentor, and I do thank you for joining me.
Speaker 1
04:29:54
Peace out.
Omnivision Solutions Ltd