SlideShare une entreprise Scribd logo

OSINT x UCCU Workshop on Open Source Intelligence

Philippe Lin
Philippe Lin

OSINT is a reconnaissance of intelligence from publicly available information to address a specific intelligence requirement. The slides are used in UCCU's workshop of OSINT.

Logiciels
1  sur  72
Télécharger pour lire hors ligne
OSINT x UCCU Open Source Intelligence miaoski @ UCCU 2017.11.18
miaoski • Senior threat researcher in Trend Micro • Threat intelligence • Smart City • SDR • Arduino, RPi, embedded
Outline • Module 1: What is OSINT? • Module 2: Using Search Engine • Module 3: Social Media Profiling • Module 4: Domain / IP Profiling 3
References 林豐裕、李鎮宇、黃健誠、張佩 嫈 編譯 4/e Michael Bazzell 5/e https://inteltechniques.com/menu.html
Disclaimer 1. Sponsored by UCCU + ITRI 2. Respect privacy and laws 3. Make sure you know what you’re doing 4. Be responsible
Before we start • Download VirtualBox • Download Tails or Buscador • https://inteltechniques.com/buscador/index.html • https://tails.boum.org/
Module 1 What is OSINT?
What is OSINT? • 主體是人 • Reconnaissance of intelligence • From publicly available information • To address a specific intelligence requirement • Newspaper, blog, search engine ... • Government documents • Often undervalued though significant
Why OSINT? • New employee • Criminal investigation • Missing children / Runaway children • Human trafficking • Vandalism • Stealing • NOT to manhunt or SJW on Dcard / PTT / ... 肉搜請洽 lionbug 正義魔人可以去 reddit.com/r/rbi Dcard 請洽 lionbug
OSINT Includes but Not Limited to • Location • Real Name • Online ID / group / community • Phone number • Email • Credit card number / Bank account • Date / Time • Documents • Domain / IP address • URL
Example: Android Malware
Example: Keylogger
Example: from a Mutex • Mutex: awdaw2214a • ayool2day[.]biz • born in 1984 • Lives in KL • ma2dayzs[.]com (domain) http://www.trendmicro.com/vinfo/us/security/news/cybercrime- and-digital-threats/staying-safe-from-irs-scammers-tax-fraud
Protect Yourself! (1) • Firefox plugins • LiveUSB • VM • Buscador • Tails • VPN and/or Tor • PIA • NordVPN • Hola!VPN
Protect Yourself! (2) • New email • New Facebook account • New Twitter • New cell phone • New laptop
Firefox (1)
Firefox (2) Not in Firefox 57: • Copy all links • Search Image Anywhere • NoScript Manual install: • YouTube downloader • wget
Module 2 Search Engines
In this Module ... • Google dorks • Email recon (X) • Middle name (X) • Education • Genealogy • Real estate or rent-a-car • Tax records
Google Dorks (1) • "someone@gmail.com" • site:ntu.edu.tw "Some Document" • Cisco filetype:pptx • bazzell -fbi -osint -amazon -books -intelligence • inurl:ftp -inurl:(http|https) filetype:pdf osint • intitle:osint • "osint * training" • "osint * training" "2015..2017” • ext:pdf trendmicro
Google Dorks (2) • https://www.google.com.tw/search?q=osint+tools&tbs =cdr:1,cd_min:1/1/0 • https://www.google.com/inputtools/try/ • Google image reverse search
Google Dorks (3) • site:newspaperarchive.com "this archive is hosted by" • google.com/search?q=nsa&tbm=nws&tbs=nrt:b
Bing / Yandex • linkfromdomain:trendmicro.com • contains:ppt site:trendmicro.com
Cache • Google • Bing • Yandex • Baidu • Archive.is • Coralcdn.org (?) • Archive.org
Other Search Engines • duckduckgo • keywordtool.io • carrot2.org • millionshort.com • globalfilesearch.com • mmnt.ru (?) 👉 https://inteltechniques.com/menu.html
Phone / Name • opencnam.com • Calleridservice è Free API key • next caller è Need to contact sales • Truecaller è like Whoscall 👍 • Spokeo • Genealogy
Exercise • Google First! Donald J Trump Jr. • 1977.12.31 (Wikipedia) • Tips: Need phone numbers to exercise? Search backpage or craiglist. 11/17/17 32
Example – Spokeo ß Birth place
Example – Pipl • (Optional) Register for API trial key
Example – Ancestry • www.ancestry.com è 14-day free trial
Example – True People • Family Tree Now (?) • True People (X)
Example – ZabaSearch
Example – Others WPNumbers Quanki
Example – Make a Table (212) 421-7136 (561) 835-9470 Donald Trump 1110 S Ocean Blvd, Palm Beach FL. (864) 292-9070 David Hanna 109 E 50th St NY 10022 IP Address 208.99.198.79 David I Hanna (916) 920-4631 Teresa Blake Scrm North, CA Teresa A Blake (954) 684-9492 Hanh Pham DonaldTrump 1211 White Stone Way, Davie FL. IP Address 134.170.109.165 (916) 920-4631 might have nothing to do with Donald J Trump Jr. Visit zillow.com for real-estate
Tea Time 🍕🌭🍔🍟☕🍵
Module 3 Social Media Profiling
Social Media • Facebook • Instagram • VK • Twitter • Dating • OkCupid / Match / Plenty Of Fish / eHarmony / Ashley Madison • 中國特色 • 人人 / QQ / 淘寶 / 微博 / 陌陌
Create New Accounts 1. KeePassX 2. Email account #1 è Google 3. Email account #2 ProtonMail 4. Phone è TextNow, Google Hangout 5. Twitter* 6. Instagram 7. Facebook** *Don’t associate with a phone number. ** Virgin account is not as precious.
Facebook ...
Facebook Dorks • https://inteltechniques.com/menu.html • users-named • pages-named/employees/present • users-born • Location • Likes • Education • Search by email • Search by phone number* • It doesn’t tell what’s not public anymore L
Facebook Graph API • Before you start – Use yourself as the target • Use or switch to English (US) • https://inteltechniques.com/menu.html • Get userid • Populate all • Check all the details
Twitter • twitter.com/search-advanced • twitter.com/#!/who_to_follow • Twitter Deck • moz.com/followerwonk/bio • ctrlq.org/first/ • sleepingtime.org • twiscy.com • Google Dork è site:twitter.com/username • Last 2 digits of cellphone !!!
Twitter – GPS • tweetpaths.com • mapd.com/demos/tweetmap • https://twitter.com/search?q=geocode%3A25.0220839 %2C121.5471991%2C2km&src=typd • https://pbs.twimg.com/media/DOW91xRW0AAEjSO.jp g:orig
Twitter – Ecosystem • fakers.statuspeople.com • trendsmap.com • twitonomy.com • mentionmapp.com
Instagram • 4K Stogram or DownloadGram • Strips EXIF data • Facebook / Instagram / Twitter strip EXIF data. • Not much we can do L
Tools and Sites • social-searcher.com • del.icio.us • Flickr map search • mypicsmap.com • www.topix.com/pick-local • craigslist.org 11/17/17 51
”Add Friend” Does Not Help You • Don’t believe in “Add Friend” and cancel. Facebook has removed the feature.
Module 4 Domain / IP Profiling
Common Sites • Whois • viewdns.info • VirusTotal • PassiveTotal (RiskIQ) • MaxMind GeoIP2 • Bing IP • sameid.net • NerdyData
Whois • Again, check https://inteltechniques.com/menu.html • whois swiftco.net / host DOMAIN / host IP
Historical Whois Data Registrant Name: Henry Goss Registrant Organization: swift communications Registrant Street: 2001 6th avenue Suite #3020 Registrant City: Seattle Registrant State/Province: WA Registrant Postal Code: 98121 Registrant Country: US Registrant Phone: +2067282736 DomainTools or DomainHistory.net
Reverse Whois • viewdns.info or DomainTools
Historical IP of 216.9.6.248 Domain Last Resolved Date aerospacetacomapierce.com 2017-11-05 aerospacetacomapierce.org 2017-11-10 aniota.com 2017-11-05 becomenala.com 2017-11-05 cannonconstructioninc.com 2017-11-05 capitolhillarts.org 2017-11-10
Lookup Domain from IP Domain Last Resolved Date chrisandhyeyoung.com 2016-02-01 lordofthepipe.com 2016-02-01 swiftco.org 2017-11-10 traffictrader.net 2017-11-06 City: Seattle Zip Code: 98138 Region Code: WA Region Name: Washington Country Code: US Country Name: United States Latitude: 47.6062 Longitude: -122.332 Just like GeoIP, not accurate
Spyonweb + DomainTools 11/17/17 61
Censys + Shodan Basic Information OS Unix Network 25700 - SWIFT VENTURES Inc (US) Routing 204.13.167.0/24 via AS7922 , AS11404 , AS18530 , AS18530 , AS25700
VirusTotal
VirusTotal – Subdomains $ curl -s 'https://www.virustotal.com/ui/domains/swiftco.net/subdo mains?limit=10' | grep self | awk -F/ '{print $6}' | awk -F¥" '{print $1}’ rwhois.swiftco.net mail.swiftco.net kb.swiftco.net vh2.swiftco.net tim.swiftco.net support.swiftco.net prvtrc.swiftco.net klaus.vh.swiftco.net games.swiftco.net blog.swiftco.net swiftco.net
PassiveTotal (RiskIQ) 65
GeoIP2 • https://www.maxmind.com/ja/geoip-demo
DomainTools (Not Free) (1)
DomainTools (Not Free) (2)
Miscllaneous
Miscellaneous Tools • nsfwyoutube.com • anonymousmail.me • Social Traffic on IntelTechniques • karmadecay.com • wigle.net
Epilogue • API will change • Paywall will be built • Webpage will disappear • Not covered ... • Radio monitoring • Localization • Government documents • DMV data • Reverse video searching • Etc.
Be Responsible! Contact: @miaoski

Recommandé

Bsides Knoxville - OSINT
Bsides Knoxville - OSINTBsides Knoxville - OSINT
Bsides Knoxville - OSINTAdam Compton
 
Osint
OsintOsint
OsintKamal Rathaur
 
Open Source Intelligence (OSINT)
Open Source Intelligence (OSINT)Open Source Intelligence (OSINT)
Open Source Intelligence (OSINT)festival ICT 2016
 
OSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligenceOSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligenceDeep Shankar Yadav
 
Different Methodology To Recon Your Targets
Different Methodology To Recon Your TargetsDifferent Methodology To Recon Your Targets
Different Methodology To Recon Your TargetsEslamAkl
 
Tools for Open Source Intelligence (OSINT)
Tools for Open Source Intelligence (OSINT)Tools for Open Source Intelligence (OSINT)
Tools for Open Source Intelligence (OSINT)Sudhanshu Chauhan
 
Offensive OSINT
Offensive OSINTOffensive OSINT
Offensive OSINTChristian Martorella
 
OSINT
OSINTOSINT
OSINTApurv Singh Gautam
 

Recommandé

Bsides Knoxville - OSINT
Bsides Knoxville - OSINTBsides Knoxville - OSINT
Bsides Knoxville - OSINTAdam Compton
 
Osint
OsintOsint
OsintKamal Rathaur
 
Open Source Intelligence (OSINT)
Open Source Intelligence (OSINT)Open Source Intelligence (OSINT)
Open Source Intelligence (OSINT)festival ICT 2016
 
OSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligenceOSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligenceDeep Shankar Yadav
 
Different Methodology To Recon Your Targets
Different Methodology To Recon Your TargetsDifferent Methodology To Recon Your Targets
Different Methodology To Recon Your TargetsEslamAkl
 
Tools for Open Source Intelligence (OSINT)
Tools for Open Source Intelligence (OSINT)Tools for Open Source Intelligence (OSINT)
Tools for Open Source Intelligence (OSINT)Sudhanshu Chauhan
 
Offensive OSINT
Offensive OSINTOffensive OSINT
Offensive OSINTChristian Martorella
 
OSINT
OSINTOSINT
OSINTApurv Singh Gautam
 
Open source intelligence
Open source intelligenceOpen source intelligence
Open source intelligencebalakumaran779
 
From OSINT to Phishing presentation
From OSINT to Phishing presentationFrom OSINT to Phishing presentation
From OSINT to Phishing presentationJesse Ratcliffe, OSCP
 
Getting started with using the Dark Web for OSINT investigations
Getting started with using the Dark Web for OSINT investigationsGetting started with using the Dark Web for OSINT investigations
Getting started with using the Dark Web for OSINT investigationsOlakanmi Oluwole
 
Empowering red and blue teams with osint c0c0n 2017
Empowering red and blue teams with osint c0c0n 2017Empowering red and blue teams with osint c0c0n 2017
Empowering red and blue teams with osint c0c0n 2017reconvillage
 
Owasp osint presentation - by adam nurudini
Owasp osint presentation - by adam nurudiniOwasp osint presentation - by adam nurudini
Owasp osint presentation - by adam nurudiniAdam Nurudini
 
OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...
OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...
OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...Falgun Rathod
 
OSINT for Attack and Defense
OSINT for Attack and DefenseOSINT for Attack and Defense
OSINT for Attack and DefenseAndrew McNicol
 
OSINT with Practical: Real Life Examples
OSINT with Practical: Real Life ExamplesOSINT with Practical: Real Life Examples
OSINT with Practical: Real Life ExamplesSyedAmoz
 
Osint presentation nov 2019
Osint presentation nov 2019Osint presentation nov 2019
Osint presentation nov 2019Priyanka Aash
 
OSINT - Open Source Intelligence
OSINT - Open Source IntelligenceOSINT - Open Source Intelligence
OSINT - Open Source Intelligencec0c0n - International Cyber Security and Policing Conference
 
OSINT: Open Source Intelligence gathering
OSINT: Open Source Intelligence gatheringOSINT: Open Source Intelligence gathering
OSINT: Open Source Intelligence gatheringJeremiah Tillman
 
Let’s hunt the target using OSINT
Let’s hunt the target using OSINTLet’s hunt the target using OSINT
Let’s hunt the target using OSINTChandrapal Badshah
 
Open source intelligence information gathering (OSINT)
Open source intelligence information gathering (OSINT)Open source intelligence information gathering (OSINT)
Open source intelligence information gathering (OSINT)phexcom1
 
NcN2015. Técnicas OSINT para investigadores de seguridad.
NcN2015. Técnicas OSINT para investigadores de seguridad.NcN2015. Técnicas OSINT para investigadores de seguridad.
NcN2015. Técnicas OSINT para investigadores de seguridad.Internet Security Auditors
 
Jesús Alcalde & Daniel Gonzalez- - OSINT: La verdad está ahí fuera [rooted2018]
Jesús Alcalde & Daniel Gonzalez- - OSINT: La verdad está ahí fuera [rooted2018]Jesús Alcalde & Daniel Gonzalez- - OSINT: La verdad está ahí fuera [rooted2018]
Jesús Alcalde & Daniel Gonzalez- - OSINT: La verdad está ahí fuera [rooted2018]RootedCON
 
osint - open source Intelligence
osint - open source Intelligenceosint - open source Intelligence
osint - open source IntelligenceOsama Ellahi
 
computer forensics
computer forensicscomputer forensics
computer forensicsshivi123456
 
Osint {open source intelligence }
Osint {open source intelligence }Osint {open source intelligence }
Osint {open source intelligence }AkshayJha40
 
The Dark Web : Hidden Services
The Dark Web : Hidden ServicesThe Dark Web : Hidden Services
The Dark Web : Hidden ServicesAnshu Singh
 
OSINT: Open Source Intelligence - Rohan Braganza
OSINT: Open Source Intelligence - Rohan BraganzaOSINT: Open Source Intelligence - Rohan Braganza
OSINT: Open Source Intelligence - Rohan BraganzaNSConclave
 
DECEPTICONv2
DECEPTICONv2DECEPTICONv2
DECEPTICONv2👀 Joe Gray
 
Advanced Research Investigations for SIU Investigators
Advanced Research Investigations for SIU InvestigatorsAdvanced Research Investigations for SIU Investigators
Advanced Research Investigations for SIU InvestigatorsSloan Carne
 

Contenu connexe

Tendances

Open source intelligence
Open source intelligenceOpen source intelligence
Open source intelligencebalakumaran779
 
Getting started with using the Dark Web for OSINT investigations
Getting started with using the Dark Web for OSINT investigationsGetting started with using the Dark Web for OSINT investigations
Getting started with using the Dark Web for OSINT investigationsOlakanmi Oluwole
 
Empowering red and blue teams with osint c0c0n 2017
Empowering red and blue teams with osint c0c0n 2017Empowering red and blue teams with osint c0c0n 2017
Empowering red and blue teams with osint c0c0n 2017reconvillage
 
Owasp osint presentation - by adam nurudini
Owasp osint presentation - by adam nurudiniOwasp osint presentation - by adam nurudini
Owasp osint presentation - by adam nurudiniAdam Nurudini
 
OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...
OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...
OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...Falgun Rathod
 
OSINT for Attack and Defense
OSINT for Attack and DefenseOSINT for Attack and Defense
OSINT for Attack and DefenseAndrew McNicol
 
OSINT with Practical: Real Life Examples
OSINT with Practical: Real Life ExamplesOSINT with Practical: Real Life Examples
OSINT with Practical: Real Life ExamplesSyedAmoz
 
Osint presentation nov 2019
Osint presentation nov 2019Osint presentation nov 2019
Osint presentation nov 2019Priyanka Aash
 
OSINT: Open Source Intelligence gathering
OSINT: Open Source Intelligence gatheringOSINT: Open Source Intelligence gathering
OSINT: Open Source Intelligence gatheringJeremiah Tillman
 
Let’s hunt the target using OSINT
Let’s hunt the target using OSINTLet’s hunt the target using OSINT
Let’s hunt the target using OSINTChandrapal Badshah
 
Open source intelligence information gathering (OSINT)
Open source intelligence information gathering (OSINT)Open source intelligence information gathering (OSINT)
Open source intelligence information gathering (OSINT)phexcom1
 
NcN2015. Técnicas OSINT para investigadores de seguridad.
NcN2015. Técnicas OSINT para investigadores de seguridad.NcN2015. Técnicas OSINT para investigadores de seguridad.
NcN2015. Técnicas OSINT para investigadores de seguridad.Internet Security Auditors
 
Jesús Alcalde & Daniel Gonzalez- - OSINT: La verdad está ahí fuera [rooted2018]
Jesús Alcalde & Daniel Gonzalez- - OSINT: La verdad está ahí fuera [rooted2018]Jesús Alcalde & Daniel Gonzalez- - OSINT: La verdad está ahí fuera [rooted2018]
Jesús Alcalde & Daniel Gonzalez- - OSINT: La verdad está ahí fuera [rooted2018]RootedCON
 
osint - open source Intelligence
osint - open source Intelligenceosint - open source Intelligence
osint - open source IntelligenceOsama Ellahi
 
computer forensics
computer forensicscomputer forensics
computer forensicsshivi123456
 
Osint {open source intelligence }
Osint {open source intelligence }Osint {open source intelligence }
Osint {open source intelligence }AkshayJha40
 
The Dark Web : Hidden Services
The Dark Web : Hidden ServicesThe Dark Web : Hidden Services
The Dark Web : Hidden ServicesAnshu Singh
 
OSINT: Open Source Intelligence - Rohan Braganza
OSINT: Open Source Intelligence - Rohan BraganzaOSINT: Open Source Intelligence - Rohan Braganza
OSINT: Open Source Intelligence - Rohan BraganzaNSConclave
 

Tendances (20)

Open source intelligence
Open source intelligenceOpen source intelligence
Open source intelligence
 
From OSINT to Phishing presentation
From OSINT to Phishing presentationFrom OSINT to Phishing presentation
From OSINT to Phishing presentation
 
Getting started with using the Dark Web for OSINT investigations
Getting started with using the Dark Web for OSINT investigationsGetting started with using the Dark Web for OSINT investigations
Getting started with using the Dark Web for OSINT investigations
 
Empowering red and blue teams with osint c0c0n 2017
Empowering red and blue teams with osint c0c0n 2017Empowering red and blue teams with osint c0c0n 2017
Empowering red and blue teams with osint c0c0n 2017
 
Owasp osint presentation - by adam nurudini
Owasp osint presentation - by adam nurudiniOwasp osint presentation - by adam nurudini
Owasp osint presentation - by adam nurudini
 
OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...
OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...
OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...
 
OSINT for Attack and Defense
OSINT for Attack and DefenseOSINT for Attack and Defense
OSINT for Attack and Defense
 
OSINT with Practical: Real Life Examples
OSINT with Practical: Real Life ExamplesOSINT with Practical: Real Life Examples
OSINT with Practical: Real Life Examples
 
Osint presentation nov 2019
Osint presentation nov 2019Osint presentation nov 2019
Osint presentation nov 2019
 
OSINT - Open Source Intelligence
OSINT - Open Source IntelligenceOSINT - Open Source Intelligence
OSINT - Open Source Intelligence
 
OSINT: Open Source Intelligence gathering
OSINT: Open Source Intelligence gatheringOSINT: Open Source Intelligence gathering
OSINT: Open Source Intelligence gathering
 
Let’s hunt the target using OSINT
Let’s hunt the target using OSINTLet’s hunt the target using OSINT
Let’s hunt the target using OSINT
 
Open source intelligence information gathering (OSINT)
Open source intelligence information gathering (OSINT)Open source intelligence information gathering (OSINT)
Open source intelligence information gathering (OSINT)
 
NcN2015. Técnicas OSINT para investigadores de seguridad.
NcN2015. Técnicas OSINT para investigadores de seguridad.NcN2015. Técnicas OSINT para investigadores de seguridad.
NcN2015. Técnicas OSINT para investigadores de seguridad.
 
Jesús Alcalde & Daniel Gonzalez- - OSINT: La verdad está ahí fuera [rooted2018]
Jesús Alcalde & Daniel Gonzalez- - OSINT: La verdad está ahí fuera [rooted2018]Jesús Alcalde & Daniel Gonzalez- - OSINT: La verdad está ahí fuera [rooted2018]
Jesús Alcalde & Daniel Gonzalez- - OSINT: La verdad está ahí fuera [rooted2018]
 
osint - open source Intelligence
osint - open source Intelligenceosint - open source Intelligence
osint - open source Intelligence
 
computer forensics
computer forensicscomputer forensics
computer forensics
 
Osint {open source intelligence }
Osint {open source intelligence }Osint {open source intelligence }
Osint {open source intelligence }
 
The Dark Web : Hidden Services
The Dark Web : Hidden ServicesThe Dark Web : Hidden Services
The Dark Web : Hidden Services
 
OSINT: Open Source Intelligence - Rohan Braganza
OSINT: Open Source Intelligence - Rohan BraganzaOSINT: Open Source Intelligence - Rohan Braganza
OSINT: Open Source Intelligence - Rohan Braganza
 

Similaire à OSINT x UCCU Workshop on Open Source Intelligence

Advanced Research Investigations for SIU Investigators
Advanced Research Investigations for SIU InvestigatorsAdvanced Research Investigations for SIU Investigators
Advanced Research Investigations for SIU InvestigatorsSloan Carne
 
Online Privacy, the next Battleground
Online Privacy, the next BattlegroundOnline Privacy, the next Battleground
Online Privacy, the next BattlegroundSensePost
 
How to manage your client's data responsibly
How to manage your client's data responsiblyHow to manage your client's data responsibly
How to manage your client's data responsiblyGabor Szathmari
 
Texas land title association 2012
Texas land title association 2012Texas land title association 2012
Texas land title association 2012Amy Smythe-Harris
 
Social Zombies: Rise of the Mobile Dead
Social Zombies: Rise of the Mobile DeadSocial Zombies: Rise of the Mobile Dead
Social Zombies: Rise of the Mobile DeadTom Eston
 
Enterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringEnterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringTom Eston
 
[OWASP-TR Mobil Güvenlik Çalıştayı 2015] Yalçın Çakmak - Social Media Apps Fo...
[OWASP-TR Mobil Güvenlik Çalıştayı 2015] Yalçın Çakmak - Social Media Apps Fo...[OWASP-TR Mobil Güvenlik Çalıştayı 2015] Yalçın Çakmak - Social Media Apps Fo...
[OWASP-TR Mobil Güvenlik Çalıştayı 2015] Yalçın Çakmak - Social Media Apps Fo...OWASP Turkiye
 
Managing Your Digital Footprint - 2012 National BDPA Conference Presentation
Managing Your Digital Footprint - 2012 National BDPA Conference PresentationManaging Your Digital Footprint - 2012 National BDPA Conference Presentation
Managing Your Digital Footprint - 2012 National BDPA Conference PresentationShauna_Cox
 
Online sources of information december 2010
Online sources of information december 2010Online sources of information december 2010
Online sources of information december 2010Vere Software
 
Privacy Exposed: Ramifications of Social Media and Mobile Technology
Privacy Exposed: Ramifications of Social Media and Mobile TechnologyPrivacy Exposed: Ramifications of Social Media and Mobile Technology
Privacy Exposed: Ramifications of Social Media and Mobile TechnologyTom Eston
 
Phishing: It’s Not Just for Pentesters Using Phishing to Build a Successful ...
Phishing: It’s Not Just for Pentesters Using Phishing to Build a Successful ...Phishing: It’s Not Just for Pentesters Using Phishing to Build a Successful ...
Phishing: It’s Not Just for Pentesters Using Phishing to Build a Successful ...EC-Council
 
Red Team Tactics for Cracking the GSuite Perimeter
Red Team Tactics for Cracking the GSuite PerimeterRed Team Tactics for Cracking the GSuite Perimeter
Red Team Tactics for Cracking the GSuite PerimeterMike Felch
 
The Invisible Scientist
The Invisible ScientistThe Invisible Scientist
The Invisible ScientistDuncan Hull
 
Creating a social media presence
Creating a social media presenceCreating a social media presence
Creating a social media presencePhil Bradley
 
OK Google, How Do I Red Team GSuite?
OK Google, How Do I Red Team GSuite?OK Google, How Do I Red Team GSuite?
OK Google, How Do I Red Team GSuite?Beau Bullock
 
Weaponizing Corporate Intel: This Time, It's Personal!
Weaponizing Corporate Intel: This Time, It's Personal!Weaponizing Corporate Intel: This Time, It's Personal!
Weaponizing Corporate Intel: This Time, It's Personal!Beau Bullock
 

Similaire à OSINT x UCCU Workshop on Open Source Intelligence (20)

DECEPTICONv2
DECEPTICONv2DECEPTICONv2
DECEPTICONv2
 
Advanced Research Investigations for SIU Investigators
Advanced Research Investigations for SIU InvestigatorsAdvanced Research Investigations for SIU Investigators
Advanced Research Investigations for SIU Investigators
 
Online Privacy, the next Battleground
Online Privacy, the next BattlegroundOnline Privacy, the next Battleground
Online Privacy, the next Battleground
 
Do it Best Corp. Techapalooza 2014 Presentation
Do it Best Corp. Techapalooza 2014 PresentationDo it Best Corp. Techapalooza 2014 Presentation
Do it Best Corp. Techapalooza 2014 Presentation
 
Osint part 1_personal_privacy
Osint part 1_personal_privacyOsint part 1_personal_privacy
Osint part 1_personal_privacy
 
How to manage your client's data responsibly
How to manage your client's data responsiblyHow to manage your client's data responsibly
How to manage your client's data responsibly
 
Texas land title association 2012
Texas land title association 2012Texas land title association 2012
Texas land title association 2012
 
Social Zombies: Rise of the Mobile Dead
Social Zombies: Rise of the Mobile DeadSocial Zombies: Rise of the Mobile Dead
Social Zombies: Rise of the Mobile Dead
 
Enterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringEnterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence Gathering
 
[OWASP-TR Mobil Güvenlik Çalıştayı 2015] Yalçın Çakmak - Social Media Apps Fo...
[OWASP-TR Mobil Güvenlik Çalıştayı 2015] Yalçın Çakmak - Social Media Apps Fo...[OWASP-TR Mobil Güvenlik Çalıştayı 2015] Yalçın Çakmak - Social Media Apps Fo...
[OWASP-TR Mobil Güvenlik Çalıştayı 2015] Yalçın Çakmak - Social Media Apps Fo...
 
Managing Your Digital Footprint - 2012 National BDPA Conference Presentation
Managing Your Digital Footprint - 2012 National BDPA Conference PresentationManaging Your Digital Footprint - 2012 National BDPA Conference Presentation
Managing Your Digital Footprint - 2012 National BDPA Conference Presentation
 
Online sources of information december 2010
Online sources of information december 2010Online sources of information december 2010
Online sources of information december 2010
 
Privacy Exposed: Ramifications of Social Media and Mobile Technology
Privacy Exposed: Ramifications of Social Media and Mobile TechnologyPrivacy Exposed: Ramifications of Social Media and Mobile Technology
Privacy Exposed: Ramifications of Social Media and Mobile Technology
 
Phishing: It’s Not Just for Pentesters Using Phishing to Build a Successful ...
Phishing: It’s Not Just for Pentesters Using Phishing to Build a Successful ...Phishing: It’s Not Just for Pentesters Using Phishing to Build a Successful ...
Phishing: It’s Not Just for Pentesters Using Phishing to Build a Successful ...
 
Red Team Tactics for Cracking the GSuite Perimeter
Red Team Tactics for Cracking the GSuite PerimeterRed Team Tactics for Cracking the GSuite Perimeter
Red Team Tactics for Cracking the GSuite Perimeter
 
The Invisible Scientist
The Invisible ScientistThe Invisible Scientist
The Invisible Scientist
 
Creating a social media presence
Creating a social media presenceCreating a social media presence
Creating a social media presence
 
OK Google, How Do I Red Team GSuite?
OK Google, How Do I Red Team GSuite?OK Google, How Do I Red Team GSuite?
OK Google, How Do I Red Team GSuite?
 
Social Networks
Social NetworksSocial Networks
Social Networks
 
Weaponizing Corporate Intel: This Time, It's Personal!
Weaponizing Corporate Intel: This Time, It's Personal!Weaponizing Corporate Intel: This Time, It's Personal!
Weaponizing Corporate Intel: This Time, It's Personal!
 

Dernier

SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AIABDERRAOUF MEHENNI
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...OnePlan Solutions
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...gurkirankumar98700
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsArshad QA
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantAxelRicardoTrocheRiq
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfjoe51371421
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsJhone kinadey
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)OPEN KNOWLEDGE GmbH
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 
Active Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfActive Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfCionsystems
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideChristina Lin
 

Dernier (20)

SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
 
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service Consultant
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdf
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
Active Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfActive Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdf
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
 

OSINT x UCCU Workshop on Open Source Intelligence

  • 1. OSINT x UCCU Open Source Intelligence miaoski @ UCCU 2017.11.18
  • 2. miaoski • Senior threat researcher in Trend Micro • Threat intelligence • Smart City • SDR • Arduino, RPi, embedded
  • 3. Outline • Module 1: What is OSINT? • Module 2: Using Search Engine • Module 3: Social Media Profiling • Module 4: Domain / IP Profiling 3
  • 4. References 林豐裕、李鎮宇、黃健誠、張佩 嫈 編譯 4/e Michael Bazzell 5/e https://inteltechniques.com/menu.html
  • 5. Disclaimer 1. Sponsored by UCCU + ITRI 2. Respect privacy and laws 3. Make sure you know what you’re doing 4. Be responsible
  • 6. Before we start • Download VirtualBox • Download Tails or Buscador • https://inteltechniques.com/buscador/index.html • https://tails.boum.org/
  • 8. What is OSINT? • 主體是人 • Reconnaissance of intelligence • From publicly available information • To address a specific intelligence requirement • Newspaper, blog, search engine ... • Government documents • Often undervalued though significant
  • 9. Why OSINT? • New employee • Criminal investigation • Missing children / Runaway children • Human trafficking • Vandalism • Stealing • NOT to manhunt or SJW on Dcard / PTT / ... 肉搜請洽 lionbug 正義魔人可以去 reddit.com/r/rbi Dcard 請洽 lionbug
  • 10. OSINT Includes but Not Limited to • Location • Real Name • Online ID / group / community • Phone number • Email • Credit card number / Bank account • Date / Time • Documents • Domain / IP address • URL
  • 13. Example: from a Mutex • Mutex: awdaw2214a • ayool2day[.]biz • born in 1984 • Lives in KL • ma2dayzs[.]com (domain) http://www.trendmicro.com/vinfo/us/security/news/cybercrime- and-digital-threats/staying-safe-from-irs-scammers-tax-fraud
  • 14. Protect Yourself! (1) • Firefox plugins • LiveUSB • VM • Buscador • Tails • VPN and/or Tor • PIA • NordVPN • Hola!VPN
  • 15. Protect Yourself! (2) • New email • New Facebook account • New Twitter • New cell phone • New laptop
  • 17. Firefox (2) Not in Firefox 57: • Copy all links • Search Image Anywhere • NoScript Manual install: • YouTube downloader • wget
  • 18.
  • 19.
  • 20.
  • 21.
  • 22.
  • 24. In this Module ... • Google dorks • Email recon (X) • Middle name (X) • Education • Genealogy • Real estate or rent-a-car • Tax records
  • 25. Google Dorks (1) • "someone@gmail.com" • site:ntu.edu.tw "Some Document" • Cisco filetype:pptx • bazzell -fbi -osint -amazon -books -intelligence • inurl:ftp -inurl:(http|https) filetype:pdf osint • intitle:osint • "osint * training" • "osint * training" "2015..2017” • ext:pdf trendmicro
  • 26. Google Dorks (2) • https://www.google.com.tw/search?q=osint+tools&tbs =cdr:1,cd_min:1/1/0 • https://www.google.com/inputtools/try/ • Google image reverse search
  • 27. Google Dorks (3) • site:newspaperarchive.com "this archive is hosted by" • google.com/search?q=nsa&tbm=nws&tbs=nrt:b
  • 28. Bing / Yandex • linkfromdomain:trendmicro.com • contains:ppt site:trendmicro.com
  • 29. Cache • Google • Bing • Yandex • Baidu • Archive.is • Coralcdn.org (?) • Archive.org
  • 30. Other Search Engines • duckduckgo • keywordtool.io • carrot2.org • millionshort.com • globalfilesearch.com • mmnt.ru (?) 👉 https://inteltechniques.com/menu.html
  • 31. Phone / Name • opencnam.com • Calleridservice è Free API key • next caller è Need to contact sales • Truecaller è like Whoscall 👍 • Spokeo • Genealogy
  • 32. Exercise • Google First! Donald J Trump Jr. • 1977.12.31 (Wikipedia) • Tips: Need phone numbers to exercise? Search backpage or craiglist. 11/17/17 32
  • 33. Example – Spokeo ß Birth place
  • 34. Example – Pipl • (Optional) Register for API trial key
  • 35. Example – Ancestry • www.ancestry.com è 14-day free trial
  • 36. Example – True People • Family Tree Now (?) • True People (X)
  • 39. Example – Make a Table (212) 421-7136 (561) 835-9470 Donald Trump 1110 S Ocean Blvd, Palm Beach FL. (864) 292-9070 David Hanna 109 E 50th St NY 10022 IP Address 208.99.198.79 David I Hanna (916) 920-4631 Teresa Blake Scrm North, CA Teresa A Blake (954) 684-9492 Hanh Pham DonaldTrump 1211 White Stone Way, Davie FL. IP Address 134.170.109.165 (916) 920-4631 might have nothing to do with Donald J Trump Jr. Visit zillow.com for real-estate
  • 42. Social Media • Facebook • Instagram • VK • Twitter • Dating • OkCupid / Match / Plenty Of Fish / eHarmony / Ashley Madison • 中國特色 • 人人 / QQ / 淘寶 / 微博 / 陌陌
  • 43. Create New Accounts 1. KeePassX 2. Email account #1 è Google 3. Email account #2 ProtonMail 4. Phone è TextNow, Google Hangout 5. Twitter* 6. Instagram 7. Facebook** *Don’t associate with a phone number. ** Virgin account is not as precious.
  • 45. Facebook Dorks • https://inteltechniques.com/menu.html • users-named • pages-named/employees/present • users-born • Location • Likes • Education • Search by email • Search by phone number* • It doesn’t tell what’s not public anymore L
  • 46. Facebook Graph API • Before you start – Use yourself as the target • Use or switch to English (US) • https://inteltechniques.com/menu.html • Get userid • Populate all • Check all the details
  • 47. Twitter • twitter.com/search-advanced • twitter.com/#!/who_to_follow • Twitter Deck • moz.com/followerwonk/bio • ctrlq.org/first/ • sleepingtime.org • twiscy.com • Google Dork è site:twitter.com/username • Last 2 digits of cellphone !!!
  • 48. Twitter – GPS • tweetpaths.com • mapd.com/demos/tweetmap • https://twitter.com/search?q=geocode%3A25.0220839 %2C121.5471991%2C2km&src=typd • https://pbs.twimg.com/media/DOW91xRW0AAEjSO.jp g:orig
  • 49. Twitter – Ecosystem • fakers.statuspeople.com • trendsmap.com • twitonomy.com • mentionmapp.com
  • 50. Instagram • 4K Stogram or DownloadGram • Strips EXIF data • Facebook / Instagram / Twitter strip EXIF data. • Not much we can do L
  • 51. Tools and Sites • social-searcher.com • del.icio.us • Flickr map search • mypicsmap.com • www.topix.com/pick-local • craigslist.org 11/17/17 51
  • 52. ”Add Friend” Does Not Help You • Don’t believe in “Add Friend” and cancel. Facebook has removed the feature.
  • 53. Module 4 Domain / IP Profiling
  • 54.
  • 55. Common Sites • Whois • viewdns.info • VirusTotal • PassiveTotal (RiskIQ) • MaxMind GeoIP2 • Bing IP • sameid.net • NerdyData
  • 56. Whois • Again, check https://inteltechniques.com/menu.html • whois swiftco.net / host DOMAIN / host IP
  • 57. Historical Whois Data Registrant Name: Henry Goss Registrant Organization: swift communications Registrant Street: 2001 6th avenue Suite #3020 Registrant City: Seattle Registrant State/Province: WA Registrant Postal Code: 98121 Registrant Country: US Registrant Phone: +2067282736 DomainTools or DomainHistory.net
  • 59. Historical IP of 216.9.6.248 Domain Last Resolved Date aerospacetacomapierce.com 2017-11-05 aerospacetacomapierce.org 2017-11-10 aniota.com 2017-11-05 becomenala.com 2017-11-05 cannonconstructioninc.com 2017-11-05 capitolhillarts.org 2017-11-10
  • 60. Lookup Domain from IP Domain Last Resolved Date chrisandhyeyoung.com 2016-02-01 lordofthepipe.com 2016-02-01 swiftco.org 2017-11-10 traffictrader.net 2017-11-06 City: Seattle Zip Code: 98138 Region Code: WA Region Name: Washington Country Code: US Country Name: United States Latitude: 47.6062 Longitude: -122.332 Just like GeoIP, not accurate
  • 62. Censys + Shodan Basic Information OS Unix Network 25700 - SWIFT VENTURES Inc (US) Routing 204.13.167.0/24 via AS7922 , AS11404 , AS18530 , AS18530 , AS25700
  • 64. VirusTotal – Subdomains $ curl -s 'https://www.virustotal.com/ui/domains/swiftco.net/subdo mains?limit=10' | grep self | awk -F/ '{print $6}' | awk -F¥" '{print $1}’ rwhois.swiftco.net mail.swiftco.net kb.swiftco.net vh2.swiftco.net tim.swiftco.net support.swiftco.net prvtrc.swiftco.net klaus.vh.swiftco.net games.swiftco.net blog.swiftco.net swiftco.net
  • 70. Miscellaneous Tools • nsfwyoutube.com • anonymousmail.me • Social Traffic on IntelTechniques • karmadecay.com • wigle.net
  • 71. Epilogue • API will change • Paywall will be built • Webpage will disappear • Not covered ... • Radio monitoring • Localization • Government documents • DMV data • Reverse video searching • Etc.