OSINT on people / privacy / stalking / anon accounts

Off-topic
1

For a while I’m tryin to get my feet wet in all these sidechannel activities yall know? Yeah there’s quite a divers palette of activities besides pentesting lol :smiley:

Yeah but the problem goes like this: I’m not feeling too great about “stalking” other people I mean OSINT on tech and CVEs is one thing but collection intel about people is another. How do you deal with that, erm yeah like sensitive topic I guess? Or is it? Dunno

Also hard to get like anon accounts like what are you doing? You gonna use your realname for the physical pentesting OSINT stuff? Like friend requests on Facebook?

There’s Kali tools for OSINT that help you map out a guy and his connections, I mean yeah, there’s

  • recon-ng
  • gasmask (lol)
  • sherlock
  • as mentioned, Maltego

What’s the most recent tools profesional u use on linux or windows? dont care at all haha.

information about course material is interesting as well, keep it cheap!

2

@LPHermanos said:

For a while I’m tryin to get my feet wet in all these sidechannel activities yall know? Yeah there’s quite a divers palette of activities besides pentesting lol :smiley:

Yeah but the problem goes like this: I’m not feeling too great about “stalking” other people I mean OSINT on tech and CVEs is one thing but collection intel about people is another. How do you deal with that, erm yeah like sensitive topic I guess? Or is it? Dunno

I agree with you. It really isn’t something I would consider doing. I get that there are legit reasons (such as missing persons cases) but IMHO there are agencies who should do this and have appropriate safeguards in place.

I would certainly never want to be involved with a search for someone who was running away from an abusive relationship, where the partner has tricked people into thinking it is legit. For me, the solution is to simply not do it.

OSINT is a very “trendy” infosec topic at the moment - like lockpicking was until a year or so ago - where it feels like every security professional needs to be able to tell everyone how good they are at it. I am OK with not going any further than looking into tech & CVEs.

Also hard to get like anon accounts like what are you doing? You gonna use your realname for the physical pentesting OSINT stuff? Like friend requests on Facebook?

Good OSINT needs practice and like everything, building the right tools. This often means things like multiple burner accounts on lots of social media platforms, multiple emails and in some cases phone numbers.

The reality is that to match the level of prep a government agency can put in is fairly challenging for the amateur but it can be done.

information about course material is interesting as well, keep it cheap!

This is a place with a fairly cheap OSINT course: TCM Security, Inc.

(single course, bundle or monthly access to all courses - works out at about US£29 per course or month)

DISCLAIMER I have never taken any of their training and I don’t know the people involved. I have no idea if it is good or not.

3

Bro that’s some great answers, like SANS is selling OSINT right now like it’s bread and butter for any infosec pro has to be and expert but I was never feeling it, know me?

Yea I was digging through like here:

and all the solutions are like “use a burner phone” haha IDK where do I get a burner phone or SIM?? it’s not like in the States we need a valid ID for a SIM haha lol totally missed the point that guy lol I mean no hard feelings, right HAHA :slight_smile:

■■■ made it so far today got couple new email accounts and finally made it into facebook for the first time ever and then I was like, ok I’m gonna add some friends and Facebook was like “boom ya caught and locked and banned prove your ID where’s your phone??” haahaha I spent an hour for setting up the profile ■■■ this has become one pile of trash these days it’s not like 2004 know me?

And I was thinking, bro this stinks man stalking other people and one “pro” on youtube is like “never interact this is unprofessional” and the next youtube “pro” is like “yeah sure talk to the guys you’re stalkin” like ■■■!!!1 :smiley:

4

Type your comment> @LPHermanos said:

Bro that’s some great answers, like SANS is selling OSINT right now like it’s bread and butter for any infosec pro has to be and expert but I was never feeling it, know me?

Yea I was digging through like here:
Creating Research Accounts for OSINT Investigations – We will always be OSINTCurio.us

and all the solutions are like “use a burner phone” haha IDK where do I get a burner phone or SIM?? it’s not like in the States we need a valid ID for a SIM haha lol totally missed the point that guy lol I mean no hard feelings, right HAHA :slight_smile:

■■■ made it so far today got couple new email accounts and finally made it into facebook for the first time ever and then I was like, ok I’m gonna add some friends and Facebook was like “boom ya caught and locked and banned prove your ID where’s your phone??” haahaha I spent an hour for setting up the profile ■■■ this has become one pile of trash these days it’s not like 2004 know me?

And I was thinking, bro this stinks man stalking other people and one “pro” on youtube is like “never interact this is unprofessional” and the next youtube “pro” is like “yeah sure talk to the guys you’re stalkin” like ■■■!!!1 :smiley:

Can u help me to install gasmask tool?

5

Haha never used it sorry bro gonna check it out later than I’ll text you, alright?

6

Ok bro thx