For a while I’m tryin to get my feet wet in all these sidechannel activities yall know? Yeah there’s quite a divers palette of activities besides pentesting lol
Yeah but the problem goes like this: I’m not feeling too great about “stalking” other people I mean OSINT on tech and CVEs is one thing but collection intel about people is another. How do you deal with that, erm yeah like sensitive topic I guess? Or is it? Dunno
I agree with you. It really isn’t something I would consider doing. I get that there are legit reasons (such as missing persons cases) but IMHO there are agencies who should do this and have appropriate safeguards in place.
I would certainly never want to be involved with a search for someone who was running away from an abusive relationship, where the partner has tricked people into thinking it is legit. For me, the solution is to simply not do it.
OSINT is a very “trendy” infosec topic at the moment - like lockpicking was until a year or so ago - where it feels like every security professional needs to be able to tell everyone how good they are at it. I am OK with not going any further than looking into tech & CVEs.
Also hard to get like anon accounts like what are you doing? You gonna use your realname for the physical pentesting OSINT stuff? Like friend requests on Facebook?
Good OSINT needs practice and like everything, building the right tools. This often means things like multiple burner accounts on lots of social media platforms, multiple emails and in some cases phone numbers.
The reality is that to match the level of prep a government agency can put in is fairly challenging for the amateur but it can be done.
information about course material is interesting as well, keep it cheap!
This is a place with a fairly cheap OSINT course: TCM Security, Inc.
(single course, bundle or monthly access to all courses - works out at about US£29 per course or month)
DISCLAIMER I have never taken any of their training and I don’t know the people involved. I have no idea if it is good or not.