___ ___ ___ / /\ / /\ ___ / /\ ___ / /::\ / /::\ /__/\ / /::| /__/\ / /:/\:\ /__/:/\:\ \__\:\ / /:|:| \ \:\ / /:/ \:\ _\_ \:\ \:\ / /::\ / /:/|:|__ \__\:\ /__/:/ \__\:\ /__/\ \:\ \:\ __/ /:/\/ /__/:/ |:| /\ / /::\ \ \:\ / /:/ \ \:\ \:\_\/ /__/\/:/~~ \__\/ |:|/:/ / /:/\:\ \ \:\ /:/ \ \:\_\:\ \ \::/ | |:/:/ / /:/__\/ \ \:\/:/ \ \:\/:/ \ \:\ |__|::/ /__/:/ \ \::/ \ \::/ \__\/ /__/:/ \__\/ \__\/ \__\/ \__\/                                  --------------------------------------------------------------------------------------- OSINT: If you’ve heard the name but are wondering what it means, OSINT stands for open source intelligence, which refers to any information that can legally be gathered from free, public sources about an individual or organization. In practice, that tends to mean information found on the internet, but technically any public information falls into the category of OSINT whether it’s books or reports in a public library, articles in a newspaper or statements in a press release. OSINT also includes information that can be found in different types of media, too. Though we typically think of it as being text-based, information in images, videos, webinars, public speeches and conferences all fall under the term. [>] DOXING: Doxing (sometimes written as Doxxing) is the act of revealing identifying information about someone online, such as their real name, home address, workplace, phone, financial, and other personal information. That information is then circulated to the public — without the victim's permission. DOXING attacks can range from the relatively trivial, such as fake email sign-ups or pizza deliveries, to the far more dangerous ones, like harassing a person's family or employer, identity theft, threats, or other forms of cyberbullying or even in-person harassment. DOX TEMPLATES 1. https://www.klgrth.io/paste/ww573 - SIMPLE 2. https://www.klgrth.io/paste/g4qw7 - What I normally use 3. https://www.klgrth.io/paste/k474q - SIMPLE Image Search If you have a photo, icon, or avatar, you can do a reverse image search. For example, if you use your portrait for your Facebook profile, you can check that this picture hasn’t been used in other web pages by looking for the URL of your icon. To find out what the URL of your icon is, right-click the image and click “Copy Image Location”, then paste the URL in a search engine. A search enginge will find all the pages that contain the image you are searching for. There are different search engines that can help you with this. Here we provide you with some brief information about some of them. For a more i -depth comparison of their features and further details about how to use them, please refer to the Bellingcat Guide To Using Reverse Image Search For Investigations. Google – Google is by far the most popular reverse image search engine – but its effectiveness depends on the search you are conducting. It may give you useful results for the most obviously stolen or popular images, but for more sophisticated research you might likely need to use more advanced search engines. Yandex – The Russian site Yandex is deemed as the most effective reverse image search engine currently available. In addition to looking for photographs that look similar to the one that has a face in it, Yandex will also look for other photographs of the same person – determined through matching facial similarities – which may have been taken with different lighting, background colors, and positions. While other – often more known – search engines like Google and Bing may just look for other photographs showing a person with similar clothes and general facial features, Yandex will search for those matches, and also other photographs of a facial match. If you need help with the Russian user interface, please refer to the Bellingcat Guide To Using Reverse Image Search For Investigations, which provides essential step-by-step instructions in English. Bing – Bing’s “Visual Search” is very easy to use, and offers a few interesting features not found elsewhere. For example, it allows you to crop a photograph to focus on a specific element, and exclude from the search any other element which may not be relevant. TinEyE – A fourth search engine that could also be used to do a reverse image search is TinEye, but this site specializes in intellectual property violations and specifically looks for exact duplicates of images. Most Common Tools Spokeo – People search engine and free white pages finds phone, address, email, and photos. Find people by name, email, address, and phone for free. theHarvester – This tool is intended to help Penetration testers in the early stages of the penetration test in order to understand the customer footprint on the Internet. It is also useful for anyone that wants to know what an attacker can see about their organization. Foca – FOCA 3.2 Free is a fingerprinrint and information gathering tool for pentesters. It searchs for servers, domains, URLS and public documents and print out discoverd information in a network tree. It also searches for data leaks such as metadata, directory listing, unsecure HTTP methods, .listing or .DS_Store files, actived cache in DNS Serves, etc… Shodan – Search for computers based on software, geography, operating system, IP address and more Maltego – Maltego is a unique platform developed to deliver a clear threat picture to the environment that an organization owns and operates. Maltego’s unique advantage is to demonstrate the complexity and severity of single points of failure as well as trust relationships that exist currently within the scope of your infrastructure. Deep Magic – Search for DNS records and other fun stuff Jigsaw – Jigsaw is a prospecting tool used by sales professionals, marketers and recruiters to get fresh and accurate sales leads and business contact information. Hoovers – Search over 85 million companies within 900 industry segments; Hoover’s Reports Easy-to-read reports on key competitors, financials, and executives Market Visual – Search Professionals by Name, Company or Title FoxOne Scanner – Non- Invasive and Non-Detectable WebServer Reconnaissance Scanner Creepy – creepy is an application that allows you to gather geolocation related information about users from social networking platforms and image hosting services. Recorded Future – Recorded Future intelligence analysis tools help analysts understand trends in big data, and foresee what may happen in the future. Groundbreaking algorithms extract temporal and predictive signals from unstructured text. Recorded Future organizes this information, delineates results over interactive timelines, visualizes past trends, and maps future events– all while providing traceability back to sources. From OSINT to classified data, Recorded Future offers innovative, massively scalable solutions. MobiStealth – Mobistealth Cell Phone Spy Software empowers you to get the answers you truly want and deserve. Including a host of advanced surveillance features, our Cell Phone Spy Software secretly monitors all cell phone activities and sends the information back to your Mobistealth user account. Snoopy – Snoopy is a distributed tracking and profiling framework Stalker – STALKER is a tool to reconstruct all captured traffic (wired or wireless alike) and parse out all of the “interesting” information disclosures. It goes beyond just grabbing passwords and emails out of the air as it attempts to build a complete profile of your target(s). You would be amazed at how much data you can collect in 15 minutes. LinkedIn Maps – Your professional world. Visualized. Map your professional network to understand the relationships between you and your connections LittleSis – LittleSis is a free database of who-knows-who at the heights of business and government. Entity Cube – EntityCube is a research prototype for exploring object-level search technologies, which automatically summarizes the Web for entities (such as people, locations and organizations) with a modest web presence. TinEye – TinEye is a reverse image search engine currently in beta. Give it an image and it will tell you where the image appears on the web. Google Hacking DB – Google Search Query Fu to find the secret sauce ServerSniff – ServerSniff.net – Your free “Swiss Army Knife” for networking, serverchecks and routing with many many little toys and tools for administrators, webmasters, developers, powerusers und security-aware users. MyIPNeighbours – My IP Neighbors lets you find out if any other web sites (“virtual hosts”) are hosted on a given web server. Social Mention – Social Mention is a social media search engine that searches user-generated content such as blogs, comments, bookmarks, events, news, videos, and more Glass Door – Search jobs then look inside. Company salaries, reviews, interview questions, and more – all posted anonymously by employees and job seekers. NameCHK – Check to see if your desired username or vanity url is still available at dozens of popular Social Networking and Social Bookmarking websites. Scythe – The ability to test a range of email addresses (or account names) across a range of websites (e.g. social media, blogging platforms, etc) to find where those targets have active accounts. Recon-NG – A nice Python Script that automates recon on LinkedIn, Jigsaw, Shodan and some search engine fu. Pushpin – Awesome little Python script that will identify every tweet, flicker pic and Youtube video within an area of a specific Geo address. Silobreaker – Enterprise Semantic Search Engine, allows virtualisation of data, analytics and exploration of key data. Google Trends – See what are the popular related topics people are searching for. This will help widen your search scope. Google Alerts – Google Alerts are email updates of the latest relevant Google results (web, news, etc.) based on your queries. Addict-o-matic – Nice little search aggregator. Allows you to enter a search term and build a page from search and social networking sites. PasteLert – PasteLert is a simple system to search pastebin.com and set up alerts (like google alerts) for pastebi.com entries. This means you will automatically recieve email whenever your term(s) is/are found in new pastebin entries! Kurrently – Real Time Search Engine for Social Media. CheckUsernames – Check for usernames across 160 Social Networking Sites. Whos Talkin – social media search tool that allows users to search for conversations surrounding the topics that they care about most. 192 – Search for People, Businesses and Places in the UK. Esearchy – Esearchy is a small library capable of searching the internet for email addresses. It can also search for emails within supported documents. TouchGraph SEO – Java based tool for importing and visualising various data types. TalkBack – Talkback is a web-based system to view trending vulnerability and security research data mined from soc -media. Tweet Archivist – Tweets are ephemeral. Tweets disappear. Why? That’s the way Twitter is designed. Tweet Archivist can save those tweets before they’re gone. Now, to be clear, Tweet Archivist is not an archive of every tweet ever tweete. It doesn’t have a database of all tweets. Whoisology – Handy little search engine based on Whois data to identify domains owned by a specific contact. Carrot2 – Nice little visualisation search engine. iSeek – Another handy search engine that break results down into easy to manage categories. GlobalFileSearch – An FTP Search Engine that may come in handy. NerdyData – Neat search engine that works at the source code level. OneMillionTweetMap – Provides visual confirmation of tweets where geotags are enabled, also provides heatmaps for heavy tweet areas. SpiderFoot – The main objective of SpiderFoot is to automate this process to the greatest extent possible, freeing up a penetration tester’s time to focus their efforts on the security testing itself. Username Search – Handy site that will search multiple sites for usernames, email addresses and phone numbers. PlaTO – Searchable list for sites that store credentials in plaintext (taken from Plaintext Offenders) GitRob – Handy OSINT tool for finding interesting things related to an organisation in GitHub LeakedIn – Aggregator site for data samples lost or disclosed online Default Passwords List – Great list on CIRT.net of default passwords for various devices which often comes in handy. Searchcode – Handy source code search engine to find code thats been shared online. May contain usernames, passwords, specific strings, etc. Echosec – Location-based search platform based on social media and other information. Sublist3r – Python tool that is designed to enumerate subdomains of websites using search engines. Knowem – KnowEm allows you to check for the use of your brand, product, personal name or username instantly on over 500 popular and emerging social media websites. Tinfoleak – Get detailed info about Twitter users with this handy python script StalkScan – Find publicly available Facebook info, that not usually easy to see InSpy – InSpy is a python based LinkedIn enumeration tool Domain Hunter – Python tool that can query the Expireddomains.net search engine for expired/available domains with a previous history of use. It then optionally queries for domain reputation against services like BlueCoat and IBM-Forc. DNS Twist – Nice tool for finding similar looking domains for typosquating, phishing, etc. BitSquat – Nice little python script to help find bitsquating domain opportunities. CignoTrack – Corporate espionage tool for testing privacy and security using OSINT and social engineering. UINames – Nice tool for generating fake persona information (includes images for the associated persona. NameCheckUp – NameCheckup is a search tool that allows users to check social media username availability over many social networks and sites and check domain availability at the same time. How Does Doxxing Happen? There are many ways to get personal information online. An individual may not realize how many clues they give away when posting about their life, work, leisure activities and other personal information. Social media profiles that are open to the public are goldmines of data. Third-party data collectors also have a wealth of information, which may be added to what the person doxxing already knows. Databases that get passed around in hacker communities make it possible to break into personal accounts and get more knowledge as well. If a person uses the same username and password on all of the sites they access, and one of those accounts gets compromised, it's a simple matter to get into the rest of the information. That’s one reason why strong, encrypted passwords are so critical – including the use of multi-factor authentication. Why People Dox Others? The motivations behind doxxing come in many forms. A person might feel they’ve been attacked, insulted or slighted by their target. They could be seeking revenge for this incident. If someone is outspoken on the internet and has controversial opinions, they could put themselves in the crosshairs of someone with opposing viewpoints. Usually, this type of reaction occurs due to hot button issues, rather than run-of-the-mill disagreements. People who use Twitch and other live streaming services could end up making a fan upset if they must ban that person for inappropriate behavior. Followers sometimes assume they have a closer personal connection than they actually do. Regardless of the motivations behind doxxing, it can put people in an uncomfortable and potentially deadly situation. How to Avoid Getting Doxxed The best way to limit damage from doxxing is to avoid the situation entirely. Here are several ways to stop potential doxxing attempts in their tracks: Use a VPN A virtual private network offers excellent protection from exposing IP addresses and physical addresses of an individual. The VPN takes the user's internet traffic, encrypts it, and sends it through one of the service's servers before heading out to the public internet. In a previous blog, we outlined several VPNs that take privacy and security very seriously. Limiting Personal Information Online People must go to much greater lengths to dox a person that doesn't share personal information online. Social media sites often ask many of invasive questions, which can lead to attackers learning more than enough about their target. By keeping this information offline entirely, doxxers usually move on to someone else. Auditing Social Media Posts Over the years, social media profiles fill up with all sorts of data about the person and their past. Take the time to go through social media accounts and delete posts that contain too much personal information. Even if you didn't post it directly, look for comments that may accidentally share this type of data as well. Ask Google to Remove Information If personal information appears in Google search results, the individual can request that it get removed from the search engine. Google makes this a simple process through an online form. Many data brokers put this type of data online, usually for background checks or crime check information. Avoid Online Quizzes Some quizzes ask a lot of seemingly random questions, which are actually the answers to common security questions. Plus, it gives attackers more data to work with. Supplying an email address or name to go along with results makes it even easier to associate information from other data sources. Practice Good Cybersecurity Practices Put anti-virus and malware detection software in place that can stop a doxxer from stealing information through malicious applications. Regularly update software to avoid any security bugs that could lead to being hacked and doxxed. Once an operating system reaches the end of its supported life, switch to a newer version to decreased security vulnerabilities. Change Passwords Regularly Data breaches happen all the time, so it's usually only a matter of time before a username and password combination gets out in the wild. By switching every month and using a password manager to create complex codes, it's harder for a hacker to break into accounts. An individual can consider using two-factor or multi-factor authentication as well, which requires more than just a username/password combination to access the application. Best VPNs NordVPN: Our top choice VPN for hackers! This VPN has lightning-fast speeds and reliable connectivity regardless of your physical location. Includes a 30-day money-back guarantee. Surfshark: The best budget option. A reliable choice for uninterrupted hacking. Access is effortless with Camouflage Mode. ExpressVPN: An advanced VPN with several added security options to enhance your online privacy. Incredible speeds for long crypto trading sessions. CyberGhost: A well-respected VPN that boasts fast servers in 94 countries. Great set of security and privacy tools built in. Works with most geo-blocked services. IPVanish: 1500+ servers in over 75 locations worldwide. Fast and secure servers. PrivateVPN: Apps for all major platforms with a 10 simultaneous device limit. If You want to make your own vpn let us know! Best Private Email Providers 1. ProtonMail ProtonMail is the most well-known secure email provider. It’s open source, based in Switzerland, and provides end-to-end asymmetric encryption. You can use ProtonMail for free if you’re sending fewer than 150 messages per day and don’t need a lot of storage. One neat feature of ProtonMail is self-destructing emails. You set an expiration date for an email, and it’s deleted from the recipient’s inbox at that time. With ProtonMail, your data is stored using zero-access encryption. That means ProtonMail itself doesn’t know your password and can’t decrypt your emails. (It also means they can’t reset your password). ProtonMail also offers a mobile app for Android and iOS. Key Features Servers based in Switzerland Open source End-to-end encryption Zero-access encryption Self-destructing emails Mobile app Custom domains with paid plans Pricing Free: 1 user, 500 MB storage, 150 messages per day Plus: $5/month for 1 user, 5 GB storage, 1,000 messages per day Professional: $8/month/user for 1–5,000 users, 5 GB storage per user, unlimited messages Visionary: $30/month for 6 users, 20 GB, unlimited messages ========================== 2. Mailbox.org Mailbox.org is a secure email service aimed at business users looking for an alternative to Google or Microsoft tools. In addition to email, it offers encrypted cloud storage, video conferencing, an address book, a calendar, and a task planner. This email provider uses PGP encryption, a public-key encryption program that has become standard for email encryptio. There’s no free plan, but Mailbbox.org is relatively affordable. You can register and make payments for the service anonymously. Mailbox.org also prides itself on being powered by eco-friendly energy. Key Features Server based in Germany PGP encryption Encrypted cloud storage Video conferencing Calendar Eco-friendly No free plan Pricing Standard: €3/month for 10 GB mail storage and 5 GB cloud storage Premium: €9/month for 25 GB mail storage and 50 GB cloud storage Light: €1/month for 2 GB mail storage, no cloud storage =========================== 3. HubSpot HubSpot is typically known for its all-in-one business solution that offers everything from email hosting and marketing services to customer support and content management. When it comes to email security, HubSpot’s tools provide a ton of different security measures to ensure you and your customer’s data are safe and secure. With HubSpot’s marketing email tool, you can authenticate mail using SPF, DKIM, DMARC, and the newest BIMI authentication standards. Whenever HubSpot transmits or stores your personal data, HubSpot encrypts your data while exchanging it with your computer and uses top security measures to prevent unauthorized or unintended access to their network. Not only are your emails secure, but HubSpot also protects your entire suite of tools, whether you’re using their emails, CMS, website builders, and more. Key Features Two-factor authentication (2FA) Single sign-on (SSO) for Enterprises SPF, DKIM, DMARC, and BIMI authentication standards Email recall All-in-one CRM solution Data sync with Marketing, Sales, Service Hubs Pricing Free tools available Starter: $45/month, includes 1,000 marketing contacts Professional: $800/month, includes 2,000 marketing contacts Enterprise: $3,200/month, includes 10,000 marketing contacts ========================