Open-Source Intelligence (OSINT) in 5 Hours - Full Course - Learn OSINT!

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments

Good post. I saw this a few days ago on YT and paired it with some other material I have (Bazzell's OSINT Techniques book). It's a great free resource for beginners like myself.

๐Ÿ‘๏ธŽ︎ 30 ๐Ÿ‘ค๏ธŽ︎ u/Justsmileandwave86 ๐Ÿ“…๏ธŽ︎ Jan 16 2022 ๐Ÿ—ซ︎ replies

Sweeeeet! Tons of resources out there and itโ€™s aweosme!

๐Ÿ‘๏ธŽ︎ 4 ๐Ÿ‘ค๏ธŽ︎ u/ryanq47 ๐Ÿ“…๏ธŽ︎ Jan 16 2022 ๐Ÿ—ซ︎ replies

I am planning to watch!

๐Ÿ‘๏ธŽ︎ 2 ๐Ÿ‘ค๏ธŽ︎ u/Shot_Definition47 ๐Ÿ“…๏ธŽ︎ Jan 16 2022 ๐Ÿ—ซ︎ replies

he is doing gods work

๐Ÿ‘๏ธŽ︎ 1 ๐Ÿ‘ค๏ธŽ︎ u/babunambootiti ๐Ÿ“…๏ธŽ︎ Jan 16 2022 ๐Ÿ—ซ︎ replies
Captions
hello everyone and welcome to this four and a half hour edition of open source intelligence or osint fundamentals my name is heath adams and i'm going to be your instructor for this course a really quick who am i i'm a husband hacker teacher gamer sports fan and owner way too many animals i'm the business owner and ceo at tcm security we are a cyber security consulting firm and educational resource so we do anything from cyber security consulting risk assessments and ethical hacking really companies pay us to attempt to break into their networks or attempt to break into their devices or buildings you name it we'll try to break into it on the other side of that we educate users on how to become ethical hackers and a lot of the different things that we do in this industry we've taught over 200 000 students at this point and the number seems to be growing every day if you're interested in following me on social media here are the links i'm very approachable you can come check me out on linkedin or twitter twitch or even here on youtube we have a ton of great ethical hacking and cyber security content so please do hit that like button subscribe comment down below we have full courses similar to what you're watching here today on ethical hacking and other related materials so please do give those a look as well if you're interested in learning more about tcm security we have the business side which is tcm-sec.com the educational side which is the academy and the certification side is the certifications and now on to the course curriculum so this is going to be the first four and a half hours of a nine-hour course called open source intelligence fundamentals looking at the curriculum we're going to cover what is open source intelligence we'll talk briefly about note keeping and we'll talk about the creation of sock puppets and then we'll start getting into some of the fun stuff we're going to talk about all different types of open source intelligence and how we can gather information through various methods so we'll look at search engine osen and see what kind of information we can gather through search engines and then we'll look at image ocean and talk about reverse image searching and looking at exif data and identifying physical locations based on an image which is really fun to do we'll talk about email osint and how we can identify email addresses based on certain factors we'll look at password osint and talk about breach databases we're going to look at username osen and how we can tie a username from one location to perhaps another location or another website or resource and what tools are available for us to do that we'll talk about people ocean how can we search for people how can we look for phone numbers and birth dates and resumes and voter records and then lastly we'll talk about looking through social media so we're going to talk about different types of social media that are out there twitter facebook instagram etc etc that is where the course is going to stop now the second half of the course does cover website ocean businessosen wireless osn and then we build out a lab so we actually use linux and we'll go into a lab and we start working with tools to do a lot of this process and automate a lot of the process that you've seen before and then we'll build out actual scripting and automation to automate even more of the process we'll talk about different ocean frameworks we'll talk about report writing we'll have a course challenge where you are challenged to identify different various items through open source intelligence and then we'll even provide more resources after that now this is the only point during this whole video i'm going to try to sell you on anything the first four and a half hours of this course is free if you're interested in paying for the full course and getting the second four and a half hours you're welcome to do so the price of this course is 29.99 i will link in the description a link to the academy again and just a little bit else about us is we do have tons of other courses we have courses on ethical hacking escalation pen testing python 101 we've got linux 101 courses for people who are more beginner courses on phishing and malware analysis and mobile application penetration testing and we're adding new content monthly so we have new courses all the time our courses are highly rated our authors are well vetted and we provide high quality content for no more than 30 of course or if you're interested we also offer courses at a discount through bundling and we offer courses uh through a all access pass where you can access all of our courses for thirty dollars a month so with that being said that's the only time i'm going to pitch you throughout this entire video we're gonna go ahead and move on now to the open source intelligence fundamentals course so before we start learning about ocean i must make an important disclaimer this course is going to teach you some incredibly powerful techniques on finding information on individuals on organizations and just as a whole this information that you gather in these techniques that you gather should be used from an ethical standpoint at no point should you be researching anybody with malicious intent or be using this information for any other reason than you have been told or have a contract to do so so unless you are a part of an investigation or in part of a client that has told you i want you to research us or a person in particular this information that you learn should only be used against yourself for the time being with that being said i want to make sure that you understand again this is a fundamentals course this is something that is going to teach you i would say 70 to 80 percent of the techniques that can be used you can absolutely go more thorough you can absolutely take this deeper build out your own tools and take a lot of techniques and apply them in other places this is a methodology based course i'm going to again teach you the methods and that's what i want you to take away from this make sure you're understanding that the methods here are what's important the tools come and go websites go away all the time tools break they just don't work anymore the methods do not change significantly okay so make sure you understand that make sure that you're using this in ethical matter this is very very dangerous potentially that you can use this can be weaponized this is something that uh the good guys use and the bad guys use i i'm putting this course out there for the good guys so make sure that you are using this ethically make sure you're understanding the methodology as you go through this and make sure that you're not only respecting your own privacy but the privacy of other individuals so with that being said i'm really ready to start into the course i'm excited let's go ahead and get this done we're going to go ahead and start talking about what is ocean in the next video i'll see you over there welcome to the first real video in this course and it's just going to be a brief brief introduction we've already talked about this in the course introduction but i do want to add in uh an intelligence life cycle into the conversation so that you understand what this is so again what is ocean ocean is open source intelligence so we're going to be using a multitude of methodologies in this course in order to gather information on people on businesses and other items that is all publicly available this is all public information okay so this is open source to us so with that being said i've already talked about this i really want to talk about the intelligence life cycle just for a minute so when we talk about the intelligence life cycle there are five parts to the intelligence life cycle now there's planning and direction so those are your who what when where why type deal so let's say that somebody has instructed you to gather information maybe you have signed a client and the client says i want you to gather as much information about us that you can and you say okay we'll do that so then you start doing your planning are you who are we going to target what are we going to target why are we going to target them when are we going to do it these are all identified in the planning and direction phase once you have identified and your target you've done your planning you're ready to move on then you go into the collection phase and majority of this course is about collection that is the methodology that we're going to be doing how do we gather image information or how do we gather data from an image what can we tell about image how do we gather the image itself how do we gather names from an organization or people that work at an organization or how do we gather information about people this is all collection so the majority of our time in this course is going to be spent in the collection phase of the intelligence life cycle from there we're going to move on to processing and exploitation we're not going to do any exploitation or really any processing processing is about taking the data that you gathered and starting to interpret it you're starting to process the data okay that moves into analysis and production which is similar in the sense that you're analyzing the data and you're putting it into i guess an intellectual form you're starting to take all the data points that you've gathered and you process and you're saying hey this this data point ties to this data point that ties to this data point and this is why okay and then you produce a report you produce some sort of document you provide that and you put that into the last phase which is dissemination and you present that to your client or your customer whoever it may be that requested the information and you make sure that they can understand it so from the get go this is a never-ending life cycle okay and this doesn't have to be done in a specific order you can start doing your planning right and then when you get into the collection phase you might realize okay i'm starting to gather some data but i don't know how to what to do with it go back to planning and add more stuff in right do more planning go back to collection or you could be processing the data and analyzing the data as you're collecting it and then going back and collecting more data to provide more evidence for what you're collecting so this life cycle is always ongoing i just want you to understand that this life cycle exists this is one of the core things i think that are taught in most intelligence type courses and we're briefly going over it i feel like you could do an entire course on this i just want you to understand that in this course we are primarily going to be on the collection phase we're going to do a challenge that gathers some information and we'll analyze some of the information and then we will put that into a report and understand what a report looks like but we're not going through the full life cycle in the in a true sense we're going to work work more on collection phases but i want you to be aware that the life cycle exists and that it's super important for the intelligence field so that being said we're going to go ahead now and move on to the note taking part of our course before we can start diving into the meat of this course i want to make sure we talk about taking effective notes there are a lot of different note keeping tools that are out there and i kind of want to show you some of the favorites that i have show you a little bit about how i take notes and just give you an idea of how you should be working through this course and taking notes and even with your ocean and when you're doing ocean on somebody else how you should be taking those notes as well so the first thing i want to point out is i'm going to show you my notebooks and then we'll kind of get into tools so here's one notebook that i've used if you've ever taken a course with me you've probably seen me point this out and this is called keep note now keep note is quite old i think it's seven or eight years old since the last time it's been updated so there is a little bit of dating to this but it's still very effective i like using it and it's just very very simple so you can see here at one point i was studying and i have group notes in here for different things but i was studying for cyber arc and i was studying for psychotic which are different privilege access management tools and i was taking notes on these so i was watching some videos and there were different things for these different potential exams or courses that i was doing for cyber art and they had different sections so what i like to do is like to come in here and say okay here's this exam i'm taking so you could see a csp and then they have different subtopics in those subtopics you can have see i just numbered them one two three whatever but you can also come in here and just create a node so say there's a sub-topic of a sub-topic you can also come in here and just create a new child page and have a sub-topic here and you can just say something like subtopic right and this is great so what i come in here and say is i'll take maybe screenshots of something that was interesting like a slide i might put some notes in here for myself and i'm not going to come in here and tell you exactly how to take notes i'm coming in here and telling you how i take notes and giving you ideas if there's something that works better for you if you're not visual i'm very visual so i like to see instead of typing this all out i like to see kind of a picture of everything so you'll see me take a lot of screenshots and pictures of different tools and then put them into my notes because that's how i remember things unless it's something that specifically i want to copy and paste and i'll kind of show you that as well but it's good to have good notes organized easy to click on if i want to know something about devops i just come in here and and click on it and read more about the cyberark devops now this is keep note keepnote is fantastic but i understand people don't want to use an outdated tool or they're not on windows or something else so oops i just pulled it up and then clicked off of it so maybe you want to use something different this tool is called notion now notion is a little bit different from a note-taking perspective but you could still resolve the same thing there's a lot of nice templates here where you can actually have it you see i have a workspace you can have this in the cloud you can share links out you can say hey i want to share my notes with somebody you can have that out there or you can make these private it's very very flexible but you'll see that i do similarly the same thing like here's web app stuff these are just my notes but you can see i have some notes on graphql i want to see more about graphql here's when i was studying graphql i came through here and again i'm very visual so i was taking pictures right and this just helps me i can go through it's almost like a slideshow and then i take some notes here if i need it if i'm looking at cross-site scripting maybe i come in here and i have different things i want to look at like here's more within cross-site scripting stealing cookies okay now here i've got actual code put in here and i could just come copy this code if i want to and these are different ideas about stealing cookies that i've written in my notes i take pictures etc so there's different ways here to to do this right now before we get into the note taking tools i also want to go back and i want to show you um one other part that i think is very important so let's go to the subtopic let's say you're typing some stuff typing some stuff right you've got notes and you want to take a picture a screenshot of something i use a tool called green shot now a green shot looks like this you can take a print screen you can see that this comes up now on the screen and if i want to like copy something like this and this copy actually that was terrible let's copy like the side of the notebook here i want to copy the side of the notebook i can hit copy i can open an image editor let me show you the image editor you can bring it here and there's some nice things like i use this to this day when i'm doing assessments or any sort of just nice picture taking you can come in here you can add border you can invert this if you want to or reinvert it there have your border right you can highlight different areas like say i want to point something out specifically this is very nice if i want to obfuscate some data i can come in here and say oh that's very sensitive let's go ahead and obfuscate that so there's a lot of flexibility in the tool and i'm not going to walk you through every single thing i'm just saying that there's a lot of flexibility and ease of use here that is great for note-taking then you can save the file or you can just say copy so say i want to just copy the image now i can take it back and put it in my notebook and there it is i just pasted in my notebook super easy stuff so you're able to snip exactly what you want there's editing that you can do you can take full screen pictures all kinds of stuff just with this tool okay so fantastic tool now let's get on to the tools here i've highlighted a few and i've highlighted keep note so keepnote.org you can come here you can download it it does work on windows linux and mac os if you want to use that absolutely fine other options cherry tree very great cherry tree is kind of like the updated keep note you can see it's very similar let me make this a little bit bigger here you can see that it's very similar on the side here where you have kind of that parent node the child node extra children underneath whatever the verbiage is for that but this is exactly what it looks like so you can come in here and type all your stuff i think it's great um there's different themes and and stuff that you can organize here as well if you don't like the dark theme or the light theme however you want to take it one note of course is great you can store out in the cloud fantastic if you use microsoft onenote i think it's awesome notion is the one i was showing you notion.so same deal i think this is fantastic being able to publish your notes in the cloud great idea joplin is another one i hear very good things i've never used this but here very good things about joplin so again just expanding the horizons if you use one of these great if you're not into note-taking get into note-taking i'm going to provide you a bunch of options if you look below this video you will see the references okay the references will have all these there you can pick one you can pick all of them if you want play with them see which one works best for you now green shot green shot i believe is for windows only so yeah it's windows pc if you do not have a windows pc then there is a tool called flame shot flame shot you can use on linux okay and i believe it works on mac as well you can see the different options it has like where you can click and just grab screenshot here it's showing you right here about all the different things that you can do same thing as green shot flexible easy to use very very awesome when it comes to note-taking so that's really it i just wanted to kind of walk you through these things again i will provide the links and the references below but if you aren't taking notes take notes now there's going to be a lot of information that i'm going to provide to you and it's going to seem potentially overwhelming there's a lot of websites a lot of methodology etc you're going to want to have a good concise notebook when it's all said and done so that's my spiel hopefully you listen i can't force you to take notes but i strongly recommend it so that is it for this video and this section i will see you in the next section when we start talking about sock puppets alright now let's talk about sock puppets if you've never heard the term sock puppet before you can think of it as this online identity that is not who you are or it's a misrepresentation or somebody you're not that's the most simple way to put it you think of a sock puppet as a fake account alternate identity etc and the point of having a good sock puppet is to not draw attention back to yourself okay so if we're doing say an ocean investigation or if we're looking into research or we're looking into other people our goal is to never let the person know that we're looking into them so ideally we're going to create this fake identity or fake person and this fake person might have a twitter account might have a gmail address or proton mail or something along those lines they might have a facebook and this should never tie back to you meaning it should never really tie back to your ip address it should never be used on a device that links to your personal information should never be used on a phone that ties to you there's a lot of depth that we can go into to avoid tying our name to a sock puppet but the purpose is really to be able to have an account that looks legitimate so that means creating content on these accounts um you know making sure that you don't just create a bunch of fake accounts and then start doing research on somebody there should be some history to these accounts we need to make sure that if we have a twitter that we're posting on twitter if that were on facebook maybe we have some facebook connections and we post on our wall you know we need to make sure that we establish some data to us and so that we look more legitimate okay but the the main goal of the sock puppet is to do research and to try to investigate others or use the internet or etc there's a lot of purposes but for ocean to investigate others without being able to identify back to yourself and we're going to use that in this course at least just as an introduction i'm going to teach you the methodology and some of the steps that i would take and then we're not going to go through all those steps because they're incredibly on the paranoia side but they're a good practice but we're not going to do that for the purpose of this course i'll introduce them to you we'll walk through them but there's no purpose for this course that you're going to need to do those so this is a brief introduction of what a sock puppet is why they might be important and the next video will actually walk through how to create some sock puppets okay now let's talk about creating sock puppets what i want to introduce you to are a few different blog posts and i'm going to link these down below these were essential for me when i was learning about sock puppets and why they were important and the differences between types of sock puppets and all that this is extra homework if you would say okay the first one is from jake kreps i think he does a very good blog on how to create sock puppets uh the methodology is pretty straightforward and there's some things that i really kind of want to point out um skipping over the methodology he kind of talks about the different types of sock puppets that you could have so saying right here he's talking about there's two different types of talk levels you could have a sock puppet that is a full-on you go all the way to make sure that you have this person that you create or this persona that you create that is fake they have that history were talked about in the past and it takes a lot of time now your sock could be identified there are there's what's called sock hunters they could easily pick up on you and say hey this person's a sock let's just uh you know acknowledge this account as a sock and then your whole persona's gone you have to start all the way over again okay another thing that he points out is there is something else there's actually known sock accounts he points out a really good one that i've known about for some a while here is shakira security right shakira security is not shakira right but it is an account that has 2500 followers it's somebody that posts relevant information and they are respected in the community but nobody knows who they are they're obviously they know that this person is not shakira they know that this person is a fake personality but they're still respected so there's a couple ways you could take the sock accounts for this purpose and what we're doing this is for investigative purposes so we're creating a persona but you could still have this kind of secondary option where it's an account that you can still relate to ocean it doesn't have to tie to you there's quite a few people in the industry that have these sorts of accounts that are very popular and you have no idea who's behind the account so something to think about but for the sake of creating an actual sock puppet we're gonna kind of take option one and go through it i think this is a fantastic read i think it's really good to point out he kind of goes through his steps and what he would do i think it's great i'm gonna link that same thing with this another article on how to create a sock puppet what a sock puppet is i think it's important i'm providing my methodology and what steps i would take i think it's important to understand other people's methodology what steps they might take what they might do in their process and their thoughts through it okay this is very beginner ocean i'm not trying to take you down the depth of the rabbit hole that could be a sock puppet i kind of want you to understand the general basics why they're created how we can do it and kind of go from there so there's also this great reddit post here let's block these notifications that goes on and just says here's his process for creating an account and i found this about a year ago and i thought you know this is perfect this is something that is absolutely in my wheelhouse so what i want to show you is kind of what it is why he walks through it this way we're also just going to kind of generate some random stuff figure this out on our own and then we'll kind of go back to his details and i'll explain some of this because we're not going to go out and buy a sim card we're not going to go out and buy a phone but there is importance to this so i think that you should read this i think that you should understand what the next steps would be if you were doing these things and how you can take this even further but we'll kind of talk about creating our identity first and then we'll come back to a thought like this okay so the first thing that we're going to do is if you look below the video there is a fake name generator dot com you can click that link you can also just type this into a browser and we're going to generate a random person now you can come in here you could say my person is random we could be a male we could be a female we could say you know we are american from the united states blah blah blah we can set different types so for the united states we have american or it says american and hispanic but here we are american and there there's thought here too one of these articles if you take the art of the sock article here talks about the benefit of being a female because men let's face it are gullible especially when there's a female around there many of the great ocean and social engineers are women they're great at it and i feel like men we are we're vulnerable so having a woman personality regardless if you're a man or a woman could be a good idea again these articles go into the reasoning and the why and i think they're great so but here let's just say we generate somebody at random shows up to be this roger t davis you get all kinds of great information here you can get a fake mother's maiden name social security number coordinates uh phone number birthday let me make this bigger just so everybody can for sure see it you can have a fake email address all different sorts of stuff here right passwords whatever you want i think this is really great it's great for just kind of getting some ideas and maybe tailoring this person to who you want to be so let's say we have a roger say we come up with roger roger is going to be our personality and what we're going to do so we could take roger and we can go and maybe create a picture for him um there's a great website here that is this person does not exist so you can see here that this person there's a person here but this is completely ai generated okay so let's refresh this until we maybe get somebody that we feel like might be a roger uh so we've got this guy maybe this guy could be it we do have an age on our persona it doesn't really matter okay 64 years old obviously this isn't going to be him but we don't have to keep the age or date okay it could be a younger roger if we want and then we could take this picture and the nice thing about this picture is if you were to put this which we haven't covered it yet in the course but if you were to put this in a google reverse image search or you were to put this in like a 10-i or a yandex this image does is not going to come back this person doesn't exist we have seen failures in the past of where sock puppet accounts or fake accounts use somebody else's photograph right we've all heard of that when we talk about like online dating we've heard of the term catfish right uh catfish being somebody using fake photos to catfish other people or act like they're not you can think of it the same way a lot of those people have been busted and if you watch the show on mtv which is actually called catfish you will see that they go and they actually take the images that people have been sent and they put them through a reverse image search to see if those have been found a lot of times they'll pick up fake accounts or fake people because they'll tie to other users and that's exactly what you don't want to have happen again remember if you put in a lot of effort into your stock account you don't want your stock account to get immediately busted by having a fake or reverse image search identifying you as somebody else or a fake person so this is a great idea to come in here and have an image fake persona etc this person does not exist once you do that it is recommended that you get things or start tying this person to accounts that do not tie back to you whatsoever that could mean using a laptop that you would use specifically for your investigations that does not have any you would never log into your personal twitter your personal facebook whatever accounts you have you would never log in on that account would never tie to you okay that could mean also going out and getting a burner phone a lot of people in ocean recommend having a burner phone if you're doing investigations now this course isn't related specifically to investigations as stated earlier i'm not an investigator though i have done some investigation work this is just a broad view of ocean as a whole there are much deeper topics on this subject but what we can do is say we want to go out and buy a cell phone we can have this privacy.com credit card okay we can go buy a burner phone we can use a credit card like this and if you were to log in or sign up to create an account here what you can see behind the scenes is that you have the ability to create credit cards let me actually bring this up okay so here's an account i created and what we have here is the ability to fund this card okay and then you have a virtual credit card you can have as many virtual credit cards as you want this gives you the ability to have a spending limit to have say like there's a subscription you want to try out for 9.99 just as an example and you only want to try it out for a month we're so terrible with subscriptions sometimes we just let them go i've got an audible subscription that i have just let sit and charge me 15 a month for the last five months now that i still need to cancel this would be a great alternative use a virtual card it goes to charge you the second month it doesn't work you have your a card that doesn't tie to your name or your identity or anything else it's all virtual this is perfect so say you want to buy a burner phone say you want to buy a sim card for that burner phone now you'll see that people recommend mint you can use a mint sim to use in your phone you can get it off amazon and you could take that path and this is exactly what this person recommends here right they recommend using a mint mobile setup they're fairly cheap they said it's five bucks on amazon to get two sim cards you can use your phone then to go and use it as a phone verification method so if we think about like facebook or sometimes twitter any of those things you're going to want to set up either verification or two factor or whatever and the goal here is to use these accounts to actually or use this phone to actually sign up for it as soon as you're done signing up you change those over to something that you control like a google voice account and then you you get rid of the sim card you never have access that sim card again destroyed nothing is related to you okay again highly recommend reading this but the idea here is that you create things that don't tie back to you so with that being said the other thing that's important to talk about are ip addresses ideally you do not want to do this on your own ip address okay you do not want this to tie back to you when you're creating these accounts you don't want to tie back to you you could in theory use a vpn the vpn the issue with vpns is places like facebook and other sites might pick it up that you're on a vpn want additional verification and then you're kind of sol if you can't provide that because you have a fake account so you need to be cautious about using vpns try to identify vpns that maybe would work if you're trying to create a full sock account ideally it should be in the location that you're trying to do it in so if you're doing a say you're in st louis missouri in the united states if you're in st louis you're saying your character's from st louis then you should ideally use a vpn that could get you into st louis and create those accounts so that you look like you're coming from where you are same thing with the phone number you should try to get a phone number out of st louis make your persona as legitimate as possible okay now mobile networks work really great you don't have to be on uh your home network you could be on a mobile if you can't use a vpn or if that's getting picked up so just think about things try to create them through now what i want you to do is i want you to practice i want you to follow this setup as best as you can don't go buy a burner phone don't go do any of that unless you absolutely want to practice this full fledge again we're not going into the weeds in this course we're scratching the surface if this interests you then dig deeper go further i fully encourage it but for right now just go create a fake persona come into the random name generator create a fake persona create a fake picture make an account make a twitter make a facebook make anything that you would want don't worry so much about the ip address don't worry so much about the phone number i will tell you this is from personal experience the very first stock puppet account that i created i used it on facebook okay this is a life lesson i use it on facebook i use it on facebook and then i never had any issues with it until the day that i logged into facebook with my phone immediately it started pulling down contacts and people who i may know and that ties me immediately to those other people from my phone okay and guess what happens on the other side people that i know or may know are seeing me pop up as who they may know and this person doesn't exist obviously but why am i showing up so you need to be very cautious about not logging in with your phone not logging in anywhere that is not tied to you don't search people on your sock facebook account um if you don't need to don't search people that are related to you or anything use a separate account for that even if you have to but um think about creating a twitter facebook maybe an instagram maybe a linkedin you can create these accounts for the purpose of this course i'm going to be straight forward with you i'm going to use my own personal accounts we're going to do osun on my own personal accounts i'm going to use my twitter account when we're doing twitter i'm going to use well i don't have a facebook so i will create a facebook account but i'll show you how to search through things using my own stuff but for the purpose of correct opsec for the purpose of doing this the right way you should be thinking about the things i'm telling you read through these three articles that is definitely your homework read through these three articles take time don't just jump into the next video really take time to think about how you create a sock puppet how you would go about it and understand why it's important okay i understand why it's important there's more meaning to a sock puppet beyond ocean investigation there's more meaning beyond this course i just want you to understand why we're doing it what the purpose is and how you can do it effectively okay so from here we're gonna go ahead and move on into our actual ocean stuff so we're going to start off with some search engine ocean and i'll see you in the next section when we dig into that now search engine operators and search engine osent so what we're going to be looking at is pretty much the first step that i would take when i'm looking up somebody or something or business or whatever it is that i'm investigating or researching i typically go out to a search engine usually my preference is google here in a second i'm going to show you a bunch of different search engines we'll kind of talk through them and we'll talk through the different operators and of course i will provide references and i'll provide even some cheat sheets for you to look through these different operators and search engines and you can apply those how you see fit so let's go ahead and switch over for this part of the course i'm going to start using my linux machine there's no expectation for you to use that i'm just using that because i have my firefox and we're going to eventually transition into linux a little bit later but for right now i'm just using the browser you can use it pretty much wherever you want so what i've gone ahead and done right now is i've searched my name i've searched my name here in google i've searched it in duckduckgo in bing yandex and then a couple more search engines down here okay so i've got baidu actually this is just yandex operator so i want to show you the results and kind of why maybe i have some preference towards google but i'm searching myself so i'm just searching my name here into google you can search me if you want you can search yourself however you want to do this and what comes up is twitter linkedin udemy these are all me um innocent lies foundation that's me all these are me uh the cyber mentor veteran sec wild west hacking fest reddit yep it's this is all about me the only thing that's not me is this here uh search is related to me uh my net worth udemy age twitch twitter linkedin oscp so um yeah these are pretty much all about me if you come over to duckduckgo which is more of a privacy-based search engine it kind of gets a little bit different here you could see that it comes back with me pretty much right away and then you see twitter linkedin innocent lives foundation again then we get herbalife somebody in south carolina a doctor heath adams from tasmania and then a bunch of different pictures most of which are not me so it gets interesting it's not really picking me up as much as it was now i'm i'm down here again some of the other ones down here tcm security udemy those would be me any of these are not related to me whatsoever um so i do think that google does a better job and you'll see again here i'll kind of breeze through this the first few are me this presentation is actually me these are not and then again looks like it goes to south carolina and just different kind of more people search people ocean record type deal which we'll get into a bunch of these later um but it's picking up other people it looks like yandex is a russian based search engine it actually does a pretty good job of picking me up in the next section we'll kind of talk about yandex and why where i find it more important or where i find it more useful in terms of being a search engine but for for now i don't really use yandex for um operator searching i use it more for image searching which is the next section and then here you'll see baidu i don't really show up this is more of asian based and it doesn't do a very good job in my opinion for if you're searching anything us-based or even european-based i don't find this to be very great but i want to point it out because obviously we will have asian students if you use baidu great a lot of the operators i'm going to show you pretty much flow through to all of these okay so i'm going to search on google but most of these flow through across the board again i'll provide references and resources so that you can go ahead and check these search engines out try it on your favorite search engine give it a go for the most part everything's the same there are some slight tweaks and operators but um for most of what i'm gonna show you holds true okay so let's go back to google now we could take a look at some things i want to search and we'll just go through my life recently so in my life recently i am going to go back to undergrad i'm working on getting some classes for my phd and i am planning on attending wgu so wgu is the university now with wgu there's a bunch of courses that are in this curriculum and i kind of want to know more about those courses i kind of want to research those courses and find out information and what i might do is i might say something like wgu calc one like i have to take calculus one right so calculus one and search that now what should come back is a wgu page you can see that there's reddit there's videos on youtube there's a course hero so it's kind of just all over the place there's some flash cards and what i kind of want to find out is well what is what is wgu's course called well it looks like if you ask me well we see c282 and then we see a c958 so i'm thinking within the last year or two here it says 958 so maybe here i want to say something like wgu c958 because we might get some different returns on those results and now you're seeing okay so we're getting calculus calculus calculus and maybe because we searched calc one we didn't get all of these um so we're getting different types of pages here just by changing our search results just a little bit another thing that we can do is say like i really don't care about seeing wgu's website unless i want to see the course study like maybe i am after wgu maybe i am after some other things but here i'm actually interested in reddit so i might type in reddit which will help a little bit like it'll bring up reddit posts but it might start bringing up other posts that aren't via reddit so what i like to do here if i'm searching something i might just say site reddit okay so you type in site reddit and i messed that up reddit.com would be the correct one sitereddit.com and then you come in here and you see okay now all we're going to get are reddit websites okay reddit websites only so anything that's a reddit.com we're going to come here and we're going to see so now i can say okay wgu c958 sitereddit.com um maybe i want it to include maybe i want to say you know i want everything included to say wgu and c958 maybe i want it to be like that okay so now it might change things out what we're looking for is the term wgu which is showing here in um in the address bar and then it's also going to control with c958 which is going to show somewhere in here so somewhere in here c958 and wgu now maybe instead of saying and with the operators i want to just have these combined i want this search term to be like this so it has to be in this order this is specific we're putting quotes around it so we say wgu c958 and we don't find anything all right so but here's an example you see the c958 calculus so if we typed in c958 calc you list just like this on reddit now we're going to find some stuff where it shows c958 calculus in this order okay so we can narrow down searches like this and it's really nice so we might come in here and now i can go to specifically what i want to see on this reddit page and there could be something like i know for a fact let's take away let's take away this but i know for a fact that there is a professor that is on youtube called professor leonard for this okay and professor leonard teaches calculus he's known as a good resource for teaching calculus and a lot of people use him at wgu maybe i want to find every post on reddit that references calculus and professor leonard or maybe just c958 because just like that and let's see what we get we get 139 results okay but now we see okay professor leonard professor leonard is in here c958 is in here if we wanted wgu to be in there as well we could say and wgu and just like this now we have conditional operators we could say c958 or professor leonard on reddit so maybe we bring up different pages so look this one now has changed this has nothing to do with wgu somebody's just saying professor leonard is better than khan academy when it comes to calculus okay and then somebody's talking about they like somebody else better than professor leonard nothing related to wgu here because we changed that or operator right so these things matter these things change there's a lot of different things that we can do with these operators now this is a wgu example but maybe we want to um maybe we want to look at something different maybe we want to put a wild card in maybe you want to look for me you know i'm i'm heath adams you're going to put me a quote and you see people call me the cyber mentor but maybe you're like i don't remember what they call him maybe you know he's the something mentor you could say something like the wild card mentor and that will start bringing up anything with that wild card there so you can wild card here and look for the and mentor and you'll see cyber comes up okay this is another way to look for different things now we can start getting investigative say i'm looking for a an organization i'm going gonna pick on tesla i like picking on tesla because i love tesla say i'm looking for tesla and this is actually something that happened i was reading in a bug bounty not that long ago there was a bug that happened where somebody was searching for passwords on google for tesla they happened to find one that hit the search engine it literally hit within like a day or two of them finding it and it was only it was only there for a day or two they found it it was credentials that allowed them to log into i believe a a help desk type deal like a service now and they got into their ticketing system and they gained access to to sensitive information at tesla and you can absolutely do this with the search engine so i kind of want to show you now how we can take a search engine and start maybe hunting a password or hunting something along those lines so what we might do here is say we're looking at tesla so we know we want to look at site tesla all right so sitetesla.com and maybe we'll want to look for the word password and that's going to bring up some it's okay we get the we get the reset your password um you know this is going to be perhaps not really great for us we could probably improve this right maybe we're not going to look for the word password in a regular website like we're not going to look for here maybe instead we want to look for it on like i don't know a pdf or maybe like a docx or maybe an excel or csv so we can come in here and say like file type okay and now we can say file type pdf so we're searching is we're saying hey i want to look for the word password in the site tesla with the file type of pdf hit enter you get 83 results now all we're seeing are pdfs with the word password now pdf might not be the best one maybe you know they stored it in an excel document so xlsx like this hit enter and let's see we got nothing back all right so that didn't work maybe we can try something else what if we just deleted the term password just as an example okay and what's coming back is that there's absolutely no excel type files here on tesla so that's interesting but if we were to search this maybe we'll search like docx instead okay there's there's two files here um there's an investor relations file in residential electric vehicle okay so nothing nothing great here but some ideas that we might do is we might say something like xlsx we might say password and maybe password's not it maybe it's pass like this or maybe we're looking for pwd or something along those lines you have to think not just the word password but other alternatives of it okay so you can start really narrowing down but you don't have to be looking for just a password in excel document you could perhaps just find a sensitive document here i've seen all kinds of crazy stuff pop up when i'm looking and you don't have to limit it to the website you could say hey i want to look at pwd xlsx for anything that just says tesla.com in it and see what happens there we get one result so here's an excel file from the epa.gov there's pwd id and we have no idea what this is so we might want to dig into that we might want to say something like pass in here and this is how i would research this this is literally how i would go if i had a client i would look through for this client i would say can i find a password related to anything that they have anything sensitive that they're leaking are there any documents out there that might be of interest to us and go through all of these types of deals now like i said there was a bug bounty that was found not that long ago just by doing this same methodology now there's more things that we can do say that we're looking for subdomains of a website now if you're not familiar with subdomains you have like a www.tesla.com but i also saw something come up like ir.tesla.com or forms.tesla.com these are all sub-domains of the tesla.com website so what you can do is you could say hey i want to look at sitetesla.com but i really don't care for the www please don't show me anything with www in it and now you can see that takes out anything that had www in the front so we have shop we have forms appleizer or app player sorry more shop more forms maybe you know i i know about the forms i don't care about the forms they're wasting space in my search results let's take those out and look 61 000 just went down to 79.80 so now we get shop and you could keep going through here now like we found a live stream api so this is a good way to come through using google and just finding uh potential sub domains here that we didn't know about if we're investigating a website and we're doing some sort of investigation there which will cover website ocean later on in the course but these are just kind of overviews of how you can take these and just kind of manipulate that but it's the same thing like if you wanted to search for me again say search for heath adams but you don't want anything related to the cyber mentor maybe you can get rid of that maybe you can get rid of also the word mentor and just kind of eliminate a lot of these things so where have i been potentially or maybe you don't want me you don't want anything to deal with me you want somebody else okay now you're pulling up heath adams partners and lawyers remember we're seeing that on other pages dr heath adams he thousands on facebook scholar cardiologist so now you're starting to see different people different results i'm not here anymore because you took me out of the equation so these are just again different operators that you can use and throw into the mix that would be incredibly useful you just have to think about the logic behind how you're going to do things now there's a couple more that i want to show you before we wrap it up here so we can do something called in title in url in text i like saying things like this like look we could look for in-text so we're say in-text password i want to see if there's anything related to me with the with password in the text so you're going to come through here and see where what do i have related to password um so i've got some things here with uh breach parts which tool i wrote some things that we were talking on twitter i was saying something about password on twitter now this could be a way to search through my twitter if you wanted to you could say i want to see if heath has ever said if they ever said the word password on twitter so site twitter.com or we could say the cybermentor site twitter.com and start looking here so like here i was talking about i love political season password spraying uh you know like there's different things here that i i talk about and you could find that for me so that's in text now we could say something more like in url now inurl is going to be looking at the url and seeing if the word password exists there now it's not going to for something like twitter let's see if we can find url and a password there's not many great resources here so it really just depends like these are just weird websites that are showing up but if there's a hunch that you have something is in the url it's always good to know um you know the in url exists in text is probably my most commonly used one because i could just search for a term that i want to show up on that web page and i know that i need it to be there so in-text is great but if you have the same situation within url that's great another thing is in title so you could say in title password so we should pull up some results here 439 so here in the title you can see um that password shows up so anywhere where password shows up in title you're good so there's a bunch of different options that you can do here okay and i think that these are i think these are great um i actually don't even know what this site is so something somebody wrote a blog on a hacking tutorial and uh it looks like they've got you know different types of hacking here that somehow tied into me so it's very interesting to see some of these things when you're searching yourself and searching for other results all right one more thing last thing i want to show you mostly everything that i've shown you at this point is something that you can utilize on all the other search engines so if you find difficulty or something not particularly working very well definitely check the cheat sheets but for the most part everything's about just about the same now if you don't want to go through and deal with all the operators and remember them which i think you should i think it's great practice it really helps those who can google those who can search very well will do great things google has has paid for my education google has paid for my job google has made me who i am today i'm not even kidding when the first interviews i'm sidetracked a little bit one of the first interviews i ever had i had a job interview for a help desk position and he said what would you do if you didn't know the answer i'd say well i'd ask somebody or i'd google it and his response to me was that's perfect i say that i feed my family on google and that stuck with me because it's really true the better that you can do research and really hunt things down it becomes so useful just beyond ocean beyond this here it becomes incredibly useful but okay look all the things that we've been talking about here we have this google.com advanced underscore search all you have to do is come in here and type the words that you want so say we want heath adams all right so you would say this exact search you put it in quotes heath adams it's telling you how to do it any of these words none of these words so maybe you don't want www like we talked about you can come in here and say site or domain and you say um you know we'll look at twitter twitter.com and we'll just see actually we don't want to eliminate www because that might not show up anything then you type in an advanced search and what's it do for you it does it for you it's amazing everything is here for you you don't have to put in the quotes you don't have to put in the site uh and if there's things that you're trying to think about that maybe you're like you know i really want to narrow this down to a language i want to narrow this down to a region a certain time frame etc and that's one other thing that i could show you too is if you come into the tools you can look at any time past hour past 24 hours i think this is fantastic so what have i posted in the past week on twitter you can see four days ago seven days ago et cetera i'm pretty active on twitter you can see what pictures are there um like this is something i posted not that long ago i retweeted this picture uh so yeah there's all different kinds of stuff okay look the osync course uh so yeah there's there's a lot of stuff going on out there right and even within the past week even probably within the past 24 hours so you can find different stuff about me um you know that that's pretty interesting in your cells or whoever you're researching and then you have like you can say all results verbatim you can clear this out i think it's very nice uh we haven't even gotten into news or images or any of this stuff but you can go into images and see what you can find can you find me well that's a little provocative but you can find funny pictures of me that are showing up on search engines um all different kinds of stuff right so i mean it's interesting like that's me that's my wife like there's you to me there's all different kinds of stuff in here those are my cats and this is just just from twitter this is just from what i posted on twitter look there's my dog so you can find a lot of stuff about somebody in a very short period of time with just doing some basic searches you want to find videos about me you can come in here look at different videos from twitter that i may have posted um you know and it's it's very interesting and how this all narrows down so what i want to say and take you i'm going to go back to the the advanced search you can do this here and really think about it if there's a specific region or specific time frame or specific anything here's the file formats that you can search for it's all possible here so think about how you want to search things practice it with this play with this improve with this and the best person to search i think is yourself if there's some stuff that you think might be out there about you and you kind of want to figure it out put your name in google start searching it um search in text with like the first four or five digits of your address for example and see if you pop up or your city or something like that see different things that might show up and see how you search yourself so that's really it for this video and that's really it for this section um from here we're going to move on to image ocean and talk about how we can identify stuff just from a picture so i will see you over in the next section on to the image and location ocean section we're going to start off with reverse image searching now in an earlier section we were talking about sock puppets and i talked about the show catfish i was talking about people using pictures and they're being reverse image searching and possibly being able to identify people who are using pictures that aren't theirs it's really quite easy to do so in this section if you look at the resources what i have done is i've included a picture of me though you can use any picture that you want i'm going to be using this picture right here to kind of show you so i've got this picture right here i'm going to use this in three different search engines to kind of show you what the results are and we'll kind of talk about each of the search engines so i've got this picture this picture i pretty much use on linkedin on twitter etc this is kind of my main go-to right now so what i'm going to do with this image is i'm going to go out to first images.google.com and this will be provided in the resources down below as well but if you go to images.google.com you can follow along here all you need is an image so what we're going to do is we're going to take the image and we're going to just drag this in here and it should search let's see what happens when it does that it identifies me as the image like 237 results and it says you may be looking for heath adams this is what tied in so what it's looking for is any image right now that matches this specific size and then it says hey let's go ahead you can say i want to find all sizes i want to find this picture small medium and large and there's some pictures that look kind of like me but aren't me uh so your results may vary when you click on these but when you come through here it's absolutely me right like you see here okay you're pulling up heath adams if we were to go to twitter and check it out we could confirm so if we're playing like a scenario based situation here where say somebody decided that this was a great picture they're going to use this as their sock puppet or their dating profile and we're suspicious of this account so we just take this picture throw it into a reverse image search and see what we can find so here's what we found we found hey this belongs to me and you can also find different areas where i it might be here so like you have the same options by the way you can use this photo and say you don't want anything from twitter you could take out twitter.com as an example and then just see results now for linkedin for udemy and there you have these results and then it will go back to filtering down to twitter and everything else once it runs out of options so these are matching images but not exact matches to this image so it depends on how you want to narrow this down but with that being said we can do this in another location two other locations there's uh quite a few reverse image searching these are the three that i use the most um if i don't find it on one of these three it's maybe probably less likely that you're gonna find it in my opinion it doesn't mean that one of the other search engines won't have it it's just unlikely so yandex has come back again and we talked about endx in the the search engine osen section and now we're back to yendex.com all i did was click on images and i'm going to drop this image here as well we're just going to see what happens i've actually not done this so let's see what happens what i do like about yandex is that not only will it pick up this picture here but it will pick up similar images of this picture what that means and where that's useful is say that you're trying to hunt down somebody and i've had this happen with missing persons and when we're doing trace labs and things along those lines for those competitions if you dump this into yandex maybe that's the only photo that you found is the only one that exists of that person but maybe just maybe you have them show up again in another photo that's similar um it could be similar time frame like similar like say it was just second part of this headshot or like an off take or something along those lines or it could be a similar that same person in a different picture but because it looks or the features so similar they use this matching mechanism to say hey i think this is who it is so that's what's going on here they're trying to match this person you can see that it found it here on these websites which it looks like it's pulling up this tw ugi which is off of twitter it looks like if you come here and you click on this you can click on similar images and see what pulls up and this is on tw stock so this is some sort of twitter stock type deal here that it's pulling up so you could look through the picture say you're looking for other people this is kind of where you have to kind of eyeball it and say hey does this person exist what are we looking for here click back on me and you could see maybe there would be some sort of similar images but there's not so it's just kind of giving you ideas it's not perfect but sometimes yandex does a great job of picking up other pictures that you just wouldn't have identified because where they're looking here a lot of the times for the exact photo and here as well for tinei which i'll show you in a second yandex is looking for more than that they're looking at slight variations and not just the same photo but slight variations of that photo or photos where it could be that person so this is always good to look through and see if you can identify that anywhere else now the last one i want to show you is tin i tanai is great you can just come in here and say hey upload so 10i.com you come in here and you do a reverse image search and this one i did try out and you can see here that look it doesn't do as great of a job as google does um i think google does the best here but 10 i can find something perhaps different like look i found this technologysolutions.northstate.net what does that say well if we click on this and say i'm your subject and you're researching me well you just found an article written by me in 2018 talking about pen testing techniques so now you have maybe a potential place where i used to work you have that i've written articles you have that maybe i'm a subject matter expert on a specific topic so now you're identifying additional information on me based on maybe a website that did not show up previously so maybe that wouldn't show up here right so you have to be aware and of using all of your options and that's why i like to show more than one website yes because a website can go away not that google or yandex are going to go away but it's always good to see alternatives and see why one thing might pick something up and then something might not pick it up on the other search engine so it's always good to use multiple search engines when you're doing googling googling when you're doing searching or when you're doing any sort of reverse image searching and you'll see that throughout the course where we use something different we find a different result so that's it for this video we're going to move on to exif data in the next video now let's talk about viewing exif data what is exif data well exif is exchangeable image file and there is data that belongs to that now exit data can be very telling and can provide a lot of information when you snap a picture there can be data left behind that can be tied back to you this used to be very very true in the older days than it is now as there's more protection mechanisms put in place by cell phones by websites such as twitter location data is very much more secure but it doesn't mean it's incredibly secure you can see here in a second that exif data is prominent it can tell you an exact location it could tell you an exact device there's a lot of details that can be found now i am pulling up a picture that i had stored on my hard drive and i literally pulled up the first photo because i knew this type of photo was taken maybe close to 10 years ago and i knew the data would be there i knew because there were no real thoughts about protection especially when i took it on this device that uh anything about location or date or any of that there's no real thoughts about it so what we're going to go through is viewing xf data you're going to see what you can see on some of the stuff and in terms of exit data in a real world scenario i have seen it as recent as the last six months when doing an investigation where there was a picture that i was looking at and it had data that tied not only to the phone but also tied to the person's location exact location and told me where they lived what type of phone they were using when the photo was taken and it is rock solid when it comes to evidence and it's rock solid when it comes to having something that can be concrete in an investigation so let's go ahead and take a look at this now we can go to a web browser and if you go to exif.regex.info again this will be in the description down below you will come to jeffrey's image metadata viewer now there are ways to do this in linux and we'll show that as we get to the tools section but using our manual methodology here we're going to go ahead and use this website all you have to do is take the picture which i provided a picture in this section go ahead and i'm just going to go to browse pictures and then there's this image here which isn't really showing but i'm gonna load it say i'm not a robot and then we're gonna have to select some parking meters verify that let's see what we can find on this picture all right it didn't like me there in my linux machine so i'm going over to my windows machine and trying the same image i'm just going to view the image data here let's see what happens this time around all right this is more like it so this is a picture of my dog my old dog laila and she um we were going on a walk so this is all i have it's just a basic photo that i took in my my phone at the time we were going for a walk somewhere and i have no idea where we were i really did not know here but you can see some information on this let me actually make this a little bit bigger so you can see that this was taken from an apple iphone 4s so at one point if you saw this on a page of mine or you saw this somewhere where i uploaded it now twitter has pretty good protections in place facebook et cetera better protections nowadays but say i put this like on a website say i had it on a blog of mine or something and the exit data was not stripped out before uploading then you might be able to pull down this information you can see that at some point i owned an apple iphone 4s here's the lens here's the exposure flash was not on when this picture was taken here's the date this was taken on march 11 2012 so you can see what today's day is and how long ago this was uh and you get a latitude longitude okay which i think is super important so you can just click on something like google they take you to any of the maps that you want but google here let's just go ahead and say google and that'll open up google maps and this will tell you exactly where it was taken latitude and longitude and what do you see wildwood toledo ohio so at some point i was in toledo ohio at some point in 2012 i was walking my dog in this park in toledo ohio okay so this can tell you a lot about somebody this could tell you a lot what did we just find out about me i have a dog i took that dog for a walk i have an iphone or had an iphone 4s i at some point was present in toledo ohio on a specific date and time that is the power of exif data okay now if you are curious you can actually scroll down and see the full exit data so it'll tell you pretty much anything and everything you want to know about the picture you got the shutter speed aperture etc but what we're really interested in would be the um the gps information the device type the date that this was taken and this really could help us when it comes to an investigation so this is this is awesome information so if you have a photo of something say it's your subject say it's whatever you're investigating always look at the exit data you never know what you're going to pull down again it's less likely on a platform such as facebook or instagram or twitter as they've started stripping those out but it still doesn't hurt to look when you find something especially if somebody sends you a photo or they were sent a photo it's much more likely to have this exif data in there and again i've seen this in an investigation within the last six months where a photo was sent in a fraud case and we were able to look at that photo identify where the person was at and hand that over to the appropriate authorities okay so important important stuff here and that's really it for this lesson so we're going to go ahead and move on into geographical data and it's going to get pretty interesting and pretty fun in the next few videos so i look forward to seeing you over in the next video up is physical location oh send now as a pen tester and consultant i've done quite a bit of this as we are sometimes asked to do some legal breaking and entering in what's called a physical penetration test so what we'll do is we'll take satellite imaging and we'll look at the satellite images to see if we can identify any useful information from looking at the satellite images and then we can also go out on site and we'll have tools such as a drone that we might fly from a mile away and see if we can identify any useful information so let's take a look at a map and then i'll kind of walk you through what information we might be looking for here so if we look at this map all i've done is go to google here if you go to google.com and then get to the maps section i've gone ahead and just typed in tesla hq so what we're looking at is tesla headquarters here at 3500 deer creek road so if you want to follow along you can if you just want to watch you can as well so it's got pictures here which could be useful if you want to look at the different photographs from you know the ground but you can also come in here and click on the satellite view now depending on the satellite view that you get sometimes you might get an address for our client i've had this happen before where we've gotten an address and the building was so new that the satellite actually didn't even have a picture of the building so we had to go around and i don't have a great secondary but you can go around and just try to look up different satellite imaging and see if there's anything out there that would have a an improved image so it's always good to have an idea of maybe getting a backup image on this just to be sure but if you want to look at this what we're trying to see is how do we gain access to this building what is the surrounding area so if i'm doing reconnaissance here and i'm trying to look for physical ocean i not only want to look at what's going on at this building i want to look at what's going on around here because like i said if i'm driving a drone or driving if i'm flying a drone i want to make sure i can drive to a location that i can fly the drone from and not really seem suspicious so it could be good in a parking lot that could be maybe you know either empty or saturated depending on the building a remote location which it looks like we've got nothing but over here and just somewhere where we can sit and maybe not look so suspicious so it looks like even some of these off-roads back here you might be able to just park and hang out in a situation where you can then fly it across here depending on the actual mileage and distance but anyway with that being said besides doing on-site reconnaissance well with the drone and you could actually drive around if possible just to see if you can see anything physically while you're there but what we want to identify is if you're coming in on this road is there any private access like if i'm just driving down the street and i need to get into tesla this hq area is there a private access is there a blocked path you can think of it like if you've ever seen like the movie theaters not theaters but like the movie sets where they have uh the guard waiting for somebody to check you in i always see that in the movies but if you see something like that where there's a guard desk here and you have to be able to show id and say why you're there to be able to even drive on this is probably not going to be the path of entrance that you want to get through unless you're preparing to do some sort of social engineering so you're looking for does it have any protection measures in place here are we seeing any guards which if i'm driving around the building i'm not seeing any guards is there anywhere that i can park in this parking lot that wouldn't be too suspicious now you want to see okay there's a parking lot here there's also a parking lot over here and looking at a lot of these cars a lot of them look like teslas so especially in the back here it looks it looks like most of these are teslas so maybe you don't want to try to park back here with all the tesla's maybe there's a reason that they're back there maybe you want to just try to park in what looks like an employee parking lot over here this looks like more like visitor parking up over here so my hunch would be that if you're looking at this building this right here is well right here is probably this right here this is probably hq where you're walking in the front door in this receptionist area would be my guess so if you're parking here this is high visibility this is probably high traffic here now what we can try to do too is get lower onto the ground and try to have like a street view if we can and get this person and let's see if we can get into the street view over here okay there's street view so yeah look at all the different teslas around here so we could try to click through and see if we can find anything what we're kind of looking for is uh are there any oh they're not gonna let us click through anymore um are there any doors that might be of interest like do we see a door and what's on the door is there badging you know can we find or identify any sort of like badge readers card readers are employees going to these specific areas to smoke like is there a smoke area back here behind the building because that's a really good place to target as well if you're trying to do social engineering or you're trying to you know just navigate your way in a lot of times employees will just prop doors open or if you go outside and have a cigarette with an employee and you just kind of chat them up they're more likely to just let you in and hold the door open for you and you just kind of navigate once you're in it's better than going through the front door and having to try to deal with reception and social engineering your way in there though that is an option as well depending on the building so you want to identify are is there security here what are the people doing what are the people wearing you can tell like this person is pretty busy casual he's got uh slacks on looks like a dress shirt tucked in uh got a backpack so that's not out of the ordinary looks like to have a backpack nice shoes it looks like a lot of these people are wearing red so it looks like maybe there's some sort of tesla employee dress code if you're working right here maybe these people are doing some sort of you know checking people in and checking people out depending on how it's coming in so maybe driving this way might not be the best area uh here's another person walking right here this looks like a booth in the middle of street this could actually look this could be a security guard area as well so we don't know so it's good this is good to check out and see what's going on so if you try to drive right past here maybe there's a security guard and they're going to stop you before you turn in so maybe you might want to turn in and drive here maybe you want to go around the back where you're looking as well and you can come down this street and kind of maybe look and see what else you can find when you're down here so you can see like the the tesla sign here and the satellite view really didn't offer a lot of that but if we click down and come down this road i'm going to try to click through here real quick but if we come down here and see remember there's that back entrance maybe we can turn him back here and there's no no safety protection measures or anything back here if we can get him back here let's see here's another person walking looks like across the street i wonder if they're trying to get in or where they're walking from uh looks like this is actually fenced off right here so there's no way to to get in perhaps without looking too suspicious there's a tesla coming out of this entrance here so let's see what's going on right here um let's see they've got a gate here and we can't really click our way in so all we can do is best practices look right here and see what we can see so it looks like there's possibly some steps right here possibly leading to a door there looks like maybe some sort of work van um and then there's this gate that's open so who knows if there's somebody that's watching this as you drive through or what's going on so this is where having the on-site reconnaissance either driving by trying to drive through the parking lot or anything along those lines or flying a drone over just to get a feel for where this is at is a good idea as well like there's a person right here i don't know if they're smoking or what they're doing so it's always good to get a feel on site as well but looking at a satellite like this can tell you at least some idea of what's going on what protection measures might be in place and what you might need to do in order to you know attack this building and i'm thinking of it from a pentester physical security mindset if we're doing an investigation it still can tell you about the area say if you're passing an address off to somebody you might want to identify does this person live in a remote location what are the roads that can get into that house or where this person is staying is the area is it remote how would you take the roads in how could you be the most discreet and maybe that's not really your job as an ocean investigator but maybe it is maybe you provide that information to the police but they're probably going to do their own reconnaissance there as well but any information that you can provide for location is really good but i always go to my my hacker mindset so this is an example in a building but you can absolutely apply this to people as well so hopefully that makes sense in the next video we're going to talk about identifying geographical locations which is really difficult to do but we'll talk about some strategies and some potential games if you're interested in playing this and then we can kind of just go from there so i look forward to seeing you in the next video let's talk about identifying geographical locations let's say you have an image and you really don't know where the image is taken there's no exit data nothing really tells you where this image was taken where the person maybe in the image it was etc you just have to kind of figure it out on your own and there's a lot of different things that go into this to help identify geographical locations we're going to skim the surface on this and i'll show you why once we get into it let's take a picture and you hear that a picture says a thousand words it really does here's a picture that i want to show you this is a random picture that i found on the internet now let's say just play pretend that this picture was posted by somebody that we were investigating they said ah look at my new car i just you know i just got this blah blah all right so say we're looking at this this picture what can we tell from this picture what what is out here there's a lot of information first of all let's start with the car okay the car if we look at it we can zoom in a little bit you can actually zoom in a lot more we look at it here we're looking at a cadillac okay we have a cadillac we could identify where cadillac's are sold though it does not mean that this is not imported but it gives us a hint also what about this cadillac it is parked on the right side of the road the steering wheel is on the left side of the vehicle and so this tells us that the country that this car is parked in most likely is going to be a country that drives on the right side of the road we can also see a license plate down here though it doesn't say anything related to a state so maybe maybe this is not in the states maybe this isn't not in the united states maybe this is somewhere else so this could be a hint as to who does their license plate like this so this could be something to look into in research another thing that we see well we see snow on the ground if there's snow on the ground chances are that this picture was not taken in the southern hemisphere there's a good chance that this is taken somewhere where it at least snows or potentially is just a cold location we also have some architecture behind us right look at the stuff that we see behind us we see a church okay we can identify that based on the cross that's right here so this looks like some sort of church that has a tower built into it possibly who knows what's over here possibly that's an extension of the church this also looks like it's a bridge right here we can see the different architecture for the bridge we can see that there's water right here we can also see that there are street signs now we can't read the street signs but if we could maybe we could identify them or maybe we can identify the different things based on the street signs right so maybe the architecture of the street signs or the architecture of the building and there's a lot more to go off of here so there's a lot that can be said or thought of just from this picture now if you are curious this is actually a place called german church in sweden we've actually brought this over for you in a larger image size but you can see that this is indeed the same church same everything right on the water here so we can identify those key features and we can research those features now we could have taken the image that we had in front of us this image and we could have put this perhaps into a google image search we could have put this into yandex we could put this in different places and see if we can identify this anywhere or the backgrounds and we're going to have a challenge here in just a second but before we do that what i want to do is i want to come out of full screen here and i want to show you this game now this game is called geo guesser this is a way to potentially get better at some of this basically what you do is this will take you and put you into a location and you have to identify the location now you get one free play a day unless you pay for this however they do have a free geo guesser game as well if you scroll down just a little bit so basically you could say hey i want to play for free you come in here and play this free version which is just a 2d map and we get brought to a map and you get five rounds basically so now we are given this location which we have to kind of try to identify now there is a little bit of um usage of the map and the details that they give you here that you can help identify where you might be like i think this picture is kind of hard but if you look at where you're pointing on your compass you can identify the uh where the sun is facing whether it's in front of you behind you after you and then you can identify your location so this compass kind of gives hints but we're on a looks like a small road we don't really see much in terms of the buildings it doesn't look like it's um you know a very i don't want to say rich area it looks like it's um you know a little bit of unique architecture it looks like perhaps there could be i don't know if there's water nearby because of how this house is built uh this could be something that's near the water if you would ask me but i'm not entirely certain uh this looks like some sort of flood protection and then we're on just this road we can't really see the cars that much i don't know if we can zoom in but that would be what i want to look at are there any lines in the road are there any street signs what can we identify so from here i mean your guess is as good as anybody as to where this might be without using the compass location and identifier i would guess this is somewhere somewhere on the water i'm just gonna throw this somewhere random over here and see if we can't figure this out but uh we'll put this like i'll say like virginia beach area even though i don't think it is and it'll tell you where it is um and we weren't we were kind of okay we were definitely look it's definitely an island um obviously it wasn't virginia beach but here we were we are by the water um and yeah we can identify some features that say hey you are by the water and then you come in you play the next round and you get another picture and you try to identify so now when we see this what can we identify well we can identify that there is um you know we can identify the language here on the building looks like it could be spanish as my guess i'm not a language expert by any means you can look at the buildings that are right here as well and just see if you can identify any writings um any sort of vehicle how they're driving they're driving looks like this could be a one-way street so this maybe isn't the best idea uh as where as for how this would be but you could also look at the road signs look at the different um stop lights that are here as well and the you know different surrounding areas and what we're looking at so if i had to guess this would be some sort of spanish-speaking country although i'm not sure i would put this somewhere maybe in in spain over here but i wouldn't know exactly where this would be so i'll just say it's madrid and we'll guess i was very wrong it is in uh it is in santiago okay so this is just an example though i'm not going to say here and play it this whole time but what i do want to share with you is a blog post that i think is fantastic based on this game now this is an incredibly long blog post and i'm going to make this bigger that tells you the things to think about and while it was based on this game and while you can play this game and come in here and try to identify stuff you can come in here and read this article you don't have to read it fully but it just gives you an indication it tells you what what letters are you looking for on street signs like what different types of languages look like what this is telling you how to how to look at it from the compass but if you scroll through here it talks about the different roads um how you know the north and south america have like this yellow line down the middle where europeans have looks like a white line down the middle it looks like dash lines for sweden norway iceland so this is something interesting so if you see a road in your picture also the rumble strips that we have here in the united states and then this will go through i mean i'm scrolling and scrolling and i'm still at the top but this goes through all kinds of information what countries drive on the right side what countries drive on the left side what do the speed limit signs look like in different countries this is fantastic that you can come through here and just say okay i see something i'm going to try to research it based on this and that's really the point i want to get i'm not trying to make you an expert by any means in guessing games here but i do want you to think about how you could start looking at pictures differently when you see this picture i don't want you to see oh yeah it's a car parked outside i want you to see it as oh yeah there's a car parked outside here's the license plate i'm seeing it's in front of a church that has a bridge that's on the water that's in the snow and start narrowing down where these locations can be and this is what makes you a good investigator you're not going to be able to most times just look at a picture and say i know that location but you can dump this picture maybe into a google reverse image shirts maybe into a yandex or go through the identifying marks that you see through a blog like this and really try to identify what it is you might be seeing and this goes through look japanese highways swedish highways all different kinds of stuff so if you're patient and you really try to figure this out like a good investigator you'll have a lot more luck than just pointing and clicking but there are some people on youtube that i watch play this game and they're absolutely amazing where they can just see a picture and within seconds just click and know exactly where it's at so i think that's very impressive anyway that's it what i want to do now is i'm going to show you a few pictures in the next video um i went i went on vacation recently and i want to show you a few pictures and i want you to determine where i was at in those pictures okay so i'm going to show you three pictures i want you to determine what places i traveled to and where maybe i stayed and you'll see that my opsec is not very great so all right we'll see you in the next video when i give you your challenge all right let's play where in the world is tcm part one so let's take a look at these pictures the first picture here is a picture of my wife and me we're sitting on a bench somewhere and we are just taking a little selfie and the next picture is somewhere from a rooftop now this rooftop is the hotel that i stayed in uh during this trip and then there's also this picture of where i was staying during the trip so what i want you to do is i want you to take these three pictures and i want you to identify where i was at where was tcm okay so this picture i want you to tell me the location what is this place called right here in this picture tell me what hotel i was staying in so that i could take this photograph and then this picture all i want you to do is tell me what city i was in so that's your challenge tell me where i was at in the first picture what hotel i was in in the second picture and the third picture tell me what city i was in hope you're ready for this challenge best of luck to you i'll catch you in the next video as we cover how to find the answers to this all right did you find me let's see how well you did so what we're going to do is we're going to take a look at the first picture and i'm going to go ahead and move over to google and i'm going to start with a google image search so i'm going to take this picture and i'm going to drag and drop it over here and we're going to see what happens on the google image search and google image did a very great job of picking me up so this is absolutely correct where i'm at by the way this is copley square in boston massachusetts all right so if you come here i've got the picture it says here's copley square so it says possible related search to copley square let's just take a quick picture of this or a quick look at this and go to images and see what it shows you and look this one wasn't that hard was it a quick reverse image search even though the image was not found anywhere else it still shows you that hey this is copley square and if you look at this picture and i open the other picture back up you can see that sure enough we were sitting right here in park bench in front of copley square okay so with that information in mind let's try to look for the second location now the second location was actually taken off of the rooftop of the hotel that i was in so that's why i said hey go ahead and give it a go try to find the hotel that i was staying in so let's go ahead and just drag and drop this and see if it works in our old google search and all we get out of this is what commercial we don't get anything of use let's go ahead and try looking at yandex as well so i'm going to just go to images and drag and drop and we'll just see if it does anything for us now we can look at the exit data here but the exit data does not exist or it's been stripped out so we're looking at this and let's see if we can identify anything in this picture so this is saying melbourne um given that it's all on the same trip and we have that knowledge it's not likely to be melbourne we can click through here and see if there's anything in here that might be of interest it's just giving us a bunch of city skylines so this time the reverse image search isn't really working out in our favor it's trying but it's not really doing anything and if we close out of this and go back to the image that we have it tries to point out some things to us like saying hey i know what this building is you could try to click on that and see but even then it doesn't look like it's finding the right stuff here all right so this looks like there are buildings in russia which this is a russian russian website so i'm assuming it's going to try to look there first but it's just not it's not picking up the right location at least it doesn't look at the image that we're seeing so with that being said let's go to the image itself i want to look at the image one more time because we haven't done any investigation on the image i'm going to zoom in as much as possible what are some things that we can see from this image we can maybe make out that we're in a city right we're in some sort of big city um we don't know where the big city is but it definitely looks like there's skyscrapers there's tall buildings um and there's some words back here that i can't really read here i can't really read that either i see the something and i see i can't tell what that is i do see some interesting stuff though first of all i see the westin hotel so that could be interesting i see a sign that says 95 to new york so this is saying 95 it looks like that says south to me it's very hard to read but this is 95 south so if i'm 95 south if i go look at a map and look on the highway 90 interstate 95 runs down from north to south in the united states on the east coast so i would have to be somewhere above new york in order for this to happen so that could narrow it down it also looks like there's an american flag flying right here so a good indicator that we're probably in the united states now you can also see cars are parked on the right side of the road over here which is another indicator and then this architecture of this building looks older um we don't know really like there's this building looks like it stands out in the fact that it's older comparatively most of the architectures of these other buildings look like they stand out as maybe newer so with that being said in having the clue or the hint that we were in boston before we're above new york uh what might that tell us that might tell us something oh look there's a prudential building okay so prudential building the westin so if we're looking at this we need we need to be facing the prudential building um from this side and we need to be right next to what appears to be the westin in order to kind of get this so where is there a prudential building and where is there a westin so the first thing i might do is i might go out to google and i might just try to say where is the prudential skyscraper let's see if we can find that anywhere prudential tower skyscraper in boston massachusetts so that's pretty good um so that looks potentially to be our building right that looks pretty pretty darn close to what we saw here so i'm going to go back to the picture one more time that looks like the building to me that's spot on so that's definitely the building so what i think i want to look at is the westin and the westin in boston massachusetts okay let's see what they have for us they have boston the waterfront they also have boston and copley place let's go ahead and look at boston and copley place since we already know that i was somewhere in copley place let's go ahead and see if we can actually look at the location all right so we've got this right here and what does that look like so that that is copley place right um so well actually here is here is the westin so let's see if we can get to a street satellite view right here let me try to get down here uh this might not work for us let me do one more thing let me try to just go back we'll do the westin westin copley and then we're going to put this into a search for maps here and see if we can't get a better view of this all right so here's the westin copley here's copley square by the way okay so if we could see the westin copley in front of us depending on how it looks in front of us could be of interest so let's try to navigate satellite down here and see what we can see all right so if we look that picture that was taken was the bench was right here and here's the copley square now if we look this building right here let's see if we can get on the ground let's get let's get right here and see how this looks all right so there's there's that picture right there's the the copley square if we turn around look here's the westin and if we face this direction there's the building that should have the american flag flying on it yes it does the prudential building's out here here's that new york sign right here and i that might not be 90 might be 95 that might be uh that might be a 90 west sign actually i could have been wrong on the 95 there um so still we identified the west end the prudential building and then we were able to correlate since we were close to the westin where we might be if we turn around to where there's a rooftop right here what is this this building right here is called the fairmont copley and that is where we stayed on our vacation so this was part two hopefully you were able to figure that out and find that um hopefully you found it challenging as well but you can see click right here the copley plaza the westin copley fairmont copley there you go so there's the building so okay so that's number two number three i tried to throw you for a little bit of a loop so here's number three this looks a little bit different than the other two especially in the skyscrapers and everything else um what can we see from this picture and i'm gonna skip reverse image searching you can try that if you want if you did that's great but i'm trying to take out what i can see so i see some i see maybe some art down here looks like there's some art um it looks like potentially well this car's parked on the left side of the road but these cars are parked on the right side of the road so um it's hard to say where this image was taken for sure uh this is definitely a larger city for sure um there's some color to it there's not really a lot telling us besides maybe some of the architecture that's up here what the design might be um and where this might have been taken but the one thing that maybe stands out to me and it's really hard to see back there what that reads but this one reads psfs and that's the only thing i can make out i make out some architecture it looks like there's a blend of maybe older and newer architecture but without being able to see anything else my best guess is we're in a major city somewhere that possibly drives on the right side of the road but i do not pick up anything else psfs is the only thing here that would be standing out to me so what i'm going to do is i'm going to go back and just search psfs as a building and see if i can identify where this was at so if we go back to google we do psfs and that is in philadelphia so let's do psfs building you can see that it says hey we're in philadelphia let's look at images and that looks to me like the same building that we're seeing so yes this image here if you were able to find this and look this up and of course there are different ways by the way to do this but this is in philadelphia just because i'm showing you one way doesn't mean that you couldn't have found it another way or even you could have said hey i lived in philly or i've been through philly i know exactly where that's at you you have opportunities here to be able to use what you know as well but these are just different ways that i would look at pictures for information and that's really what this challenge is about to look at pictures for information and try to identify um what you can do so number one was pretty easy number three was pretty easy i thought number two was a little bit more challenging because you had to identify the actual building that the picture was taken from and not just what city you were in so hopefully you found that a little bit more challenging on that side so that is it for this section and this lesson we're going to go ahead and move on from here on to email ocean so i'll catch you over in the next section okay so there's one tool that is not included in the course that i wanted to include on youtube and it's a pretty creepy ocean tool and i want to show that to you so it's going to be in the description below however if you want to find it easily you can also just type in youtube like i have here the creepiest ocean tool and you should find the creepiest ocean tool to date and uh watch this video before you move on to the next one because it just shows you what we are capable of doing just from an image and how one picture can identify a bunch of other pictures and a bunch of information maybe you didn't even know existed about you or about your resource out there so with that being said we're gonna go ahead and move on to the next video in this course welcome to the email osen section we're going to talk about discovering email addresses and this is something that i do on a weekly basis so i'm going to show you the most common tools that i use to actually look up email addresses and try to find people and what you can do to kind of verify email addresses so i'll show you some of my favorite tools and concepts and this is something that i do because not only for osint and doing it for investigative type work but think about sales if i'm trying to find a lead or i'm trying to find multiple leads within an organization i have to figure out where the emails are who the people i'm trying to email are so maybe i'll google them and say who is the cso or chief information security officer for this company and i might find that it's bob jones and we go look up bob jones and we say okay well how do i get bob jones's contact information can i find it via google maybe maybe it's out there in the public but maybe we have to dig a little deeper maybe we have to kind of do some guesstimation and see if we can figure it out so that's what we're going to do today is is look at the email addresses formats and try to determine if we can find some emails so let's go ahead and move over to the kali linux machine that i've got and the first website is one of my favorites so hunter.io you just come to hunter.io you get like 50 or 100 free searches a month i don't remember what it is it's it's a fair amount uh you can come here and basically just type in a company name so like say i want to type in tcm security tcm sec and you can see tcm security here we get one result on the email address so we'll click it and see what happens here and looks like we have like an info at tcm tech.com it tells us hey there's five sources that identify this so we see tcm-sec.com there's an about blogs this is where they're finding it okay a better example maybe a something that has more users like tesla tesla has 468 users if we come in here and we look well we can see that they have a pattern identified here so their pattern they're identifying is first initial last name at tesla.com and that's really what we want to see and then we can gather email addresses here if we want but say like we knew bob jones again going back to that example bob jones so maybe bob jones works at tesla maybe his email would be bejones at tesla.com so it's something to think about now we can sign up and get actual information here you should be able to sign up with a gmail account sometimes this does not work depending on the country that you are in so be cognizant you might have to use a different email address but i just tried signing up with a gmail account that i have on here and it worked just fine so i'm going to go ahead and try to log in i'm going to sign in with google with what's already here and just now i'm logged in so we can go back now and try searching tesla again and you'll see that the results actually come back so we get information here now we get let me make this a little bit bigger we get information as to okay here's the vice president this is the vice president's email address uh project development manager maybe you want to talk to somebody in human resources so you can click here and go to human resources and then here are the different human resources um emails that are here so and then the sources that they found these email addresses so this isn't a particular person in hr but it's still human resources email addresses so this looks like it's probably for hong kong this is for berlin this is gigafactory so they have different email addresses based on where they are now if you looked up tcm security here you're really not going to find much on us because we don't have a ton of email addresses out there but i think that we can find more in other ways now so we only get so many uses here we'll just keep thinking about this as we move forward so 100. io great great resource they have plug-ins if you want them um i think it's fantastic place to look phonebook.cz is the next resource i want to show you this one is fantastic let's start with tcm-sec.com and see so we're going to tcm.sec.com and we're going to search email addresses here so they do domains and urls as well which i think is awesome but let's just search for email address see if anything comes back no no results okay that's okay let's try tesla and see what comes back there okay a lot more so we get uh quite a few email addresses we can see elon musk all over the place we've got elon dash musk elon we've got emus over here and we get a ton of emails look at this so what's nice about this is we can sit here and try to identify what the possible email addresses are so again first initial last name looks like it's showing up quite a bit outside of maybe like the elon musks of the world we're getting a bunch of uh mostly first initial last names in here so i think that's pretty spot on with this the other thing that we can do is we could utilize this list say we're we're trying to do something called credential stuffing which we'll talk about in the next section actually when we talk about breach credentials but say we're trying to gather a bunch of usernames and test and see if we can log in with those usernames anywhere or maybe password spraying not so much uh the credential stuffing but password spreading where we take all these usernames and we just throw it at a login form and say hey a summer 2020 exclamation point you know see if that logs into any of these accounts and you would be surprised it happens quite a bit so you know these are this is valuable information even if we don't know exactly maybe we're not just hunting for one email maybe we're hunting for an entire domain this is a great way to get free entire domains with a quick copy and paste capability like we have the tesla here we can export the csv from hunter.io but you only get so many results that you can export into a csv here you get a bunch there's no guarantee these are all valid but they're still it's still information information is what we want this is all we're trying to gather is as much information as possible so these are all potential email addresses for tesla.com i think it's a great great resource now we could also use something like voila no bear now this one you can get 50 more leads for free i'm not going to show you it's the same kind of deals 100.io they're showing you how to utilize it here basically you can just search for people and see to try to find their email addresses there is one i want to show you that i do use and i have quite a bit of success with and that is called clear bit and clear bit has to be used in chrome so i'm going to bring up this here clear bit has to be used in chrome so you can download the chrome extension for clear bit and all you have to do is go to google let me log in really quick and then i'm going to just select the free account we get so many searches 100 emails a month so basically you're going to search for clear bit connect and you would just say hey clear bit connect i'll put a link down below by the way but clear bit connect is awesome you'll you'll see why here in a second once i authorize this okay we're going to come down here acknowledge probably give out our first born and then now we're going to say hey i want to find emails and here's all different kinds of things that we can sit here and search for you can see tcm securities in here these are some searches that i've done these aren't any clients of mine these are just searches that i've done in the past maybe looking for information or looking for possible leads or anything so if i come in here and i say hey i want to look for tcm security you could type that in i'm going to just click on tcm security and look what it discovered that the others didn't it discovered me okay and if i click on me look it says heat.tcm-sec.com where where did that come from and then look it has my linkedin right here as well that's amazing that's awesome and it says here you can email heat just click this button and then it's also got rizwan where's one's on my sales team look it's got rizwan tcm.sec.com what does that tell you that tells you that we're using a first name basis for our email addresses it's awesome now let's come in here and maybe we want to look at tesla maybe let's try tesla one more time maybe we're looking for the cso of tesla tesla has a cso you could come in here and look like elon musk is right here obviously ceo but you could come in here and maybe go by roll and they have different roles in here so ceo let's see if we can find any sort of cso i don't see one but i do see information technology so maybe we can find somebody in the information technology department or iet department um and then here we go we've got quite a few i.t people here's a cio this could be somebody of interest that we might want to reach out to and we could just scroll through this list and find people so say we want to reach out to the cio just click on this we get first initial last name just like we thought we would we get this person's linkedin page we get their location website this is awesome awesome awesome so i typically will start with a google search if i'm trying to hunt something down i will start with a google search i will say who is in this role at this company if i'm looking for a specific person at a company then i will go to phonebook.cz or hunter.io try to identify the the formatting of the email and then try to find that person or guesstimate that once we get to that point i try not to burn through these clear bits unless i need to but clearbit is very good at identifying this once we get to that point we can take this email say like this this email or we'll even try a different email i'll show you a couple but we could take this and we can go try to verify this so there is a website called email hippo you can go to tools.verify email address dot io and all you have to do is type in an email address here sometimes you can get false positives if they're good or bad here i typed in this email address a couple of times and just got a bad result this is an email address that does not exist now let's try an email address that we saw info at tcm-sec dot com see if it works result is okay so it says yeah this email address works so we're verifying that this is up so say that you get somebody and you see that they have a potential email address you can come here and try to verify it first and see if it works before you go fire off an email or don't you don't have to fire off an email you don't have to do anything or interact so this is the benefit like if you're from a sales perspective and you're doing ocean here the this is the benefit not having to email get waste your time get it rejected you can come in here and just validate if you're doing an investigation you don't want to interact with the person or company that you're investigating you want to come in here and just verify without any interaction this is the way to do it same thing with this website here emailchecker.net validate email dashchecker.net validate say hey checking the email i put the same email address here you can see it says bad we could try again with info at tcm sec dot com and see if that works and it says okay so again this is doing a great job there are possibilities of false positives there are so many searches that you can do per month on these i do believe they have apis which is nice um if you want to automate this or script this out but i think this is this is fantastic this is great stuff now there are plenty of other ways to verify email addresses in the next section we'll talk about that even more as we talk about breach data because if somebody shows up in a data breach guess what that email address has been used in the past if you look at something like i have i been pwned which we'll talk about in the next section and they show up guess what that person's email address has existed so we're trying to verify if an email address exists who that address might belong to etc now this is more has been from a business perspective uh some of this hunting down of emails may be more difficult to do if you're trying to find a specific individual that's where breach data comes into play in a lot of this research and what i'm going to show you in the next section we'll try to hunt down individuals with maybe having loose pieces of information like a name or a username or something along those lines breach data can come in handy very very well so this is kind of scratching the surface now there's one last thing i want to show you one last little tip and trick do not underestimate forgot passwords do not underestimate them let's go to google for example right now i am logging in under an account that is please don't hack me sir please so it's please don't hack me sir plz i do believe i'm gonna go ahead and try hitting next on that okay so first of all it said hey welcome and what does this mean this means that we have a valid account here that's great this is validating that this gmail account exists here's something else we can use this to tie to potentially another account or help validate say we know that this email belongs to somebody that's harassing somebody else we don't know who this person is they're using this spoofed email but maybe we have a hunch or maybe we don't maybe we just want to try to get more data you can come to forgot password and it's going to say what's the last passage you remember using i don't know let's try another way you come down here and it says hey let me make this bigger google will send a verification code to h and it says look it shows you the rest of the the digits here and then at tc dot here that would give you a pretty good indication if you're tracking who your subject is that this email could tie to somebody else look this is heat that tcm tech dot com okay so this email belongs to me this is tying back to me now you have another point here so if you knew about this email address and now you have the link the connection to guarantee that this person this is evidence right here say you were doing something which we'll learn about again in the next section where you're looking through breach data you find a username that matches this email address and also matches this email address but people can reuse usernames there could be multiple people who use the same username so you need to verify or some link this would be a proof of a link between those a pretty strong proof if you ask me if you can say hey i identified two email addresses with the same username i did an account recovery came in here and saw that this had this same first character and first domain name i think that's a pretty strong correlation so things to think about wheels to be spinning try to identify email addresses any way possible we'll cover this more in depth in the next section and i'm really excited because password hunting is one of my favorite things so let's go ahead and move on to the next section when we talk about password ocean welcome to this section on password oh sent password osen is one of my absolute favorite things to do i've given talks at conferences in the past on hunting down breach credentials and using credential stuffing and doing password spraying but there's so much information that we can get from just looking up passwords from an osim perspective now when we're talking about password osen we're talking about going and looking for breach credentials or credentials that have shown up due to breaches or data breaches so you can think of like the linkedin breach or the adobe breach all these breaches if there are credentials that are dumped out a lot of times they'll find their way to the internet they'll find their way to databases and then we can use those databases to search through them and try to find information about either the target we're after whether it's an individual or organization and then we go and see what information we can identify it's more than passwords and i'll show you that here in a second now there are some great websites and tools that we can utilize for this for now i'm going to kind of just show you the web format again we're not going to use any tools until later on in the course but for now i'll kind of show you how we do the web searching and what we can do there before we get into that i kind of want to show you just a brief example of what information we can find so this is a little tool that i wrote and it basically goes through and just looks through a database that is local now we're going to show databases that are out on the web and are easier faster to search through but this is great just for something if you want a quick search on a database you want to look up breach credentials now i went ahead and just searched for breach credentials for tesla we'll cover this later in the course on how to use this tool but here i can identify some information about tesla now we talked about email ocean and identifying email types right so we can see here that for tesla we're seeing a lot of firstname.lastname so it's possible first name last name is the the usage or format over at tesla although we do see some shark which looks like could be just like a s hark or maybe that's actually shark we could see different things here where there may be some different formats with tesla so what we notice too is sometimes as companies grow sometimes the companies start off with one format and then migrate to other formats as they get bigger the other things that we can identify though are who's been involved in a breach here on the left side is the username or the email and then on the right side is the password and i keep like hovering over this one here because this is a repeat offender if i'm looking for information on a specific company or a person and i see that their passwords change only ever so slightly or they have the same password over and over and over in a breach then guess what i could have a pretty good assumption that that password might work somewhere else or some variation of this password might work somewhere else so it's always good to check these out and see if you can identify patterns whether it be username pattern or any sort of password pattern anything like that even as we scroll down we can see one two three four five down here yeah it's a terrible password but it's always something to look into and see if there's any sort of repeat offenders now we're going to cover this more in depth in the next video as we start talking about hunting down breech credentials i just kind of want to show you an overview of what we're actually looking at where these come from why we're looking at that and then in the next video we're going to cover this even more in depth so i'll catch you over in the next video okay let's talk about hunting breech credentials and let's get hands on now before we get started i know i stressed this in the beginning of the course i'm going to stress this again what i'm going to show you here could change now i released a course about a year ago which was on ethical hacking we talked about breach credentials and i utilized a website called we leak info we leak info was then eventually shut down and i got all kinds of emails saying hey this is shut down i don't know what to do there's more out there okay there's always more out there what i'm showing you is the methodology i could show you on a specific website which i'm going to do that website could go down tomorrow we never know but what you need to retain is the thought process and the methodology behind what's about to happen from there you could take that and utilize it elsewhere so if a website does go down you still have the same thoughts why you're doing it and why you're thinking about it so let's go ahead and move over to a website now so i want to take you to a website called d-hash now this is dash.com i do not expect you to be able to follow along at this point because this costs money okay it's five bucks for a week it's a hundred and fifty dollars for a year this is only used to take credit card they only now take bitcoin i do believe or some sort of cryptocurrency absolutely worth it in my opinion even get a week get a week see if you like it it's amazing there's gonna be tools i show you later on the course that we'll go through and we can do it locally like the one i just ran in the last video i ran breech parts right this is something that i put together and and set up but and it's free but the database isn't maintained it's a slow search i don't get the results back as instantly and i can't tie it to as many data points as a website like this can i think this website is great now let's talk about what dhash can do now that i'm logged in we have the ability to search by let me make this a little bit bigger we have the ability to search by email username ip address name address phone number bin okay think about this say we know a email address okay we know an email address say it's bob bob at tesla.com we're not going to search this yet we take bob and we know bob it has an account and we're looking for him we search him bob shows up and we see bob shows up and we see maybe his name like bob jones or something like that shows up maybe something that he's been leaked in has his address or maybe there's an ip address tied to the client you're looking for or the person you're looking for this can all be identified what if bob has a username it's like bob bobrocks123 okay well we can search that username in here and see if that username has repeated itself at all which is great we could search by password so say bob's password was bobrox123 we could search that password and if it's unique enough then maybe we can actually do some uh advanced searching like if we go back to the example from last time like this last video we saw this 907dade814 we could put that into a search engine and see if that comes back to something else maybe that comes back to a user that is not at a tesla.com but maybe it's like bob at gmail.com and then guess what now we have bob's personal account or now we have bob tied to another email account especially if we search by name or something that we can tie them together we need to start being able to relate other accounts to each other we can do that with hashing we could do that with passwords there's a lot of things that we can do and we want to start tying this together as a real world example when i am looking at an organization and i'm doing research on on hashing or i'm doing research on breach credentials i'm trying to think okay first if my client if my client is tesla.com i might come in here and search at tesla.com and i might come see how many results are in here let's see what happens okay here's george tesla.com george has been in a shared data so there's no actual any detail details here besides a potential username a name email okay same thing with safety we'd have to scroll down and see if we can find something that okay here's adobe now adobe will have a there's actually a bob at tesla bob at tesla has a hash password here okay so now we can say well first of all we can go see if we can figure out what this hash is which we'll talk about in a second we can also go and say okay bob does bob exist anywhere else does this hash exist anywhere else on this website can we tie it to another account that maybe even if we don't crack the password then we can say okay this bob this ties to bob at gmail.com so like i would note this down and i would take this and copy it so from a real world example i would take all the data that i see on this website i would collect all of the passwords all the usernames everything so like tesla9 all of this i want to know what the passwords are i want to know who the people are i want to know all the data because if i could start finding patterns if i could start putting things together maybe i can even relate these back to their personal email accounts like we're talking about and then i can see password patterns there or other passwords and just start tying this down because my goal is to break into an organization if i'm doing a pen test my goal is to break into an organization so i'm going to take that data and if i can find other passwords related to a personal account i'm not going to go attempt to break into a personal account but i will take that data and i will put it together and maybe try to break into their work email account with those passwords that information this can tie to an investigation as well if you're hunting down an individual you're trying to tie them to other accounts this is incredibly useful if you can find their data in a breach database and have a password and that password's unique you can search it maybe find them somewhere else you find an ip address you find a name there are often ip addresses in here which we can tie to a location possibly and see here's that 907 8 or dade814 we could take this and maybe search it and see if it comes back anything who knows shark at tesla shark at tesla okay shark mail.ru look this is a new new email address we didn't know about this one before and look it does us a favor we search d-a-d-e but here's the capitalize we didn't search for capitalized we're not searching specific okay and now we're getting more information look here's one for dropbox okay so it tells you where this is coming from and how you can tie it in if we can get any sort of name out of this any sort of anything that would be amazing we can get a person's name or ip address and we can start tying them down but when you're doing different searches like this you need to start almost you know like in the investigations where they have like the the red yarn and it's going from one pin point to another you kind of have to zigzag that back and forth and really try to tie this down and you'll see that when we get into reporting how you might take one individual and really just see like a password tied to an account tied to this and this was the exact methodology that we took to get to that point because when you write a report you want to make sure that the investigative person or the say you're handing off to the police or whatever you want to make sure that the person that is doing what what you did or they can replicate what you did with ease and there's no no question about it so this is some of the the searching that we can do now if we come to d hash again we can come here and we can search by email username name anything so you can put your name in here i mean if you want to search on here i think it's great you can come through here and just search for your name let's go back let's search tesla again i saw a hash in there the adobe hashes are kind of interesting they're not the easiest to pick up but let's see let's find this adobe hash so let's say we get a hash like this we could try to identify what this hash is we can try to crack this hash we can see if it's been cracked somewhere else this hash as of right now we have no idea but we know bob at tesla.com we can maybe paste this in here first of all and see if it ties back to anything and there's 22 results back you know i would probably be looking for somebody that has this password um with the name of bob it's probably not going to be like uh a brett or a michael uh you know we might want to see if we can find another account somewhere else but these are all tying down to a hash from adobe so depending on how they were hashing this data we might not find anything else of interest but you can see all the things here all the different opportunities that are here for us to just do research and tie down information now we can go to a website called hashes.org and if we come here we have the capability to actually try to search for this hash so we could search hashes and see if we can find it so you can come in here and just paste it and again it doesn't do a great job in my opinion with the adobe hashes sometimes they crack but a lot of times it says it can't find them oops there we go let's try hitting a search here okay so it says not a valid hash now if you put this into google as a search you can see it didn't come back with anything either so we want to make sure that when we're searching this you know we we try all options there is an adobe database that if you do put in a hash and it does show up there's a github adobe database that will actually show up here so with that being said this is kind of what i want you to start thinking about when we're hunting down breach credentials how can i take a person or company that i'm looking into so if you have a company you can just go at company name.com or net or whatever it is search in here see how they show up if you have a person maybe a personal email account if you can find that person if you know their email account you come in here and say bob gmail.com maybe you don't know what their their email address is then maybe you come here to the main page you go okay i'm going to look for a name i'm going to look for bob jones and search for that and then you start taking this and trying to find the patterns if you know bob lives somewhere maybe you could find a dress for bob or maybe you know bob lives in like arizona you could search bob jones and see if bob shows up and then kind of take it from there and there is some search operators that you can utilize you can see bob jones is taking forever you can put this in quotations and search it again and kind of narrow down your results here so if we click on this you can see like here's a name of we got a lot of results but here's the name bob jones this is a very common name so um but you could see like if we're trying to look this down we can start searching and adding operators in here and trying to see if we can figure out to tie a username or something to them so again get your wheel spinning don't rely on just dehashed but just rely on thinking about this this is the thing you should be thinking about again d hatch could go down tomorrow um but if you're thinking about it in in the way that the credentials and the information can be interwoven remember that red yarn again that's really what i want you to take away from this so we're going to do another video on this i'm going to show you some more i guess tools that are out there and some other things that you can do offer alternatives to this and then we'll wrap up this section so i'll catch you over in the next video okay hunting breech credentials part two let's dive right into this so i'm gonna show you a few websites these websites here the first three i'm going to show you and actually let me reorganize this a little bit the first three i'm going to show you are sites that i am not entirely sure on i do believe they're valid i believe they're legitimate i believe they are also databases i think d hash is the best these also have their own searching as well now we leak info was absolutely amazing we leak info again as i said in an earlier video got shut down this is somebody that brought it back up i don't know for sure if it's the same database what's been brought back it appears to be almost identical as to what was there um they do have a five dollar trial so it might be worth something that you can go in and just check this out um same thing with this leak check and this snuff space they're both great websites that i can just i'll put down in the description you can check them out kind of feel it out see which one you like the best again 299 for a sign up here um and this one i believe is fairly cheap as well and even has maybe some free searching up to 100 searches or something like that so you could definitely check through these see if there's anything here that you would like to to look at and then go from there so i just want to offer alternatives in case something does happen to d hash i don't think it will um from there one of the most well-known websites out there is have i been pwned now this is great you know we we know about the say the shark at tesla.com right so we get a shark at tesla.com we come here and look for it has it been pwned has it shown up anywhere oh yes it has it's been shown in five breach sites and one paste now this will tell you okay it's been in um these different pace here and uh where the breach has happened okay and then here's a paste that you were found in this is great for yourself this is great if you want to kind of search through this and see if you can find information specific to the target that you're looking for have i been pwned as a great resource what have i been pwned is not going to tell you is it's not going to specifically tell you the password related to that account but it's a good resource to identify whether account has actually shown up in a database this is actively updated with the latest and greatest database dumps and everything else so this is uh awesome you could set up there's an api for this you could set up alerting so there's a notify me if your account shows up i always recommend this to clients to put in their domain in case anybody shows up it's just another name that you know if it shows up in a breach you have to kind of you know work around that so i think these are great this is a fantastic website and something that should be mentioned in any basic sort of ocean investigation now this last one uh scala scala i don't know how to say it i've never have um this is put together by hyperion who is alejandro or alex he is the founder of hyperion gray this is a great great website it's it's not going to be as thorough it's not going to have as much information as say a d hashed but it does have information you can see right here there's who knows how many pages you come through here and there's the the domain will say hey this is where the leak came from like there's collections of different passwords a linkedin breach on this one you know there's different types here that you can look through this one's fitbit so you can come in here and say okay i want to search for a specific user or specific email so we could say like email and then we can do shark at tesla.com and see what happens and look you can see sharka tesla.com came back there is looks like a hash password here we could run that through hashes.org we can run that through google see if it pops back with anything here we do get a clear text password so we can search by email we could search by domain say you want to know anybody that was involved in the linkedin.com breach okay and that might not pull back anything let's go back to so let's see linkedin maybe i put it in wrong we'll try one more time or maybe there were too many search results so we could try linkedin.com and maybe we want to know a password of one two three four five let's try a search like that there you go it's possible that i had too many um results there too so anybody that potentially had a password of like one two three four five or something showed up here even though we're getting a bunch of x's here and nulls uh we could see also that we have email addresses actually this showed up as email's password so it might have searched that a little bit differently but um this is the way that you could search through and kind of look and i guess kind of grep through this information if that makes sense so if you're looking for let's go back to the email of shark at tesla.com this is similar to the same thing that we were doing before right we could see if this password showed up anywhere else so we want to put the same logic into our searching so this password show up anywhere and it does look this just identified a second account for us shark mail.ru you see same password and then here it's not again as thorough remember we are missing the account with the dade in all lower case we're not finding that we would have to kind of figure that out or see if it showed up somewhere else but now we have another email address now we can come in here and we can say email and say okay there's shark mail.ru all right so it's going to find other sharks but for the most part look at this shark at mail.ru has been caught a bunch of times right um and you know this is this is interesting uh in the sense of of what's happened here so this is the kind of data back and forth that you would want to go through and try to search now there is an api for this you have the capability it shows you the api here to search we have the capability to run this through tools like uh hatemail is a tool that we can use and i'll show you this later in the course when we get into the actual tools section but this is a fantastic database just to come quickly search i recommend putting in your own email address or a password that you use and see if it comes through here it doesn't hurt to see if you've been owned in any of these databases beyond the have i been pwned so it's always good to know that and this is another great website just another resource usually you're going to have to pay for anything above and beyond so that's why dhash has a paywall that's why all these sites you see up here have a paywall this is probably closest it's going to get to it being free and having a nice little area where you could at least do a quick search on an email address or domain and see if you can find anything so again if you're looking for like tesla.com you come in here and say at tesla.com and see what you can find in here okay and then you can see what comes back for anything with tesla.com although we'll get some a little bit of tesla.com at yahoo we'll get some of those but we can weed those out maybe find some other things in here that we haven't seen before etc so this is nice this is a good way to just go through it and again the the red yarn think about the inner weaving and the moving pieces and how you can tie everything together that's the drum i'm beating over and over because there's so much information that you can gather from a breech database if you're willing to connect the dots you have to be willing to connect the dots and really think through it and if you can do that there's i don't want to say endless opportunities but a lot of opportunities out there to gather really good information so that is it for this section hopefully you found it useful and you kind of understand at least the concepts behind it and where we can apply this this goes beyond just stuffing credentials and putting it into trying to break into environments though this is used a lot a lot of the hacks that we see they come from this there was something on the news not even that long ago about a baby monitor getting broken into it was due to finding a breach credential and running it through the baby monitor and doing credential stuffing you can gather this information and we've seen this information go out in attempted phishing emails there was one not that long ago maybe within the last year that was a porn email it was saying hey i know what kind of porn you watch and this is how i know because this is your password and all they did was look up email addresses in these breach accounts and say hey send me money or i'm gonna tell everybody because this is your password and all they have to do is find a few people to say oh my god that's my password i'm going to go ahead and just pay them money and it's just a scam so these can be used in many different ways of course can be used in investigations we could tie this to people we could tie this to ip addresses and we can really put together a thorough investigation undercover or uncover other accounts that we didn't even know about tie those into even more of our investigation find maybe user names add that into our investigation and keep going further so the more data that we can collect the more artifacts that we can collect the better off we're going to be in the long run so that's really our goal is to collect as much data as we can as much as possible so get your wheels spinning about all the different things that are here but there are really close to endless possibilities when we are using breach data so that's it for this video and that's it for this section i will catch you in the next section on to hunting usernames and accounts now this is pretty straightforward but i want to show you some different tools that we can utilize that are web-based and just kind of get your wheels spinning on what you should be doing and what you should be looking for when you are hunting usernames and accounts now there are also tools that are great in terms of being able to use on linux and we'll cover those later in the course but for now we'll stick with the web site based tools now when we talk about hunting usernames let's say that we have somehow identified a username or maybe that's all we're given sometimes we have an investigation say some somebody's harassing somebody else just in this example all we have is a username of that person and perhaps we could take that username and try to find if it's been used anywhere else and then start chaining our information together so that's kind of what we're going to look for now is how can we start hunting down usernames and tying them to other accounts or how can we tie them to other profiles so you can do this on your own by the way i think this is a good good trial run to just see if you have any accounts out there for any of these profiles that maybe you forgot about and you want to delete et cetera but what i'm going to show you is this website here called name check now these first three websites all do the same thing what's going on on this website and i'll put this in the resources by the way it's n-a-m-e-c-h-k.com what it's doing is it's actually seeing what usernames are available so if you search for a username and it's not available then it will show you that it's not available so it's trying to help you find accounts for these websites so what we can do is we can come in here and just say like the cyber mentor and we search and it'll say hey what's available so thecybermentor.com not available i have that as a website so that makes sense but any of these other websites are available but when we come down to usernames uh there is no youtube twitter twitch reddit or pinterest or medium or key base that's interesting i don't even if there's a cyber mentor pinterest this is news to me let's go ahead and check it out and see what's there and it just says something went wrong so this could be a false positive right here but this tells you kind of where i might have accounts and where i don't have accounts um and then this one says there's too many redirects so we don't know for sure but all these other places i i don't have accounts so what you're doing is you're trying to see okay where does this user have an account this user has an account on youtube i'm going to check out this youtube account and now you found me right here right so there's my youtube and here's my twitter and here's my twitch and so say you actually had a user that you were doing research on our username you could start tying these different accounts here and that's all that these websites really do is you're just looking to see if you can tie them in now pastebin trip i don't know what trip is hacker news some of these stuff i don't even know so sometimes these could be false positives but there there's useful information here in terms of uh telegram potentially paste bin although pastebin's kind of been really restricted as of late um and then you can come in here to these other websites too and just because one says one thing you might want to check other websites and just see now this will look up x-rated materials as well so just be careful when you're searching for this stuff you can do the alt exclude which is the default when i show you later with recon and g how to do this this will actually include the x-rated stuff as well so just make sure that you're cognizant and aware and et cetera but x-rated is good depending on the investigation you're doing if you're trying to find say like a child predator or something and maybe they're on x-rated websites um or somebody that's you know involved in that kind of stuff that you might be hunting down it doesn't hurt to try to find user names in bad places too because sometimes it's where you might have to look but here you can see again key base spotify medium twitch telegram patreon the internet archive reddit and twitter so you can come through here it also has the category link you can dump this out to excel or csv or pdf so this is really nice and it just kind of tells you you know what you've got out here last one name namecheckup.com same thing i'm not going to run this again now what i do want to show you are a couple of other neat tricks that i've found in the past one is that if you're looking for other accounts maybe accounts that just don't show up here and i'm thinking mobile apps okay so i'm not going to get on mobile and show you but start thinking of the mobile apps that you might use like a tick tock or kick or snapchat or telegram which was on this name checker and what things that you might be able to see from this so i just typed in random names here i went to kick dot me and forward slash mav because i tried typing in maverick to c now this came up as a user of virginia thompson say we had a username of mav that we were searching but maybe say it's like mav something unique like one two three seven two five i don't know and then tied back to this person now we have a confirmed hey here's a name that ties to this account maybe at this point we didn't have a name at all so this could be a potential tie to a name even better what happens sometimes is you're searching say something like kik and you have somebody like this where the name is heat this one says add lux hustler but here you can see that there's an image and the really nice thing is you can right click and you can open this image in a new tab and guess what you see that little crop you get the whole image now what can you do with this image you can save this image you can try to go and um you know see if you can find this on a reverse image search this in particular looks like it has to deal with michael jordan and you could see the space jam michael jordan the chicago bulls michael jordan um so this is interesting as well but doesn't really have any ties to anything right here but the nice idea is what you could see is you can right click view the image actually go back and then start working with this image as well if you can find that same thing with snapchat a lot of these companies have username enumeration so if there is a particular email or particular username you want to try and see if you can find if that account exists you can come in here just type it in and then try logging in so i just came in and typed in the cyber mentor and i went and just typed this hit login you can see it says cannot find the user now if you try something else i'm going to try i saw a dell i'm just going to see if that works i'm trying something just common that would perhaps work this one says cannot find the user either so um if you had a working username it should work here where it says hey this is a valid user same thing with the email and then the other thing that you can do and this happens on a lot of applications is you can come in and this is just a picture i grabbed but this if you ever use snapchat if you slowly type in the username you perhaps can see possible usernames see how they're typing in a dell and you see a dell but they also see this adelaide crows you have options here where maybe you see this but like if you're hunting a specific username the other thing that you might see is you might have this username down here but then you have a full name just like the the kick right like the virginia thompson somebody might have their full name in here when you type in that username and then again you just have more information disclosed to you so that's what you're looking up here i'll provide all these references down below but what i want you to be thinking about is doing these name checks finding out where a username could exist or does exist and correlating those to other accounts digging in and seeing like reddit's a great one like if i go to reddit what post history do i have for this user what do they have you see i'm posting all about my youtube here but like you could see different sorts of things that i posted maybe i have a reddit history that discloses information about me or something along those lines right like this is the stuff that you can start tying in more and more and more information and verifying uh you know that it belongs to that person as well but um once you have that in mind as well think about things that aren't on this list perhaps like skype kick snapchat telegram tick tock think about all the different types of apps where you might be able to type in a name or an email address or something and then correlate that back so get your wheels spinning start thinking uh thinking like an investigator thinking outside the box and just try just don't rely on tools as well rely on manual methodology it's the point i'm trying to get at so that is it for this lesson and this section and i will look forward to seeing you in the next section have you ever typed your name into google just to see what happens and you see some information about yourself whether it be your phone number your address your work address your email any of that stuff and you're just wondering how the heck is this information gathered well that's a lot of us i think that's probably happened to a good majority of us and this data is gathered from all different sorts of locations it's data that can be sold from one location to another it could be perhaps from a data breach perhaps from voter records uh perhaps from your credit report there's a lot of places this data could be sourced from but the big point to note is that this data is out there so what i'm going to show you are a bunch of websites and i'll link them all down in the description below and there are plenty more beyond what i'm even going to show you i'm just going to show you what the websites are what they do and the techniques behind them the only caveat is for this video in particular i am not going to show you any searching i think that privacy is important i think that we should not be looking into people in particular when it comes to names addresses phone numbers i will show you one of myself so that way you can see it because it's going to come up again in a later section and i am comfortable showing it because it's me but otherwise i do not want to reveal anybody's information but i will show you these so please use these responsibly now i've kind of got these ordered in the way that i would use them white pages and true people search are two of the best in my opinion now again these are also kind of grain of salt if somebody knows how to go into one of these and ask for their information to be removed that can happen though i would guess that a good majority of people aren't doing that but somebody who's trying to cover their tracks might now on all these websites they kind of have the same thing across the board basically what you are using are search engines for people so you can come in here and a lot of these are us-based now i understand that not everybody watching this course right now is in the u.s a lot of these are us-based although some of this can be used to tie to other people and it could be used to tie to other countries i'm sorry that this section is kind of us-ish but please just kind of follow along and then use the concepts apply the concepts to your location just understand that this data is out there and do a little bit of your own google ocean and find where you're at and how it can tie now some of these places like white pages might have an extension for other countries like whitepages.com is the us they might have other white pages for other countries so keep that in mind as if you want to change the address here to your country code it might actually work and allow you to access as well and you might be able to search through this down here but i'm just going to proceed with the us version of this so with this being said you can come in here and search for people by name and then city state zip if you want or zip uh you could do reverse phone number reverse address so say you have an address but you don't have a name so you have a phone number but you don't have a name say you have a business you want to search that's basically what all of these up here do okay one form or another now white pages and true people search in my opinion at this time of this recording are the best uh at the game um it used to be that there was a website called people that i really liked pipl that kind of moved off of that platform into like a paid platform and now it's just some weird site um here for for this for the free resources uh true people search and white pages are fantastic same thing with reverse phone reverse address search um i have typed in people's phone numbers in here i will always type a phone number that's calling me into google to see who it is not every time does it show up a lot of times i come in a white page just type that in and sure enough it's accurate so this is something to keep in mind i know we haven't gotten to phone number ocean yet but this is something to think about as well as just typing in a phone number typing in a name trying to find a location of a person so you can use this to narrow down information on people you might be able to find say a middle name where you didn't have a middle name before or a middle initial you might be able to find an age or a birthday or an address you might be able to find relatives or people that are similar to these people there are potential for false information on here um i looked myself up on all these pages i don't think i actually showed up on many maybe one and there was quite a bit of false information on there so um sometimes this will say that people have criminal records and stuff like that where that's just not the case i think it's trying to make you buy more information but for the most part you can take what you see and use that and do further research and see if you can verify the data that you are seeing in front of you so white pages true people search really good fast people search similar website um fast background checks really similar website to this webme web wmii is a good one i just searched my name in here and you can see what comes up about me now not all this is accurate again tcm security from linkedin my twitter profile i do not have a public facebook nor is this me on instagram um but they are coming through and seeing that maybe there's results on a hacker i would be surprised that i am in any of these videos but this is me right here um actually this is a review on my course i didn't even know existed so i'm finding stuff here that um that i didn't even know about so here is potentially some public record information um here are people that i might know which i'm looking through all of these and outside of maybe this last little bit here i know chris roberts chris hadnaggy and neil fallon the rest of these i don't really recognize the names so they're trying to pull the data down here they're pulling down images and videos and stuff like that from google a lot of this is tied to me so this is again just more information that you can put out here a lot of this is also not me so you kind of have to go through and do your research and see what you can find what you can't find pq another resource 411 another resource spokeo another resource and then that's them is a another resource as well you can use this for phone you can use this for people addresses ip addresses and a lot of these have the ability to search by ip address as well so if you find an ip address say you have an ip address that's like harassing you or something that you've been able to capture again i'm going back to harassment but um if you have something where you have an ip address and you need to research it you can come here and try to research this ip address same thing with the data breaches too you could potentially research it there you could try to track down an ip address to a location or at least this might provide a specific location but you can also identify ip addresses to at least a generic location so um here i searched me in heath adams in charlotte north carolina because this is where i used to live i wanted to see what they can find out about me here they have my old address which we'll find out in a later video where they're likely pulling this address from and how easy it is to kind of pull these addresses but here's an example of this address you can click on this address and perhaps it'll say who else has lived here so this person lived there before me which is accurate um my wife which is accurate my wife which is accurate so you could pull down information this way as well um and then yeah you just keep clicking through getting information going from there on top of that the other thing i want to show you is that we have google don't forget about google now do we identify any information about me here we have heath adams heath m adams okay so here you can see if we type heath adams in charlotte um not a whole lot comes through you might find some business information on me you see some of my courses maybe some pictures there's actually my resume so that could be of use but if you come through here and you start saying like heath m adams charlotte now spokeo comes up okay um and then you might be able to find what my middle name is or what my birthday is stuff like that like you could start trying to dig in and seeing if i come up here you found like here's an example of a business address that i have um this is a if you actually go to this address this is just like a ups box but like they have stuff that ties back to me the more you search the better off you're going to be uh this was an old old address that i lived at in um in ohio when i was in ohio so there there is potential here again if you want to search for a middle name or you could search for a full name you could search through some of these websites there's also cache data here which we haven't talked about cache data but you can click in here and and see the cache maybe it's something that's been deleted but now you can go back and search the cache and see if there's anything that's changed from here so a lot of thought that you can do a lot of maneuvering that you can do i would say start with websites but do not forget about google google is your best friend and then you can use some of your advanced searching here as well if you want to try to really narrow it down and look for certain things um but that's it for this video we're going to go ahead and start talking about different topics and more specific on the hunting and what you can do but this is a good overview of just searching for people through search engines so i'll catch you over in the next video what i'm about to show you is an incredibly powerful or potentially powerful way to gain information i know i stressed this before and i've keep stressing this but please only use this tactic or this method as a way to obtain information in a active investigation that you have full permission to be conducting so with that being said voter records here in the united states we have to register to vote when you register to vote some states make your voter record information public that includes a lot of details i want to kind of show you what this looks like because i am actually a victim of this so if we look at voter records you can actually go to voterrecords.com you can see the states here and district of columbia that you could actually look at and search for for the states that have public records now again it's no secret that i've lived in north carolina north carolina has public voter records you come here you type in my name the more specific you can be the better off you are if you're in the us and you're one of these states go ahead and try giving it a go come here and you hit search and fairly straightforward you can see where i definitely have been registered twice on this list there's 40 pages but at least twice i see one i see one in ohio this is me you can see hey he's 31 and then there's another one down here right here for charlotte north carolina heath them adams let's click it and now look what you see about me look you see that i was listed at this address remember we saw this address before this is the address that i registered at this is public information how i've been registered in the last two years or however long it is as long as i'm actively registered or inactively registered actually a lot of times you can gather this information and find out where somebody lives so again here's my old address you can see what party i'm affiliated with i'm a white male what county i'm registered in etc so you can come down here you can see when my registration date was if i'm verified all this wonderful information about me and then there's detailed voting records and stuff down here that this goes to truthfinder so this is kind of like not this is salesy don't i wouldn't click on that stuff but um from from this point like at least you have this information in front of you now if there is a person that you're searching for in these types of records you can go to that specific state if you can find them and try to search through that state's voting records or that county's voting records and see if you can gather any more information although this will really tell you the address it will tell you if they're active like here's a voter status active which just means that the registration hasn't expired so you know that within the last two years i was registered to vote at some point in time um so i mean this is useful information if you're tracking down a subject or you're conducting an investigation you're trying to find information on somebody within a specific county you can have perhaps at least a known address at some time or perhaps the actual address that that person is at so this is a short video but powerful video i think um this information is i don't think should be public um i'm i'm anti-releasing this kind of information because uh even even as an investigator i just i think that you know i don't think it should be out there but that's that's my personal opinion but anyway um that's it for this video we're gonna move on to the next video and continue on with people ocean now let's talk about hunting phone numbers now there's a few different ways that we can hunt phone numbers and i've sourced these from a collection of different ocean resources but here's kind of the methodology that i would try to use or take and i kind of mentioned this in an earlier video but i'm going to go back to this and just kind of talk through it now we have a few different things that we can do i think google is the best first resource that we should take and we can just kind of go to google anytime i'm getting a phone call i just rush to google and try to type it in and see i i don't like answering the phone if i don't know the number because they're mostly spam nowadays so i'll go to google i'll try searching it and what you might have happen is something like this you might search like i'm going to give an old number that i used to have 967 8163 and try to search this okay and you get phone look upper and you get these different things and you really don't see any sort of information we could try opening these we could tell that the caller is coming from albuquerque new mexico but we really don't know and a lot of these websites are kind of sketch we really don't have any idea what they are now this is saying that we're getting a leap wireless aka cricket so maybe somebody with cricket owns this phone number now again this is an old one for me so who knows but when i was on it i was not on cricket same thing here we try to do a search and who knows what we find out nothing here these are just trying to tell you if they're safe caller or not we don't have any sort of information on this so google searches hit or miss if it's a person sometimes it shows up if it's a business it'll show up a lot more there's also different ways to search for this so we're searching without hyphens let's try searching with hyphens and again this mostly pl applies to the us but the same methodology can be used for other locations as well so if you come here and you try searching you can see that it brought up different searches now we've got 996 results so if you think that maybe you have a name that you could try to tie to it there are different websites you could try down here as well but it is always kind of iffy some of the websites we talked through again on the search engines like the whitepages.com for example when i used white pages to search a number it'll show up even though it's not showing up in google so that is something to think about as well but the different syntax that you can have here and the different phone number types that you can have here could change things up like you might want to put this in quotes here but like 505 967 and then you want to try to search for different things and see if you can get this to pull up in any different kind of way but um other things that i've seen of interest now i have seen things spelled out before so i've done this myself so say that you like are posting your an ad online so you're posting an ad on craigslist and you're trying to sell something and you want people to text you or call you but you don't want your phone number to get picked up by automated bots which will happen if you post your phone number like this a bot will just come scrape this pick it up and you'll get phone calls or all kinds of weird stuff so what people might do is they might come here and they might say something like five zero five and then they might spell it out completely like nine six seven uh they might do variations of this they might do nine six seven eight one six three so there's different ways that you might have to try to search this um and you might have to see what works best for you so it really depends like i don't assume this is going to show up but maybe something like this and then you have different searches here where 505 is part of the search and you see if you can draw anything else here but um these can get pretty complicated because you can have a bunch of and statements or statements here um or they would be or statements but different or statements to see if you can get this to uh to come out but the other thing that i've seen too are emojis might work when you're doing searching so if you like look up a phone emoji um you can copy and paste the phone emoji into here like this mobile like say this one for an example you just copy this and some websites use this if you're trying to search for a phone number um so like you might be looking for a specific business or something like that that uses this and they might show up in their in their searching as well so um it's interesting to use emojis these are kind of just like wonky search tactics but my go-to and my methodology here would be to just kind of come through here and just do a search on the number search and white pages see if you can find it there are a couple of databases that you could also look through truecaller is one truecaller is basically like a caller id system that you have to log into so i would not log in on anything that you care about or a phone number because this does pull down your contacts you can have this on your phone and you can have this online i'm using a gmail account for a free search now you can come in here and try to do a quick search so we'll try this again the 505 505-967-8163 and see if this pulls down anybody and what this is doing is going through different different phones that have stored this number like if this number has been stored it gets added to this database and then you get to see okay here's the person who maybe has this phone number and then you could see here they're on verizon wireless in albuquerque new mexico all right so we don't know if this person is actually the the right person or not but this is somebody at one point named jolyn peters had this phone number because they were stored in somebody's phone that logged in with the truecaller app so again this is why you do not want to use truecaller with your own personal information because then it will upload the contacts here the other thing that you can do is you could take this just copy it and you can put it into this caller id test which i did here if it pulls up anything of interest you will see a name come back but all we're seeing here is that hey it's verizon out of albuquerque and that's it so remember when we saw that cricket earlier that cricket phone service was actually incorrect so it looks like this was was a better a better option here now you only get five searches five searches a day with this so you have to come in here and just clear your cache or you see i'm in an incognito window so it really just depends if this had a name to it it would bring up the name here so there'd be a name instead of this they actually just changed their design within the last few days on this page again this is how how osint is or how all these these technologies are you can be on a website literally a couple days ago and the design has completely changed so with that being said that's just another way to just quickly check this is kind of the order that i would go in now there's a few things that i want to point out say you are you have a potential number for a contact and you have a potential email again i do not i cannot stress enough the potential of using the forgot password feature on websites like one that i'm going to pull up is yahoo yahoo will produce a phone number for you so some this is just an image i pulled online so i didn't want to go search and try to find somebody's phone number but you can come through here and you can put in a yahoo email and say hey i forgot my password i need to recover this account and sometimes it will say hey here's an email address and you say yeah i don't have this email address then it'll say or potentially it'll say a phone number will say hey can you verify this phone number so here you have what first two digits last two digits that number if you had a number and you thought it tied to your person and you thought they maybe had an email address as well you can come in here and do this now got to be careful though because the other side of this is here's an example of something that i did do just to pull up as an example here now i did search for somebody just a very basic first name last name with a number after it to see what would happen now i said i forgot the password it pulled up this username which we can kind of guess what it might be here and then it pulled up a full domain full domain this was a a private domain by the way a custom custom business domain and what happened though why is this dangerous this sent a verification code this alerted this person of this email that somebody is trying to log into their email address or somebody is saying hey i forgot the password here so you've got to be very careful when you do this make sure you have test accounts you understand how the systems work when you're searching for for different emails and different things because this easily could alert and trigger the person that you're investigating and then either on your tracks they know okay so um as somebody who has a public lifestyle and i you know i have accounts online i get password reset requests all the time so like depending on who you are and what you're dealing with i see this kind of stuff all the time so um you know but if somebody's you know paranoid or thinking maybe they're under investigation uh you know this could trigger something and completely change the landscape of investigation so you gotta be very very very careful so there's one other website that i want to show you that's called infobell and i won't hover on this too quick i just want to kind of really quickly show you i'm not going to search anything if you come here this has the ability to perhaps search countries in all different locations so um it starts out in french but you can change your language up here to um quite several languages up here so let's say english and then you could select the country where you want to try to search and it'll take you to a page where you can search a phone number for that country i've already exhausted kind of the u.s side of things but if you were looking for something say united kingdom let's see what happens here it takes you to the united kingdom so this is like for those of you looking to search other areas and locations this is a great great website but for the us base you can utilize pretty much anything that i've already shown you as an example and so that's it for this video i just wanted to give a brief overview of how we look up phone numbers and again spin the wheels on thinking outside the box there's a bunch of tools and services but even with the google search maybe we have to change our syntax up a little bit maybe we use emojis or something in there to throw it into the loop maybe we spell words out there's all different unique ways to kind of hunt down you know nitty gritty on some of these phone numbers but thinking outside the box with like a password reset or searching for a phone number in different locations um you know where there's applications that might use a phone number and see if there's a username tied to those or anything along those lines uh there's a lot of different things that you can do and osint is kind of like overlapping in a lot of these tool sets so i know we've we've shown the password reset feature before i want to show it again there's all different kinds of things that you can do but i want your wheels to always be spinning and thinking outside the box when it comes to investigating so that is it for this video i will catch you over in the next one now let's talk about discovering birth dates this is going to be a very short video but i kind of want you to have an idea now we've come across birth dates already with the people search engines there's a good chance that you're going to find birth dates there but there's also a possibility to find birth dates in other locations and the one i'm going to show you today is google or a search engine so let's take me for example my birthday is public so i don't mind sharing this information but if you come out here and you just say something like heath adams birthday what might you find uh a whole lot of really of nothing just just not nonsense right there's nothing here related to my birthday what happens if you were to say something like in quotations heath adam's birthday does anything change here uh me wishing somebody a happy birthday on twitter and here's me saying happy birthday to you um so maybe i am wishing a birthday i said hey it's my birthday so maybe here i found my birthday right uh so you come through here we look at this and somebody said it was my birthday too let's click into this so yes i said it's my birthday i'm 31 this is on june 29th so this will tell you exactly my birthday exactly my age let's say we didn't find it so fast um a next thing that we could do would be something like in text birthday right these are just things that we already know but we want to see the word birthday somewhere in in text and maybe we want to see something like happy birthday in text like this so somebody might be saying it to me and it's not just me saying it but here's one of me saying it but it could be somebody saying it to me as well um you know like right here or i was saying that to somebody else but it's possible to see that what we like oh here somebody said at the cyber mentor happy birthday um and if you wanted to look by username you could do that as well so you could say the cyber mentor change that up and then we can look and see if there's birthday here the other thing that you might want to put in here is you might want to say something like site and just do twitter.com and so i would say something like having a name having an in-text of some sort of birthday or you know birth dates or something like that could work but usually these like congratulation type things on social media is a really quick way to find these same thing with facebook would be another way to do this you can just go facebook.com and do a search there and see what works out but if you're looking for a birthday this is a quick and easy way to do this it's just to think about your search engine your quick searching and how you might do this but yeah even on even even linkedin is another one that you could use um any of the the social media sites that have a birthday out there or public birthdays facebook and linkedin are really big but twitter's another one um just one of those where you can kind of catch it out there outside of the the basic sites again so if you're searching somebody's uh you know like like if you're just searching somebody on a people search engine you are i don't say likely but there's a good chance that you'll find a birthday if you can find the person on one of those sites as well so this is just another alternative in case you aren't finding birthdays and that's really it for this lesson so i'll catch you over in the next video another useful item that we can hunt for are resumes when we're looking for people especially resumes can tell us a lot of information and can give us even more clues about a person or even a company for example now there are websites like linkedin that we can look at about people and understand more about their background where they worked that would be pretty good for a resume the other side of that though is sometimes resumes disclose personal information like a phone number an email address a personal address etc so we're gonna go ahead and look at google for resumes and we're just gonna pick on me again you can search yourself and just see if you can find any information out there i don't want to search for any random name and try to find resumes or just loosely search because i don't want to show somebody's personal information or potentially show that so what we're going to do is just type my name in i'm just going to say heath adams resume we're going to see what happens here and you could see that a couple of things show up so this on twitter where i publicly share my resume yeah that's a thing that i did and the other thing though is that there are images now you can click on the images and actually see the resume as well i'm going to go on to twitter and just show you it but the images are a really good place because there's there's a couple different ways that we might be able to see a resume we might see it in like a document form so we might be able to say like heath adams resume and then file type pdf and see if we can find it now that might not be the best search we might have to do something like heath adams resume and see if that comes down um and here is a here's a resume somebody used my resume here and it says created by heath adams the cyber mentor so they put a resume up here i'm not going to click on this because it could reveal personal information but here's an example of a resume right that showed up now we could say file type doc we could try docx as well here just to see if we can find it now we can also remove the file type and we could say something like site site google would would be good site google because google will include or should include any of these subdomains so drive.google like you sought recommend drive drive.google docs.google any of those might have this um a website like dropbox.com for example might have this uh a website for example like scrib scribd.com might have this as well i'm not gonna keep searching because it'll yell at me eventually and make me verify myself and stuff but what we're going to do here is we're just kind of hunting down this information and trying to find it and see what we can do the other thing that we can just do is just like look up heath adams and then look up site linkedin.com and see if you can find me and here i am and my information's a little obfuscated here and it's going to try to make me sign in we can actually try to look at the nope it won't let us look at the cache version of this but i'm not going to click on it but basically you can come in here and look and see um there's some misinformation on my linkedin although i don't think most people are gonna do that uh i definitely have like a different location i have a i don't tell what schools i went to i don't tell any of that stuff um so like there could be some misinformation there but you can come in here and look at like the resume that i posted and see some certain things like you could see that um i have a degree right i have a i have a master's i have a bachelor's in accounting you see what certifications i have you see the different companies that i worked for now this is intentionally obfuscated but if this wasn't um there could be information here there could be an address phone number email so i want you to just begin thinking about what are the things that could be disclosed on a resume how can we utilize that we can maybe find a current job like here you see present job you maybe find a current job current address current phone number current email address a lot of stuff can be found so just think about your searching search for google search for docs.google drive.google scribd works really well just do image searching you're not always going to hit the jackpot on just searching somebody's name and finding the resume but this is just something that you should add to your checklist of hey did i do this and at the end of the course i will share these flow charts that are out there by intel techniques they're pretty much what everybody uses i think they're fantastic and you can just kind of take the information that you see and just kind of have like a checklist and it's really really good stuff so i'll share that as like a resources towards the end of the course but that's it just short video kind of get your wheels spinning about other things to think about what could be out there that could relate to other people and hopefully this was useful so we're gonna move on now and cover the next section welcome to this section on social media ocean the first platform that i want to start out with is twitter now twitter can provide an abundance of information we're going to look at how to search twitter we're going to look at the different tools that you can use for twitter and then we'll show you one cool tool that i really like that i think deserves kind of its own video so let's go ahead and just go to twitter now for this section you can use your personal twitter account if you want or some sort of twitter account that you have it will be better if you have some sort of twitter account if you want to follow along to just kind of navigate this okay so here is my homepage i'm logged into my twitter account at the moment now we can come in here and we can take a look and see what we could do with searching twitter so say that i want to search twitter and the first thing i'm going to show you is just clicking on it we can search for people topics or keywords now what's going on in the world well the uh let's see we've got we've got different things going on over here this is all political let's see if we could find a keyword that's not really political mba draft okay so let's search mba i like that so we can search by just a keyword and say mba and search that and we can see everything that's going on right now in the top right top of top means the top post the ones that are kind of trending in the nba we could see any time that somebody just recently said the the word mba come through here as well we can look at people related to mba so that'll bring up actual mba and maybe any of the reporters something along that photos videos etc so it's a very broad search but just proving that we can do a search now we can also do a keyword search now we could say we saw nba draft was trending so we just say okay draft do this and you can see the top tweets so it looks like this one's from november 12. but if we look at the latest tweets we can see now that november 17th which is today uh we could look at these tweets okay so this one's from now this one's from now anybody that's used this tag you could see come through with the with the tag here so we can kind of narrow our search down if we're using these these hashtags we can also do something similar to something similar to google where we say like mba draft maybe we'll say something like nba draft pick and now we're looking for specific words that say nba draft pick all in a row so we're looking for a specific string that we want to search you can see within the last hour this has been used at least once we can look at the top posts that have come through here and november 12th again was one of the top posts and we just kind of looked through so depending on how we want to search we could search by different phrases so if we know a phrase or something that we're trying to investigate we can search via that way as well but what makes probably the most useful when we're on twitter is the from to and mentions so if we're looking at somebody we might say from the cyber mentor let's just search me so we're going to search all the things from me okay if you want to go the latest you can look at the latest these are all my posts if you want to look at my top posts you can see some of my top posts in the last looks like the last month or so and you could perhaps see photos so here's photos that i'm posting you can go onto my profile of course if you wanted to just look at my profile if you go to a user's profile you can look at their different tweets who they're replying to so this is not just me tweeting this is me replying to people um what posts i'm actually hitting the like button on and then you can see what media i'm posting as well so you can go through my media and kind of just look through my photos basically anything that has a photo or video or something along those lines you can see that data here as well so depending on the number of tweets that i have here you see i only have 742 so if you wanted to go through and find out information about me you could like look this is an example it says i cop these today i bought a couple hats recently what does this tell you well this tells you that i like i like a certain team if you figured out what this logo was this is a dallas mavericks logo i love the dallas mavericks i love basketball uh so you could tell for about me that i like the dallas mavericks so maybe i have ties to dallas maybe something along those lines something about me likes dallas so that's something that you can add to your profile you could tell that i have a dog who doesn't know how to use a pillow but i have a dog and it's a small dog chihuahua so i like animals uh we keep coming through here we can just see different things um here's a picture of inside of a car so maybe if you were able to look at this you can determine what type of car this is um you know if you brought this to a specialist maybe they could tell you what type of car this is based on the uh the leather pleather or the threading or the design here there's a lot of opportunities so the more that you look through these you could tell like here's a picture of going back to school here's the different coursework i'm going to take so this talks about the college that i'm going through so pictures say a lot a ton of information if you go through the media of somebody and what they're doing so there's a lot that you can find out on social media and twitter this is not just tied to twitter but twitter is very easy and that media is public public public unless this profile is private all this information is going to be public here so that's really nice the other side of this though is okay we've got from but what about two so let's look at two so anybody talking to me so there's people sending pictures to me because i'm still on the photos tab so you can see what people are saying recently to me with photos you could also go top and you could see who's talking to me oh look nom sex talking to me uh you can see different different types of people here that are are mentioning me the latest people that are mentioning me we can also look at people and it's just me right so okay and then last one that you can do here that's of interest would be the at symbol anybody that tags me so if you go top that's an ad you come through here you could just see anybody that's tagging me like john hammond here just tagged me not that long ago um another tag here and then anybody that's also responding to me you can also look at the latest same thing so if you're investigating somebody you need to look at the from to and mentions to really pull down some good information now we can get even further down in this narrowing so let's say let's go back to my profile really quick look i've got i don't know i've got 6445 tweets if you were to scroll through this it would take forever to get through all these tweets and honestly like i don't know if it will even take you that far i forget what the limit is but i do believe that there's a limit so as you're going through all these tweets you just have to scroll and scroll and scroll that's not the way to do this so something that you can do is you could say from you could say the cyber mentor so any tweet that i posted and now we know by looking at my account that i joined in february so maybe i want to see some of my earlier tweets okay so let's think about this i joined in february of 2019. so i want to say since and i'm going to say 2019 and then 02 and then maybe 01 i don't know exactly when in february i joined and then i want to see everything i posted in february so let's go back and say we'll say until 2019 we'll just say 0301 so i want to see the first month that i was active on twitter what were the first tweets that i put out there i'm going to search that and here you go let's see i don't even know what my first tweet is so we could scroll down and see if i have a very first tweet it looks like they're they're scattered i'd have to look at it in the latest but these are all the tweets i was making february 8th was one of the the first tweets that i was making here so um it's very interesting to see this if you had a specific timeline you can come through here and look and say you can say the same thing did i post any photos i did look i went and did bone marrow donation okay i went and at least volunteered to be a donator so this is something more details you can find about me that you would have to scroll all the way to the bottom of the first creation of an account so what this is saying is if you have the ability to identify a tweet range or when somebody maybe was active on twitter or some specific area that you wanna you wanna find out you could do this you could also do this don't don't think it just related to a from or a two but you could do it too you could say hey who mentioned me during this time let's see i'm trying to show you the possibilities okay well during this time i was messaging with davey rogers my wife said you are hot thank you so there's different things you could see people talking to me uh through here so people i was interacting with but again you can come through here and you could see if anybody said nba draft pick during that one month all right and sure enough in february 13th of 2019 the top post was related to this nba draft pick about patrick ewing so it's very interesting that we can very specifically narrow down tweets so even though that i have 6 000 something tweets you can really fine tune it if you want to find a specific area or time frame now you can also do something like did uh did the cyber mentor ever say mba i have here you go so you can see that i was watching the nba finals you can see how i mentioned the mba here those are the top posts and you can see like different things about me so and then here's a photo right so it just it really depends on how you want to search this but keep thinking about all the operators that you can bring into this now the last thing i want to show you would be geo codes so geo codes will identify a specific location so i'm going to bring up one here i'm just gonna do do this as an example but if you go out to google and i'll use this again later so just leave this open but if you go out to google and you search i search los angeles california you can search literally wherever you want but i search los angeles california and what i grabbed from up here is these geo coordinates right here so you see the geo coordinates up top let's just copy these so say that we want to look at a specific area this is more useful i'd say back in the day not that it's not useful now but it's more useful when there is geolocation everywhere all over the place you kind of have to have geolocation turned on which some people do but it's uh it's less than it used to be but either way we could still say geocode say we want to look at geocode we want to search that specific location we can actually we have to add in the kilometer so say we wanted to do let's do 10 kilometer range any tweets going on in the last 10 kilometers of this los angeles so let's do latest and just take a look at this and here we'll get a lot so 27 seconds here's one right here i'm just going to click on this and see it doesn't specifically say that they're coming from los angeles let's click on the profile and see if it says that they are out of los angeles it does not oh malibu so they're in california so yeah we're identifying tweets coming from a specific location or area so if you're trying to locate somebody in a specific area or you have their address or something along those lines you can really narrow this down you can bring this down to one kilometer and see within a specific area here you can see this is just tweets from la and these aren't even that latest like this is november 14. so this is three days ago um so you can see the different enviro advisories depending on where you actually land so if you know a specific house or specific address and you want to look like within one kilometer you can get very specific in your geo codes and then again you can combine these like this isn't going to this isn't going to come out with anything but let's say within a thousand kilometers was i did i ever tweet from los angeles within a thousand kilometers no i didn't did anybody ever tweet to me from los angeles within a thousand kilometers yes somebody did okay so this is how you can get uh you can find perhaps places where people live like this i don't know where this person lives los angeles california look at that all right so and you can see this person follows me they have their information public as to where they're located there you go so you can get very very uh interesting information based on um these sorts of things and then you can start connecting people as well so say you're investigating me and you think that i live in los angeles well maybe you do a search like this to identify who's communicating for me from what within los angeles to see maybe if i know those people it's more likely i wouldn't say more likely but there's a good chance that i might know those people more so than somebody from another country not that i don't know that person but there's a better chance they interact with those people on a day-to-day basis but we'll talk about those sorts of tools and how we can track interactions and everything else in the next video as we start going over tools but these are some of the basic search operators that hopefully you will find useful and we can move forward with when we're doing our ocean on twitter so that's it for this video i will catch you in the next video as we look at the different web tools that we can utilize to give us an advantage at looking up analytics and data on twitter users so i'll catch you over in the next video just kidding i'm back i completely forgot that i wanted to show you one more thing before i sign off and we go to the next video there is this advanced search feature so everything that i was just showing you now and this is similar to google's advanced search feature from way earlier in this course you can come through here and you can just type in the word so if you want all these words exact phrase kind of stuff that we went over you also have the ability to do or or and or none of these words so think about that think about the language what accounts to these accounts mentioning same thing we talked about here the different engagement here so if you want to see a specific engagement this is something of interest and then updates as well so this is something that you can come through and just kind of do an advanced search on and utilize this to generate a specific specific search if you want to so now that's it i will add this as well into the description and the resources but this is what i want to show you before we go on to the next video so for real this time i will catch you over in the next video moving on let's talk about twitter in a different way now in the last video we focused on looking at twitter and searching from twitter now in this video we're going to look at the different tools that are available to us from the web that we can utilize and log into and use in our osint so let's go ahead and go out to the web now if you look at the references below you'll see that i have a bunch of websites laid out for you these are all different websites that provide similar purposes now they're going to be analytics based or looking into user type deal something along the lines of just doing a little bit more research on somebody on twitter or an individual or company or whatever on twitter now again i'm going to point this out things change even in their recording of these videos there were websites that i had planned those have gone down so just keep in mind that if you try this video at a date later than this recording or you try a website and a date later than the recording of this video it might be different so just understand the reasoning of these tools if one goes down do a quick google search and say hey what's a replacement for this tool i'm sure you'll find it so what i have done here is i'm just going to come out to these different websites i kind of want to show you what some of them offer so the first one is socialbearing.com what i'm going to do with all these websites is i'm going to log in you're welcome to log in via your twitter account or your sock twitter account however you want to do this i'm just going to log in with my own twitter account i really don't care at this point um so just because this is for a demonstration i'm going to log in with my actual twitter account i'm going to come in here and now we have access so who do we want to search we want to search for a specific keyword hashtag website we want to search geolocation handle people etc so maybe we're going to search for a handle and i'm going to come in here and just say the cyber mentor and see what happens i'll just copy this because we'll be using it quite a bit i'm sure so let's go ahead and search the cyber mentor and see what happens here it might take a second to load the data but there could be some useful data here that we can find you see it's starting to pull down uh interesting stuff so i was trying to analyze my tweets uh you can see by sentiment it says here if i'm like it's great or if it's terrible like am i happy am i sad what's going on do i reply do i tweet a lot so i reply way more than i tweet it shows you how many people i reach this is the estimated followers that i have how many impressions i have etc so this shows you a bunch of different analytics based on just what they're seeing here and this can tell you some information so what do i share i share twitter quite a bit youtube twitch i share my academy website porsche design there were some shoes i was looking at recently so let's pick that up uh what languages do i tweet english primarily so this can tell you what are some of the hashtags that i tweet so this is recent these aren't all the hashtags these are recent we can sit up here and just load more tweets collect more data if we want you can see the last 200 tweets were over 19 days now 400 was over 29 days we pick up more data here so you can see that it just picks up like active directories in here um i am for ilf which is uh for a innocent lives foundation so there's different tags in here that we can follow and track down and see about a user uh we have all kinds of stats on the side over here which could be interesting what kind of words that i like to use very often and then you can come through here and see what my recent tweets are and then how it rates them like red for exclusion is rating it as as bad or terrible here so you can come through and see where handsome is rated as good so it's interesting how it does this but you can come through and just see a nice little map of my tweets that are in here which is of course very interesting so there's that and then you can scroll down the data on the side over here and you can see the different things but there is some some things there are some things that we can look at as well like the contributors uh you could see the people that i interacted with recently this could give you an indication as to who i talk to who i might be friends with um and who i associate with so if you're hunting down somebody you might want to look in who into who they are associating with and maybe even go through more tweets than the last 30 days and see who we've been associating with um scroll through the tags you can also look through let's see if it has it on here yes the twitter sources this could tell you some information as well what does twitter source here tell you it tells you a couple things well i post from the twitter web app quite a bit but i also use android so android has half my tweets so i'm tweeting from my phone half the time a little under half the time and then streamlabs twitter i do a lot of streaming i use streamlabs to post a one tweet every time i stream so the last 30 days i've streamed 11 times this is what this is telling you that tells you that i have a streamlabs account and then zapier i have a zapier account that ties into uh when somebody like say another content creator produces some sort of content releases it i have zapier go out identify that and then post a tweet for me saying hey this person has released a new some new content so this is what this is kind of what it looks like this is just one form of analytics there's a lot of analytics that you can gather from here so we're going to do is we're just going to kind of go through these and just kind of sign in i'll show you the differences between them uh some of these here are really not that significantly different like i don't think these two are significantly different here but we've got a twin automay as well you can do the same thing you can look at your own timeline you can do analytics you can analyze your own profile so if you click on this here or analyze other people's profile same thing it'll tell you the amount of tweets between a certain time frame it'll show you the tweets it'll show you the latest followers the tweet history just different ways to look at tweets so you can see the people that i interact with again here's the person i retweeted the most would be joe the user i mentioned the most outside of my own company would be joe so you might have an indication that i might be decent friends with joe or there might be some connection to joe and i uh here's the different hashtags that i've used et cetera so you can come through here and look at the data again down here you can see the hours of the day that i'm active so it's interesting because you see that i'm you could perhaps find um you know some some data here that would say or suggest that i'm active during certain times of the day and i'm sleeping during times of day like you would assume based on these right here that i am sleeping during 9 am 10 a.m and 11 a.m that's not true even though i'm active during the night i just have a really weird sleep schedule where i'm up all different kinds of hours now i'm usually up at 8 a.m and 9 a.m 10 a.m and i may wake up here and read my tweets or respond to some but during 9 to 11 i'm typically sleeping at 12 o'clock i am i'm up and i'm streaming so this indicates and then as i as i wake up and progress through the day you can see my tweets increase but so this is one way to look at it there's actually something else over here that i won't go into but i'll drag it over it's this website called sleeping time you could sign in with twitter and also search people but this i think is a great indicator as well for times of the day it's all it's doing is analyzing and saying hey what time does this person sleep it's just interesting data that you can correlate and suggest maybe that you know um where they live it's a possibility that you can identify if this person's sleeping from you know 8 a.m or 8 p.m to 6 a.m or 10 p.m to 6 a.m maybe though on the east coast or if it's um 12 p.m to 6 a.m et cetera so in this i just realized this is utc by the way so this could have me pinned down to where this is actually a little bit different here anyway so with that being said sleeping time is another one of these mention maps a great a great tool as well you can sign in with twitter which i'll do really quick authorize this app and what it's going to do is just start pulling down data on the latest mentions that you have as a user you could search other users you could search mentions hashtags up here in the corner i'm not going to dive too deep into this but you can see it's starting to pull down data of who i talk to and then who the people i talk to talk to and what tags i use et cetera and this does cost money if you want to go deeper into this but you can see that like again joe shows up so what is that showing you that's showing you that there's probably some strong correlation between joe and i and then when you look at joe if you want to look at joe you can see who joe talks to and what people he associates with and maybe there's connections here as well so just another tool to analyze the analytics or the data of all this the next tool i want to show you is tweet beaver so tweet beaver is a neat little tool let's just sign in here real quick and i realize i'm going fast through these a lot of these are just repetitive so i don't expect you to be following along and signing into all these more or less just take notes and play around with these once this video's over as you kind of go through all this information so the one benefit okay there's some benefits here as a actual twitter user the one big benefit i think is that you can convert an name to an id so if you want to come in here you can say hey the cyber mentor let's convert that name to an id now i have a twitter id this is good because say that i were to change my twitter name this twitter name would change and then i would be i would be lost to where if we're tracking somebody that's that changed their twitter name we could possibly lose them so then what we could do is actually use the number we can go back and use the number to find the id instead so we can convert twitter id to a number or to a name and then we can see that's cyber mentor so if i ever change my handle on twitter or if the person we're investigating ever change their handle on twitter then we can find them with their twitter id so this is useful to just have so say you track somebody down it's always good if you go to twitter grab their id and store that somewhere in case it ever changes you could also do everything that's in here so you could check if two accounts follow each other some of the interesting things down here is you can find common followers you can find common friends you could find conversations between two two users you can also download your data and data of followers data of everything so up to a certain amount like this one goes up to 3 200 tweets so what you could do is like say the cyber mentor and then i've got one here i was doing a demo with nomsec so ben ben and i communicate quite a bit um so if i was looking on twitter and i saw that ben and i were communicating uh ben and i might want to see what the the conversation between ben and i is like so i'm gonna come in here this might take it says allow up to a minute for a search to complete but what's going to happen is it's going to show all the history within the last 3 200 tweets that we have between us so it's analyzing all that data for us and now it'll come back and it'll say hey do you want to download this you want to display on screen i'm just going to say display it on the screen and then you can see this goes back to july 8th of 2009 all the way through and then comes down to recently so within november so uh this can tell you some interaction this is a great way to just search how people are interacting so going back to the joe example if you saw that joe and i were interacting and you wanted to see what the deal was between joe and i you could just go here say the cyber mentor say joe's handle and then submit and see what's going on between us and how we're conversing and maybe if we know each other there's some details that leak out etc so all you're looking for in all of this are just details any sort of data that can provide any sort of trend or information related to you so another one of these would be spoonbill spoonbill is a great website you don't have to log in you can connect with a twitter account but if you go to spoonbill.io and then i'll actually paste this for myself in the in the references but if you go to twitter data and then the username here you could pull down the information now what this does is it tells you every time that i have ever changed my data here so you know how you go to twitter you see somebody's profile page anytime my profile page has changed this will tell you if it's changed so you can actually scroll all the way down to when i first created my twitter account you can see that i added a website right away and then i added a bio and then over time i've done some changes you can see where the changes have happened you can see the changes to my pinned tweets as well as things change here and then i have changed my name on on twitter a few times as well so um there's there's useful information here where uh you know you could be tracking somebody and perhaps the the indicator here is perhaps somebody had their actual name so you see how i have my name in here perhaps they had their actual name at one time and then they said no you know that's not a good idea let's change it to a handle let's change it to something else so you don't know what kind of information might be disclosed in twitter or the history of twitter so spoonbill is just another great website to come out to and then tinfoil leak is another one i'm not going to log into this but basically you can come in here let me just hit ok i can come in here and you can search for leaks you just basically type in a username an email address tell them you're not a robot and they'll send you leak information or potential leak information i'm going to show you my report here so they'll send you a link this is what it looks like this will just tell you hey when was this account created is the user verified what's their id here's another way to get the id uh where's their location um you know and go through these sorts of different things again you can tell the different applications that i'm using here like twitter for android or zapier or streamlabs and you could tell where i'm tweeting from when was the first use of these when was the last use of these although the first use of twitter for android was not 1027 so this is only going back so far in the history now this will tell you some interesting analytics what are the hashtags that i've used recently what are the user mentions that i have who am i mentioning who am i talking to et cetera so this is another way to look at communications i'm going to kind of scroll through this and then another way here user mentioned detail the counts the the likes that the post got et cetera so another way to look through this and just different types of data that comes through here so i think it's very very interesting to see this kind of data and there's always again with with all different tools it's good to look at the the variety because you might see something on one tool that you don't see on the other so that's really it i just kind of wanted to cover the analytics here there's one more tool that i want to show you that i think deserves its own video so we're going to cover that in the next video and then we'll move on to a different social media platform but i do really want to talk about a tool called tweetdeck so we're going to go ahead and chat about that in the next video the last tool i want to show you is tweetdeck and i think it deserves a video of its own so let's take a look at tweetdeck and see how powerful that it really is now let's go ahead and look here now you can go to tweetdeck.com that'll redirect you to tweetdeck.twitter.com you will need to be logged in so please do log in if you want to follow along with this i've gone ahead and cleared out my deck here so you can see what it looks like with a blank screen what is nice about tweetdeck well let's take a look at it you can see everything in basically a one page view with columns so if we go here and say add a column and say i want to add my home page i just want to see anything that is happening here so i'm going to hit add and i'm going to see what happens and we'll see here now that i've got any tweets that have come my home page from anybody that i'm following right here so this is what's going on right now i can also come here and add notifications so now i can track my notifications and my homepage in one screen so if a notification comes through i'll see that if something on my home page comes through i'll see that i don't have to click around don't have to look at notifications if i want to add my messages which i won't disclose my messages but if i want to do that i can do that mentions followers so if i get any new followers i can come in here and just say hey who are my new followers but where it becomes interesting is you could see other things as well like let's take a look at trending we could take a look at trending here and say okay the bachelor the bachelorette's trending right now let's just click on the bachelorette that'll add its own tab so any time that anybody mentions the hashtag of the bachelorette now i've got that in my tweet deck and it's coming through and i'm seeing it live in action so you can use this i'm going to delete these by the way because i don't want to follow the bachelorette but if i want to use this to track a specific user i can come in here and say user and now i know i picked on joe in the last video i'm going to pick on joe one more time and just say at joe helly and come in here and hit enter here he is and i'm going to add a column for him so now anytime joe tweets i'll know about it i can see it happen right here in real time so if i have a board just up and watching i can see what happens and you can see somebody here just just tweeted to me somebody just mentioned me or here's my notification where they're responding to me okay so this just updated here within the last 45 seconds as well while we're recording this and this will give you a pretty good timeline on when i'm actually recording this video but the other interesting thing that we can do is remember we talked about search operators in the very first video we can utilize search operators when we're having or using our tweet deck so let's say just as a broad example we want to use los angeles let's go here let's say i want to look at and you can see some of the ones i've used before but let's say that i want to look at los angeles i already brought this up just to make it easy so if you go to google maps you type in los angeles get the location up here i'm just going to copy this little part and now i've got the coordinates and i'm going to come back and then we're just going to say geocode paste that in i'm going to say anybody within 10 kilometers this is going to be a lot of of los angeles i want to see any tweets coming in that area and you could see one minute one minute one minute 34 seconds now so what this means is if you have a person that you know lives in a specific area we have the ability to track them based on a geolocation if they're sharing that geo location we can actually just sit here and watch the tweets come through so if you know where their house is you can set this to their house and then set this to like one kilometer as an example instead of 10 kilometers and as soon as it starts updating it takes a minute for these to come through but as soon as it does i mean these tweets will start flying through depending on how how broad we make this search so um this is this is nice we can come through here and now i have screens i can see who's talking on my timeline see there we go it starts to it starts to fly through as tweets come through i guess he was talking on my timeline i could see he was talking to me i could see what joe's up to if i'm investigating joe i'm watching joe now i can also see anything that's happening say joe lives in los angeles i could see what's happening in and around los angeles this is just a small touch of what can be done okay so there's a lot of options here you can use your search queries you can look at different lists you can see the trending users this is very nice especially if you want to follow a specific hashtag specific list of people if you want to weed out some of the stuff that you don't want to see on twitter this is just talking from experience and not talking about like just investigation but if you want to use this as a twitter user i think is one of the a great tool as well uh just to be able to have in your back pocket so something to think about but this is a fantastic tool um beyond the osun space but it has a lot of ocean power and that's why i kind of wanted to share it on its own so that is it for this video and that is it for the twitter osint we're going to move on into the next social media site so i will see you over there let's talk about facebook osint now facebook osint is difficult to keep up with there used to be a lot of graph searching that just does not exist anymore and now we're kind of in this cat and mouse game with facebook as they update the capabilities to search the platform and to gather information off the platform it's not a bad thing it's bad for the investigator but it's good for privacy so it's kind of this cat and mouse game right now and i'm going to show you the techniques and some of the things that i know and some of it might be kind of obvious some of it's just kind of where the trends are and i'll show you a couple tools that might help you with searching and we can kind of go into the weeds a little bit so let's go ahead and go out now for facebook i actually do not have an account so we're just going to use a fake account that i have um and we're going to just kind of search through it so this is my my fake facebook account and i think when everybody does oh send everybody if you go watch oscent tutorials everybody picks mark zuckerberg as like the thing to do it's like the hello world of facebook ocean apparently so i'm just gonna stick with the trends because i don't want to dive into real people not that he's not a real person but i want to make sure that i don't dive into anybody too um not famous if that makes any sense so what we're going to do is we're just going to try to find him that's the first thing that we want to do up here so we're going to go to search and we're just going to say mark zuckerberg all right and we'll search for mark zuckerberg and see what happens now we're just getting all sorts of posts that come up right we're looking at all we're getting posts we're getting articles we're getting all kinds of information here about mark zuckerberg and this could be good if we're doing an investigation and looking for somebody specific but maybe we want to find his profile so we'll go to people first now we can specify even more more down here we could say hey i want to look at the city i want to look for somebody with specific education or work so if you know something about somebody like hey i know mark zuckerberg went to harvard but he has it here as well you might want to put an education that you know i'm looking for mark zuckerberg from harvard and we can update the search and see if he shows up and sure enough he's the only one that shows up okay so there's there's one way of searching you can come through here we can also come through and say hey i want to look at photos of mark zuckerberg and these are public photos um obviously this could be people that have posted this it doesn't have to be coming from his account in particular as we don't know where these are coming from but it's always good to look at videos marketplace pages groups et cetera anything on the side here that you think you could click into i think we're kind of at the point now where some of this is redundant so i'm not going to keep hammering home the different the different things that we can click on but just think about what you might want to click on here now i'm going to open up mark's page and because we're going to talk through a little bit of this i'm going to just kind of come over here and right click it and open it in a new tab and we have zuckerberg here you can see facebook.com suck we'll talk about that in a second the other thing that i want to point out is that you can search different things so we have we have mark zuckerberg and we look at photos right but these are public photos what you can do a little trick is you can come in here and you could say something like photos of mark zuckerberg and then you're gonna have not just the photos that you were seeing um but you're gonna have photos that people tagged him in now this is super interesting because if this person has a super restrictive profile like say we clicked on their user here and we couldn't see anything there's no pictures which is very common with facebook facebook is now super restrictive a lot of times when you go to somebody's page unless they've intentionally made it public you don't get to see much so mark zuckerberg obviously has a very public page but for us if we wanted to see somebody maybe that was out there that had a public page we could take a look at this like and i was looking through this earlier this is very interesting you come through here and you say okay uh photo of mark zuckerberg look this only has two likes this only has four shares and this was from 2006. okay this is like early early early era facebook this is like facebook when it still had edu addresses facebook so um this is somebody this account by the way has been on facebook for a long time as well if you open it up you can see hey his name is aaron so you can imagine that he's been on there for quite some time now if we're thinking about this somehow some way at in some point aaron and mark interacted now this is 14 years ago but they still interacted and that's the benefit of if we were just looking at photos with mark zuckerberg we might not see that where if we looked at photos of mark zuckerberg we might see all the different places he was tagged look here's another one i don't know exactly what their connection is but clearly they were together at some point this was in 2005 so you can see that this was even even earlier so they go way back right and then you can see here this looks like more of a yeah i say more recent photo so here is a more recent photo from 2019 another person that has met him tagged him in a picture now he's very famous so he might get tagged quite a bit um on a site like this but even to see like look at look at these photos from harvard um this is 2005 he's posting these photos of himself but you know some of these photos uh could be from somebody else like this is from 2012. so it's it's very interesting to see the different uh the different things here on these websites so another thing that i want to point out is there are a couple of search engines that we can use to kind of sift through some of this stuff now one of these is this uh so dust on github and i'll post a link to this below and this intellects dot io has is a great resource by the way is like an overall kind of resource but it's good that it has a facebook search as well and it has kind of like this built in if you look at the alternate it's based on the sodas code so it is like a two in one tool just has all this already but i'll provide them so it says hey look you need to be logged into facebook you can search for a particular post by keyword by month by interval and then by uid so there's not a whole lot that you can search for you can see like there's it's so limited nowadays in what you can do so there's only some tips and tricks that you might want to look through but you can come down here and you can look at the posts and you can look at different things like say we want to look for post now we want to look through posts by a specific user it says entity well we need an entity id we can still uh still filter by date filter by keyword and this will do the search for us we have to make sure that we have a keyword in here and i'm going to show you how to to get to the the key or the entity id here in a second but i know that his entity id is four and then we'll just come in here and type in a keyword uh we'll just say something like harvard we know he went to harvard so i want to see posts about harvard from from mark zuckerberg himself so let's open up in a new window and let's see what happens okay so it looks like we don't really get a whole lot here and this is this isn't that great of a of from him like i don't see anything in here that actually ties to ties to mark so these searches are kind of hit or miss the thing is though you don't want to leave this blank because actually this is why let's add a filter and then let's try to open this up let's see if i i screwed up here okay so here is here is our post about harvard and this is the the thing that makes makes it interesting is like see you had to be very specific here with the post or else we were limited um so my mistake was actually a good example here but here you can see where he's talking about harvard you can limit that to a specific date and time like here these are all from 2000 well 2017 2015 but maybe you're looking for like 2013 you come in here and limit that date if you don't put anything in here it'll put a wild card and this does not usually return anything yeah the wild card search feature for whatever reason has stopped working you can see that it's pulling down mark zuckerberg but it's not pulling anything down now there are features that you can go out there and use tools to pull down um the id of an account which you see i have the idea for here there's actually a quick way to do it too that i kind of just want to show you you could google a tool and say hey i want to know the idea of this account it takes a little bit if you just right click on a user's page and you say to view the page source you can come in here and all you have to do is a control f and then if you search user id like this you can see that it comes up right away four right here user id for so it should be one of the first things that you see here's the user vanity the zuck and i'll make this a little bit bigger so you can see it real quick um but like you can see the user vanity is zuck but the user id is for we can no longer search on user vanity we can only search on the id so that's where this is becoming important if you want to use tools like this to use the id number now of course yeah and this could change immediately after uh releasing this because facebook does change so much um actually let me make this a little bigger but say we do find a person's profile i kind of gone gone bouncing around a little bit say we do find a profile we want to look around we want to see what we can find out about a person a lot of information here about mark who he's married to you could see the different um you know the he's a founder and ceo where he works where he went to school where he lives where he's from you could see different pictures of him life events you can look through his friends and see if there's any correlation between his friends and who he knows there's also any of the like so again photos videos you come to more and you can see where he's checked in so has he checked in somewhere here's all the places he's checked in and been you can see if he's checked in somewhere recently where he's going where he's gone um does he like sports well who are his favorite athletes you can find out all kinds of information and this could be just you know you don't you don't know where where this could end up being useful so um if you have the opportunity of finding a public facebook profile like this it's always good to jot down as much information as you can and again when you're looking at photos remember pictures say uh pictures say a thousand words you can see all kinds of stuff from just looking into a photo i'm like here it could be a challenge to say hey where is he at obviously he's at the european parliament he's telling you but you could say hey where is he at in the world right now and if you do any sort of like uh like the cts or like trace labs or one of those type deals you might come across a user's photos and pictures and it might say hey you know what kind of phone do they have or where are they where are they at where was their last known location you know can you get a picture of a of a vehicle or anything along those lines so if you can identify that it really helps one time i was doing a trace lab ctf and i saw somebody on their facebook page had a selfie and the selfie reflected behind them uh the the back window reflected back of their car and you were able to actually make out the model of the car on the steering wheel based on the selfie so um it's very interesting on what you can determine from a picture especially when somebody's just thinking oh i'm taking a selfie in a car when really you're giving out a lot of information on what kind of car they're in maybe what kind of day was out you know outside what kind of phone they have there's a lot of information that can be found so if you do find a public facebook profile look through it otherwise the photos feature is a very good feature to search through if you go through the photos of and you just kind of look through and try to see who knows who how do they know them try to tie it down sometimes you know if you go to a friend's they might not have any friends that are public or you can't see it so if it's really locked down again you might have to kind of just make this assumption again with the trace labs a lot of times when we're looking for like a say like a missing person um we might find the missing person and it might be locked down but we might be able to find photos of them or look through family members or find something where they're interacting or they're posting recent pictures of them and then we know hey maybe this person isn't missing anymore or something along those lines so there's there's a bunch of different scenarios that could happen but these are just kind of things that i've seen as i've been going through it so again there's not there's not a ton as it's getting more restrictive for facebook but there's still options out there to look through i feel like a lot of it's obvious i don't want to hammer down on all of these but just do your due diligence when you're doing research on facebook and make sure you can try to track down as much information as possible and then use the little tricks i showed you by viewing the source and then you can utilize that for some of these other tools that will help you search through it and maybe get through some of this a little bit easier so that is it for this video and that's it for the facebook ocean we're going to move on into the next social media platform see you all right let's talk about instagram oh sent now instagram is going to be going right back to the pictures say a thousand words uh type spiel that you've heard me say over and over again but on top of that we have some tools available to us that we can look at there's not a i don't see there's not a wealth of information it's just another platform that we can look at though it's kind of limited in the searching that we can do so i'll kind of give you a look into the world of instagram so if we take a look at my instagram posts or my instagram page here if you want to look at a particular user on instagram you can go to instagram.com and then forward slash the user now you can come in here and look at their pictures um it is limited sometimes you can look at the pictures without being logged into instagram but it really does get limited into what you can click on what you can see etc when you look at instagram too as well if you come into some of these posts if you see something in the corner like this that means there's multiple pictures so you could see the boston pictures that i had taken and i was saying hey you know kind of look at these tell me if you can see where i was at here's that picture from earlier now if you look and look somebody can identify the fairmont hotel is right here so people are can identify just from being there knowing it so um but like you can look through pictures and see different things obviously i've harped on that we're not going to harp on that i just kind of want to tell you what we can search for now you could try to come up here and search for people um and see like my name is tcm on here or the cyber mentor so you're probably not going to find me but you can try coming in here and searching an actual person's name you can say like heath adams and see if you can find somebody named heath adams and here are all the people named keith adams you come in here and look for the person that you might be looking for um i wish there was a better way really there's not in this sense you can come in if you have a username you could search by username so say the cyber mentor you could do that and look it'll pull me up and then see i'm under tcm so if you were going to search for me you would actually have to search for tcm you could also come in here and look for tags so if you say tag the cyber mentor you can see that there have been eight posts about me on instagram and then you can come through here and just click on these and see you know who has posted about me what are they saying etc you can come kind of look through that as well what you can do though is if you are on a user's profile let's just go to a user's profile let's see if we can click on one that is not private okay this one's not private so you can go and look at who these people are following and see who they're following and if they have any relationship so if i'm looking at people the first thing that i kind of tend to look at is i tend to look at like what's the subject's name that i'm looking at um so say it's adams and i'm probably going to search through the people that they're following and see if i could find anybody with the last name adams now it's not as good of a search tool here when we're looking at it on the website if you actually use the app on your phone you have the ability to come through and search so you can search like last name first name whoever if you're looking for somebody in somebody's friends list but this is just a nice tool to come through here and just say hey i'm looking you can see if they're following any hashtags as well you can see who's following them what posts they've made etc so this is just kind of what you're looking for you would want to see okay where is this person posted has this person been tagged in anything and kind of look at it like that so i'm going to go back now say my profile was not public let's see if i can go back if my profile was not public then you would not be able to access any of this information it would be completely private to to me so depending on who you get might depend on that now if you can associate it or associate that profile or that name if it's unique with perhaps another profile sometimes we see people with multiple instagrams or multiple twitter accounts if you could find another profile that has family members or something related to them or friends or whatever you can then look at those friends profiles see if they're public and then see if you can find pictures of that subject or that person on the profile and just kind of go through it so as long as you have other ways to tie an individual to somebody else that's kind of what you're looking for if you're finding yourself up against a private profile but even here you can come in here and see tags where was i tagged who tagged me blah blah blah and just kind of see who i associate with as well so you can really spin a web pretty quick if these profiles are public now there's a couple other things that we can do you can see that i have this picture here you can come online actually this isn't the one but if you go to this wopidi i think is how you say it or what whoopida and you just come in here and you search the cybermentor you can see that it'll pull up some information here there are some sites out there that if you look and we'll go to google here in a second but if you look on google it'll tell you like if the page was ever public and it had some posts or pictures you might be able to see them in cash form or they might have them stored on their site but you can also come through here and just see this kind of laid out as opposed to what we were seeing like pictures like this you could actually just kind of see it laid out this obviously has ads on this page so it's hit or miss but you can close out once the ads load but this is a decent page to click through the other thing is we've talked about the the user id we talked about finding the user id on twitter it's the same thing here with instagram if the user id ever changes you can come find the user id store that information and then bring it back later in case they ever change their username you just come back and find out where this user is now with this user id another thing that we can do is say that we find a profile and we want to grab that information and then i know i'm kind of going a little bit quick here with the the names up here this code of ninja or code of a ninja was to find the instagram user id this is again all in the resources down below so if you want to click on those and follow along please feel free but the other side of this too is this instadp.com if you do forward slash profile forward slash the username you can come in here and say you want to see the image that's here you can go full size and then you can see a full size of this image so now what can we do we can save this image we can use this to maybe reverse image search try to hunt down this image somewhere else and we've been through that drill already right so again we have an image and that's what we're tracking same thing with this website uh imagein.com if you do image in forward slash the account that you're looking at you come here you can look at the post you can see the download next to the the image up here you can download this or you can download any of these posts that you see here so any of these posts why is that important because if you were on say instagram here and you right click sometimes it doesn't let you save the picture if it tries to save this it might save it as like a html or something that's not right you can come in here and actually just download the actual image from the site and that's nice you get the full image nothing like you're not the crop you don't have to try to screenshot do anything you just get the full image so this is a nice way to come through and download artifacts in case you need them later to have a report or for your case or however it may be and then lastly please don't underestimate google so you might have a search where it's just like the cyber mentor and then you might say site instagram.com all right so anybody that searched for or any anywhere the cyber mentors come up obviously my page but if somebody mentioned me somewhere on on here or maybe if we just search for uh the cyber mentor without or we put in quotations or we just say like the cyber mentor like this think about the ways that you might be searching this you might even just say the cyber mentor and no site you might just say something like instagram and see if it finds anything about me somewhere else so you can see the like these different websites that show up here with um instagram photos and you might be able to pull that down and as well and see if there's anything up there that maybe is not on my profile anymore that i have pulled down um or that maybe i had deleted etc so just things to get your wheel spinning and thinking about again it's just more of the same as you go across these different profiles the techniques change a little bit but the concepts and the methodology really doesn't so that's it for instagram ocean we're gonna move on to the next social media platform this is going to be an incredibly short video because snapchat doesn't have a ton of ocean in my opinion and the sites that are out there like there's a site called snapdex i don't think it's really that great so i kind of want to show you one other feature because we've already covered how i would enumerate snapchat basically if you're you're looking for osin on snapchat you can use the username search feature you can correlate usernames that way you could try slow typing and seeing if something comes up and you could find a user that way as well perhaps there's a name in the username and it ties to an individual we've already covered those kind of thoughts in the username section there's one other thing that could be useful and just one thing i kind of want to point out and it's that snapchat has a map you can access the snapchat map by going to map.snapchat.com now this is a feature if you've ever used a snapchat app this is actually a feature within the app as well you can scroll into specific locations and you can kind of see the hotbeds where there's a lot of pictures being taken and what this is is when somebody takes a picture on snapchat and then they go and they post that publicly it shows up here so you could really narrow down to specific locations and i'm always it's always dangerous to click on these sometimes because you have no idea what you're going to see but let's say that we're trying to look at at jacksonville maybe this specific area here's looks like an airport let's just click on this and see what comes up all right and we can see some pictures here um and it really just depends on what you're going to see so on the post sometimes people reveal their personal information sometimes they reveal like a snap code where you can add them this is just another feature of things that we could potentially look for in this app just try to narrow something down if we're looking for a specific location within um within an area so if you're trying to find out information say in at this airport or if you know somebody who's at the airport maybe it doesn't hurt to look on snapchat but this is kind of one of those i don't want to call it advanced osim but just something else that you should know about if you're looking at snapchat for this feature and you have a location um other than that like i said short video we're gonna go ahead and just move on to the next topic within social media so i'll see you in the next video again another short video because we've kind of already covered reddit a little bit but we're going to revisit reddit and we're going to just show how we can find a treasure trove of information fairly easily on reddit with either reddit searching or google searching so let's go ahead and go out to the internet and i'm going to go to reddit.com and there are a few benefits here so we can search here on reddit and remember we can search for a specific username as well if we use any of our name check tools that we used but you can always come into reddit and say if you want into the taskbar but you could go reddit.reddit.comus say the cyber mentor if you wanted to check out and see if that user existed that's one way to find me of course namecheck would be another one but say you're on reddit and you want to search you can come out and just say the cyber mentor and you can see here well look there is a there is a r the cyber mentor which is funny because i don't actually didn't even know about this so this is new uh there's a user the cyber mentor which is me somebody must have put this together created may 13th 2020. so um somebody did this but that's cool anyway um there is also like any any post you could see it's highlighted where somebody has put the cyber mentor in here uh you can find that or if somebody potentially talks about me like in these oscp or these hacking channels uh there's a good chance that somebody was mentioning me somewhere within these you can see tcm is another one if you tried searching for tcm you're probably going to find like turner classic movies and all kinds of other stuff but you can come in here and you'll see you're looking at best results relevance sort by relevance posts from all time you could sort by hot if there's any like trending posts with my name in it you could sort by if there's any new posts with my name in it so you can kind of go through this and this is just best results you can come through post as well and just see how this works out another thing is that you can come in here and actually put this into quotes so and see if that produces anything better and more specific now we kind of get out of some of the same results but we also it looks like this is a little bit different so potentially depending on on how you search and if you use quotations or not you can change things up let's look at the the new post again and see how that's changed and the new post now is from 14 days ago as last time it was from four days ago so depending on how we search this is more specific you could also search by my name say heath adams et cetera see if that works out the other thing that you could do is you can come to google and you could just search like the cyber mentor and then just say site reddit.com now reddit by far is is one of my favorite resources to use i tell this to people when i'm giving them advice it is one of the best ways to do research the chances are if you have a question and you want that question answered chances are somebody's already asked that question on reddit so i will literally go to reddit for almost any of my questions first before even saying hey google how do you answer this i'll say hey google site reddit how do you answer this because there's almost always something on there so here you can see that there are 2600 results of people mentioning me somewhere on reddit um you can try narrowing this down you can even type in like again you could say like keith adams and then you can even narrow this down more this is just getting back into google foo but you could say maybe they want to reference the oscp so somewhere in text oscp now we narrow that down to 806 etc so we can just see how this works and how this goes through but please do not underestimate underestimate reddit for a research potential now the other thing too before we go is you saw me as a user you have the ability to come in here and see okay these are my posts you can see what posts i make but you can also see what comments i've made so you could see the the comments here and what i was posting when i was last active i have seen people give out their name i've seen people give out their location i've seen people put some crazy stuff in here there was actually one time where i was investigating a case and in that case this person was posting some really nasty stuff on on reddit well what they had done is they had just put in tiny bits of information like hey i am a graduate student at this school and then they said hey i have this certification and it didn't take long before there were only so many people um at that school that had that certification that really could be narrowed down and we were able to identify who the individual was so you have to be very careful what you post because even the tiniest shreds of information even though you have no name or anything posting here you know it's really easy to just put out enough little bits of information that somebody can eventually identify you so the comment history and post history is always important when you're looking through this um a user might not have a lot of posts like you'll see in here that i've got a lot of posts but they might have a lot of comments or it might be their way around where they're just posting a bunch but not really commenting so it depends on the user depends on the account but again this is something that you should not underestimate from a research perspective i think reddit is one of the most information wealthy platforms that's out there so that's it for this video we're going to move on to the next video in the section let's take a look at linkedin ocean so linkedin is the social media for business professionals and it can reveal a wealth of information about people so i'm gonna go ahead and switch over i'm gonna show you a fake linkedin profile i have but i'm going to try searching for myself and see what information that we can find about me this might not be bad practice for you if you have a linkedin to maybe search for my profile that's not yours and see what you've got out there i don't know how actually limited my profile is i do remember making it kind of limited so we'll see what we can actually find on me now you can see here that i'm a third plus connection so i might not be able to see much results about me um here you can see that well there is this backdrop so let's take it step by step and see what we we can see from my profile my image is hidden so obviously i'm not showing my image to people that aren't a connection of mine or maybe a first or second connection of mine so there's no image here but there's still information now say there were an image you should be able to right click it here open image a new tab and then you would be able to reverse image search that unfortunately since that's not there we don't have that opportunity you have the ability here with the same this concept with this image we can grab this banner image here full size go take it and then try to reverse image search that and see if there's anything of particular another thing that we can point out maybe we have a unique username up here maybe this is something different than what we've been using or maybe we've tied this to our profile based on this username but there could be some potential for going out to google checking on this username seeing what we can find here other stuff that we might be able to identify well we might be able to come in here and see if there's contact info so if you look at contact info you can see sometimes people's phone number in here phone numbers are in here their birth dates are in here their email addresses are in here there's a lot of personal information that i have seen just on a contact info page so if you're watching this check your contact info make sure you're not disclosing any information that you don't want to because it's very easy to accidentally do that on linkedin now here you can see that i am a member a paid member of linkedin i've got a premium badge you could find out some information about me it says that i live in washington dc in the united states so we can find location information we can also see the activity that i have so i'm going to open this in a new tab uh but you can come through here and just kind of see what i've been up to so what have i been posting even though my picture is private i still have all this stuff here where i'm posting you can see um everything about my life and uh you know just kind of what's going on here so you can go through my history in this sense uh the other thing that you can do too is you could say okay well what else is here well i'm a founder of something called tcm security so if i right click and open that up that could lead to a whole another avenue look we have a new image to look for we can look at about we could look at the the different postings that we have here's a phone number uh we have the ability to look at where this company's headquartered so that might tell you um you know where i live or where i have lived you could see what people are on linkedin for this so uh you know who works at my company would be a good place to start and you can see depending on where you're at and um you know who you have connections with the better linkedin works for you so if you have an account that's connected to quite a few people uh if you connect with a like say linkedin open networkers they're called lions if you connect with those sorts of peoples and let's see if we can just kind of type in lion and see if that comes up basically you if you accept those people or you reach out to these people they will accept your friend request the issue is if you reach out to people and they don't know who you are and they say they don't know who you are those people can say i don't know who you are and linkedin will eventually shadow ban you or completely ban you for just going out and um going out and just applying to people like that or requesting people like that so my suggestion is to come out to some of these linkedin people and try to connect with some of these open networkers and see what you can do but here going back through you can see all the different jobs or experience that i have and that i've worked you could see potentially what education i have although i have my education obfuscated here i did not go to ohio state beauty academy or ohio state college of barber styling i'm just kind of being facetious when i put that stuff up there but same thing with licenses you can kind of understand what education i got when i got it um possibly where i was during certain time frames so that's a wealth of information you could see who's endorsed me and for what so a lot of people have endorsed me for ethical hacking penetration testing coaching uh you can also see people that have given me or yeah given me recommendations so i might know somebody here like you could see um heath or heath worked directly with cage in the same group so this is somebody that i worked with this is somebody that i did not work with and it tells you that and it even says hey who have i given a recommendation to which tells you who i've worked with in the past so this will give you an indication as to some of the the people that i actually know directly enough well enough to either receive a recommendation from or to recommend we have different projects here that i worked on and you can get more information possibly from there publications any sort of interest so you could see like this is a accounting firm epic was a group in toledo ohio that i was in um there's all different sorts of things like a veteran network so that might indicate that i was part of the military there's a lot of stuff that you can find there's a possibility too if you're able to make a connection then you can go through the individuals connections and actually see who their connections are and kind of go through it kind of step by step so there's all sorts of things here that we have the ability to see and again i'm not going to go through every single possible detail i feel like we've kind of covered that as we've gone through the course your your wheels should be spinning now on how you can collect information and everything is value if you find a profile like this you should be taking notes on everything that is pertinent to your investigation or your research so i would be going through my activity i'm seeing what i can do here and it also tells you like look 16 000 followers on linkedin that tells you how many connections beyond potentially beyond i have even though connections and followers are slightly different you can tell that there's probably a high correlation so there's there's thoughts here right that you can go through and look through this stuff and hopefully this is starting to make sense now so my recommendation is if you're going to make a fake profile you're going to make a sock account maybe reach out to some people that you don't know to build your network these people are usually well connected and when they're well connected like that you tend to start to reach out because with linkedin how it works you need to be like a third connection or a second connection you saw when i searched myself i was a third plus so i need to find somebody maybe that's connected to me or yeah to me if i wanted and then i would go in there add that person and then get them and now i'm a second connection to to myself that makes sense i know it's a little bit of inception but my fake account would then be a second connection to this account so something to think about how you might approach that definitely don't approach the wrong people because you can get your account banned possibly even shadow ban from from linkedin so just be careful when you approach it that way um and just try to be discreet when you're up you're reaching out to some of these people as well so um hopefully that'll make sense uh that is it for this video we're gonna go on and move on to the next video in this social media section so i'll catch you over in the next video and one final short video for this section we're going to take a look at tick tock now tik tok is one of those applications that when it first came out holy crap it was not secure whatsoever there was so much information that was being leaked out there they have actually done a better job when it comes to preventing some of the data leakage and have kind of helped stop us in our tracks a little bit though i'll show you some of the information that you can gather back in the day it used to be a platform called musically and musically you could see pretty much any information that you wanted and i'll kind of bring up this page here and this is just a popular tick tocker here um so if you come up to ticktock.com and you just put the at and then the username you could search that individual and find them here what you used to be able to see not only were all the public videos here you could also see the likes so you could see users likes back in the day on on tick tock as well you could come in here and you were able to see a lot of stuff like if a user say you come in here and you like this video and then the user deleted the video it would still be stored in somebody else's likes you would always be able to go back and access that even if the profile went private or anything along those lines there was a lot of flaws that existed with this uh in all kinds of crazy stuff on that platform it was the wild wild west back in the day nowadays it's kind of locked down a little bit more you can even click in here and see who this user is following you can't really see who their followers are you just be able to click on these sorts of things and get information some of the things you can do is obviously look at their videos see the information that um is possibly available to you and kind of try to gather that sort of data the other thing similar to tick-tock as well is that you can right-click on a picture open that image in a new tab and then guess what you have this image in full size now that you can go and do reverse image searching on so there's still data that we can gather off of profiles like this and this might seem redundant because we've shown it before but i do think it hammers down the concepts in your brains just a little bit so keep in mind pictures videos however you want it to be say a thousand words this image here can be reverse image search we can do a lot of stuff that we can kind of try to tie back to other users even though tick tock has done a good job of locking a lot of things down there's still some ocean that we can do based on a profile again you can do google searching and try to find information on that user for specifically for tick tock see if there's any historical data out there there's a lot of stuff that we can do that i'm not going to keep repeating over and over but this is just another platform to be thinking about and as new platforms come up as new platforms are arriving on the scene i think as of right now there's a new platform out there parlor um there's just like they keep coming up so like keep thinking about all the different platforms that are out there and ways that you could perhaps be searching these platforms for for information when you're looking for an individual or you're looking for information about something specific so that is it for this section from here we're going to move on to one of my favorite topics which is website ocean and i will see you over in that section we have reached the end of our four and a half hours together i hope that this course has been enjoyable for you and again if you are interested in seeing the other half of this course you can do so at the tcm security academy i'll provide a link in the description as always and please please do consider hitting that like button and hit that subscribe button hit the bell so you get notifications when we post more content like this course or like other ethical hacking courses or any cyber security related content at all we would love to have you as a subscriber and keep you up to date on the latest cyber security trends and tools and news so until next time my name is heath adams aka the cyber mentor and i do thank you for joining me peace out
Info
Channel: The Cyber Mentor
Views: 725,405
Rating: undefined out of 5
Keywords:
Id: qwA6MmbeGNo
Channel Id: undefined
Length: 269min 56sec (16196 seconds)
Published: Mon Jan 10 2022
Related Videos
Beginner Web Application Hacking (Full Course)
The Cyber Mentor
213K
This Hacker Makes $160K a Day โ โ€” After He Got Out of Federal Prison๐ŸŽ™Darknet Diaries Ep. 60: dawgyg
Jack Rhysider
340K
Challenge ChatGPT with GPT-3: Better Prompts and Conversations
Nodus Labs
9
Linux Privilege Escalation for Beginners
The Cyber Mentor
62K
From Photo to Passport Number With Maltego OSINT Tools
SecurityFWD
157K
Metasploit
David Bombal
213K
OSINT At Home #9 โ€“ Top 4 Free Satellite Imagery Sources
Bendobrown
1M
How to Be An Ethical Hacker: 2023 Edition
The Cyber Mentor
52K
Windows Privilege Escalation for Beginners
The Cyber Mentor
9.3K
Hands-On Power BI Tutorial ๐Ÿ“ŠBeginner to Pro 2023 Edition [Full Course]โšก
Pragmatic Works
438K
Doing a Live OSINT Investigation on an Instagram Influencer
Cody Bernardy
47K
OSINT: Sharpen Your Cyber Skills With Open-source Intelligence
Cyberspatial
160K
Linux for Ethical Hackers (2022 - Full Kali Linux Course)
The Cyber Mentor
217K
Blockchain Technology Explained (2 Hour Course)
Coding Tech
3.8M
What are you going to do in 2023? Tops 5 skills to get!
David Bombal
1.2M
Complete ChatGPT Tutorial - [Become A Power User in 30 Minutes]
Santrel Media
1.8M
Internet History, Technology, and Security - Full Course from Dr. Chuck
freeCodeCamp.org
287K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.