For those of you that have been the targets of SPAM or phishing or perhaps for those of you that are cyber defenders, how many times have you heard "I have no idea how the attacker got my personal email address." I have a secret to share with you. [Come a little closer to the... Continue Reading →
What Is It? I've created the WhatsMyName project on Github (https://github.com/WebBreacher/WhatsMyName) to help with #OSINT searches by using target user names. Here's how it works: We understand that people use the same username across multiple web sites. For example, I am "WebBreacher" on both the Github and BitBucket web sites. Some web sites make it... Continue Reading →
There are three quick and impactful videos that I like pointing people towards when they ask about how their personal data can be used against them. All are free on YouTube. Enjoy! Data to Go https://www.youtube.com/watch?v=_YRs28yBYuI https://www.youtube.com/watch?v=_YRs28yBYuI Amazing mind reader reveals his 'gift' https://www.youtube.com/watch?v=F7pYHN9iC9I https://www.youtube.com/watch?v=F7pYHN9iC9I See how easily freaks can take over your... Continue Reading →
What I just made a thing on Twitter. It is a "bot". This python computer program runs on my computer and retweets Donald Trump's (https://twitter.com/realDonaldTrump) Twitter account only if the original tweet came from an Android device. Here's what it looks like for both a tweet from Trump and one that is probably not: Why... Continue Reading →
Our modern web browsers such as Google Chrome and Mozilla Firefox (as well as Internet Explorer, Opera and Safari) have the abilities to use our current location using a variety of techniques. Most of the time, the browser will prompt the user and ask for permission to use the current location on some web site. That... Continue Reading →
Announcement of a tool I wrote for OSINT beer drinking purposes. It grabs public data from the Untappd.com web site and analyzes drinking behavior.
At work I was given the task of figuring out at least one method to find some of the domains that were registered by my company's employees but that we may not have known that they registered. Anyone can visit GoDaddy or PSI or 1and1 and register a domain. We wanted to find out anyone... Continue Reading →
When performing testing activities, whether it is web application penetration or usability testing, it is helpful to have example content to submit in web form fields. The same can be said for people trying to create sock-puppet or alias accounts on the Internet. We need to have sample/fake information so that we can set up... Continue Reading →
Lately I've been doing more Open Source Intelligence (OSINT) work where I look on the Internet for information about a subject and then compile it into a dossier. They can be very powerful and present a compelling picture.I gave "Running away from Security" talks at both BSidesCharm and BsidesBoston this year (and at CircleCityCon next week).... Continue Reading →
My newest recon-ng module, "profiler", is going to really blow you away. It doesn't do anything miraculous like crypto or ZigBee or SCADA but it does make it easy for you to get information about users on the Internet. Here is the basic premise: you want to find out if a certain user name exists... Continue Reading →