OSINT & sock Puppets

  1. This person does not exist
  2. this resume does not exist
  3. this rental does not exist
  4. fake name generator
  5. Random User
  6. British Name Generator
  7. Random Word Generator
  8. Elfqrin Fake ID
  9. Behind the Name

Cyber Attacks Resulting from OSINT

Search Engines for Passive Reconnaissance.

  1. Google
  2. Shodan
  3. Censys
  4. FOFA
  5. Dogpile
  6. Archives

Email Harvesting for password stuffing & Social engineering attacks

  1. The Harvester
  2. Prowl
  3. Haveibeenpawned

DNS Enumeration

  1. Aquatone
  2. Sublister
  3. DNS Dumpster

Google Hacking Database

WHY DOES OSINT MATTER?

For the Good…

  1. Designed to help security professionals to focus on specific areas of interest
  2. Aids privacy-minded people to learn how exposed they are
  3. used for ethical hacking & penetrations testing
  4. Helps to identify external threats
  5. Provides anonymity when conducting passive recon (Sock Puppet, VPN, TOR)
  6. Find and Fix weaknesses in the organizational network

On the Dark Side

  1. Threat actors have access to the same tools and techniques as security professionals
  2. Identify potential targets and exploit weaknesses
  3. Become a victim of a sock puppet person.
  4. Aids in Criminal Phishing attacks and social engineering campaigns
  5. Highly used by Government intelligence agencies
  6. Exploit Sensitive information

CLI TOOLS

  1. UPI-INT
  2. Infooze

Credit:
Encoders Pro

Tags

Post a Comment

Post a Comment

Previous Post Next Post