Presented at
May Contain Hackers (MCH2022),
July 26, 2022, 10 a.m.
(120 minutes).
Are you curious, and looking for a fun project perhaps this workshop is something for you?
The capabilities of both generating and collecting data have been increasing rapidly in the last several decades. Everybody needs info / data in life.
Some examples:
In your job to find new businesses opportunity’s or just to "spy" on employees or your competitors?
Reverse engineering for a simple replay attack, you might need to know the frequency, Chip vendor .or layout
Finding your long lost friends, loves-once from long ago.
Some time's you know it must be out there somewhere but you just can't find it.
Why can't you find it and how to improve your search skills on gathering or collecting data.
Step by step I will guide you in the art off “collecting data”.
And NO is not an option is something I hope to gain.
This is NOT an debate about the ethics or politics of online reconnaissance on personal information gathering.*
Further this is not a guide/training to steal information for criminal purposes.
*If you would like to discuss this we could do this after in the Lounge
Abstract
Are you curious, and looking for a fun project perhaps this workshop is something for you?
The capabilities of both generating and collecting data have been increasing rapidly in the last several decades. Everybody needs info / data in life.
Some examples:
In your job to find new businesses opportunity’s or just to "spy" on employees or your competitors?
Reverse engineering for a simple replay attack, you might need to know the frequency, Chip vendor .or layout
Finding your long lost friends, loves-once from long ago.
Some time's you know it must be out there somewhere but you just can't find it.
Why can't you find it and how to improve your search skills on gathering or collecting data.
Step by step I will guide you in the art off “collecting data”.
And NO is not an option is something I hope to gain.
This is NOT an debate about the ethics or politics of online reconnaissance on personal information gathering.*
Further this is not a guide/training to steal information for criminal purposes.
*If you would like to discuss this we could do this after in the Lounge
Description
The name of collecting data in Military terms is Open-source intelligence, often referred to as OSINT. This word OSINT can mean many things to many people.“Officially, it is defined as any data or Intelligence produced from publicly available information that is collected, exploited or disseminated in a manner to an audience in a form of an rapport or spoken word.”
The main word for collection data is OSINT or Open-source intelligence this is just like an treasure chest.
Mostly It includes lots of "possibly sensitive information".
Sometimes it is publicly available on the internet, and the best of all, it’s “free”.
With some simple tooling you can find more than you aspect.
No need for expensive hardware, all you need is an internet browser and a terminal
You could do this from you're phone all you need is an terminal and an browser.
Some topics:
Please keep in mind that tools and tricks get quickly obsolete.
Public Government records
Rental Vehicle
License plate's
exploratory data analysis (Data mining)
Finding a (new) job with the help off open source data
Animal tracking (cows)
Social media content
hidden, alias profile’s
missing profile data
Capture social media live streams
Google dorking
Deleted websites and post
Website owner information
Open directory’s
Restricted media content
File and FTP Search
Online criminal activity.
Scraping Telegram, Irc groups.
Photo GPS and Metadata
Document Metadata
Sensitive Documents and photo’s
location off Wireless routers
Ip address of users
Cellphone tower information.
Radio communications
Reverse engineering
Regulatory filings (FCC), RFIC datasheets, standards documents
Prior reverse-engineering work, Marketing material
Free tools, Browser extensions and websites.
Alternative search Engine’s
How to setup up you're own search VM from scratch
Repairing the machine for the event.
It is all up to you if you like t run an vm (cloud based), from an USB or just on an older laptop that will be gone after this event.
There is no wrong or right operation system but some “privacy bases system” attract unwanted attention.
To install:
Firefox, Chrome
Some plugins are helpful,
Copy links, adblocker, noscript, exif viewer, Screen capture like Fireshot /Nimbus, JSON viewer, Google docs viewer.
The TOR bundel
VPN of choice
Presenters:
-
H. O. Klompenmaker
Data archaeologist in combination with Reverse Engineering.
Finds data that nobody else can find.
Creator off order out off Chaos.
Got involve in finding data before the cool guys took off with it, not knowing that there was something like OSINT as an in a job.
Spend his life the last two years mostly only offline looking for adventures in hardware hacking.
Links:
Similar Presentations: