The Battle for OSINT – Are you Team GUI or Team Command Line?

oh okay welcome everyone welcome hi uh welcome to the battle for ocean are you team gui are you team command line i am team gui i'm tracy maylief also known as infosec sherpa my co-presenter in crime here's joe gray he is team command line and he is c3p jail oh thank you um so we want to make this fun but uh real quick we just wanted to kind of explain the purpose of this talk we are not saying that one is necessarily bad or better than the other one way of doing things we want to show you different ways to retrieve osint so my background is that i am a oops here we go i have a library background so i know

how to find stuff joe has a tech background he knows to find how to find things another way um so what we're going to do is we're going to show you different ways to find things and here's our our credentials uh with each of our our spirit animals here's this tigger mine's a cheetah apparently um yeah so um this is going to be good so just real quick little give you overview so we do not have a ton of time i alone could spend an hour talking about gooey ways to retrieve stuff he could spend an hour doing stuff so just going clockwise we're going to do a little brief intro which we are in the middle of now

um i'm going to talk first about gooey stuff he's going to talk about command line joe's going to continue the reins holding the rings into a live demo and then we're gonna have a q a but we also are going to have a giveaway but you have to be present to win so you have to stay put and watch our whole conversation so we have some of the same and i came up with what i thought was a very clever way to give away the books that remains to be seen we'll figure it out but um i was going to tell people move up this isn't a gallagher show if you don't know that reference ask an old

person or look it up um but to um kind of help sweeten things up a little bit since you're all a bunch of smarties we have some smarties and we'll see how good my throwing arm is and i'm also going to periodically throw candy out because i don't want to see the tops of your head looking down at your phone we're showing you some cool stuff but please wait until we're done talking about it because we worked really hard on this so uh so you know heads up for candy okay all right cool so and since joe and i are both talkers we are meticulously timing our dogs so that we don't run into each other's

stuff so i want to make this an hour and 45 minute long advanced persistent security podcast yeah exactly we are and that's also that the graphic in the middle is oh so quick quick uh comment so joe and i met for the first time yesterday we worked on this distance we met each other over twitter we work on his podcast together advanced persistent security podcast and we worked on this all remotely so if you are looking to present at a con don't just wait to you know meet someone in person it is 2017. if you meet someone on the interwebs you can work with them and do a project so we're pretty excited about it and hope you like it too

all right oops there we go okay okay so let's start with twitter so couple things you may not know you who knew that you had to who knew that you did not have to be logged into twitter to search it did anybody know that okay cool smarties we got some smarties here awesome so that's important to know so there they have this advanced search screen they like to hide it but it's there that's the url for it and there are some cool ways of doing things so why do you want to do this well twitter has something crazy like 300 million posts daily or monthly or something like that so they have a lot of content

that's a lot of low-hanging fruit to go after if you're trying to find information so you know go to social media people are posting stuff all the time so what i'm going to show you is um you know you don't just start spaghetti at the wall and expect something to stick use the tools that these search engines gave you now keep in mind they were not built as search engines so things are wonky so here's some examples of how you can pull information out dude if you leave you're not eligible for the book drawing all right all right so let's start with an easy advanced twitter search if you use the phrase here two colon walmart that means

all tweets sent to walmart with the keyword defective and you tell it i only wanted to filter out tweets with images so you get a whole string of people who took pictures of defective things at walmart why is this interesting well i worked at law firms for 10 years don't you think that would be interesting from products liability standpoint that was low hanging fruit to pull out if you're trying to find out if a customer or you know a client had some issues with their product go to social media are people complaining about it chances are you're going to see a a chair that didn't fold correctly i love this one the chair didn't fold up

they called it defective so they just left in the beach parking lot alternatively with this if you're ever doing a pre-texting engagement and you need a name to pose as this is where you're going to get your names so if you're going to be the good guy they're singing the praises you're going to be the bad guy you can and i wanted to highlight the uh the top and the latest in case you weren't aware uh if you want to search things that had the most retweets the most likes the most things that were interacted with or sponsored tweets they'll show up as top if you want straight up chronological you click latest it'll always default to top so make sure

you're aware of that so now let's get into fancy this is a real search that worked as tested it as of this morning i had to do some research again for uh for a law firm and this is well i knew that there was a gas explosion in manhattan um it was around those dates around march 20 you know end of march time-ish so these are all search tools that you use in twitter this is all done in the bubble i did this in the in the bubble um so they have things you can do near now this is dependent upon people having their geo tagging on on their phones now i know smart people like us

don't have that enabled but a lot of people don't so take advantage of that and you can even do a mile radius um and then the synths and the before or since an until we're like before and after so i'm searching tweets from that time period and this is a whole string of photos which to an insurance company or a law firm this is gold because the next step would be then some paralegal will reach out to those people and maybe get a statement or a journalist might you know get a statement from someone may i use your tweet rather than you know being able to find things on site so this is how you can really narrow things

down all right next question how show of hands how many people have heard of twitter lists okay excellent in here don't you start throwing a candy make yourself useful okay all right excellent keep those hands up if you actually use them all right if you somebody gets we have nerds so we have nerds and smarties so maybe don't throw the nerds are kind of heavy be careful but if somebody wants their nerds come up and get nerds okay come get it nerds come on okay so okay so why are our lists in port okay all right candy's over now i'm talking again okay um so why are twitter lists important so true story i was hired by a company to

do competitive intelligence and the company said we want you to find out who our biggest rivals customers are but we don't want you to spend any money because of course that's how you do research but anyway because i am you know enterprising and clever and all that good stuff because i am the sherpa um i started poking around the company's social media and i noticed that somebody was dumb enough to have twitter lists called clients potential clients an invitation to you know party invites things like that they spelled it all out for me so i couldn't believe my good luck so quickly did some screen caps i did save the urls but i thought surely

somebody's gonna wise up at some point and make these private so that i can't see them but i had proof of both of them it was gold i couldn't believe it i couldn't believe someone was that stupid so side note make sure your twitter lists are private if you don't or don't call them something so obvious like clients or customers so that's a good way to do osen is by looking at the social media lists now how you get to list is you go to that's my profile and you can go you know you click down on your photo and you see lists um there's two different kinds and ones that you're subscribed to and ones that

you're a member of and you can also create your own new list i have that circled in red there now i thought i discovered a loophole last month but i checked it again last week and it didn't work anymore but i'll just tell you what i thought i found i was all excited i thought i found a way to bypass the privacy public thing because if you are on a public list you get notified that someone added you to a list whenever i tweet about data visualization i get this you've been added to database experts i'm like why why does one article make me an expert but i initially set up a list made them

private added people and then made it public initially at the end of march it never sent any generation notices and i'm like yes i found a loophole and then somebody must have fixed it because when i did that again a month later and and changed it all of a sudden all these notifications popped up and they were on my own account so i wasn't like sending it to people who didn't know i i added them but um the reason why i'm telling that story is twitter changes all the time they're always changing functionality so don't expect that something that worked six months ago is going to work again especially list be very careful that you

make lists private if you don't want people to see them because otherwise people will be notified so now you're probably thinking okay this is great tracy well what if i want to find a list to follow okay so because twitter loves to mess with us they disabled the feature how you could search for lists in their own twitter client so that's awesome right so you have to go to the googles so this is these are ways how you find lists you tell it you know that you want the site twitter you want the in the url you want the word lists and then you want you know members if you're looking members of a certain list and i showed you three

different options then you want your qualifier so what's do you want to have cyber in it you can use with or without quotes you can use a hashtag that will bring up lists that have that word or that hashtag or something in it describing it that's how you can find a list of cyber people to follow or things like that or if you want to follow people you know with def con that's how you find it so you have to go to google to find twitter lists so that's pretty interesting i think so anyway so okay so who here is not on facebook not give them people some candy give them some candy not on facebook okay

okay so good job for you i wish i had your your strength okay okay all right so so this is a two-parter slide here all right last one okay pay attention we have lots of candy just come up and see us afterwards okay um uh so yeah don't worry about the van without windows it's just fine okay this is a two-part slide one i found this article in business insider's tech insider piece and this is what i want to talk to you about you know thinking creatively and thinking outside the box as far as resources you know you might follow a lot of of tech you know and security things and that's great but if

you're you know trying to do ocean stuff you know think about some of these other resources think about all the business pages if you want to be really on top of what changes there are on social media follow the accounts that these their engineering and their their blogs and twitter has all kinds of like blog and help and engineering and api twitter accounts specifically where do you think all the news outlets get their information they follow all those accounts so that's the one part the second part is um i blacked out stuff to protect the innocent and the unwilling to participate in this this presentation um you can go into your facebook account type in photos liked by in a name

i do not follow this person on facebook but yet i can still see photos that they liked because the photos that they liked had the had a public setting so it doesn't matter if your individual setting is private if you like a photo that's public it shows up in this search string and i just did this like this week so this still works until facebook figures out a way we'll take questions at the end um okay so hey we all know about back doors and things and stuff blah blah blah so there's this site called academia.edu um if you go to it it has all these ways to log in log into here log in here log in here

it's so faint they make it so hard to see um there's a row at the bottom that has different subject areas like physics and things like that if you click on one of those you get into the site without having to log in so be enterprising if you're trying to find something um there might be a way to get into it now again remember i came from the law firm environment so i would not pull these are full of like academic papers and things like that um that people post themselves but what i would do for a site like this is i would get the citation and then go pull it from a reputable source because i would have to

make sure that things were admissible in court if it got to that so i would just poke around on this site find citations take them to the actual journal that they originally appeared in and pulled it from there so that's why there's a couple things here just wanna show that there's you know ways to get into things that look like you have to require a sign in if you want to be under the radar but also just use it to take information elsewhere and get it from a more reputable source i couldn't use things like scribbid and all that stuff i had to get the actual like from the source stuff all right what's the scoop i love this

site so scoop s-q-o-o-p it used to be free i think they want to charge me a hundred bucks now that's still pretty cheap but this site is good for sort of social engineering sort of things do you want to pretend that you're from the law firm that a company hired to do intellectual property do you want to pretend that you're from the auditor that does the companies uh you know books and things like that this site scoop will all at once search sec file filings patents and federal law cases all in one fell swoop so my example here it's really hard to see because it was a small page but i just typed in cyber security and i

was able to see you know sec documents you know financial documents patents lawsuits it's a good way if you're trying to get background information on the company or like i said if you want to verify like if you're going to try to pretend to be an auditor and you say you're from deloitte and that company doesn't use deloitte you're caught so don't just rely on doing a random google search that you're going to get that information go to the actual sec filings because that's legit right sec is legit scc is legit and if they falsify it well you don't have to worry about them because they could be in trouble so the last site that i want to go over

is storify show hands who knows storify okay throw some candy at those at those people um so since there were so few i'm gonna put some nerves down the aisle okay so storify so okay actually well this is a good example i did so our lovely da here did a great um twitter chat story one time giving he loves to dispense uh information and advice and things like that and he does a series of tweets where he tells a story and the first one of the first times i saw that you did it i was like send him a dm do you mind if i storify your talk so what i and he gave me uh he gave me permission so i

went into storify and i pulled off his tweets and i put them in a pretty row like that and added some graphics and some explanation and sent the link out there so that when you could read it it's not just a clever name you read it like a story because all of them are stacked on one top of each other you manually pull them in there so it's a great way to capture storytelling like that and do things but it also is a good search engine so i tried to it's i don't know to me that looks really small hopefully you can see that so you can search a variety of social media uh platforms on storify and it'll pull

information in what i like about storify is you can so i i told it that i wanted to search for tweets that had the word malware in it but in baltimore so then this map popped up and it was like where in baltimore would you like me to search a one mile radius or a 25 mile radius and it gives you some other options as well but you can do this for instagram and a whole flickr and all kinds of other sites and twitter so um not only can you just pull that information but then you can also just make it look pretty cause all you have to do is drop and drag and put it over

there so again if you're dealing with someone who maybe you know a c-suite or something who isn't very savvy don't send them you know a csv dump you know or don't waste your time trying to make a dump look pretty you know maybe you can go in here and show some examples of like hey i looked up our co our competition or our company and i put them all in here for you so it's a really nice way to bring things together so um before we move on to joe's stuff i just kind of wanted to say in summary so you know get to know what reese's resources are out there um there's probably a hundred different social

media platforms that you don't know for everyone that you know if you were doing research in a specific country chances are that country may have its own homegrown social media platform you know china has them brazil has them you know you might need if you're not finding what you need you may need to expand where you're looking i always make the analogy of you know think of research like a funnel you know funnels are not just for beer bonds anymore it's you know you need to really cast a wide net and then narrow things down i think i see a lot of people who like to go into google and just throw a whole string of search

words and expect things to come up yeah you might get some hits but you know narrow it down go incrementally um another just i'm going to close on this story about how to use your search time wisely so at my first law firm job came in first thing in the morning and this associate was like i was up from midnight to 3 a.m searching for the labor code of the cayman islands can you help me and i was like oh you poor thing okay so i had it in two seconds because i knew to go to google and do site search gov.ky because i did i did this kind of research all the time i knew that gov.ky

was the cayman islands government site i knew that it was probably a buried pdf so i specifically told it to search pdfs and i knew that they used the queen's english so i use the keyword as labor with a u popped up right away but i didn't want to make him feel that bad because you know he spent all that money going to law school and everything so i was like so i got my coffee checked my email did a couple stuff let him hang for a little bit and then i sent it to him and i was a genius and blah blah blah never spend more than 15 minutes searching for something you know

that that concept gets drilled into your head better if you ever worked at a job where you have to build time as a librarian at a law firm i just have to bill every six minutes i used to have to keep track of my time every six minutes so i have a very keen sense of how much time i'm spending on stuff because time is money but your your time is money too you know that's keeping you away from playing a game or playing with your kids or going out you know with a girlfriend or spouse or boyfriend or whomever so you know if you are if you spend 15 minutes and you still can't find

something stop take a break evaluate what you're looking at ask for help ask your own twitter or ask for other resources go to your library you know libraries have lots of databases that you can have access to you know if you pay city taxes you know you probably can use the baltimore public library or your local library you know be be thoughtful with your searches you know be mindful of that so that's what i just want to tell you just save you a lot of aggravation step back take a breath and it will all come together and that is my jewelry presentation [Applause] so that was uh pretty good right everybody learn a lot from it i'll admit

it's it's pretty hard to follow so let's go ahead and uh get this party started uh with uh team command line so uh we're gonna start this out with uh i'll take what are apis for 500 alex so we need to understand with the command line we're actually interacting with the same resources that tracy interacts with we're just doing it in a different way so with that we're typically doing it with an api which is an application programming interface if you don't know a lot of times you might use an api to talk to a library of some sort not her kind of library like a code library there are apis for operating systems um

many times it's used to share information or in this context gather information and then you know sometimes it'll be like hey we have this service we distribute video for this if you want to use it on your website here's how you get an api key and you can use our code that's what it's ultimately for but in the osen sense um why would you want to use the command line over the gui anybody have any ideas automation yep data formatting faster yes to a degree yes it's behind you so all these things are true you can actually gather the data it's in a flat file you're not having to compile it out of the web browsers and all of that

stuff you can put your regular expressions against it and move on to the next thing use that to refine it and just keep moving there is a certain level of maintaining anonymity from it especially if you're using an api key that's not really tied to an account that's active another thing that you have to worry about when you're using the gui like when you're scoping somebody out on facebook for example when you start scoping them out you may actually show up and people they may know you don't want that right if you're if you're being a creeper you don't want them to know you're being a creeper um so with with an account that i use

actually i get all kinds of recommendations it's like no that engagement's over i'm not working with that company anymore um alternatively if you have in that same email address that it's tied to if you have their email address in it it'll recommend you there as well so keep that in mind um but the big thing that i always want to think of whenever i'm thinking about you know ocean this right here basically sums it up roses are red violets are blue you can't see me but i can see you and that's ultimately what you want out of ocean so uh with this i'm going to hit you with some memes and then i'm going to kick

kind of into the demo mode because that's where most of my talk lies it's kind of hard to talk about a command line a lot right um so we're trying to fly underneath the radar and buzz lightyear he's telling us there's radar traps everywhere so if we're going to be under the radar we have to be cognizant of the radar so in that sense uh let me shift gears for a moment and i'm going to show you some some little surprises that i've came up with so wrong one let me see if i can zoom it in let me move it over

yeah yeah so do you want a gooey center of something or do you want a command line center oh no no i went full screen oh no i turned the sound on now yeah hand out some candy there we go that's what i was looking for um problem behind podium not in keyboard so uh it always is um let's see here what am i looking for here appearance ah here we go just gotta change the font give me just a moment here

how's that

absolutely so within this directory basically i've got a i've got a couple of scripts of value here um we're going to focus on charm.pi and i've also put it up on github if you want to steal it i've sanitized some stuff out of it so in that regard here it is on github let's just kind of break through it a little bit here that is the legit you url for it if you want it but in this charmed up high script basically what i've done is i've created a separate file that contained my twitter api keys because i'm in no way shape or form i'm going to put that up here for someone to take a picture of

um but anyway within within the script what it's actually doing um this right here is just setting up the encoding so that i can have a little fun with it later this is the definition for your download tweets um url and we're looking for the screen name the number of tweets and we're excluding replies and i'll show you the fields that actually go with that here in just a moment but in this sense basically we're looking for the response and it's from requests which is another python library that actually comes into this of course using json it's going to return the tweets and then we're actually going to use this to format it and then print it

down below so within the actual code uh here you can see that i've loaded b-sides charm we're gonna get 150 tweets and under exclude replies we are excluding reply so this is true so uh moving back to uh good old putty let's just uh go ahead and um

and we'll uh just call that charm. shall we so okay so look it's every single well it's not every single it's the last 150 tweets that has crossed uh besides charms twitter feed so how do we make meaningful use of this well i'm glad you asked so i've got another script that i put in here that is a parsing script it runs a regular expression i'll show it to you in a moment um but uh we'll just call that parse.text and then we'll just uh just a cat shall we okay so now we've got this actually set up by date time a little bit of context here who did it all of that fun stuff

same thing all around and with that uh within this as well i've actually got a second regular expression which i should probably go ahead and show you uh the first one actually just takes the entire uh tweet while the second one actually just determines who it's communicating with who else is mentioned in that and let me see here thank you there we go let me control minus a little bit here so i'm not mirroring the screens over here so bear with me a moment so going back here um so in powerstop pi it's very simple um with it it just you just open the charm.txt file and here's the regular expression that's going to get your date your time your

message and all that and then for contacts there's the second regular expression it's going to print both of them and yes sir

well in in this case i purposely went a little bit more challenging as opposed to using one of the libraries that actually tie python directly into the api and with this one i wanted to break it up into two different scripts because one of them was being a little bit more temperamental than the other um because i'm by no means a python developer i'm not heavy in python at all so this was actually kind of a stretch uh to get this portion down at a later time if i were actually going to try to build something out of it i would actually put the regular expression within the single script and actually have it interactive where you

could make decisions what context you want to see so forth and so on but for the sake of simplicity that's why i put it into two scripts for this uh but with it you know it's just running those regular expressions and it's running a find all across it and that's what's dumping the data out from the ocean point of view the reason that that's actually somewhat valuable is because if you're trying to get to someone if you're if you're doing a paid engagement and you're actually trying to get to someone per se you're going to need to know who their contacts are because you might need to exploit them to get there you may need to pose uh if

you were coming for me you might need to pose as tracy and say hey joe there's a talk uh there's a cfp opening up are you interested well that'll probably get my ear so in that sense you know knowing who people communicate with that allows you to enumerate their personal network and bet get better information about them for more effective uh intelligence be it uh for social engineering or anything else you're trying to do um so within that scope it's kind of it with the script portion there but um have no fear we've got a data split here and um data split is an open source tool written in python and basically it just aims to scrape data you need to get some

api keys it ties in very well well it doesn't communicate with uh recon ng but they are very similar in nature and with them basically the the keys to the kingdom uh happen to lie within what you have api keys for so in this sense um this one's more for going after like emails and domains where um recon ng has those same capabilities but you can actually go for a little bit more like things like out have i been pwned and profiles elsewhere uh in geolocation information if you have the correct api keys uh so with this one we're just gonna do the username oh sent one if i can spell today and let's do

okay so uh it doesn't look like it's found much oh there it is oh they've got a pinterest so there we go so and you can't really hate on pinterest i did for the longest and then i found out if you post like somewhat relevant memes on it'll it'll attract people to your website so so that's probably why no hate there but that's the kind of you know this is the kind of information that you could definitely make meaningful use of in your ocean you know do you is this because people typically use the same username like tony he's probably da underscore 667 everywhere we're close to it you want to put it to the test here

we have a tribute

what do we got here oh you've got a pinterest too

you do what's that what's your username

is that correct okay got it

so you're on deviantart there you go so you know from this this actually allows you um if you want to apply this to like social engineering this actually uh and and i'll talk about this more in the workshop tomorrow but you know once you get an email address or a username this allows you to start building a profile about someone and oftentimes when you're dealing with ocean that's what you're trying to do you're trying to build the profile so that you can use something against them uh in a perfect spearfishing engagement and understanding that there's no such thing as perfect but a near uh perfect uh style engagement and then of course we uh we have tools like

recon ng which i don't think will go too heavily into recon ng um but it's something worth being cognizant of because it is pretty much from the command line i understand the font sucks so i'm just gonna go with um showing the modules so basically here's here's what you have in terms of capability uh discovery interesting files is always one of my favorites when i'm running ocean against a company why because well you never know you might find something out on the public internet that's not supposed to be there um and before i go further with this there's a module in recon ng that i found to be very valuable as well and that is their wikileaks module you can

actually search to see if the company you are after is on wikileaks so and then within here you have other capabilities as well you can import as a list or a csv you can also do an export csv html but basically here you can see that you've got like companies in the contacts uh it's looking for github who is contacts credentials there's have i been pwned ashes.org metacrawler that's a really good one if you're looking for metadata um like academia.edu that she mentioned i would use it a completely different way i would go in and try to scrape meta metadata out of people's files so that i could gain information about them yes absolutely i mean i highly recommend running ocean

on yourself because you know in some cases you can control what's out there in other cases you can't and it's important to know when you can when you can't and you know something that michael basil talks about a lot is the disinformation campaigns which i've not really achieved that level of um ocean quirkiness i guess would be the proper term yet uh but uh i'm definitely stocking up on the aluminum foil to start going down that rabbit hole at some point

so continuing down you know there's poneless which it doesn't really exist anymore um you could enumerate other domains this is very useful for like the brute suffix because i just did a fishing engagement this last week against an organization it was a little bit too accurate and it got shut down in about four hours but not before i had almost 20 email addresses and password combinations um out of a very small organization um they could have actually caught me before i even started if they ran this because they would have found where they have.com for their email domain i used us so and i'm a huge fan of dot live and club because they're 99 or 88 cents and

a dollar 88 on namecheap huge fan of those but you know you can just keep going and going through recon ng there's i mean we we could talk about this for hours on end it's it's very robust there's a lot of good stuff with it and it is from the command line you do have to have api keys but it also produces a really nice report if you want to hand it over to management at the end of everything so they can understand where their organization lies so it's a really good tool for that but now i'm actually going to do something out of the ordinary and in doing so whenever i find my cursor

i thought i just saw it there it is so within this i'm actually going to for a moment defect from team cli to team gui has anybody seen this before this is the facebook live map i i commonly refer to this as the ocean pew pew map what you see here these little bubbles you're seeing these are everybody that's on facebook live right now publicly i think if you look at my other tabs you might see the direction i'm going to go with this so let's look see what do we have here ah it's only got three people watching we you need somebody that's got a lot like quite a few watch let's see what's

going on right here come on now i need to zoom in some more i guess so with it being a bigger dot there's a good chance that it's got more uh oh yeah 338 excellent so honestly i don't even care what they're talking about i'm just doing this for demonstration purposes so here we have it here what you need to know is right here is the video id

what could possibly go wrong anybody familiar with this place if you're ready for your skin to crawl uh if there's a time that's going to do it it's going to be right now because if you see what the next tab is i think you know exactly where it's going oh what do we have here lat are they doing like lat raises in the gym are they doing like the long jump in the olympics no i actually i think this is latitude and longitude so uh let's just uh have a look around over here on google maps shall we nothing ever goes wrong right

pew pew oh what where are they what's what's going on here

come on google [Laughter]

oh

yeah so like with this one i actually read it once oh there's somebody in baltimore let's see let's see who it is what they're up to shall we um with this

you know honestly true applicability for this before like while the facebook killer stuff was going on i was like i really don't want this dude to kill anybody but if he would go live publicly one time i could get him with this anybody could get him with this but you know it's neither here nor there come on man so with this just know you know when i first came across this um we were i was in chattanooga tennessee and we actually looked at local videos and at the university of tennessee chattanooga dorms across the street from each other you had one lady absolutely running trump into the mud and the other was doing a makeup tutorial

it's like okay

right because because you can actually get environmental data you can determine hey are there other people walking around in here or do they look like they're in the bedroom or what could have ambient noises exist what's going on with this right i've never tried it with the vpn i want to try it but i'm also ultra private with facebook um so i've not but i would think that there's a good possibility that using a vpn would actually uh circumvent that and if i really wanted to be like really creepy i would actually take a screenshot from google maps like street view and actually post it as a comment but i've not achieved that level of creepy yet

one day joe one day

right and that could be the case if you have location services enabled then there's that opportunity um alternatively you know i have a vpn on my phone as well so i dump out another location so if i since i don't use location services it may try to triangulate off that ip address as well so that's definitely something worth putting putting to practice sure

well i know one vpn service dumps out in seattle and has stuff in new york as well one service um ironically enough that's about all that's going on in that area right now well let's see what she's up to is this a makeup tutorial

let me go ahead and uh so we take the uh the id here and i almost guarantee you this is going to be residential let's go ahead and reload this just since we don't know how long she's been on right okay oh here we go again if this was the 80s i'd be saying something about here i go again on my own but anyway

that is that is uh i i'll show you as soon as it's creepy so here we go again oh it is residential so uh let's just have a look at the end of the cul-de-sac and this is the time that you break out the spider-man uh screenshot neat meme and just go neat screen shoot it so when i first did this actually there was a a political pundit they were they were all up on their soapbox and i was like okay yeah i'll run this and uh i ran it and they were at the back of their cold house or i'm sorry cul-de-sac at their home in greenville south carolina they had red siding they had a white

mercedes suv and a black tahoe exactly so from that scope that's about all there is to me making your skin crawl

where so you just got to watch the screen over there oh yeah i don't have repeating on so just you don't even have to type in google because it's chrome just go straight for what you're doing yes michael basil um after after this is over um are we not on the interwebs we were all right well i'll just talk through it anyway so you know if you go to news.google.com and it has the things across the top and one of them is tools if you drop that down you can a limit by date when you search for the news please don't try it again um i do a lot of research for clients and i need

things that were you know date specific and things like that so gosh yeah news.google.com sorry we can't see it on here it's kind of hard there we go okay so sorry i can't see what i'm doing here and we still have a giveaway to get to so um yes and i'm i'm hitting the wind up for it too i i'm gonna chuck that thing so hard no i don't think so no the orioles hit me up and being like hey man you want to come hang out the bullpen and close this out in the 8th inning sorry i can't see it was recent okay so yeah you can do five months by you know five times okay

so i also do a lot of foreign language searching but

so if i go to austria's google google.a.t most countries have their own their own uh google home page uh let's just do cyber is a good word that crosses language barriers so the setup's the same so even though i don't know german i can just kind of i know that mona is month so the cool thing is no matter which google news site you go to which language it's all pretty much set up the same way so again for me i do a monthly project where i look up um 15 different countries and i do subject searches so i look at a handful of languages and no i don't know them all but i get to learn them i get to learn

where things are in google in in google austria for example and it's all pretty much the same so it's kind of cool if again if you're not finding because i found with twitter if you try to search foreign languages and twitter in the english web page near the site if you go to like twitter france you'll get some different and even sometimes better results so if you're not finding what you need and you know that it's uh you know in another language or or virginia in another country go to that country sites so um that's one good thing to do okay so um why don't we do the giveaway and then we'll have questions real quick so i

wanna make sure we get to the giveaway so the little moral of the story is so hopefully you've learned some stuff round of applause you guys learned anything yes okay good good so obviously you know there's a part of ocean where you just need to be good right you need to know stuff you need to be good but there's all parts of ocean where sometimes it's better to be lucky than good so we brought this this type of giveaway together is um we have two decks of cards here i have joker representing zero up through nine and we're going to talk draw two different cards if the last two digits of your cell phone match you get one of

these books and we're just going to ask you to show your phone number we're not going to say it to anyone or anything but that was the least intrusive way and the easiest way we could think to do this so i'm shuffling these and joe if you want to hold the books up and if we have ties or whatever we'll figure it out but let's just do this so here we have the seminole social engineering by christopher hadnaggy and here we have mining the social web so the whole api stuff right here that's where it's where you're going to find it all right so because i don't want to disqualify anyone if you want to put

those down i'll have him choose the card i've shuffled these all right so just pick pick a card no sleight of hand or anything just hold on to it first hold on to it don't say it yet oh man that's my phone number don't say it yet all right pick another card pick another card any card all right if your cell phone number ends in eight one or one eight we have an ace and an eight come on up show us your phone coming up show us your phone that's that's it with two people woohoo that's perfect all right so let's uh we got we got like a few situational slides to uh work through as

well so i don't always facebooks talk people but when i do you're welcome um

yes yes um i didn't put it up here but it's github.com josephus j-o-c-e-p-h-u-s that's like my only legit repo out there right now everything else is just clones

yeah so just to reiterate plugging uh uh the podcast uh she's on pvc sec regularly she's periodically on advanced persistent security um sword and shield uh did the giveaway uh my employer of course for giving us the books [Applause] so thanks for having us thanks for being a captive audience if you're interested in working for sword and shield we're actually hiring uh if you think you're qualified or you just want to find out more about it talk to me after we're done i'll tell you kind of what we're looking for because it's kind of vague hr told me what they were looking for and it's like okay sure let me try to get the signal to noise uh

with that um ideally they're looking for somebody in knoxville tennessee are willing to relocate there but if you're qualified enough they'll they'll accept remote and if you're looking to add a sherpa to your workforce i am looking for a job yes so sherpa yes so uh she is at infosec sir sherpa and i am at c underscore three p joe all right we hope you guys had a great time thank you so much for coming sir we did it