YouTube Transcript:
OSINT tools to track you down. You cannot hide (these tools are wild)
Skip watching entire videos - get the full transcript, search for keywords, and copy with one click.
Share:
Video Transcript
It's becoming harder and harder to have
any kind of privacy with tools like
this. I mean, it just seems impossible almost.
almost.
Yeah. And that's the number one question
I get after I show these uh oint
techniques. People are like, "Uh, how do
I hide myself?" So, step one is knowing
how to find it and where to find it. And
step two becomes easier on how to kind
of undo some of that damage that's
there. That's another great question
because a lot of the stuff I do for
OSENT uh is for law enforcement. So, if
I'm looking something up on a website
like this and I say, "Hey, I found their
address here and this is proof, I need
law enforcement to recreate that
search." And if it's behind a payw wall,
if if they have to pay $5 to get that
information, they're not going to pay
$5. They're police. Um, so it needs to
be publicly available information for
someone else to recreate it.
Big shout out to Brilliant for
sponsoring this video and supporting my
channel. Without their help, I wouldn't
be making enough money from AdWords to
cover all the expenses there are to run
this channel. Now, before we continue,
let me quickly share something that's
seriously leveled up how my team learns
complex topics without needing another
textbook or another 3-hour lecture that
put you to sleep. David is my AI and
data guy. Very intelligent, very clued
up about things. But Brilliant is the
platform that he uses to get smarter.
They have thousands of interactive
lessons across math, science,
programming, data, and even AI. Now,
unlike other platforms, it's hands-on,
it's engaging, and it's built by people
from places like Stanford, Caltech, and
even Google. What I love about Brilliant
is that it doesn't just tell you how
things work. You actually solve the
problems as you go through the courses.
It's six times more effective than just
watching videos. And they also have
daily practice features which is
fantastic for those of us who are trying
to squeeze in a bit of training between
other things that we're doing. So you
can squeeze in these daily practice
features in 5 minutes between deep dives
into networking or security tools. Now
it doesn't matter if you're into cyber
security automation or just want to
sharpen your thinking. Try courses like
thinking in code or logic or how AI
works. You'll build intuition that
sticks, not just information that fades
after the video ends. And did you know
that Brilliant has a mobile app that
allows you to solve logic puzzles and
Python problems from your phone? To try
Brilliant completely free, go to brilliant.org/davidbble
brilliant.org/davidbble
or click on the link in the description.
Again, that's brilliant.org/davidbble.
Hey everyone, it's David Bombell back
with a very, very special guest.
Michelle, great to have you on the show.
Thanks, David. Pleasure to be here. So,
I saw some of your videos with John
Hammond, the amazing John Hammond.
Fantastic. What you've been demoing with
regards to OSENT, but I got to say this,
man. I saw that you're a CCIE.
Yes, I noticed you're you are one, too.
And you got yours in like 2003 or so.
That's right. You've already done the
OSEN, right? What when did you get yours?
yours?
Uh 2009. So, a little bit after you, but
yeah, it's it's been what over 15 years
since I got mine. And yeah, that's it
was one of the hardest certifications to
get. It was worth it.
Yeah, I mean CCI is amazing. Sorry, you
were saying?
Yeah, we got a lot in common. You're a
network guy. I'm a network guy. So, this
is it's an honor to meet another CCIA.
Yeah, it's amazing. I mean, it's you've
got to tell us a little bit of the
story. So, just for everyone who's
watching, I'll put timestamps. Jump to
the relevant part of the video. We've
got an amazing demo coming up. But just
a bit of your background. You worked at
Cisco, is that right? You're networking,
but you've gone into like cyber. You're
a virtual CISO. I believe you do a whole
bunch of stuff. So perhaps you can just
give people who don't know you a bit of
your background.
Sure. I started off with the typical IT
help desk type of stuff and I was
configuring a lot of networks. So I got
straight into networks. Did my CCNA CCNP
all the way up to CCIE and uh it was
fun. I liked networking. I liked how the
internet worked. And I was always a
hardware person. So as a kid, my dad
used to own a a computer repair shop. So
we used to get all these computer parts.
We assembled computers, RAM, hard drive,
stuff like that. So I was really good at
basic infrastructure of uh networks. So
I built my own stuff. So that's kind of
where I started on the technical side.
Worked for Cisco for a while. Worked for
many Cisco partners um many different
VAS value added resellers. And during
that time I got to experience and and
work with a lot of different techn
technologies like virtualization
and um networking and voice over IP and
video pretty much everything the network
touches which is a lot of things I got
to work on it and eventually I'm like
I'm good at breaking things and building
things which is kind of what hacking is
and I said you know what uh I want to be
a hacker I want to you know investigate
how websites work, how they break,
what's behind them, hardware, pretty
much everything. And then eventually the
human mind, how to break that using
social engineering. So I combined all of
these things to become different types
of hackers that that exist out there and
created my own company. So that's kind
of my history and background on the tech side.
side.
I love it. I mean, you you you do
consulting now, right, in your company
and you create courses and the like. Is
that correct?
I do. So I do a lot of OSM. So my
company does OSENT and privacy
management which are two sides of the
same coin. If you know how to find
someone or something, you also know how
to hide it or protect it. So I kind of
do that side. And with my entire
background of consulting, I do virtual
CISO consulting for midsize to large
size organizations. So that's kind of my
focus. I know that's a lot of things to
focus on, but I have a lot of different
interests. When do you sleep, man?
That's the question. sleep.
What is that?
You're exactly right. So, I mean, I I
think what we need to do today, we're
doing OSEN, right? I think we need to
get you back for privacy because when I
was researching this, uh, it is like,
okay, you do all the OSEN stuff, so you
know how to find information about
people. How do I protect myself from
people like you? So, I think we need to
get you back for privacy. But today,
you're doing a demo. I believe we've got
like three levels. Is is that kind of right?
right?
Yeah. The way I break down OSEN, I've
been doing OSEN for a good part of uh
probably 20 years. Ever since I was in
high school, I've been looking people
up, searching things up and I found that
there's many levels to that. A lot of
people say, "Oh, we've been doing OENT
for years as well." Yeah, that's kind of
the basic level of OSENT where there's
Google searches and stuff or social
media intelligence. So that that's OENT
as well. Uh but then I take it to the
next level, the hacker level of OSENT
where that's more intermediate level
OSENT digging deeper into information
which I'll show you in a bit. And then
there's advanced next level OSENT which
involves some level of uh coding skills,
some API knowledge, some knowledge of
how things work really well. So and I
break this down in my courses as well,
three levels of OSEN courses to kind of
cover a wider spectrum. Yeah, just for
everyone who's watching, I am not
getting any commission. I'm not paid for
this. This is just talking to experts
like Michelle. And then uh you've got a
course with John Hammond, right? On just
hacking his website. Is that correct? Or
a number of courses now?
Yeah, I have three OSENT courses and I
have kind of like a prerequisite to that
which is an OBSAC for security
professionals. So combined there's like
four courses that make up the OSENT bundle.
bundle.
I love that. But enough talking, right?
I'm really looking forward to this
because I've seen some of the stuff that
you've demoed in the past and it's
amazing. So many people have said like
you're next level hacking next level
OSEN and it must be because you're a
CCIE. That's what I'm going to say. I I
would say that's where it started. So
networking is a big part of uh OSEN and
um I've seen you interview many other
OSEN experts on your show and everyone's
style of OSEN is different. Those who
come from law enforcement do a better
job at looking at government records,
public records. Journalists do OSENT
very diff differently. Programmers tend
to focus more on the GitHub side of
things. And there's many ways of doing
OSENT. My OSENT comes more from my
hacking background knowing a lot about
networks. And then also I I kind of
carve out OSEN into so many different
fields. There's networkbased osent which
is where I started. But then there's
people search OSN which is where my
interest lies and where I primarily
work. Then there's you know journalistic
type of oent there's um oent within
code. There's geoint something I enjoy
doing as well looking at pictures trying
to find out where it was taken. So
there's different areas. Today I'll
mostly focus on the people hunting side.
But there jobs in this right? I mean,
you're doing this professionally, so I'm
assuming there's
absolutely there's jobs in either um,
you know, being a journalist, being a
PI, private investigator, hunting for
bad guys, hunting for threat actors or
missing persons. If there's not a direct
job related to this, if there's existing
skill sets like if you want to be a
pentester, if you're doing OSENT well
enough, you you'll be a better
pentester. I say I'm a great social
engineer when I do fishing attacks for
companies, obviously paid gigs. uh
because 50% of the time I spend doing
reconnaissance and oent on the target
and then my attack comes through which
is much more powerful than if I didn't
do research on them. So OSEN is a skill
that kind of enhances so many other fields.
fields.
I love that. You got to show us the demo
man. This is what most people want to see.
see.
Sure. So usually I start off uh doing my
oxent and research skills on Google or
other search engine. So as an example, I
always show people a Google search like
this. So if you type in Google military
intelligence leaks in quotes and file
type PDF only looking for PDFs and
another uh specific one 2020. This is in
short Google dorking. And I get a bunch
of results. I get one, two, three, four,
four results. Pretty narrow search and
pretty narrow results. But if you do the
same search on Yandex, you get a lot
more results. Yeah. The reason I'm I'm
showing a bigger picture is because I
can scroll down. There's a lot more
results than four. And then there's like
five pages. Click on the fifth page. And
I got a capture. I'm not a robot. There
stuff you're doing. I'm not sure about
that, man.
And there's tons and tons of pages. The
point here is diversify your searches.
This is where you're kind of going from
simple Google searches to more advanced.
There's duck.go. There's Yandex, there's
Bing searches, there's there's so many
other um search platforms out there. Uh
use all of them and use advanced search
um criteria like this. And that's kind
of where I draw the line between the
rookies and more advanced. And this is,
you know, basically narrowing down my
results once I get to this. And let's
say that that was my target. And by the
way, uh, David, I'm gonna bounce around
everywhere because I don't want to dox
certain company or person or phone
number or whatever. So, think of this as
one target, but I'm going to actually
keep mixing it around just so that I
don't target someone.
Yeah, I can show that because I mean the
doxing is a big is a big problem, right?
Yeah. And uh, we're
I've heard I've heard you there's
stories like where people you can buy
um, how do you say excretement and get
it shipped to people's homes or get
someone to throw brick through their
stories you've got of these, right? So,
it's like
crime as a service. So yeah, and we're
going to get to that with websites like
this, like fastpeoplearch.com.
And we're going to have to redact a lot
of this stuff because if you go to
websites like fastpeoplearch.com, enter
in like a phone number, like I entered a
phone number and area code with which
ends with 8675309,
a popular phone number, and I get a
bunch of stuff around a few different
people. And this is ripe for doxing cuz
I have a current home address, I have
past home addresses, I have an age,
phone numbers, uh, and relatives. And
this is very good for people hunting
because I I keep this, you know, on on
one tab window because if I can't find
this person who's my primary target,
what about their relatives? Maybe their
relative has a Facebook or Instagram
profile and maybe this person is too
private not to have one. Um, so there's
many pivot points and now this is where
my OSIN kind of spiders out and says,
"All right, there's a phone number to
pivot off of. There's multiple names to
pivot off of, there's addresses, and now
my OSEN goes into each one of these
separately." And very quickly, I I start
going into rabbit holes, which I have to
kind of control myself. So with these,
let's go on to one of these pivots.
Let's say a phone number. And the more
unique the thing is, the the better your
chances are of finding a person. So a
phone number is absolutely unique. It's
tied to you, one person, one cell phone
number. A home address isn't as unique.
It could be tied to multiple people. So
I usually start with what's unique and I
can go to my my surname doesn't help me. Sorry.
Sorry.
Yes, your surname is pretty unique. So
if I find something that's unique, uh
I'll dig into it. Otherwise, I'll
broaden my search a little bit more. So
there's a lot of uh phone number people
search websites here. But uh instead of
showing you what's common, let me show
you something that's not as common. So
there are search engines like uh sync me
or or applications like that which I
call them crowdsourced information. So
these are apps that are installed on
your phone and people will actually
share their entire contacts contact list
with apps like sync me or true caller.
And so now I'm getting accurate results
of something a phone number that a
person has manually put in and it's not
just some data scripping going on with
this information. So I would search
websites like this and search through
and and find results that are relevant
to uh my phone number. And in this case,
you know, the website often doesn't work
very well. So it says you reach your
daily limit for searches. So what I'm
going to do here is I'm going to go on
the app itself. So, let me actually open
up an emulator. And this is where I use
Android emulators. And the screen here,
you can see I can't really zoom in much,
but you see a Android emulator that's
loading up. And instead of using burner
phones and and stuff, that's too much of
a hassle. This is another more advanced
technique that I I will install these
shady apps on um an emulator device. And
this is Android Studio. So, this is the
real Android running. And I'm going to
have that same app, sync me, that's
installed in here. And I'm basically
going to go through the same phone
number using the the sync me app. Here
it says allow access for notifications
and stuff like that. All right. Allow. I
I can be free to allow whatever I want
in something like uh this because it's
it's not my application. And then I can
go under the search field here and
search for that same phone number. So
I'll type that same phone number in
here. And as I type it in, I didn't even
have to press search. And it shows me
Sir Charles is the person that this
phone number is rel related to. And this
is probably someone's address book that
has saved this as Sir Charles. Now, if I
scroll back to my original results here
on Fast People search, I see I got like
19 results here. There's so many
different names there. But if I press
Ctrls S here and just search for Charles
spell it right Charles. So I get a bunch
of actually I get one person Charles
Doyle a lot as a relative. Sometimes
your search results aren't going to be
accurate but now I found it as a
relative. So the more I search through
different varieties of tools that are
here I I can start creating a union
between different things. I'm like the
phone number has this name the people
search website has something else.
social media gave me something else. And
I I'm going to start writing these
things down. I'm a little haphazard
initially in the first 5 10 minutes of
my search. But then I start taking
notes. I start creating mind maps of
stuff like this. Yeah. So one more thing
as I'm doing this a lot of people must
be like, man, you're going fast. You're
getting lots of information. How do you
kind of manage this stuff? I manage it
using stuff like this. So this is a mind
map I've created in Obsidian. Obsidian
has this feature where you can u sort of
u create different types of mind maps on
a canvas and here you see you know my
central uh target is a John do and then
I span out into domains businesses
breaches government records so these are
all things I have to do as I found phone
numbers I'm going to put the phone
number under uh the the phone number
section here as I find other things you
know addresses here so with my mind maps
I usually have all these things for for
two reasons. I will have all of the
little boxes here to remind me what
things I need to look for and search for
cuz maybe I'll miss out on some things.
And then also to create connections. So
let's say this address I found here was
also related to one of their relatives.
Let's say you know Jason do. So I'll
just create more lines from here to here
and then I'll put a note on those lines.
um if I see a business address here
related to someone maybe a Jane do I'll
create more um lines here and say
partner in this business or something.
So as I create these mind maps I start
seeing lines connections and it becomes
more and more relevant and it also
allows me not to go into rabbit holes.
If I go too deep in somewhere or or too
far off uh this this boundary I know all
right let me focus on other things
before I kind of dig deeper. So, this is
kind of how I keep my sanity. I
was going to ask you what happens if the
website goes down because you got some
of these tools, right? But like what
happens if that site goes down?
That is a great uh question because I
don't rely on tools as much. I rely on
techniques which is if this goes down
fastarch.com well I can open up what is
cyber background checks.com and then
there's like a bunch of others that are
available. What I do is I keep a list.
So you can see on the left here I have a
list of uh let's say person search
websites. What is this? Fast people
search, true people search, radaris,
advanced background check. So I have a
lot of these. So this is redundancy. And
not only is it for if a site goes down,
but also I'm going to check all of them.
This is also due diligence. I'm going to
check five different places for the same
phone number or for the same uh email
address and get, you know, maybe five
different results or maybe they're all
the same results. So, you need to have
redundancy. You can't rely on one tool
per se. And this is why I'm not a big
fan of those paid tools where it's one
portal. You log in and you get
everything in one place. what if your
login expires or what if uh you can't
afford to pay for it or you get banned
or or or whatever. So, I never want to
rely on one thing. I always like to
create multiple uh avenues of search.
And are they free tools? These ones that
you're looking at, are they paid tools?
Absolutely. I don't think I pay for a
single tool and nor have I ever and I'm
a big proponent on keeping it free. And
that's another great question because a
lot of the stuff I do for OSENT uh is
for law enforcement. So if I'm looking
something up on a website like this and
I say, "Hey, I found their address here
and this is proof, I need law
enforcement to recreate that search."
And if it's behind a payw wall, if they
have to pay $5 to get that information,
they're not going to pay $5. They're
police. Um, so it needs to be publicly
available information for someone else
to recreate it. And that's why I keep it
all free. I
was going to say, I mean, I'm I'm going
to blame your CCIE background about
having redundancy, right? Because that's
drilled into your networking like mad, right?
right?
Absolutely. Yeah.
I love that. So I mean, is there any way
that I can get or the people watching
can get like those kind of bookmarks?
Are they part of your course or how do
you share that kind of knowledge?
I share my bookmarks as part of the
course. So as you're going through the
course, I provide all these bookmarks uh
for free. I share them anyways if
someone asks for a certain tool. The
reason I just don't publish them out
like that is it's not about the tools,
it's how you use the tools. So as I'm
training people, I show people when to
use a certain tool and why I have
redundancies and then and not to jump
ahead of something else. Otherwise, what
people do is they're like, "Oh, I got
the tools. I got everything. Point and
click and you're done." It doesn't work
that way. So half of these tools you may
never use. there for edge cases and
that's what I kind of define and say hey
don't use this until you use certain
other tool. So it's it's useless if I
just give everything out like that
without you know giving a tutorial on
how to use it and these change. Um so
every time I do a course these will
change every couple of weeks. Some of
these websites will fall off and new
newer ones will come through and these
are my live active tools. I keep
updating this and I keep uploading newer
versions online. I think it's it's that
whole thing, right? Give a man a fish
and he can eat for one day, but you
know, teach him how to fish, he'll feed
himself for the rest of his life. It's
like so it's so true in so many
disciplines and I'm really glad to to
hear that that's the you know, the way
that you're thinking and teaching.
Sorry, I took you on a tangent there.
No, no, no, no, no. And and that's what
OSEN is about. There's a lot of tangents
that I go through as I do my Osent
research. I will jump around a lot. And
part of my teaching here is to show
people what's available. Not just to
show them the tools, show them where you
can find information. So another tool
that I would use u for so I I went
through phone numbers. Let's say I had
an address. I would go to something
called wigle.net. And a lot of people on
the wireless side or networking side may
be familiar with this website, but I use
it for OSNT. So, let's say I have an
address here in London, UK. And let's
randomly just search into some street
here. And all these little dots you see
on the right are uh Wi-Fi SSIDs. If I do
a query on this current page here, it's
going to take a bit to load.
Just want to ask you while we're waiting
for this. Right. That's it's free this
tool, right? You just need to register,
I think. Is that is that is that how it works?
works?
Yeah, you just need to create an account
and then it becomes free. Otherwise, the
tools are limited.
What kind of Wi-Fi name should I use if
I want to stop people like you finding
me? Because, you know, I get this in all
the videos, right? You show Wi-Fi name,
then people say, "I'm going to dock to
you cuz I got your Wi-Fi name or
whatever." Is it like you you take
McDonald's or something like really
common or what would you suggest to like
what let's talk a bit about OPSE at the
same time?
Either generic names are good. Uh, so
what you see in most of them are very
generic names or anything that's not you
that doesn't tie to you. any name or it
can be unique. So, I'm not one of those
who say don't be too unique. No, it it
can be unique, but it shouldn't it
shouldn't say David Bomb's Wi-Fi or your
kids' name or your wife's name or
something that's specific or your
interest like, you know, soccer or
whatever. No, nothing specific to you,
but something generic. And also change
it up every couple of years or so, so
that you're kind of deleting history. So
I would pivot off of different pieces of
uh seed information as I call it. My
next seed information from my people
search websites would be an address. So
the first thing I would do is go on
Google maps and look at that address. So
let's say this was my address somewhere
randomly in England and I would just do
a street view and see what is available
at that address. So, I'm looking for
vehicles because that may be associated
to my target. I'm looking at yard signs
in on houses. Maybe there's uh something
written somewhere. And stuff like this
comes up. So, someone has redacted their
home here. Maybe they're privacy
conscious like I am. And so, here's
where my redundancy comes into play. Are
there other tools like street view that
I can use to view this house that's
unredacted? Maybe they're trying to hide
something that's written here or I just
want to see the house what it looks
like. Um, so there's always more than
one ways to do this. There's Bing Maps
where you can, you know, try your luck.
It's not as good as Google's street
view, but you may have luck in Bing
Maps. There's uh Apple Maps, which is
available now online. You can do the
same thing there. They have their own
street view version. And then there's
just a simple Google search of this home
uh where you can see pictures on maybe
Zillow.com or other homebased websites.
So that's where I would take the address
search and then I would look at um
government records for this address. Who
owns this? At least in the US most of
the addresses have uh um records
associated which anyone can search
through on county websites. So I can
know the ownership of that and now that
ownership ties to my initial search on
you know like a people search website
then I have a hit and then that goes in
my notes. Addresses are extremely
important because that's cutting too
close to home literally and this is what
I protect from a privacy perspective. I
don't want anyone reaching to this point
where they can get to my home address
because as you mentioned David in the in
the introduction. There's doxing,
there's swatting where they can call the
SWAT team on your house. There's um
there's literally a website called
shitpost.com where you can order uh cow
poop, horse poop, whatever and mail it
to someone's house anonymously. And
there's crime as a service that exists
where you can do bricking, throw a brick
at someone's house, like hire someone
else. Even if that person gets caught,
they don't know who paid them. They were
paid in Bitcoin or whatever, 100 bucks,
50 bucks. It becomes so easy to spoil
someone's life if you know their home
address. So this is pretty dangerous
stuff. What I wanted to ask you is I
found on Google Maps, I don't know if
this is what you found or street views,
if you just move a little bit down the
street, often that the reduction or blur
is removed, right? So you just move a
little bit down the street and then
suddenly there's a image of that house
without the blur. You found that as well?
well?
Absolutely. So if I look at this house
from maybe the back street or something,
it may be less blurred.
Just move down the street a little bit.
I found it's like weird. I don't I just
seen that in the UK sometimes.
Yeah. Know that it happens everywhere.
When I redacted my house or my client's
houses, I make sure it's redacted from
every angle. So I redo this stuff and
you know you just go report a problem
and just reract it here from a different
angle and just you can actually redact
anyone's house with no verification that
happens to some people redact the entire
street every single angle. So you can be
one of those people as well.
I mean a question for you right in
today's world I mean this is why I think
we need to get you back for the privacy
in the opsect stuff. It's it's becoming
harder and harder to have any kind of
privacy with tools like this. I mean it
just seems impossible almost. Yeah, and
that's the number one question I get
after I show these uh OSN techniques.
People are like, "Oh, how do I hide
myself?" So, yeah, that's step one is
knowing how to find it and where to find
it. And step two becomes easier on how
to kind of undo some of that damage
that's there. But yeah, that's for a
completely different show. I can talk
hours and hours on the privacy side of things.
things.
Yeah, I think we need we need that
because it's like um what phone do I
use? What you know, just basic stuff. So
many of us make so many poor choices
just because it seems like ease of use
trumps privacy and it's like how do we solve
solve
and since since you mentioned it I'll
just a side note I own
operationprivacy.com where I kind of
share all my trade secrets on how to
make your lives private from every
single angle from people search
everything I'm showing how to reverse
that and how to have your devices
private your laptops your phones your
homes your private infrastructure pretty
much everything but again we'll leave
that for another discussion But yeah,
moving on. U there's other search tools
like spy dialer and and stuff like that.
Again, there's so many ways to do
something, but I want to get into more
advanced techniques, metadata and stuff
like that. So there's a famous uh tool
here uh for Bellingcat's online
investigation and um they have a huge
list of OSEN tools and this is a Google
Google Docs a Google spreadsheet online
and if I try to see who created this
spreadsheet I can't get any information
if this was a word file I could just go
inside on the properties and see who the
author was in here I can't see much this
is a publicly shared document so how do
I know who's created this and think of a
scenario where this is some bad actor or
some hacker who has posted their
instructions online on a Google Sheets.
There's actually tools that scrape the
API for something like this. So for
something like this, there's a tool
called Zula do. And in Zula do uh
there's a command called Zula do. So
I've installed this. It's a GitHub tool.
It's it's free. Takes, you know, 30
seconds to install. And all you do is
type Zuladoc. Probably I'm pronouncing
it right, but whatever. starts with an X
and you just put in the Google Docs u
full link in here and press enter and it
searches through the document ID
creation date and boom it found a name
and the name and the email address of
the person who's hosting this file and I
know this is correct because it ends in
an atbellat.com
this information wasn't available
through any webbased search or at least
none that I know of but this is going
through the Google API which are
extremely uh in-depth and it's just
extracting it from there. So these are
the type of things I would use from a
command line perspective and go deeper
and deeper and deeper into information.
A and I have a whole bunch of other
tools here. For example, if I had an
email address instead of just Google
searching stuff, there's another tool
called OI. It's a French uh tool or the
creator is French. Guessing that's how
you pronounce it. But let's say I put in bob123@gmail.com
bob123@gmail.com
and hit enter. It's going to go through
uh quite a bunch of different websites
and try to fetch for me the websites
that this email account exists in. And
here you see a list and I've narrowed it
down to only the ones that exist. So I
know that Bob123 has an Adobe account,
bodybuilding.com account and a couple of
questionable accounts as well. And this
stuff is important because I know where
else to search. I know I can go on
bodybuilding.com and find Bob's profile
over there or I can potentially like
blackmail the person and say, "Hey,
there's some questionable websites here
that your account exists and you use
your true email address over there." So,
this is a lot of incriminating stuff and
again, privacy violation right here. But
the manual way to do this would have
been go to each site and try to create
an account, get an error and say, "All
right, account already exists." So tools
like this help me really quickly figure
out where else should I kind of search
for this person's uh profile. And
another tool similar to this is Magrit.
So let's use your name here, David Bombbo.
Bombbo.
Oh no. Oh no.
And let's see how many accounts exist.
So this is a username enumeration. It
will search hundreds of websites. In
fact, 500 in this case. It's kind of
like that other website you've seen um
which is what's my name.app and that's
the web version. So back to your
question earlier question that what if a
tool fails? Well, what's my name.app has
failed in the past. There was some
downtime for upgrade or whatever. Well,
this is an alternative a web based uh
command line interface based tool. So
now I see you know your username is used
on Twitch on Patreon and some of these
may be legit others you know you just
don't have access to it. So like this
one. Yep. That's you. That's your
Patreon account in 2018. And I can start
going through these one by one and
figuring out which is you, which isn't
you, and more information within each
account. So, there's obviously your
YouTube account, but you have a UGI
account as well. So, I get a quick
snapshot of 500 different websites, and
I'm only getting the hits, those that
exist, and it's still searching, and I
get a result, quite a number of hits
essentially. And this is a good way of
figuring out where have I missed, which
accounts do I need to look at? Because
each one of these will have tidbits of
information about you. Maybe a date of
birth in some of them, an image,
something you mention in a description
somewhere in one of these sites.
Something that's way too old and you
forgot to take it down. And some may not
be you. It's just someone else
pretending to be you. This is a great
way to do username enlumeration. Yeah, I
I must say it's it's amazing how many
people impersonate me on online. Like a
lot of those accounts I can say are not
mine because it's man the amount of
impersonation and scams where people
trying to impersonate people like me.
Yeah, I actually clicked on a few of
these when I was going through this and
I found some of them were really not
you. There was it said someone had
created this account in India. The image
was not even you. A lot of your fans,
I'm sure.
Yep. Yep. Happens a lot. I mean they
there's a there's a good example of um
we had to we fortunately knew someone at
Facebook who could take it down. There
was an example where someone was
creating YouTube videos by all like it
was a Facebook group where people paid
and they were taking videos of mine and
videos of other YouTubers and stitching
them together and creating so-called
cyber security videos and then people
were paying for this stuff and I mean it
was an absolute nightmare to just try
and get it removed. Yeah.
Yeah.
Yeah. That happens a lot unfortunately
these days and platforms are not doing
much and and this is a good technique to
do sort of a thread assessment or more
of a digital assessment and I do this
for clients all the time. I say this is
what your digital footprint looks like
and they're like oh this is not me. I'm
like well this is someone impersonating
you let's take this down.
So perfect use case.
No that's great. That's great.
And it this gets even more advanced once
you discover one tool like this that's
not a web-based tool. You can look at
others like there's a tool called
ignorant or ignorant and you can put in
a phone number here and if I put in a
phone number here it basically goes
through a few websites and tries to
register there and brings back an answer
yes or no. So Amazon.com and Instagram
have an account with this phone number
already created. So this was my target.
Cool. I know that they have an Amazon
and an Instagram account, but not a
Snapchat account, or at least not with
this phone number specifically. So,
these tools um allow you to kind of make
your investigation go much much faster.
It's just crazy that you can get that
information from Amazon as an example
that that's just available. It's mad.
It's all through APIs.
Yeah. So, in other words, you you you
think you you think you're safe because
on the website, you think, "Oh, it's
safe." But then you if you'd like you
hacker, developer, pentester, you just
go through the API and get all that
information. It's crazy how much is available.
available.
Yeah, eventually those APIs will get
blocked and there'll be newer ways to do
it, but it's a cat and mouse in all
those. And for example, Instagram has
one um which is pretty surprising. So if
I go to instagram.com/bumble,
for example, um that's obviously not
you. uh and they don't have a lot of
followers, two followers, three posts.
But let's see what we can get out of
this Instagram account. If I go under
those three level dots, and I go under
about this account, I just see date
joined. Nothing else here. And through
the images also, I don't see much. If I
click on the images again, no comments,
no likes. Usually, I look at the likes
and see who's liked it and pivot off of
that. All right, one comment here, but
not much. But there is a tool on um
GitHub called two tatis. And um this
tool if when you install it and put in
the username bumble and it it requires
like a token an authentication token
taken from your alias Instagram account.
It's kind of like your cookie. Obviously
we're going to redact this or I'll just
reset the cookie. And when I press
enter, it goes through that Instagram
account using the APIs and it found some
additional information. So you can see
optiscated email. It says something at
starts with an H.FR.
So now at least I know this is a French
account. The email is AFR account. And
sometimes I usually get a redacted phone
number next to this. So it's hit or
miss. You get different information at
different points. Now for example, if I
scroll up and go to instead of Bumble,
the account Bob, I usually use this as a
test. Instagram account, Bob. I get a
full phone number and I get a full email
address. But what is this account? Let's
go to Bob and see who who this is. Seems
like a musician, but I don't see that
phone number associated here. Even if I
go to about this account, there's no
phone number. There's no email address
yet. Somehow through the API, it scraped
the stuff out of it. So these are the
next level tools where you need to know
this exists. Otherwise, you know,
investigators look at this and they're
like, "All right, this account is a dead
end." No, it's not. There's tools like
this that exist that can go a little bit
deeper through APIs into some of these accounts.
accounts.
It just seems mad that you could just do
that through an API, man. That's a whole
world. And then we're getting AI just
going to make it worse, probably.
Oh, yes. And there's a whole bunch of
these things. My my goal is just to tell
people what exists. There's a bunch of u
um tools like this on GitHub that exists
and and there's a lot of other places
you can look for stuff. So thinking
outside the box again when I do
reconnaissance on uh people usually
they're connected to organizations then
I go into sort of like the corporate
OSEN side. So look through LLC's
corporations using something like open
corporate. So that's another area I go
into. I also go on the network side of
Osent which is more of the who is data
DNS data. So let's say I I do a who is
of batman.com it shows me and there's
like a hundred ways to do who is. So I'm
just showing you the web uh version to
do this so that I can display it. I get
IP addresses. Now each one of these is
again a pivot point uh on where this is
hosted. What other websites are hosted
in the same place. This show's owned by
Mark Monitor, a big company here, and DC
Comics owns Batman. But if I go to
hookie.com or whoxy.com,
let me zoom into this. I call it hookie
at least. If I go to hookie.com, it not
only shows me the current registar,
which is DC Comics, but if I scroll
down, it shows me historical records. In
2016, Warner Brothers owned it, which
yeah, if you're a fan of DC or Marvel
and stuff, you'll know. Yeah. DC was
owned by Warner Brothers in the past and
then sometime around 2020 or 2018 DC
Comics started owning it. So this is
good stuff. This is just a fun example.
But a lot of times like in this example
as well, I see a Hotmail address here.
This is a company DC Entertainment, but
somebody with a Hotmail address owned
this and they own 14 more domains. So if
I can click through, I see superman.com
was also owned by the same person and
which kind of makes sense. So this is
great, you know, for pivoting off of
websites and finding a lot more
information about, you know, web
presences of uh individuals. There's
also within a website, so if you if you
found your target website, you can go
even deeper into something called tags.
So if you look at uh a website like uh
cars.com if you rightclick and look at
uh the page source and I open up a new
tab in this in the page source there's
Google tag managers or Google analytics
ID just search for GTM and you'll see
this GTM- whatever most websites will
have this and there's a website called
web techservey.com/tag
and you put in that tag ID zoom in a
little bit and you hit search and you
see what websites are using this. So
that was cars.com, but you see
cincinnati.com is also using the same
Google ad ID or NYC trucking.com and a
few others. Only a handful of other
websites are using the same thing. Now,
as an investigator, we shouldn't jump to
conclusions, but this shows me one of
two things. either all these websites
have the same owner, that's why they're
using the same Google tag ID, or they're
using a common tag ID because they have
a common developer or the agency,
they're using the same tag ID, which
they shouldn't. Obviously, that defeats
the purpose, but it could be one of
these two assumptions, but it's it's a
good way to see connections. So, that
that's another thing I would do when I
dig deeper into websites is to dig into
the code. And this is where the coding
side comes in. If you're an HTML
developer and you know a lot of the
backend workings of websites, this pops
out and says, "Yeah, obviously this is
something like uh unique within a web
page." And I would go further deeper
into the website itself with archive.org
or the wayback machine and see previous
versions of the website. Often times
I've seen, you know, a current website
looks a certain way, but then years ago
somebody had some PII in there. somebody
had a personal email address on the
contact us page or a phone number that's
no longer there. So, it kind of gives
you a better view into that uh website.
Um, and then I do something called
website exploitation, which is another
one of my advanced techniques.
I like that. Yep.
Yep.
Which is uh let me give you an example.
If you go to orauto.com
and select the garage option here and
you can add your vehicle either by VIN
or by plate. So let's say there was a
hit and run in your area and you saw the
plate of the vehicle um but you don't
remember what the car was or somebody
gave you the plate. So you put in the
plate state uh this this works for the
US and you put in the word hacker and
you press search and it resolves to a
vehicle at 2007 GMC Sierra unfortunately
as the hacker plate. So if someone said
it was an SUV but we don't know which
one. Well, you can't give that to the
police. You can but previously it was
thought that only police can look up
plates and stuff like that but no
websites like this do it. And there's a
whole bunch of others that do the same
thing. And so as an example, I went on
Facebook. Let's look at this random
person's vehicle here. And this person
has a bunch of vehicles. And this is our
target, let's say. And scrolling through
their vehicle, I see they have a license
plate number here. And they have a state
here. So this this state here, that's
Ohio here. So I know that's a Ohio plate
because that's kind of my target here.
So as an example now I take this vehicle
plate number here and I put it in
something like carvana.com
which uh provides this API service so
that you don't have to enter a lot of
details. It'll look up your plate for
you. So first let me select the state.
The state was Ohio. And let me put in
the plate number here. And as I search
through this, it's actually searching
through its API. And it found a Hyundai
Genesis Coupe, which is what it is. But
it also gave me a VIN number. And I can
do a lot with a VIN number. I can
basically do a simple Google search and
look through maybe the car was for sale
or whatever. But I'll take this VIN
number. And since I know this is Ohio,
there's a website, and you can Google
this for every state. There's a
Department of Motor Vehicles, DMV. This
one is called Bureau of Motor Vehicles
in Ohio. BMV and under the title search,
I can search by VIN number and I put in
the VIN number. Click search and it
shows me all the previous titles
inactive all the way to the active
title. So now at least got a title
number and I can do a title inquiry and
it shows me the lean holder is some
credit union. So they've taken it on a
lease probably and that's who
technically owns the vehicle. Now they
don't show vehicle ownership uh as much.
It really depends on the state. But at
least I got to dig much deeper and I can
give this information to law enforcement
and I don't need to call a cop and say,
"Hey, you know, here's a plate number.
What can you get out of it?" Sure, they
can get a little bit more information,
but if I start at a place where I have
title and uh lean holder and date it was
registered and all that stuff, I'm
giving a big head start to law
enforcement. And this is the US. Similar
stuff I discovered is in the UK as well.
Yeah, the UK has um API u and it's a.gov
website. Um so it's actually gov.uk. So
the UK government is providing access to
this API. And the screen you're seeing
here right now is my dashboard of of
postman.com. So what I do is I try to
figure out through the network tab
what's really going on when I put in a
query on the on the web and see what the
headers are uh what the post method is
and what I get as a reply because you
can do a lot of these things on just a
web browser but I can automate it
through API queries here. So as an
example uh this driver database API in
the UK asks for in the body of the
request just the license plate number.
So I have an example here. Let's search
for a UK plate number to test this
method out. So, I go UK vehicle search
on Google and I pick this car here and I
find a bunch of plate numbers. So, this
one, I don't know what this is. We don't
have this car in the US, but looks like a
a
Vauxhall something. Yeah,
yeah. So, the plate number here is VU69
YD. Let's put that in here. So, VU69
S Y DA. And I click send on this post
request. And it says forbidden because I
don't have my API key in here. Let me
change my environment to demo which does
have my API key which you can't see
here. And there we go. I I get some
reply. Yeah. So it's a Voxil. Um it has
some other specs and it was registered
in 2019 of November. And that's about
all I get, but I'm much closer now
because of this. There are actually
other APIs available on the same website
where you can put in a VIN number or you
can put in uh stuff like first name,
last name and click send and you can get
more registration based details. I
haven't gotten all of these to work yet
because you have to request an API it
expires and stuff for the demo. I can't
really show you this. Plus, it would be
a lot of PII available. But know that
this exists.
Yeah, it's it's crazy. I mean, it's like
I find it amazing that government
organizations give you just like the VIN
or like personal data like that. It's
it's madness. I remember interviewing
Sam Curry who hacked Kios and he was
like, "Okay, all I need is the
registration and then I can run an API,
get the VIN number, and then I can send
some codes and he was able to unlock
doors, start the engine, whatnot, just
by a number plate." Um, but I mean, what
what you've shown is it's mad that you
don't need to even go to the DMV. You
just go to some website, you can pull
this data and then query it and get all
the VIN number stuff. It's it's I think
sorry he was paying for this I think and
you've just shown it for free. Oh yeah,
this is all free. You just have to get
an API and I show a list on the left
here on all different types of APIs that
exist and I keep growing this list. Like
remember the O'Reilly auto thing I
showed where I was doing it through a
website? Well, I could do it through an
API request as well. So I can put in a
plate number here. This is like a
variable. I put the plate number as
hacker. I put the state as TNC. I can
send a request without an API key. And
it shows me it's a 1995 Honda Civic. So
I can do this things programmatically as
well with or without an API. And there's
so many possibilities here. And you you
raised a good point like a hacker using
this for something else. I'm just
showing that this exists. So if there's
someone stuck doing a certain problem,
you know, hacking, getting remote
access, or just getting more
information, we can collect all these
different pieces of information. And it
may not be useful right now in the
moment, but as an investigator, my job
becomes to create this larger mind map
and just plug in all the pieces. They
may be useless right now. And you may be
saying, "What's an API? What's a VIN
number, you know, useful right now?" But
you never know. More information is
good. at the end it'll all make sense.
I was going to say do you find that it's
I think a lot like talking about rabbit
holes right that you get so much
information that you get you get so lost
in it and that's why you have the mind
map I take it so you try and like keep
yourself on the on the on the on track.
Oh yeah when I'm doing investigations I
keep finding info and I never want to
dump that info saying this is useless so
I need to store it someplace. So, I keep
a notepad open. I put everything in
there, but I also keep that mind map
open and say, where in the grand scheme
of things does this information fall and
I just put it in there. Eventually, when
I'm done with my, I don't know, 10-hour
investigation or 10day investigation,
things start to make sense. And that's
how I do the investigation. I cast a
wide net and then I kind of narrow down.
You got to what what's a voter ID got to
do with with what we're looking at?
Don't tell me it gets more scary. So
this gets scarier because some of the
techniques I use are hacker techniques
which come from my web application
pentesting days which is if you have a
website like this so voter information
in the US is public record. As long as
you know basic stuff for example in
Florida you need to know a person's
first name, last name and date of birth.
If you know that you unlock a fourth
piece of information which is their home
address. And that home address by the
way is true because this is a government
website. You know, technically you can't
lie to the government. It's it's a crime
because they do take your driver's
license when you're registering to vote.
And whatever address is in there, which
has to be your home address in at least
most of the states, some you can mask,
but most you can't. So, I know that if I
can unlock whatever's at the end of this
website, I'll get a true home address of
my target. So, government information is
great. So, let's pick on um an example
like Dwayne Johnson
because he's a public figure. I know his
date of birth. So, let's put that in
here. So, before I put that in here,
here's how things happen. If I put in
something in incorrect, the website will
say incorrect. Try again. And it'll only
give me a hit when everything is
correct. So, what I do is I can automate
this. All I need to know is, you know,
first name, last name, I know. Let's say
I didn't know his date of birth. I could
use a software like burpuite to automate
this form thousand times. Instead of
using burpsweet, remember I said always
have uh multiple ways to do the same
thing. I found a new software that does
the same thing called KO. It's um
gaining a lot of ground nowadays. It's
free and it's in some cases it's better.
It doesn't have a lot of options. But
what I do here is and I'll just show you
a shortcut of what's happening. The
moment I hit send, there's a post
request that goes through. At the bottom
of this post request, you see the
website is sending the first name,
Dwayne Johnson, and it's sending a date
of birth five to um which is the correct
month and day. And I don't know the
year, so I'm doing 1970. And the last
piece I want to iterate through. I want
to try multiple years of birth. So what
I do here is under the the right tab
here, I start with 60. So 1960 to 1999.
I want to try all the different years.
And maybe I'll get one hit. And I click
on run. And you see how quick that was. It
It
That's crazy.
It actually went through 40 requests in
what, just a click, not even a second.
And it's really fast. And I look at the
status and the length. So the length is
all the same. It's 21, you know, 100 uh
21,000 bytes long. And all of them are
the same except one. This is 16,000. So
that's my odd one out, which is 64. But
let me arrange it by length. I see
actually two that are um the odd ones
out. 64 and 72. We know from the Google
search 72 is his real date of birth. And
if I actually go scroll down here to the
response, I can actually press CtrlF and
say Dwayne and hit enter, it shows me
Dwayne Douglas Johnson. That was one of
the results. And I'll show you the
actual result in a second. And then the
other one was Dwayne Eric Johnson. So
apparently there are two Dwayne
Johnson's with the same day and month
but different year of birth. So at least
I can look at two of them and figure
that out. Yeah. So, if I scroll back to
the voter registry info, now I don't
have to guess. I know exactly what to
type in here. So, Dwayne Johnson and the
date of birth was 52 1972,
1972,
right? 72 and click on I understand.
Click submit. And now I get his home
address, uh, street address, zip code,
county name, voter ID, and that's what I
was after. It's it's sort of like a math
problem for me. You know, solve for, you
know, y or whatever. I know a, b, and c.
And once I plug those in, I can just
iterate through one of them as a
variable, and now I get the home
address. This works surprisingly well in
most water registry websites. And I
would say the way around this for
websites is to put a capture. If you
simply put a capture, it's going to stop
this technique. It it'll just make it a
little bit harder for me. I I can bypass
captures as well, but it would just make
it that much more difficult. But that's
how I would use hacker tools like um
Burp Suite or KO to automate my results
and get to where I have to instead of
trying a thousand times I can use stuff
like this. And again, the goal of this
is to open up your minds and saying,
where else can I use this? If this
website worked, what about a vehicle
lookup website? Or what about some other
government records or something else
that's open to the public, but they ask
way too much information, five pieces of
information, and I have four. The fifth
one will take me a thousand attempts.
You give up. But not really. Um, in
another demo I showed, uh, where you go
into hotel rooms and the guest Yeah, I
was going to ask you about that. That
was a good demo that Sorry. Go on.
Yeah. So the I mean this is such a big
vulnerability where you go into a hotel
and the guest Wi-Fi asks you for your
last name and room room number and then
it gives you access. It's basically as
network engineers we know what's going
on in the back end. It's a knack a
network access control and if that
information matches their databases it
allows you network access. Well I can go
through all of the room numbers if I
know your name and there's only a finite
number of rooms. I know how many floors
there are. I know the schema that they
use for the room numbers. The first two
digits are usually the floor. Uh the
other two digits are the room number.
And I can just iterate through maybe
400, 500 entries in a matter of seconds
and it'll pop up as a you're in room
number, you know, 5062. That's a
physical security threat because what if
you're a important person who's uh you
know, visiting as a delegate or
something and your physical security is
at risk. Well, someone could not just
walk in. I could lurk around the halls
and when the cleaning staff comes in and
opens your door, I could just walk in
and say, "Hey, I'm just here to collect
my laptop." And I just go in and steal
whatever's inside. You're not going to
be in the room and the door is open and
I knew exactly what room to lurk around.
So to me, that's a big vulnerability
which they don't realize exists.
Didn't you demo with John that you could
do this even when you weren't in the
hotel, right?
Yes. And that's a probably a second tier
of vulnerability. like why is that
access allowed uh outside of the
premises? I think I may still have that.
Was it Hilton? Um here it is. So I
stayed at the Hilton Denver city center
and I had that URL saved in my browser
and here we go. I mean this this portal
should not be accessible outside of
that, you know, Wi-Fi connection or that
facility, but I can access it anywhere.
And again, using my same techniques, I
can manipulate the URL to maybe access a
different Hilton um or any other uh
hotel for that matter if I just know
their URL or or URL structure. This is crazy.
crazy.
I mean, it's madness that that's
available from anywhere and then you
just literally need someone's surname
and then you can find out what room
they're in because you use Burp to just
go through all the rooms, right?
Yeah. Exactly. Yeah. So, lastly, I'll
I'll I'll leave it to Yeah. So one more
technique I want to show you is around
uh breaches. This is like the superpower
of OSENT. And if you have access to
breaches, man, you have a lot of data at
your fingertips. Where I usually start
with is an email address. So let's say I
have an email address called bob atgmail.com
atgmail.com
and go to have I beenpawned.com. Very
well-known public website. They seem to
have changed their look a bit. But if I
click search, 382 breaches. It's a
common email, so it's great for testing.
But I see all the websites that Bob is
part of a breach with. And I although I
can't see details, but I can see where
that he's been breached. So if I do a
CtrlF and search for um what is it? Park
mobile breach. I do have this data
breach stored in my hard drive. I know
this person is part of the breach and I
know that this breach has an email
address because we entered it here, a
license plate, name, password, phone
number. All right, let's go to that
breach. So, this is that breach. So, I
actually have it saved in my um hard
drive and I'm going to do a GP or a RIP
GP, a faster way of doing GP. And this
is the command I would put in u bob
atgmail.com search through the
Parkmobile databach. It's a large CSV
file. It's about 5 gigs. And when I
press enter, here we go. Enter. It took
just a split second. Wow.
Wow.
So that's how much faster it is. Yeah,
it's a 5 gig file and it starts. Let's
say I didn't have this um let's say Bob
atgmail. I put a slash in front of it
because when I don't and I just do bob
atgmail.com. Enter. Look how many
results I get. It's something
bobgmail.com. So it's it's giving me all
the results that are available. So I
kind of narrowed down to that particular
one. Let's go back to that one which is
here. And now I see a phone number. I
see a hashed password. I don't care
about the password, but I actually see a
phone number for Bob. So I went from an
email address to a phone number because
of a data breach. And this data breach
has license plate numbers. If I just
scroll up a little bit and I look at any
other record here. So I see a Tesla
here. It says they named their vehicle
Tesla. It had a number before it. That's
the license plate number and an email
address and uh a phone number somewhere.
So, there's a lot of information in this
data breach and I use it to pivot off of
known information to something that's
unknown to me and I store these locally
because online you don't get everything
every time. So, another breach that I
often use is the AT&T data breach and
let me show you that had everyone's
social security numbers or something, right?
right?
Yeah. So, this is a website by uh
another guy. He he owns this
pentester.com. And if I put in a phone
number of my target, let's say, you know, beginning few digits, then
know, beginning few digits, then 8675309, and press search, it shows me
8675309, and press search, it shows me that this phone number was part of the
that this phone number was part of the AT&T databach. And if I scroll down and
AT&T databach. And if I scroll down and zoom in, it shows me that person's
zoom in, it shows me that person's address that they gave to AT&T, um,
address that they gave to AT&T, um, their phone number, and it also shows me
their phone number, and it also shows me their social security number. But this
their social security number. But this website redacts it. Uh, but it does show
website redacts it. Uh, but it does show me it ends in two digits here, but it
me it ends in two digits here, but it also shows me an email address, a Gmail
also shows me an email address, a Gmail address that I didn't have. So, if I
address that I didn't have. So, if I have the data breach, I can get
have the data breach, I can get everything and more that's unredacted,
everything and more that's unredacted, which I do. So, if I put in this exact
which I do. So, if I put in this exact same phone number in my command line
same phone number in my command line prompt here, uh, rip grap, and then the
prompt here, uh, rip grap, and then the phone number here, and then I search
phone number here, and then I search through the AT&T databach. Again, this
through the AT&T databach. Again, this is probably 3 4 gigs file. and I hit
is probably 3 4 gigs file. and I hit enter and I get exactly one result
enter and I get exactly one result actually two results which are repeat of
actually two results which are repeat of each other and I get the phone number
each other and I get the phone number that was highlighted but I also get the
that was highlighted but I also get the email address that was also shown in
email address that was also shown in that web page you know what if that web
that web page you know what if that web page goes down because of a takedown
page goes down because of a takedown request or something or I have the raw
request or something or I have the raw data breach here it also shows me that
data breach here it also shows me that person's social security number it end
person's social security number it end it ended with those two digits which I'm
it ended with those two digits which I'm highlighting here and that's a lot of
highlighting here and that's a lot of sensitive data hackers can can and will
sensitive data hackers can can and will definitely misuse a social security
definitely misuse a social security number for you know for for fraud. I
number for you know for for fraud. I necessarily don't need this from from an
necessarily don't need this from from an OSEN perspective. I need everything
OSEN perspective. I need everything else. But again, data is at your
else. But again, data is at your fingertips through breaches. And this is
fingertips through breaches. And this is a this is a gold mine.
a this is a gold mine. And Michelle, we got to we got to get
And Michelle, we got to we got to get you back to do privacy stuff, right?
you back to do privacy stuff, right? Because it's that old old question.
Because it's that old old question. Okay, you've shocked us now, man. How do
Okay, you've shocked us now, man. How do I protect myself? And um we were talking
I protect myself? And um we were talking offline. You said that, you know,
offline. You said that, you know, privacy is better in the UK, even though
privacy is better in the UK, even though sometimes it doesn't feel that way. I
sometimes it doesn't feel that way. I think if you live in Europe, England or
think if you live in Europe, England or the UK is slightly different these days,
the UK is slightly different these days, but um you know, your your data is more
but um you know, your your data is more private, but the US sounds like it's
private, but the US sounds like it's free in some ways.
free in some ways. It is. And OSENT in every different part
It is. And OSENT in every different part of the world is different. You know, in
of the world is different. You know, in um in the UK, I would say it's a little
um in the UK, I would say it's a little bit harder because portals are more
bit harder because portals are more centralized by the government. In the
centralized by the government. In the US, every state is a government on its
US, every state is a government on its own, a different website, different
own, a different website, different mechanism to access data. In most
mechanism to access data. In most European countries, it's a central
European countries, it's a central authority that controls everything. In
authority that controls everything. In the Middle East, it's even more locked
the Middle East, it's even more locked down. People aren't even on social media
down. People aren't even on social media or they at least they don't share stuff.
or they at least they don't share stuff. So sakmint or social media intelligence
So sakmint or social media intelligence is even harder there in Asia. You know
is even harder there in Asia. You know different languages, different uh types
different languages, different uh types of social media exists there. No one's
of social media exists there. No one's on, you know, maybe Instagram or
on, you know, maybe Instagram or YouTube, but they're on other local
YouTube, but they're on other local social media. So you need localized
social media. So you need localized resources for every type of OSENT. I
resources for every type of OSENT. I specialize in the US side of things
specialize in the US side of things because there's so much to do here and
because there's so much to do here and my clients are mostly here, but I'm also
my clients are mostly here, but I'm also pretty good at the Middle East and some
pretty good at the Middle East and some parts of Europe doing this for years.
parts of Europe doing this for years. But yeah, I mean privacy is the same.
But yeah, I mean privacy is the same. Then the flip side of this depending on
Then the flip side of this depending on where you are, what data you have access
where you are, what data you have access to, privacy aspects there will be very
to, privacy aspects there will be very different.
different. I mean I think the problem is right if
I mean I think the problem is right if if someone's determined and skilled like
if someone's determined and skilled like you it's I don't know how much you can
you it's I don't know how much you can actually do but I mean just for stopping
actually do but I mean just for stopping most people you can you can do things to
most people you can you can do things to protect yourself. Right.
protect yourself. Right. Of course and I do a lot. So knowing
Of course and I do a lot. So knowing where information exists, if I can't opt
where information exists, if I can't opt out of a certain piece of information,
out of a certain piece of information, if I can't remove it from the internet,
if I can't remove it from the internet, I spoil the information. Uh so when
I spoil the information. Uh so when every like my policy is every time I'm
every like my policy is every time I'm giving out information at the doctor's
giving out information at the doctor's office or school or somewhere else, I'll
office or school or somewhere else, I'll spoil some of the information. I may
spoil some of the information. I may give my true name because they need it
give my true name because they need it for ID. I may give a phone number that
for ID. I may give a phone number that rings to me, but that's not my personal
rings to me, but that's not my personal phone number tied to my bank accounts
phone number tied to my bank accounts and stuff. It's a Google voice phone
and stuff. It's a Google voice phone number, but my address is going to be
number, but my address is going to be completely nonsense. Um, I recently went
completely nonsense. Um, I recently went to a new clinic. I took my kids there
to a new clinic. I took my kids there and they asked a whole bunch of
and they asked a whole bunch of information, including my social
information, including my social security number. There was a iPad type
security number. There was a iPad type of form. I just clicked next and nothing
of form. I just clicked next and nothing was really required. So, I'm like,
was really required. So, I'm like, people don't know this. They'll
people don't know this. They'll inadvertently put in a lot of private
inadvertently put in a lot of private data. And then the lady at the
data. And then the lady at the registration was like, we need an email
registration was like, we need an email address. I'm like, you don't need any
address. I'm like, you don't need any email address. like, "No, we need to
email address. like, "No, we need to send you a a copy of your bill." I'm
send you a a copy of your bill." I'm like, "I'm paying in cash. You don't
like, "I'm paying in cash. You don't need a copy." They're like, "Ah, all
need a copy." They're like, "Ah, all right. Uh, can I get a address at
right. Uh, can I get a address at least?" I'm like, "No." Again, why do
least?" I'm like, "No." Again, why do you need an address? Do you need it to
you need an address? Do you need it to treat me? And they're like, "Well,
treat me? And they're like, "Well, technically we don't." But I'm like,
technically we don't." But I'm like, "All right, 123 Privacy Drive,
"All right, 123 Privacy Drive, Hollywood, California." And she she
Hollywood, California." And she she looked at me in a mean way. She's like,
looked at me in a mean way. She's like, "All right, fine." I'm like, "That's not
"All right, fine." I'm like, "That's not a true address, just so you know, but if
a true address, just so you know, but if you need to fill out a form and it's not
you need to fill out a form and it's not clicking next, this is what you fill
clicking next, this is what you fill out." And I do it in public more to show
out." And I do it in public more to show people around me that it's not
people around me that it's not necessary. You'll still get work done if
necessary. You'll still get work done if you don't get them true information.
you don't get them true information. Because that whole other argument about,
Because that whole other argument about, hey, you know, you're going to end up in
hey, you know, you're going to end up in a data breach. Your systems are weak and
a data breach. Your systems are weak and I'm going to download a copy of that
I'm going to download a copy of that breach one day and show it in a de demo
breach one day and show it in a de demo with with David Bumble or something
with with David Bumble or something about my own information. My own
about my own information. My own information is out there and this is how
information is out there and this is how I kind of spoil it or protect it. So
I kind of spoil it or protect it. So it's a multifaceted approach you know
it's a multifaceted approach you know takedowns disinformation not providing
takedowns disinformation not providing it and it's it's a hard one but again it
it and it's it's a hard one but again it requires dedicated resources knowledge
requires dedicated resources knowledge on how data is ingested so that you can
on how data is ingested so that you can kind of take it out. We got to end off
kind of take it out. We got to end off with the story of your daughter right
with the story of your daughter right cuz you got we got to teach the next
cuz you got we got to teach the next generation because I think it's even
generation because I think it's even harder for them. I believe you you went
harder for them. I believe you you went to is it like a restaurant or something
to is it like a restaurant or something and you or something and you gave
and you or something and you gave incorrect information. Could you tell us
incorrect information. Could you tell us the story? Yeah. So, that was a
the story? Yeah. So, that was a drive-thru and we went through um uh a
drive-thru and we went through um uh a restaurant drive-thru and they asked for
restaurant drive-thru and they asked for a name and I gave a random name. I still
a name and I gave a random name. I still don't know. I think I said Ali cuz I I
don't know. I think I said Ali cuz I I can't, you know, say John or whatever. I
can't, you know, say John or whatever. I I can't pull that off. So, I pull off a
I can't pull that off. So, I pull off a name that's maybe ethnically closer to
name that's maybe ethnically closer to mine. And they're like, "All right." And
mine. And they're like, "All right." And as soon as I said that on the speaker,
as soon as I said that on the speaker, my daughter was like, "That's not your
my daughter was like, "That's not your name. Uh you're Michelle." And as I went
name. Uh you're Michelle." And as I went through the drive-thru, I told her,
through the drive-thru, I told her, "Listen, here's a teaching moment, a
"Listen, here's a teaching moment, a lesson." I'm like, "Why do they need my
lesson." I'm like, "Why do they need my real name?" Um, there and she's like,
real name?" Um, there and she's like, "Listen." I'm like, you know, once they
"Listen." I'm like, you know, once they take my real name, they're going to ask
take my real name, they're going to ask for my address and then a phone number.
for my address and then a phone number. And maybe the guy at the counter gets
And maybe the guy at the counter gets pissed off at me. We get into an
pissed off at me. We get into an argument. I don't know what's going to
argument. I don't know what's going to happen. And they note down my plate
happen. And they note down my plate number, and they know where I live now,
number, and they know where I live now, and they start harassing me. Uh, they
and they start harassing me. Uh, they show up to my doorstep and they start
show up to my doorstep and they start calling me. I'm like, "Do you want all
calling me. I'm like, "Do you want all of that?" I mean, this is pretty
of that?" I mean, this is pretty dangerous stuff. So, just give a fake
dangerous stuff. So, just give a fake name. All I want is food and it's not
name. All I want is food and it's not anything dangerous. It's, you know,
anything dangerous. It's, you know, lying like this is okay. And she's like,
lying like this is okay. And she's like, "Oh, that that's fine." And then, you
"Oh, that that's fine." And then, you know, days later, I saw her playing. I
know, days later, I saw her playing. I believe it was Roblox, which I don't
believe it was Roblox, which I don't like them playing. I actually block it
like them playing. I actually block it in my DNS every now and then, but I
in my DNS every now and then, but I allowed them to play for a while, and I
allowed them to play for a while, and I was sitting right next to her, and she
was sitting right next to her, and she had a name up there uh on Roblox, and I
had a name up there uh on Roblox, and I asked her, I'm like, "This is not your
asked her, I'm like, "This is not your name. who are you chatting with or who
name. who are you chatting with or who are you playing as? She's like, oh no,
are you playing as? She's like, oh no, this is my name, but remember you said
this is my name, but remember you said never use your real name. I'm like, wow,
never use your real name. I'm like, wow, this is a true dad, proud dad moment.
this is a true dad, proud dad moment. I'm like, it worked. It it works with
I'm like, it worked. It it works with children. You have to teach them young,
children. You have to teach them young, teach them at a beginning age on, you
teach them at a beginning age on, you know, where to have alias accounts,
know, where to have alias accounts, where is it okay to lie because there's
where is it okay to lie because there's no other way out of it and where
no other way out of it and where disinformation is good for you because
disinformation is good for you because it'll hurt you when you grow up. All
it'll hurt you when you grow up. All this the seeds of information that
this the seeds of information that you're planting right now. So, I I think
you're planting right now. So, I I think it's very very important for us to
it's very very important for us to discuss this with the next generation.
discuss this with the next generation. Half of us may think we're screwed. Our
Half of us may think we're screwed. Our information is out there, but at least
information is out there, but at least let's not screw our children over with
let's not screw our children over with this.
this. I love that. We're going to end off with
I love that. We're going to end off with that. We got to get you back for
that. We got to get you back for privacy. So for everyone who's watching,
privacy. So for everyone who's watching, put in the comments below stuff that you
put in the comments below stuff that you want to see. Michelle, where can people
want to see. Michelle, where can people reach you? What's the best place? Is it
reach you? What's the best place? Is it LinkedIn? Is it X or
LinkedIn? Is it X or Yeah, my website is Michelle Khan. Yeah.
Yeah, my website is Michelle Khan. Yeah. So just malhan.com, but again me, you'll
So just malhan.com, but again me, you'll find me. I'm pretty good at uh SEO on
find me. I'm pretty good at uh SEO on myself, but at the same time, I'm only
myself, but at the same time, I'm only active on LinkedIn. If you see any other
active on LinkedIn. If you see any other accounts, so that's likely not me or
accounts, so that's likely not me or that's disinformation. But if you want
that's disinformation. But if you want to get in touch with me, LinkedIn is the
to get in touch with me, LinkedIn is the best way.
best way. Love it. Thanks so much.
Click on any text or timestamp to jump to that moment in the video
Share:
Most transcripts ready in under 5 seconds
One-Click Copy125+ LanguagesSearch ContentJump to Timestamps
Paste YouTube URL
Enter any YouTube video link to get the full transcript
Transcript Extraction Form
Most transcripts ready in under 5 seconds
Get Our Chrome Extension
Get transcripts instantly without leaving YouTube. Install our Chrome extension for one-click access to any video's transcript directly on the watch page.
Works with YouTube, Coursera, Udemy and more educational platforms
Get Instant Transcripts: Just Edit the Domain in Your Address Bar!
YouTube
←
→
↻
https://www.youtube.com/watch?v=UF8uR6Z6KLc
YoutubeToText
←
→
↻
https://youtubetotext.net/watch?v=UF8uR6Z6KLc