There’s been a bit of a social media uproar recently about the data collection practices of people search service FamilyTreeNow. However, it’s certainly not the first, only, (or last) service to provide potentially uncomfortable private information about people on the internet without their knowledge or consent. Even the most technologically disconnected people are frequently searchable.… Read More Thwart my OSINT Efforts while Binging TV!
As most of you know, my professional area of expertise in security is incident response, with an emphasis on system / malware forensics and OSINT. I’m fortunate enough in my position in the security education and con community to sometimes get pulled into other directions of blue teaming and the occasional traditional penetration testing. However,… Read More 101 Ways I Screwed Up Making a Fake Identity
Threat intelligence is currently the trendy thing in information security, and as with many new security trends, frequently misunderstood and misused. I want to take the time to discuss some common misunderstandings about what threat intelligence is and isn’t, where it can be beneficial, and where it’s wasting your (and your analysts’) time and money.… Read More The $5 Vendor-Free Crash Course: Cyber Threat Intel
You reused a cute username (or email address). Aliases and usernames have become a big part of our personal online presence, and we often feel tied to them when we register for new sites and services. This can be a great was to build an online identity, but it can also make it trivial to… Read More The Top 9 Ways I Found Your ‘Secret’ Dating Profile