OSINT - Modern Day Stalking

 I've recently had the pleasure of doing a short presentation on OSINT aka "Open-Source Intelligence". Mind now, I am no professional in this matter and the following is a (very) simple introduction to the matter from the PoV of an amateur.

 OSINT, to put it simply is the use of publicly available information to find answers to your questions. In this regard I think it's fair to say that everyone has done this at some point in their lives—the basics of it aren't exactly rocket science. However. When it comes to the more advanced, techical parts of OSINT - it starts to appear quite magical indeed, the ability to create intelligence from what the average viewer would consider nothing at all. 

I believe that most people, while aware of what it means to post something online, aren't quite aware of "how deep the rabbit hole goes". Even the simple fact of Internet archives like the Wayback Machine will archive webpages, meaning that even if a site is deleted, it will most likely remain accessible through archives; once something is posted online, it's there forever. Of course this isn't a 100% absolute but should, in my opinion, be taken as a guideline of online interaction. 

To bring a case of Hansel and Gretel's trail of breadcrumbs as it applies to searching through open-source information, I'll use myself as an example. If you were to search for my full name (not exactly a secret in most cases) on Google, you would simply find some other individuals with similar names, a result of Google taking your search input and taking whatever bits and pieces of it that it likes. If however you add quotation marks, Google will search for that exact phrase—in which case you will in fact find a few hits about me - an archived local newspaper article of 1st year primary school students enrolling in and a case of 9th year students graduating the local schools. And while searching for my name doesn't give many results, this search has now provided you with the name of the school I went to and the names of everyone that I went to school with—people who I know and maybe just maybe have a connection with on some social media site. As it turns out, even if looking directly for me doesn't give any results, I can still be found through the social media of others - there I am, added as a friend on the profile of someone I went to school with, not with my full name but enough of it that, with context provided, it can be confirmed to be my profile page - from which you could get additional information a la a username—another piece in the trail of breadcrumbs. Breadcrumbs, which, if followed could lead to even more information: secondary usernames, emails, passwords (through data breach archives), etc. I won't go further with this example as I believe it has illustrated the point I'm trying to make - even someone who has a minimal online presence can have enough of a footprint to be identifiable through publicly available information. 

 OSINT of course goes far far beyond what I've described here, some cases of journalism through OSINT for example really highlight just how much information is available if you know how to look for it. In this case I would highlight Bellingcat and the example of MH17 for further reading.

 

P.S. Do check if your information is out there in data breaches. A few sites to help with that: HaveIBeenPwned & Intelligence X.

And OSINT Framwork as a general set of OSINT tools and websites to play around with, so you can be aware of at least some of the possibilities when it comes to OSINT

 

- Stern Kittel 

 

Musings on C

To preface—I am an absolute beginner when it comes to C, with barely a full day under my belt. I do however have little bit more experience with Python, though that too is limited. 

I miss dynamic typing. Having to specify variable types is, for now, a pain. I can understand why it can be good to have static typing but I still miss it. It's the little things really, like having to specify the end of a line with ";" in C. Other than these minor inconveniences C doesn't seem all that different from Python - just need to separate the correct syntax for each for myself. Honestly it's a bit early to tell, as mentioned, I've barely any experience with C at this point having just recently planning a basic first project. 

 

Next post will most likely be a review Hadnagy's "Social Engineering: The Science of Human Hacking" - been doing some reading for a paper and two presentations regarding social engineering and OSINT.

 

 

- Stern Kittel 

 

Fast and Slow - First Midweek

 Third day into the semester - a good a place as any to begin.

 

I've never experienced the passing of time in quite the same way as I have in these past few days. The hours go by blazingly fast and yet, looking at a calendar, the days go by at a snail's pace. One's perception of time is well and truly a "fickle mistress".

 

On a more technical note - seems this year there are a lot more student in the course groups than expected which is causing headache for both students trying to take courses and for lecturers (twice now I've heard a lecturer say they have no idea what is actually going to happen). At first (which was only a few days ago) I went in intending to take quite a few more ECTS that is strictly necessary but at this point it seems that plan won't work as simply too many people have singed up to a few courses that will remain unnamed. My sympathies to a few Open University student who tried their hardest to get into a few courses and later transfer to a program - I've heard tell of their struggles and I can only say I am doubly glad to have gotten into a program. 

 

Perhaps one of my biggest hopes in the coming months and years is to have an opportunity to go on foreign exchange. I would rather dream big and not make it than not dream at all.

  

 P.S. Finding a parking spot is killer

 - Stern Kittel