PaulDotCom mailing list archives

Previous By Date Next
Previous By Thread Next

Information gathering

From: lonervamp at gmail.com (Michael Dickey)
Date: Tue, 9 Mar 2010 16:25:12 -0600
I find this hard to explain in a concise list; it is easier to
show/demonstrate or just practice. Basically, Google (Bing, etc) search the
email address as a whole, and also just the prefix part if it sounds unique
or gives away anything to their name. Every time you get a hit, gather as
much info from that hit as you can. Did you find out they comment on blogs?
They like karate? They have a facebook account? They may be a member of
another forum, they may live in Wyoming...  You can find out quite a bit
about many people based on an email address, probably more than if you just
knew their name!

The more someone operates online with their email address, the more they
give up. And you can start taking your search offline once you get a name
and possible location.

The fun thing is you can practice this at any time. Take any person who
replies to this thread and Google search their email address. See what you
can come up with. In my case, it won't take long to find my website and
twitter feed. Then you can slip ino the security crowd and start playing
with me!

If you want to be active and not just passive, send them an email from some
fake account (even spoofed if you can get it through) with images to a web
server you control. This may give you an IP address to work with, although
that particular path leads into some ethically grey territory.

Hell, you can simply try to appeal to them directly and open dialogue. Send
them invites to LinkedIn, Google Buzz, Wave, Facebook. Rapid7 recently did
this enough to me to get my (wtf?) attention. :) Send a Twitter message, and
so on.

On Mon, Mar 8, 2010 at 4:45 PM, Tyler Robinson <pcimpressions at gmail.com>wrote:


Curious if anyone has any recommendations for software and or techniquies
used to gather info on an individual based soley off an email address. I was
asked to do some preliminary reconacence on an email address so I started
with what I knew google search strings, scouring the social networks, used
maltego and even a bit of social engineering but short of breaking the law
and hacking into his yahoo account any other suggestions. As always thanks
so much to the pauldotcom listeners for there eagerness and pelethora.
TR


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20100309/eae86f15/attachment.htm
Previous By Date Next
Previous By Thread Next

Current thread: