PaulDotCom mailing list archives
Information gathering
From: lonervamp at gmail.com (Michael Dickey)
Date: Tue, 9 Mar 2010 16:25:12 -0600
I find this hard to explain in a concise list; it is easier to show/demonstrate or just practice. Basically, Google (Bing, etc) search the email address as a whole, and also just the prefix part if it sounds unique or gives away anything to their name. Every time you get a hit, gather as much info from that hit as you can. Did you find out they comment on blogs? They like karate? They have a facebook account? They may be a member of another forum, they may live in Wyoming... You can find out quite a bit about many people based on an email address, probably more than if you just knew their name! The more someone operates online with their email address, the more they give up. And you can start taking your search offline once you get a name and possible location. The fun thing is you can practice this at any time. Take any person who replies to this thread and Google search their email address. See what you can come up with. In my case, it won't take long to find my website and twitter feed. Then you can slip ino the security crowd and start playing with me! If you want to be active and not just passive, send them an email from some fake account (even spoofed if you can get it through) with images to a web server you control. This may give you an IP address to work with, although that particular path leads into some ethically grey territory. Hell, you can simply try to appeal to them directly and open dialogue. Send them invites to LinkedIn, Google Buzz, Wave, Facebook. Rapid7 recently did this enough to me to get my (wtf?) attention. :) Send a Twitter message, and so on. On Mon, Mar 8, 2010 at 4:45 PM, Tyler Robinson <pcimpressions at gmail.com>wrote:
Curious if anyone has any recommendations for software and or techniquies used to gather info on an individual based soley off an email address. I was asked to do some preliminary reconacence on an email address so I started with what I knew google search strings, scouring the social networks, used maltego and even a bit of social engineering but short of breaking the law and hacking into his yahoo account any other suggestions. As always thanks so much to the pauldotcom listeners for there eagerness and pelethora. TR
-------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20100309/eae86f15/attachment.htm
Current thread:
- Information gathering Tyler Robinson (Mar 08)
- Information gathering Joshua Smith (Mar 08)
- Information gathering John Strand (Mar 09)
- Information gathering John Strand (Mar 09)
- Information gathering Nathan Sweaney (Mar 09)
- Information gathering PJ Velasco (Mar 09)
- Information gathering Michael Dickey (Mar 09)
- Information gathering Andrew Ellis (Mar 11)