1 / 23

OSINT: Social Media

OSINT: Social Media. Part One: Twitter and Facebook. Module Type: Basic Method Module Number: 0x07 Last Updated: 2017-04-07 Author: Hermit. Topics. What is OSINT? What is Social Media? What Can We Learn From Social Media? Twitter OSINT Facebook OSINT. What is OSINT?.

mhead
Download Presentation

OSINT: Social Media

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. OSINT: Social Media Part One: Twitter and Facebook Module Type: Basic Method Module Number: 0x07 Last Updated: 2017-04-07 Author: Hermit

  2. Topics • What is OSINT? • What is Social Media? • What Can We Learn From Social Media? • Twitter OSINT • Facebook OSINT

  3. What is OSINT? • Open Source Intelligence = OSINT • Information from public sources • Often involves directly connecting to a target • Analysis of publicly available data

  4. What is Social Media? • Easiest definition I can think of:Services which exist to share content between individuals and/or organizations that share some common interest or argument with one another. • The biggest data aggregators of our time, who know more about the average person than their friends or family may know. • A one-stop shop for someone’s schedule, beliefs, interests, and personal information.

  5. Bonus Round: What is Dorking? • It’s not whales having sex. Somehow that still comes back as an answer from time to time. • It’s not something a bunch of dorks do while hanging out together (trust me, I’m an expert there). • It IS, however, using search options and techniques in unusual ways to get information that isn’t easily found otherwise. • The most common form of this is Google dorking. We’ll do that in a later class. • Today we’re going to do some other dorking of our own though. 

  6. What Can We Learn From Social Media? • Legal name • Birth date • Marital/relationship status • Relatives • Home/work address • Frequented establishments • Core interests • Social network • Political leaning • Race • Religion • Gender/Gender Identity • Employer • Professional associations • Device types • Communication styles/norms

  7. Twitter OSINT • The Twitter built-in search features a wide range of “dorking” capabilities • We’ll use this for our own purposes however. • As a precautionary note, the results that come back from these searches will be full HTML pages with pretty ads, headers, etc. Not ideal for automated parsing, by any means. • They’ll also automatically load only part of the results, since they’re intended to be viewed by a user and in a browser. • If you want to truly dig into this, I recommend the Twitter REST API.

  8. Twitter Dorking (Users) • Find a user by Twitter handle:https://twitter.com/{HANDLE} • Find a user by ”real” name:https://twitter.com/search?f=users&q={NAME} • Find tweets from a particular user:https://twitter.com/search?q=from%3A{HANDLE} • Find tweets to a particular user:https://twitter.com/search?q=to%3A{HANDLE} • Find tweets within a particular time range from a user:https://twitter.com/search?q=from%3A{HANDLE}%20SINCE%3A{YYYY-MM-DD}%20UNTIL%3A{YYYY-MM-DD}

  9. Twitter Dorking (Terms) • Search for a tweet that contains all listed words:https://twitter.com/search?f=tweets&q={TERM1}%20{TERM2}%20{TERM_ETC} • Search for a single, exact term/phrase:https://twitter.com/search?f=tweets&q=“{TERM/PHRASE}” • Search for one of (however many) terms:https://twitter.com/search?f=tweets&q={TERM1}%20OR%20{TERM2} • Search for one term without another term:https://twitter.com/search?f=tweets&q={KEEP-TERM}%20-{EXCLUDE-TERM} • And of course you can mix and match.

  10. Twitter Dorking (Content) • Search for media from a particular user:https://twitter.com/{HANDLE}/media • Search for favorites from a particular user:https://twitter.com/{HANDLE}/favorites • Search for the first tweet from an account:https://discover.twitter.com/first-tweet#{HANDLE} • Search for all followers of an account:https://twitter.com/{HANDLE}/followers • Search for tweets a user ”liked” from other accounts:https://twitter.com/{HANDLE}/likes

  11. Twitter Dorking (Geolocation) • First find a center point of your search. You’ll need it in decimal notation. Google Maps is great for this; find your location, right-click, and choose “What is here” to see the decimal notation lat/long, or to just generically see for the centered point on your map check the address bar, e.g.:https://www.google.com/maps/place/Topeka,+KS/@39.0293081,-95.9063093,14z/data=!4m5!{etc} • Next, choose a radius for the search (miles or kilometers) • Finally, use this search:https://twitter.com/search?f=tweets&q=geocode%3A{LAT}%2C{LONG}%2C{RADIUS}{“mi” or “km”}Example:https://twitter.com/search?f=tweets&q=geocode%3A39.0293081%2C-95.9063093%2C8mi

  12. Twitter Dorking (Third Party) • Perform social analysis of tweets by user:https://socialbearing.com/search/user/{HANDLE} • Perform statistical anaysis of tweets by user:https://foller.me/{HANDLE} • See history of archived tweets (find deleted tweets, both sent and mentioned):https://backtweets.com/search/q={HANDLE}

  13. Twitter Dorking (API Add-Ons) • Change the sort type by including “result_type”, and specifying ”mixed” (default), “recent” (order by date/time), or “popular” (order by popularity). • Choose how many results to get per page (default is 15, max is 100) with the “count” parameter. • There’s a lot more via the API. Crack in and enjoy!

  14. Facebook OSINT • Find people by email:https://www.facebook.com/search/people/?q={EMAIL} • Find people by cell phone:https://www.facebook.com/search/people/?q=%2B{COUNTRY CODE}{PHONE NUMBER} • Find people by name:https://www.facebook.com/search/str/{NAME}%20{NAME}/users-named • Find people by company:https://www.facebook.com/search/str/{COMPANY}/pages-named/employees/present/intersecthttps://www.facebook.com/search/str/{COMPANY}/pages-named/employees/past/intersect • Find people by city they live(d) in: https://www.facebook.com/search/str/{CITY}/pages-named/residents/present/intersect https://www.facebook.com/search/str/{CITY}/pages-named/residents/past/intersect

  15. Facebook OSINT (Continued) • Find people by the school they attended:https://www.facebook.com/search/str/{SCHOOL}/pages-named/students/intersect • Find people who visited a location:https://www.facebook.com/search/str/{LOCATION}/pages-named/visitors/intersect • Find people by year born (and optionally add gender):https://www.facebook.com/search/str/{YEAR}/date/users-bornhttps://www.facebook.com/search/str/{YEAR}/date/users-born/males/intersect https://www.facebook.com/search/str/{YEAR}/date/users-born/females/intersect • Find people by age range:https://www.facebook.com/search/str/{MIN-AGE}/{MAX-AGE}/users-age-2

  16. Facebook OSINT (Public/Shared Postings) • Find postings matching a keyword:https://www.facebook.com/search/str/{KEYWORD}/stories-keywordhttps://www.facebook.com/search/str/{KEYWORD}/keywords_posts • Find photos matching a keyword:https://www.facebook.com/search/str/{KEYWORD}/photos-keyword • Find videos matching a keyword (Facebook or External Share):https://www.facebook.com/search/str/{KEYWORD}/videos-keywordhttps://www.facebook.com/search/str/{KEYWORD}/videos-web • Find events matching a keyword:https://www.facebook.com/search/events/?q={KEYWORD}

  17. Facebook (Combining Searches) • Is just one of those previous searches not granular enough? Just join them together with the “intersect” directive!Note: Don’t forget the trailing “intersect” or it won’t work! • Example of people living in LOCATION who work for COMPANY:https://www.facebook.com/search/str/{LOCATION}/pages-named/residents/present/intersect/str/{COMPANY}/pages-named/employees/present/intersect • Example of people working for COMPANY between AGES who attended SCHOOL:https://www.facebook.com/search/str/25/30/users-age-2/intersect/str/Celanese/pages-named/employees/present/intersect/str/Jacinto/pages-named/students/intersect

  18. Facebook Dorking (User Numbers) • Scared yet? We haven’t even gotten to the fun part. • The real power of Facebook searching is gained when you have the user/page/group/video stream number, however. So use one of the previous searches to locate the target, then grab that as follows: • Go to the URL for the target, e.g. https://www.facebook.com/fake.user.demo • Next, view source. • Finally, look for “entity_id” and the value of that entry is the number. • Bonus points for scripting it to grab that small snippet in under 10 lines!

  19. Facebook Dorking (Places, Events, and Likes) • View where they’ve been:https://www.facebook.com/search/{ENTNUM}/places-visited/https://www.facebook.com/search/{ENTNUM}/recent-places-visited/https://www.facebook.com/search/{ENTNUM}/places-checked-in/ • View their events and if they attended:https://www.facebook.com/search/str/{ENTNUM}/events-invited/{YEAR}/date/events/intersect/https://www.facebook.com/search/str/{ENTNUM}/events-joined/{YEAR}/date/events/intersect/https://www.facebook.com/search/{ENTNUM}/events • What they like:https://www.facebook.com/search/{ENTNUM}/places-liked/https://www.facebook.com/search/{ENTNUM}/pages-liked/https://www.facebook.com/search/{ENTNUM}/photos-liked/https://www.facebook.com/search/{ENTNUM}/videos-liked/https://www.facebook.com/search/{ENTNUM}/stories-liked/ • And why not bring all the same knowledge from their friends? https://www.facebook.com/search/{ENTNUM}/friends/places-liked/ (etc.)

  20. Facebook Dorking (Content) • Photos (yes, you can do the “friends” thing here too):https://www.facebook.com/search/{ENTNUM}/photos/https://www.facebook.com/search/{ENTNUM}/photos-of/https://www.facebook.com/search/{ENTNUM}/photos-by/https://www.facebook.com/search/{ENTNUM}/photos-commented/ • Videos (yes, you can do the “friends” thing here too):https://www.facebook.com/search/{ENTNUM}/videos/https://www.facebook.com/search/{ENTNUM}/videos-of/https://www.facebook.com/search/{ENTNUM}/videos-by/https://www.facebook.com/search/{ENTNUM}/videos-commented/ • What apps they use (yes, you can do the “friends” thing here too):https://www.facebook.com/search/{ENTNUM}/apps-used/ • What they said (yes, you can do the “friends” thing here too):https://www.facebook.com/search/{ENTNUM}/stories-by/https://www.facebook.com/search/{ENTNUM}/stories-tagged/

  21. Facebook Dorking (Friends/Employers/Etc) • Enumerate the personal and professional networks:https://www.facebook.com/search/{ENTNUM}/employers/https://www.facebook.com/search/{ENTNUM}/groups/https://www.facebook.com/search/{ENTNUM}/employees/ (coworkers)https://www.facebook.com/search/{ENTNUM}/friends/https://www.facebook.com/search/{ENTNUM}/followers/https://www.facebook.com/search/{ENTNUM}/relatives/https://www.facebook.com/search/{ENTNUM}/relatives/ • And you know what? You can do the “friends” trick here too. Even on the friends search. To get friends of friends of this person you’re not friends with in the first place. • Yeah. Let that sink in.

  22. Facebook (Comparisons) • Because why not? Let Facebook do the comparative analysis for you. • Common profile detailshttps://www.facebook.com/friendship/{ENTNUM1}/{ENTNUM2}/ • Common Interests and Activitieshttps://www.facebook.com/search/{ENTNUM1}/places-visited/{ENTNUM2}/places-visited/intersect/https://www.facebook.com/search/{ENTNUM1}/places-checked-in/{ENTNUM2}/places-checked-in/intersect/https://www.facebook.com/search/{ENTNUM1}/places-liked/{ENTNUM2}/places-liked/intersect/https://www.facebook.com/search/{ENTNUM1}/pages-liked/{ENTNUM2}/pages-liked/intersect/{ETC} • And why not mix and match? How about places one visited and the other liked?https://www.facebook.com/search/{ENTNUM1}/places-visited/{ENTNUM2}/places-liked/intersect/

  23. Additional Resources • Twitter REST API • https://dev.twitter.com/ • Facebook Graph API and trackable items • https://developers.facebook.com/docs/graph-api/using-graph-api/ • https://developers.facebook.com/docs/graph-api/webhooks • Hermit • https://twitter.com/hermit_hacker • https://www.cryptolingus.net/ • https://www.stackattack.net/blog/

More Related