In part one, I ended with the site Pipl and how you can search for yourself online. There are many other sites you can use to search for peoples online presence. To name a few:
Since my last post, these sites have forced users to sign up in order to use the tool. Now feel free to use your personal details but you could find alternative means. I’ll just leave this here: https://ctrlaltdel.blog/2019/04/15/disposable-services/
Unfortunately some of these sites are limited to just the US.
What you are trying to gain by using these sites is information.
If you are running it on yourself, what can the public see?
If you are running on it on your security team or CIO, how open are they being online?
Whatever you are trying to achieve from this, you have to remember that you are looking at it from one point of view (Blue or Red Team). Whichever one you are, there could be someone looking at the same information at some point with malicious intent. Knowing where a person lives, what interests they have, friends they connect with, job titles are all useful in the right hands. The key is finding balance. You will have to advertise yourself on sites like LinkedIn, to get a job. What you don’t need to do is make that publicly available. Maybe lock it down to connections only.
If you do see a lot of information on yourself, you could also check if your credentials are exposed or are being sold. When you sign up to services, you expect that company to security measures in place in order to protect your personal data. If that company falls victim to an attack and credentials are stolen, they should make you aware of this. Talking from experience, this isn’t always the case. This is when these sites below because really useful:
Once you have entered your email address, it will report back if you have or haven’t been involved in a recent or past breach.
The advice here would be to obviously change your credentials asap. That goes for this site and any others which use the same credentials (email and password). This goes back to the present steps where someone will find which sites you use and test the credentials. Proven credentials are often worth more.
Here are a few more sites you can check:
I know I’ve mentioned quite a few useful sites but you don’t have to use these fancy sites and tools to see how exposed you are. Search engines like Google will pretty much do this for you. If you typed your phone number, email address or full name into Google, it will most likely find one link.
You can also do this on the social media sites themselves. Searching a person phone number on Facebook will return their profile, if their phone number is being synced with the application/profile. Facebook will often prompt you to save you number to use it services and the average person would just click next, next. This is why going direct might be an easier solution.
If you are not after a person but a company instead, Google can still be your friend. Using Google Dorks is an effective way to identify any company data which is available online. This might be intentionally or by accident. Again, instead of repeating myself, here is the link to show you how:
One last piece I will mention for this part is, WhoIs lookups. Now WhoIs privacy is a feature that should always be enabled, unless you are selling the domain.
If you don’t have privacy enabled, you may giving someone a way in. When you register a domain, you have to provide them details to prove who you say you are. If WhoIs privacy isn’t enabled, this information will be linked to the domain and made public.
Doing WhoIs lookups might not give you much information but it may give you are starting point. Remember, using tools such as Maltego will help you to create a web.
Remember, even the most minute pieces of information can help build a complete profile given the right tools.