π§΅1/4: Pivoting: sometimes in
#OSINT
investigations, you can feel stuck & in a rabbit hole, you feel like you have explored all possible leads. You should make your own Attack surfaces like
@sinwindie
& take breaks to drink some βοΈ, leave your screen alone and go back to it.
π§΅2/4: I was on a target that uses the same username everywhere. I added the target's mobile phone to my contacts list, and then I let snapchat do the work for me. Snapchat proposed the target as a contact and I found a new username which wasn't used before by the target.
π§΅3/4: Pivoted from the username found & used
@whatsmynameproj
which is a tool I cherish dearly, which took me to Gravatar. Went into the .json and found the MD5 hash. You may recall this great article by
@OsintSupport
:
π§΅4/4: Decrypted the MD5 hash which gave me a new Gmail I hadn't seen the target use before, from the Gmail, pivoted to Ghunt (python tool),
@epieos
, found a Google Maps with reviews, and did the usual stuff that you do when you have a gmail, a whole newπ opened up after thisπ΅οΈ