Proper Security
@ProperSecurity
Followers
36
Following
184
Media
4
Statuses
151
Freelance threat Intel, OSINT and OPSEC researcher. Sharing knowledge and hilarious #fails with the Twitters. Not being a creeper. #OSINT #threatintel #opsec
Joined March 2019
Annnd I passed! Now to see if it matters in the job market. Anyone with a #GCTI get a job in TI/investigations with it?
0
0
2
[#OSINT] Okay everyone, sign ups for the MultiFind BETA are now available. First, read this article for a brief introduction to v1 of MultiFind, it includes a video and a few words. At the bottom you’ll find a link to sign up for the BETA! https://t.co/oXEDD8AS5B
11
31
63
If you're new to OSINT research. Here's a list of helpful resources: https://t.co/AgREp4mSVE
https://t.co/00i4hBvxcg
https://t.co/xmEDUnZf0m
https://t.co/20ZzFvUkzz
https://t.co/IXFyQcXdiJ
https://t.co/a7k7953Qxi
start.me
List compiled by private investigator Emmanuelle Welch of French Connection Research (Brooklyn, NY, USA) Even if a professional investigator never works infidelity cases, knowing how to navigate the...
2
60
148
Fun times. I sit for the GIAC GCTI exam this Friday. So going over all my notes and actually reading all the papers. #threatintel #GCTI #hopeipass
1
1
2
Darkweb Vendors and the Basic Opsec Mistakes They Keep Making
medium.com
A brief overview of the investigations into darkweb vendors who utterly failed to keep their identity private.
1
9
12
One thing I’ve always thought hasn’t been exploited enough in spearphishing is building rapport. Do a couple back and forth emails before sending the attachment. Build some trust so the target will actively participate in their compromise. One shot campaigns make me sad 😞
17
34
170
In case you didn’t know (and it’s okay to not know!)
I learnt today that IP addresses can be shortened by dropping the zeroes. Examples: http://1.0.0.1 → http://1.1
http://192.168.0.1 → http://192.168.1 This bypasses WAF filters for SSRF, open-redirect, etc where any IP as input gets blacklisted. #infosec #bugbounty #bugbountytip
10
56
236
This is the most America thing I've seen in a week.
cbsnews.com
Los Angeles Unified School District Police officials are considering whether they need the armored vehicle and grenade launchers they received from the U.S. military.
0
1
0
So I was on a holiday for 3 weeks... FB Graph down, Pipl free ended, @IntelTechniques forum, tools and Buscador down....what else did I miss?! #NeverGoingOnAHolidayAgain #OSINT
4
3
19
@ProperSecurity Hello! Thank you very much for bringing this to our attention. We will definitely look into this report!
1
1
1
So hey, @Spokeo_Care, you guys might want to better police your affiliates. It looks like at least one of them is taking over dozens of legit websites (probably through C2) and including your Spokeo Affiliate info. Ex: https://t.co/GtMrD0KRPA (lots of examples on page 2)
1
0
0
A metaphor for BGP
@0xabad1dea My usual metaphor is: You don't have GPS, but those 'Take I-94 to Chicago' signs are all networked. And then one day, the state of Washington says "The fastest way to Florida is through Washington!" And everyone next to them says "Sure, why not".
0
0
0
Now that the SpiderFoot HX Private Beta has ended, registrations are finally open.. Sign up for a free SpiderFoot HX account: https://t.co/thLC6gThdM
#OSINT #recon
3
44
76
[#OSINT] PaGoDo is an OSINT tool that lets you automate Google Dorks. I've written a brief introduction to the tool as well as a bit of insight on how to customize it to your own needs. https://t.co/Nt4zaCXujB
0
28
67
I just posted my new #OPSEC tool to #Github. Automated #proxy scraping, #Tor Terminals, secured DNS traffic and more! Check it out. https://t.co/09DtGCjHo8
#InfoSec #CyberSecurity #Privacy
5
114
247
Introducing Slackor, a Remote Access Tool Using Slack as a C2 Channel: https://t.co/OtF21rNQ2p curtesy of @n00py1. Check out this amazing exfiltration technique & toolkit! Github:
4
5
49
I wrote a thing and it is mostly just me being obvious. Security is about people, not computers. https://t.co/QQWF3Z5xft
link.medium.com
I read a post from a physical security guy who interacted with information security people at a conference and what he learned there. You…
3
34
93
Been having some fun with @DomainTools nifty little #Iris domain explorer. Too bad it's just a trial and so damn expensive. #osint #greattools
0
0
0
Updated #OPSEC/#SocialEngineering resources from the Proper OPSEC Blog:
0
0
0