August 31, 2012 at 5:35 pm #7858
Jason is about to be on a roll. In addition to this article and then Part II in the works, he’s also slated to do some course reviews, a new contest as well as some other ideas for his column. I think I have him jammed for at least the next year. Should be fun.
Speaking of fun, if you can, catch Jason at DerbyCon speaking on this very topic of doxing.
Permanenet link: [Article]-Doxing and Anti-Doxing – Part I
For those of us following or taking part in the various hacktivist activities happening around the globe on a regular basis, doxing is a regular feature. We wake up in the morning to find the personal lives of businessmen, hackers who have made target of themselves for one reason or another, government employees, and a host of others spilled out onto the Internet for the entire world to see. Doxing can be a tool for use in security testing, investigation, or research on the positive side. But it can also be a tool for humiliation, harassment, and worse on the negative side.
In the Part I of this article, we will discuss what exactly doxing is and the tools and techniques we might use to carry out such an attack. In the Part II of this article we will talk about the steps we can take to at least lessen its impact, should we find ourselves on the receiving end of such efforts.
August 31, 2012 at 7:11 pm #49518shadowzeroParticipant
A good read. Looking forward to part 2.
September 4, 2012 at 8:22 am #49519cyber.spiritParticipant
good article im waiting for part two too!
September 4, 2012 at 3:22 pm #49520rattisParticipant
Great refresher, but when I clicked the link for the Google advanced operators, I got a 404 error.
Looking forward to part 2.
September 4, 2012 at 4:40 pm #49521
Looks like they’ve moved things on me. The updated link is:
Thanks for the heads-up, I’ll get Don to tweak the article.
September 4, 2012 at 8:52 pm #49522m0wgliParticipant
Well written article, a good overview for those unfamiliar with the concepts.
I followed some of the well publicised doxes earlier in the year e.g. Lulzsec and UGNazi, and found them to be very useful examples of the techniques involved and how the information gathered can be expanded upon.
Also, as you mention in your article some of these inferences are entirely wrong, which has led to the wrong person getting doxed by mistake.
I don’t know what you’ve got planned for your next contest but requiring a bit of OSINT/information reconnaissance before actually getting to the challenge or being the challenge itself could prove interesting.
Looking forward to part two!
September 4, 2012 at 9:35 pm #49523
Article has been tweaked!
Glad everyone is enjoying it.
September 6, 2012 at 8:05 pm #49524
September 19, 2012 at 6:13 pm #49525
Jason’s editorial schedule for his column is as follows:
Sept = Spooky Warfare Hacking Contest
Oct = Course Review: SANS vLive FOR408
Nov = Spooky Warfare Results
Dec = Doxing Part II
Jan or Feb = Course Review: SANS vLive FOR508
September 19, 2012 at 6:39 pm #49526blackazarroParticipant
Yup, I took that course this summer. I learned some cool tricks. Earned a cert for passing the course. Very easy.
September 19, 2012 at 9:14 pm #49527
Google continues to amaze me (even though they’re evil) with the handy things that you can get to with their engine. I just figured out a while back that wikipedia
will get you right to the link for whatever you’re searching on. Its a heck of alot faster than going through the whole route. I’ve found a few other things that work similarly and are a huge timesaver.
- You must be logged in to reply to this topic.