Difference between revisions of "Self-dox"
From Gender and Tech Resources
(Created page with "Doxing is a technique of tracing someone or gathering information about an individual using sources on the internet. Its name is derived from “Documents” or “Docx”. Do...") |
m (→Profiling and fingerprinting) |
||
(22 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
− | Doxing is a technique of tracing someone or gathering information about an individual using sources on the internet. Its name is derived from “Documents” or “Docx”. Doxing method is based purely on the ability of the hacker to recognize valuable information about his target and use this information to his benefit. It is also based around the idea that, “The more you know about your target, the easier it will be to find his or her flaws” ~ [http://www.urbandictionary.com/define.php?term=doxing Urban dictionary]. | + | ''Doxing is a technique of tracing someone or gathering information about an individual using sources on the internet. Its name is derived from “Documents” or “Docx”. Doxing method is based purely on the ability of the hacker to recognize valuable information about his target and use this information to his benefit. It is also based around the idea that, “The more you know about your target, the easier it will be to find his or her flaws”'' ~ [http://www.urbandictionary.com/define.php?term=doxing Urban dictionary]. |
− | Such flaws can then be exploited. The exploitation wildly differs depending on the adversary. For example, profiling information can be used for encapsulation attempts. If those fail | + | Such flaws can then be exploited. The exploitation wildly differs depending on the adversary. For example, profiling information can be used for encapsulation attempts by intelligence agencies. If those attempts are tried and fail and you are still enough of an annoyance to your government, expect [[Psychological warfare|aggressive demonisation by government paid trolls]] (and exceptionalism at its current flourishing best). |
− | + | Doxing is also a part of reconnaissance where it is called 'human intelligence' or 'humint', and its focus is on its shadow side. The techniques can be simple or complex, and are useful for background checks (infiltrant agents will probably remain invisible with these techniques but littler petty tyrant may be detected) <ref>Investigation Online: Gathering Information to Assess Risk https://modelviewculture.com/pieces/investigation-online-gathering-information-to-assess-risk | |
+ | </ref>. | ||
− | + | There are tools particularly created for d0xing. I use as little automated tools as possible. Not only because of the risk of poisoning, also because I prefer to pay more attention to little-easily-overlooked-details. The more you rely on auto-anything, the more you overlook. But if you want to use a tool and it is unknown to you, please do some research (possibly) follow the money, where the makers are located, for assessing likelihood of the code being poisoned. | |
+ | |||
+ | This page collects doxxing resources and if you have one, please do add! | ||
+ | |||
+ | [[File:Lulz-vs-lulz.jpg|480px|thumb|right|Doxed: how Sabu was outed by former Anons long before his arrest http://arstechnica.com/tech-policy/2012/03/doxed-how-sabu-was-outed-by-former-anons-long-before-his-arrest/]] | ||
+ | |||
+ | == Storing information during research == | ||
+ | [[Linux_applications#Storing_information|Store gathered data]] on an encrypted external disk. | ||
== Resources == | == Resources == | ||
+ | |||
+ | === Spies online === | ||
+ | |||
+ | You can use the same (or similar) spies online techniques <ref>Spies online http://www.spiesonline.net/</ref> to see yourself through the eyes of the adversaries that might d0x you. That information can then be used to protect yourself from your adversaries as best as you can. And when setting up other, anonymous or pseudonymous identities, these same resources can be used for test-driven-development of the identity. | ||
+ | |||
+ | === Elicitation === | ||
+ | *Social engineer: elicitation http://www.social-engineer.org/framework/influencing-others/elicitation/ | ||
+ | * Information Elicitation via Social Engineering http://capec.mitre.org/data/definitions/410.html | ||
=== Search engines === | === Search engines === | ||
− | + | * Duck Duck Go https://duckduckgo.com/ (anonymous search) | |
− | + | * IxQuick https://ixquick.com/ | |
− | + | * StartPage https://startpage.com/ | |
− | + | * YaCy http://yacy.net/en/index.html (distributed search) | |
=== People === | === People === | ||
− | + | * Check Usernames http://checkusernames.com/ | |
− | + | * Lullar http://com.lullar.com/ | |
− | + | * Peek You http://www.peekyou.com/ | |
− | + | * Pipl https://pipl.com/ | |
− | + | * Recorded Future https://www.recordedfuture.com/ | |
− | + | * Social Mention http://socialmention.com/ | |
− | + | * WebMii http://webmii.com/ | |
− | + | * Whos Talkin http://www.whostalkin.com/ | |
− | + | ||
− | + | ||
=== Images === | === Images === | ||
− | + | * TinEye https://tineye.com/ | |
− | + | ||
− | * TinEye | + | |
=== Posts and discussions === | === Posts and discussions === | ||
− | + | * Omgili http://omgili.com/ | |
− | + | ||
− | * Omgili | + | |
=== IP lookup === | === IP lookup === | ||
− | + | '''Technical information related to whois''' | |
− | + | * RFC 954 – NICNAME/WHOIS </nowiki>http://www.faqs.org/rfcs/rfc954.html | |
− | * | + | * RFC 1834 – Whois and Network Information Lookup Service, Whois++ </nowiki>http://www.faqs.org/rfcs/rfc1834.html |
+ | '''Whois clients''' | ||
+ | * Linux online manpage jwhois http://linux.die.net/man/1/whois | ||
+ | * Ripe whois client http://sourceforge.net/projects/whois/files/ (does not check for supported flags at the client side, except for -h (whois host) and -p (whois port)) | ||
+ | '''Webbased whois lookups''' | ||
+ | * Geektools http://www.geektools.com/whois.php (also serves as proxy) | ||
+ | * Whois at the Open Directory Project http://www.dmoz.org/Computers/Internet/Domain_Names/Name_Search/ with (list of whois servers) | ||
+ | '''Useful whois servers''' | ||
+ | * InterNIC http://www.internic.net/whois.html (the main Internic whois) | ||
+ | * American Registry for Internet Numbers http://whois.arin.net/ (gives info on who owns a netblock) | ||
+ | * Advanced query RADb http://www.radb.net/query/?advanced_query=1 (for routing information from an IP address) | ||
+ | * Robtex http://www.robtex.com/ (goodies in a toolbar) | ||
+ | '''RWhois''' | ||
+ | * RWHOIS project on ARIN http://projects.arin.net/rwhois/ | ||
+ | * RWhois Web Interface http://projects.arin.net/rwhois/prwhois.html (a sample rwhois web interface on ARIN using the Net::Rwhois perl5 client) | ||
+ | '''Other interesting lookups''' | ||
+ | * The New Ultimates, mostly US data http://www.newultimates.com/ | ||
=== D0xing tools === | === D0xing tools === | ||
− | + | * Sleeping Time http://sleepingtime.org/ | |
− | + | * Metagoofil http://www.edge-security.com/metagoofil.php | |
− | * | + | * theHarvester http://www.edge-security.com/theharvester.php |
=== Reuseful archives === | === Reuseful archives === | ||
Line 58: | Line 84: | ||
'''Europe''' | '''Europe''' | ||
− | + | * Archives portal europe http://www.archivesportaleurope.net/directory | |
− | + | * Archiwum Dokumentow Elektronicznych (POL) http://www.nac.gov.pl/ | |
− | + | * Bundesarchiv, Federal Archives (GER) http://www.bundesarchiv.de/index.html.de | |
− | + | * Central State Electronic Archives of Ukraine http://tsdea.archives.gov.ua/ | |
− | + | * The National Archives (UK) https://www.nationalarchives.gov.uk/ | |
− | + | * White and Yellow Pages Europe http://www.wayp.com/eng/europa3.shtml | |
− | + | * Офіційний веб-портал Державної архівної служби України http://www.archives.gov.ua/ | |
− | + | ||
'''Africa''' | '''Africa''' | ||
− | + | * National Archives of South Africa (NASA) http://www.national.archsrch.gov.za/sm300cv/smws/sm300dl | |
− | + | * White and Yellow Pages Africa http://www.wayp.com/eng/afrika3.shtml | |
− | + | * White Pages (ZA) http://www.whitepages.co.za/ | |
'''Asia''' | '''Asia''' | ||
− | + | * White and Yellow Pages Asia http://www.wayp.com/eng/asia3.shtml | |
'''Oceania''' | '''Oceania''' | ||
− | + | * New Zealand Web Archive http://natlib.govt.nz/collections/a-z/new-zealand-web-archive | |
− | + | * PANDORA, Australia's Web Archive http://pandora.nla.gov.au/ | |
− | + | * White and Yellow Pages South Pacific http://www.wayp.com/eng/southpas3.shtml | |
'''South America''' | '''South America''' | ||
− | + | * White and Yellow Pages America http://www.wayp.com/eng/amerika3.shtml | |
− | ''' | + | '''North America''' |
− | North America''' | + | |
+ | * National Archives (US) http://www.archives.gov/ | ||
+ | * WayBackMachine https://archive.org/web/ | ||
+ | * White and Yellow Pages America http://www.wayp.com/eng/amerika3.shtml | ||
+ | * White Pages (US) http://www.whitepages.com/ | ||
+ | == Related == | ||
+ | * [[Psychological warfare]] | ||
+ | * [[Trolling]] | ||
+ | * [[Roleplay]] | ||
+ | * [[Elicitation]] | ||
+ | |||
+ | == References == | ||
− | + | [[Category:How_To]] | |
− | + | ||
− | + | ||
− | + |
Latest revision as of 09:47, 24 September 2015
Doxing is a technique of tracing someone or gathering information about an individual using sources on the internet. Its name is derived from “Documents” or “Docx”. Doxing method is based purely on the ability of the hacker to recognize valuable information about his target and use this information to his benefit. It is also based around the idea that, “The more you know about your target, the easier it will be to find his or her flaws” ~ Urban dictionary.
Such flaws can then be exploited. The exploitation wildly differs depending on the adversary. For example, profiling information can be used for encapsulation attempts by intelligence agencies. If those attempts are tried and fail and you are still enough of an annoyance to your government, expect aggressive demonisation by government paid trolls (and exceptionalism at its current flourishing best).
Doxing is also a part of reconnaissance where it is called 'human intelligence' or 'humint', and its focus is on its shadow side. The techniques can be simple or complex, and are useful for background checks (infiltrant agents will probably remain invisible with these techniques but littler petty tyrant may be detected) [1].
There are tools particularly created for d0xing. I use as little automated tools as possible. Not only because of the risk of poisoning, also because I prefer to pay more attention to little-easily-overlooked-details. The more you rely on auto-anything, the more you overlook. But if you want to use a tool and it is unknown to you, please do some research (possibly) follow the money, where the makers are located, for assessing likelihood of the code being poisoned.
This page collects doxxing resources and if you have one, please do add!
Contents
Storing information during research
Store gathered data on an encrypted external disk.
Resources
Spies online
You can use the same (or similar) spies online techniques [2] to see yourself through the eyes of the adversaries that might d0x you. That information can then be used to protect yourself from your adversaries as best as you can. And when setting up other, anonymous or pseudonymous identities, these same resources can be used for test-driven-development of the identity.
Elicitation
- Social engineer: elicitation http://www.social-engineer.org/framework/influencing-others/elicitation/
- Information Elicitation via Social Engineering http://capec.mitre.org/data/definitions/410.html
Search engines
- Duck Duck Go https://duckduckgo.com/ (anonymous search)
- IxQuick https://ixquick.com/
- StartPage https://startpage.com/
- YaCy http://yacy.net/en/index.html (distributed search)
People
- Check Usernames http://checkusernames.com/
- Lullar http://com.lullar.com/
- Peek You http://www.peekyou.com/
- Pipl https://pipl.com/
- Recorded Future https://www.recordedfuture.com/
- Social Mention http://socialmention.com/
- WebMii http://webmii.com/
- Whos Talkin http://www.whostalkin.com/
Images
- TinEye https://tineye.com/
Posts and discussions
- Omgili http://omgili.com/
IP lookup
Technical information related to whois
- RFC 954 – NICNAME/WHOIS </nowiki>http://www.faqs.org/rfcs/rfc954.html
- RFC 1834 – Whois and Network Information Lookup Service, Whois++ </nowiki>http://www.faqs.org/rfcs/rfc1834.html
Whois clients
- Linux online manpage jwhois http://linux.die.net/man/1/whois
- Ripe whois client http://sourceforge.net/projects/whois/files/ (does not check for supported flags at the client side, except for -h (whois host) and -p (whois port))
Webbased whois lookups
- Geektools http://www.geektools.com/whois.php (also serves as proxy)
- Whois at the Open Directory Project http://www.dmoz.org/Computers/Internet/Domain_Names/Name_Search/ with (list of whois servers)
Useful whois servers
- InterNIC http://www.internic.net/whois.html (the main Internic whois)
- American Registry for Internet Numbers http://whois.arin.net/ (gives info on who owns a netblock)
- Advanced query RADb http://www.radb.net/query/?advanced_query=1 (for routing information from an IP address)
- Robtex http://www.robtex.com/ (goodies in a toolbar)
RWhois
- RWHOIS project on ARIN http://projects.arin.net/rwhois/
- RWhois Web Interface http://projects.arin.net/rwhois/prwhois.html (a sample rwhois web interface on ARIN using the Net::Rwhois perl5 client)
Other interesting lookups
- The New Ultimates, mostly US data http://www.newultimates.com/
D0xing tools
- Sleeping Time http://sleepingtime.org/
- Metagoofil http://www.edge-security.com/metagoofil.php
- theHarvester http://www.edge-security.com/theharvester.php
Reuseful archives
Such as wandering through archives, yellow pages, phone directories and other possibly useful information made publicly available.
Europe
- Archives portal europe http://www.archivesportaleurope.net/directory
- Archiwum Dokumentow Elektronicznych (POL) http://www.nac.gov.pl/
- Bundesarchiv, Federal Archives (GER) http://www.bundesarchiv.de/index.html.de
- Central State Electronic Archives of Ukraine http://tsdea.archives.gov.ua/
- The National Archives (UK) https://www.nationalarchives.gov.uk/
- White and Yellow Pages Europe http://www.wayp.com/eng/europa3.shtml
- Офіційний веб-портал Державної архівної служби України http://www.archives.gov.ua/
Africa
- National Archives of South Africa (NASA) http://www.national.archsrch.gov.za/sm300cv/smws/sm300dl
- White and Yellow Pages Africa http://www.wayp.com/eng/afrika3.shtml
- White Pages (ZA) http://www.whitepages.co.za/
Asia
- White and Yellow Pages Asia http://www.wayp.com/eng/asia3.shtml
Oceania
- New Zealand Web Archive http://natlib.govt.nz/collections/a-z/new-zealand-web-archive
- PANDORA, Australia's Web Archive http://pandora.nla.gov.au/
- White and Yellow Pages South Pacific http://www.wayp.com/eng/southpas3.shtml
South America
- White and Yellow Pages America http://www.wayp.com/eng/amerika3.shtml
North America
- National Archives (US) http://www.archives.gov/
- WayBackMachine https://archive.org/web/
- White and Yellow Pages America http://www.wayp.com/eng/amerika3.shtml
- White Pages (US) http://www.whitepages.com/
Related
References
- ↑ Investigation Online: Gathering Information to Assess Risk https://modelviewculture.com/pieces/investigation-online-gathering-information-to-assess-risk
- ↑ Spies online http://www.spiesonline.net/