1 00:00:00,000 --> 00:00:02,860 Welcome to another exciting episode of our podcast. 2 00:00:04,480 --> 00:00:07,040 I'm Matthea, an accomplished open source intelligence 3 00:00:07,040 --> 00:00:09,760 analyst with a passion for uncovering valuable insights 4 00:00:09,760 --> 00:00:12,140 from publicly available sources. 5 00:00:12,140 --> 00:00:15,880 As a winner of the operation Safe Escape CTF by Trace Labs, 6 00:00:15,880 --> 00:00:18,680 I have honed my skills in the collection, analysis, 7 00:00:18,680 --> 00:00:20,480 and dissemination of intelligence. 8 00:00:22,040 --> 00:00:25,100 In today's episode, we'll be exploring the fascinating world 9 00:00:25,100 --> 00:00:27,720 of username open source intelligence. 10 00:00:27,720 --> 00:00:30,460 As an essential aspect of open source intelligence, 11 00:00:30,460 --> 00:00:32,120 username open source intelligence 12 00:00:32,120 --> 00:00:33,780 can unlock valuable information 13 00:00:33,780 --> 00:00:36,440 for a range of investigative purposes. 14 00:00:36,440 --> 00:00:39,880 So sit back, relax, and join me as we delve deeper 15 00:00:39,880 --> 00:00:41,080 into this exciting two. 16 00:00:42,920 --> 00:00:45,440 In computer science, the username is nothing more 17 00:00:45,440 --> 00:00:48,760 than a word, phrase, number, or combination of characters 18 00:00:48,760 --> 00:00:53,100 that almost always uniquely identifies a user on a service. 19 00:00:53,100 --> 00:00:55,880 Unlike ID codes that are chosen by the service itself 20 00:00:55,880 --> 00:00:59,280 and are immutable, the username can change over time. 21 00:00:59,280 --> 00:01:01,560 Most internet services offer users the ability 22 00:01:01,560 --> 00:01:04,240 to select their own username or nickname. 23 00:01:04,240 --> 00:01:05,800 In the era of social media, 24 00:01:05,800 --> 00:01:07,920 where we are all more or less on display, 25 00:01:07,920 --> 00:01:10,200 the username has become a kind of a stage name 26 00:01:10,200 --> 00:01:11,400 that people give themselves 27 00:01:11,400 --> 00:01:13,540 and that they will hardly change. 28 00:01:13,540 --> 00:01:15,800 Therefore, by knowing a person's username, 29 00:01:15,800 --> 00:01:18,360 we could locate all the profiles on social media 30 00:01:18,360 --> 00:01:21,420 and internet services that use the same username. 31 00:01:21,420 --> 00:01:23,940 In today's world, where social media has become 32 00:01:23,940 --> 00:01:25,840 an essential part of our daily lives, 33 00:01:25,840 --> 00:01:28,840 usernames play a crucial role in identifying individuals 34 00:01:28,840 --> 00:01:31,480 across various online platforms. 35 00:01:31,480 --> 00:01:33,640 While usernames can be easily changed, 36 00:01:33,640 --> 00:01:35,820 they remain a valuable tool for investigators 37 00:01:35,820 --> 00:01:37,940 and researchers to track online activities 38 00:01:37,940 --> 00:01:40,760 and profiles associated with a particular individual. 39 00:01:42,560 --> 00:01:45,520 So where can you find a person's username? 40 00:01:45,520 --> 00:01:47,720 It depends on the platform, but typically, 41 00:01:47,720 --> 00:01:49,600 usernames can be found in the URL 42 00:01:49,600 --> 00:01:51,800 or linked to the person's profile. 43 00:01:51,800 --> 00:01:53,520 By simply viewing the URL, 44 00:01:53,520 --> 00:01:55,540 you can often find the username associated 45 00:01:55,540 --> 00:01:57,560 with a particular profile. 46 00:01:57,560 --> 00:02:00,760 Additionally, usernames can be found in the profile bio, 47 00:02:00,760 --> 00:02:03,200 which is a brief description that users often include 48 00:02:03,200 --> 00:02:05,600 on their social media profiles. 49 00:02:05,600 --> 00:02:07,320 However, in rare cases, 50 00:02:07,320 --> 00:02:09,820 you may need to access the source code of a webpage 51 00:02:09,820 --> 00:02:11,700 to locate a username. 52 00:02:11,700 --> 00:02:14,080 This is because some websites may hide usernames 53 00:02:14,080 --> 00:02:16,600 for security or privacy reasons. 54 00:02:16,600 --> 00:02:18,380 But with the right tools and knowledge, 55 00:02:18,380 --> 00:02:20,660 it is still possible to find a person's username 56 00:02:20,660 --> 00:02:22,480 even in these cases. 57 00:02:22,480 --> 00:02:25,840 Overall, usernames are a powerful tool for investigators, 58 00:02:25,840 --> 00:02:28,340 researchers, and anyone looking to understand 59 00:02:28,340 --> 00:02:30,840 an individual's online presence. 60 00:02:30,840 --> 00:02:32,560 By knowing where to find usernames 61 00:02:32,560 --> 00:02:34,160 and how to use them effectively, 62 00:02:34,160 --> 00:02:36,920 we can gain valuable insights into online behavior 63 00:02:36,920 --> 00:02:39,120 and protect ourselves from potential threats. 64 00:02:40,880 --> 00:02:42,360 In today's digital age, 65 00:02:42,360 --> 00:02:44,560 Google is often considered to be our best friend 66 00:02:44,560 --> 00:02:48,120 when it comes to finding information, including usernames. 67 00:02:48,120 --> 00:02:50,600 Google is the go-to search engine for most people, 68 00:02:50,600 --> 00:02:51,840 and it's the first place to look 69 00:02:51,840 --> 00:02:54,400 when searching for a particular username. 70 00:02:54,400 --> 00:02:56,200 When performing a username search, 71 00:02:56,200 --> 00:02:58,520 it's essential to use the correct search terms, 72 00:02:58,520 --> 00:03:01,640 and the Google door quote is a great way to do this. 73 00:03:01,640 --> 00:03:03,300 By using the Google door quote, 74 00:03:03,300 --> 00:03:04,960 we can narrow down the search results 75 00:03:04,960 --> 00:03:07,080 to only those that contain the exact keyword 76 00:03:07,080 --> 00:03:08,640 we're looking for. 77 00:03:08,640 --> 00:03:11,160 This is because searching for a username without the quotes 78 00:03:11,160 --> 00:03:14,480 will often produce thousands of irrelevant search results. 79 00:03:14,480 --> 00:03:15,920 The Google door quote ensures 80 00:03:15,920 --> 00:03:18,440 that we get the specific information we're looking for 81 00:03:18,440 --> 00:03:20,560 without any additional clutter. 82 00:03:20,560 --> 00:03:22,520 The Google door quote can also be used 83 00:03:22,520 --> 00:03:25,960 on other search engines like DuckDuckGo, Bing, Yandex, 84 00:03:25,960 --> 00:03:28,040 and Yahoo, ensuring that we have access 85 00:03:28,040 --> 00:03:30,360 to a wider range of results. 86 00:03:30,360 --> 00:03:32,480 Additionally, we can further refine our search 87 00:03:32,480 --> 00:03:34,760 by indicating the platforms we're interested in, 88 00:03:34,760 --> 00:03:38,220 such as username, site, Instagram.com. 89 00:03:38,220 --> 00:03:40,640 This tells the search engine to only display results 90 00:03:40,640 --> 00:03:42,220 that contain the username of interest 91 00:03:42,220 --> 00:03:44,200 on the Instagram platform. 92 00:03:44,200 --> 00:03:46,360 Overall, Google and other search engines 93 00:03:46,360 --> 00:03:49,080 can be incredibly useful tools for locating usernames 94 00:03:49,080 --> 00:03:51,520 and other information on the internet. 95 00:03:51,520 --> 00:03:54,300 By using the correct search terms and filtering options, 96 00:03:54,300 --> 00:03:56,480 we can quickly and easily find the information 97 00:03:56,480 --> 00:03:57,460 we're looking for. 98 00:03:59,260 --> 00:04:00,820 Automatic username search. 99 00:04:02,600 --> 00:04:05,240 Firstly, automatic username search services work 100 00:04:05,240 --> 00:04:07,160 by generating the URL of a service 101 00:04:07,160 --> 00:04:09,560 and entering the specified username. 102 00:04:09,560 --> 00:04:11,040 Depending on the script used, 103 00:04:11,040 --> 00:04:12,940 there will be a second phase of verification 104 00:04:12,940 --> 00:04:14,880 of the server's response in order to determine 105 00:04:14,880 --> 00:04:17,900 whether that user exists on the platform or not. 106 00:04:17,900 --> 00:04:20,520 However, no tool is immune to false positives, 107 00:04:20,520 --> 00:04:23,820 so it's important to verify the link provided to us. 108 00:04:23,820 --> 00:04:25,880 False positives can be of two types. 109 00:04:25,880 --> 00:04:28,020 The page responds with a not found error, 110 00:04:28,020 --> 00:04:30,400 but our script indicates that the user exists 111 00:04:30,400 --> 00:04:31,560 or the username exists, 112 00:04:31,560 --> 00:04:34,000 but is associated with another person. 113 00:04:34,000 --> 00:04:37,280 In such cases, a manual check is always necessary. 114 00:04:38,880 --> 00:04:42,240 Let's now move on to the first service, What's My Name? 115 00:04:42,240 --> 00:04:45,000 This tool is available as both a script and a web service 116 00:04:45,000 --> 00:04:47,120 and is known for its accuracy due to a series 117 00:04:47,120 --> 00:04:49,760 of additional checks on the target profile. 118 00:04:49,760 --> 00:04:51,480 What's My Name is currently implemented 119 00:04:51,480 --> 00:04:53,960 in several third-party solutions such as Blackbird, 120 00:04:53,960 --> 00:04:57,720 Spiderfoot, SN0int, and LinkScope. 121 00:04:57,720 --> 00:04:59,080 After entering the username, 122 00:04:59,080 --> 00:05:00,800 we can select a category of interest 123 00:05:00,800 --> 00:05:03,240 or select all to get all results. 124 00:05:03,240 --> 00:05:04,680 By clicking the green button, 125 00:05:04,680 --> 00:05:07,440 all identified profiles will be displayed in green 126 00:05:07,440 --> 00:05:09,960 and we can open the profile directly. 127 00:05:09,960 --> 00:05:11,400 What's My Name currently checks 128 00:05:11,400 --> 00:05:13,700 around 300 different internet services. 129 00:05:13,700 --> 00:05:16,540 The second service we'll be discussing is MayGrey, 130 00:05:16,540 --> 00:05:18,940 a Python script or a standalone Windows package 131 00:05:18,940 --> 00:05:22,300 that allows for the creation of dossiers on usernames. 132 00:05:22,300 --> 00:05:24,780 It supports over 2,500 websites 133 00:05:24,780 --> 00:05:29,780 and offers export in PDF, HTML, and other formats. 134 00:05:29,780 --> 00:05:31,220 If it finds additional information 135 00:05:31,220 --> 00:05:33,180 such as user IDs within the page, 136 00:05:33,180 --> 00:05:34,780 it will also export those, 137 00:05:34,780 --> 00:05:38,420 and in some cases, it will export profile photos. 138 00:05:38,420 --> 00:05:40,100 MayGrey offers recursive search, 139 00:05:40,100 --> 00:05:42,100 which means that if another username is linked 140 00:05:42,100 --> 00:05:44,460 within a profile, it will automatically perform 141 00:05:44,460 --> 00:05:46,700 a second search on the new username. 142 00:05:46,700 --> 00:05:48,940 However, MayGrey currently does not perform 143 00:05:48,940 --> 00:05:51,340 the same type of verification as What's My Name, 144 00:05:51,340 --> 00:05:54,700 which exposes the analyst to numerous false positives. 145 00:05:54,700 --> 00:05:57,900 To use MayGrey, Python, and the PIP package manager 146 00:05:57,900 --> 00:05:59,740 must be installed on the PC. 147 00:06:01,340 --> 00:06:03,900 In conclusion, automatic username search services 148 00:06:03,900 --> 00:06:06,540 such as What's My Name and MayGrey can be extremely useful 149 00:06:06,540 --> 00:06:09,300 for open-source intelligence analysts. 150 00:06:09,300 --> 00:06:10,900 They simplify the search process 151 00:06:10,900 --> 00:06:13,900 and can provide a wealth of information on a target. 152 00:06:13,900 --> 00:06:16,700 However, it's important that no tool is perfect 153 00:06:16,700 --> 00:06:19,060 and manual verification is always necessary 154 00:06:19,060 --> 00:06:20,300 to ensure accuracy. 155 00:06:21,860 --> 00:06:23,500 Data breaches can be a goldmine 156 00:06:23,500 --> 00:06:25,620 for open-source intelligence analysts, 157 00:06:25,620 --> 00:06:27,420 as they often contain user information 158 00:06:27,420 --> 00:06:30,460 such as usernames that can lead to more information. 159 00:06:30,460 --> 00:06:32,500 Some online services allow us to search 160 00:06:32,500 --> 00:06:34,300 for these breaches using a username, 161 00:06:34,300 --> 00:06:36,900 but not all services offer this option. 162 00:06:36,900 --> 00:06:39,460 In such cases, we can try entering the username 163 00:06:39,460 --> 00:06:42,860 in the email field, even though we may rarely get results. 164 00:06:44,660 --> 00:06:46,660 One such service that provides the ability 165 00:06:46,660 --> 00:06:49,500 to check for leaked passwords is LeakCheck. 166 00:06:49,500 --> 00:06:51,900 It offers a paid annual or lifetime subscription 167 00:06:51,900 --> 00:06:53,900 and can verify if an email address 168 00:06:53,900 --> 00:06:56,500 or username has been compromised. 169 00:06:56,500 --> 00:06:59,660 Simply select username in the choose type field, 170 00:06:59,660 --> 00:07:02,700 enter the username, and click on the search button. 171 00:07:02,700 --> 00:07:05,300 In a few seconds, we will receive all the leaked passwords 172 00:07:05,300 --> 00:07:07,100 that use that username. 173 00:07:07,100 --> 00:07:09,500 We can also try searching for the username 174 00:07:09,500 --> 00:07:11,100 as if it were an email address 175 00:07:11,100 --> 00:07:13,860 using the email by keyword option. 176 00:07:13,860 --> 00:07:17,100 With a bit of luck, we may find compromised email addresses 177 00:07:17,100 --> 00:07:19,700 and passwords associated with our target. 178 00:07:19,700 --> 00:07:22,100 However, we must verify all the data 179 00:07:22,100 --> 00:07:24,260 as we cannot be certain that these usernames, 180 00:07:24,260 --> 00:07:27,500 email addresses, and passwords are linked to our target. 181 00:07:29,260 --> 00:07:31,860 Generating possible email addresses from usernames 182 00:07:31,860 --> 00:07:34,300 is another technique we can use. 183 00:07:34,300 --> 00:07:37,100 For instance, we can try variations such as username 184 00:07:37,100 --> 00:07:40,700 at gmail.com or username at outlook.com. 185 00:07:40,700 --> 00:07:43,500 This approach can help us identify any email addresses 186 00:07:43,500 --> 00:07:45,100 associated with our target. 187 00:07:46,900 --> 00:07:48,900 In addition, most major social networks 188 00:07:48,900 --> 00:07:51,100 have internal search engines that we can use to search 189 00:07:51,100 --> 00:07:54,300 for usernames and names associated with our target. 190 00:07:54,300 --> 00:07:57,100 These search engines can be valuable sources of information 191 00:07:57,100 --> 00:07:59,900 for open source intelligence analysts. 192 00:07:59,900 --> 00:08:03,100 Thank you for tuning into this episode of our podcast. 193 00:08:03,100 --> 00:08:05,300 I hope you found our discussion on username 194 00:08:05,300 --> 00:08:08,500 open source intelligence insightful and informative. 195 00:08:08,500 --> 00:08:11,300 Remember, open source intelligence is a powerful tool 196 00:08:11,300 --> 00:08:13,500 that can provide valuable insights and intelligence 197 00:08:13,500 --> 00:08:15,900 from publicly available sources. 198 00:08:15,900 --> 00:08:17,700 If you have any questions or comments, 199 00:08:17,700 --> 00:08:20,300 please don't hesitate to reach out to me. 200 00:08:20,300 --> 00:08:22,500 And, if you enjoyed this podcast, 201 00:08:22,500 --> 00:08:25,500 be sure to subscribe and stay tuned for more episodes 202 00:08:25,500 --> 00:08:28,500 on open source intelligence and related topics. 203 00:08:28,500 --> 00:08:30,500 Thanks again for listening, and I look forward 204 00:08:30,500 --> 00:08:33,300 to bringing you more exciting content in the future.