Limdis' Doxing Mission

[fashizzlepop]

DAMN that was tricky. :/ Great mission though. I was hoping it was going to be a bit more straightforward. A lot of things tricked me up big time.

My Top 10 Doxing Tips to Remember:

1. Write down your notes. Open a document or text file and save all info you have on the subject as you go. This way you don't have to keep a bunch of browser tabs open and lose track of stuff if they are closed accidentally.

2. Check as many sites as possible for a related user name/email address. (Some sites specialize in searching other sites for username availability. Find one or make a script to do this yourself!)

3. Don't assume every username used by the target will be identical. Make sure you don't accidentally transpose any numbers or letters (or misread a username, double check everything!)

4. Permutations for password guessing are tricky. When dealing with dates, make sure you create a comprehensive list of all possible permutations. Ie.

October 3, 2009
Oct 3, 2009
Oct 3 2009
Oct32009
October 3 2009
October32009
1032009
10309
10/3/2009
10-3-2009
10/3/09
10-3-09
3/10/2009
3/10/09
3-10-2009
3-10-09
31009
3102009

Note: There are more possibilities that were strategically left out to prevent spoilers.

5. Many sites will hide information that is older than X days or months. Don't forget to search through these older posts!

6. There are many possible "red herrings" when doxing so make sure you have a reason to follow a lead that doesn't match exactly what you know already. Compare language use and other information from various accounts to compare to make sure you don't follow the wrong trail. (It is worth noting in the case of this mission that if you come across and accounts that are really in depth and have a LOT of posts/interactions/friends/etc. it's probably the wrong trail. The accounts related to this mission are all really bare.)

7. Sometimes someone will post something to a site that contains information of another account they own. Ie. posting images on twitter that link back to their photobucket.

8. When dealing with web pages or emails (produced by the target), make sure you check all the information given. Check the source of the page, check headers, check email information, and for God's sake, make sure you read the WHOLE god damn document!

9. Make sure you cover your tracks and protect yourself. Use proxies/tor when snooping and make sure to create anonymous email addresses. (In the case of this mission it's less important, but still a good idea.)

10. Do not alter data! If you have access to information of the target's, make sure you leave it as it is. Changing information will set off alarms and you do not want this to happen. Ie. Don't send "forgot password" request emails. This will alarm the target and you could lose your trail.

[limdis]

Looks like there was an issue again that I just discovered. Working on a fix. Sorry about the inconvenience, this is actually a very tricky challenge to maintain. Some of you will want to check your emails. Handling things manually until fixed.

[yesthisissmurf]

Alrighty... being the noob I am, I've fallen at the first hurdle. Can I get a push in the right direction, will I need to PM someone for that?

[limdis]

Sure you can PM me. But you'll have to make another post first (pm is locked until 2 posts are made). I'm also in #coffeesh0p right now if you are on IRC.