Introduction to locations and addresses fingerprinting

- [Instructor] Sometimes while performing OSINT, you'll want to identify the physical location of an organization or individual. Knowing their physical address can open up a whole world of possibilities. You could do things like dumpster dive for valuable information tossed in the trash. Look for vulnerabilities in the building's physical security posture. Provide a location to kick off social engineering impersonation campaigns, or generate a list of addresses where wireless network attacks could be launched. I was once asked to perform a reconnaissance on an executive who shared his fitness app data on Instagram. Seeing numerous social media posts containing his daily biking route, I was able to overlay a month's worth of data to identify a central point on all his workouts. The heat map of his route ultimately led me right to the road he lived on. Once I located the road on Google street view, I then cross-referenced other social media photos to match up the paint color of his house. The car parked in front of his house matched what I'd seen on social media. And I knew I had the right place. When trying to identify physical addresses for individuals, you may want to utilize the following resources during your search. Depending on the state and county, voter records may contain both individual's home address and financial contributions they've made to political parties. Political donations may become useful while building a social engineering and phishing campaign later in the hacking lifecycle. People often share a lot of useful information on social media that can be used either narrow down their physical location, or sometimes lead you right to their door. Photos from a target's front porch may show you a street sign or intersection that can be used to find their nearest cross street. Unless disabled manually, most modern mobile phones add GPS geo-coordinates to photos without the photographer's knowledge. We'll talk about tools that can extract this information later. And finally, people search engines such as Pipl.com, Whitepages, FamilyTreeNow, and Spokeo, scrape public records to find targets' relatives, phone numbers, email addresses, and physical addresses. When trying to fingerprint physical addresses for organizations, we can find partial or full addresses in a few places. Typically, organizations will share at least one physical address on their contact us page or at the bottom of their website. If an organization owns their office space, you can find details including their physical address and mailing address in property records. Sometimes you'll be able to find an address for an organization that doesn't typically advertise their physical location by looking at review sites. Yelp, the better business Bureau, and Google maps often have street addresses for businesses. If an organization has any intellectual properties such as trademarks or patents, it's likely that they have filed paperwork with the US patent office and the documents sometimes contain physical addresses. Finally, records from the secretary of state contain the name and address of business owners. I'm not saying these sources will always have the addresses but it's a good place to start.