-
Notifications
You must be signed in to change notification settings - Fork 0
/
Sock-Puppets
66 lines (47 loc) · 3.09 KB
/
Sock-Puppets
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
A sock puppet is an online identity designed especially for investigations.
Sock puppet accounts also known as threat profiles, burner accounts or the fakes.
Sock puppet account/s should be well maintained and look alike the real accounts.
Sock puppet or the threat profile has three levels to maintain anonymity:
Overt – Public who is non-anonymous
Covert – A bit secretive or private profile
Clandestine – Completely hidden
------------------------------------------------------------------------
Why we need Sock Puppet accounts?
Privacy ∝ OSINT ∝ Privacy. This means to always remain under the hood while investigating.
Cyber criminals could be mafias, who may dox us back with our own footprints left online.
These individual or group of cyber criminals also know these tactics and hence usually create an online presence using the honeypots, and we might while investigation spook the target which could draw their suspicion.
Investigation of state sponsored attacks.
Belling Cat – Aric Toler ---- https://x.com/AricToler/status/999997413237710852
Robin Sage Story ---- https://en.wikipedia.org/wiki/Robin_Sage#:~:text=Robin%20Sage%20is%20a%20fictional,appeared%20on%20social%20networking%20pages.
-----------------------------------------------------------------
Points to ponder while working on Sock Puppets:
Follow the principle to maintain anonymity online.
The phone and the SIM number should be very clean. (called burner phones)
Fill out the complete profiles as neat as possible.
Make sure to use some fake generated images for profile pictures, or best way is to use certain travel or generic pics like cartoons, etc.
But make sure if the profile picture is of some cartoon say Anime, there should be enough posts or liked pages that justifies and relates to the nature of account.
Add few pictures, albums of travel, mountains, nature, cartoons, avoid political content. And make sure that these are not the copied images from Google or other search engines.
Always turn on the private mode on social media accounts.
Subscribe to some public portals, make some genuine posts but make sure to keep away yourself from politics, religion, caste or certain other issues based on region such as ongoing wars, terrorism, etc.
All in all the social media profile should look as active as possible.
-----------------------------------------------------------------
Always use fake emails using:
Fastmail -- https://app.fastmail.com/signup/
CryptoGmail -- https://embedded.cryptogmail.com/
Tempmail -- https://temp-mail.org/en/
dropmail.me -- https://dropmail.me/en/
20minutemail.com – very important for canary tokens
Fake images
Thispersondoesnotexist.com
Generated.photos
Use telegram/or xander for interesting pics such as travel,
Use AI such as Microsoft or Meta AI --- https://create.microsoft.com/en-us/features/ai-image-generator
Burner Phone numbers
Always use clean SIM to register email accounts
Mysudo.com
Texfree.us
onlineSIM -- https://onlinesim.io/
eSIM+ --- https://esimplus.me/
Fake Name Generator
Fakena.me --- Fakena.me
--------------------------------------------------------