jomo @[email protected]

My rc3 talk about #OSINT and #OPSEC (available in German and English):

https://jomo.tv/osint-opsec-introduction

#OPSEC pro tip for sanitizing PDFs: https://dangerzone.rocks / https://matweb.info

Both convert the PDF to an image and back to PDF.

https://twitter.com/json_dirs/status/1486127532076240896

#OSINT / #OPSEC tip: Images in PDFs are quite often just JPEGs embedded in the PDF file and can be extracted with `pdfimages`, for example.

The images are usually not modified by PDF creators when embedding, so they're included in full resolution and with Exif metadata.

I'll be at #rc3 talking about #OSINT / #OPSEC two hours from now.

Live stream: https://streaming.media.ccc.de/rc3/r3s (English language track is available in the settings)

In zwei Stunden, um 20 Uhr spreche ich beim #rc3 über #OSINT / #OPSEC.

Live stream: https://streaming.media.ccc.de/rc3/r3s

Please stop using the iOS Markup feature to cover sensitive information! #OPSEC

https://9to5mac.com/2018/03/13/ios-markup-reveal-redact-sensitive-info/

#OPSEC pro tip: Use the less distinctive of your given/middle names when you need to provide a valid legal name.

Extreme #OPSEC pro tip: Don't post screenshots at all, they may include more meta information than you might realize. e.g. display resolution, used font, font rendering details, etc.

This info can help tracking down which hardware and software (version) you used.

#OPSEC pro tip: Don't post screenshots that show anything other than what you really want to show

https://twitter.com/HeepDouse/status/1196807290021720065

#OPSEC pro tip you can't leak data from your Google account without a Google account

https://twitter.com/alexhern/status/1193822357137309696

#OPSEC pro tip: Hide login suggestions in #Firefox to prevent bystanders from detecting your secret shitposting account names

Add this to your profile/chrome/userChrome.css:

#PopupAutoComplete > richlistbox {
display: none !important;
}

Schlechte #OPSEC: Leserbriefe unter falschem Namen schreiben, aber die Absender-Mailadresse gleichzeitig für private Accounts verwenden 🤦‍♂️🤦‍♂️🤦‍♂️

[email protected]

"Es waren Fotos von Ebay-Artikeln in seinem privaten Facebook-Profil zu sehen."

https://www.kn-online.de/Lokales/Ploen/Schwentinental-Gruenen-Politiker-schrieben-Leserbriefe-unter-falschem-Namen

#OPSEC

"The One Company I Gave My Address To Won’t Delete It"
https://www.vice.com/en_us/article/xwnbzd/the-one-company-i-gave-my-address-to-wont-delete-it

#opsec fail

Polizei Aachen twittert mit pseudonymem Account zu Klimaprotesten
https://netzpolitik.org/2019/polizei-aachen-twittert-offenbar-mit-pseudonymem-account-zu-klimaprotesten/

#OPSEC Pro-Tipp: In Deutschland gibt es "Postlagernd" (Abholung bei der Post unter Pseudonym) für Briefsendungen und Packstationen (Empfänger = Postnummer, Name irrelevant) für Pakete.

https://twitter.com/pry0cc/status/1122976337348702209

35C3 talk about #OpSec for hackers

(English and French audio tracks available)

https://media.ccc.de/v/35c3-9716-du_kannst_alles_hacken_du_darfst_dich_nur_nicht_erwischen_lassen

Just filed this feature request for better #opsec on Mastodon: https://github.com/tootsuite/mastodon/issues/5126