Upcoming in-person #OSINT Training

Train with the pros! Book it early!

Back to basics. What is an ethical hacker?

🗣️ Need a keynote speaker who doesn’t beat around the bush?

I break down cybersecurity from a hacker’s perspective — the tricks they use, the gaps they exploit, and how to stay ahead. No jargon, no fluff — just real-world stories from 20+ years of experience.

🔹 CyberSecurity? AI? Social Engineering? Privacy? OSINT? I make it engaging.
🔹 No vague theories — just hard-hitting insights and actionable takeaways.
🔹 Audiences leave informed, entertained, and a little paranoid (in a good way).

🎥 Watch my speaker reel below and see why event organizers book me again.

🎤 Looking for a speaker who cuts through the noise? Let’s talk.

🙏🏽 Please share with or tag someone that may benefit from my speaking service.

#CyberSecurity #KeynoteSpeaker #Privacy #OSINT #EventSpeaker #Speaker #Training #SecurityAwareness #OSINT

Speaker Demo Reel: https://www.youtube.com/watch?v=VwNb9cgS5No

👉🏽 Let's schedule some time to talk: https://www.MishaalKhan.com/contact

💡 Private companies like Flock have their cameras everywhere. They read your plate number and store your location history to see where you've been. They sell this access to law enforcement, Home Owner's Association's, Private Detectives, and anyone who can pay their nominal 🪙 subscription fee. (think of the abuse: stalkers, psychos, credential hacks,...)

👀 While you can't do much, as there's no expectation of privacy on the public roads, you CAN limit their data collection.

🚗 Change your license plate number every year at renewal with the DMV. It only costs about $20 extra.

Why? It limits your tracking history to just 1 year, making it harder for anyone to compile a detailed profile of your movements over time. You essentially reset your data every year.

⛔️ Limit Your Digital Footprint.

😕 Sorry to those folks who have vanity plates, this does not apply to you.

⚠️ This is a slightly extreme measure, but not disruptive to life. Most people will not care about it, unless they are a victim of vehicle tracking. I do it all the time, and it's eye opening 👁️ to say the least!

You can see a location of cameras by Flock (just 1 out of the many companies) here: https://deflock.me/ (DeFlock . me)

hashtag#PrivacyTipOfTheDay

@thekileen that's not my website 😀 it's OperationPrivacy.com

If you're new to the internet, I don't blame anyone using Google Auth, but PLZ transition to a better MFA app. (I use @bitwarden 's built-in TOTP code generator, you can also use KeePass), so much easier to search thru 1000s of entries.

🎤My upcoming talks for the remainder of 2023. It's been a busy year 🫡

Let's catch up if you're in any of these cities.

#CyberSecurityConference #speaker #KeynoteSpeaker #Talks

@BjornToftMadsen good catch! I've been strictly using Privacy.com for all my online purchase for the last 4-5 years to avoid stuff like this. The cc gets tied to only 1 merchant, and I pause the card right after use, unless it's a utility bill, in that case I set an upper limit on purchases.

Great books to donate and swap at @BlueTeamCon
The table was pretty much empty moments after taking this pic!

DuoLingo "scrape" of 2.6 Million users (email addresses, languages, usernames) sold in forums for $1,500 and advertised as a "breach" and "leak" by media outlets.

For people in the OSINT community, this was already known by inputting an email address and getting back some info from the API. Someone just automated and brute-forced it!

DuoLingo did not take that aspect of privacy into account. Maybe rate limiting the API or authentication could have prevented it?

Maybe a "FREE" 🆓 course from APISec University @apisecu may gave benefited them? (no affiliation to them, I just think it's a great free course, an emerging GAP in #cybersecyrity and here you have a "potential" use case)

Bill Gates: Every Person on Earth Should ‘Prove Their Identity’ with ‘Digital ID’ https://slaynews.com/news/bill-gates-every-person-earth-should-prove-their-identity-digital-id/ Microsoft co-founder Bill Gates is calling on nations around the world to adopt his “global solution” for “digital ID” to ensure that every single person on Earth “proves their identity.” GTFO, Bill Gates. #privacy #security

I got a check in the mail today from Apple for a $14-million class action lawsuit they settled for storing iCloud data in 3rd party storage without informing the users!!! Thank's #Apple for the 32 cents!!! I wonder what the postage cost must be per letter. I'm betting it was more than that 😅

"Please cash promptly"😅, hmmm I'm thinking about opportunity cost here, is it worth it! 🙄

This makes me think about breach notification costs for sending out snail mail to clients.

📣 Blue Team Con 2023 Speaker Highlight 📣

Blue Team Con 2023
25-27 August 2023
Chicago, IL

Mishaal Khan
Talk Title: Smoke and Mirrors: Wasting a hacker's time with misdirection & obscurity

See abstract: https://blueteamcon.com

Have you abused out-of-office information in your phishing pentests? I know I have. Hackers probably have as well.
https://www.phantomciso.com/The-OOO-Leak/

🗣Upcoming In-Person Public Speaking :
- 🧢@BlueTeamCon (Chicago, IL) [Aug-26] https://blueteamcon.com/2023/talk-tracks/talk-track-2-30-minutes/
- 🤠Texas Cyber Summit [Sept-29] (Austin, TX) https://texascyber.org/
- 🐄Wild West Hackin' Fest [Oct-17] (Deadwood, SD) https://wildwesthackinfest.com/event/next-level-osint-w-mishaal-khan/

Catch me at any one of these to say hi, have my book signed ✍🏼 📓 or ask for a free copy, I'll keep a few with me to give away.

@texascyber @Antisy_Training

#OSTIN #SockPuppet ProTip:

This-MP-Does-Not-Exist
is a better alternative to ThisPersonDoesNotExist.com

As it displays a blank background, shoulders included, and the image pose looks professional and ready for a profile pic.

⚠️For legit purposes only 😉

https://vole.wtf/this-mp-does-not-exist/

#lighthumor 😀​

Join us for our next Anti-Cast, “OSINT Uncovered: Unlocking the Hidden Gems of Online Information,” with Mishaal Khan this Wednesday at 12 p.m. EDT! Register here: https://zoom.us/webinar/register/WN_UUEgv-OVRsWSw4P7h6dQUg#/registration
Tune in at 11:30 a.m. EDT for some PreShow Banter™.

This Anti-Cast session explores advanced techniques and tools for extracting valuable information from diverse online platforms, social media, public databases, and breaches. By emphasizing responsible approaches to OSINT, attendees will learn how to navigate vast data sources, analyze digital footprints, and uncover the hidden gems of online information. Learn to harness the power of OSINT, as Mishaal walks you through some quick #OSINT demos. Stalkers not allowed!

Chat with your fellow attendees in the Antisyphon Discord server here: https://discord.com/invite/antisyphon -- in the #webcasts-livestreams channel

Check out Mishaal's class, "Next Level OSINT," that will be at Wild West Hackin' Fest - Deadwood 2023 for pre-con training! → https://wildwesthackinfest.com/event/next-level-osint-w-mishaal-khan/2023-10-17/

Do you have a :google:​Google Voice number 📱 and worried about losing it due to 30 days of inactivity? Maybe you have many like me. Here's a simple Google App Script to auto send a reply, triggered by pre-approved numbers. Avoids logging in to the interface and sending an sms to retain the GV number.

Send an sms to your google voice number, you'll get an auto reply. Read why it has to be this way and not email auto responders, and warnings about violating ToS.
#OSINT #Privacy
https://github.com/0perationPrivacy/GoogleVoiceAutoReply