OSINT - Notes, Sock Puppets

Master of Le puppets

So today I went over good notetaking strategies and sock puppets.

Notetaking:

I was recommended greenshot/flameshot for taking screenshots. I’m sure it’s great. But I ran into issues on windows (which is what it is supposed to work on), and wasn’t able to get it to work with the default configuration. Even after disabling accessibility options and a restart, I couldn’t get it to work on my machine. You may have better luck on your end. I still recommend to give it a try, as the ability to quickly customize and add things like borders is a solid value add.

I can’t comment on flameshot, but I’m going to keep using win + shift + s or PrintScr for my present screenshot… well.. usage.

Notion, keepnote, obsidian, joplin and cherrytree are all good notetaking apps you may want to consider. Each has their perks and drawback, experiment with each and see which suits your fancy the best. You can’t really go wrong with any of them.

I personally prefer obsidian for .md notes. Notion can be good too if you want to keep things synced to the cloud. But your mileage may vary, and if you need to have offline only notes, than notion may not be your best option.

Sock Puppets:

Now onto sock puppets, and what I’ve discovered/learned so far. Some of this will be stream of conscious.

Firstly, what is a sock puppet? Well to keep it simple… it’s someone you are not. You can consider it a fabricated online persona, a fake account(s), an anonymous identity. Think of it like a character that you create. Numbers, accounts, emails, pictures, etc.

Sock puppets are to never tie back to you or your personal accounts. In the best case, it can ruin the entire account/persona. In the worst case, it can expose you and completely pollute an entire investigation.

Socks aren’t always easy to put together either though. They take time to cultivate… Almost like a garden. It can take days, weeks, months, etc. to build a convincing character profile/persona. No one is going to be fooled by a random twitter account created 10 days ago trying to randomly gift crypto away (okay maybe a few, but hopefully not most).

There are generally two types of socks you can create (or at least how I’ve been thinking about them):

1. All In/ Full Personas

2. Known/Soft Socks

“All In” personas are as they sound. You go as deep as you can. Numbers, emails, picture, maybe you even start a blog. They can be convincing, but also a serious pain if they’re compromised.

“Known/Soft Socks” are something like this:

Or this:

Both are not really fooling or deceiving anyone. They’re pseudonymous accounts to do a specific type of activity. They’re not really crafting a full persona, but they’re also not revealing things either. This is also in the domain of throwing something together to at least get some level of anonymity.

Other Random “Sock” Facts/Practices:

There are sock hunters out there. These are people who are really quite talented at picking up what is and what is not a legitimate, verifiable identity. There are also “sock masters”. These are people who just spend time creating and curating convincing, fabricated identities for infosec, opsec or investigative purposes. Kind of reminds of a DnD compaign.

Also make sure to use a dedicated device for security/investigations. Last thing you want is your private info leaching to a target/investigation. Which can and does happen. Just look at the Surefire Intelligence fiasco. Something else to consider: Men especially are susceptible to being charmed. Consider making a persona female.

Here’s some other things I was able to pull together:

• Use a VPN, rotate IP’s frequent. Here’s a link: https://www.safetydetectives.com/best-vpns/

• Use a dedicated computer

• Use an encrypted email like proton mail

• Use a separate phone number. Like mint mobile or a wifi phone number like google voice if you have to.

• Setup social media with these accounts

• Use/build a blog and/or website to go the extra mile. It can really create a deeper, more engaging character

To wrap this all up though, building convincing profiles takes time. You can’t really imitate someone either; it has to be authentic. So rather than imitation, build and emulate a unique character. And just like real life, these are separate “personas”, so keep in mind you need to generate the above for each unique one.

This article is getting a little longer than I want, so I want to wrap it up. I’m posting some links below you can use to dig deeper

Here’s Some Links:

• Creating an Effective Sock Puppet

• Hiding Personal Info

• OSINT Framework

• VPN's

• Reddit post

TCM Security also has a great course on these topics with the PJOR. Stay safe. Stay ethical. Have fun.