Gathering Sensitive Information: Basics & Fundamentals of DoXing
I mentioned in 2015 I wanted to start a 'DoXing' series, and since I havent seen this on Null Byte, I am now going to introduce this to the community.
DoXing is a term we hackers use when gathering information on a target such as a company or more likely an individual. DoXing is usually meant for malicious intents, however this can most definitely also be used in a very good way, such as tracking down terrorists, and wanted black hat hackers.
DoXing is short for Documents > Doc = DoX.
DoXing isnt just typing words in Google or a different search engine.
When gathering information on a target, it would be good to do some recon first on your target. Get familiar with them, know who they talk to, where they communicate, what social media platforms they use, that way your methods of obtaining sensitive information will be more effective.
Something that many doesn't realize is that the nformation you are seeking is always stored somewhere, you just need to look harder. if Google or Yahoo doesnt have it, then it is likely stored in a database, which then goes beyond the area of DoXing and more into cracking.
When DoXing someone you usually get all your information without having to crack into your targets devices or private servers.
It is actually legal to release DoX of individuals and whomever you wish, because the information you are obtaining are public
So you won't get in jail for releasing a DoX. Yes, I am not kidding.
Sometimes you will have to reach out to your target in order to obtain an IP address for example. You can do this by for example sending them an IP harvesting link. If you know the individual in person this wont be at all suspicious.
Even though you have your targets first & last name, you still need to know how to properly use this information in order to obtain more, and using that info to get even further, and so on.
Luckily we have search engines which are powerful because they hold a lot of valuable information to a curious information seeker. So, how would you seek more information when having first & last name, in this case lets say our targets name is Michael Oregon. And all we know about this individual is how he looks like, which gives us a great advantage of finding his social medias.
When looking for info on Google, you can use something called advanced search queries They are able to find more precise information.
An example would be: @MichaelOregon or @(city/country) Michael Oregon. That way you narrow it down tremendously, and exclude any useless article that might contain the word Michael or Oregon.
There are even more advanced queries than these which I will cover in future articles.
I'm ending this with how a DoXing format can look like. Keep in mind they can be very basic, to very very advanced. It can be scary how much an advanced DoXing format can look like, because the average internet user isnt aware of how much sensitive information that person have.
DoXing, would also be considered Passive Reconnaissance, because you are obtaining all of this info without your target knowing so.
I have created a very basic DoX format which any decent hacker would be able to furfill Beginner DoX
This is a little more advanced DoX and requires little more skill to furfill in my opinion. Advanced DoX
This one is very advanced and it takes a lot of knowledge and skill to complete this, because you need to know what you are doing to obtain this information. Veteran DoX
Disclaimer: this is not for malicious purposes I am teaching you this, and I do not support any unethical use of these formats. I am planning on teaching you how to avoid getting DoXed in the future also.
Hope you are excited for this series, as I now officially have three series going, TypoGuy Explaining Anonymity which is almost finished, Gathering Sensitive Information which is just started & Keeping your Hacking Identity Secret which is also just started.