Off The Hinge: Dating With OSINT - Taylor Rhoades

o thank you perfect thank you thank you guys for coming um so a little bit about me you might have seen me downstairs at the gry log Booth my name is Taylor rhs Senior sales director um been in the stem industry for 7 and a half years on The Blue Team side however for the next 14 minutes and 36 seconds this is going to be not work tailor and personal tailor um so I am a self-proclaimed 3-month o since her I've also been in the UK for 3 years I've come across you guys might call them watet I thought they were woodetts the best Cheeto alternative ever um and I'm on the red team side I've also learned about the

British vocab and it's not corette it is corette I was calling it cougarette in the beginning um we're also doing a raffle downstairs and it's not the Saturn V it's the Saturn 5 so if there's one thing you learn about me is I'm really good about mispronouncing things um but for now I'm going to stick with my my wood sits so what we're going to really be talking about this started three months ago we were at 44con um and we were next to the trace Labs Booth we were running a CTF they were doing a CTF um if anyone's not famili familiar with Trace Labs they're using ENT technology to find missing people and so in my

world I was kind of thinking just all the data that's out there what what I'm kind of used to is the Bumble and the hinges what we put on there about our profile and how that kind of Max like Blends in with our professional life and so what I did was I created a bumble and a hinge profile and this isn't catfishing this isn't social engineering no Olivia Rodrigo going on all I wanted to do was see what are people putting out there about themselves so I kind of went in with an open open mind wanted to see were their Bots that I would come across and I ran this exercise for about 3 months um also wanted to see could I

find what companies they worked at if they didn't list it on there directly and so from this um started with the ENT Frameworks really great website there's really many directions you can go with it and ENT is just using open-source data that's already out there to kind of answer a specific question and for me a question was can I tie someone's personal life with their professional life and so the one that I use is called Pim eyes and if anyone hasn't come across it it's cool but also creepy at the same time basically you just upload a picture of yourself and it will scrape the internet using the facial recognition and find wherever you're at

so I use this on myself as a test subject and and it came across these photos now the one in the top corner I was surprised by because that photo I was in gallway last year and so we know I love what itss I am good at mispronouncing words and if there is a scooter in the city I'm taking it and so gway was launching this scooter ride I signed up for it they took my picture and apparently it's on the internet somewhere which I never knew about so like that's kind of crazy um and then this very unattractive photo of me was also on there and so when I clicked on it this was a news article if you guys

remember about a year and a half ago London had a big flood and apparently the metro newspaper did us outside the office and that's me eating a bagel so again not the most flattering photo but very fitting of me um and so Pim eyes was one of the main resources that I used in this in investigation if you will and so when I had Bumble and hinge I looked at over 500 profiles and from that probably chose around 50 of the pictures to kind of analyze um and so I'm not going to put anyone's photo up here that I came across more just of the facts and so really when I uploaded the photos there was kind of four key areas

of what Pim eyes matched people with and the first one was through wedding sites and so a lot of like amateur photographers or someone that has a photography business they always put up photos and so there was one instance where I had someone's Bumble profile put it in Pim eyes and then there was probably 50 people in the wedding party and it found their face in the back crowd so that would be a creepy one um the next one that I saw was corporate photos and so if there is someone on hinge that was in like Finance or they were a doctor or they were some kind of tech entrepreneur usually their face would be on the corporate website too

and you could match the person that way um the third one this one is the most embarrassing because any photo when you're like at the club in your 20s or like way back from 2014 a lot of those photos were found and these would be clubs that aren't even they don't exist anymore like they went out of business but your photo is still on the internet um and then the last one I didn't use Pim eyes for that however it is racing results so when I was kind of doing my um bumble and hinges maybe the algorithms thought I was looking for someone that was like really active because about six out of the 10 people

had their race Badges and so what I did was I did it to myself cuz I also um did a half marathon a few years ago and so all you need is your bib number and then you need to know either the city that they did their race or the name of the race and so this was a photo that I had on mine in the past and then I went to there's the bib number um and then I went to my chip time didn't even need my first name just typed in the bib number and it came back first of all I'm not a runner uh you can see with my time but second of all it matches your first and

last name and then it shows all of your photos which we will not be going through on this talk because if anyone's run a half marathon there is no attractive photo in you I looked like death in all of them but it just got me thinking of when you sign up for these races you don't realize kind of just with the bib number they can do your name first name last name information is out there and so this was kind of my thinking of professional tayor with personal tayor when we we get into these Blurred Lines of data which is really the overarching of it so one one instance I don't know if you guys heard

um Gary is an American in 2020 he had an incident where he got a call from his son and said he was in an accident and then long story short it ended up being this whole deep fake the son was in an accident the lawyer called and he needed to send someone Bitcoin to help out what ended up being was someone had um just gotten a voice of Gary's son made up this whole incident and I think it was in last month in November where Gary went to the Congress to say hey this is happening to me how can we protect people at the time Gary went to the police that said I'm trying to be

scammed but because Gary never gave them any money the police couldn't do anything so Gary went to the newspaper when the story was published about 20 or 25 others had the same thing happen to them and so this kind of got me thinking okay if we're having Bumble and hinge as another layer we know who their friends are through wedding photos are we really adding more information about ourselves out there and you don't even need to have their Facebook or Instagram CU I didn't use any of those kind of in my research and I think similarly with the work life if we know where they're working at at LinkedIn one of the pictures that I found um he worked in

finance you could see the background of his computer monitors on his profile so that was one that kind of stuck out when I put him in Pim eyes it actually came back with some clubbing photos that were adult Club photos pictures his colleagues probably would wouldn't want him to see um in compromising situations but if someone found those pictures and wanted to Blackmail them and they knew he worked at a prestigious Law Firm prestigious kind of financial firm Are there ways that these worlds are kind of colliding more um and then Google dorky that's one that I kind of did to myself basically how I describe it is using Google but kind of doing it in advanced

search so using queries that you might type into Excel kind of Boolean search languages to find um deeper information about yourself and so with that being said just wanted to kind of highlight the resources that I used with Pim eyes um the ENT framework as well as canva to make the slides look nice and then if anyone is interested in kind of ense in going a step further highly recommends Gary I don't know him at all but I just saw a lot of his YouTube videos and he kind of goes through these um ENT tutorials also on Spotify the breadcrumbs um podcast is really great o curious I think they actually stopped op new content um this year however they

have all of their um previous information and then there's a might be Amazon or Netflix the the show don't with cats if no one has seen that it's a really great example of how the community comes together using ENT tools to try to um track down a uh killer and so with that being said just want to give a shout out to my mentor Robert from the trace lab team as well as the bside London's team and then people of hinge and Bumble you don't know who you are but I appreciate you allowing me to use this so thank you guys