Urgences 24 sur 7 – (888) 287-5858   Connexion au Portail TitanSupport    Contactez-nous      Blogue

We have previously talked about LinkedIn having an endpoint for Outlook profile cards. This endpoint is receiving email addresses as input and returns the complete profile information (name, company, location, etc.). These sorts of APIs can be abused for OSINT.

To reproduce the set-by-step tutorial your will need an Outlook account (@hotmail.com, @live.com or outlook.com email), the latest version of ZAP and our WebSocket plugin.

Step-by-step how to deanonymize emails on LinkedIn
Step-by-step how to deanonymize emails on LinkedIn
We have previously talked about LinkedIn having an endpoint for Outlook profile cards. This endpoint is receiving email addresses as input and returns the complete profile information (name, company, location, etc.). These sorts of APIs can be abused for OSINT.

To reproduce the set-by-step tutorial your will need an Outlook account (@hotmail.com, @live.com or outlook.com email), the latest version of ZAP and our WebSocket plugin.

Linking your Outlook profile to LinkedIn

Any personal outlook email can access this functionally. Including free accounts. You need to place your cursor on either the name or the avatar of any sender. An information card should pop-up. Go to the LinkedIn tab and click “Connect”. Follow the OAuth authentication flow on linkedin.com. Once complete the LinkedIn tab should display some information about the sender.
stepbystep-deanonymize-linkedin-image-1
Authorization page on LinkedIn

Grabbing a valid session token

Linking both Outlook and LinkedIn profile will grant you a Bearer token. This token will not be refreshed frequently. To see this token you will need ZAP and our WebSocket decoding plugin. It is available for download at : https://github.com/GoSecure/zap-autodecode-view/releases/tag/version-1.0.0

stepbystep-deanonymize-linkedin-image-2
ZAP Autodecode plugin
To initiate the WebSocket communication, you must click on one sender to display its LinkedIn card.
stepbystep-deanonymize-linkedin-image-4
You will be able to see at least one WebSocket query starting with “{« Key »: »34″, »Url »: »https://sfnam.loki.delve.office.com/api/v1/linkedin/profiles/full[…]”.
stepbystep-deanonymize-linkedin-image-3
Copy the content of this JSON payload to a file name “token.txt”. Make sure it contains at least “Bearer” followed by a large random string. You are now ready to use the script!

Automating profile queries

Place the emails you want to test in a file. We will call it “email_list.txt”. Keep in mind that there is limit of approximately 1000 emails queries per day per LinkedIn account (token).

Next, you need to obtain a copy of the proof-of-concept script at https://github.com/GoSecure/linkedin-osint.

Executing the tool will look like this:

> cat email_list.txt
*******@yahoo.com
*******@gmail.com
*******@hotmail.com
*******@libero.it
*******@hotmail.com
*******@soton.ac.uk
*******@hotmail.com
*******@inmovement.org
*******@hotmail.com
 >python outlook_http_client.py samples_demo.txt > profiles_demo.json
[+] *******@yahoo.com: Not Found
[!] Nb failures: 1
[+] *******@gmail.com: Found
[+] Summary: Paul *******, "Attorney and Counsel" at "*******", "Waltham, Massachusetts, United States"
[+] *******@hotmail.com: Found
[+] Summary: David *******, "Engineering Specialist*******" at "*******", "Greater McAllen Area"
[+] *******@libero.it: Found
[+] Summary: antonio *******, "******* Professional" at "*******", "Naples, Campania, Italy"
[+] *******@hotmail.com: Not Found
[!] Nb failures: 1
[+] *******@soton.ac.uk: Found
[+] Summary: Tom *******, "Student *******" at "", "Southampton, England, United Kingdom"
[+] *******@yahoo.com: Found
[+] Summary: Madhukar *******, "Financial Crimes*******" at "*******", "New York City Metropolitan Area"
[+] *******@inmovement.org: Not Found
[!] Nb failures: 1
[+] *******@hotmail.com: Found
[+] Summary: Shaun *******, "Strategic *******" at "*******", "Bismarck, North Dakota, United States"
Tool output. Emails are masked to avoid targeting specific user.
General information about the queries is displayed in the error output stream. The standard output stream includes the profile details. In the example above the information is stored in “profiles.json”. The file content will look as follows:
*********@gmail.com|{"displayName":" ********* ","headline":" ********* ", "companyName":" ********* ", "companyLocation ":"", [...]
Profile information returned. Information is not masked when using the tool.

Conclusion

This concludes our tip on how to find LinkedIn profiles associated to an email. If you are doing this process with huge list of emails or repeatedly, the endpoint will return an empty profile to any queries once the maximum number of queries is reached for the day. This is the reason the script will stop after ten consecutive failures by default.

Détection et réponse gérées et étendues GoSecure TitanMC (MXDR)

Détection et réponse gérées et étendues GoSecure TitanMC (MXDR) Fondation

Gestion des vulnérabilités en tant que service GoSecure TitanMC (VMaaS)

Surveillance des événements liés aux informations de sécurité gérée GoSecure TitanMC (SIEM gérée)

Défense du périmètre gérée GoSecure TitanMC (pare-feu)

Détection et réponse des boîtes de messagerie GoSecure TitanMC (IDR)

Passerelle de messagerie sécurisée GoSecure TitanMC (SEG)

Modélisateur de menaces GoSecure TitanMC

Identity GoSecure TitanMC

Plateforme GoSecure TitanMC

Services de sécurité professionnels de GoSecure

Services de réponse aux incidents

Évaluation de la maturité de la sécurité

Services de confidentialité

Services PCI DSS

Services de piratage éthique

Opérations de sécurité

MicrosoftLogo

GoSecure MXDR pour Microsoft

Visibilité et réponse complètes au sein de votre environnement de sécurité Microsoft

CAS D'UTILISATION

Cyberrisques

Mesures de sécurité basées sur les risques

Sociétés de financement par capitaux propres

Prendre des décisions éclairées

Sécurité des données sensibles

Protéger les informations sensibles

Conformité en matière de cybersécurité

Respecter les obligations réglementaires

Cyberassurance

Une stratégie précieuse de gestion des risques

Rançongiciels

Combattre les rançongiciels grâce à une sécurité innovante

Attaques de type « zero-day »

Arrêter les exploits de type « zero-day » grâce à une protection avancée

Consolider, évoluer et prospérer

Prenez de l'avance et gagnez la course avec la Plateforme GoSecure TitanMC.

24/7 MXDR

Détection et réponse sur les terminaux GoSecure TitanMC (EDR)

Antivirus de nouvelle génération GoSecure TitanMC (NGAV)

Surveillance des événements liés aux informations de sécurité GoSecure TitanMC (SIEM)

Détection et réponse des boîtes de messagerie GoSecure TitanMC (IDR)

Intelligence GoSecure TitanMC

Notre SOC

Défense proactive, 24h/24, 7j/7

À PROPOS DE GOSECURE

GoSecure est un leader et un innovateur reconnu en matière de cybersécurité, pionnier de l'intégration de la détection des menaces au niveau des terminaux, du réseau et des courriels en un seul service de détection et réponse gérées et étendues (MXDR). Depuis plus de 20 ans, GoSecure aide ses clients à mieux comprendre leurs failles en matière de sécurité et à améliorer leurs risques organisationnels ainsi que leur maturité en matière de sécurité grâce aux solutions MXDR et aux services professionnels fournis par l'une des équipes les plus fiables et les plus compétentes de l'industrie.

CALENDRIER D’ÉVÉNEMENTS

No upcoming events.

DERNIER COMMUNIQUÉ DE PRESSE

AVIS DE SÉCURITÉ

Urgences 24 sur 7 – (888) 287-5858