Skip to content

Exercise-01-Username-Investigation

Directory actions

More options

Directory actions

More options

Latest commit

 

History

History

Exercise-01-Username-Investigation

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
README.md
README.md
 
 

README.md

Exercise 01: Username Investigation

Difficulty: 📗 Beginner Estimated Time: 3-5 hours Prerequisites: Read Legal & Ethics SOP, OPSEC Planning SOP

🎯 Learning Objectives

By completing this exercise, you will learn to:

  1. Enumerate usernames across multiple platforms
  2. Document findings using proper evidence collection procedures
  3. Build a basic entity profile from publicly available information
  4. Assess confidence levels for each finding
  5. Practice OPSEC while conducting investigations

📋 Scenario

Case ID: EXERCISE-2025-001 Subject Username: techexplorer2024 (fictional for training purposes) Authorization: Educational exercise (fictional persona)

Background: Your instructor has provided you with a username to investigate: techexplorer2024. This is a fictional persona created for training purposes. Your task is to track this username across various platforms, document your findings, and create a basic entity profile.

Important: This is a FICTIONAL username. Any real accounts you find with this name are coincidental. For this exercise, you will create simulated findings based on the guidance below.

📝 Your Assignment

Part 1: Username Enumeration (1-2 hours)

Task: Search for the username techexplorer2024 across multiple platforms.

Platforms to Check:

  • Twitter/X
  • GitHub
  • Reddit
  • LinkedIn
  • Instagram
  • TikTok
  • YouTube
  • Medium
  • Dev.to
  • HackerNews

What to Document: For each platform where you find the username:

  1. Platform name
  2. Profile URL
  3. Date checked
  4. Account status (Active, Inactive, Suspended, Not Found)
  5. Screenshot of profile (if found)
  6. Any visible profile information (bio, profile picture, follower count)

Part 2: Profile Data Collection (1-2 hours)

Task: For accounts found, collect publicly visible information.

Information to Gather:

  • Display name
  • Bio/description
  • Profile picture (take screenshot, note if reverse image searchable)
  • Banner/header image
  • Location (if listed)
  • Website/blog links
  • Social media links to other platforms
  • Account creation date (if visible)
  • Post/content samples (2-3 screenshots)
  • Follower/following counts
  • Activity patterns (last post date, posting frequency)

Evidence Collection Requirements:

  • Save all screenshots to Evidence/screenshots/[platform-name]/
  • Name files descriptively: twitter-profile-2025-10-12.png
  • Calculate SHA-256 hash for each screenshot
  • Log each item in your collection log

Part 3: Analysis & Profiling (1 hour)

Task: Create a basic entity profile and analyze your findings.

Questions to Answer:

  1. Account Correlation: Do the accounts appear to belong to the same person? Why or why not?
  2. Activity Patterns: What are the subject's primary interests/topics?
  3. Geographic Indicators: Any location clues (timezone, language, geotagging)?
  4. Tech Savviness: Does the subject appear technically skilled?
  5. Privacy Awareness: Does the subject practice good OPSEC?
  6. Confidence Assessment: How confident are you that these accounts are linked? (Low/Medium/High)

Create:

  • A brief entity profile (1-2 pages) using Templates/entity-person.md as a guide
  • A timeline of account creation dates
  • A confidence rating for each finding

Part 4: Documentation (30-60 minutes)

Task: Properly document your investigation.

Required Files:

  1. 00-Investigation-Summary.md - Overview of what you did
  2. 01-Entity-Profile.md - Subject profile (simplified version)
  3. 02-Collection-Log.md - Evidence tracking log
  4. Evidence/ folder - All screenshots organized by platform

Documentation Checklist:

  • All evidence items have SHA-256 hashes
  • Collection log is complete (who, what, when, where)
  • Screenshots have timestamps
  • Entity profile includes confidence ratings
  • Investigation summary explains methodology
  • Legal/ethical boundaries respected (no unauthorized access)

🧪 Simulated Findings (For Training)

Since this is a fictional username, use these simulated findings for practice:

Found Accounts (Simulated):

Twitter/X: @techexplorer2024

  • Display Name: "Tech Explorer"
  • Bio: "Exploring new technologies | Cybersecurity enthusiast | Opinions are my own"
  • Location: "Pacific Coast"
  • Joined: March 2024
  • Followers: 127
  • Following: 245
  • Posts: Mix of tech news retweets, cybersecurity articles, some original commentary
  • Profile Picture: Abstract tech-themed logo (geometric shapes)

GitHub: techexplorer2024

  • Display Name: "TechExplorer"
  • Bio: "Learning to code | Python & JavaScript"
  • Location: Not specified
  • Joined: February 2024
  • Repos: 3 public repositories
    • python-learning (fork)
    • web-scraper-project (original)
    • osint-tools-list (original)
  • Activity: Last commit 2 weeks ago

Reddit: u/techexplorer2024

  • Account Age: 7 months
  • Karma: 342 post, 1,547 comment
  • Active Subreddits: r/cybersecurity, r/osint, r/python, r/learnprogramming
  • Posting Pattern: Mostly evenings (18:00-23:00 UTC-7)
  • Content: Questions about programming, comments on security topics

LinkedIn: Not Found Instagram: Not Found TikTok: Not Found

✅ Completion Criteria

Your exercise is complete when:

  • All 10 platforms checked and documented
  • Minimum 5 screenshots collected (for found accounts)
  • Collection log includes all evidence items with hashes
  • Entity profile completed with confidence ratings
  • Investigation summary written (1-2 pages)
  • All files organized in proper folder structure

🎓 Self-Assessment Questions

After completing the exercise, answer these reflection questions:

  1. What was the most challenging part of this exercise?
  2. What tools did you find most useful for username enumeration?
  3. How did you maintain OPSEC during your investigation?
  4. What would you do differently if this were a real investigation?
  5. What additional information would you need to increase your confidence level?

📤 Submission Instructions

For Students:

  1. Organize all files in this structure:

    Exercise-01-Username-Investigation/
├── 00-Investigation-Summary.md
├── 01-Entity-Profile.md
├── 02-Collection-Log.md
└── Evidence/
    └── screenshots/
        ├── twitter/
        ├── github/
        └── reddit/

  2. Create a ZIP file: Exercise-01-[YourName]-[Date].zip

  3. Submit to your instructor via designated method

  4. Be prepared to discuss your findings and methodology

💡 Hints & Tips

If You Get Stuck:

  1. Can't find the username?

    • Try variations (techexplorer_2024, tech_explorer2024)
    • Search for partial matches
    • Use quotation marks in Google: "techexplorer2024"

  2. Not sure what to screenshot?

    • Profile page (full view)
    • Bio/description area (close-up)
    • Recent posts (2-3 examples)
    • Follower counts and account stats

  3. Overwhelmed by documentation?

    • Start with collection log - document as you go
    • Fill in profile template section by section
    • Don't aim for perfection, aim for completeness

  4. Worried about OPSEC?

    • Don't log in with personal accounts
    • Use VPN or Tor if available
    • Don't interact with subject's content (no likes, follows, comments)
    • Clear browser history after investigation

📚 Related Resources

Required Reading:

Reference Material:

⚠️ Important Reminders

  • ✅ This is a fictional exercise - the username is for training only
  • ✅ Only use publicly available information (no hacking, no account access)
  • ✅ Practice good OPSEC (don't use personal accounts)
  • Document everything as you go (don't rely on memory)
  • Don't contact the subject (even though it's fictional, practice good habits)
  • Don't share findings outside of class/instructor

Exercise Created: 2025-10-12 Version: 1.0 Difficulty: 📗 Beginner Estimated Completion Time: 3-5 hours