Defensive OSINT: what you let leak
Using offensive intelligence tools on yourself to anticipate what an adversary will see in 2 hours.
Last reviewed December 20, 2025 Exposed
02 / 06
Identity and accounts
What identifies you online — email, MFA, phone number, OSINT profile — and how to reduce the surface.
Your digital identity is an assembly: one or several email addresses, phone numbers, accounts linked together through MFA, recovery, history. Each link is exploitable. Each connection between links too.
This axis covers identity foundations: why your primary email address is a public passport, why your cloud-based MFA app betrays you, how a SIM swap attack is set up in 4 hours, and what an honest OSINT audit reveals about yourself.
The goal is not paranoia. The goal is clean operation.
-
-
SIM swap: 4 hours to become you
How a 4-hour attack can compromise your complete identity, and why SMS as MFA factor is a systemic risk.
Last reviewed January 10, 2026 Exposed -
MFA: why your Google Authenticator app betrays you
All MFA solutions are not equal. Anatomy of attacks bypassing TOTP, and migration path to FIDO2.
Last reviewed February 28, 2026 Exposed -
Your email address is your digital passport
Why the main email is the root of all compromise, and how to harden access without locking yourself out.
Last reviewed January 30, 2026 General