Antisyphon Training Anticasts | OSINT Like a Hacker with Mishaal Khan

🧦 SOC Summit 2026
https://www.antisyphontraining.com/event/soc-summit/

What if you could uncover secrets hidden in plain sight, weaving together digital breadcrumbs to reveal the untold stories of the online world?

Join Mishaal at WWHF Mile High '26 – In-Person or Virtual
https://www.antisyphontraining.com/product/next-level-osint-with-mishaal-khan/
🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits –
https://poweredbybhis.com

Join instructor Mishaal Khan for a free one-hour hands-on training session, where you'll navigate real-world scenarios and build an investigation mind map, incorporating email addresses, phone numbers, Google Maps, APIs, and online form abuse.

Learn to use unconventional hacker-style techniques to find information that could unlock a treasure trove and move the investigation forward.

Mishaal will teach you new techniques and efficient ways of using common tools for unexpected results.

Chat with your fellow attendees in the BHIS Discord server:
https://discord.gg/bhis
in the #🔴live-chat channel

Chapters:
(00:00) - Intro- Finding John Cena

(09:42) - Data brokers + remote browsing to bypass geo/blocks

(28:23) - Midshow Q&A

(28:50) - Do you need a PI license to do OSINT?

(30:48) - Is it harder/easier to find info outside the US (GDPR/Europe)?

(32:22) - AI/automation in your research—building that as you go, correct?

(33:37) - Best way to protect yourself against OSINT?

(52:09) - Post Show Q&A

(52:36) - How is the Kaido method not unofficial pen testing?

(54:03) - How much deeper do you go in your course/class?

(55:45) - When you run out of tools, how do you find new alternatives?

(58:56) - Do you need to record findings in an admissible way—and what tool?

(01:03:12) - Best ways to contact Mishaal

(01:04:28) - Closing remarks + upcoming events

Brought to you by:

Black Hills Information Security

https://www.blackhillsinfosec.com

Antisyphon Training

https://www.antisyphontraining.com/

Active Countermeasures

https://www.activecountermeasures.com

Wild West Hackin Fest

https://wildwesthackinfest.com

Creators and Guests

Host

Zach Hill

Producer

Meagan Bentley

Guest

Mishaal Khan

Mishaal is a highly respected figure in cybersecurity, with expertise in ethical hacking, Open Source Intelligence (OSINT), social engineering, and privacy. Mishaal’s engaging approach involves live demos, making cybersecurity accessible and enjoyable, while his strength lies in rapidly enhancing organizations’ security posture, saving time and budget.

What is Antisyphon Training Anticasts?

Podcast audio-only versions of weekly webcasts from Antisyphon Training

Zach Hill: 00:19

Good morning. Good evening. Good afternoon, everybody. Welcome to today's Anti Cast with Mishaal Khan. I am super stoked for today.

Zach Hill: 00:27

You guys are in for a real treat. Mishaal is going to be getting very hands on with OSINT today. You'll be following along and diving in, and I'll be doing the same with you guys, behind the scenes. So when there's about ten minutes or so left, I'll pop back up. We'll do some questions and take it from there.

Zach Hill: 00:45

But you're good to go, my friend. Have fun. Good luck.

Mishaal Khan: 00:48

Thanks, Zach. So, yeah, let's get started. Let's jump straight into it. No PowerPoint slides, nothing like that. And pretty unscripted, so I have a general overview of what I wanna talk about, which is essentially how I do investigations.

Mishaal Khan: 01:03

I'm usually given a task for something very specific. Find this person. Find an address. Here's a small piece of information, which I call seed information. And from that seed information, I usually, you know, go pivot off to secondary and tertiary information and kind of build a mind map out of it.

Mishaal Khan: 01:26

And that's what I will kind of show you the first few steps that I usually take. And the goal here is to kind of not show you the tools specifically, but show you my my thought process, my mindset on how am I thinking when I'm investigating various techniques and tools at my disposal. There are so many. How do I pick and choose? So let's get started with an example.

Mishaal Khan: 01:50

So let's say my task here is finding an address of a person. So in this case, let me just put these notifications on the side. So I'm using Zoom, you can't see the things that are overlapping here. Say, this is my task. Where does John Cena live?

Mishaal Khan: 02:11

And this is a very common task. You you find a person. It could be, you know, someone you're looking for, a loved one, a long lost friend or a relative or a predator, a stalker or whatever. Location is usually very important and high on the list of things people want to define. So in this case, I'm using this example because we do know where he lives, so we can kinda validate it and try different techniques.

Mishaal Khan: 02:37

If you just Google it, and that's what I where I start off with to kinda find basic information. What is the Internet saying about it? What does the clarinet say about this? And then I'll dive into the, you know, the the deep web after this. So there's a lot of interviews with John Cena.

Mishaal Khan: 02:55

There's some aerial footage of his house, and he's he's done some documentaries or or stuff about his cars and stuff. So we we know where he lives. So in some of these, you'll see it'll it'll say Orlando Lakes, Florida, and, somewhere there will be an address. So let's kind of verify this. So if he's in Florida, what I would do is I would not take for granted public information on the Internet when I'm doing serious searches.

Mishaal Khan: 03:25

I need to verify using better means. By better means, mean either government records, official records, something I can prove because cases like this where people are like, all right, what's the person's name? What's his phone number? I need to be correct because if this person's gonna be under arrest or in trouble or this report is going to law enforcement, it better be backed by solid evidence and not just I Googled it. So in this case, we know he's in Land O'Lakes, Florida.

Mishaal Khan: 03:56

He lives there. Let's verify this. One way to verify this is looking at state voting records. Florida is one of the easiest to look up, or in this case, the worst when it comes to privacy. The Florida Voting Registry website, if you just look it up online, you'll get to this link.

Mishaal Khan: 04:17

It asks for first name, so that's John, last name, Cena, and then date of birth. Date of birth, you can just do John Cena DOB, 04/23/1977. So let's do April is 04/1977. And, yes, I understand whatever they're saying here. Alright.

Mishaal Khan: 04:46

Submit. Once you submit so what I've done is I've unlocked a a third piece of information. I look at this as, you know, the input is first name, last name, date of birth, and the output is home address. So in a government record, you can't lie about your home address. In anything else on the Internet, you can spread some disinformation and stuff, but it is illegal to give the government falsified information.

Mishaal Khan: 05:15

So in this is why I take this piece of information very seriously. I'm like, alright. If it's if it's in a state record or federal record, if it's a criminal record or a traffic violation or something, yeah, they're that's usually very accurate because they look at your driver's license, and whatever's there goes over here. So now we know a verified address. This is already public record, so I'm not doxing John Cena.

Mishaal Khan: 05:38

Of all people, I wouldn't. So that's the address we got. Now let's pivot off of this a little further. I wanna know what this address looks like. So if I just go to Google Maps and put in this address, And I look at what, you know, what what this aerial view looks like.

Mishaal Khan: 06:01

And you see the the top aerial view of his mansion over here. I wanna see what his what the front of his house looks like. So you click on this little guy, which is the Google Street View, and you don't have a Google Street View here, it seems. The closest one was somewhere up here because this is likely a gated community. And you can probably tell if you go down here, yeah, that's a cul de sac.

Mishaal Khan: 06:26

On the other side, the closest was this view here, which was a gate here. So yeah, so there's no view of his house from at least a street viewpoint of view. But you can just Google this address and find the address on sites like Zillow. So Zillow will have that address. Again, Zillow, it's off the market, so you don't see images of that home anymore.

Mishaal Khan: 06:52

But if you still wanna go further, you'll probably find images of his house and and somewhere else, documentaries, videos, Redfin has it, older cast records will have it. I can also go to websites like the archive.org to find all the information of Zillow even. So now I'm getting closer and closer to what I wanted to find out, his home address. So that's one way to do this. Another way is to look at, like, who actually owns this address.

Mishaal Khan: 07:30

The voting record said you know, tied his name to this address. What about the actual home record? I have to look at the county records here. So I will always look at who owns the house officially, government records. So first and foremost, I need to know what county is Land O'Lakes in.

Mishaal Khan: 07:50

It says Pasco County. And then I would Google Pasco County, Florida property search. Oops. And websites like this will pop up, which are very localized websites around searching for property records. So here, there's I can search for the parcel, and I can get the parcel number usually from Zillow.

Mishaal Khan: 08:13

So Zillow will give you the actual PIN or parcel here. And I just I would just search on this page for the word parcel, and I would get this long number here. That'll be a very accurate search instead of just typing the property address in here. So when I search for the parcel number, I get something like this. So I get this view for looking up property taxes.

Mishaal Khan: 08:40

And as I'm typing, so this is a parcel number. The parcel number here ends in let me go back to the original parcel, in 0060. So as I'm typing it, it'll autocomplete on this website. So 00 and then 6, it's it's not letting me complete. So it it's like it doesn't exist.

Mishaal Khan: 09:02

If I delete that, there's 10, there's thirty, forty, seventy, eighty, 90. There's no 60 here. Apparently, he's removed his home record from the official county records here. And I searched it in multiple places, and it seems he's opted out. So if you actually type it in manually, the 60 that that's his house, it's it basically doesn't search for it.

Mishaal Khan: 09:28

It says, pay for accounts exempt from public disclosure. So if you're a celebrity or someone important, you can actually tell them to remove that record, because they don't want people to know, which in this case, it's pretty public. So if I can't search official records, I'll go through data brokers. They may have that information. And data brokers like melissa.com, you can subscribe to this.

Mishaal Khan: 09:55

They have a free version here. I'm using the free credits from this. You can put in addresses here and press submit. It you can see here, you it deducts certain credits per day or per month. I I don't know how much this is, when it resets, but it's plenty.

Mishaal Khan: 10:14

And as I search here, it usually gives me a lot of information on who owns the property, where it is, different information. But in this case, it's not telling me much. So it seems his records are scrubbed from this data broker as well. Let's look at other more popular data brokers. So data brokers like let's look at fastpeoplesearch.com.

Mishaal Khan: 10:41

I usually go there, And I'm being blocked from Fast People Search. I'm being blocked because I'm not in The US right now, and Fast People Search only works in The US, they block. I can just turn on my VPN and access this. I did try it an hour ago and it did work. But let me show you another technique.

Mishaal Khan: 11:03

Like if I'm being blocked from a website because of maybe my browser settings, maybe I'm blocking ads or I'm on a network that it doesn't like, could be so many reasons why I'm being blocked. I would then go to something like a remote browser session. So I would go to browserling.com. This will give me three minutes of browsing on someone else's computer in a data center. And let me first go back to a session here where this this Zoom thing on top is, like, annoying.

Mishaal Khan: 11:40

There's a little bar on top. Let me get rid of it. Okay. So let's go to here. So fast people search, I already have the link for his house, so 2326, and it's not opening up here.

Mishaal Khan: 11:51

So what I would do is I would go to BrowserLink. I would paste that in here, and click it here. So without, you know, bothering with the VPNs and stuff, although I will I would always have a VPN on for stuff like this. But now I'm on a remote browser session, and it's letting me in. If you have issues like that, this is another way to do proper opsec.

Mishaal Khan: 12:15

And this opens up, and let's scroll down a little bit. It's a little tiny to see, but you can see almost immediately it says, yeah, this address is tied to the name John Cena. And a lot of his other personal information also shows up here. So whatever. This is a little wanky, but you get the idea.

Mishaal Khan: 12:35

I'll just close that. If you Google this address further, you actually come to Dun and Bradstreet website, dandb.com. So that address so I'm searching basically his name, and then I found his address. Now I'm searching his address independently on Google and other places to see if that ties back to the person, and it is. And I'm trying to find more pieces of information.

Mishaal Khan: 13:02

So I already found his name, address. There was a phone number somewhere on Fast People Search. His age, his date of birth was already public. I found that. But if it wasn't, I would have still found it through People Search websites.

Mishaal Khan: 13:15

Now I'm just creating this database about my target. Slowly, it's it's growing, and, I will stop eventually when I have enough information where I feel comfortable. But now I'm on websites like Dun and Bradstreet, which are, more business related. And this address shows up as, you know, John Cena, but on a business level. So entertainers, it it seems he has some LLC here, or he does business using this address.

Mishaal Khan: 13:47

When I see something like this on a business website, I suddenly go to an LLC search somewhere. So he's in Florida. I would go to the Florida LLC search website. I would just find out what that website looks like. And I did, and this is what on the website at sunbiz.org is where you can search for Florida based corporations.

Mishaal Khan: 14:13

And I would just search for John Cena and see if something comes up. And quite a bit of stuff comes up, which is not directly him. So it is somewhere here, but the the search is too broad. Another website that I would actually go to first before going to the state specific websites is OpenCorporates. They have information on all the LLCs that are registered in all the different states and even outside of The US, in The UK and some parts of Europe.

Mishaal Khan: 14:46

And this is where I would enter the officer's name, so the person who is registered to, or the company's name. I have both options here. So when I entered John Cena's name here, quite a few things came up. But I would immediately filter this on the right to Florida because I do know that he's in Florida, so most likely, it's going to be registered there. And I see a bunch of stuff here.

Mishaal Khan: 15:12

So John F. A. Cena Entertainment, that's likely him. The others, maybe. I don't know.

Mishaal Khan: 15:20

But if I click on any one of this, FA Ascena Entertainment, I see alright. I see this address. So this is a slightly different address. This is in Tampa, Florida, not the other one. But this is likely him.

Mishaal Khan: 15:35

So now I know exactly what to search for. John FA Cena Entertainment. Let's search for that in the state website, because it'll have more information. This website only has basic information, the name, maybe an address, and that's about it. Everything else is not either not there or it's locked.

Mishaal Khan: 15:54

It says log in to see more data, and then they ask you to pay for it. So let's go to the source of the data. So now let's search John FA Cena. This is likely that. So the first result is there.

Mishaal Khan: 16:07

It's active. Let's dig deeper. Is this really him? Oh, Landalex. That that's where he was, but not that address.

Mishaal Khan: 16:14

8111 looks like a different address. It's a boulevard. It's probably a business address where he's registered his LLC. Now let's go down a little bit more. So John F.

Mishaal Khan: 16:26

Cena, that's probably him or maybe his father. And so now I'm getting to somewhere. Now I can look at the annual reports too. And so now this is considered deep web search. A lot of this stuff, all these PDFs are not going to be online, publicly searchable because likely Google hasn't indexed them.

Mishaal Khan: 16:50

So if I look at the latest filing, it has an address of 8111 and, you know, the name and everything else in here. So John F. C. Now. Let's see what else what else.

Mishaal Khan: 17:01

Nothing much here. So now I can look at old filings. So I would look at the first ever filing in 2005. Let's click on this, and let's see if if something was different here. The principal business was different.

Mishaal Khan: 17:17

It was 2326, which is his home address. So initially, when he filed this LLC, it was his home address. Somewhere along the line, he changed it to a business address. And this is what a lot of people do when they, file stuff online officially. They don't do their due diligence.

Mishaal Khan: 17:36

They don't take privacy into account, and they make mistakes like this. In this case, you know, it's likely not a mistake. It's fine. We he's he's a public personality. But a lot of the times when you can't find information, go back in time.

Mishaal Khan: 17:50

Look at old filings, look at the wayback machine, look at older records, historical records, and you'll see a mistake, quote unquote, somewhere, a leak of information. And here you see that leak. And somewhere here, you'll find even more information, like annual report may have yeah. Signatures are here. Stamps are here.

Mishaal Khan: 18:12

A lot of the form based information. So, like, here, I can see John F. Cena and John J. Cena. So now I know there's two John Cenas.

Mishaal Khan: 18:21

One is, I'm guessing, the father. If I dig deeper, I'll find more information based on their age and stuff like that, on who's who. But their address is the same. So again, not to go too deep into one person here, that's how I would kind of dig deeper and end up somewhere like this where I'm very comfortable now with official documents, with multiple pieces of information linking to the same address, whether it's government records, whether it's something on the Internet that's unofficial or scraped records from data brokers. I would collect all of that and then say, alright.

Mishaal Khan: 19:01

Now I'm positive I verified that this is the information I'm after. This is the right address. This is doing your due diligence. When you're hired as an investigator, you don't just Google stuff and present the first piece of information you see. You're meant to do due diligence, look at 10 different ways to do the same thing, and if all of them correlate to the same piece of information, then you're kind of sure.

Mishaal Khan: 19:25

And if not, then keep digging and keep finding better sources of information. So that's kind of my primary method of digging through addresses, at least. One other method I have is I would look at street view. And in this case, we we didn't have a street view of John Cena's house because the Google car couldn't go there. But here here's the closest street view I could get.

Mishaal Khan: 19:54

I think you see the gate somewhere here, but this is the same Land Of Lakes and a very similar address, very close by. So I just took a random address here, and I said, okay. Let's say this was our house and person of interest. Now I want to find out further information. Let's say this is the house, and let's see if we can see a house number here.

Mishaal Khan: 20:15

Yeah. The house number is 2223 here. You can see it up here and in the search bar here as well. And there are two cars parked here. Let's see what information we can get about vehicles.

Mishaal Khan: 20:28

If my question here is, do these cars belong to this homeowner, or are they visitors, or were they just there temporarily? Was it a worker? You know, who whose cars are these? I can either look at historical records here. On the bottom, you see 2024, but you also see 2022.

Mishaal Khan: 20:49

And no vehicle was there. I can go further down, 2013. So whatever snapshots the Google vehicle took, that's what I have to look at. And the oldest one had these cars in here. They're different cars.

Mishaal Khan: 21:05

This is an Audi TT, I believe. The twenty eleven second last version has completely different vehicles, so probably owned by someone else. And, yeah, this version has this topless dude here looking at the vehicle. So let's look at the latest ones here, and let's see if we can correlate some other piece of information that shows that this this vehicle is the homeowner's or not. So one of the other weird and unique techniques I have of abusing certain other pieces of data is looking at insurance records of this.

Mishaal Khan: 21:46

So this is a pretty cool technique. You can go to either geico.com and start getting insurance for this person. Or let me try a different method to do this. I can go to progressive.com and just fill out a random form here. So last name, whatever, Doe, some email address, email@whateveremail.com.

Mishaal Khan: 22:13

Everything you provide here and and should be just nonsense information, and just the address should be accurate because you'll see what I see in a bit. So this is the address we want. And where is this one? Alright. So ZIP code was what was the ZIP code again?

Mishaal Khan: 22:38

Let's see that ZIP code. I think it was 334639. So 34639. And Dreave. So sometimes it shows here I have to refresh and maybe change VPNs or whatever.

Mishaal Khan: 22:55

But I did this right before this webcast, and I did it on two different months, GEICO and this. And with both and I took a screenshot. So when I put in this address with all nonsense information, and you have to go through maybe two or three different screens and go through a few offers stuff, eventually, Progressive and GEICO and State Farm will give you a screenshot like this and say, we found the vehicles at your address. Would you like a quote on any one of these? So Honda Accord, Subaru Forester, or Honda Civic.

Mishaal Khan: 23:32

Let's look back at that Street View address. Was it this one? Yeah. Honda Accord. And what was the other one?

Mishaal Khan: 23:42

Subaru Forester. That's a Subaru Forester. So both vehicles, the insurance provider is telling me that they have it on record that this house has these two vehicles in their insurance policy. And the funny thing is that they may not be a client or customer of Progressive. They may have some other insurance because when you do this with GEICO, you get the same result.

Mishaal Khan: 24:07

You do this with State Farm, you get the same three cars. So this is basically abusing an API, which they are paying for, we are not. That's why I say abuse. We're just accessing the the vehicle information tied to this address that they all have, and we're just using it for free. They'll they likely pay a lot of information.

Mishaal Khan: 24:30

Now, you know, a little side conversation here is, like, where are they getting this information from if they're not providing you information? Well, the DMV is providing this information of your address, of your license, everything that goes on your driver's license, your home address, the VIN numbers of your vehicle and stuff are sold and resold to insurance providers, to everyone, so that they can make your life a little bit easier by you not putting in your VIN number and everything. They're just popping it up for you and saying, just put a little checkbox here and we'll take care of the rest. But I am abusing this information for OSINT purposes. This obviously goes against the terms and conditions of the website.

Mishaal Khan: 25:16

You're not supposed to use it for OSINT, but and that's why maybe I should have said this before I started the webcast that everything I show here may not be ethical or legal, but again, that really depends on who you are. Are you law enforcement doing this? Are you an OSINT investigator? Are you a PI? Are you an insurance provider?

Mishaal Khan: 25:38

It really depends on who you are, so intention. And also it depends on the country. Every country has different laws. Every state has different rules and regulations. If you're in Missouri, you cannot do this.

Mishaal Khan: 25:51

You cannot right click and inspect. That's a crime. If you don't believe me, just Google F12 is not a crime. Missouri governor threatens to prosecute one of the journalists that pressed f 12, which is basically right clicking and inspect. Oops.

Mishaal Khan: 26:14

I've broken the law in Missouri right now. So that that's why I don't talk about ethics and laws and stuff because every state has something different. And back to the DMV thing, just as proof that this is where they're getting it from. So California DMV, $5,000,000. What do you get when you do this?

Mishaal Khan: 26:39

The California DMV, they make so LexisNexis to pay $5,000,000 class action allowance. No, not this one. Data. So they sell your data. They oh, 50.

Mishaal Khan: 26:53

California DMV generated 50,000,000, not 5,000,000, annually selling drivers' data to businesses like insurance companies. So this is where the data comes from, the DMV, 50,000,000 they make off of our data. And if you're wondering, I never opted in for this. Well, you don't need to. The government can sell your data without your permission.

Mishaal Khan: 27:17

It's only the private companies that need your permission, where the CCPA applies, the GDPR rules apply and stuff, not for government. So, anyways, know where that data comes from because in investigations, that's very important. Is this legitimate data? Is this coming from a DMV or some third party data broker or AI or what? You need to know the source of the information.

Mishaal Khan: 27:41

It is quite important to know where it came from because if you're ever presenting this data in a court, they will ask you, where did you get this information from? You know, if a portal like this is giving you this information, that's maybe not enough. But then this is enough to issue a subpoena, to issue a search warrant, and tell law enforcement, listen, I've done my due diligence. Now you play your role and find information with the DMV or some other agency or a private entity. But that's kind of where I would take this investigation and find information using all of these different resources.

Mishaal Khan: 28:24

I'll take a little pause here, because I've been speaking for a while here continuously. Is there any questions in the chat so far, Zach, or any place where I can elaborate a little further?

Zach Hill: 28:38

There's been like a few questions that have come through, but a lot of people have answered some of them. But I can take you I can ask you a couple questions from the Zoom chat if you want.

Mishaal Khan: 28:48

Yeah. Sure. Go ahead.

Zach Hill: 28:50

One of the questions just for you, like, to answer officially, because it came up. Somebody said that they heard that you need a private investigator license to do OSINT. Is that true?

Mishaal Khan: 29:02

Depends on the state again. And so if you're doing physical surveillance, you definitely need a PI license. And you only need it because if you're caught, like by law enforcement, so the police pulls you up and asks you, what are you doing with a DSLR camera in your vehicle pointed to this house? You can always tell them, yeah, I'm a PI, here's my license number, whatever, I've been hired to do this, and you'll likely get away with that. If not, you'll be arrested and questioned further.

Mishaal Khan: 29:36

So that's when you need it. For OSINT, a lot of states do require it if you're doing any form of investigation, whether online or in person. But the bulk of those investigations are usually very short, very simple. It's mostly like doing stuff on a browser, and nobody will really catch you for it. The only person who will get you in trouble for not having a PI license are competitors.

Mishaal Khan: 30:03

So we like me and my company have a PI license, a general PI license. And some competitors have come after us because they've lost a deal to our client, and then they're like, do they even have a PI license to do investigations, to to run a background check on an employee and stuff? And and fortunately, we did, so they couldn't get us in trouble. But it's the competitors that'll come after you because law enforcement and others and officials, won't even know what you're doing with private companies. If if you're doing background checks or small, cases here and there, it doesn't, you know, you know, get get publicity.

Mishaal Khan: 30:44

It's only your competition that's gonna get pissed. So

Zach Hill: 30:48

And and is it harder or easier to find information like this outside of The US? They this person asking, imagine GDPR in Europe would make less of this information publicly available.

Mishaal Khan: 30:59

Oh, no. So this is easy. So if so the only place I would say it's where people think it's kind of harder is the data brokers. Like, if you go to stuff like truepeoplesearch.com or fastpeoplesearch or spokio.com, Things like that are very US based. So Data Broker and PeopleSearch websites are very specific to The US, but everything else is not.

Mishaal Khan: 31:28

Google Street View exists in The UK. They have their own government portals that have similar quote unquote vulnerabilities. They may not have voter registry lookups, but they have vehicle lookups. They have so many other things. There's geo int you could do in those countries.

Mishaal Khan: 31:44

There's social media. Most people just find the bulk of the information using Facebook and Twitter or X and stuff. So yeah, you can do the majority of OSINT in all of the countries. I've done it in quite a few countries, and I've never struggled. As long as you know the right techniques and not rely on the specific URLs and tools, you'll be fine.

Zach Hill: 32:07

Do want me to keep going and asking these questions? Or do you wanna go back to to your

Mishaal Khan: 32:12

presentation? No. Ask one more. Yeah.

Zach Hill: 32:15

Yeah. I mean, there's a couple more. A lot of them kind of related to the question that you just answered though, so I'm scrolling past them. I think you talked a little bit about AI and automation for your research, but you're you're building out more of that as you go. Correct?

Mishaal Khan: 32:31

Yeah. I mean, I don't use AI too much in OSINT because AI does not give you facts. AI hallucinates a lot, and I'm after facts. I'm after verifying information through the source. And AI is not the source, and it usually doesn't give you the source.

Mishaal Khan: 32:50

It it it's good for summaries. So the the place where I would use AI in OSINT is to summarize information. Once I have everything set, I have a path like this open. I'll put the information in, a notepad, some raw pieces of information about the person, then I'll put a lot of that into AI and say, form, like, paragraphs and summaries based on this, for me to know what's going on. Or if I can't connect the dots, there's too much disparate information, I'll put it in a PDF, and it'll be, like, you know, ten, twenty pages.

Mishaal Khan: 33:24

And I'll ask AI to kind of find me clues or ways to kind of connect the dots here if I'm unable to. But that's the extent of it. That's that's as far as I'll go.

Zach Hill: 33:36

Thank you, sir. Here. Last one. What what's the best way to protect yourself against OSINT?

Mishaal Khan: 33:43

Do something the opposite of OSINT, anti OSINT or privacy. So operationprivacy.com is what I would recommend. This is a tool created by me. It's basically a glorified dashboard which has a lot of checklists, and it's essentially all of these techniques that I go through. Like, I went through Google Street View, how to blur yourself from Google Street View.

Mishaal Khan: 34:05

I found something on Spokio, how to remove yourself from Spokio. Fast people search, remove it. So it's a lot of data removal and then a lot of privacy, a lot a lot of prevention, how to put your home under an LLC or a trust, and how not to have businesses under your home address, get a PO box, a CMRA, a FedEx, UPS address or whatever. So a lot of the infrastructure type of stuff, privacy infrastructure stuff is here as a checklist. So this is not doing the work for you.

Mishaal Khan: 34:40

It's just keeping track of all the things you should be doing, your progress, essentially. So that's what I would do long term. There's no short term solution for privacy.

Zach Hill: 34:51

Thank you, sir. Let you get back to it.

Mishaal Khan: 34:53

There's another technique. So we talked a little bit about the physical surveillance side of things. And so in OSINT, you're often trying to look for people and bad guys and stuff. Instead of permanent addresses like this, sometimes I come across temporary addresses, like a person is in a hotel and we're doing maybe surveillance on them. We need to find out what room number they're in.

Mishaal Khan: 35:16

So a perfect example, I was actually let me open up another browser tab here. VMware, I have alright. Let's go and do it in my VMware Fusion tab here. So I have Kali Linux here as a virtual machine. And let me go into Kali Linux.

Mishaal Khan: 35:36

So I was staying at this hotel yesterday. So a little bit of revealing a little bit about myself, but it's fine because I'm no longer there. So I was in this mandarinoriental.com hotel. And I noticed one thing, and this is the same thing with Marriott's and Holiday Inn's. And when when you go into the wireless part of this when you connect to the guest Wi Fi, a pop up comes here, which is their captive portal, which asks you to put in your last name and put in a room number.

Mishaal Khan: 36:10

When you do that, and if it's correct, and you hit connect, it'll go through and say, welcome, you know, you have free WiFi. If not, if you put in, you know, a random name and random number here, it will give you an error message. It'll say person not found or incorrect combination of last name and room number. So I'm like, what if I could go through every single room number? If I have a person's last name, I could find their room number.

Mishaal Khan: 36:37

And it's pretty dangerous because, you know, what if that person is a celebrity like John Cena? If I knew he was staying in a hotel and I could, you know, accurately tell what room number he's in, you know, paparazzi, you know, lurking in the halls, taking pictures of him as soon as he comes out of the room with his family. That's not desirable. Or maybe you're a politician, somebody's questioning you, or maybe you're just an important person, a CEO or whatever. I could even just lurk in the halls, and when the cleaning staff comes to open the door, I could walk in and just say, hey.

Mishaal Khan: 37:09

I'm just here to pick up my laptop and, you know, steal something from the room. They don't usually ask for ID for someone entering the room while they're cleaning it. So there are different versions of threats depending on who you are for this. And this is so easy to do. I actually did this at a at a presentation, live yesterday, and I actually, I picked on a few random people who I knew were staying in the hotel, and I basically asked them.

Mishaal Khan: 37:35

So let me do this on myself here since I'm no longer in the hotel Uh-huh. And there is no threat to start off with for me anyways. So I'll use a new tool to do this, which is not Burp Suite, but Kato. So if I could parse through all of these room numbers in a matter of seconds, that will be great. So what I do is that same web portal that you saw, I just intercepted that request using Kado.

Mishaal Khan: 38:03

And for those not familiar with Kado, it's basically Burp Suite with with less functionality, much simpler. And it's it's a newer tool. And as I use this, you'll see the power of this tool. So once I intercepted the request, what I did at the bottom of the request is, you know, the the place where it asked for last name, I put in my name, Khan, and I put in the room number. So I know the structure of the room number.

Mishaal Khan: 38:30

The first digit is a variable here, which goes from one to six because there were six floors. And then the second digit is how many rooms were on each floor. In this case, there were about 80 something, so I said, alright. Go through one through 80. So six times, you know, six floors and 80 rooms per floor, that's about 480 or something iterations that it's gonna go through.

Mishaal Khan: 38:54

And when it gets a hit, let me know. And let me make this a little bit smaller. So when I run this attack, I'll just by the way, so the the the main advantage of this over Burp Suite is once I do this, under the settings tab, I can set how fast I wanna do this. So a delay of fifty milliseconds per request, but I want 50 requests concurrently to go through. So this is gonna be really fast.

Mishaal Khan: 39:23

And if there's some error, whatever in the request, just wait one second. So it basically has no throttling built in. You you have to put in throttling yourself. It can do as many requests as you want. In the free version of Burp Suite, it's one per second.

Mishaal Khan: 39:40

So if this was 480 iterations, it would take four hundred and eighty seconds. But here, I have no limit. Now the website may have a limit. They may throttle me, but let me just run this. So as soon as I run this, it's gonna start going through all of those responses in a second.

Mishaal Khan: 39:58

There we go. It's gone through. So it's doing it in parallel, multiple responses out of order. And I can just arrange it by ID, And it's going through all all of them. So if I click on any one of these, right now, I'm in a different network.

Mishaal Khan: 40:13

And still, some of them are failing, some of them are going through a status of 200. And it's I can see the request here. It's going through Room 129 on this one, and then I can see the response. The response is basically a failure. It didn't find anything.

Mishaal Khan: 40:31

One of these will be the odd one out. Now in this example, I'm no longer in that room, so it won't find me. But look how quickly it went through all the requests. It's already at, you know, four hundred something, and any second it's about to be done. And this took about, I wanna say, thirty seconds or so or under a minute, and it's basically finished at this point.

Mishaal Khan: 40:55

So it's it's really fast. And surprisingly, the website is not throttling. So it's it's done with all the requests. So what I would do here is I actually did this yesterday, and I'll show you the results. So this was the result, 480 requests.

Mishaal Khan: 41:09

It went through all the rooms, tried my name against every single room to see if I'm staying at one of those rooms. And if I filter this, I go through response. If the response code was equal to 200 status, that was a success. In this case, it wasn't a success, it was a page that said room does not exist. So the bulk of them said that, but there was one that redirected.

Mishaal Khan: 41:35

So three or two is that redirect, and there was only one request that redirected me to another page saying, you've logged in to the hotel Wi Fi because I got the combination right. And that was, you know, 2 And 14, so Room 214. And that was the room I was in. And I tried it with a few other people who I knew at the hotel were staying, and I got all of the room numbers right. It took me fifteen seconds or so once I did the first one.

Mishaal Khan: 42:04

And this is a very powerful technique. These are some of the techniques I do use when I need to find out a person who's staying temporarily at a hotel or some other place, a furnished apartment that has a similar WiFi login. And it's great for surveillance teams. They don't have to follow you to your floor or your room. You can even do this remotely.

Mishaal Khan: 42:28

You don't even have to be in the hotel lobby to access this. All you need is that link. So I did this once with a friend of mine who's we had a surveillance, thing. We were paid to do it. And I just told him, just go to the lobby, go to the Wi Fi, and send me the link.

Mishaal Khan: 42:45

You don't need to do anything. He wasn't a hack or anything. Once I got that URL, I did it remotely. And it's such a flaw. Like, hotels should know about this.

Mishaal Khan: 42:55

They should not have that URL accessible from outside the premises, first of all. They should put throttling on this. They should not allow me to go through all these iterations so fast. And they shouldn't have such weak security where all I need to know is their last name and a room number. They should have unique passwords for each session, some other way of authentication.

Mishaal Khan: 43:21

So many lessons to be learned here from a security perspective, but that's one other way to dig for information. And one of my goals to show you this is, yeah, this is one way to to do this, but this method is basically abusing online forms. If I can do this in this Wi Fi portal, can I also do it in other portals like that Florida portal that I showed you, Florida registry lookup? I've done it on this. I've done it on many other places because I look at this as a puzzle.

Mishaal Khan: 43:56

I'm like, I I know the first name. I know the last name. I may not know the person's date of birth. I may get their day from a Facebook post where somebody, you know, said happy birthday to them or that's their day and month. I may not know the year, but I could have a guess of maybe twenty, thirty different iterations.

Mishaal Khan: 44:15

I could just run this through Burp Suite or Cato and get the exact date of birth. And, you know, the form would submit and show me the home address. Similar things could be done for so many other things. So the idea here is just to open up your mind and say and into thinking that information exists. It's just being locked behind a certain portal.

Mishaal Khan: 44:36

There's no username or password, but there is you know, you you need certain amount of OSINT based information to get more information. I've done this with Florida has a fishing registry, you know, the other fishing, the the where you catch fish, that fishing. And for the fishing license, you need a similar thing. You just need your it was actually first name, last name, date of birth, and last four of your Social Security number. So I knew a friend who had a phishing license there.

Mishaal Khan: 45:08

I'm like, can I try it on you? He's like, yeah. I'm like, don't give me your the last four of your Social Security number. There's only four numbers I need to guess. So I went through Kato.

Mishaal Khan: 45:17

I did the same thing. Within a minute or so, I unlocked that portal, and the what it unlocked was not just his home address, was his email address on file, his mobile number on file, and certain things about his payment, how he made the payment, was it Visa or whatever for his phishing license, and when it was expiring. So a lot of personal information was there, but it's it exists, and there was no login screen. There was no username password that they had you registered with. It was static information that you could not change.

Mishaal Khan: 45:49

You cannot change the last four of your Social Security number. You cannot change your name or date of birth. None of it is changeable. So to me, that's a big security flaw, which investigators like me will pick up on and, you know, use for ethical purposes to to find criminals, to find stalkers, to to to get to our goal, where where we want to be. So like I said, a lot of these things you you may or may not use, you should or shouldn't use, but my goal is to show you information exists and here's how I get it.

Mishaal Khan: 46:22

And that drives a deeper discussion around, or where's that information coming from? Maybe I could just do inspect, go in the network tab, and when I press submit, can I see an API call go through? Is that API authenticated or not? So now I'm going more technical into this. And that's how a lot of these tools are created.

Mishaal Khan: 46:43

These automation based tools, they're not submitting forms. They're just looking at the API call and just redoing the API call if there's no authentication or throttling. So I use those techniques in my course as well. And going into APIs a little bit deeper, I'll show you a simple example of let's look at so I got O'Reilly blocked me. Let's look at another one.

Mishaal Khan: 47:13

K b b, kelly blue book dot com. Access Denyana. I need to turn on I need to swap VPNs. Carvana. All of them have blocked me.

Mishaal Khan: 47:25

So these are very US specific ones, and I'm not in The US right now. But I can easily just swap VPNs, and they'll work. But let's go to GitHub. GitHub should work. So let's look at let's go in another container in GitHub.

Mishaal Khan: 47:43

But GitHub has an API as well. So if you go to github.com/repo, let's look at a popular GitHub that says signal. Too many requests. Wow. I'll show you the shortcuts.

Mishaal Khan: 48:02

Api.github.com/repos/ so this was the GoFish example. So if you wanna know more about the GoFish repo and the commits in there, just go to that API link, api.github.com, and it'll show you all the commits that were made and then the details of that commit. And some of this stuff is not shown on the web version, but it is shown on the API. So for example, if I expand all of these and I'll see email addresses. So now I see personal email addresses of the person who pushed the last commit, Jordan Wright, who maintains this repo, has his Gmail address in GitHub.

Mishaal Khan: 48:48

You can't see this on github.com, but you can if you access it through the API. And then you can see every single commit and all the other details, but I'm only after these personal email addresses that they've used for GitHub commits, which honestly, they shouldn't. There's a privacy feature in GitHub in the settings where you say hide my email address, and it'll make your email address look like something nonsense at github dot com. It'll mask it. They haven't turned on privacy, so I can see that.

Mishaal Khan: 49:19

So from an investigator's point of view, this is pretty good. If I know someone has a certain GitHub repo, they're pushing code, and I wanna get into their lives a little bit better, I can look at their Gmail address or whatever address, personal addresses they have there, and then take that address and then kinda go a little bit further deeper dive into that. So let's say this random address, and I wanna look at emails. What can I find from that particular email? There's a tool here called epeos.com, which I use.

Mishaal Khan: 49:55

And my goal here is simple. I wanna know the Google reviews of this Gmail address. And what this tool does is it allows me it it gives me the Google ID. And with that Google ID, I can formulate a URL that gives me the the link for Google Maps, and it'll show yours. This was Gmail, and if I scroll down, this is the Google ID and the Google Maps link for that.

Mishaal Khan: 50:28

So if I go to that Google Maps link with that Google ID, it shows me the full name of that person resolved from that email address and all the places that they left reviews. So they left a review in Spain, so I I can assume they were in Spain or they live in Spain. I can see a globe view of this person and see here's where they've left reviews. If this review was something like if if it wasn't a restaurant and if it was like they had their oil changed here or they had their haircut at a certain place, that's likely where they live. So I would go through those reviews and and kind of figure out, were they visiting here or do they live here?

Mishaal Khan: 51:07

So this guy's been all over, mostly Europe. So that's another form of investigation I would do. I would pivot off of, you know, simple pieces of information, go to emails, go to phone numbers, and then expand from there on. So the possibilities are vast, and I literally just randomly chose these. And some of them worked in front of you guys.

Mishaal Khan: 51:32

Some of them didn't, and I just moved on. So once you know a lot of these tricks, it just comes naturally. I I simply know where to look, and this is something that is hard to automate. AI cannot do this because I'm thinking creatively. I'm thinking outside the box.

Mishaal Khan: 51:50

I'm thinking based on experience. And I have a lot of tools in my toolset, in my bookmarks. If I do get lost, I simply just look at my bookmarks, and I'm like, alright. Have I done this? Have I gone through those other tools?

Mishaal Khan: 52:02

So due diligence plus creativity creates a very impressive investigation. Alright. I'll pause here and leave some room for some q and a as we reach the top of the hour.

Zach Hill: 52:15

Awesome. Thank you, sir. Thank you, man. So you're gonna we'll you're you're ending the session to do the q and a, just to be clear. Right?

Zach Hill: 52:24

Yeah.

Mishaal Khan: 52:24

Yeah. Awesome. Okay. Alright. We have a few minutes left.

Zach Hill: 52:27

Awesome. Yeah. So Siri had a question. I've gotta scroll back up to ask it. How is the Kaido method not unofficial pen testing?

Zach Hill: 52:40

Can they're asking if you could ask Michel to weigh in on this since he you keep saying abusing.

Mishaal Khan: 52:46

I say abusing because it's against the terms of conditions. It can be unethical. A website can block you for it. So it is I would say using if the website was meant for this. A hacker mentality is you're you're using something for some for for a certain use case that it wasn't meant to be used for.

Mishaal Khan: 53:09

When I look up vehicle records on on either GEICO or carvana.com, Carvana is giving me a VIN number. I use that VIN number for something else for for looking up vehicle history. That's not what it's for. It's to sell your vehicle. The terms and conditions clearly say this.

Mishaal Khan: 53:29

They can hold you liable for it. They can block you. They can sue you for it for DDoSing their website or DDoSing their website. If you make so many requests per second, you could bring their website down. So it is technically abusing it.

Mishaal Khan: 53:45

So I'm pretty clear on that. I'm like, yeah. Don't do it. I'm I'm not advising you to do it. I'm lit I'm just showing you a way that it can be done.

Mishaal Khan: 53:55

So don't take my advice. I'm not, you know, a legal expert. I'm not a lawyer. I'm just a person who's really good at finding stuff.

Zach Hill: 54:03

How much deeper do you go into these topics in your your course, your class?

Mishaal Khan: 54:08

I go pretty deep. So it's it's sixteen hours of this. So we we start off with, you know, something generic and showing you the basic skills that you need, and then we kinda dive deeper and deeper. And in varying scenarios, you use different techniques. There's a lot of edge cases that you would use for stuff like maybe it's just a vehicle you want or five techniques for this.

Mishaal Khan: 54:31

If it's a phone number, I got 50 techniques for that. Maybe it's a home address or the person's a coder. I have the GitHub technique. So, the techniques vary based on the pieces of information you have and what you're after. And and it's pretty vast, and it goes pretty deep.

Mishaal Khan: 54:48

But then besides just investigative techniques and stuff, I also teach other stuff like how to make sense of this information, how I do note taking, how I do formal reports, how I make money off of this, the business side of investigations, what's the potential there. Also, mind mapping, I discuss a lot of that on how I put everything on a mind map and how I prevent myself from going into rabbit holes. So all of those things matter a lot in investigations. It's not just the techniques. It's about time.

Mishaal Khan: 55:20

Like, I believe most people can do what I do if they had enough time. But how do I scale down my time and do it in one hour where others may be doing it in a few weeks? That's what I basically focus on.

Zach Hill: 55:36

There there's a lot of questions coming through. So I I know that we're not gonna be able to get to all of them. So I do apologize to y'all out there. Here's one from Matthias. As you mentioned before, methodology is key.

Zach Hill: 55:49

But when you run out of tools, where or how do you look for new alternatives?

Mishaal Khan: 55:54

That's where creativity comes in. So you're you're always looking for tools. So when I'm doing this, I'm doing Osynd almost every day of my life. Little chunks, maybe even if it's five minutes of stuff, like, the way I search for things is very different. It's like, when I'm googling stuff, I'm not just typing stuff.

Mishaal Khan: 56:12

I'm putting stuff in either quotes. I know exactly what I'm looking for. I'm doing site colon something or file type, whatever. I'm doing I'm doing proper Google working. So eventually, you know, you you collect so many techniques in your head that you realize which ones to use, which ones to ignore.

Mishaal Khan: 56:29

And when you're out of those techniques, you hit a dead end. Sure. That happens a lot. So either you just pause, table it, and focus on some other piece of information. You're like, alright.

Mishaal Khan: 56:40

I can get through this. Maybe I can later. So a lot of the times, you just rest, you know, let your mind settle, work on it the next day, and you think of new things because that's creativity. Or you ask someone else. Like, let your egos aside and ask a friend.

Mishaal Khan: 56:55

Ask another expert. You know, post the question up and say, does anyone know a method about this? I usually just ask other people in my network and say, hey. I've I've hit a roadblock. Do you know of any way to get through this?

Mishaal Khan: 57:09

And, you know, they'll give me other techniques. Even if those techniques, by the way, don't work, I'll note it down, and I'll be like, cool. Cool technique. I didn't know about this. Maybe I'll use it somewhere else.

Mishaal Khan: 57:20

So I'm always learning, and my mentality is I I don't give up. So if if I hit a roadblock, the case is not over. It's just on pause indefinitely, maybe, but it's just on pause until I can find a way in. So this way, if I'm searching for a bad guy, a predator, it's it's a matter of who gives up first. This is why most people are never caught, because the people looking for them, law enforcement or investigators, give themselves a certain amount of time.

Mishaal Khan: 57:49

I'll give one week, and if I can't catch him, that's it. He goes scot free. Well, I'll open end this thing, and I'll be like, if I can't catch him, it goes on pause. Eventually, I'll keep coming back to it and say, have I found a new technique? Maybe I can progress this further, and eventually, I'll win.

Mishaal Khan: 58:06

So it's it's a matter of who gives up first. That's how you do OSINT. That's how I recommend you do OSINT.

Zach Hill: 58:13

Can you share the link to resources again when you get a chance?

Mishaal Khan: 58:17

Sure. I'll put together all the resources I had in the tabs, and I'll just send it to you and you can

Zach Hill: 58:24

show Yeah. I'll get that to you all, as soon as I get it, and I'll put it in the, resources chat for you. And then for everybody who's asking about the recording, if you registered via Zoom, you will get a email notification about the recording. And if you wait, probably it'll probably take about a day or so for the recording to hit YouTube, and then you can rewatch it there if you'd like as well. Yeah.

Zach Hill: 58:47

And we're always in, the Discord for chat, so I'll put that link in Zoom as well. Here's a question. Do you need to record your findings such as URLs and information in the admissible way? If yes, what is the the tool that you use for that?

Mishaal Khan: 59:05

Yeah. There's a couple of tools like Hunchly and stuff available that record your browser session as you do stuff, and, you know, they they keep a track of your data. I don't use them, honestly, because I'm never required to present stuff in court. I let other people handle it better who are more experts on on that side. And there there's folks on on the forensic side that'll handle court cases and stuff.

Mishaal Khan: 59:30

It's a completely different, you know, set of skill sets you need for that, and I don't have it. So I'll just provide the information, and I'll so the the whole gist of OSUN is provide enough information with links and everything and your techniques so that anyone looking at it can recreate it. So it's no longer my problem to recreate it and save the data and stuff. Sure. I'll take screenshots and stuff.

Mishaal Khan: 59:52

I'll put it on the web archives in case it gets taken down. But my report will be thorough so that if law enforcement is looking at it or another forensics expert is looking at it, they can easily recreate it. Because if they can't recreate it, I don't consider that OSINT then. Then it's closed source because it required some special access.

Zach Hill: 01:00:13

Alright. Do you are there, like, any tools that you do pay for? I didn't hear if you mentioned that today.

Mishaal Khan: 01:00:19

Not for the normal OSINT stuff I do. I don't pay for any tool at this point. So I do have a PI license, so not me specifically, but my company does and my partner has it. So based on that, the company does. Because of the PI license, I do have access to a few other tools, like stuff like LexisNexis type of tools, but they're no better than the tools I use, the the free and open source tools.

Mishaal Khan: 01:00:49

They they just provide shortcuts of of dumps of information, and I actually go through some of those tools in my course as well. And I show people what they provide and why you don't need it in most of your OSINT work. So me being as an example, I actually have access to almost all the PI tools that are available. They're very costly. I don't use them a lot.

Mishaal Khan: 01:01:09

But I also know exactly the output of those tools, I can reverse engineer and recreate it fairly easily. And that's what I kind of document. And a lot of these other bigger OSINT tools there, they just save you time. So I'm not against them. They save you a lot of time.

Mishaal Khan: 01:01:25

Like the one I just used, the EPOs tool, which got me the Google ID so I could, you know, get that Google Maps link to see the reviews. That's a tool that I'm using, and there's a paid version of that tool as well. I can recreate it myself. It would take me five minutes to get that information, but that took me one click. So there there are plenty of tools available.

Mishaal Khan: 01:01:45

I just choose not to use them simply because I'm cheap. You know? I I wanna show people how to get to the source of the tool. So if I'm too dependent on a paid tool and then tomorrow, it's no longer $5, like, Carfax used to be $5. Now it's $45.

Mishaal Khan: 01:02:04

Now if someone was paying $5 before, they're definitely not paying $45 or they're using it much less. But in my course, I show people how you can get the same CARFAX information without paying a single dime. Look at the network tab. They actually have the information in the JSON reply. They're just not showing it on the screen, but it's actually there on in in the in the network tab.

Mishaal Khan: 01:02:27

So those are the little things. If I discover it, I'm like, yeah, I'm using that. I don't need to find a paid method for it.

Zach Hill: 01:02:34

That's really cool. I did not know that. That's so cool. So you do you go into that a little bit more than in your full class?

Mishaal Khan: 01:02:43

Yeah. No. Absolutely. I go on through most of these things, and it's quite open ended. So based on the case, the examples I go through, and then we dig deeper.

Mishaal Khan: 01:02:51

We go into little tangents with the class, people have questions, and I go quite deep into some of these things. And it's based on the technical level of the folks I'm dealing with. If they're you know, already very tech savvy, I dive straight into it. But if they're not, I take it a little easy and we eventually get there. So, yeah, it's organic.

Zach Hill: 01:03:11

Thank you, sir. If people have other questions for you, wanna get ahold of you, what

Mishaal Khan: 01:03:16

are the best ways to contact you? LinkedIn is a place where I'm active. I post a lot of stuff there. I'm responsive. If you DM me there, I will respond, you know, within a few hours usually.

Mishaal Khan: 01:03:31

That's probably the only place I'm at and only place you can contact me freely. Other than that, if you have something, you know, business related, something serious, you know, go to my official website, michellekhan.com for speaking stuff or decisiveresources.com, which is my own company. If you have, you know, actual cases where you want to hire me or my company for something, yeah, go there, set an appointment and stuff. So that's the official way of doing it. But if you just wanna connect with me and, you know, ask me simple questions, LinkedIn is the way to go.

Zach Hill: 01:04:03

Awesome. Thank you, sir. And thank you so much for sharing your time with us and and everybody else today. Was absolutely amazing and and mind blowing for sure. So if you all wanna check out more with Michel, you can check out his class coming up in Denver in February in a few weeks.

Zach Hill: 01:04:19

You can join virtually, or you can join us in person. It's up to you. But we're all super excited for it, and I can't wait to see you in Denver in a in a few weeks. Any parting thoughts before we leave?

Mishaal Khan: 01:04:31

Stay curious. Stay, you know, ethical because a lot of this information is currently being abused. And the reason why I'm so open about this is to allow and enable other folks who want to help, who want to do better in life to use this information to do good. So if anyone's ever questioning my methods and abilities and stuff, know that it's intention that drives these investigations, and I'm here to help people who have good intentions and empower them with every single piece of information I can. Don't be a gatekeeper.

Zach Hill: 01:05:11

100%, dude. I could not agree with all all any of that anymore, dude. It's phenomenal. Thank you again for being here. And, yeah, just just being you, honestly.

Zach Hill: 01:05:22

It's it's just fantastic. Like, the the amount of knowledge that you have that you just openly share with everybody is so appreciative. So thank you to for you continuing to share that knowledge. If you guys wanna stay up to date with Michel, make sure you check out his website, check out his class in Denver. If you want to stay up to date with what we have going on here at Black Hills and Anti Siphon, add powered by b h I s dot com to your favorites in your browser and you can just stay up to date with all of our, current events that we have coming on.

Zach Hill: 01:05:50

I will be, yeah, here tomorrow. Well, we'll be on the Black Hills webcast tomorrow. So hope to see you there. Otherwise, we'll see you next week for another Anticast, with Hayden Covington. So hope you all have a great week.

Zach Hill: 01:06:04

Take it easy, and see you later. Bye, everybody. Hello, fire, Ryan, Megan, whoever.