OSINT Tracing: The John Click Case

OSINT Tracking: The John Click Case

In this lab, you’ll apply real OSINT (Open Source Intelligence) techniques to track down a possible digital attacker. It all starts with a simple clue: a username.

An individual using the alias johnclick1337 posted a phishing threat on a forum. The post was quickly removed, but an investigator managed to capture the username before it disappeared.

Your mission as a cybersecurity analyst is to track down the suspect, investigate their public presence on the Internet, and uncover their personal email address.

In this lab, you will learn:

• Searching for usernames across open sources
• Analyzing public profiles
• Extracting relevant metadata

🌱 How to Start This Lab

👉 This challenge is solved from your browser, but the final validation is done inside the brokendb virtual machine.

1. If you don't have it yet, download the virtual machine from this link:

1https://storage.googleapis.com/cybersecurity-machines/brokendb-lab.ova

1. Import the virtual machine into VirtualBox or VMware.
2. Start the VM and log in as the user student:4geeks-lab.

Mission

Investigate the digital footprint of the username johnclick1337. Uncover their real identity and find their personal email address.

Validation

Once you believe you've found John Click's real email address, validate it from the brokendb virtual machine terminal by executing the following command:

1validate-email

When prompted, enter the exact email address. If it’s correct, you’ll find what you’re looking for.

This challenge simulates a real case where a digital threat leaves subtle traces on the web. It's not just about searching, but about reading between the lines and connecting scattered profiles to form an identity.

Are you ready to think like a true intelligence analyst?

Good luck, Analyst!