People Are the Perimeter
Technical controls fail when credentials leak, employees reuse passwords, or a help desk resets an account without verification. OSINT employee enumeration maps the human attack surface before you send a single packet to the network.
What to Collect
- Full names, job titles, and departments
- Corporate email patterns (first.last@, flast@, etc.)
- LinkedIn profiles and technology stack hints
- Phone numbers for MFA bypass research (authorized only)
- Breach exposure indicators per employee
HackFast OSINT Map Workflow
- Search company name or domain in OSINT Map
- Browse paginated results (50 per page) with breach flags on employee cards
- Bookmark high-value targets — IT admins, executives, devops engineers
- Saved Employees appear grouped by company in Report Builder library
- Press Tab in Chats to mention a saved person with full context
Breach Data Integration
HackFast shows automatic breach indicators on employee cards while browsing. Leak results highlight the person first with an expandable company leak browser. Cross-reference with CredCruncher for exact email matches instead of broad domain results.
Educational: Email Pattern Derivation
Once you confirm one email format, derive others:
Known: john.smith@acme.com
Pattern: {first}.{last}@acme.com
Derived: jane.doe@acme.com, mike.johnson@acme.com
Test with CredCruncher exact email search before password spray.Legal and Ethical Boundaries
Only collect publicly available or authorized data. OSINT for penetration testing must stay within scope and applicable privacy laws. Document sources and minimize retention of personal data not relevant to findings.
Map the Organization Before You Attack It
Employee enumeration feeds credential attacks, social engineering assessments, and realistic attack chains. HackFast OSINT Map centralizes that intel and connects it to CredCruncher, Chats, and Report Builder.
Start OSINT: Search a company in HackFast OSINT Map and bookmark your first employee.