2010 za con_roelof_temmingh
Post on 18-Aug-2015
9 Views
Preview:
TRANSCRIPT
Introduction Roelof Temmingh ..blah blah..
Google if you are really interested.
Sometimes I wish people could cut the BS from their talks and get straight to the point
So...let’s try 3 talks
45 minutes
ZaCon exclusive...;)
Talk 1 – things I wanted Andrew to do in his free time, which he did not* Ideas I had that *might* have merit, but that
needs more thinkering and tinkering.
The hope is to inspire and encourage.
Explore on your own!
* ...because he built a webcam with his Arduino board
Talk 1.1 – Automated social engineering Mail thread injection From: Pieter Parnas (pieterp@absa.co.za) <pieterp@absa.co.za> To: Oubaas Pretorius (oubaasp@absa.co.za) <oubaasp@absa.co.za> CC: Benny Bruckwurm (bennyb@absa.co.za)<bennieb@absa.co.za>, Karel Kroukamp
(karelk@absa.co.za) <karelk@absa.co.za>, Danie Dempsey (danied@absa.co.za) <danied@bsa.co.za>, Teuns Toerien (teunst@absa.co.za) <teunst@absa.co.za>
Subject: Re: Performance reviews sheets
Please make sure that you email your quarterly performance reviews to me before the end of this week.
Oubaas – Adele is just calculating the bonuses and then mine will be ready.
Regards, Pieter
Many mail clients don’t show <>s Most peolpe don’t see tehm aywnay Wait and catch the replies.. Trick is timing and providing context
Talk 1.1 – Automated social engineering
Check out Derren Brown’s NLP techniques Hacking the mind really
Apply it online...
Test your online personal security website Complete our survey and we will mail you a report!
How many different ATMs do you use in a month?
Which of the following social networks do you use?
Do you use I.M.? Do you have a credit card?
Test your password strength here ○ Timing considerations...
Talk 1.2 – Scan the entire Internet
For every IP on the Internet determine: Open ports
Services ○ If web, WebTech
Traceroute to it
Reverse DNS
Whois per network
Optimize, optimize (this is the fun stuff) Is it real? (unicast, multicast / private) Is it routed? Blocking together (AS, routed etc.) Portscan - async Traceroute – async, with hop count in the body
Talk 1.2 – Scan the Internet But why is this interesting at all?
Better geo location tracking Consider traceroute:
○ Japan Japan Japan Japan US – I don’t think so
Triangulation anyone? ○ Eish... it aint easy
Instant list of vulnerable servers Read open ports, reverse DNS, services from
dB Profit!
Reverse whois on netblocks It was done before – in 1999. Caused kak...
Talk 1.3 – Storing data in a pipe
Super secret stuff ... we all have it... Don’t want to store on file, or physical print
Even encrypted
Store it INSIDE the inter tubes Difference between latency and bandwidth
Latency: length of the pipe Bandwidth: Thickness of the pipe
We want – high bandwidth, high latency Like a satellite link
300 ms delay 0.33s x 4Mbit/s = 1.32Mbit of space inside the pipe...
Talk 1.3 – Storing data in a pipe
Think of ICMP ping
Just in one way ... Gets sent to another agent
... Somewhere – to another agent
Agent discovery etc..
Retrieving the message ‘client’ sends retrieval message for message ID
Probably not time critical
Needs some more thought!
Talk 1.4 – Start your own business
Resolving social network membership Scraping means maintaining
Mechanize and Soup and friends
Need some balls – against TOU
Gap in the market Real time Friends
Clients! Profit! $1K – $7.5K per month
Talk 2 – things Andrew actually did at work Made really good tea..
Andrew makes a wicked cup of tea
Worked on shit hot stuff: Facebook + NER + other Maltego magic = win!
TDS – allowing everyone else to write funky transforms
Facebook + NER + Maltego
CMS detection etc + TDS + Maltego
TDS – Transform Distribution Server Look at website, right hand side:
“Your data, your Maltego”
Yeah right...I suspect I’ll be out of time... Speak to me outside/coffee/lunch
Questions?
top related