bo0om - deanonymization and total espionage (zeronights, 2014)

Deanonymization and total espionage

Dmitry «Bo0oM» Boomov

Tits and

kittens.

Hopefully, now

you like my

report.

Deanonymization

Passive Active

Password retrieval

Getting information from email

Getting information from phone. Viber

Getting information from phone. Whatsapp

Getting information from phone. Banks

Getting information from phone

http://numbuster.com/

Find friends

← Anonist

https://developers.facebook.com/

https://vk.com/editapp?act=create

Demo: bo0om.ru/zn2014/vk/1/

Online users

https://letters.yandex.ru/promo

Clickjacking

CSRF + XSS + BUGS = PROFIT

Click, click…

<a href='tel://1234567890'>Click me</a>

Callback

Thx @black2fan ;)

Social detector

Demo: bo0om.ru/zn2014/sd/

Вate of birth

Nicknames

Friends and relatives

Tinfoleak

http://vicenteaguileradiaz.com/tools/

Analytics

Banners

Social buttons

BIG DATA

http://bo0om.ru/zn2014/wtf/

https://maps.google.com/locationhistory/

Cookie Matching

Specifically, when creating a new cookie, it uses the following storage mechanisms when available:

- Standard HTTP Cookies - Local Shared Objects (Flash Cookies)- Silverlight Isolated Storage - Storing cookies in RGB values of auto-generated, force-cached PNGs using HTML5 Canvas tag to read pixels (cookies) back out- Storing cookies in Web History - Storing cookies in HTTP ETags - Storing cookies in Web cache - window.name caching

- Internet Explorer userData storage- HTML5 Session Storage - HTML5 Local Storage - HTML5 Global Storage - HTML5 Database Storage via SQLite- HTML5 IndexedDB

- Java JNLP PersistenceService- Java CVE-2013-0422 exploit (applet sandbox escaping)

http://samy.pl/evercookie/

Js: onflash: on

Js: offflash: off

Providers

http://imarker.ru/

Twi: @i_bo0om

bo0om - deanonymization and total espionage (zeronights, 2014)

Technology

blackbox analysis of ios apps - zeronights · blackbox...

malign machine learning models - zeronights ·...

deobfuscation and beyond (zeronights, 2014)

telecom security from ss7 to all ip all-open-v3-zeronights

zeronights 2016 | a blow under the belt. how to avoid...

circuit fingerprinting attacks: passive deanonymization of...

Дмитрий 'bo0om' Бумов, security meetup 4...

deserialization vulns - zeronights 2017 · 2017-11-27 ·...

deanonymization and linkability of cryptocurrency ... · i...

testing of password policy anton dedov zeronights 2013

circuit fingerprinting attacks: passive deanonymization of...

sergey belov - zeronights

volgactf | bo0om - dns and attacks

bo0om - there's nothing so permanent as temporary (phdays...

zeronights: automating ios blackbox security scanning

hacking elasticsearch - zeronights 2016 · pdf filewhat is...

april 2018 deanonymization...

zeronights 2019 — zeronights 2019 - cisco asa: from 0 to...

zeronights-2013: topgun multi-terabit dpi

dbi:intro - zeronights...