Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

(ISC)2 Security Congress EMEA. You are being watched.

304 views

Published on

Segunda edición del (ISC)2 Security Congress EMEA celebrado en Munich (Alemania). Vicente Aguilera presenta su ponencia: “Your are beging watched...” en la que se habla de los problemas de privacidad existentes en las redes sociales, y dónde presenta una nueva versión de su ya famosa herramienta Tinfoleak, realizando una demostración en directo sobre cómo extraer información y actividad relevante de los usuarios de Twitter y cómo explotar esta información en el mundo real. Esta ponencia forma parte del Track "Technology, Business and the Future".

Published in: Internet
  • Be the first to comment

  • Be the first to like this

(ISC)2 Security Congress EMEA. You are being watched.

  1. 1. Su Seguridad es Nuestro Éxito You are being watched... Vicente Aguilera Díaz CISSP, CSSLP, CISA, ITILF, PCI ASV, CEH, ECSP, OPST, OPSA Audit Manager – Internet Security Auditors Chapter Leader - OWASP Spain @VAguileraDiaz vaguilera@isecauditors.com www.vicenteaguileradiaz.com
  2. 2. Agenda 1. Introduction • Who am I? • What I bring you? 2. Live demo • Tinfoleak (new version!) • Exploiting Twitter activity – … for social engineers – … for pentesters – … for digital surveillance – … for everyone 3. Conclusions • What I expect in the future?
  3. 3. Who I am? You are being watched…
  4. 4. Vicente Aguilera Díaz CISSP, CSSLP, CISA, ITILF, PCI ASV, CEH, ECSP, OPST, OPSA Partner. Audit Manager, Internet Security Auditors OWASP Spain Chapter Leader Member of the Technical Advisory Board, RedSeguridad magazine Member of the Cybersecuritics Research Group, UNIR www.vicenteaguileradiaz.com You are being watched…
  5. 5. What I bring you? You are being watched…
  6. 6. Tinfoleak • Tool (new version!), writed in Python • Exploits Twitter activity • #OSINT #stalker #privacy #security #socialengineering • Requirements: – Python – OAuth access token – Tweepy – Jinja2 • Can be executed in mobile devices • Included in Linux Distros: CAINE and BlackArch • Download: www.vicenteaguileradiaz.com/tools You are being watched…
  7. 7. Two execution modes: • Specific mode – Analyzes activity and information for a specific @user – Example: where is the house of this person? • Generic mode – Analyzes activity and information from a general point of view – Example: which users are in this manifestation? You are being watched…
  8. 8. Main features: • Getting basic account information • Identification of devices, operating systems, applications and social networks used by a user • Topics covered by users • User friends and relations between them • Advanced search in the users timeline • Metadata extraction from images • Download media content • Geolocation analysis and representation • Output report in HTML You are being watched…
  9. 9. Live demo You are being watched…
  10. 10. What I expect in the future? You are being watched…
  11. 11. In the near future • Implants for permanent Internet connection – in the brain? • Exclusive (secret/private) social networks – Terrorists, VIP, others • Predictions of user actions – what day you will meet your perfect wife? • Disease prediction – what is your life expectancy? • Difficulty to maintain the user privacy – priority from a security point of view You are being watched…
  12. 12. References You are being watched…
  13. 13. • Tinfoleak – www.vicenteaguileradiaz.com/tools • Tweepy – Python library for accessing the Twitter API – www.tweepy.org • Jinja2 – Python template engine – jinja.pocoo.org • Oauth – Authorization framework – oauth.net • CAINE – Computer Forensics Linux Live Distro – www.caine-live.net • BlackArch – Arch Linux-based Distro for Pentesting – blackarch.org You are being watched…
  14. 14. Thank you very much! Some questions? You are being watched…
  15. 15. Su Seguridad es Nuestro Éxito C. Santander, 101. Edif. A. 2º E-08030 Barcelona (Spain) Tel.: +34 93 305 13 18 Fax: +34 93 278 22 48 C. Arequipa, 1 E-28043 Madrid (Spain) Tel.: +34 91 763 40 47 Fax: +34 91 382 03 96 info@isecauditors.com www.isecauditors.com Su Seguridad es Nuestro Éxito C. Santander, 101. Edif. A. 2º E-08030 Barcelona (Spain) Tel.: +34 93 305 13 18 Fax: +34 93 278 22 48 C. Arequipa, 1 E-28043 Madrid (Spain) Tel.: +34 91 763 40 47 Fax: +34 91 382 03 96 Calle 90 #12-28 Cundinamarca – Bogotá (Colombia) Tel.: +57 (1) 638 68 88 Fax: +57 (1) 638 68 88 info@isecauditors.com www.isecauditors.com

×