2. Introduction
Roelof Temmingh ..blah blah..
Google if you are really interested.
Sometimes I wish people could cut the BS
from their talks and get straight to the point
So...let’s try
3 talks
45 minutes
ZaCon exclusive...;)
3. Talk 1 – things I wanted Andrew
to do in his free time, which he
did not*
Ideas I had that *might* have merit, but that
needs more thinkering and tinkering.
The hope is to inspire and encourage.
Explore on your own!
* ...because he built a webcam with his Arduino board
4. Talk 1.1 – Automated social
engineering Mail thread injection
From: Pieter Parnas (pieterp@absa.co.za) <pieterp@absa.co.za>
To: Oubaas Pretorius (oubaasp@absa.co.za) <oubaasp@absa.co.za>
CC: Benny Bruckwurm (bennyb@absa.co.za)<bennieb@absa.co.za>, Karel Kroukamp
(karelk@absa.co.za) <karelk@absa.co.za>, Danie Dempsey (danied@absa.co.za)
<danied@bsa.co.za>, Teuns Toerien (teunst@absa.co.za) <teunst@absa.co.za>
Subject: Re: Performance reviews sheets
Please make sure that you email your quarterly
performance reviews to me before the end of this
week.
Oubaas – Adele is just calculating the bonuses and then mine will be ready.
Regards,
Pieter
Many mail clients don’t show <>s
Most peolpe don’t see tehm aywnay
Wait and catch the replies..
Trick is timing and providing context
5. Talk 1.1 – Automated social
engineering
Check out Derren Brown’s NLP techniques
Hacking the mind really
Apply it online...
Test your online personal security website
Complete our survey and we will mail you a report!
How many different ATMs do you use in a month?
Which of the following social networks do you use?
Do you use I.M.?
Do you have a credit card?
Test your password strength here
○ Timing considerations...
6. Talk 1.2 – Scan the entire
Internet
For every IP on the Internet determine:
Open ports
Services
○ If web, WebTech
Traceroute to it
Reverse DNS
Whois per network
Optimize, optimize (this is the fun stuff)
Is it real? (unicast, multicast / private)
Is it routed?
Blocking together (AS, routed etc.)
Portscan - async
Traceroute – async, with hop count in the body
7. Talk 1.2 – Scan the Internet
But why is this interesting at all?
Better geo location tracking
Consider traceroute:
○ Japan Japan Japan Japan US – I don’t think so
Triangulation anyone?
○ Eish... it aint easy
Instant list of vulnerable servers
Read open ports, reverse DNS, services from
dB
Profit!
Reverse whois on netblocks
It was done before – in 1999. Caused kak...
8. Talk 1.3 – Storing data in a
pipe Super secret stuff ... we all have it...
Don’t want to store on file, or physical print
Even encrypted
Store it INSIDE the inter tubes
Difference between latency and bandwidth
Latency: length of the pipe
Bandwidth: Thickness of the pipe
We want – high bandwidth, high latency
Like a satellite link
300 ms delay
0.33s x 4Mbit/s = 1.32Mbit of space inside the pipe...
9. Talk 1.3 – Storing data in a
pipe
Think of ICMP ping
Just in one way
... Gets sent to another agent
... Somewhere – to another agent
Agent discovery etc..
Retrieving the message
‘client’ sends retrieval message for message ID
Probably not time critical
Needs some more thought!
10. Talk 1.4 – Start your own
business
Resolving social network membership
Scraping means maintaining
Mechanize and Soup and friends
Need some balls – against TOU
Gap in the market
Real time
Friends
Clients! Profit!
$1K – $7.5K per month
11. Talk 2 – things Andrew actually
did at work
Made really good tea..
Andrew makes a wicked cup of tea
Worked on shit hot stuff:
Facebook + NER + other Maltego magic = win!
TDS – allowing everyone else to write funky
transforms