SlideShare a Scribd company logo

DEF CON 27- FINALPHOENIX - rise of the hypebots

Felipe Prado
Felipe Prado

DEF CON 27- FINALPHOENIX - rise of the hypebots

Technology
1 of 36
Download to read offline
Scripting #SWAG RISE OF THE HYPEBOTS Duct
Couldn’t buy anything due to bots Decided to enter the game in 2012 Unfortunately still in the game. Looks good tho? About Me
Why Bots? We Built the Internet For Them.
The Bots We Loved 1988 1994 1999 2007 First Internet Bot spotted on IRC AOL Releases WebCrawler IRC’s first Malicious Botnet First “large scale” HTTP botnet
Our (best) Internet [SEO] Google is not the only bot anymore. [HTML]“Readable” and Clean HTML is easy to parse [APIs] Speedy and Reliable [Capitalism] Purchasing should be easy.
Test Driven Development 1. If you’re writing tests, you’re one evil genius moment away from becoming a bot reseller 2. If your site is using unit tests, you’re making sure that your site will be easy to bot.
CAPITALISM ENCOURAGES BAD BEHAVIOR
Why We Bot Restricted supply increases demand for a heavily marketed product Speed run checkout system creates a problem that requires an optimal solution Optimal Solution: Computers using computers.
Why “They” Bot Restricted supply increases demand for a heavily marketed product Buyers market allows for space for a “grey market” to emerge to resell product. Need a vast amount of restricted product for more profit Optimal Solution: Many computers using computers
How Bots? Complex Systems Simple Answers
Types of Bots Browser Based Bot ‣ Mimics a user by loading a browser ‣ Easier to script, and harder to detect ‣ More expensive to scale Low Level Bot ‣ Uses API calls to post directly. ‣ Takes more initial upfront investment ‣ Scale to thousands easily.
Meet the Team! Monitor-Bot B Account-Bot C Buy-Bot D Sell-Bot I
WRITE A TEST
MAKE IT WORK
simple_bot.avi
A-B-C. A-ALWAYS, B-BE, C-CHECKING. ALWAYS BE CHECKING!
SIMPLE MONITOR
simple_monitor.avi goes here
MAKE IT BETTER MAKE IT BETTER MAKE IT BETTER MAKE IT BETTER MAKE IT BETTER Run all those requests through a proxy rotating proxy. Post the monitor results to a chat Sell access to that chat for $$$
MONITOR FOR PROFIT
monitor_bot.avi
complicated_bot.avi
MAKE IT BETTER MAKE IT BETTER MAKE IT BETTER MAKE IT BETTER MAKE IT BETTERMonitor multiple sites, strike many outlets, not just one. Purchase “verified” accounts in bulk. If it can be a variable, it should be. Cluster deploys increase chances.
The Economist Making a profit from hypebeasts
IF THERES
 A MARKET THERE’S A PROFIT
Our (own) Economy Account Economy - verified accounts come in packs of 500-10,000 run out of China Cook Groups - buy friends who always seem to have the information, the right configs, the right stack overflow links, and a monitoring bot. Purchasing Scripts - Prettily wrapped request with a fancy GUI
Investment Opportunities! DBuy-Bot Fun, flirty, and $1500 Can resell for profit to redditors Does it all! Dedicated support network Fancy UI made with Twitter Bootstrap! Monitor-Bot Subscriptions start at $15 Comes 3 real friends Compatible with Buy-Bot Dedicated support network Stack overflow links provided B
RESELLERS DO RESELLING
 BEST
BOT BOTS
bot_bot.avi
Future Bot And why we need to get L0L totally rand0m
We Care about (your) money. Resellers are not good consumers, often make more profit than the company does. Resellers crowding drops means that real consumers stop purchasing. Human’s perceive “fairness” and if a company isn’t fair, then why give them money?
Blacklisting? Bot Traffic Mimicks human traffic, so you’ll end up blacklisting consumers Accounts are purchased and dumped regularly Since bots are deployed in clusters and behind proxies, IPs will change each purchase (or each request) Blacklisting means creating a useless database.
MAKE IT WORSE MAKE IT WORSE MAKE IT WORSE MAKE IT WORSE MAKE IT WORSEFalse Listings confuse bots and consumers In person sales just mean in person resellers Lottery based means bots buy lotto tickets instead
Making the Web Unpredictable Again ‣ Adding entropy into your system does not mean introducing unreliability ‣ Measured unpredictability can make many tasks more difficult ‣ Let’s encrypt our process, not just our passwords.
THIS AIN’T A SCENE IT’S AN ARMS RACE

Recommended

Bot
BotBot
Bot
sjoshi2134
 
Chat Bots Presentation 8.9.16
Chat Bots Presentation 8.9.16Chat Bots Presentation 8.9.16
Chat Bots Presentation 8.9.16
Samuel Adams, MBA
 
NUS-ISS Learning Day 2019- ChatBots: All about Conversational Experiences
NUS-ISS Learning Day 2019- ChatBots: All about Conversational ExperiencesNUS-ISS Learning Day 2019- ChatBots: All about Conversational Experiences
NUS-ISS Learning Day 2019- ChatBots: All about Conversational Experiences
NUS-ISS
 
Chatbot FAQs – The Most Common Chatbot Questions Answered!
Chatbot FAQs – The Most Common Chatbot Questions Answered!Chatbot FAQs – The Most Common Chatbot Questions Answered!
Chatbot FAQs – The Most Common Chatbot Questions Answered!
Onlim GmbH
 
ChatGpt like-Brain Box.pdf
ChatGpt like-Brain Box.pdfChatGpt like-Brain Box.pdf
ChatGpt like-Brain Box.pdf
ChathuraAriyasiri
 
Chat bots
Chat botsChat bots
Chat bots
Chandulal Kavar
 
Building a Marketplace: A Checklist for Online Disruption
Building a Marketplace: A Checklist for Online DisruptionBuilding a Marketplace: A Checklist for Online Disruption
Building a Marketplace: A Checklist for Online Disruption
Sangeet Paul Choudary
 
Making a Marketplace: A Checklist for Online Disruption
Making a Marketplace: A Checklist for Online DisruptionMaking a Marketplace: A Checklist for Online Disruption
Making a Marketplace: A Checklist for Online Disruption
Nir Eyal
 

Recommended

Bot
BotBot
Bot
sjoshi2134
 
Chat Bots Presentation 8.9.16
Chat Bots Presentation 8.9.16Chat Bots Presentation 8.9.16
Chat Bots Presentation 8.9.16
Samuel Adams, MBA
 
NUS-ISS Learning Day 2019- ChatBots: All about Conversational Experiences
NUS-ISS Learning Day 2019- ChatBots: All about Conversational ExperiencesNUS-ISS Learning Day 2019- ChatBots: All about Conversational Experiences
NUS-ISS Learning Day 2019- ChatBots: All about Conversational Experiences
NUS-ISS
 
Chatbot FAQs – The Most Common Chatbot Questions Answered!
Chatbot FAQs – The Most Common Chatbot Questions Answered!Chatbot FAQs – The Most Common Chatbot Questions Answered!
Chatbot FAQs – The Most Common Chatbot Questions Answered!
Onlim GmbH
 
ChatGpt like-Brain Box.pdf
ChatGpt like-Brain Box.pdfChatGpt like-Brain Box.pdf
ChatGpt like-Brain Box.pdf
ChathuraAriyasiri
 
Chat bots
Chat botsChat bots
Chat bots
Chandulal Kavar
 
Building a Marketplace: A Checklist for Online Disruption
Building a Marketplace: A Checklist for Online DisruptionBuilding a Marketplace: A Checklist for Online Disruption
Building a Marketplace: A Checklist for Online Disruption
Sangeet Paul Choudary
 
Making a Marketplace: A Checklist for Online Disruption
Making a Marketplace: A Checklist for Online DisruptionMaking a Marketplace: A Checklist for Online Disruption
Making a Marketplace: A Checklist for Online Disruption
Nir Eyal
 
A concise guide to chatbots
A concise guide to chatbotsA concise guide to chatbots
A concise guide to chatbots
GlobalTechCouncil
 
BOT INFINITY WHITE PAPER 2023
BOT INFINITY WHITE PAPER 2023BOT INFINITY WHITE PAPER 2023
BOT INFINITY WHITE PAPER 2023
BotInfinity
 
A geek sifts through the bullshit
A geek sifts through the bullshitA geek sifts through the bullshit
A geek sifts through the bullshit
Webstock
 
Business Box AI.pdf
Business Box AI.pdfBusiness Box AI.pdf
Business Box AI.pdf
lahcenboujamaoui4
 
Makin' Chatbots — Moment
Makin' Chatbots — MomentMakin' Chatbots — Moment
Makin' Chatbots — Moment
Andrew Gold
 
What-a-Bot - SMW 2016
What-a-Bot - SMW 2016What-a-Bot - SMW 2016
What-a-Bot - SMW 2016
Ben Doran
 
Makin’ chatbots – Moment
Makin’ chatbots – MomentMakin’ chatbots – Moment
Makin’ chatbots – Moment
jacobpastrovich
 
ChatGPT Prompt Mastery: How To Leverage AI To Make Money Online
ChatGPT Prompt Mastery: How To Leverage AI To Make Money OnlineChatGPT Prompt Mastery: How To Leverage AI To Make Money Online
ChatGPT Prompt Mastery: How To Leverage AI To Make Money Online
Lucky Gods
 
"3 B2B Growth Hacking Tactics for Lead Generation" by Gilles Bertaux
"3 B2B Growth Hacking Tactics for Lead Generation" by Gilles Bertaux"3 B2B Growth Hacking Tactics for Lead Generation" by Gilles Bertaux
"3 B2B Growth Hacking Tactics for Lead Generation" by Gilles Bertaux
TheFamily
 
ChatBot Based Solutions by hizliYOL Technology
ChatBot Based Solutions by hizliYOL TechnologyChatBot Based Solutions by hizliYOL Technology
ChatBot Based Solutions by hizliYOL Technology
Aydin Ozcekic
 
Just giving charityhack2011-final
Just giving charityhack2011-finalJust giving charityhack2011-final
Just giving charityhack2011-final
David Whitney
 
Just KISST.me! Thomas Howe
Just KISST.me! Thomas HoweJust KISST.me! Thomas Howe
Just KISST.me! Thomas Howe
Alan Quayle
 
StubHub's Field Guide To Preventing Competitor Price Scraping, Unwanted Trans...
StubHub's Field Guide To Preventing Competitor Price Scraping, Unwanted Trans...StubHub's Field Guide To Preventing Competitor Price Scraping, Unwanted Trans...
StubHub's Field Guide To Preventing Competitor Price Scraping, Unwanted Trans...
G3 Communications
 
005. Magento Auction.pdf
005. Magento Auction.pdf005. Magento Auction.pdf
005. Magento Auction.pdf
IT Delight
 
ConversioBot: The AI Chatbot That Will Transform Your Website and Boost Your ...
ConversioBot: The AI Chatbot That Will Transform Your Website and Boost Your ...ConversioBot: The AI Chatbot That Will Transform Your Website and Boost Your ...
ConversioBot: The AI Chatbot That Will Transform Your Website and Boost Your ...
Raul Cruz
 
Enhancing the Customer Experience with Chatbots
Enhancing the Customer Experience with ChatbotsEnhancing the Customer Experience with Chatbots
Enhancing the Customer Experience with Chatbots
Joshua Warren
 
AI Integration with eCommerce - User Benefits
AI Integration with eCommerce - User BenefitsAI Integration with eCommerce - User Benefits
AI Integration with eCommerce - User Benefits
SynLogics Inc
 
NYC Semantic Web Meetup, Nov 2010
NYC Semantic Web Meetup, Nov 2010NYC Semantic Web Meetup, Nov 2010
NYC Semantic Web Meetup, Nov 2010
Jay Myers
 
Artificial Intelligence Virtual Assistants & Chatbots
Artificial Intelligence Virtual Assistants & ChatbotsArtificial Intelligence Virtual Assistants & Chatbots
Artificial Intelligence Virtual Assistants & Chatbots
aNumak & Company
 
Chatbots
ChatbotsChatbots
Chatbots
Michael Elborn
 
DEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directory
DEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directoryDEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directory
DEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directory
Felipe Prado
 
DEF CON 24 - Bertin Bervis and James Jara - exploiting and attacking seismolo...
DEF CON 24 - Bertin Bervis and James Jara - exploiting and attacking seismolo...DEF CON 24 - Bertin Bervis and James Jara - exploiting and attacking seismolo...
DEF CON 24 - Bertin Bervis and James Jara - exploiting and attacking seismolo...
Felipe Prado
 

More Related Content

Similar to DEF CON 27- FINALPHOENIX - rise of the hypebots

ChatGPT Prompt Mastery: How To Leverage AI To Make Money Online
ChatGPT Prompt Mastery: How To Leverage AI To Make Money OnlineChatGPT Prompt Mastery: How To Leverage AI To Make Money Online
ChatGPT Prompt Mastery: How To Leverage AI To Make Money Online
Lucky Gods
 
Just KISST.me! Thomas Howe
Just KISST.me! Thomas HoweJust KISST.me! Thomas Howe
Just KISST.me! Thomas Howe
Alan Quayle
 

Similar to DEF CON 27- FINALPHOENIX - rise of the hypebots (20)

A concise guide to chatbots
A concise guide to chatbotsA concise guide to chatbots
A concise guide to chatbots
 
BOT INFINITY WHITE PAPER 2023
BOT INFINITY WHITE PAPER 2023BOT INFINITY WHITE PAPER 2023
BOT INFINITY WHITE PAPER 2023
 
A geek sifts through the bullshit
A geek sifts through the bullshitA geek sifts through the bullshit
A geek sifts through the bullshit
 
Business Box AI.pdf
Business Box AI.pdfBusiness Box AI.pdf
Business Box AI.pdf
 
Makin' Chatbots — Moment
Makin' Chatbots — MomentMakin' Chatbots — Moment
Makin' Chatbots — Moment
 
What-a-Bot - SMW 2016
What-a-Bot - SMW 2016What-a-Bot - SMW 2016
What-a-Bot - SMW 2016
 
Makin’ chatbots – Moment
Makin’ chatbots – MomentMakin’ chatbots – Moment
Makin’ chatbots – Moment
 
ChatGPT Prompt Mastery: How To Leverage AI To Make Money Online
ChatGPT Prompt Mastery: How To Leverage AI To Make Money OnlineChatGPT Prompt Mastery: How To Leverage AI To Make Money Online
ChatGPT Prompt Mastery: How To Leverage AI To Make Money Online
 
"3 B2B Growth Hacking Tactics for Lead Generation" by Gilles Bertaux
"3 B2B Growth Hacking Tactics for Lead Generation" by Gilles Bertaux"3 B2B Growth Hacking Tactics for Lead Generation" by Gilles Bertaux
"3 B2B Growth Hacking Tactics for Lead Generation" by Gilles Bertaux
 
ChatBot Based Solutions by hizliYOL Technology
ChatBot Based Solutions by hizliYOL TechnologyChatBot Based Solutions by hizliYOL Technology
ChatBot Based Solutions by hizliYOL Technology
 
Just giving charityhack2011-final
Just giving charityhack2011-finalJust giving charityhack2011-final
Just giving charityhack2011-final
 
Just KISST.me! Thomas Howe
Just KISST.me! Thomas HoweJust KISST.me! Thomas Howe
Just KISST.me! Thomas Howe
 
StubHub's Field Guide To Preventing Competitor Price Scraping, Unwanted Trans...
StubHub's Field Guide To Preventing Competitor Price Scraping, Unwanted Trans...StubHub's Field Guide To Preventing Competitor Price Scraping, Unwanted Trans...
StubHub's Field Guide To Preventing Competitor Price Scraping, Unwanted Trans...
 
005. Magento Auction.pdf
005. Magento Auction.pdf005. Magento Auction.pdf
005. Magento Auction.pdf
 
ConversioBot: The AI Chatbot That Will Transform Your Website and Boost Your ...
ConversioBot: The AI Chatbot That Will Transform Your Website and Boost Your ...ConversioBot: The AI Chatbot That Will Transform Your Website and Boost Your ...
ConversioBot: The AI Chatbot That Will Transform Your Website and Boost Your ...
 
Enhancing the Customer Experience with Chatbots
Enhancing the Customer Experience with ChatbotsEnhancing the Customer Experience with Chatbots
Enhancing the Customer Experience with Chatbots
 
AI Integration with eCommerce - User Benefits
AI Integration with eCommerce - User BenefitsAI Integration with eCommerce - User Benefits
AI Integration with eCommerce - User Benefits
 
NYC Semantic Web Meetup, Nov 2010
NYC Semantic Web Meetup, Nov 2010NYC Semantic Web Meetup, Nov 2010
NYC Semantic Web Meetup, Nov 2010
 
Artificial Intelligence Virtual Assistants & Chatbots
Artificial Intelligence Virtual Assistants & ChatbotsArtificial Intelligence Virtual Assistants & Chatbots
Artificial Intelligence Virtual Assistants & Chatbots
 
Chatbots
ChatbotsChatbots
Chatbots
 

More from Felipe Prado

More from Felipe Prado (20)

DEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directory
DEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directoryDEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directory
DEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directory
 
DEF CON 24 - Bertin Bervis and James Jara - exploiting and attacking seismolo...
DEF CON 24 - Bertin Bervis and James Jara - exploiting and attacking seismolo...DEF CON 24 - Bertin Bervis and James Jara - exploiting and attacking seismolo...
DEF CON 24 - Bertin Bervis and James Jara - exploiting and attacking seismolo...
 
DEF CON 24 - Tamas Szakaly - help i got ants
DEF CON 24 - Tamas Szakaly - help i got antsDEF CON 24 - Tamas Szakaly - help i got ants
DEF CON 24 - Tamas Szakaly - help i got ants
 
DEF CON 24 - Ladar Levison - compelled decryption
DEF CON 24 - Ladar Levison - compelled decryptionDEF CON 24 - Ladar Levison - compelled decryption
DEF CON 24 - Ladar Levison - compelled decryption
 
DEF CON 24 - Clarence Chio - machine duping 101
DEF CON 24 - Clarence Chio - machine duping 101DEF CON 24 - Clarence Chio - machine duping 101
DEF CON 24 - Clarence Chio - machine duping 101
 
DEF CON 24 - Chris Rock - how to overthrow a government
DEF CON 24 - Chris Rock - how to overthrow a governmentDEF CON 24 - Chris Rock - how to overthrow a government
DEF CON 24 - Chris Rock - how to overthrow a government
 
DEF CON 24 - Fitzpatrick and Grand - 101 ways to brick your hardware
DEF CON 24 - Fitzpatrick and Grand - 101 ways to brick your hardwareDEF CON 24 - Fitzpatrick and Grand - 101 ways to brick your hardware
DEF CON 24 - Fitzpatrick and Grand - 101 ways to brick your hardware
 
DEF CON 24 - Rogan Dawes and Dominic White - universal serial aBUSe remote at...
DEF CON 24 - Rogan Dawes and Dominic White - universal serial aBUSe remote at...DEF CON 24 - Rogan Dawes and Dominic White - universal serial aBUSe remote at...
DEF CON 24 - Rogan Dawes and Dominic White - universal serial aBUSe remote at...
 
DEF CON 24 - Jay Beale and Larry Pesce - phishing without frustration
DEF CON 24 - Jay Beale and Larry Pesce - phishing without frustrationDEF CON 24 - Jay Beale and Larry Pesce - phishing without frustration
DEF CON 24 - Jay Beale and Larry Pesce - phishing without frustration
 
DEF CON 24 - Gorenc Sands - hacker machine interface
DEF CON 24 - Gorenc Sands - hacker machine interfaceDEF CON 24 - Gorenc Sands - hacker machine interface
DEF CON 24 - Gorenc Sands - hacker machine interface
 
DEF CON 24 - Allan Cecil and DwangoAC - tasbot the perfectionist
DEF CON 24 - Allan Cecil and DwangoAC - tasbot the perfectionistDEF CON 24 - Allan Cecil and DwangoAC - tasbot the perfectionist
DEF CON 24 - Allan Cecil and DwangoAC - tasbot the perfectionist
 
DEF CON 24 - Rose and Ramsey - picking bluetooth low energy locks
DEF CON 24 - Rose and Ramsey - picking bluetooth low energy locksDEF CON 24 - Rose and Ramsey - picking bluetooth low energy locks
DEF CON 24 - Rose and Ramsey - picking bluetooth low energy locks
 
DEF CON 24 - Rich Mogull - pragmatic cloud security
DEF CON 24 - Rich Mogull - pragmatic cloud securityDEF CON 24 - Rich Mogull - pragmatic cloud security
DEF CON 24 - Rich Mogull - pragmatic cloud security
 
DEF CON 24 - Grant Bugher - Bypassing captive portals
DEF CON 24 - Grant Bugher - Bypassing captive portalsDEF CON 24 - Grant Bugher - Bypassing captive portals
DEF CON 24 - Grant Bugher - Bypassing captive portals
 
DEF CON 24 - Patrick Wardle - 99 problems little snitch
DEF CON 24 - Patrick Wardle - 99 problems little snitchDEF CON 24 - Patrick Wardle - 99 problems little snitch
DEF CON 24 - Patrick Wardle - 99 problems little snitch
 
DEF CON 24 - Plore - side -channel attacks on high security electronic safe l...
DEF CON 24 - Plore - side -channel attacks on high security electronic safe l...DEF CON 24 - Plore - side -channel attacks on high security electronic safe l...
DEF CON 24 - Plore - side -channel attacks on high security electronic safe l...
 
DEF CON 24 - Six Volts and Haystack - cheap tools for hacking heavy trucks
DEF CON 24 - Six Volts and Haystack - cheap tools for hacking heavy trucksDEF CON 24 - Six Volts and Haystack - cheap tools for hacking heavy trucks
DEF CON 24 - Six Volts and Haystack - cheap tools for hacking heavy trucks
 
DEF CON 24 - Dinesh and Shetty - practical android application exploitation
DEF CON 24 - Dinesh and Shetty - practical android application exploitationDEF CON 24 - Dinesh and Shetty - practical android application exploitation
DEF CON 24 - Dinesh and Shetty - practical android application exploitation
 
DEF CON 24 - Klijnsma and Tentler - stargate pivoting through vnc
DEF CON 24 - Klijnsma and Tentler - stargate pivoting through vncDEF CON 24 - Klijnsma and Tentler - stargate pivoting through vnc
DEF CON 24 - Klijnsma and Tentler - stargate pivoting through vnc
 
DEF CON 24 - Antonio Joseph - fuzzing android devices
DEF CON 24 - Antonio Joseph - fuzzing android devicesDEF CON 24 - Antonio Joseph - fuzzing android devices
DEF CON 24 - Antonio Joseph - fuzzing android devices
 

Recently uploaded

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Roshan Dwivedi
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 

Recently uploaded (20)

MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 

DEF CON 27- FINALPHOENIX - rise of the hypebots

  • 2. Couldn’t buy anything due to bots Decided to enter the game in 2012 Unfortunately still in the game. Looks good tho? About Me
  • 3. Why Bots? We Built the Internet For Them.
  • 4. The Bots We Loved 1988 1994 1999 2007 First Internet Bot spotted on IRC AOL Releases WebCrawler IRC’s first Malicious Botnet First “large scale” HTTP botnet
  • 5. Our (best) Internet [SEO] Google is not the only bot anymore. [HTML]“Readable” and Clean HTML is easy to parse [APIs] Speedy and Reliable [Capitalism] Purchasing should be easy.
  • 6. Test Driven Development 1. If you’re writing tests, you’re one evil genius moment away from becoming a bot reseller 2. If your site is using unit tests, you’re making sure that your site will be easy to bot.
  • 8. Why We Bot Restricted supply increases demand for a heavily marketed product Speed run checkout system creates a problem that requires an optimal solution Optimal Solution: Computers using computers.
  • 9. Why “They” Bot Restricted supply increases demand for a heavily marketed product Buyers market allows for space for a “grey market” to emerge to resell product. Need a vast amount of restricted product for more profit Optimal Solution: Many computers using computers
  • 11. Types of Bots Browser Based Bot ‣ Mimics a user by loading a browser ‣ Easier to script, and harder to detect ‣ More expensive to scale Low Level Bot ‣ Uses API calls to post directly. ‣ Takes more initial upfront investment ‣ Scale to thousands easily.
  • 12. Meet the Team! Monitor-Bot B Account-Bot C Buy-Bot D Sell-Bot I
  • 16. A-B-C. A-ALWAYS, B-BE, C-CHECKING. ALWAYS BE CHECKING!
  • 19. MAKE IT BETTER MAKE IT BETTER MAKE IT BETTER MAKE IT BETTER MAKE IT BETTER Run all those requests through a proxy rotating proxy. Post the monitor results to a chat Sell access to that chat for $$$
  • 23. MAKE IT BETTER MAKE IT BETTER MAKE IT BETTER MAKE IT BETTER MAKE IT BETTERMonitor multiple sites, strike many outlets, not just one. Purchase “verified” accounts in bulk. If it can be a variable, it should be. Cluster deploys increase chances.
  • 24. The Economist Making a profit from hypebeasts
  • 26. Our (own) Economy Account Economy - verified accounts come in packs of 500-10,000 run out of China Cook Groups - buy friends who always seem to have the information, the right configs, the right stack overflow links, and a monitoring bot. Purchasing Scripts - Prettily wrapped request with a fancy GUI
  • 27. Investment Opportunities! DBuy-Bot Fun, flirty, and $1500 Can resell for profit to redditors Does it all! Dedicated support network Fancy UI made with Twitter Bootstrap! Monitor-Bot Subscriptions start at $15 Comes 3 real friends Compatible with Buy-Bot Dedicated support network Stack overflow links provided B
  • 31. Future Bot And why we need to get L0L totally rand0m
  • 32. We Care about (your) money. Resellers are not good consumers, often make more profit than the company does. Resellers crowding drops means that real consumers stop purchasing. Human’s perceive “fairness” and if a company isn’t fair, then why give them money?
  • 33. Blacklisting? Bot Traffic Mimicks human traffic, so you’ll end up blacklisting consumers Accounts are purchased and dumped regularly Since bots are deployed in clusters and behind proxies, IPs will change each purchase (or each request) Blacklisting means creating a useless database.
  • 34. MAKE IT WORSE MAKE IT WORSE MAKE IT WORSE MAKE IT WORSE MAKE IT WORSEFalse Listings confuse bots and consumers In person sales just mean in person resellers Lottery based means bots buy lotto tickets instead
  • 35. Making the Web Unpredictable Again ‣ Adding entropy into your system does not mean introducing unreliability ‣ Measured unpredictability can make many tasks more difficult ‣ Let’s encrypt our process, not just our passwords.