Ulisses Albuquerque, profile picture
Uploaded byUlisses Albuquerque
551 views

Using Online Activity as Digital Fingerprints to Create a Better Spear Phisher

The document discusses using online activity as digital fingerprints to improve spear phishing techniques, with a focus on using social network data and natural language processing. It introduces 'μphisher,' an open-source tool developed to collect and analyze social media data to profile potential targets for phishing. The document outlines the methodology, challenges, and future improvements for the tool and its application in cybersecurity.

Embed presentation

Using Online Activity as Digital Fingerprints to Create a Better Spear Phisher Joaquim Espinhara and Ulisses Albuquerque JEspinhara@trustwave.com UAlbuquerque@trustwave.com
• Introduction • Motivation • Background • HowStuffWorks • µphisher • Demo • Future Work • Conclusion Agenda
• Joaquim Espinhara – Security Consultant at Trustwave Spiderlabs • Ulisses Albuquerque – Coder for offense & defense… as long as it’s fun! – Lab Manager at Trustwave Spiderlabs About us
INTRODUCTION
OUR MOTIVATION
• Why? • Tools available Our Motivation
BACKGROUND
• Social Networks • Social Engineering • Data Pre-Processing • Natural Language Processing - NLP Background
• Social Networks Background Facebook Twitter LinkedIn Others
• Social Networks – Communication channel for keeping in touch with someone (Facebook, Twitter) – Media sharing (Instagram) – Specialized networks (Foursquare, GetGlue, TripIt) Background
• Social Engineering – Phishing Background http://www.d00med.net/uploads/0d832c77559a2070a766f899e7eg783.png
• Data Pre-Processing – What is it? – How do we use it? Background
• Data Pre-Processing Flow Background Raw data set "Had lunch with @urma and @jespinhara today #tgif #lunch" Data cleaning "Had lunch with @urma and @jespinhara today" Data integration "Had lunch with @urma and @jespinhara today" Data normalization "Had lunch with @urma and @jespinhara today (2013-06-05)"
• Natural Language Processing – NLP – What is it? – How do we use it? – Text analysis Background
HOWSTUFFWORKS
Identifying the subject to profile Collecting social network data Analyzing and building the profile Our Approach
• The Unknown Subject (Unsub) Our Approach Joaquim Espinhara @jespinhara (Twitter) joaquim.espinhara (Facebook) uid=12345 (LinkedIn)
• Data Collection – Social Network IDs – Official APIs – Web Scraping – OAuth Our Approach
• Data Collection - Twitter Our Approach Application ID (µphisher) User ID (@jespinhara) Twitter @urma @effffn @SpiderLabs
µPHISHER
• Reference implementation • Goals – Validate potential unsub content – Assisted textual content input µphisher
• Web Application • Twitter only (for now) • Open Source (GPLv3) µphisher
µphisher Ruby on Rails MongoDB + Mongoid DelayedJob OAuth treat (Stanford NLP Core) µphisher
µphisher Authentication Unsub Registration Data Source Registration Data Collection Work Set Definition Work Set Analysis Unsub Profile
DEMO (FINGERS CROSSED)
LIMITATIONS
• Support for additional data sources • Machine learning • More metrics and feedback for assisted input • Filtering presets • Adequate handling of quoted content Future Work
CONCLUSION
THANK YOU! @urma@jespinhara

More Related Content

PPTX
International Data Privacy Day 2017
byCherlowe Reinard Ramirez, MCTS
 
PPTX
Better Do What They Told Ya
byurma
 
PPTX
SmartTV Security
byUlisses Albuquerque
 
PPTX
PCI DSS e Metodologias Ágeis
byUlisses Albuquerque
 
PDF
Put It into Practice: Implement Every Child Ready to Read @ Your Library
byCen Campbell
 
PDF
Media mashup toolkitpdf
byCarmella Doty
 
PPT
April26 homefront
byCarmella Doty
 
PPT
Health Care Law: Next Steps for Restaurateurs
byOhio Restaurant Association
 
International Data Privacy Day 2017
byCherlowe Reinard Ramirez, MCTS
 
Better Do What They Told Ya
byurma
 
SmartTV Security
byUlisses Albuquerque
 
PCI DSS e Metodologias Ágeis
byUlisses Albuquerque
 
Put It into Practice: Implement Every Child Ready to Read @ Your Library
byCen Campbell
 
Media mashup toolkitpdf
byCarmella Doty
 
April26 homefront
byCarmella Doty
 
Health Care Law: Next Steps for Restaurateurs
byOhio Restaurant Association
 

Recently uploaded

PPTX
congo red stain nd PAS STAIN histopathology
bybushrariaz1240
 
PDF
UiPath Coded Agents - A Developer Driven Agentic Automation Era
byUiPathCommunity
 
PDF
Implementing A Data Lakehouse Using Iceberg & Spark
byAnass Nabil
 
PDF
6 Insights from the Patron Saint of AI Failure
byScott M. Graffius
 
PPTX
Fortify Your Digital Defenses with ServiceNow Security Operations by Suma Soft
byGavin Ellis
 
PDF
TrustArc Webinar - Unpacking India’s DPDP Act: What You Should Know
byTrustArc
 
PPTX
Becoming Frontier for Dynamics 365 Finance PPT
byjonbravetti
 
PPTX
A CIO’s Guide to Salesforce AI Architecture, Governance, and Implementation R...
byKerry Millar
 
PDF
Zniber Partners. Audience Foresight for Confident Decisions
bySamuel Zniber
 
PDF
5G Explained! A High Level Overview [Introduction]
byLuciano Motta
 
PPTX
Webinar: EVerest for Production: Accelerating EV Charger Development w/ Indus...
byDanBrown980551
 
PDF
Salesforce Sales Cloud and Generative AI Present a Fresh Approach to Personal...
byMinuscule Technologies
 
PDF
Laravel Up Running, 3rd Edition A Framework for Building Modern PHP Apps (Mat...
byNEXACORE
 
PDF
TopMate ES11 3-Wheel Electric Scooter: Comfort, Stability, and Independence f...
byTopmate
 
PPTX
AI Meets DBA Transforming Database Administration with Intelligence
byGeoPITS Global Pvt Ltd
 
PPTX
Spacewalk 2026 - Presented at the IMAX in Raleigh, NC
byAll Things Open
 
PDF
Building Voice Agents with Google Agent Development Kit
bySuresh Peiris
 
PDF
Intro to CrafterQ - AI Agent Platform for the Enterprise.pdf
byCrafterQ
 
PDF
Top 10 Dedicated Server Providers in Stockholm (Updated Edition).pdf
byAtal Networks
 
PDF
Just Eat Data Scraping For Restaurant Reviews And Pricing.pdf
byfusiondata2026
 
congo red stain nd PAS STAIN histopathology
bybushrariaz1240
 
UiPath Coded Agents - A Developer Driven Agentic Automation Era
byUiPathCommunity
 
Implementing A Data Lakehouse Using Iceberg & Spark
byAnass Nabil
 
6 Insights from the Patron Saint of AI Failure
byScott M. Graffius
 
Fortify Your Digital Defenses with ServiceNow Security Operations by Suma Soft
byGavin Ellis
 
TrustArc Webinar - Unpacking India’s DPDP Act: What You Should Know
byTrustArc
 
Becoming Frontier for Dynamics 365 Finance PPT
byjonbravetti
 
A CIO’s Guide to Salesforce AI Architecture, Governance, and Implementation R...
byKerry Millar
 
Zniber Partners. Audience Foresight for Confident Decisions
bySamuel Zniber
 
5G Explained! A High Level Overview [Introduction]
byLuciano Motta
 
Webinar: EVerest for Production: Accelerating EV Charger Development w/ Indus...
byDanBrown980551
 
Salesforce Sales Cloud and Generative AI Present a Fresh Approach to Personal...
byMinuscule Technologies
 
Laravel Up Running, 3rd Edition A Framework for Building Modern PHP Apps (Mat...
byNEXACORE
 
TopMate ES11 3-Wheel Electric Scooter: Comfort, Stability, and Independence f...
byTopmate
 
AI Meets DBA Transforming Database Administration with Intelligence
byGeoPITS Global Pvt Ltd
 
Spacewalk 2026 - Presented at the IMAX in Raleigh, NC
byAll Things Open
 
Building Voice Agents with Google Agent Development Kit
bySuresh Peiris
 
Intro to CrafterQ - AI Agent Platform for the Enterprise.pdf
byCrafterQ
 
Top 10 Dedicated Server Providers in Stockholm (Updated Edition).pdf
byAtal Networks
 
Just Eat Data Scraping For Restaurant Reviews And Pricing.pdf
byfusiondata2026
 

Featured

PDF
2024 Trend Updates: What Really Works In SEO & Content Marketing
bySearch Engine Journal
 
PDF
Storytelling For The Web: Integrate Storytelling in your Design Process
byChiara Aliotta
 
PDF
Artificial Intelligence, Data and Competition – SCHREPEL – June 2024 OECD dis...
byOECD Directorate for Financial and Enterprise Affairs
 
PDF
How to Leverage AI to Boost Employee Wellness - Lydia Di Francesco - SocialHR...
bySocialHRCamp
 
PDF
2024 State of Marketing Report – by Hubspot
byMarius Sescu
 
PDF
Everything You Need To Know About ChatGPT
byExpeed Software
 
PDF
Product Design Trends in 2024 | Teenage Engineerings
byPixeldarts
 
PDF
How Race, Age and Gender Shape Attitudes Towards Mental Health
byThinkNow
 
PDF
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
bymarketingartwork
 
PDF
Skeleton Culture Code
bySkeleton Technologies
 
PDF
PEPSICO Presentation to CAGNY Conference Feb 2024
byNeil Kimberley
 
PDF
Content Methodology: A Best Practices Report (Webinar)
bycontently
 
PPTX
How to Prepare For a Successful Job Search for 2024
byAlbert Qian
 
PDF
Social Media Marketing Trends 2024 // The Global Indie Insights
byKurio // The Social Media Age(ncy)
 
PDF
Trends In Paid Search: Navigating The Digital Landscape In 2024
bySearch Engine Journal
 
PDF
5 Public speaking tips from TED - Visualized summary
bySpeakerHub
 
PDF
ChatGPT and the Future of Work - Clark Boyd
byClark Boyd
 
PDF
Getting into the tech field. what next
byTessa Mero
 
PDF
Google's Just Not That Into You: Understanding Core Updates & Search Intent
byLily Ray
 
PDF
How to have difficult conversations
byRajiv Jayarajah, MAppComm, ACC
 
2024 Trend Updates: What Really Works In SEO & Content Marketing
bySearch Engine Journal
 
Storytelling For The Web: Integrate Storytelling in your Design Process
byChiara Aliotta
 
Artificial Intelligence, Data and Competition – SCHREPEL – June 2024 OECD dis...
byOECD Directorate for Financial and Enterprise Affairs
 
How to Leverage AI to Boost Employee Wellness - Lydia Di Francesco - SocialHR...
bySocialHRCamp
 
2024 State of Marketing Report – by Hubspot
byMarius Sescu
 
Everything You Need To Know About ChatGPT
byExpeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
byPixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
byThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
bymarketingartwork
 
Skeleton Culture Code
bySkeleton Technologies
 
PEPSICO Presentation to CAGNY Conference Feb 2024
byNeil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
bycontently
 
How to Prepare For a Successful Job Search for 2024
byAlbert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
byKurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
bySearch Engine Journal
 
5 Public speaking tips from TED - Visualized summary
bySpeakerHub
 
ChatGPT and the Future of Work - Clark Boyd
byClark Boyd
 
Getting into the tech field. what next
byTessa Mero
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
byLily Ray
 
How to have difficult conversations
byRajiv Jayarajah, MAppComm, ACC
 

Using Online Activity as Digital Fingerprints to Create a Better Spear Phisher

Editor's Notes

  • #4 Inicio – 00:00
  • #5 Tempo: 02:00Tempo Max: 05:00What does doWhat does not doO quepodemosconseguirO quenaoconseguimosUse this like hook to motivation
  • #6 Tempo: 05:00Tempo Max: 07:00
  • #7 Tempo: 20:00Tempo Max: 25:00
  • #8 Tempo: 07:00Tempo Max: 17:00
  • #9 Tempo: 07:00Tempo Max: 10:00
  • #10 Some networks are more specialized and give the user little control over the content produced (e.g., Foursquare, Untappd, TripIt)This can be particularly hard when content is published across linked social network accounts (i.e., Foursquare publishing check-ins in Twitter)Tempo: 11:00Tempo Max: 15:00
  • #11 Tempo: 15:00Tempo Max: 20:00
  • #12 Tempo: 20:00Tempo Max: 25:00
  • #13 Tempo: 25:00Tempo Max: 30:00Non convencional data mining concept.Algo proximo a social data mining. Uma forma de selecionar criterios relevantes para criacao do perfi.Data cleaning consists in removing records which are not relevant to a given analysis (e.g., removing all retweets, removing all Facebook status updates posted from a mobile device);Data integration consists in correlating identities between different data sources, allowing the μphiser user to perform analysis on records from multiple sources (e.g., user @jespinhara in Twitter is user 'jespinhara' in Instagram);Data normalization consists in applying transformations to data attributes in order to make records consistent regarding comparison and correlation (e.g., all date and time attributes will be represented using ISO-8601).
  • #14 Association rule learning, which consists of identifying relationships between variables (e.g., @jespinhara is commonly referenced alongside @urma when "lunch" is present on the status update);Clustering, which consists of discovering groups and structures between records which do not share a known common attribute (e.g., all status updates which mention meals during the day)Anomaly detection, which consists of identifying unusual data records which require further investigation and should most likely be excluded from analysis (e.g., "Hacked by @effffn!!!!111!")Tempo Max: 50:00
  • #15 Tempo: 50:00Tempo Max: 55:00
  • #17 Tempo: 55:00Tempo Max: 60:00
  • #18 Tempo: 70:00Tempo Max: 75:00
  • #19 Tempo: 70:00Tempo Max: 75:00
  • #20 Tempo: 70:00Tempo Max: 75:00
  • #22 Validating textual input against the profile in order to verify the probability of some text being written by an unsub (e.g., checking whether a given tweet was indeed authored by a profiled individual);Assisting the user in writing content which is similar to what the unsub would write regarding word frequency, sentence length, amount of sentences and phrases, amongst other criteriaTempo: 90:00Tempo Max: 95:00
  • #23 Validating textual input against the profile in order to verify the probability of some text being written by an unsub (e.g., checking whether a given tweet was indeed authored by a profiled individual);Assisting the user in writing content which is similar to what the unsub would write regarding word frequency, sentence length, amount of sentences and phrases, amongst other criteriaTempo: 90:00Tempo Max: 95:00
  • #24 Tempo: 105:00Tempo Max: 110:00
  • #25 Tempo: 110:00Tempo Max: 115:00Practicallimitations – Twitterlimitstweetfetchtoaround 3200 tweetsAllofficialAPIs are rate-limited, handlingthosethroughasynchronous threads whileprovidingmeaninful feedback to µphisherusercanbe hardSome metricsrequire NLP processing, whichfails HARD onpartialsentences/abbreviations
  • #26 Tempo: 120:00Tempo Max: 140:00
  • #28 Tempo: 140:00Tempo Max: 145:00Machinelearning => partialcontentprocessing => context-awareautocompletesuggestions
  • #29 Tempo: 145:00Tempo Max: 150:00Noise is badLinked social networks are badHandling quoted content is hard