Bo0oM - Deanonymization and total espionage (ZeroNights, 2014)

•Download as PPTX, PDF•

18 likes•18,493 views

This talk is dedicated to de-anonymizing active Internet users. We will give a hands-on demonstration of various Internet resources tracking and/or storing user data, and explain how this data can be used to find out the identity on the other side of the screen for your own (either good or evil) purposes. Доклад посвящен деанонимизации активных пользователей интернета. На практике будет показано, как различные интернет-ресурсы следят или содержат информацию о пользователях и как ее можно использовать, чтобы вычислить, кто находится по ту сторону монитора для собственных (как плохих, так и хороших) нужд.

Technology

Deanonymization and total espionage
Dmitry «Bo0oM» Boomov

Tits and
kittens.
Hopefully, now
you like my
report.

Getting information from phone. Whatsapp

Getting information from phone
http://numbuster.com/

Online users
https://letters.yandex.ru/promo

Clickjacking
Demo: bo0om.ru/zn2014/vk/2/

Clickjacking
Demo: bo0om.ru/zn2014/vk/3/

Click, click…
<a href='tel://1234567890'>Click me</a>

Social detector
Demo: bo0om.ru/zn2014/sd/

Tinfoleak
http://vicenteaguileradiaz.com/tools/

GEO
https://maps.google.com/locationhistory/

Cookie Matching
Specifically, when creating a new cookie, it uses the following storage mechanisms when available:
- Standard HTTP Cookies
- Local Shared Objects (Flash Cookies)
- Silverlight Isolated Storage
- Storing cookies in RGB values of auto-generated, force-
cached PNGs using HTML5 Canvas tag to read pixels (cookies)
back out
- Storing cookies in Web History
- Storing cookies in HTTP ETags
- Storing cookies in Web cache
- window.name caching
- Internet Explorer userData storage
- HTML5 Session Storage
- HTML5 Local Storage
- HTML5 Global Storage
- HTML5 Database Storage via SQLite
- HTML5 IndexedDB
- Java JNLP PersistenceService
- Java CVE-2013-0422 exploit (applet sandbox escaping)
http://samy.pl/evercookie/

Js: on
flash: on
Js: on
flash: on
Js: on
flash: on
Js: on
flash: on
Js: on
flash: on
Js: on
flash: on
Js: off
flash: off

There are regular and smart firewalls. The regular ones are quite clear, it was a good report on the latest Black Hat. However, we need a completely different approach to come round advanced protection. Есть фаерволы на регулярных выражениях, а есть умные. Если с первыми все понятно — был отличный доклад на последнем Black Hat, то чтобы обойти современную защиту, нужно иметь совершенно другой подход!

СМС – «золотой» стандарт двухфакторной аутентификации. Актуальные проблемы

Payment Village

Разведка боем

Дмитрий Бумов

Secretary Johnson called the attack on Sony Pictures Entertainment “an attack on our freedom of expression and way of life.” In this MMW session, we dissect Destover malware, responsible for more than 100 terabytes of stolen data from Sony Pictures Entertainment. Added bonus: MMW Watch List of 2014 We will summarize the “most wanted” of the year 2014, including Backoff, the POS malware, and Zberp, the financial Trojan.

Hot potato Privilege Escalation

Attack on Sony

Merged (1)

2000day in Safari

Partyhack 3.0 - Telegram bugbounty writeup

Дмитрий Бумов

ZeroNights 2018 | I <"3 XSS

Дмитрий Бумов

ZeroNights 2018 | Race Condition Tool

Дмитрий Бумов

Offzone | Another waf bypass

Дмитрий Бумов

Defcon Russia 2017 - Bo0oM vs Шурыгина

Дмитрий Бумов

DC7499 - Param-pam-pam

Дмитрий Бумов

KazHackStan - "><script>alert()</script>

Дмитрий Бумов

VolgaCTF 2018 - Neatly bypassing CSP

Дмитрий Бумов

Отравление кэша веб-приложений

Дмитрий Бумов

XSS. Обходы фильтров и защит.

Дмитрий Бумов

RIW 2017 | Все плохо

Дмитрий Бумов

Как создавался интернет и почему он похож на один большой костыль? Как развитие интернета способствовало развитию уязвимостей и как это в спешке пытаются (но это не точно) все исправить. Почему попытки классификации уязвимостей выглядят смешно? Почему практически все, что нас окружает - плохо и как с этим жить дальше?

Skolkovo школа | Капельку о MITM

Дмитрий Бумов

PHDAYS 2017 | Зато удобно! Утечки из-за ботов в telegram

Дмитрий Бумов

Armsec 2017 | 2 bugs 1 safari

Дмитрий Бумов

KazHackStan 2017 | Tracking

Дмитрий Бумов

Viewers also liked

Zeronights 2013 - воруем домены

Дмитрий Бумов

VolgaCTF | Bo0oM - DNS and attacks

Дмитрий Бумов

Sony Attack by Destover Malware. Part of Cyphort Malware Most Wanted Series.

Cyphort

Hot potato Privilege Escalation

Sunny Neo

Attack on Sony

Nick Bilogorskiy

Merged (1)

valentina2018

Viewers also liked (6)

Zeronights 2013 - воруем домены

VolgaCTF | Bo0oM - DNS and attacks

Sony Attack by Destover Malware. Part of Cyphort Malware Most Wanted Series.

Hot potato Privilege Escalation

Attack on Sony

Merged (1)

More from Дмитрий Бумов

2000day in Safari

Дмитрий Бумов

Partyhack 3.0 - Telegram bugbounty writeup

Дмитрий Бумов

ZeroNights 2018 | I <"3 XSS

Дмитрий Бумов

ZeroNights 2018 | Race Condition Tool

Дмитрий Бумов

Offzone | Another waf bypass

Дмитрий Бумов

Defcon Russia 2017 - Bo0oM vs Шурыгина

Дмитрий Бумов

DC7499 - Param-pam-pam

Дмитрий Бумов

KazHackStan - "><script>alert()</script>

Дмитрий Бумов

VolgaCTF 2018 - Neatly bypassing CSP

Дмитрий Бумов

Отравление кэша веб-приложений

Дмитрий Бумов

XSS. Обходы фильтров и защит.

Дмитрий Бумов

RIW 2017 | Все плохо

Дмитрий Бумов

Skolkovo школа | Капельку о MITM

Дмитрий Бумов

PHDAYS 2017 | Зато удобно! Утечки из-за ботов в telegram

Дмитрий Бумов

Armsec 2017 | 2 bugs 1 safari

Дмитрий Бумов

KazHackStan 2017 | Tracking

Дмитрий Бумов

пресс конференция 15.06.2016. безопасность платежных систем и банков

Дмитрий Бумов

В мире, где предоставление услуг коммерческими организациями и государственными ведомствами реализуется через сеть Интернет, обеспечение доступности, защита от взломов и подмены контента на веб-ресурсе становится важной задачей, за невыполнение которой могут “полететь головы с плеч” специалистов служб информационной безопасности. Несмотря на усилия ИБэшников и разработчиков средств веб-защиты, в гонке «ИТ-вооружения» обороняющаяся сторона традиционно занимает догоняющую позицию, количество атак год от года растет, меняются вектора и подходы к их организации.

Fuzz.txt

Дмитрий Бумов

Не nmap'ом единым

Дмитрий Бумов

Bo0oM - Ты такой смешной XD #securitymeetup

Дмитрий Бумов

More from Дмитрий Бумов (20)

2000day in Safari

Partyhack 3.0 - Telegram bugbounty writeup

ZeroNights 2018 | I <"3 XSS

ZeroNights 2018 | Race Condition Tool

Offzone | Another waf bypass

Defcon Russia 2017 - Bo0oM vs Шурыгина

DC7499 - Param-pam-pam

KazHackStan - "><script>alert()</script>

VolgaCTF 2018 - Neatly bypassing CSP

Отравление кэша веб-приложений

XSS. Обходы фильтров и защит.

RIW 2017 | Все плохо

Skolkovo школа | Капельку о MITM

PHDAYS 2017 | Зато удобно! Утечки из-за ботов в telegram

Armsec 2017 | 2 bugs 1 safari

KazHackStan 2017 | Tracking

пресс конференция 15.06.2016. безопасность платежных систем и банков

Fuzz.txt

Не nmap'ом единым

Bo0oM - Ты такой смешной XD #securitymeetup

Recently uploaded

GridMate - End to end testing is a critical piece to ensure quality and avoid...

ThomasParaiso2

Transcript: Selling digital books in 2024: Insights from industry leaders - T...

BookNet Canada

The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more. Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/ Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.

By Design, not by Accident - Agile Venture Bolzano 2024

Pierluigi Pugliese

Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...

James Anderson

Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management. The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM). Speakers: Bob Boule Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle. Gopinath Rebala Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.

Removing Uninteresting Bytes in Software Fuzzing

Aftab Hussain

Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process. In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds. - These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.

Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf

Paige Cruz

Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack. While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack. I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:

State of ICS and IoT Cyber Threat Landscape Report 2024 preview

Prayukth K V

The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development. The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers: State of global ICS asset and network exposure Sectoral targets and attacks as well as the cost of ransom Global APT activity, AI usage, actor and tactic profiles, and implications Rise in volumes of AI-powered cyberattacks Major cyber events in 2024 Malware and malicious payload trends Cyberattack types and targets Vulnerability exploit attempts on CVEs Attacks on counties – USA Expansion of bot farms – how, where, and why In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East Why are attacks on smart factories rising? Cyber risk predictions Axis of attacks – Europe Systemic attacks in the Middle East Download the full report from here: https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/

Elizabeth Buie - Older adults: Are we really designing for our future selves?

Nexer Digital

SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf

Peter Spielvogel

Building better applications for business users with SAP Fiori. • What is SAP Fiori and why it matters to you • How a better user experience drives measurable business benefits • How to get started with SAP Fiori today • How SAP Fiori elements accelerates application development • How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities • How SAP Fiori paves the way for using AI in SAP apps

Communications Mining Series - Zero to Hero - Session 1

DianaGray10

This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered: • Communication Mining Overview • Why is it important? • How can it help today’s business and the benefits • Phases in Communication Mining • Demo on Platform overview • Q/A

GraphRAG is All You need? LLM & Knowledge Graph

Guy Korland

Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs. 1. Unifying Large Language Models and Knowledge Graphs: A Roadmap. https://arxiv.org/abs/2306.08302 2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs: https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/

FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf

FIDO Alliance

Securing your Kubernetes cluster_ a step-by-step guide to success !

KatiaHIMEUR1

Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster. However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks. In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.

GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024

Neo4j

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf

FIDO Alliance

UiPath Test Automation using UiPath Test Suite series, part 5

DianaGray10

FIDO Alliance Osaka Seminar: Overview.pdf

FIDO Alliance

FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf

FIDO Alliance

Generative AI Deep Dive: Advancing from Proof of Concept to Production

Aggregage

Free Complete Python - A step towards Data Science

RinaMondal9

Recently uploaded (20)

GridMate - End to end testing is a critical piece to ensure quality and avoid...

Transcript: Selling digital books in 2024: Insights from industry leaders - T...

By Design, not by Accident - Agile Venture Bolzano 2024

Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...

Removing Uninteresting Bytes in Software Fuzzing

Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf

State of ICS and IoT Cyber Threat Landscape Report 2024 preview

Elizabeth Buie - Older adults: Are we really designing for our future selves?

SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf

Communications Mining Series - Zero to Hero - Session 1

GraphRAG is All You need? LLM & Knowledge Graph

FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf

Securing your Kubernetes cluster_ a step-by-step guide to success !

GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf

UiPath Test Automation using UiPath Test Suite series, part 5

FIDO Alliance Osaka Seminar: Overview.pdf

FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf

Generative AI Deep Dive: Advancing from Proof of Concept to Production

Free Complete Python - A step towards Data Science

Bo0oM - Deanonymization and total espionage (ZeroNights, 2014)

1. Deanonymization and total espionage Dmitry «Bo0oM» Boomov

2. Tits and kittens. Hopefully, now you like my report.

3. Deanonymization Passive Active

4. Password retrieval

5. Password retrieval

6. Getting information from email

7. Getting information from email

8. Getting information from email

9. Getting information from phone. Viber

10. Getting information from phone. Whatsapp

11. Getting information from phone. Banks

12. Getting information from phone. Banks

13. Getting information from phone

14. Getting information from phone http://numbuster.com/

15. Find friends

16. ← Anonist

17. Apps https://developers.facebook.com/

18. Apps https://vk.com/editapp?act=create

19. Apps Demo: bo0om.ru/zn2014/vk/1/

20. Online users https://letters.yandex.ru/promo

21. Clickjacking

22. Clickjacking Demo: bo0om.ru/zn2014/vk/2/

23. Clickjacking Demo: bo0om.ru/zn2014/vk/3/

24. CSRF + XSS + BUGS = PROFIT

25. Click, click…

26. Click, click… <a href='tel://1234567890'>Click me</a>

27. Callback

28. Callback Thx @black2fan ;)

29. Social detector Demo: bo0om.ru/zn2014/sd/

30. Вate of birth

31. Nicknames

32. Nicknames

33. Friends and relatives

34. Friends and relatives

35. Friends and relatives

36. Tinfoleak http://vicenteaguileradiaz.com/tools/

37. Exif

38. Analytics

39. Analytics

40.

41. Banners

42. Social buttons

43. BIG DATA http://bo0om.ru/zn2014/wtf/

44. GEO https://maps.google.com/locationhistory/

45. Cookie Matching Specifically, when creating a new cookie, it uses the following storage mechanisms when available: - Standard HTTP Cookies - Local Shared Objects (Flash Cookies) - Silverlight Isolated Storage - Storing cookies in RGB values of auto-generated, force- cached PNGs using HTML5 Canvas tag to read pixels (cookies) back out - Storing cookies in Web History - Storing cookies in HTTP ETags - Storing cookies in Web cache - window.name caching - Internet Explorer userData storage - HTML5 Session Storage - HTML5 Local Storage - HTML5 Global Storage - HTML5 Database Storage via SQLite - HTML5 IndexedDB - Java JNLP PersistenceService - Java CVE-2013-0422 exploit (applet sandbox escaping) http://samy.pl/evercookie/

46. Js: on flash: on Js: on flash: on Js: on flash: on Js: on flash: on Js: on flash: on Js: on flash: on Js: off flash: off

47. Providers http://imarker.ru/

48. Evil

49.

50. Twi: @i_bo0om