SlideShare a Scribd company logo
CLICK AND DRAGGER
Denial and Deception on Android 	

- the grugq [ @thegrugq ]
AGENDA
• OPSEC Refresher	

• Phones Suck	

• Threat Model	

• Some Solutions	

• Conclusion
ABOUT ME
OPERATIONAL SECURITY
The ShortVersion
Click and Dragger: Denial and Deception on Android mobile
–Quellcrist Falconer
“If you want to lose a fight, talk about it first”
DENIAL & DECEPTION
DENIAL
Prevent the adversary from gaining useful information
DECEPTION
Feed the adversary false information
• Cover	

• Cover for action	

• Cover for status	

• Concealment	

• Compartmentation
–James Clapper, Director of National Intelligence
“People must communicate.They will make mistakes
and we will exploit them.”
PHONES SUCK
–Allen Dulles, 	

Former Director of Central Intelligence
“The greatest material curse to the profession, despite
all its advantages, is undoubtedly the telephone.”
NO MOBILE ANONYMITY
MOBILE IDENTIFIERS
LOCATION
• Specific location, e.g. home, work, etc.	

• Mobility pattern, from home, via commute, to
work	

• Mirroring, two (or more) devices traveling
together
NETWORK
• Numbers dialed, (who you call)	

• Calls received, (who calls you)	

• Calling pattern, (number dialed, for how long,
when, how frequently)
PHYSICAL
• IMEI, mobile device ID (the serial number)	

• IMSI, mobile subscriber ID (the phone number)
CONTENT
• Identifiers, e.g. names, locations	

• Voice fingerprinting	

• Keywords
SMARTPHONES
• Ad network analytics	

• GPS	

• Apps scrape and upload content	

• Mothership pings	

• Android ID	

• MAC address
SMARTPHONES CONT.
• IP address	

• WiFi beacons	

• Cameras	

• Gait analysis (via sensors)
THREAT MODEL
LOCAL SECURITY FORCES
• Reporters are searched and interrogated	

• AJ reporters arrested for “spy equipment”	

• Mobile 3G access point	

• Militia members thought it looked
“suspicious”
NOT NSA
USERS
SECURITY IS HARD WORK
SECURITYTAKES DISCIPLINE
USERS ARE LAZY
so are we
EASYTO USE
SECURE BY DEFAULT
REASONABLY SECURE
BURNER PHONES
WHAT ARETHEY GOOD FOR?
• Threat actors without nation state level capabilities	

• Your mom	

• Building a non-operational legend	

• Flesh out a persona that doesn’t need
protection
DEFINITELY NOT NSA
BURNER GUIDELINES
• Dumber the better	

• Learn to disable completely (battery + SIM out)	

• Disable around locations linked to you (home!)	

• Never put in real information	

• Feel free to load with fake data
https://b3rn3d.herokuapp.com/blog/2014/01/22/burner-phone-best-practices/
BURNER GUIDELINES, CONT.
• Call non-operational numbers to chaff the analysis	

• Keep it short	

• Keep it simple	

• Get rid of it as soon as possible
BURNER GUIDE CONT.
• Purchase using cash from smaller stores	

• Time delay before activation (months)	

• Dispose of with extreme prejudice
CLANDESTINE CALLS
Click and Dragger: Denial and Deception on Android mobile
–Allen Dulles
“Never dial [the] number before having thought about
your conversation. Do not improvise even the dummy
part of it. But do not be too elaborate.The great
rule…is to be natural.”
• Keep it short, simple and natural	

• Prefer signalling over operational data	

• signalling > open codes > plain talk	

• Enter your conversation with a plan
–Allen Dulles, Former Director of Central Intelligence
“Even if you do not use [the phone] carelessly
yourself, the other fellow, very often will, so in any
case, warn him.”
FORTRESS PHONE
NSA GUIDELINES
• Two forms of encryption	

• Belts and braces	

• Data at rest	

• FDE + app encryption	

• Data in motion	

• VPN + app encryption
YOU CANNOT HAVE A
SECURE ANDROID PHONE
BECAUSE IT IS A PHONE
BECAUSE IT IS ANDROID
LEO’S LOVE ANDROID
YOU CAN'T BOLT ON SECURITY
Android cannot be secured by adding apps
BUT WHAT IF I…
No. Seriously, just no.
• Blackphone	

• For people with money	

• Samsung KNOX	

• For people who don’t want a secure phone
• GuardianROM	

• For people who like to reboot	

• CryptogenMod*	

• For DIY hackers
* name subject to change
IS IT NSA-PROOF?
Click and Dragger: Denial and Deception on Android mobile
Click and Dragger: Denial and Deception on Android mobile
CRYPTOGENMOD
Hardened Android ROM
FEATURES
• Lots of crypto	

• Robust against physical access	

• Resilient against network attacks	

• Impact containment
• Derived from CyanogenMod 11	

• Stripped down (no browser, no analytics)	

• Advanced privacy patches	

• OpenPDroid + PDroid Manager	

• Secure application replacements
• Kernel hardening tweaks	

• A lot more work to be done here	

• Hardened userland	

• A lot more work to be done here
PROTECTION
• Local physical access	

• Remote hacking	

• Baseband hacking	

• Network monitoring	

• GSM monitoring
PHYSICAL
• Forensic analysis	

• Encryption	

• Security Ratchet
REMOTE
• Reduce attack surface dramatically	

• No browser, services, or email	

• No app store
BASEBAND
• Nothing I can do	

• Except PORTAL	

• But it’s not the end of the world	

• BB exploits are finicky	

• BB design is everything (segmentation FTW)
NETWORK MONITORING
• VPN direct to a secure backend	

• Limited information is exposed	

• Provides dual layer encryption
OPSEC STILL CRITICAL
Secure phones can’t cure stupid.
DARKMATTER
This App Kills Forensic Analysis
SECURE APP CONTAINERS +
SECURE OPERATIONAL ENV
CRYPTED APP CONTAINERS
MOBILETRUECRYPT
• Runs apps withinTrueCrypt containers	

• Automagically kills sensitive apps, then	

• mount -o bind … /data/data/$app
MOBILETRUECRYPT
• tc-play https://github.com/bwalex/tc-play	

• Uses theTrueCrypt volume format	

• Supports outer and hidden volumes	

• Backend is dm-crypt not FUSE
MOBILETRUECRYPT
• Why not use native /data encryption?	

• AES-256-XTS > AES-128-CBC	

• Use both
WIN STATES
CLOSED CRYPTED
CONTAINERS
SHUTDOWN/REBOOT
COUNTS
HOW DO WE GETTHERE?
EVENT BASED HARDENING
CHANGE SECURITY POSTURE
BASED ON OBSERVATIONS OFTHE
OPERATIONAL ENVIRONMENT
• Observe the operational environment	

• Monitor for SecurityEvents
• Harden the security posture	

• Trigger SecurityActions
INDICATORS OF A NEGATIVE
OPERATIONAL ENVIRONMENT
• Failed login	

• Timer	

• Temperature drop	

• Radio silence	

• Debugger attach	

• Receive alert	

• SIM removed
HARDEN SECURITY POSTURE
• Kill sensitive applications	

• Unmount file systems	

• Wipe files	

• Wipe ram	

• Reboot phone
DURESS CODES
• Explicit duress codes don’t work	

• “of these two codes, only use this one when
you’re under extreme stress. ps don’t forget”	

• “if you use the wrong code, you are severely
punished”
Click and Dragger: Denial and Deception on Android mobile
CryptogenMod + 	

DarkMatter =
http://github.com/grugq/darkmatter
RAISE	

NSA	

PRICE 2 PWN*
* probably
THEY’LL ADAPT
Click and Dragger: Denial and Deception on Android mobile
THANKS!
QUESTIONS?
THANKYOU
@thegrugq	

the.grugq@gmail.com

More Related Content

What's hot

Threat Hunting with Splunk
Threat Hunting with SplunkThreat Hunting with Splunk
Threat Hunting with Splunk
Splunk
 
Landing on Jupyter: The transformative power of data-driven storytelling for ...
Landing on Jupyter: The transformative power of data-driven storytelling for ...Landing on Jupyter: The transformative power of data-driven storytelling for ...
Landing on Jupyter: The transformative power of data-driven storytelling for ...
MITRE ATT&CK
 
ATT&CK Updates- Campaigns
ATT&CK Updates- CampaignsATT&CK Updates- Campaigns
ATT&CK Updates- Campaigns
MITRE ATT&CK
 
Introduction to red team operations
Introduction to red team operationsIntroduction to red team operations
Introduction to red team operations
Sunny Neo
 
The ATT&CK Latin American APT Playbook
The ATT&CK Latin American APT PlaybookThe ATT&CK Latin American APT Playbook
The ATT&CK Latin American APT Playbook
MITRE ATT&CK
 
Pentest Application With GraphQL | Null Bangalore Meetup
Pentest Application With GraphQL | Null Bangalore Meetup Pentest Application With GraphQL | Null Bangalore Meetup
Pentest Application With GraphQL | Null Bangalore Meetup
Divyanshu
 
Building occasionally connected applications using event sourcing
Building occasionally connected applications using event sourcingBuilding occasionally connected applications using event sourcing
Building occasionally connected applications using event sourcing
Dennis Doomen
 
No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016
Matthew Dunwoody
 
INCIDENT RESPONSE OVERVIEW
INCIDENT RESPONSE OVERVIEWINCIDENT RESPONSE OVERVIEW
INCIDENT RESPONSE OVERVIEW
Sylvain Martinez
 
So you want to be a red teamer
So you want to be a red teamerSo you want to be a red teamer
So you want to be a red teamer
Jorge Orchilles
 
How to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrikeHow to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrike
CrowdStrike
 
Would you Rather Have Telemetry into 2 Attacks or 20? An Insight Into Highly ...
Would you Rather Have Telemetry into 2 Attacks or 20? An Insight Into Highly ...Would you Rather Have Telemetry into 2 Attacks or 20? An Insight Into Highly ...
Would you Rather Have Telemetry into 2 Attacks or 20? An Insight Into Highly ...
MITRE ATT&CK
 
Automating Threat Hunting on the Dark Web and other nitty-gritty things
Automating Threat Hunting on the Dark Web and other nitty-gritty thingsAutomating Threat Hunting on the Dark Web and other nitty-gritty things
Automating Threat Hunting on the Dark Web and other nitty-gritty things
Apurv Singh Gautam
 
Practical Malware Analysis: Ch 5: IDA Pro
Practical Malware Analysis: Ch 5: IDA ProPractical Malware Analysis: Ch 5: IDA Pro
Practical Malware Analysis: Ch 5: IDA Pro
Sam Bowne
 
Hacking Your Head : Managing Information Overload (extended)
Hacking Your Head : Managing Information Overload (extended)Hacking Your Head : Managing Information Overload (extended)
Hacking Your Head : Managing Information Overload (extended)
Jo Hanna Pearce
 
Measuring the IQ of your Threat Intelligence Feeds (#tiqtest)
Measuring the IQ of your Threat Intelligence Feeds (#tiqtest)Measuring the IQ of your Threat Intelligence Feeds (#tiqtest)
Measuring the IQ of your Threat Intelligence Feeds (#tiqtest)
Alex Pinto
 
Bug Bounty - Play For Money
Bug Bounty - Play For MoneyBug Bounty - Play For Money
Bug Bounty - Play For Money
Shubham Gupta
 
The top 10 windows logs event id's used v1.0
The top 10 windows logs event id's used v1.0The top 10 windows logs event id's used v1.0
The top 10 windows logs event id's used v1.0
Michael Gough
 
Penetration testing
Penetration testingPenetration testing
Penetration testing
Ammar WK
 
Threat Hunting with Data Science
Threat Hunting with Data ScienceThreat Hunting with Data Science
Threat Hunting with Data Science
Austin Taylor
 

What's hot (20)

Threat Hunting with Splunk
Threat Hunting with SplunkThreat Hunting with Splunk
Threat Hunting with Splunk
 
Landing on Jupyter: The transformative power of data-driven storytelling for ...
Landing on Jupyter: The transformative power of data-driven storytelling for ...Landing on Jupyter: The transformative power of data-driven storytelling for ...
Landing on Jupyter: The transformative power of data-driven storytelling for ...
 
ATT&CK Updates- Campaigns
ATT&CK Updates- CampaignsATT&CK Updates- Campaigns
ATT&CK Updates- Campaigns
 
Introduction to red team operations
Introduction to red team operationsIntroduction to red team operations
Introduction to red team operations
 
The ATT&CK Latin American APT Playbook
The ATT&CK Latin American APT PlaybookThe ATT&CK Latin American APT Playbook
The ATT&CK Latin American APT Playbook
 
Pentest Application With GraphQL | Null Bangalore Meetup
Pentest Application With GraphQL | Null Bangalore Meetup Pentest Application With GraphQL | Null Bangalore Meetup
Pentest Application With GraphQL | Null Bangalore Meetup
 
Building occasionally connected applications using event sourcing
Building occasionally connected applications using event sourcingBuilding occasionally connected applications using event sourcing
Building occasionally connected applications using event sourcing
 
No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016
 
INCIDENT RESPONSE OVERVIEW
INCIDENT RESPONSE OVERVIEWINCIDENT RESPONSE OVERVIEW
INCIDENT RESPONSE OVERVIEW
 
So you want to be a red teamer
So you want to be a red teamerSo you want to be a red teamer
So you want to be a red teamer
 
How to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrikeHow to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrike
 
Would you Rather Have Telemetry into 2 Attacks or 20? An Insight Into Highly ...
Would you Rather Have Telemetry into 2 Attacks or 20? An Insight Into Highly ...Would you Rather Have Telemetry into 2 Attacks or 20? An Insight Into Highly ...
Would you Rather Have Telemetry into 2 Attacks or 20? An Insight Into Highly ...
 
Automating Threat Hunting on the Dark Web and other nitty-gritty things
Automating Threat Hunting on the Dark Web and other nitty-gritty thingsAutomating Threat Hunting on the Dark Web and other nitty-gritty things
Automating Threat Hunting on the Dark Web and other nitty-gritty things
 
Practical Malware Analysis: Ch 5: IDA Pro
Practical Malware Analysis: Ch 5: IDA ProPractical Malware Analysis: Ch 5: IDA Pro
Practical Malware Analysis: Ch 5: IDA Pro
 
Hacking Your Head : Managing Information Overload (extended)
Hacking Your Head : Managing Information Overload (extended)Hacking Your Head : Managing Information Overload (extended)
Hacking Your Head : Managing Information Overload (extended)
 
Measuring the IQ of your Threat Intelligence Feeds (#tiqtest)
Measuring the IQ of your Threat Intelligence Feeds (#tiqtest)Measuring the IQ of your Threat Intelligence Feeds (#tiqtest)
Measuring the IQ of your Threat Intelligence Feeds (#tiqtest)
 
Bug Bounty - Play For Money
Bug Bounty - Play For MoneyBug Bounty - Play For Money
Bug Bounty - Play For Money
 
The top 10 windows logs event id's used v1.0
The top 10 windows logs event id's used v1.0The top 10 windows logs event id's used v1.0
The top 10 windows logs event id's used v1.0
 
Penetration testing
Penetration testingPenetration testing
Penetration testing
 
Threat Hunting with Data Science
Threat Hunting with Data ScienceThreat Hunting with Data Science
Threat Hunting with Data Science
 

Similar to Click and Dragger: Denial and Deception on Android mobile

A million little tracking devices - Don Bailey
A million little tracking devices - Don BaileyA million little tracking devices - Don Bailey
A million little tracking devices - Don Bailey
idsecconf
 
Bluejacking
BluejackingBluejacking
Bluejacking
Muhammad Adeel
 
Privacy and Security in the Internet of Things
Privacy and Security in the Internet of ThingsPrivacy and Security in the Internet of Things
Privacy and Security in the Internet of Things
Jeff Katz
 
Security Guardian LinkedIn
Security Guardian LinkedInSecurity Guardian LinkedIn
Security Guardian LinkedIn
Simon Cuthbert
 
Privacy and Security in the Internet of Things / Конфиденциальность и безопас...
Privacy and Security in the Internet of Things / Конфиденциальность и безопас...Privacy and Security in the Internet of Things / Конфиденциальность и безопас...
Privacy and Security in the Internet of Things / Конфиденциальность и безопас...
Positive Hack Days
 
Online Privacy and Security
Online Privacy and SecurityOnline Privacy and Security
Online Privacy and Security
Alex Hyer
 
Defcon Crypto Village - OPSEC Concerns in Using Crypto
Defcon Crypto Village - OPSEC Concerns in Using CryptoDefcon Crypto Village - OPSEC Concerns in Using Crypto
Defcon Crypto Village - OPSEC Concerns in Using Crypto
John Bambenek
 
Internet security
Internet securityInternet security
Internet security
Antony Mathew
 
Anti Whaling Hardening Up Your Net Presence
Anti   Whaling   Hardening Up Your Net PresenceAnti   Whaling   Hardening Up Your Net Presence
Anti Whaling Hardening Up Your Net Presence
Engineers Australia
 
Anti Whaling Hardening Up Your Net Presence
Anti   Whaling   Hardening Up Your Net PresenceAnti   Whaling   Hardening Up Your Net Presence
Anti Whaling Hardening Up Your Net Presence
gueste0b5fe
 
Introducing Security Guardian from ExactTrak
Introducing Security Guardian from ExactTrakIntroducing Security Guardian from ExactTrak
Introducing Security Guardian from ExactTrak
Simon Cuthbert
 
Security challenges for IoT
Security challenges for IoTSecurity challenges for IoT
Security challenges for IoT
WSO2
 
Home Automation Benchmarking Report
Home Automation Benchmarking ReportHome Automation Benchmarking Report
Home Automation Benchmarking Report
Synack
 
Mobile Cloning Technology
Mobile Cloning TechnologyMobile Cloning Technology
Mobile Cloning Technology
maham4569
 
Network Forensics- Social Media Forensics
Network Forensics- Social Media ForensicsNetwork Forensics- Social Media Forensics
Network Forensics- Social Media Forensics
Don Caeiro
 
Smartphone security
Smartphone securitySmartphone security
Smartphone security
Mike Brannon
 
2012 12-04 --ncc_group_-_mobile_threat_war_room
2012 12-04 --ncc_group_-_mobile_threat_war_room2012 12-04 --ncc_group_-_mobile_threat_war_room
2012 12-04 --ncc_group_-_mobile_threat_war_room
NCC Group
 
RPS/APS vulnerability in snom/yealink and others - slides
RPS/APS vulnerability in snom/yealink and others - slidesRPS/APS vulnerability in snom/yealink and others - slides
RPS/APS vulnerability in snom/yealink and others - slides
Cal Leeming
 
EEAS - Cultivate your data protection
EEAS - Cultivate your data protectionEEAS - Cultivate your data protection
EEAS - Cultivate your data protection
Tommy Vandepitte
 
Big Data Approaches to Cloud Security
Big Data Approaches to Cloud SecurityBig Data Approaches to Cloud Security
Big Data Approaches to Cloud Security
Paul Morse
 

Similar to Click and Dragger: Denial and Deception on Android mobile (20)

A million little tracking devices - Don Bailey
A million little tracking devices - Don BaileyA million little tracking devices - Don Bailey
A million little tracking devices - Don Bailey
 
Bluejacking
BluejackingBluejacking
Bluejacking
 
Privacy and Security in the Internet of Things
Privacy and Security in the Internet of ThingsPrivacy and Security in the Internet of Things
Privacy and Security in the Internet of Things
 
Security Guardian LinkedIn
Security Guardian LinkedInSecurity Guardian LinkedIn
Security Guardian LinkedIn
 
Privacy and Security in the Internet of Things / Конфиденциальность и безопас...
Privacy and Security in the Internet of Things / Конфиденциальность и безопас...Privacy and Security in the Internet of Things / Конфиденциальность и безопас...
Privacy and Security in the Internet of Things / Конфиденциальность и безопас...
 
Online Privacy and Security
Online Privacy and SecurityOnline Privacy and Security
Online Privacy and Security
 
Defcon Crypto Village - OPSEC Concerns in Using Crypto
Defcon Crypto Village - OPSEC Concerns in Using CryptoDefcon Crypto Village - OPSEC Concerns in Using Crypto
Defcon Crypto Village - OPSEC Concerns in Using Crypto
 
Internet security
Internet securityInternet security
Internet security
 
Anti Whaling Hardening Up Your Net Presence
Anti   Whaling   Hardening Up Your Net PresenceAnti   Whaling   Hardening Up Your Net Presence
Anti Whaling Hardening Up Your Net Presence
 
Anti Whaling Hardening Up Your Net Presence
Anti   Whaling   Hardening Up Your Net PresenceAnti   Whaling   Hardening Up Your Net Presence
Anti Whaling Hardening Up Your Net Presence
 
Introducing Security Guardian from ExactTrak
Introducing Security Guardian from ExactTrakIntroducing Security Guardian from ExactTrak
Introducing Security Guardian from ExactTrak
 
Security challenges for IoT
Security challenges for IoTSecurity challenges for IoT
Security challenges for IoT
 
Home Automation Benchmarking Report
Home Automation Benchmarking ReportHome Automation Benchmarking Report
Home Automation Benchmarking Report
 
Mobile Cloning Technology
Mobile Cloning TechnologyMobile Cloning Technology
Mobile Cloning Technology
 
Network Forensics- Social Media Forensics
Network Forensics- Social Media ForensicsNetwork Forensics- Social Media Forensics
Network Forensics- Social Media Forensics
 
Smartphone security
Smartphone securitySmartphone security
Smartphone security
 
2012 12-04 --ncc_group_-_mobile_threat_war_room
2012 12-04 --ncc_group_-_mobile_threat_war_room2012 12-04 --ncc_group_-_mobile_threat_war_room
2012 12-04 --ncc_group_-_mobile_threat_war_room
 
RPS/APS vulnerability in snom/yealink and others - slides
RPS/APS vulnerability in snom/yealink and others - slidesRPS/APS vulnerability in snom/yealink and others - slides
RPS/APS vulnerability in snom/yealink and others - slides
 
EEAS - Cultivate your data protection
EEAS - Cultivate your data protectionEEAS - Cultivate your data protection
EEAS - Cultivate your data protection
 
Big Data Approaches to Cloud Security
Big Data Approaches to Cloud SecurityBig Data Approaches to Cloud Security
Big Data Approaches to Cloud Security
 

Recently uploaded

Biography And Tributes of the Late Mrs Stella Atsupui Eddah Amedorme.pdf
Biography And Tributes of the Late Mrs Stella Atsupui Eddah Amedorme.pdfBiography And Tributes of the Late Mrs Stella Atsupui Eddah Amedorme.pdf
Biography And Tributes of the Late Mrs Stella Atsupui Eddah Amedorme.pdf
amgratefulkhid
 
What is the Meaning of the Word Biscuit?
What is the Meaning of the Word Biscuit?What is the Meaning of the Word Biscuit?
What is the Meaning of the Word Biscuit?
Mona Rathore
 
RMIT degree offer diploma Transcript
RMIT degree offer diploma TranscriptRMIT degree offer diploma Transcript
RMIT degree offer diploma Transcript
sozta
 
bangalore Girls call 👀 XXXXXXXXXXX 👀 Cash Payment With Room DeliveryDelivery
bangalore Girls call  👀 XXXXXXXXXXX 👀 Cash Payment With Room DeliveryDeliverybangalore Girls call  👀 XXXXXXXXXXX 👀 Cash Payment With Room DeliveryDelivery
bangalore Girls call 👀 XXXXXXXXXXX 👀 Cash Payment With Room DeliveryDelivery
Jasmine Rawat
 
Celebrity Girls Call Mumbai 9910780858 Provide Best And Top Girl Service And ...
Celebrity Girls Call Mumbai 9910780858 Provide Best And Top Girl Service And ...Celebrity Girls Call Mumbai 9910780858 Provide Best And Top Girl Service And ...
Celebrity Girls Call Mumbai 9910780858 Provide Best And Top Girl Service And ...
dizzycaye
 
Girls Call Marol Naka 9910780858 Provide Best And Top Girl Service And No1 in...
Girls Call Marol Naka 9910780858 Provide Best And Top Girl Service And No1 in...Girls Call Marol Naka 9910780858 Provide Best And Top Girl Service And No1 in...
Girls Call Marol Naka 9910780858 Provide Best And Top Girl Service And No1 in...
margaretblush
 

Recently uploaded (6)

Biography And Tributes of the Late Mrs Stella Atsupui Eddah Amedorme.pdf
Biography And Tributes of the Late Mrs Stella Atsupui Eddah Amedorme.pdfBiography And Tributes of the Late Mrs Stella Atsupui Eddah Amedorme.pdf
Biography And Tributes of the Late Mrs Stella Atsupui Eddah Amedorme.pdf
 
What is the Meaning of the Word Biscuit?
What is the Meaning of the Word Biscuit?What is the Meaning of the Word Biscuit?
What is the Meaning of the Word Biscuit?
 
RMIT degree offer diploma Transcript
RMIT degree offer diploma TranscriptRMIT degree offer diploma Transcript
RMIT degree offer diploma Transcript
 
bangalore Girls call 👀 XXXXXXXXXXX 👀 Cash Payment With Room DeliveryDelivery
bangalore Girls call  👀 XXXXXXXXXXX 👀 Cash Payment With Room DeliveryDeliverybangalore Girls call  👀 XXXXXXXXXXX 👀 Cash Payment With Room DeliveryDelivery
bangalore Girls call 👀 XXXXXXXXXXX 👀 Cash Payment With Room DeliveryDelivery
 
Celebrity Girls Call Mumbai 9910780858 Provide Best And Top Girl Service And ...
Celebrity Girls Call Mumbai 9910780858 Provide Best And Top Girl Service And ...Celebrity Girls Call Mumbai 9910780858 Provide Best And Top Girl Service And ...
Celebrity Girls Call Mumbai 9910780858 Provide Best And Top Girl Service And ...
 
Girls Call Marol Naka 9910780858 Provide Best And Top Girl Service And No1 in...
Girls Call Marol Naka 9910780858 Provide Best And Top Girl Service And No1 in...Girls Call Marol Naka 9910780858 Provide Best And Top Girl Service And No1 in...
Girls Call Marol Naka 9910780858 Provide Best And Top Girl Service And No1 in...
 

Click and Dragger: Denial and Deception on Android mobile