These links are meant to go along with my recent OSINT presentation. They’re provided to get you started if you wanted to start learning the craft. Meta Giant list of OSINT tools and methodology Iron Geek’s OSINT class Tools Maltego – relationship mapper FOCA – fast metadata extraction and analysis Recon-ng – OSINT framework Geostalker – fun geo-tracking tool Sites: Shodan – computer search engine CheckUsernames.
Partial rant, partial useful blog post — I’m noticing that a lot of the “new” APIs for sites are starting to restrict access to content either by putting limits on content either by controlling how much of the data you’re allowed to access, or by not including the ability to access a certain amount of data over the API at all. This is different from a few years ago where sites like Twitter, would let you collect all the tweets from a user without issue.
This Friday, I’ll be presenting a weird presentation at BSides Detroit. It’s titled “Corporate Intelligence: Lisbeth Salandar vs James Bond” and it’s on a subject that has been stuck in my head for a while. It’s a talk about corporate spying, competitive intelligence, industrial espionage — the type of thing where people are stealing information from one group, and selling it to another. As is the case with most of my presentations, it has little to do with what I do for work, and more to do with play.
Can we agree that NFC is here to stay? Just about every mobile platform supports it, (I’m looking at you Apple) including simple feature phones from way back when . Let me just get to the good part: NFC input vectors for pen-testing. The scenario here is a mobile application that supports some kind of NFC exchange. Maybe it’s a Windows Phone 8 tag reader or something using Android Beam — whatever.
InspecTor is a .onion page that kept track of bad exit nodes on the network. And it did a pretty good job. It looked for things like: SSL Stripping: Replacing HTTPS links with HTTP JavaScript injection iFrame injection Exit nodes that have no exit policy (black holes) Those are the easy to quantify bad properties. We can compare the results of connecting to a bad Exit Node and a good one and diff the results.
Another year, another ISTS. For those that haven’t heard the Information Security Talent Search (ISTS) is a yearly event run by RIT’s SPARSA group — a student run organization. This isn’t your run-of-the-mill hacking competition. ISTS was one of the first (if not the first) to actually bring an offensive perspective to the competition. Here’s your job: Keep your services running – the longer they are up, the more points you get Stop your opponents from running services.
This is a presentation I gave about embedded security at the last 2600 meeting. This mostly just referencing other people’s work like Joe Grand and Travis Goodspeed who are embedded security gods. Pentesting embedded from antitree
Let me start by answering the short version of the question: Tor usually performs DNS requests using the exit node’s DNS server. Because Tor is TCP, it will only be able to handle TCP based DNS requests normally. Hidden services though are very different and rely on Hidden Service Directory Servers that do not use DNS at all. Read on if you don’t believe me or want more information. Here’s a reference from an old mailing list entry:
I gave a presentation at this month’s Rochester 2600 meeting about competitive intelligence. The point was to give some background about competitive intelligence/corporate spying and make some analogizes to people in infosec. FWIW, you can check it out over here.
I’ve been putting some time into trying to improve my intelligence gathering capabilities. Normally we would call this recon during a pen test or OSINT gathering. But I’ve been thinking about it from the perspective of the CIA who refer to it as intelligence gathering. The ideas are basically same: collect information that provides you with some kind of insight into a target. For a pen test, I want to know information about the subject I’m testing.
Quick blog post — thought it would be funny to make an Instagram script that will download all the locations of a user account. You can find the details on how to use it on Github. Pretty straightforward: ./instagram.py (instagramID) (InstagramAPIToken) You’ll need to sign up for the InstagramAPI which you can do here: http://instagram.com/developer/ And you can find your friend’s InstagramID using this handy tool here: http://jelled.com/instagram/lookup-user-id Download the code from Github here: https://github.
Browser fingerprint tactics, like the ones demonstrated in Panopticlick have been used by marketing and website analytic types for years. It’s how they track a user’s activities across domains. Just include their piece of JavaScript at the bottom of your page and poof, you’re able to track visitors in a variety of ways. I don’t care much about using this technology for marketing, but I do care about using this type of activity for operational security purposes.
Panopticlick is a project run by the EFF that highlights the privacy concerns related to being able to fingerprint your browser. It suddenly popped back up in /r/netsec like it was a new project. The site works by showing you the results of a full fledge browser fingerprint tool, letting you compare how similar or dissimilar you are to other visitors. This is done in a variety of ways. By looking at the user agent, screen resolution, fonts installed, plugins installed, versions of those plugins, and much more.
Last year, I wrote a post outlining some of my focus points for the rest of the year. This is a review of those tasks and an updated perspective for the next year. Last Year Hardware Security Projects Last year, I generically noted that I’d like to get into more hardware security projects. I took on the Juke Box project which was a mixture between hardware hacking, radio, and mobile. I’ve also been doing a lot more soldering to work on Travis Goodspeed’s FaceDancer 11 and GoodFet.
Spicy Mango is a project that Chris Centore started and presented on at Derbycon this year. It’s difficult to describe completely but in essence, it is an intelligence collection and analysis engine that helps you parse large amounts of data to extract items of interest. For example, say that you wanted to keep track of your nym and how it was used on the net. You could do something like a Google Alert that sends you an email every time “AntiTree” appears in the search engine.