SlideShare a Scribd company logo

Luiz eduardo. introduction to mobile snitch

Yury Chemerkin
Yury Chemerkin
Technology
1 of 43
Download to read offline
Mobile Snitch CONFidence 2012 Pre Luiz Eduar le(at)trus
genda Intro Motivations Current “issue” Profiling Mitigation Tips Future 2
whois Luiz Eduardo Head of SpiderLabs LAC Knows a thing or two about WiFi Conference organizer (YSTS & SilverBullet) Amateur photographer le/at/ trustwave /dot/ com @effffn 3
whois Rodrigo Montoro curity Researcher at Trustwave/Spiderlabs •  Intrusion Detection System Rules •  New ways to detect malicious activities •  Patent Pending Author for methodology to discover malicious digital files eaker •  Toorcon, SecTor, .FISL, Conisli, CNASI , OWASP Appsec Brazil, H2HC (São Paulo and México) under Malwares-BR Group / Webcast Localthreats under and Coordinator ort Brazilian Community •  Snort Rules Library for Brazilian Malwares 4
ustwave SpiderLabs ® wave SpiderLabs uses real-world and innovative security research to improve wave products, and provides unmatched expertise and intelligence to customers. REATS PROTECTI al-World Custome covered Product Response and Investigation (R&I) Analysis and Testing (A&T) Research and Development (R&D) earned Partner 5
oals of this Talk nformation about the data your mobile devices broadcast Possible implications of that Raise awareness of public in general in regards to mobile privacy 6
otivations revious WiFi Research ons of travel lient-side / targeted attacks and Malware rending ery initial thoughts of this talk presented at ayThreat 2011 very very initial WiFi-based devices location at oorCon Seattle 2008) 7
sclaimer 8
efinitive Goal Ability to fingerprint a PERSON based on the information given by heir mobile device(s) Passive information gathering of •  Automatic “LAN/Internal” protocols •  Non-encrypted traffic analysis (security flaws / features / non- confidential info) 9
urrent “issue” Massive adoption of mobile devices Usability vs. Security •  Networking Protocols •  Broadcast / Multicast (and basic WiFi operation) •  And… 10
YOD 11
YO(B)D i Security as we know it •  protect the infrastructure •  protect the user, once it’s in the protected network the newER buzzword: BYOD Security , doesn’t solve the privacy issue 12
ivacy Matters? 13
can haz ZeroConfig Used by most mobile devices Discovery, Announcement & Integration with (mostly) home devic •  Multimedia products •  IP Cameras •  Printers Yet, always on and automatic ro configuration networking allows devices such as mputers and printers to connect to a network automatical hout zeroconf, a network administrator must set up services…” 14
eroConfig Protocols mDNS UPnP SSDP (Simple Service Discovery Protocol) SLP (Service Location Protocol) 15
PV6) k of Monitoring Protection Knowledge Etc… 16
DNS is evil then? 17
o, how does it work? ata Acquisition (Passive) ilters Profile Creation ompare with Existing Info •  Domain Request Info •  First Search –  Internet Search •  IP / Geolocation –  Applications (Netbios / Services) •  Locations (collection) hird Party •  Contacts •  Arp Poisoning •  Company info •  Extra pcaps •  Personal Network •  Info correlation •  Softwares •  Additional Internet Search •  etc 18
ata Acquisition (mdns - multicast 19
dns query 20
dns “passive port scan” 21
ata Acquisition (Netbios - Broadcast) 22
etbios query 23
ey Information 24
mdns we trust … cure $ perl snitch.pl rodrigo-montoro-ipad-iphone.pcap ### Mobile Snitch ##### ### Analyzing File: rodrigo-montoro-ipad-iphone.pcap ### Tool by @effffn and @spookerlabs et Number: 596 Address: 5c:59:48:45:db:fb e Info: Rodrigo-Montoro.local,Rodrigo-Montoro.local 25
rst Search e Info: Rodrigo-Montoro.local,Rodrigo-Montoro.local ating to Google (or any other search tool) go Montoro inurl:facebook.com go Montoro inurl:linkedin.com go Montoro inurl:twitter.com e images go+Montoro ro Rodrigo ro y other Google search for that matter. 26
27
ut …. 28
odrigo is not that famous (yet)… 29
o we could use third-party info ARP Spoofing New pcaps n depth request analysis •  http objects rebuild (oh yeah) •  Plain-text request •  Who wants a cookie ? •  Usernames (we don’t want passwords .. At least, not now ) •  GeoIP / Domains •  SSIDs databases •  Image EXIF info 30
p Spoofing Difficult level: -10 # arpspoof –i eth0 192.168.0.1 * Don’t forget to enable ip_forwa 31
ew pcaps Cloudshark Pcapr Sniffing random locations Create an online repository ? 32
tp objects rebuilt - the secrets uthToken":"name:hpVy","distance": irstName":”Rodrigo","formattedName":”Rodrigo ntoro","headline":”Nerds at iderlabs","id":”1337","lastName":”Montoro","picture":htt media.linkedin.com/mpr/mpr/shrink_80_80/p/ 00/13/ al.jpg,"hasPicture":true,"twitter":”spookerlabs"} 33
r-Agents (-e http.user_agent http.request.method == GET) a/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.83 Saf 1 a/5.0 (Macintosh; U; Intel Mac OS X 10_6_7; en-us) AppleWebKit/533.21.1 (KHTML, like Gecko) Vers Safari/533.21.1 ivial/5.810 a/5.0 (iPad; CPU OS 5_0_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Mobile/9A405 rForBlackBerry/2.1.0.28 (BlackBerry; U; BlackBerry 9300; es) Version/5.0.0.846 a/5.0 (Linux; U; Android 2.1-update1; es-ar; U20a Build/2.1.1.A.0.6) AppleWebKit/530.17 (KHTML, li ) Version/4.0 Mobile Safari/530.17 [FBAN/FB4A;FBAV/1.8.4;FBDM/ ity=0.75,width=320,height=240};FBLC/es_AR;FB_FW/1;FBCR/CLARO;FBPN/com.facebook.katana;FB FBSV/2.1-update1;] 34
e are the good guys … /var/log/snort/alert | grep "[**" | sort | uniq -c | sort -nr [**] [1:100000236:2] GPL CHAT Jabber/Google Talk Incoming Message [**] [**] [1:100000233:2] GPL CHAT Jabber/Google Talk Outgoing Message [**] [**] [1:2010785:4] ET CHAT Facebook Chat (buddy list) [**] [**] [1:2100538:17] GPL NETBIOS SMB IPC$ unicode share access [**] [**] [1:2014473:2] ET INFO JAVA - Java Archive Download By Vulnerable Client [**] [**] [1:2012648:3] ET POLICY Dropbox Client Broadcasting [**] [**] [1:2011582:19] ET POLICY Vulnerable Java Version 1.6.x Detected [**] [**] [1:2006380:12] ET POLICY Outgoing Basic Auth Base64 HTTP Password detected unencrypted [**] [1:2002878:6] ET POLICY iTunes User Agent [**] [**] [1:100000230:2] GPL CHAT MISC Jabber/Google Talk Outgoing Traffic [**] 35
erson “MACnification” Mac Address sername ictures acebook inkedin witter ocations ompany oftwares xtras nfected ? 36
ext time we meet… 37
Mitigation” Tips Name the device: Never use your name / last name in your device Careful where you use your mobile Turn off WiFi (BlueTooth and etc) when not using it Bonus!) Consider removing some SSID entries from your device… but why? 38
onus! : Bring Your Own Probe Request Bluetooth 39
sconnected Devices & SSIDs Company People SSN #s Hotel School Event Airport Lounges … and Free Public WiFi 40
areful with the New Features t might affect (event more) your privacy…. 41
uture … Website for profile feed collaboration? •  Macprofiling.com •  Whoisthismac.com •  Followthemac.com •  ISawYouSomehereAlready.com Social Engineer •  SET (Social Engineer Toolkit) integration •  Maltego Others 42
dditional Resources wnload the Global Security Report: http://www.trustwave.com/GS d our Blog: http://blog.spiderlabs.com ow us on Twitter: @SpiderLabs / @efffffn / @spookerlabs 43

Recommended

Stealth Mango and the Prevalence of Mobile Surveillanceware
Stealth Mango and the Prevalence of Mobile SurveillancewareStealth Mango and the Prevalence of Mobile Surveillanceware
Stealth Mango and the Prevalence of Mobile SurveillancewarePriyanka Aash
 
Pwning Iot via Hardware Attacks - Chase Schultz - IoT Village - Defcon 23
Pwning Iot via Hardware Attacks - Chase Schultz - IoT Village - Defcon 23Pwning Iot via Hardware Attacks - Chase Schultz - IoT Village - Defcon 23
Pwning Iot via Hardware Attacks - Chase Schultz - IoT Village - Defcon 23Chase Schultz
 
Anti-Forensic Rootkits
Anti-Forensic RootkitsAnti-Forensic Rootkits
Anti-Forensic Rootkitsamiable_indian
 
OSINT Black Magic: Listen who whispers your name in the dark!!!
OSINT Black Magic: Listen who whispers your name in the dark!!!OSINT Black Magic: Listen who whispers your name in the dark!!!
OSINT Black Magic: Listen who whispers your name in the dark!!!Nutan Kumar Panda
 
Wikileaks: secure dropbox or leaking dropbox?
Wikileaks: secure dropbox or leaking dropbox?Wikileaks: secure dropbox or leaking dropbox?
Wikileaks: secure dropbox or leaking dropbox?hackdemocracy
 
Anti forensics-techniques-for-browsing-artifacts
Anti forensics-techniques-for-browsing-artifactsAnti forensics-techniques-for-browsing-artifacts
Anti forensics-techniques-for-browsing-artifactsgaurang17
 
LASCON 2015
LASCON 2015LASCON 2015
LASCON 2015Clare Nelson, CISSP, CIPP-E
 
OWASP AppSec USA 2015, San Francisco
OWASP AppSec USA 2015, San FranciscoOWASP AppSec USA 2015, San Francisco
OWASP AppSec USA 2015, San FranciscoClare Nelson, CISSP, CIPP-E
 

Recommended

Stealth Mango and the Prevalence of Mobile Surveillanceware
Stealth Mango and the Prevalence of Mobile SurveillancewareStealth Mango and the Prevalence of Mobile Surveillanceware
Stealth Mango and the Prevalence of Mobile SurveillancewarePriyanka Aash
 
Pwning Iot via Hardware Attacks - Chase Schultz - IoT Village - Defcon 23
Pwning Iot via Hardware Attacks - Chase Schultz - IoT Village - Defcon 23Pwning Iot via Hardware Attacks - Chase Schultz - IoT Village - Defcon 23
Pwning Iot via Hardware Attacks - Chase Schultz - IoT Village - Defcon 23Chase Schultz
 
Anti-Forensic Rootkits
Anti-Forensic RootkitsAnti-Forensic Rootkits
Anti-Forensic Rootkitsamiable_indian
 
OSINT Black Magic: Listen who whispers your name in the dark!!!
OSINT Black Magic: Listen who whispers your name in the dark!!!OSINT Black Magic: Listen who whispers your name in the dark!!!
OSINT Black Magic: Listen who whispers your name in the dark!!!Nutan Kumar Panda
 
Wikileaks: secure dropbox or leaking dropbox?
Wikileaks: secure dropbox or leaking dropbox?Wikileaks: secure dropbox or leaking dropbox?
Wikileaks: secure dropbox or leaking dropbox?hackdemocracy
 
Anti forensics-techniques-for-browsing-artifacts
Anti forensics-techniques-for-browsing-artifactsAnti forensics-techniques-for-browsing-artifacts
Anti forensics-techniques-for-browsing-artifactsgaurang17
 
LASCON 2015
LASCON 2015LASCON 2015
LASCON 2015Clare Nelson, CISSP, CIPP-E
 
OWASP AppSec USA 2015, San Francisco
OWASP AppSec USA 2015, San FranciscoOWASP AppSec USA 2015, San Francisco
OWASP AppSec USA 2015, San FranciscoClare Nelson, CISSP, CIPP-E
 
Everything you need to know about choosing the right running shoes
Everything you need to know about choosing the right running shoesEverything you need to know about choosing the right running shoes
Everything you need to know about choosing the right running shoesStylight
 
Integrating Digital and Mail for Results
Integrating Digital and Mail for ResultsIntegrating Digital and Mail for Results
Integrating Digital and Mail for Resultsvobenfoxboronet
 
Karya ilmiah adon
Karya ilmiah adonKarya ilmiah adon
Karya ilmiah adonRahmat Poliyoto
 
Msft oracle brief
Msft oracle briefMsft oracle brief
Msft oracle briefYury Chemerkin
 
Ijmer 46044245
Ijmer 46044245Ijmer 46044245
Ijmer 46044245IJMER
 
Vibration control of newly designed Tool and Tool-Holder for internal treadi...
Vibration control of newly designed Tool and Tool-Holder for internal treadi...Vibration control of newly designed Tool and Tool-Holder for internal treadi...
Vibration control of newly designed Tool and Tool-Holder for internal treadi...IJMER
 
Ijmer 46046266
Ijmer 46046266Ijmer 46046266
Ijmer 46046266IJMER
 
Suitability of Composite Material for Flywheel Analysis
Suitability of Composite Material for Flywheel Analysis Suitability of Composite Material for Flywheel Analysis
Suitability of Composite Material for Flywheel Analysis IJMER
 
Touring the Dark Side of Internet: A Journey through IOT, TOR & Docker
Touring the Dark Side of Internet: A Journey through IOT, TOR & DockerTouring the Dark Side of Internet: A Journey through IOT, TOR & Docker
Touring the Dark Side of Internet: A Journey through IOT, TOR & DockerAbhinav Biswas
 
IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?Zoltan Balazs
 
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Zoltan Balazs
 
Exfiltrating Data through IoT
Exfiltrating Data through IoTExfiltrating Data through IoT
Exfiltrating Data through IoTPriyanka Aash
 
technical-information-gathering-slides.pdf
technical-information-gathering-slides.pdftechnical-information-gathering-slides.pdf
technical-information-gathering-slides.pdfMarceloCunha571649
 
Privacy and security in IoT
Privacy and security in IoTPrivacy and security in IoT
Privacy and security in IoTVasco Veloso
 
IoT security zigbee -- Null Meet bangalore
IoT security zigbee -- Null Meet bangaloreIoT security zigbee -- Null Meet bangalore
IoT security zigbee -- Null Meet bangaloreveerababu penugonda(Mr-IoT)
 
DEF CON 27 - D4KRM4TTER MIKE SPICER - I know what you did last summer
DEF CON 27 - D4KRM4TTER MIKE SPICER - I know what you did last summerDEF CON 27 - D4KRM4TTER MIKE SPICER - I know what you did last summer
DEF CON 27 - D4KRM4TTER MIKE SPICER - I know what you did last summerFelipe Prado
 
Smart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationSmart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationSecureState
 
The evolving threat in the face of increased connectivity
The evolving threat in the face of increased connectivityThe evolving threat in the face of increased connectivity
The evolving threat in the face of increased connectivityAPNIC
 
IOT Exploitation
IOT Exploitation IOT Exploitation
IOT Exploitation Cysinfo Cyber Security Community
 
IoTNEXT 2016 - SafeNation Track
IoTNEXT 2016 - SafeNation TrackIoTNEXT 2016 - SafeNation Track
IoTNEXT 2016 - SafeNation TrackPriyanka Aash
 
Big Data Approaches to Cloud Security
Big Data Approaches to Cloud SecurityBig Data Approaches to Cloud Security
Big Data Approaches to Cloud SecurityPaul Morse
 
IPv6 Security Talk mit Joe Klein
IPv6 Security Talk mit Joe KleinIPv6 Security Talk mit Joe Klein
IPv6 Security Talk mit Joe KleinDigicomp Academy AG
 

More Related Content

Viewers also liked

Everything you need to know about choosing the right running shoes
Everything you need to know about choosing the right running shoesEverything you need to know about choosing the right running shoes
Everything you need to know about choosing the right running shoesStylight
 
Integrating Digital and Mail for Results
Integrating Digital and Mail for ResultsIntegrating Digital and Mail for Results
Integrating Digital and Mail for Resultsvobenfoxboronet
 
Ijmer 46044245
Ijmer 46044245Ijmer 46044245
Ijmer 46044245IJMER
 
Vibration control of newly designed Tool and Tool-Holder for internal treadi...
Vibration control of newly designed Tool and Tool-Holder for internal treadi...Vibration control of newly designed Tool and Tool-Holder for internal treadi...
Vibration control of newly designed Tool and Tool-Holder for internal treadi...IJMER
 
Ijmer 46046266
Ijmer 46046266Ijmer 46046266
Ijmer 46046266IJMER
 
Suitability of Composite Material for Flywheel Analysis
Suitability of Composite Material for Flywheel Analysis Suitability of Composite Material for Flywheel Analysis
Suitability of Composite Material for Flywheel Analysis IJMER
 

Viewers also liked (8)

Everything you need to know about choosing the right running shoes
Everything you need to know about choosing the right running shoesEverything you need to know about choosing the right running shoes
Everything you need to know about choosing the right running shoes
 
Integrating Digital and Mail for Results
Integrating Digital and Mail for ResultsIntegrating Digital and Mail for Results
Integrating Digital and Mail for Results
 
Karya ilmiah adon
Karya ilmiah adonKarya ilmiah adon
Karya ilmiah adon
 
Msft oracle brief
Msft oracle briefMsft oracle brief
Msft oracle brief
 
Ijmer 46044245
Ijmer 46044245Ijmer 46044245
Ijmer 46044245
 
Vibration control of newly designed Tool and Tool-Holder for internal treadi...
Vibration control of newly designed Tool and Tool-Holder for internal treadi...Vibration control of newly designed Tool and Tool-Holder for internal treadi...
Vibration control of newly designed Tool and Tool-Holder for internal treadi...
 
Ijmer 46046266
Ijmer 46046266Ijmer 46046266
Ijmer 46046266
 
Suitability of Composite Material for Flywheel Analysis
Suitability of Composite Material for Flywheel Analysis Suitability of Composite Material for Flywheel Analysis
Suitability of Composite Material for Flywheel Analysis
 

Similar to Luiz eduardo. introduction to mobile snitch

Touring the Dark Side of Internet: A Journey through IOT, TOR & Docker
Touring the Dark Side of Internet: A Journey through IOT, TOR & DockerTouring the Dark Side of Internet: A Journey through IOT, TOR & Docker
Touring the Dark Side of Internet: A Journey through IOT, TOR & DockerAbhinav Biswas
 
IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?Zoltan Balazs
 
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Zoltan Balazs
 
Exfiltrating Data through IoT
Exfiltrating Data through IoTExfiltrating Data through IoT
Exfiltrating Data through IoTPriyanka Aash
 
technical-information-gathering-slides.pdf
technical-information-gathering-slides.pdftechnical-information-gathering-slides.pdf
technical-information-gathering-slides.pdfMarceloCunha571649
 
Privacy and security in IoT
Privacy and security in IoTPrivacy and security in IoT
Privacy and security in IoTVasco Veloso
 
DEF CON 27 - D4KRM4TTER MIKE SPICER - I know what you did last summer
DEF CON 27 - D4KRM4TTER MIKE SPICER - I know what you did last summerDEF CON 27 - D4KRM4TTER MIKE SPICER - I know what you did last summer
DEF CON 27 - D4KRM4TTER MIKE SPICER - I know what you did last summerFelipe Prado
 
Smart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationSmart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationSecureState
 
The evolving threat in the face of increased connectivity
The evolving threat in the face of increased connectivityThe evolving threat in the face of increased connectivity
The evolving threat in the face of increased connectivityAPNIC
 
IoTNEXT 2016 - SafeNation Track
IoTNEXT 2016 - SafeNation TrackIoTNEXT 2016 - SafeNation Track
IoTNEXT 2016 - SafeNation TrackPriyanka Aash
 
Big Data Approaches to Cloud Security
Big Data Approaches to Cloud SecurityBig Data Approaches to Cloud Security
Big Data Approaches to Cloud SecurityPaul Morse
 
IPv6 Security Talk mit Joe Klein
IPv6 Security Talk mit Joe KleinIPv6 Security Talk mit Joe Klein
IPv6 Security Talk mit Joe KleinDigicomp Academy AG
 
OSINT tools for security auditing [FOSDEM edition]
OSINT tools for security auditing [FOSDEM edition] OSINT tools for security auditing [FOSDEM edition]
OSINT tools for security auditing [FOSDEM edition] Jose Manuel Ortega Candel
 
IoT Software Testing Challenges: The IoT World Is Really Different
IoT Software Testing Challenges: The IoT World Is Really DifferentIoT Software Testing Challenges: The IoT World Is Really Different
IoT Software Testing Challenges: The IoT World Is Really DifferentTechWell
 
Android Hacking
Android HackingAndroid Hacking
Android Hackingantitree
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseSplunk
 
Intelligent Embedded Systems (Robotics)
Intelligent Embedded Systems (Robotics)Intelligent Embedded Systems (Robotics)
Intelligent Embedded Systems (Robotics)Adeyemi Fowe
 
Yi-Lang Tsai - Cyber Security, Threat Hunting and Defence Challenge in Taiwan...
Yi-Lang Tsai - Cyber Security, Threat Hunting and Defence Challenge in Taiwan...Yi-Lang Tsai - Cyber Security, Threat Hunting and Defence Challenge in Taiwan...
Yi-Lang Tsai - Cyber Security, Threat Hunting and Defence Challenge in Taiwan...REVULN
 

Similar to Luiz eduardo. introduction to mobile snitch (20)

Touring the Dark Side of Internet: A Journey through IOT, TOR & Docker
Touring the Dark Side of Internet: A Journey through IOT, TOR & DockerTouring the Dark Side of Internet: A Journey through IOT, TOR & Docker
Touring the Dark Side of Internet: A Journey through IOT, TOR & Docker
 
IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?
 
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
 
Exfiltrating Data through IoT
Exfiltrating Data through IoTExfiltrating Data through IoT
Exfiltrating Data through IoT
 
technical-information-gathering-slides.pdf
technical-information-gathering-slides.pdftechnical-information-gathering-slides.pdf
technical-information-gathering-slides.pdf
 
Privacy and security in IoT
Privacy and security in IoTPrivacy and security in IoT
Privacy and security in IoT
 
IoT security zigbee -- Null Meet bangalore
IoT security zigbee -- Null Meet bangaloreIoT security zigbee -- Null Meet bangalore
IoT security zigbee -- Null Meet bangalore
 
DEF CON 27 - D4KRM4TTER MIKE SPICER - I know what you did last summer
DEF CON 27 - D4KRM4TTER MIKE SPICER - I know what you did last summerDEF CON 27 - D4KRM4TTER MIKE SPICER - I know what you did last summer
DEF CON 27 - D4KRM4TTER MIKE SPICER - I know what you did last summer
 
Smart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationSmart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and Exploitation
 
The evolving threat in the face of increased connectivity
The evolving threat in the face of increased connectivityThe evolving threat in the face of increased connectivity
The evolving threat in the face of increased connectivity
 
IOT Exploitation
IOT Exploitation IOT Exploitation
IOT Exploitation
 
IoTNEXT 2016 - SafeNation Track
IoTNEXT 2016 - SafeNation TrackIoTNEXT 2016 - SafeNation Track
IoTNEXT 2016 - SafeNation Track
 
Big Data Approaches to Cloud Security
Big Data Approaches to Cloud SecurityBig Data Approaches to Cloud Security
Big Data Approaches to Cloud Security
 
IPv6 Security Talk mit Joe Klein
IPv6 Security Talk mit Joe KleinIPv6 Security Talk mit Joe Klein
IPv6 Security Talk mit Joe Klein
 
OSINT tools for security auditing [FOSDEM edition]
OSINT tools for security auditing [FOSDEM edition] OSINT tools for security auditing [FOSDEM edition]
OSINT tools for security auditing [FOSDEM edition]
 
IoT Software Testing Challenges: The IoT World Is Really Different
IoT Software Testing Challenges: The IoT World Is Really DifferentIoT Software Testing Challenges: The IoT World Is Really Different
IoT Software Testing Challenges: The IoT World Is Really Different
 
Android Hacking
Android HackingAndroid Hacking
Android Hacking
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk Enterprise
 
Intelligent Embedded Systems (Robotics)
Intelligent Embedded Systems (Robotics)Intelligent Embedded Systems (Robotics)
Intelligent Embedded Systems (Robotics)
 
Yi-Lang Tsai - Cyber Security, Threat Hunting and Defence Challenge in Taiwan...
Yi-Lang Tsai - Cyber Security, Threat Hunting and Defence Challenge in Taiwan...Yi-Lang Tsai - Cyber Security, Threat Hunting and Defence Challenge in Taiwan...
Yi-Lang Tsai - Cyber Security, Threat Hunting and Defence Challenge in Taiwan...
 

More from Yury Chemerkin

Security Vulnerability Notice SE-2012-01-PUBLIC [Security vulnerabilities in ...
Security Vulnerability Notice SE-2012-01-PUBLIC [Security vulnerabilities in ...Security Vulnerability Notice SE-2012-01-PUBLIC [Security vulnerabilities in ...
Security Vulnerability Notice SE-2012-01-PUBLIC [Security vulnerabilities in ...Yury Chemerkin
 
Red october. detailed malware description
Red october. detailed malware descriptionRed october. detailed malware description
Red october. detailed malware descriptionYury Chemerkin
 
Comment crew indicators of compromise
Comment crew indicators of compromiseComment crew indicators of compromise
Comment crew indicators of compromiseYury Chemerkin
 
Appendix g iocs readme
Appendix g iocs readmeAppendix g iocs readme
Appendix g iocs readmeYury Chemerkin
 
Appendix f (digital) ssl certificates
Appendix f (digital) ssl certificatesAppendix f (digital) ssl certificates
Appendix f (digital) ssl certificatesYury Chemerkin
 
Appendix e (digital) md5s
Appendix e (digital) md5sAppendix e (digital) md5s
Appendix e (digital) md5sYury Chemerkin
 
Appendix d (digital) fqd ns
Appendix d (digital) fqd nsAppendix d (digital) fqd ns
Appendix d (digital) fqd nsYury Chemerkin
 
6071f3f4 40e6-4c7b-8868-3b0b21a9f601
6071f3f4 40e6-4c7b-8868-3b0b21a9f6016071f3f4 40e6-4c7b-8868-3b0b21a9f601
6071f3f4 40e6-4c7b-8868-3b0b21a9f601Yury Chemerkin
 
Zane lackey. security at scale. web application security in a continuous depl...
Zane lackey. security at scale. web application security in a continuous depl...Zane lackey. security at scale. web application security in a continuous depl...
Zane lackey. security at scale. web application security in a continuous depl...Yury Chemerkin
 
Windows 8. important considerations for computer forensics and electronic dis...
Windows 8. important considerations for computer forensics and electronic dis...Windows 8. important considerations for computer forensics and electronic dis...
Windows 8. important considerations for computer forensics and electronic dis...Yury Chemerkin
 
The stuxnet computer worm. harbinger of an emerging warfare capability
The stuxnet computer worm. harbinger of an emerging warfare capabilityThe stuxnet computer worm. harbinger of an emerging warfare capability
The stuxnet computer worm. harbinger of an emerging warfare capabilityYury Chemerkin
 
Stuxnet. analysis, myths, realities
Stuxnet. analysis, myths, realitiesStuxnet. analysis, myths, realities
Stuxnet. analysis, myths, realitiesYury Chemerkin
 
Stuxnet redux. malware attribution & lessons learned
Stuxnet redux. malware attribution & lessons learnedStuxnet redux. malware attribution & lessons learned
Stuxnet redux. malware attribution & lessons learnedYury Chemerkin
 
Sophos ransom ware fake antivirus
Sophos ransom ware fake antivirusSophos ransom ware fake antivirus
Sophos ransom ware fake antivirusYury Chemerkin
 
Six months later – a report card on google’s demotion of pirate sites
Six months later – a report card on google’s demotion of pirate sitesSix months later – a report card on google’s demotion of pirate sites
Six months later – a report card on google’s demotion of pirate sitesYury Chemerkin
 
Security in the cloud planning guide
Security in the cloud planning guideSecurity in the cloud planning guide
Security in the cloud planning guideYury Chemerkin
 
Security configuration recommendations for apple i os 5 devices
Security configuration recommendations for apple i os 5 devicesSecurity configuration recommendations for apple i os 5 devices
Security configuration recommendations for apple i os 5 devicesYury Chemerkin
 
Render man. hacker + airplanes = no good can come of this
Render man. hacker + airplanes = no good can come of thisRender man. hacker + airplanes = no good can come of this
Render man. hacker + airplanes = no good can come of thisYury Chemerkin
 
Mario heiderich. got your nose! how to steal your precious data without using...
Mario heiderich. got your nose! how to steal your precious data without using...Mario heiderich. got your nose! how to steal your precious data without using...
Mario heiderich. got your nose! how to steal your precious data without using...Yury Chemerkin
 

More from Yury Chemerkin (20)

Security Vulnerability Notice SE-2012-01-PUBLIC [Security vulnerabilities in ...
Security Vulnerability Notice SE-2012-01-PUBLIC [Security vulnerabilities in ...Security Vulnerability Notice SE-2012-01-PUBLIC [Security vulnerabilities in ...
Security Vulnerability Notice SE-2012-01-PUBLIC [Security vulnerabilities in ...
 
Red october. detailed malware description
Red october. detailed malware descriptionRed october. detailed malware description
Red october. detailed malware description
 
Comment crew indicators of compromise
Comment crew indicators of compromiseComment crew indicators of compromise
Comment crew indicators of compromise
 
Appendix g iocs readme
Appendix g iocs readmeAppendix g iocs readme
Appendix g iocs readme
 
Appendix f (digital) ssl certificates
Appendix f (digital) ssl certificatesAppendix f (digital) ssl certificates
Appendix f (digital) ssl certificates
 
Appendix e (digital) md5s
Appendix e (digital) md5sAppendix e (digital) md5s
Appendix e (digital) md5s
 
Appendix d (digital) fqd ns
Appendix d (digital) fqd nsAppendix d (digital) fqd ns
Appendix d (digital) fqd ns
 
6071f3f4 40e6-4c7b-8868-3b0b21a9f601
6071f3f4 40e6-4c7b-8868-3b0b21a9f6016071f3f4 40e6-4c7b-8868-3b0b21a9f601
6071f3f4 40e6-4c7b-8868-3b0b21a9f601
 
Jp3 13
Jp3 13Jp3 13
Jp3 13
 
Zane lackey. security at scale. web application security in a continuous depl...
Zane lackey. security at scale. web application security in a continuous depl...Zane lackey. security at scale. web application security in a continuous depl...
Zane lackey. security at scale. web application security in a continuous depl...
 
Windows 8. important considerations for computer forensics and electronic dis...
Windows 8. important considerations for computer forensics and electronic dis...Windows 8. important considerations for computer forensics and electronic dis...
Windows 8. important considerations for computer forensics and electronic dis...
 
The stuxnet computer worm. harbinger of an emerging warfare capability
The stuxnet computer worm. harbinger of an emerging warfare capabilityThe stuxnet computer worm. harbinger of an emerging warfare capability
The stuxnet computer worm. harbinger of an emerging warfare capability
 
Stuxnet. analysis, myths, realities
Stuxnet. analysis, myths, realitiesStuxnet. analysis, myths, realities
Stuxnet. analysis, myths, realities
 
Stuxnet redux. malware attribution & lessons learned
Stuxnet redux. malware attribution & lessons learnedStuxnet redux. malware attribution & lessons learned
Stuxnet redux. malware attribution & lessons learned
 
Sophos ransom ware fake antivirus
Sophos ransom ware fake antivirusSophos ransom ware fake antivirus
Sophos ransom ware fake antivirus
 
Six months later – a report card on google’s demotion of pirate sites
Six months later – a report card on google’s demotion of pirate sitesSix months later – a report card on google’s demotion of pirate sites
Six months later – a report card on google’s demotion of pirate sites
 
Security in the cloud planning guide
Security in the cloud planning guideSecurity in the cloud planning guide
Security in the cloud planning guide
 
Security configuration recommendations for apple i os 5 devices
Security configuration recommendations for apple i os 5 devicesSecurity configuration recommendations for apple i os 5 devices
Security configuration recommendations for apple i os 5 devices
 
Render man. hacker + airplanes = no good can come of this
Render man. hacker + airplanes = no good can come of thisRender man. hacker + airplanes = no good can come of this
Render man. hacker + airplanes = no good can come of this
 
Mario heiderich. got your nose! how to steal your precious data without using...
Mario heiderich. got your nose! how to steal your precious data without using...Mario heiderich. got your nose! how to steal your precious data without using...
Mario heiderich. got your nose! how to steal your precious data without using...
 

Recently uploaded

Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 

Recently uploaded (20)

Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 

Luiz eduardo. introduction to mobile snitch

  • 1. Mobile Snitch CONFidence 2012 Pre Luiz Eduar le(at)trus
  • 2. genda Intro Motivations Current “issue” Profiling Mitigation Tips Future 2
  • 3. whois Luiz Eduardo Head of SpiderLabs LAC Knows a thing or two about WiFi Conference organizer (YSTS & SilverBullet) Amateur photographer le/at/ trustwave /dot/ com @effffn 3
  • 4. whois Rodrigo Montoro curity Researcher at Trustwave/Spiderlabs •  Intrusion Detection System Rules •  New ways to detect malicious activities •  Patent Pending Author for methodology to discover malicious digital files eaker •  Toorcon, SecTor, .FISL, Conisli, CNASI , OWASP Appsec Brazil, H2HC (São Paulo and México) under Malwares-BR Group / Webcast Localthreats under and Coordinator ort Brazilian Community •  Snort Rules Library for Brazilian Malwares 4
  • 5. ustwave SpiderLabs ® wave SpiderLabs uses real-world and innovative security research to improve wave products, and provides unmatched expertise and intelligence to customers. REATS PROTECTI al-World Custome covered Product Response and Investigation (R&I) Analysis and Testing (A&T) Research and Development (R&D) earned Partner 5
  • 6. oals of this Talk nformation about the data your mobile devices broadcast Possible implications of that Raise awareness of public in general in regards to mobile privacy 6
  • 7. otivations revious WiFi Research ons of travel lient-side / targeted attacks and Malware rending ery initial thoughts of this talk presented at ayThreat 2011 very very initial WiFi-based devices location at oorCon Seattle 2008) 7
  • 9. efinitive Goal Ability to fingerprint a PERSON based on the information given by heir mobile device(s) Passive information gathering of •  Automatic “LAN/Internal” protocols •  Non-encrypted traffic analysis (security flaws / features / non- confidential info) 9
  • 10. urrent “issue” Massive adoption of mobile devices Usability vs. Security •  Networking Protocols •  Broadcast / Multicast (and basic WiFi operation) •  And… 10
  • 11. YOD 11
  • 12. YO(B)D i Security as we know it •  protect the infrastructure •  protect the user, once it’s in the protected network the newER buzzword: BYOD Security , doesn’t solve the privacy issue 12
  • 14. can haz ZeroConfig Used by most mobile devices Discovery, Announcement & Integration with (mostly) home devic •  Multimedia products •  IP Cameras •  Printers Yet, always on and automatic ro configuration networking allows devices such as mputers and printers to connect to a network automatical hout zeroconf, a network administrator must set up services…” 14
  • 15. eroConfig Protocols mDNS UPnP SSDP (Simple Service Discovery Protocol) SLP (Service Location Protocol) 15
  • 17. DNS is evil then? 17
  • 18. o, how does it work? ata Acquisition (Passive) ilters Profile Creation ompare with Existing Info •  Domain Request Info •  First Search –  Internet Search •  IP / Geolocation –  Applications (Netbios / Services) •  Locations (collection) hird Party •  Contacts •  Arp Poisoning •  Company info •  Extra pcaps •  Personal Network •  Info correlation •  Softwares •  Additional Internet Search •  etc 18
  • 19. ata Acquisition (mdns - multicast 19
  • 20. dns query 20
  • 21. dns “passive port scan” 21
  • 22. ata Acquisition (Netbios - Broadcast) 22
  • 25. mdns we trust … cure $ perl snitch.pl rodrigo-montoro-ipad-iphone.pcap ### Mobile Snitch ##### ### Analyzing File: rodrigo-montoro-ipad-iphone.pcap ### Tool by @effffn and @spookerlabs et Number: 596 Address: 5c:59:48:45:db:fb e Info: Rodrigo-Montoro.local,Rodrigo-Montoro.local 25
  • 26. rst Search e Info: Rodrigo-Montoro.local,Rodrigo-Montoro.local ating to Google (or any other search tool) go Montoro inurl:facebook.com go Montoro inurl:linkedin.com go Montoro inurl:twitter.com e images go+Montoro ro Rodrigo ro y other Google search for that matter. 26
  • 27. 27
  • 28. ut …. 28
  • 29. odrigo is not that famous (yet)… 29
  • 30. o we could use third-party info ARP Spoofing New pcaps n depth request analysis •  http objects rebuild (oh yeah) •  Plain-text request •  Who wants a cookie ? •  Usernames (we don’t want passwords .. At least, not now ) •  GeoIP / Domains •  SSIDs databases •  Image EXIF info 30
  • 31. p Spoofing Difficult level: -10 # arpspoof –i eth0 192.168.0.1 * Don’t forget to enable ip_forwa 31
  • 32. ew pcaps Cloudshark Pcapr Sniffing random locations Create an online repository ? 32
  • 33. tp objects rebuilt - the secrets uthToken":"name:hpVy","distance": irstName":”Rodrigo","formattedName":”Rodrigo ntoro","headline":”Nerds at iderlabs","id":”1337","lastName":”Montoro","picture":htt media.linkedin.com/mpr/mpr/shrink_80_80/p/ 00/13/ al.jpg,"hasPicture":true,"twitter":”spookerlabs"} 33
  • 34. r-Agents (-e http.user_agent http.request.method == GET) a/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.83 Saf 1 a/5.0 (Macintosh; U; Intel Mac OS X 10_6_7; en-us) AppleWebKit/533.21.1 (KHTML, like Gecko) Vers Safari/533.21.1 ivial/5.810 a/5.0 (iPad; CPU OS 5_0_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Mobile/9A405 rForBlackBerry/2.1.0.28 (BlackBerry; U; BlackBerry 9300; es) Version/5.0.0.846 a/5.0 (Linux; U; Android 2.1-update1; es-ar; U20a Build/2.1.1.A.0.6) AppleWebKit/530.17 (KHTML, li ) Version/4.0 Mobile Safari/530.17 [FBAN/FB4A;FBAV/1.8.4;FBDM/ ity=0.75,width=320,height=240};FBLC/es_AR;FB_FW/1;FBCR/CLARO;FBPN/com.facebook.katana;FB FBSV/2.1-update1;] 34
  • 35. e are the good guys … /var/log/snort/alert | grep "[**" | sort | uniq -c | sort -nr [**] [1:100000236:2] GPL CHAT Jabber/Google Talk Incoming Message [**] [**] [1:100000233:2] GPL CHAT Jabber/Google Talk Outgoing Message [**] [**] [1:2010785:4] ET CHAT Facebook Chat (buddy list) [**] [**] [1:2100538:17] GPL NETBIOS SMB IPC$ unicode share access [**] [**] [1:2014473:2] ET INFO JAVA - Java Archive Download By Vulnerable Client [**] [**] [1:2012648:3] ET POLICY Dropbox Client Broadcasting [**] [**] [1:2011582:19] ET POLICY Vulnerable Java Version 1.6.x Detected [**] [**] [1:2006380:12] ET POLICY Outgoing Basic Auth Base64 HTTP Password detected unencrypted [**] [1:2002878:6] ET POLICY iTunes User Agent [**] [**] [1:100000230:2] GPL CHAT MISC Jabber/Google Talk Outgoing Traffic [**] 35
  • 36. erson “MACnification” Mac Address sername ictures acebook inkedin witter ocations ompany oftwares xtras nfected ? 36
  • 37. ext time we meet… 37
  • 38. Mitigation” Tips Name the device: Never use your name / last name in your device Careful where you use your mobile Turn off WiFi (BlueTooth and etc) when not using it Bonus!) Consider removing some SSID entries from your device… but why? 38
  • 39. onus! : Bring Your Own Probe Request Bluetooth 39
  • 40. sconnected Devices & SSIDs Company People SSN #s Hotel School Event Airport Lounges … and Free Public WiFi 40
  • 41. areful with the New Features t might affect (event more) your privacy…. 41
  • 42. uture … Website for profile feed collaboration? •  Macprofiling.com •  Whoisthismac.com •  Followthemac.com •  ISawYouSomehereAlready.com Social Engineer •  SET (Social Engineer Toolkit) integration •  Maltego Others 42
  • 43. dditional Resources wnload the Global Security Report: http://www.trustwave.com/GS d our Blog: http://blog.spiderlabs.com ow us on Twitter: @SpiderLabs / @efffffn / @spookerlabs 43