DEANONYMIZATION

•Télécharger en tant que PPTX, PDF•

18 j'aime•18,492 vues

This talk is dedicated to de-anonymizing active Internet users. We will give a hands-on demonstration of various Internet resources tracking and/or storing user data, and explain how this data can be used to find out the identity on the other side of the screen for your own (either good or evil) purposes. Доклад посвящен деанонимизации активных пользователей интернета. На практике будет показано, как различные интернет-ресурсы следят или содержат информацию о пользователях и как ее можно использовать, чтобы вычислить, кто находится по ту сторону монитора для собственных (как плохих, так и хороших) нужд.

Technologie

Deanonymization and total espionage
Dmitry «Bo0oM» Boomov

Tits and
kittens.
Hopefully, now
you like my
report.

Getting information from phone. Whatsapp

Getting information from phone
http://numbuster.com/

Online users
https://letters.yandex.ru/promo

Clickjacking
Demo: bo0om.ru/zn2014/vk/2/

Clickjacking
Demo: bo0om.ru/zn2014/vk/3/

Click, click…
<a href='tel://1234567890'>Click me</a>

Social detector
Demo: bo0om.ru/zn2014/sd/

Tinfoleak
http://vicenteaguileradiaz.com/tools/

GEO
https://maps.google.com/locationhistory/

Cookie Matching
Specifically, when creating a new cookie, it uses the following storage mechanisms when available:
- Standard HTTP Cookies
- Local Shared Objects (Flash Cookies)
- Silverlight Isolated Storage
- Storing cookies in RGB values of auto-generated, force-
cached PNGs using HTML5 Canvas tag to read pixels (cookies)
back out
- Storing cookies in Web History
- Storing cookies in HTTP ETags
- Storing cookies in Web cache
- window.name caching
- Internet Explorer userData storage
- HTML5 Session Storage
- HTML5 Local Storage
- HTML5 Global Storage
- HTML5 Database Storage via SQLite
- HTML5 IndexedDB
- Java JNLP PersistenceService
- Java CVE-2013-0422 exploit (applet sandbox escaping)
http://samy.pl/evercookie/

Js: on
flash: on
Js: on
flash: on
Js: on
flash: on
Js: on
flash: on
Js: on
flash: on
Js: on
flash: on
Js: off
flash: off

Contenu connexe

En vedette

Zeronights 2013 - воруем доменыДмитрий Бумов

VolgaCTF | Bo0oM - DNS and attacksДмитрий Бумов

Sony Attack by Destover Malware. Part of Cyphort Malware Most Wanted Series.Cyphort

Hot potato Privilege EscalationSunny Neo

Attack on SonyNick Bilogorskiy

Merged (1)valentina2018

En vedette (6)

Zeronights 2013 - воруем домены

VolgaCTF | Bo0oM - DNS and attacks

Sony Attack by Destover Malware. Part of Cyphort Malware Most Wanted Series.

Hot potato Privilege Escalation

Attack on Sony

Merged (1)

Plus de Дмитрий Бумов

2000day in SafariДмитрий Бумов

Partyhack 3.0 - Telegram bugbounty writeupДмитрий Бумов

ZeroNights 2018 | I <"3 XSSДмитрий Бумов

ZeroNights 2018 | Race Condition ToolДмитрий Бумов

Offzone | Another waf bypassДмитрий Бумов

Defcon Russia 2017 - Bo0oM vs ШурыгинаДмитрий Бумов

DC7499 - Param-pam-pamДмитрий Бумов

KazHackStan - "><script>alert()</script>Дмитрий Бумов

VolgaCTF 2018 - Neatly bypassing CSPДмитрий Бумов

Отравление кэша веб-приложенийДмитрий Бумов

XSS. Обходы фильтров и защит.Дмитрий Бумов

RIW 2017 | Все плохоДмитрий Бумов

Skolkovo школа | Капельку о MITMДмитрий Бумов

PHDAYS 2017 | Зато удобно! Утечки из-за ботов в telegramДмитрий Бумов

Armsec 2017 | 2 bugs 1 safariДмитрий Бумов

KazHackStan 2017 | TrackingДмитрий Бумов

пресс конференция 15.06.2016. безопасность платежных систем и банковДмитрий Бумов

Fuzz.txtДмитрий Бумов

Не nmap'ом единымДмитрий Бумов

Bo0oM - Ты такой смешной XD #securitymeetupДмитрий Бумов

Plus de Дмитрий Бумов (20)

2000day in Safari

Partyhack 3.0 - Telegram bugbounty writeup

ZeroNights 2018 | I <"3 XSS

ZeroNights 2018 | Race Condition Tool

Offzone | Another waf bypass

Defcon Russia 2017 - Bo0oM vs Шурыгина

DC7499 - Param-pam-pam

KazHackStan - "><script>alert()</script>

VolgaCTF 2018 - Neatly bypassing CSP

Отравление кэша веб-приложений

XSS. Обходы фильтров и защит.

RIW 2017 | Все плохо

Skolkovo школа | Капельку о MITM

PHDAYS 2017 | Зато удобно! Утечки из-за ботов в telegram

Armsec 2017 | 2 bugs 1 safari

KazHackStan 2017 | Tracking

пресс конференция 15.06.2016. безопасность платежных систем и банков

Fuzz.txt

Не nmap'ом единым

Bo0oM - Ты такой смешной XD #securitymeetup

Dernier

"ML in Production",Oleksandr BaganFwdays

DMCC Future of Trade Web3 - Special EditionDubai Multi Commodity Centre

The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3

Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar

Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm

DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell

Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3

The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3

Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3

Gen AI in Business - Global Trends Report 2024.pdfAddepto

DevEX - reference for building teams, processes, and platformsSergiu Bodiu

Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro

WordPress Websites for Engineers: Elevate Your Brandgvaughan

Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan

Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed

Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB

Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited

Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos

SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal

Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson

Dernier (20)

"ML in Production",Oleksandr Bagan

DMCC Future of Trade Web3 - Special Edition

The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx

Unleash Your Potential - Namagunga Girls Coding Club

Streamlining Python Development: A Guide to a Modern Project Setup

DSPy a system for AI to Write Prompts and Do Fine Tuning

Moving Beyond Passwords: FIDO Paris Seminar.pdf

The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx

Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx

Gen AI in Business - Global Trends Report 2024.pdf

DevEX - reference for building teams, processes, and platforms

Unraveling Multimodality with Large Language Models.pdf

WordPress Websites for Engineers: Elevate Your Brand

Generative AI for Technical Writer or Information Developers

Scanning the Internet for External Cloud Exposures via SSL Certs

Developer Data Modeling Mistakes: From Postgres to NoSQL

Ensuring Technical Readiness For Copilot in Microsoft 365

Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)

SAP Build Work Zone - Overview L2-L3.pptx

Are Multi-Cloud and Serverless Good or Bad?

DEANONYMIZATION

1. Deanonymization and total espionage Dmitry «Bo0oM» Boomov

2. Tits and kittens. Hopefully, now you like my report.

3. Deanonymization Passive Active

4. Password retrieval

5. Password retrieval

6. Getting information from email

7. Getting information from email

8. Getting information from email

9. Getting information from phone. Viber

10. Getting information from phone. Whatsapp

11. Getting information from phone. Banks

12. Getting information from phone. Banks

13. Getting information from phone

14. Getting information from phone http://numbuster.com/

15. Find friends

16. ← Anonist

17. Apps https://developers.facebook.com/

18. Apps https://vk.com/editapp?act=create

19. Apps Demo: bo0om.ru/zn2014/vk/1/

20. Online users https://letters.yandex.ru/promo

21. Clickjacking

22. Clickjacking Demo: bo0om.ru/zn2014/vk/2/

23. Clickjacking Demo: bo0om.ru/zn2014/vk/3/

24. CSRF + XSS + BUGS = PROFIT

25. Click, click…

26. Click, click… <a href='tel://1234567890'>Click me</a>

27. Callback

28. Callback Thx @black2fan ;)

29. Social detector Demo: bo0om.ru/zn2014/sd/

30. Вate of birth

31. Nicknames

32. Nicknames

33. Friends and relatives

34. Friends and relatives

35. Friends and relatives

36. Tinfoleak http://vicenteaguileradiaz.com/tools/

37. Exif

38. Analytics

39. Analytics

40.

41. Banners

42. Social buttons

43. BIG DATA http://bo0om.ru/zn2014/wtf/

44. GEO https://maps.google.com/locationhistory/

45. Cookie Matching Specifically, when creating a new cookie, it uses the following storage mechanisms when available: - Standard HTTP Cookies - Local Shared Objects (Flash Cookies) - Silverlight Isolated Storage - Storing cookies in RGB values of auto-generated, force- cached PNGs using HTML5 Canvas tag to read pixels (cookies) back out - Storing cookies in Web History - Storing cookies in HTTP ETags - Storing cookies in Web cache - window.name caching - Internet Explorer userData storage - HTML5 Session Storage - HTML5 Local Storage - HTML5 Global Storage - HTML5 Database Storage via SQLite - HTML5 IndexedDB - Java JNLP PersistenceService - Java CVE-2013-0422 exploit (applet sandbox escaping) http://samy.pl/evercookie/

46. Js: on flash: on Js: on flash: on Js: on flash: on Js: on flash: on Js: on flash: on Js: on flash: on Js: off flash: off

47. Providers http://imarker.ru/

48. Evil

49.

50. Twi: @i_bo0om

DEANONYMIZATION

Recommandé

Recommandé

Contenu connexe

En vedette

En vedette (6)

Plus de Дмитрий Бумов

Plus de Дмитрий Бумов (20)

Dernier

Dernier (20)

DEANONYMIZATION