Facebook OSINT PDF

FACEBOOK OSINT
ITS FASTER THAN SPEED DATING
17 October 2013 | HITB2013KUL
Keith Lee
Jonathan Werrett
Thursday, 17 October 13
INTRODUCTION
Keith Lee
Security Analyst, SpiderLabs, Singapore
klee@trustwave.com
http://github.com/milo2012/osintstalker
@keith55
Jonathan Werrett
Managing Consultant, SpiderLabs, Hong Kong
jwerrett@trustwave.com
@werrett
AGENDA
Background / Motivation
Introduction to GeoStalker and FBStalker tools
Problem they solves
GeoStalker in-depth
FBStalker in-depth
What you can do to protect yourself
MOTIVATION
Spend our days on Penetration tests
Web apps and networks
Day-in day-out
MOTIVATION
Spend our days on Penetration tests
Web apps and networks
Day-in day-out
BUT WAIT
Some times we get a real pentest
Set specific targets
Gain access any way you can
...
BUT WAIT
Some times we get a real pentest
Set specific targets
Gain access any way you can
...
Red team, Physical Security, Phishing

Open Source Intelligence
OSINT Network
Names
Wigle.net
Wireless DB
Premise Geocoded
Google Lat / Lon
Details
Maps MAC
Addresses
Photos
Physical
Address Twitter
Places
Visited
Instagram
Whois /
IP Allocations Company Company
Domains Name
No. checkins
together
Checkins
Photos
LinkedIn No.
Facebook Target Friends comments
Profiles
Education
Background Age of
Likes friendship
Tagged No. tags
w/ ppl
Previous
Visited
Jobs
GEOSTALKER FBSTALKER
Takes Takes
Location (address or coordinates) Facebook profile user
Retrieves location data from Uses Graph Search to reverse

Wigle.net (Wireless DB) Friends
Instagram Likes
Twitter Check-ins
Foursquare Comments
Flickr
Provides Provides
Wireless access points near-by Social engineering targets
Photos taken at that location Associates of those targets
Social media accounts of people whove Times online
visited Interests, commonly visited places
EXAMPLE OBJECTIVES
Entry Points
Google
Maps Photos
Facilities
Premise Twitter,
Geocode Instagram,
Recon? Lat / Lon 4sq, Flickr
Google Staff
Search
LinkedIn, Interests
Facebook
Phishing Staff
Targets?
Twitter,
Physical Geocode Instagram, Associates
Address Lat / Lon 4sq, Flickr
EXAMPLES FROM ENGAGEMENTS
FB Apps
Indicate phishing target uses mac
Ditch our Windows based payloads for OSX
FB Apps
FB Friends
Identify targets wife
Wife runs Pilates studio
Spear phish wife based on Pilates
FB Apps
FB Friends
Identify targets wife
Wife runs Pilates studio
Spear phish wife based on Pilates
Instagram Photos
Client was a power utility
Staff target found via on photos from facilities
GEOSTALKER - INTRO
Requires
Address
Latitude / Longitude Coordinates
Queries sources Provides

Wigle.net (Wireless DB) Wireless devices
Instagram Photos
Twitter Social network accounts
Foursquare Searches social network
accounts for like names
Flickr
10
GEOSTALKER - APPLICATION FLOW
Google Search Instagram Youtube Linkedin Facebook Google+
UserID
Wigle.net Flickr Twitter Instagram Foursquare
Geolocation
Data Source
geoStalker
11
DEMO
GEOSTALKER
12
GEOSTALKER - INPUT
13
GEOSTALKER - RUNNING
14
15
16
17
GEOSTALKER - FOURSQUARE
18
GEOSTALKER - INSTAGRAM
19
GEOSTALKER - FLICKR
20
GEOSTALKER - HTML OUTPUT
21
GEOSTALKER - MALTEGO EXPORT
22
GEOSTALKER - LIMITATIONS
Single threaded
Query by GPS location or address only
23
GEOSTALKER - FUTURE VERSIONS
Multithreaded - Run faster!
Extend Maltego Mgtx export
Allow to disable specific datasource
24
FBSTAKLER - INTRO
Requires
Profile Name
Graph Search to find Provides

Friends Reverse engineered friend list
Likes Strength of associations
Check-ins Regular posting time
Comments (wake time?)
25
FBSTALKER - LOCKDOWN VS NON-LOCKDOWN
Lockdown Profile
Unable to see the list of friends
Reverse engineer the list of friends from likes and tags
Open Profile
Analyze all friends of target and determine how two individuals are
connected or know each other.
Work place
School
Common interests
Common friends
Places that two individuals like
26
FACEBOOK GRAPH KEYWORDS
UNDERSTAND HOW 2 INDIVIDUALS ARE CONNECTED / RELATED
Pages that Friend Photos that Friend
X and Y likes X and Y likes
Pages that Friend X and Y likes

Sports liked by
Books liked by Friend X and Y
Friend X and Y
Places Friend X Places Friend X

and Y likes and Y worked at
Music that Friend Movies like by

X and Y likes Facebook Graph Friend X and Y
Favorite interests of Movies Friend X Places Friend X

Friend X and Y and Y likes and Y been to
Photos that Friend X Groups that Friend X Restaurants that

and Y are tagged in and Y are in Friend X and Y likes
TV shows liked by Cafes that Friend

Friend X and Y X and Y likes
Games that Friend

X and Y plays
1
27
FBSTALKER - GRAPH SEARCH EXAMPLE
28
FBSTALKER - GRAPH SEARCH EXAMPLE
29
DEMO
FBSTALKER
30
FBSTALKER - INPUT
31
FBSTALKER - RUNNING
32
FBSTALKER - MALTEGO EXPORT
33
FBSTALKER - PROBLEMS
Facebook Graph API is limited
PhantomJS had some issues with Facebook site
Had to use Chromedriver
Single threaded
34
FBSTALKER - FUTURE WORK
Runs 100% headless
Monitor changes / activities of users FB profile.
Allow name as input instead of userid
Point system for Association strength
Photo Tags
Check-ins
Comments
Post / Photo Likes
35
HOW TO PROTECT YOURSELF
Turn off location setting in social networking apps
Tighten Facebook privacy settings
36
http://github.com/milo2012/osintstalker
klee@trustwave.com jwerrett@trustwave.com
@keith55 @werrett

Facebook OSINT PDF

Enviado por

Dados do documento

Descrição original:

Título original

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

Facebook OSINT PDF

Enviado por

Direitos autorais:

Formatos disponíveis

FACEBOOK OSINT

ITS FASTER THAN SPEED DATING

17 October 2013 | HITB2013KUL

Web apps and networks

Web apps and networks

Set specific targets

Gain access any way you can

Set specific targets

Gain access any way you can

Red team, Physical Security, Phishing

Retrieves location data from Uses Graph Search to reverse

Queries sources Provides

Google Search Instagram Youtube Linkedin Facebook Google+

Wigle.net Flickr Twitter Instagram Foursquare

Query by GPS location or address only

Multithreaded - Run faster!

Extend Maltego Mgtx export

Allow to disable specific datasource

Graph Search to find Provides

Pages that Friend X and Y likes

Places Friend X Places Friend X

Music that Friend Movies like by

Favorite interests of Movies Friend X Places Friend X

Photos that Friend X Groups that Friend X Restaurants that

TV shows liked by Cafes that Friend

Games that Friend

Facebook Graph API is limited

PhantomJS had some issues with Facebook site

Had to use Chromedriver

Tighten Facebook privacy settings

Você também pode gostar