際際滷

際際滷Share a Scribd company logo

Bo0oM - Deanonymization and total espionage (ZeroNights, 2014)

Download as PPTX, PDF
仄亳亳亶 仄仂于
仄亳亳亶 仄仂于

This talk is dedicated to de-anonymizing active Internet users. We will give a hands-on demonstration of various Internet resources tracking and/or storing user data, and explain how this data can be used to find out the identity on the other side of the screen for your own (either good or evil) purposes. 仂从仍舒亟 仗仂于亠仆 亟亠舒仆仂仆亳仄亳亰舒亳亳 舒从亳于仆 仗仂仍亰仂于舒亠仍亠亶 亳仆亠仆亠舒. 舒 仗舒从亳从亠 弍亟亠 仗仂从舒亰舒仆仂, 从舒从 舒亰仍亳仆亠 亳仆亠仆亠-亠 仍亠亟 亳仍亳 仂亟亠亢舒 亳仆仂仄舒亳 仂 仗仂仍亰仂于舒亠仍 亳 从舒从 亠亠 仄仂亢仆仂 亳仗仂仍亰仂于舒, 仂弍 于亳仍亳, 从仂 仆舒仂亟亳 仗仂 仂仂仆 仄仂仆亳仂舒 亟仍 仂弍于亠仆仆 (从舒从 仗仍仂亳, 舒从 亳 仂仂亳) 仆亢亟.

1 of 50
Downloaded 171 times
Deanonymization and total espionage Dmitry 束Bo0oM損 Boomov
Tits and kittens. Hopefully, now you like my report.
Deanonymization Passive Active
Password retrieval
Password retrieval
Getting information from email
Getting information from email
Getting information from email
Getting information from phone. Viber
Getting information from phone. Whatsapp
Getting information from phone. Banks
Getting information from phone. Banks
Getting information from phone
Getting information from phone http://numbuster.com/
Find friends
Anonist
Apps https://developers.facebook.com/
Apps https://vk.com/editapp?act=create
Apps Demo: bo0om.ru/zn2014/vk/1/
Online users https://letters.yandex.ru/promo
Clickjacking
Clickjacking Demo: bo0om.ru/zn2014/vk/2/
Clickjacking Demo: bo0om.ru/zn2014/vk/3/
CSRF + XSS + BUGS = PROFIT
Click, click
Click, click <a href='tel://1234567890'>Click me</a>
Callback
Callback Thx @black2fan ;)
Social detector Demo: bo0om.ru/zn2014/sd/
ate of birth
Nicknames
Nicknames
Friends and relatives
Friends and relatives
Friends and relatives
Tinfoleak http://vicenteaguileradiaz.com/tools/
Exif
Analytics
Analytics
Bo0oM - Deanonymization and total espionage (ZeroNights, 2014)
Banners
Social buttons
BIG DATA http://bo0om.ru/zn2014/wtf/
GEO https://maps.google.com/locationhistory/
Cookie Matching Specifically, when creating a new cookie, it uses the following storage mechanisms when available: - Standard HTTP Cookies - Local Shared Objects (Flash Cookies) - Silverlight Isolated Storage - Storing cookies in RGB values of auto-generated, force- cached PNGs using HTML5 Canvas tag to read pixels (cookies) back out - Storing cookies in Web History - Storing cookies in HTTP ETags - Storing cookies in Web cache - window.name caching - Internet Explorer userData storage - HTML5 Session Storage - HTML5 Local Storage - HTML5 Global Storage - HTML5 Database Storage via SQLite - HTML5 IndexedDB - Java JNLP PersistenceService - Java CVE-2013-0422 exploit (applet sandbox escaping) http://samy.pl/evercookie/
Js: on flash: on Js: on flash: on Js: on flash: on Js: on flash: on Js: on flash: on Js: on flash: on Js: off flash: off
Providers http://imarker.ru/
Evil
Bo0oM - Deanonymization and total espionage (ZeroNights, 2014)
Twi: @i_bo0om

More Related Content

Bo0oM - Deanonymization and total espionage (ZeroNights, 2014)