joaquim espinhara & ulisses albuquerqueconference.hitb.org/hitbsecconf2013kul/materials... ·...
Post on 10-Jul-2020
16 Views
Preview:
TRANSCRIPT
SMART SECURITY ON DEMAND
USING ONLINE ACTIVITY AS DIGITAL FINGERPRINTS TO CREATE A BETTER SPEAR PHISHER Joaquim Espinhara & Ulisses Albuquerque
Agenda
Introduction Motivation Background HowStuffWorks µphisher Demo Future Work Conclusion
2
About Us
Joaquim Espinhara – Security Consultant at Trustwave Spiderlabs
Ulisses Albuquerque – Coder for offense & defense… as long as it’s fun! – Lab Manager at Trustwave Spiderlabs
3
© 2012
INTRODUCTION
© 2012
OUR MOTIVATION
Our Motivation
Why? Tools available
6
© 2012
BACKGROUND
Background
Social Networks Social Engineering Data Pre-processing Natural Language Processing (NLP)
8
Background
9
Social Networks
Others
Background
Communication channel for keeping in touch with someone (Facebook, Twitter)
Media sharing (Instagram) Specialized networks (GetGlue, TripIt, LastFM, Linkedin)
10
Social Networks
Background
Phishing
11 http://www.d00med.net/uploads/0d832c77559a2070a766f899e7eg783.png
Social Engineering
Background
What is it? How do we use it?
12
Data Pre-processing
Background
Data Pre-processing Flow
13
Data Pre-processing
Raw data set
"Had lunch with @urma and
@jespinhara today #tgif #lunch"
Data cleaning
"Had lunch with @urma and @jespinhara
today"
Data integration
"Had lunch with @urma and @jespinhara
today"
Data normalization
"Had lunch with @urma and
@jespinhara today (2013-06-05)"
© 2012
HOWSTUFFWORKS
HOWSTUFFWORKS
15
Our Approach
Identifying the subject to profile
Collecting social
network data
Analyzing and building the profile
HOWSTUFFWORKS – Our Approach
16
The Unknown Subject (Unsub)
Joaquim Espinhara
(Target)
@jespinhara (Twitter)
joaquim.espinhara (Facebook)
uid=12345 (LinkedIn)
HOWSTUFFWORKS – Our Approach
17
Data Collection
Social Network IDs Official APIs Web Scraping OAuth
HOWSTUFFWORKS – Our Approach
18
Data Collection - Twitter
Application ID (µphisher)
User ID (@jespinhara)
Twitter @urma @effffn
@SpiderLabs
© 2012
µPHISHER
µphisher
20
Reference implementation
Goals – Validate potential unsub content (Defense) – Assisted textual content input (Attack)
µphisher
21
Reference implementation
Web Application Console Application Twitter only (for now) Open Source (GPLv3)
µphisher
22
Reference implementation
µphisher Ruby on Rails
MongoDB + Mongoid
DelayedJob
OAuth
treat (Stanford
NLP)
Unsub Registration Demo
23
µphisher
24
Reference implementation
Authentication Unsub Registration
Data Source Registration Data Collection Work Set
Definition Work Set Analysis Unsub Profile
© 2012
DEMO (FINGERS CROSSED)
New Profile Demo
26
Assisted Input Demo
27
µphisher
How to use forged content?
Personal email screenshot
µphisher – Future Work
29
Coming Soon
Support for additional data sources Topic clustering customized per data source More metrics and feedback for assisted input Usability (UX help very much needed)
© 2012
CONCLUSION
© 2012
HTTPS://GITHUB.COM/URMA/MICROPHISHER Download, test, & contribute – any feedback is welcome
Thank You!
top related