exploiting twitter with tinfoleak for investigative purposes vicente aguilera...
TRANSCRIPT
www.isecauditors.com
Exploiting Twitter with Tinfoleak for investigative purposes
Vicente Aguilera Díaz @VAguileraDiaz
#SHA2017 Scoutinglandgoed Zeewolde The Netherlands 08/08/2017
© Internet Security Auditors 2
Agenda1. Tinfoleak
1.1 Why? Why Twitter?
1.2 Can you help me?
1.3 Nice to meet you!
1.4 Please, show me your power...
1.5 Action!
2. References
Agenda1. Tinfoleak
1.1 Why? Why Twitter?
1.2 Can you help me?
1.3 Nice to meet you!
1.4 Please, show me your power...
1.5 Action!
2. References
SHA2017 - #tinfoleak
© Internet Security Auditors 3
1. Tinfoleak 1.1 Why? Why Twitter? 1. Tinfoleak 1.1 Why? Why Twitter?
SHA2017 - #tinfoleak
© Internet Security Auditors 4
SHA2017 - #tinfoleak
© Internet Security Auditors 5
SHA2017 - #tinfoleak
© Internet Security Auditors 6
1. Tinfoleak 1.2 Can you help me? 1. Tinfoleak 1.2 Can you help me?
SHA2017 - #tinfoleak
© Internet Security Auditors 7
SHA2017 - #tinfoleak
Target of Analysis
© Internet Security Auditors 8
SHA2017 - #tinfoleak
Useful at different levels# Security Forces# Intelligence Analyst# Social Engineer# Pentester# Private Investigator# Journalist# ...
© Internet Security Auditors 9
1. Tinfoleak 1.3 Nice to meet you! 1. Tinfoleak 1.3 Nice to meet you!
SHA2017 - #tinfoleak
© Internet Security Auditors 10
SHA2017 - #tinfoleak
# Python script# Open Source (CC BY-SA 4.0)# SOCMINT# Data vs Intelligence# Requirements:
# Python# Tweepy# Jinja2# Oauth Tokens
© Internet Security Auditors 11
SHA2017 - #tinfoleak
# Included in several Linux distros:
Buscador C.A.IN.E BlackArch
© Internet Security Auditors 12
SHA2017 - #tinfoleak
HTMLCSVKML
© Internet Security Auditors 13
SHA2017 - #tinfoleak
# v2.1 “SHA2017 Edition” released 08/07/2017# Major changes:
# Global Timeline Analysis# Followers / Friends Analysis# Likes Analysis# Word Frequency Analysis
# Minor changes:# Bugs fixed# Report improvement
© Internet Security Auditors 14
1. Tinfoleak 1.4 Please, show me your power 1. Tinfoleak 1.4 Please, show me your power
SHA2017 - #tinfoleak
© Internet Security Auditors 15
SHA2017 - #tinfoleak
© Internet Security Auditors 16
SHA2017 - #tinfoleak
© Internet Security Auditors 17
SHA2017 - #tinfoleak
3 Main Search Types:# About a user
./tinfoleak.py -u <user> …Example: Where is the home of this user?
# About a place./tinfoleak.py --search <LAT,LON,KM> …Example: Which users are in this manifestation?
# About content./tinfoleak.py --search …Example: Who is talking about terrorism?
© Internet Security Auditors 18
SHA2017 - #tinfoleak
About a user # Account info # Apps / Devices / Use Frequency# Hashtags / Mentions / Likes# Text / Media / Metadata # Visited Places / Routes / Top locations# Social Networks# Followers / Friends # Conversations
© Internet Security Auditors 19
SHA2017 - #tinfoleak
About a place# Hashtags / Mentions# Text / Media / Metadata# Geolocated users# Tagged users
© Internet Security Auditors 20
SHA2017 - #tinfoleak
About global timeline# Hashtags / Mentions# Text# Media# Metadata
© Internet Security Auditors 21
1. Tinfoleak 1.5 Action! 1. Tinfoleak 1.5 Action!
SHA2017 - #tinfoleak
© Internet Security Auditors 22
SHA2017 - #tinfoleak
Live Demo
© Internet Security Auditors 23
2. References 2. References
SHA2017 - #tinfoleak
© Internet Security Auditors 24
SHA2017 - #tinfoleak
# Tinfoleak www.isecauditors.com/herramientas-tinfoleakwww.vicenteaguileradiaz.com/tools
# Buscadorhttps://inteltechniques.com/buscador/
# C.A.IN.Ehttp://www.caine-live.net/
# BlackArchhttp://blackarch.org/
© Internet Security Auditors 25
SHA2017 - #tinfoleak
# Tweepy – Python library for accessing the Twitter APIwww.tweepy.org
# Jinja2 – Python template enginejinja.pocoo.org
# Oauth – Authorization frameworkoauth.net
© Internet Security Auditors
Thanks for your time!
?
Thanks for your time!
?
C. Santander, 101. Edif. A. 2º E-08030 Barcelona (Spain) Tel.: +34 93 305 13 18 Fax: +34 93 278 22 48
C. Arequipa, 1 E-28043 Madrid (Spain)Tel.: +34 91 763 40 47 Fax: +34 91 382 03 96
Calle 90 # 12-28. Bogotá (Colombia)Tel: +57 (1) 638 68 88Fax: +57 (1) 638 68 88
Su Seguridad es Nuestro Éxito
C. Santander, 101. Edif. A. 2º E-08030 Barcelona (Spain) Tel.: +34 93 305 13 18 Fax: +34 93 278 22 48
C. Arequipa, 1 E-28043 Madrid (Spain)Tel.: +34 91 763 40 47 Fax: +34 91 382 03 96
Calle 90 # 12-28. Bogotá (Colombia)Tel: +57 (1) 638 68 88Fax: +57 (1) 638 68 88