exploiting twitter with tinfoleak for investigative purposes vicente aguilera...

www.isecauditors.com

Exploiting Twitter with Tinfoleak for investigative purposes

Vicente Aguilera Díaz @VAguileraDiaz

#SHA2017 Scoutinglandgoed Zeewolde The Netherlands 08/08/2017

© Internet Security Auditors 2

Agenda1. Tinfoleak

1.1 Why? Why Twitter?

1.2 Can you help me?

1.3 Nice to meet you!

1.4 Please, show me your power...

1.5 Action!

2. References

Agenda1. Tinfoleak

1.1 Why? Why Twitter?

1.2 Can you help me?

1.3 Nice to meet you!

1.4 Please, show me your power...

1.5 Action!

2. References

SHA2017 - #tinfoleak


1. Tinfoleak 1.1 Why? Why Twitter? 1. Tinfoleak 1.1 Why? Why Twitter?



1. Tinfoleak 1.2 Can you help me? 1. Tinfoleak 1.2 Can you help me?




Target of Analysis



Useful at different levels# Security Forces# Intelligence Analyst# Social Engineer# Pentester# Private Investigator# Journalist# ...


1. Tinfoleak 1.3 Nice to meet you! 1. Tinfoleak 1.3 Nice to meet you!




# Python script# Open Source (CC BY-SA 4.0)# SOCMINT# Data vs Intelligence# Requirements:

# Python# Tweepy# Jinja2# Oauth Tokens



# Included in several Linux distros:

Buscador C.A.IN.E BlackArch



HTMLCSVKML



# v2.1 “SHA2017 Edition” released 08/07/2017# Major changes:

# Global Timeline Analysis# Followers / Friends Analysis# Likes Analysis# Word Frequency Analysis

# Minor changes:# Bugs fixed# Report improvement


1. Tinfoleak 1.4 Please, show me your power 1. Tinfoleak 1.4 Please, show me your power




3 Main Search Types:# About a user

./tinfoleak.py -u <user> …Example: Where is the home of this user?

# About a place./tinfoleak.py --search <LAT,LON,KM> …Example: Which users are in this manifestation?

# About content./tinfoleak.py --search …Example: Who is talking about terrorism?



About a user # Account info # Apps / Devices / Use Frequency# Hashtags / Mentions / Likes# Text / Media / Metadata # Visited Places / Routes / Top locations# Social Networks# Followers / Friends # Conversations



About a place# Hashtags / Mentions# Text / Media / Metadata# Geolocated users# Tagged users



About global timeline# Hashtags / Mentions# Text# Media# Metadata


1. Tinfoleak 1.5 Action! 1. Tinfoleak 1.5 Action!




Live Demo


2. References 2. References




# Tinfoleak www.isecauditors.com/herramientas-tinfoleakwww.vicenteaguileradiaz.com/tools

# Buscadorhttps://inteltechniques.com/buscador/

# C.A.IN.Ehttp://www.caine-live.net/

# BlackArchhttp://blackarch.org/

http://www.isecauditors.com/herramientas-tinfoleak

http://www.vicenteaguileradiaz.com/tools

https://inteltechniques.com/buscador/

http://www.caine-live.net/

http://blackarch.org/



# Tweepy – Python library for accessing the Twitter APIwww.tweepy.org

# Jinja2 – Python template enginejinja.pocoo.org

# Oauth – Authorization frameworkoauth.net

http://www.tweepy.org/

C. Santander, 101. Edif. A. 2º E-08030 Barcelona (Spain) Tel.: +34 93 305 13 18 Fax: +34 93 278 22 48

C. Arequipa, 1 E-28043 Madrid (Spain)Tel.: +34 91 763 40 47 Fax: +34 91 382 03 96

[email protected]

Calle 90 # 12-28. Bogotá (Colombia)Tel: +57 (1) 638 68 88Fax: +57 (1) 638 68 88

Su Seguridad es Nuestro Éxito

C. Santander, 101. Edif. A. 2º E-08030 Barcelona (Spain) Tel.: +34 93 305 13 18 Fax: +34 93 278 22 48

C. Arequipa, 1 E-28043 Madrid (Spain)Tel.: +34 91 763 40 47 Fax: +34 91 382 03 96

Calle 90 # 12-28. Bogotá (Colombia)Tel: +57 (1) 638 68 88Fax: +57 (1) 638 68 88

[email protected]

exploiting twitter with tinfoleak for investigative purposes vicente aguilera...

Documents