Introduction   Roelof Temmingh ..blah blah..

  Google if you are really interested.

  Sometimes I wish people could cut the BS from their talks and get straight to the point

  So...let’s try   3 talks

  45 minutes

  ZaCon exclusive...;)

Talk 1 – things I wanted Andrew to do in his free time, which he did not*   Ideas I had that *might* have merit, but that

needs more thinkering and tinkering.

  The hope is to inspire and encourage.

  Explore on your own!

* ...because he built a webcam with his Arduino board

Talk 1.1 – Automated social engineering   Mail thread injection From: Pieter Parnas (pieterp@absa.co.za) <pieterp@absa.co.za> To: Oubaas Pretorius (oubaasp@absa.co.za) <oubaasp@absa.co.za> CC: Benny Bruckwurm (bennyb@absa.co.za)<bennieb@absa.co.za>, Karel Kroukamp

(karelk@absa.co.za) <karelk@absa.co.za>, Danie Dempsey (danied@absa.co.za) <danied@bsa.co.za>, Teuns Toerien (teunst@absa.co.za) <teunst@absa.co.za>

Subject: Re: Performance reviews sheets

  Please make sure that you email your quarterly   performance reviews to me before the end of this   week.

Oubaas – Adele is just calculating the bonuses and then mine will be ready.

Regards, Pieter

  Many mail clients don’t show <>s   Most peolpe don’t see tehm aywnay   Wait and catch the replies..   Trick is timing and providing context

Talk 1.1 – Automated social engineering

  Check out Derren Brown’s NLP techniques   Hacking the mind really

  Apply it online...

  Test your online personal security website   Complete our survey and we will mail you a report!

  How many different ATMs do you use in a month?

  Which of the following social networks do you use?

  Do you use I.M.?   Do you have a credit card?

  Test your password strength here ○  Timing considerations...

Talk 1.2 – Scan the entire Internet

  For every IP on the Internet determine:   Open ports

  Services ○  If web, WebTech

  Traceroute to it

  Reverse DNS

  Whois per network

  Optimize, optimize (this is the fun stuff)   Is it real? (unicast, multicast / private)   Is it routed?   Blocking together (AS, routed etc.)   Portscan - async   Traceroute – async, with hop count in the body

Talk 1.2 – Scan the Internet   But why is this interesting at all?

  Better geo location tracking   Consider traceroute:

○  Japan Japan Japan Japan US – I don’t think so

  Triangulation anyone? ○  Eish... it aint easy

  Instant list of vulnerable servers   Read open ports, reverse DNS, services from

dB   Profit!

  Reverse whois on netblocks   It was done before – in 1999. Caused kak...

Talk 1.3 – Storing data in a pipe

  Super secret stuff ... we all have it...   Don’t want to store on file, or physical print

  Even encrypted

  Store it INSIDE the inter tubes   Difference between latency and bandwidth

  Latency: length of the pipe   Bandwidth: Thickness of the pipe

  We want – high bandwidth, high latency   Like a satellite link

  300 ms delay   0.33s x 4Mbit/s = 1.32Mbit of space inside the pipe...

Talk 1.3 – Storing data in a pipe

  Think of ICMP ping

  Just in one way   ... Gets sent to another agent

  ... Somewhere – to another agent

  Agent discovery etc..

  Retrieving the message   ‘client’ sends retrieval message for message ID

  Probably not time critical

  Needs some more thought!

Talk 1.4 – Start your own business

  Resolving social network membership   Scraping means maintaining

  Mechanize and Soup and friends

  Need some balls – against TOU

  Gap in the market   Real time   Friends

  Clients! Profit!   $1K – $7.5K per month

Talk 2 – things Andrew actually did at work   Made really good tea..

  Andrew makes a wicked cup of tea

  Worked on shit hot stuff:   Facebook + NER + other Maltego magic = win!

  TDS – allowing everyone else to write funky transforms

Facebook + NER + Maltego

CMS detection etc + TDS + Maltego

TDS – Transform Distribution Server Look at website, right hand side:

“Your data, your Maltego”

 Yeah right...I suspect I’ll be out of time...   Speak to me outside/coffee/lunch

Questions?