Tag Archives: speaking

Social Zombies Invade Las Vegas!

0
Posted by Tom on July 21, 2009 – 10:00 am
Filed under Hacking, Social Networks
Tagged as , , , , , , , , ,

zombieYes, you are reading the title of this post correctly!  Massive Zombie attacks at DefCon this year…bring your shotgun (we are kidding of course, please do not bring firearms to DefCon…you will make the goons very unhappy)!  Seriously though, Kevin Johnson and I will be presenting “Social Zombies: Your Friends Want to Eat Your Brains” at DefCon 17 in Las Vegas on Sunday, August 2nd at 4pm.

My part of the talk is focused on security and privacy concerns with social networks, fake accounts, using social networks for penetration testing and the proliferation of bots on social networks.  I will also be talking about a new version of Robin Wood’s fantastic “Twitterbot” (we actually have a new name for the tool which will be announced at DefCon).  I’ll be providing a live demo showing the new and improved features of his tool!  Big shoutout to Robin for all the work he did on this tool!

The other speaker is Kevin Johnson who you may know as the project lead for BASE and SamuraiWTF (Web Testing Framework).  Kevin is also a SANS instructor for Security 542 (Web App Penetration Testing and Ethical Hacking).  When he isnt managing projects and teaching he’s most likely abusing “playing with” social networks.  Kevin will be talking about SocialButterfly which is an application that can leverage and exploit various social network API’s.  He will also talk about manipulating social networks (and thier users) with third-party applications.  Remember: please accept any and all “friend requests” from Kevin Johnson! :-)

From our talk abstract:

In Social Zombies: Your Friends want to eat Your Brains, Tom Eston and Kevin Johnson explore the various concerns related to malware delivery through social network sites. Ignoring the FUD and confusion being sowed today, this presentation will examine the risks and then present tools that can be used to exploit these issues.

This presentation begins by discussing how social networks work and the various privacy and security concerns that are caused by the trust mass that is social networks. We use this privacy confusion to exploit members and their companies during our penetration tests.

The presentation then discusses typical botnets and bot programs. Both the delivery of this malware through social networks and the use of these social networks as command and control channels will be examined.

Tom and Kevin next explore the use of browser-based bots and their delivery through custom social network applications and content. This research expands upon previous work by researchers such as Wade Alcorn and GNUCitizen and takes it into new C&C directions.

Finally, the information available through the social network APIs is explored using the bot delivery applications. This allows for complete coverage of the targets and their information.

How did this talk come together?  Kevin and I had some past converations regarding social network bots (mostly from my Notacon 6 talk) and decided that much of our research was similar so it made sense to “combine forces” to work on some of this research together.  Also, by working on bots and socnet bot delivery mechinisms we hope to raise awareness about some of the security and privacy threats that are out there, not just for the users of social networks.  Oh, and we both like Zombies.  See you at DefCon!

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • Digg
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Links from my NEOISF Talk: New School Man-In-The-Middle

2
Posted by Tom on May 20, 2009 – 8:00 pm
Filed under Penetration Testing
Tagged as , , , , , , , , , , ,

Here are the links for the tools from my talk titled “New School Man-In-The-Middle” that was given at the North East Ohio Information Security Forum (NEOISF). I will update this post with a link to the slide deck on SlideShare by the end of the week. Thanks to everyone for coming out!

Old School!
Wireshark
Ettercap
Cain

New School!
Network Miner
The Middler
SSLStrip

* Note: …both the new and old school tools provide the pentester with a ton of value! Use them all!

MITM Defense
ArpON
ArpWatch

UPDATE: Click here to view the slide deck.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • Digg
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Social Network Bots Presentation and my Recap from Notacon 6

1
Posted by Tom on April 21, 2009 – 12:43 am
Filed under Social Networks
Tagged as , , ,

Melt your mind at Notacon!

I’m back from Notacon 6 that took place in Cleveland over the weekend and finally have some time to get a post up. All I have to say is…wow. What a great con! This was my first Notacon (yeah, I live in Cleveland…sad I know) and I was totally impressed! There was a great line up of speakers, really fun events and a kick ass game room. The game room was really cool. They had everything from a fully loaded NES and Commodore 64 for your retro gaming fix as well as Rock Band and Guitar Hero. Speaking of Rock Band…myself, Chris, Jack, and Jane entered into the Rock Band competition as the “Notabots”. We won the highest score competition and walked away with over a case and a half of Bawls energy drink, a few books and a sweet retro floppy disk clock. If you know me at all…the energy drink was the best prize ever! :-)

Just like most other smaller con’s the best part is still the great networking opportunities. One talk that was really outstanding was the talk by James “Myrcurial” Arlen titled “From a Black Hat to a Black Suit – The Econopocalypse Now Edition”. His talk is honestly one that anyone wanting to advance their career in Information Security should see. One thing I took away from his talk was that those of us in Information Security should never forget to mentor others, especially those in an entry level position. Remember, we were all the new guy just getting our feet wet at some point…having a mentor is invaluable to the learning process especially in the beginning of your career. In addition, James is a great guy and is someone who has pretty much “seen it all” when it comes to the corporate world.

Rise of the Autobots: Into the Underground of Social Network Bots Presentation Materials
My presentation went great! Thanks to everyone that came out to see it and for all the feedback. I was stoked that we were able to release some really cool code thanks to Robin Wood and announce a new open source project. You can download the Twitterbot POC code here from Robin’s website. I posted the slides from my presentation on Slideshare and the video should be up with the rest of the Notacon presentations soon. This won’t be the end of this research. I am hoping to put together a white paper on this subject using the research I have done thus far. The Notabot code I mentioned is available on the socialnetworkbots.com project site which I will talk about more below.

UPDATE: The video from my Notacon talk is available now to view on Vimeo.

Details on the Social Network Bots Open Source Project
I created a SourceForge project for all the development for the bot army I am looking to create (joke). Basically I’m looking for others interested in developing bots for social networks to join up on the team and contribute code to the project. I have already talked to some of you at Notacon and there looks like a few of you would like to work on N0tab0t version 1.1 which might be…well interesting to say the least! You can check out the project on socialnetworkbots.com. We are looking for any kind of social network bot…not just Twitter bots. If you want to join in, post something on the project forum or send me an email.

Stay tuned. Lots of more social media security research goodness coming soon! Thanks for sticking around for the ride! :-)

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • Digg
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Speaking at Notacon 6 this week!

0
Posted by Tom on April 14, 2009 – 10:50 pm
Filed under Social Networks
Tagged as , , ,

It’s time to gear up for Notacon 6 which starts for me on Thursday night at 7pm. I will be at the preview night giving a short overview of my presentation on Saturday “Rise of the Autobots: Into the Underground of Social Network Bots”. I have been busy tuning and making some last minute updates to the presentation. Some of these last minute updates include some code that myself and a few others have been working on as well as the announcement of a new open source project. What would a con be without a release of some code right? This is exciting stuff that I’m looking forward to talking about in my presentation. It all goes down at 5pm in the East Ballroom on Saturday.

Shortly after my talk on Saturday I will have my presentation posted as well as links to the code being released and links to the new project I will be talking about. Stay tuned to this blog for those details over the weekend.

At Notacon I will also be participating in Notacon Radio with the other co-hosts of the Security Justice podcast. Follow Security Justice on Twitter for details on when we will be live. We should be doing some interviews with some of the speakers as well. If you are at the con, stop by and say Hi!

Some other events at Notacon…there is a Security Twits meetup taking place on Thursday organized by @geekgrrl. If you plan on going you need to RSVP via DM to her like yesterday…I’ll be there as well as a few others from Twitter.

I also posted a list of recommended Notacon speakers and events on the Security Justice web site you can check out here so I won’t regurgitate the speakers that I will be going to see. Anyway, I should be live tweeting as I usually do at conferences so be sure to follow me for Notacon updates.

Lastly…this has been a crazy 2-3 months for me. Lots of changes going on with things I have been involved with and projects I have been working on. With all of this activity it has left little time for the blog but I will be getting back into regular posting once things slow down a little so thanks for sticking around. I am still amazed that this whole social media/networking security research has really taken off for me. I must have found a niche! :-) I still have a focus on pentesting (mostly for my job) but it’s cool to see how other interests evolve and morph into greater things. Such is life right?

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • Digg
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Social Network Bots at Notacon 6!

1
Posted by Tom on March 16, 2009 – 3:13 pm
Filed under Social Networks
Tagged as , , ,

Autobots roll out!

What have I been doing lately? Why the lack of posts? Well…I have been preparing for my talk at Notacon 6 called Rise of the Autobots: Into the Underground of Social Network Bots. Who are these bots and what are they here for? From my abstract:

How do you know that last friend request or Twitter follower was an actual live human being? The truth is…you don’t! Bot’s and bot manufactures have become rampant in social networks such as MySpace, Facebook and Twitter exploiting the trust relationships that make social media work. Why are bots taking control of social networks? It’s simple. Social networks are the fastest growing phenomenon of our time. For example, Facebook alone recently reached 150 million potential targets for spammers, malware authors, and other undesirables in 2008. Social networks are only getting bigger and bots will be part of this trend.

This presentation will take you on a journey into the thriving bot underground where bots are manufactured for every purpose imaginable. We will talk about good bots, bad bots, *really* evil bots, how to identify bots, terminating bots and the future possibility of social network botnets to rule them all.

This talk is the result of many months of research that I have been doing on this subject. Here are three things from my research as a teaser for my talk:

1. You will find it fascinating that bots are a huge part of social networks. Bots are not only used by the bad guys but legitimate users as well.

2. There will be discussion on why spammers are targeting social networks and how most of this bot activity falls under the guise of “Blackhat SEO“. I have been finding that there is a thin line between what constitutes “Blackhat” vs. “Whitehat” and that line will continue to blur. You will be amazed (as I was) with the business and money making model(s) that spammers and malware authors use. There is a ton of money being made from using these techniques and tools! Want an idea how much? Check out Jeremiah Grossman’s recent presentation on Blackhat SEO…you might want to quit your day job.

3. How do you use bots to create accounts? What are the most popular tools available? How about just buying hacked/bot created accounts in bulk then use these tools to SPAM friends lists? Also, as a tie in to the tools that are used we will talk about why CAPTCHA’s and other controls are not working. Finally, don’t forget about the new frontier of botnets and social networks…this is an untapped area thats only going to get more interesting.

So, if you are coming to Notacon 6 (April 16th-19th) hopefully you can stop by. I promise, my talk will be entertaining! Stay tuned to this blog…after the talk I plan on releasing detailed articles on some of the specific topics from the talk.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • Digg
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Notacon 6 Speaker Update

0
Posted by Tom on December 15, 2008 – 10:53 am
Filed under Cleveland
Tagged as , ,

Notacon Logo

Looks like the Notacon website has updated the speaker list and there looks to be some really good talks so far. Here is the list from the Notacon 6 website and blog post:

Time To Replicate The Real Threat: Client Side Penetration Testing
CG & g0ne

Interactivity with Arduinos, Transducing the Physical World
droops & Morgellon the Lowtek Mystic

Fun With The MSP430 MCU
Travis Goodspeed

Hacking Light – How we came to love Holga and Other Stories of photo hi jinx
Jeon & Treize

“Pilates” for Common Cubicle Injuries
Michele Martaus

Super Jason Scott Presentation 64
Jason Scott

Programming The Sega Genesis For Mad Profit and Crazy Mad Profit
SigFLUP

Hacking Cognition
Tottenkoph & Selkie

Intro to Go
Jason Viers

What is Notacon?
Notacon is one of the most unique conferences you will ever attend! Notacon 6 is April 16th – 19th 2009 held in Cleveland, Ohio. Notacon explores and showcases technologies, philosophy and creativity often overlooked at many “hacker cons”. Registration is open!

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • Digg
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Facebook Privacy & Security Guide Released

0
Posted by Tom on October 30, 2008 – 10:43 pm
Filed under Social Networks
Tagged as , , ,

Today at the Ohio Information Security Summit I released my Facebook Security & Privacy Guide. This guide gives you suggested “baseline” security settings that you can use when configuring your Facebook account. Obviously, you can adjust these settings based on your own level of risk but it should give you a good starting point.

How did this project get started?
I have been doing several months of research with my own Facebook account as well as gathering the input of other Facebook users to determine what the privacy and security settings would be without loosing the key features of using a social network website…the networking!

Please feel free to distribute this document to friends and family or use it for any security awareness campaigns. I will hopefully be keeping up with any updates to the document when Facebook changes things. I might be putting together a similar document together for MySpace but MySpace is a totally different animal altogether. We shall see! :-)

You can download a pdf version of the guide here.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • Digg
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS