Slide 1
Slide 1
Slide 1
Slide 1
Slide 1
Slide 1

PRESENTATION MATERIALS

PHOTOS / VIDEOS

Official conference photos and HD videos will be made available in the next 2-3 weeks. Please follow @hitbsecconf on Twitter for links or join our Facebook Group

Arnauld Mascret (Security Researcher, Sogeti / ESEC)

PRESENTATION TITLE: Whistling Over the Wire

PRESENTATION ABSTRACT:

Two years ago, we showed how to use social web site to identify target in a company using LinkedIn then learn about his computer and compromise it using malicious application on Facebook (HITB Dubai 2010).

Since then, we choosed to take a closer look at Twitter. Its purpose is to allow quick and easy publication of small content to a large number of person that you don’t necessarily know. By design, Twitter doesn’t raise the same privacy issues as other platforms, but even if the amount of available information may seem smaller or not as well defined as other social platform, there is still a lot to learn about a target, like his contacts, his sources of information and sometimes application or OS used. We will present a new method to gather this data and analyse it.

During our work on Twitter, we also take a closer look at URL shortening services. Using redirection to access a website give a lot of possibilities to the owner of the redirection service. We know these services are used a lot in phishing campaign but we made experimentations to understand if they could also be used for a targeted attack. We will present our results and how URL shortening service may be used by an attacker to consolidate data previously gathered or even to finalize an attack.

ABOUT ARNAULD MASCRET

Arnauld Mascret is a security researcher at Sogeti/ESEC since 2009. He has been working on information gathering on open sources and more specifically via social media.

Okura Hotel Amsterdam
Ferdinand Bolstraat 333, 1072 LH Amsterdam,
The Netherlands

1-Day Intensive Training Sessions – 21st of May / 0900 – 1800

 

SPECIAL OPS 1  - WIRELESS SECURITY KUNGF00

SPECIAL OPS 2  – THE ART OF EXPLOITING SQL INJECTION FLAWS

SPECIAL OPS 3 – MOBILE APPLICATION HACKING – ATTACK & DEFENSE



2-Day Hands on Training Sessions – 22nd – 23rd of May / 0900 – 1800

TECH TRAINING 1  – HUNTING WEB ATTACKERS

TECH TRAINING 2  – ADVANCED LINUX EXPLOITATION METHODS

TECH TRAINING 3  - ADVANCED APPLICATION HACKING – ATTACKS, EXPLOITS & DEFENSE

 

 



3-Day Hands on Training Sessions – 21st, 22nd & 23rd of May / 0900 – 1800

TECH TRAINING 4  – THE EXPLOIT LABORATORY: ADVANCED EDITION




QUAD TRACK CONFERENCE – 24th & 25th of May / 0900 – 1800

Featuring keynotes by BRUCE SCHNEIER and ANDY ELLIS



EVENT ORGANIZER

LOCAL PARTNER

PLATINUM SPONSORS

GOLD SPONSORS

TITANIUM SPONSOR (POST CONFERENCE RECEPTION + SPEAKER RECEPTION)

SILVER SPONSOR

HACKWEEKDAY SPONSOR

ALCO_PWN SPONSOR (POST CONFERENCE RECEPTION)

HITB LAB / SIGINT SPONSOR

NETWORK SPONSORS AND UPLINK

ADDITIONAL SUPPORT BY

SUPPORTING MEDIA

FRIENDS OF HITB

Copyright © 2012 Hack In The Box | http://www.hackinthebox.org

( / 10 )