a date with data
play

A Date with Data Botnet Command and Control Through Tinder A Date - PowerPoint PPT Presentation

Apr 02, 2023 •266 likes •500 views

A Date with Data Botnet Command and Control Through Tinder A Date with Data Botnet Command and Control Through Tinder (Almost) $whoami Nathaniel Beckstead Interests Blue team Homelab Network Security Find Me github.com/becksteadn

  1. A Date with Data Botnet Command and Control Through Tinder

  2. A Date with Data Botnet Command and Control Through Tinder (Almost)

  3. $whoami Nathaniel Beckstead Interests Blue team Homelab Network Security Find Me github.com/becksteadn scriptingis.life

  4. Intercept Requests

  5. Certificate Pinning Provides relative certainty of the host’s (server’s) identity App has a list of certificates it trusts. Does not establish a connection if the certificate is not in the pinset.

  6. Certificate Pinning Tinder: Are you Buzz Lightyear? Burp Suite: Yeah, I’m Buzz Lightyear. Tinder:

  7. Cert Pinning Bypass

  8. Decompile, Alter, Recompile Thank you Chaim and Anders. Sadly outdated. Code is now obfuscated.

  9. Decompile, Alter, Recompile

  10. Decompile, Alter, Recompile Search files for functions using X509TrustManager. Add ‘return-void’ to the top and bottom.

  11. Cert Pinning Bypass Bypass

  12. The API All the hard work is done. Translate to Python requests module. Use Postman to test. https://github.com/fbessez/Tinder

  13. The API All the hard work is done. https://github.com/fbessez/Tinder Translate to Python requests module. Use Postman to test https://github.com/fbessez/Tinder

  14. The API fb_auth_token.py - Uses robobrowser to log in using username/password and gets FB token and UID. tinder_api.py - Authenticates to Tinder using FB token and UID and returns token. https://github.com/fbessez/Tinder

  15. The API Host: api.gotinder.com X-Auth-Token: User-Agent: Tinder/7.5.3 (iPhone; iOS 10.3.2; Scale/2.00) https://github.com/fbessez/Tinder

  16. Command and Control

  17. Command and Control Description Data Method Endpoint /like/_id Like someone a.k.a GET swipe right /user/matches/_id Send message to _id {"message": TEXT POST GOES HERE} /user/_id Get a user's profile GET data https://github.com/fbessez/Tinder

  18. Facebook Security

  19. Facebook and Bots

  20. Facebook and Bots

  21. Facebook and Bots

  22. Up Next: Workplace?

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

9 7 layers of data testing hell Clients Name | Country | Title of this presentation | Date 0

9 7 layers of data testing hell Clients Name | Country | Title of this presentation | Date 0

Da Data s Inf Inferno 9 7 layers of data testing hell Clients Name | Country | Title of this presentation | Date 0 Who are we? Globally active bank, based in Amsterdam, Big Data and Data Science Consultancy, the Netherlands

814 views • 32 slides
June 13, 2018 Disclaimer - Estimates are considered accurate based on data as of the date of

June 13, 2018 Disclaimer - Estimates are considered accurate based on data as of the date of

1 SOUTH WHIDBEY SCHOOL DISTRICT NO. 206 Revenue June 13, 2018 Disclaimer - Estimates are considered accurate based on data as of the date of publication. Final adjustments/modifications may be made up to the board certification date (July

1.12k views • 75 slides
Existing Elevation Data Sets Out of Date: Most > 40 yrs old Data range from 15 yrs old to

Existing Elevation Data Sets Out of Date: Most > 40 yrs old Data range from 15 yrs old to

Existing Elevation Data Sets Out of Date: Most > 40 yrs old Data range from 15 yrs old to > 70 yrs old Spatial Resolution: 33 ft (10 m), 98 ft (30 m) Vertical Accuracy: 3.3 6.6 ft (1 2 m) to 36 131 ft (11 40 m)

298 views • 18 slides
MTN-020 Data Communiqu #13 November 18, 2014 AE Outcome Date when treatment is indicated

MTN-020 Data Communiqu #13 November 18, 2014 AE Outcome Date when treatment is indicated

MTN-020 Data Communiqu #13 November 18, 2014 AE Outcome Date when treatment is indicated For AEs requiring treatment, the outcome date should reflect when all associated symptoms have resolved (or returned to baseline severity) or the

417 views • 12 slides
First Nations Health Data Linkage PRESENTER: SABA KHAN , DATA PARTNERSHIPS PROJECT MANAGER DATE:

First Nations Health Data Linkage PRESENTER: SABA KHAN , DATA PARTNERSHIPS PROJECT MANAGER DATE:

First Nations Health Data Linkage PRESENTER: SABA KHAN , DATA PARTNERSHIPS PROJECT MANAGER DATE: NOVEMBER 6, 2014 ACKNOWLEDGEMENTS TRACY ANTONE, CARMEN JONES CHIEFS OF ONTARIO DAVID HENRY, JENNIFER WALKER ICES Institute for Clinical

438 views • 5 slides
How to use Dates & Times with pandas Manipulating Time Series Data in Python Date & Time

How to use Dates & Times with pandas Manipulating Time Series Data in Python Date & Time

MANIPULATING TIME SERIES DATA IN PYTHON How to use Dates & Times with pandas Manipulating Time Series Data in Python Date & Time Series Functionality At the root: data types for date & time information Objects for points in

279 views • 25 slides
MTN-020 Data Communiqu #6 February 25, 2013 Concomitant Medications Log Frequency and

MTN-020 Data Communiqu #6 February 25, 2013 Concomitant Medications Log Frequency and

MTN-020 Data Communiqu #6 February 25, 2013 Concomitant Medications Log Frequency and Route If once is marked for a medications frequency, both a Date Started and a Date Stopped must be present, and be the same date. When

514 views • 5 slides
Page: 1 of 11 Effective Date: 12/95 Previous Review Date: 7/17 Current Review Date: 5/18 Revision

Page: 1 of 11 Effective Date: 12/95 Previous Review Date: 7/17 Current Review Date: 5/18 Revision

Page: 1 of 11 Effective Date: 12/95 Previous Review Date: 7/17 Current Review Date: 5/18 Revision Date: 5/18 SCHNECK MEDICAL CENTER Seymour, Indiana ORGANIZATION WIDE FUNCTION: Management of Information CREDIT AND COLLECTION POLICY PURPOSE : To

280 views • 12 slides
Transmission of resistant HIV in patients with a known date of infection Data from the HIV-1

Transmission of resistant HIV in patients with a known date of infection Data from the HIV-1

Transmission of resistant HIV in patients with a known date of infection Data from the HIV-1 Seroconverter Cohort Bartmeyer B., Kuecherer C., Werning J., Hamouda O. for the German Seroconverter Study Group 1 Robert Koch-Institute, Berlin,

390 views • 34 slides
Hur on We binar Se r ie s: Data Migr ation Date s, Re vise d Doc ume nts for Ne w

Hur on We binar Se r ie s: Data Migr ation Date s, Re vise d Doc ume nts for Ne w

Hur on We binar Se r ie s: Data Migr ation Date s, Re vise d Doc ume nts for Ne w Submissions, and Othe r Ne ws! Se pte mb e r 12, 2019 Da ta Mig ra tio n Da te s T opic s to I mpo rta nc e o f Ne w T e mpla te s Cove r Ne w Pro

293 views • 14 slides
15-381: Artificial Intelligence Introduction and Overview Course data All up-to-date info is

15-381: Artificial Intelligence Introduction and Overview Course data All up-to-date info is

15-381: Artificial Intelligence Introduction and Overview Course data All up-to-date info is on the course web page: - http://www.cs.cmu.edu/afs/cs.cmu.edu/academic/class/15381-s07/www/ Instructors: - Martial Hebert - Mike Lewicki TAs:

435 views • 25 slides
OFFICE OF MEDICAID POLICY AND PLANNING END OF THERAPY DATA COLLECTION DEFINITION End of therapy

OFFICE OF MEDICAID POLICY AND PLANNING END OF THERAPY DATA COLLECTION DEFINITION End of therapy

OFFICE OF MEDICAID POLICY AND PLANNING END OF THERAPY DATA COLLECTION DEFINITION End of therapy date (EOT) End of therapy date means the date the therapy regimen ended for physical therapy, occupational therapy, and speech-language

789 views • 27 slides
DataCamp Data Types for Data Science DataCamp Data Types for Data Science Data Set Overview

DataCamp Data Types for Data Science DataCamp Data Types for Data Science Data Set Overview

DataCamp Data Types for Data Science DataCamp Data Types for Data Science Data Set Overview Date,Block,Primary Type,Description, Location Description,Arrest,Domestic, District 05/23/2016 05:35:00 PM,024XX W DIVISION ST,ASSAULT,SIMPLE,

430 views • 13 slides
Data Abstraction Programmers Compound values combine other values together All A date: a

Data Abstraction Programmers Compound values combine other values together All A date: a

Data Abstraction Programmers Compound values combine other values together All A date: a year, a month, and a day A geographic position: latitude and longitude Data abstraction lets us manipulate compound values as units

170 views • 14 slides
Agenda 7. Key insights learned to date What is the data 1. Our purpose Today and beyond

Agenda 7. Key insights learned to date What is the data 1. Our purpose Today and beyond

6/22/2018 Esopus Master Plan: Emerging Goals and Strategies June 21, 2018 Agenda 7. Key insights learned to date What is the data 1. Our purpose Today and beyond telling us? 2. Possible outcomes and funding of projects a. Our Waterfront

537 views • 27 slides
Leveraging AI for Industrial IoT Chetan Gupta, Ph.D. Chief Data Scientist, Big Data Lab, Hitachi

Leveraging AI for Industrial IoT Chetan Gupta, Ph.D. Chief Data Scientist, Big Data Lab, Hitachi

Leveraging AI for Industrial IoT Chetan Gupta, Ph.D. Chief Data Scientist, Big Data Lab, Hitachi America Ltd. Date: Sept. 19 th , 2017 AI Level Set Machine Learning Data Outcomes & Artificial Intelligence Data Sensor Data Human

484 views • 27 slides
Classification of higher-dimensional operators in the Standard Model Mateusz Iskrzy nski

Classification of higher-dimensional operators in the Standard Model Mateusz Iskrzy nski

Classification of higher-dimensional operators in the Standard Model Mateusz Iskrzy nski University of Warsaw IMPRS Workshop, Munich 19.07.2010 Higher-dimensional operators in the Standard Model 1 Introduction Effective theories Structure

547 views • 38 slides
Relaxations Well Solved Problems Network Flows Marco Chiarandini Department of Mathematics

Relaxations Well Solved Problems Network Flows Marco Chiarandini Department of Mathematics

DM554/DM545 Linear and Integer Programming Lecture 11 Relaxations Well Solved Problems Network Flows Marco Chiarandini Department of Mathematics & Computer Science University of Southern Denmark Relaxations Outline Well Solved

330 views • 20 slides
Implementation and numerical stability of saddle point solvers Miro Rozlo zn k joint

Implementation and numerical stability of saddle point solvers Miro Rozlo zn k joint

Implementation and numerical stability of saddle point solvers Miro Rozlo zn k joint results with Pavel Jir anek and Valeria Simoncini Institute of Computer Science, Czech Academy of Sciences, Prague, Czech Republic Recent

693 views • 43 slides
Scheduling of electricity storage for peak shaving with minimal wearing Thijs van der Klauw

Scheduling of electricity storage for peak shaving with minimal wearing Thijs van der Klauw

Scheduling of electricity storage for peak shaving with minimal wearing Thijs van der Klauw Johann Hurink Faculty of EEMCS, University of Twente 01-04-2014 Introduction Increasing use of renewable energy sources. Increasing use of electric

523 views • 23 slides
Built environment professionals in the UK: 40 years back, 40 years on? Bill Bordass Usable

Built environment professionals in the UK: 40 years back, 40 years on? Bill Bordass Usable

Built environment professionals in the UK: 40 years back, 40 years on? Bill Bordass Usable Buildings Trust, UK 1 THE PAST Decade by decade ( 5 years): Some UK and wider context 1960s Ambition 1970s Disillusionment 1980s Reorientation

575 views • 18 slides
BE PROFESSIONAL: Get real about building performance Bill Bordass www.usablebuildings.co.uk 2

BE PROFESSIONAL: Get real about building performance Bill Bordass www.usablebuildings.co.uk 2

1 ACE Annual Conference 25 May 2011 Low carbon construction think tank BE PROFESSIONAL: Get real about building performance Bill Bordass www.usablebuildings.co.uk 2 For most designers and builders, building performance in use is another

446 views • 11 slides
CSCI x760 - Computer Networks Spring 2016 Instructor: Prof. Roberto Perdisci perdisci@cs.uga.edu

CSCI x760 - Computer Networks Spring 2016 Instructor: Prof. Roberto Perdisci perdisci@cs.uga.edu

source: computer-networks-webdesign.com CSCI x760 - Computer Networks Spring 2016 Instructor: Prof. Roberto Perdisci perdisci@cs.uga.edu These slides are adapted from the textbook slides by J.F. Kurose and K.W. Ross Introduction } What is the

636 views • 46 slides
Communicating the New Normal 10 a.m. | June 23 Presenting today. Paula Sanford, PhD Michael

Communicating the New Normal 10 a.m. | June 23 Presenting today. Paula Sanford, PhD Michael

Communicating the New Normal 10 a.m. | June 23 Presenting today. Paula Sanford, PhD Michael Moryc Local Government Webinar Coordinator Technical Assistance moryc@uga.edu sanfordp@uga.edu Polling Questions LEARNING OBJECTIVES Identify

750 views • 37 slides

More recommend