Hyprwired - The OSINT OPSEC Tool - Kiwicon VI
Transcript of Hyprwired - The OSINT OPSEC Tool - Kiwicon VI
![Page 1: Hyprwired - The OSINT OPSEC Tool - Kiwicon VI](https://reader031.fdocuments.in/reader031/viewer/2022012304/5452119cb1af9f83248b4c87/html5/thumbnails/1.jpg)
Monitoring 21st Century OSINT Sources
The OSINT OPSEC Tool
![Page 2: Hyprwired - The OSINT OPSEC Tool - Kiwicon VI](https://reader031.fdocuments.in/reader031/viewer/2022012304/5452119cb1af9f83248b4c87/html5/thumbnails/2.jpg)
Right now, people are leaking a whole lot of info online...
![Page 3: Hyprwired - The OSINT OPSEC Tool - Kiwicon VI](https://reader031.fdocuments.in/reader031/viewer/2022012304/5452119cb1af9f83248b4c87/html5/thumbnails/3.jpg)
Some of them want to get fired...
![Page 4: Hyprwired - The OSINT OPSEC Tool - Kiwicon VI](https://reader031.fdocuments.in/reader031/viewer/2022012304/5452119cb1af9f83248b4c87/html5/thumbnails/4.jpg)
or give us their credit cards...
![Page 5: Hyprwired - The OSINT OPSEC Tool - Kiwicon VI](https://reader031.fdocuments.in/reader031/viewer/2022012304/5452119cb1af9f83248b4c87/html5/thumbnails/5.jpg)
or their passports...
![Page 6: Hyprwired - The OSINT OPSEC Tool - Kiwicon VI](https://reader031.fdocuments.in/reader031/viewer/2022012304/5452119cb1af9f83248b4c87/html5/thumbnails/6.jpg)
So why should you be concerned about that?
![Page 7: Hyprwired - The OSINT OPSEC Tool - Kiwicon VI](https://reader031.fdocuments.in/reader031/viewer/2022012304/5452119cb1af9f83248b4c87/html5/thumbnails/7.jpg)
About Me
• Full time Application/Systems Support
• Part time Systems Administrator/Engineer
• Interest in security started after attending Kiwicon II
![Page 8: Hyprwired - The OSINT OPSEC Tool - Kiwicon VI](https://reader031.fdocuments.in/reader031/viewer/2022012304/5452119cb1af9f83248b4c87/html5/thumbnails/8.jpg)
What is OPSEC?
• OPSEC = Operations Security
• Identifying secrets that helps “the bad guys”
• To maintain good OPSEC; keep quiet
![Page 9: Hyprwired - The OSINT OPSEC Tool - Kiwicon VI](https://reader031.fdocuments.in/reader031/viewer/2022012304/5452119cb1af9f83248b4c87/html5/thumbnails/9.jpg)
Why should you care about OPSEC?
• Everyone has secrets
• That includes organizations you are a part of:- businesses- governments- non-profits
![Page 10: Hyprwired - The OSINT OPSEC Tool - Kiwicon VI](https://reader031.fdocuments.in/reader031/viewer/2022012304/5452119cb1af9f83248b4c87/html5/thumbnails/10.jpg)
OPSEC, OSINT and social media
• OSINT = Open Source Intelligence
• Publicly available sources
• 20th Century: newspapers, radio, television
• 21st Century: the Internet; social media
![Page 11: Hyprwired - The OSINT OPSEC Tool - Kiwicon VI](https://reader031.fdocuments.in/reader031/viewer/2022012304/5452119cb1af9f83248b4c87/html5/thumbnails/11.jpg)
What can we find from 21st Century OSINT sources?
![Page 12: Hyprwired - The OSINT OPSEC Tool - Kiwicon VI](https://reader031.fdocuments.in/reader031/viewer/2022012304/5452119cb1af9f83248b4c87/html5/thumbnails/12.jpg)
Security related Info
• In 2009, a US Congressman tweeted his locations during a trip in Iraq
• Serious potential consequences
![Page 13: Hyprwired - The OSINT OPSEC Tool - Kiwicon VI](https://reader031.fdocuments.in/reader031/viewer/2022012304/5452119cb1af9f83248b4c87/html5/thumbnails/13.jpg)
Political Info
• In September an attempt was made to extort Mitt Romney with his tax returns
• Demand was posted on Pastebin
• Though a hoax; the idea still remains
![Page 14: Hyprwired - The OSINT OPSEC Tool - Kiwicon VI](https://reader031.fdocuments.in/reader031/viewer/2022012304/5452119cb1af9f83248b4c87/html5/thumbnails/14.jpg)
Business Info
• Employees may leak information
• New projects, mergers etc
![Page 15: Hyprwired - The OSINT OPSEC Tool - Kiwicon VI](https://reader031.fdocuments.in/reader031/viewer/2022012304/5452119cb1af9f83248b4c87/html5/thumbnails/15.jpg)
Internal IT Infrastructure Info
• StackExchange used bySys Admins/Network Engineers etc
• Code snippets posted
• Configurations posted
![Page 16: Hyprwired - The OSINT OPSEC Tool - Kiwicon VI](https://reader031.fdocuments.in/reader031/viewer/2022012304/5452119cb1af9f83248b4c87/html5/thumbnails/16.jpg)
The Idea
• Monitor 21st Century OSINT sources, and their users
• Send alerts when something of interest is found
• Easy overview of multiple sites
• Map out hits
• Open source tool; data sovereignty
![Page 17: Hyprwired - The OSINT OPSEC Tool - Kiwicon VI](https://reader031.fdocuments.in/reader031/viewer/2022012304/5452119cb1af9f83248b4c87/html5/thumbnails/17.jpg)
Existing Solutions?
• Google Alerts; not real time enough; especially with social media
• Twitter/Facebook search engines; no real-time alerting
• Free alert services; not fast enough; not enough sources
• Commercial solutions; not free
![Page 18: Hyprwired - The OSINT OPSEC Tool - Kiwicon VI](https://reader031.fdocuments.in/reader031/viewer/2022012304/5452119cb1af9f83248b4c87/html5/thumbnails/18.jpg)
FBI Interest
• The FBI is (obviously) interested in monitoring social media
• In January this year they released a Request For Information (RFI)
• “...to determine the capability of industry to provide an Open Source and social media alert, mapping and analysis application solution”.
![Page 19: Hyprwired - The OSINT OPSEC Tool - Kiwicon VI](https://reader031.fdocuments.in/reader031/viewer/2022012304/5452119cb1af9f83248b4c87/html5/thumbnails/19.jpg)
So, the tool...
![Page 20: Hyprwired - The OSINT OPSEC Tool - Kiwicon VI](https://reader031.fdocuments.in/reader031/viewer/2022012304/5452119cb1af9f83248b4c87/html5/thumbnails/20.jpg)
![Page 21: Hyprwired - The OSINT OPSEC Tool - Kiwicon VI](https://reader031.fdocuments.in/reader031/viewer/2022012304/5452119cb1af9f83248b4c87/html5/thumbnails/21.jpg)
![Page 22: Hyprwired - The OSINT OPSEC Tool - Kiwicon VI](https://reader031.fdocuments.in/reader031/viewer/2022012304/5452119cb1af9f83248b4c87/html5/thumbnails/22.jpg)
![Page 23: Hyprwired - The OSINT OPSEC Tool - Kiwicon VI](https://reader031.fdocuments.in/reader031/viewer/2022012304/5452119cb1af9f83248b4c87/html5/thumbnails/23.jpg)
![Page 24: Hyprwired - The OSINT OPSEC Tool - Kiwicon VI](https://reader031.fdocuments.in/reader031/viewer/2022012304/5452119cb1af9f83248b4c87/html5/thumbnails/24.jpg)
![Page 25: Hyprwired - The OSINT OPSEC Tool - Kiwicon VI](https://reader031.fdocuments.in/reader031/viewer/2022012304/5452119cb1af9f83248b4c87/html5/thumbnails/25.jpg)
![Page 26: Hyprwired - The OSINT OPSEC Tool - Kiwicon VI](https://reader031.fdocuments.in/reader031/viewer/2022012304/5452119cb1af9f83248b4c87/html5/thumbnails/26.jpg)
![Page 27: Hyprwired - The OSINT OPSEC Tool - Kiwicon VI](https://reader031.fdocuments.in/reader031/viewer/2022012304/5452119cb1af9f83248b4c87/html5/thumbnails/27.jpg)
![Page 28: Hyprwired - The OSINT OPSEC Tool - Kiwicon VI](https://reader031.fdocuments.in/reader031/viewer/2022012304/5452119cb1af9f83248b4c87/html5/thumbnails/28.jpg)
![Page 29: Hyprwired - The OSINT OPSEC Tool - Kiwicon VI](https://reader031.fdocuments.in/reader031/viewer/2022012304/5452119cb1af9f83248b4c87/html5/thumbnails/29.jpg)
![Page 30: Hyprwired - The OSINT OPSEC Tool - Kiwicon VI](https://reader031.fdocuments.in/reader031/viewer/2022012304/5452119cb1af9f83248b4c87/html5/thumbnails/30.jpg)
![Page 31: Hyprwired - The OSINT OPSEC Tool - Kiwicon VI](https://reader031.fdocuments.in/reader031/viewer/2022012304/5452119cb1af9f83248b4c87/html5/thumbnails/31.jpg)
![Page 32: Hyprwired - The OSINT OPSEC Tool - Kiwicon VI](https://reader031.fdocuments.in/reader031/viewer/2022012304/5452119cb1af9f83248b4c87/html5/thumbnails/32.jpg)
What’s monitored?
Source Keyword(s) User + Keyword(s)
Twitter Yes Yes
Reddit No Yes
StackOverflow No Yes
ServerFault No Yes
Facebook Yes No
PasteBin Yes No
Wordpress Yes No
![Page 33: Hyprwired - The OSINT OPSEC Tool - Kiwicon VI](https://reader031.fdocuments.in/reader031/viewer/2022012304/5452119cb1af9f83248b4c87/html5/thumbnails/33.jpg)
Behind the scenes
• Python to scrape the sources
• Sources are constantly queried; if keyword(s) found in content: user gets alerted via email
• MySQL DB
![Page 34: Hyprwired - The OSINT OPSEC Tool - Kiwicon VI](https://reader031.fdocuments.in/reader031/viewer/2022012304/5452119cb1af9f83248b4c87/html5/thumbnails/34.jpg)
Behind the scenes II
• StackExchange API doesn’t return everything
• BeautifulSoup scrapes post data
• Pastebin provides no native search API
• Modified PasteLert (andrewmohawk.com)
Source Native API?
Twitter Yes
Reddit Yes
StackOverflow Yes*
ServerFault Yes*
Facebook Yes
Wordpress Yes
PasteBin No
![Page 35: Hyprwired - The OSINT OPSEC Tool - Kiwicon VI](https://reader031.fdocuments.in/reader031/viewer/2022012304/5452119cb1af9f83248b4c87/html5/thumbnails/35.jpg)
Real-time?
• Depends on the API
• Pastebin was real-time...
• User hit sources; 10 minute delay per user (with 10 users)
• Keyword hit sources; 1 hour delay per keyword (with 12 keywords)
![Page 36: Hyprwired - The OSINT OPSEC Tool - Kiwicon VI](https://reader031.fdocuments.in/reader031/viewer/2022012304/5452119cb1af9f83248b4c87/html5/thumbnails/36.jpg)
Use cases
• Organizations can use this to check that their members are not leaking information
• Recon to gather info on internal systems
• During a pentest in case employees mention anything valuable
![Page 37: Hyprwired - The OSINT OPSEC Tool - Kiwicon VI](https://reader031.fdocuments.in/reader031/viewer/2022012304/5452119cb1af9f83248b4c87/html5/thumbnails/37.jpg)
Potential interesting finds pt I
• Proprietary source code
![Page 38: Hyprwired - The OSINT OPSEC Tool - Kiwicon VI](https://reader031.fdocuments.in/reader031/viewer/2022012304/5452119cb1af9f83248b4c87/html5/thumbnails/38.jpg)
Potential interesting finds pt II
• Private keys
• Your company customer database
![Page 39: Hyprwired - The OSINT OPSEC Tool - Kiwicon VI](https://reader031.fdocuments.in/reader031/viewer/2022012304/5452119cb1af9f83248b4c87/html5/thumbnails/39.jpg)
Thanks
• bogan for the original idea
• pipes, metlstorm and Adrian Hayes for feedback
• The crue, volunteers and sponsors for another wicked ‘con
![Page 40: Hyprwired - The OSINT OPSEC Tool - Kiwicon VI](https://reader031.fdocuments.in/reader031/viewer/2022012304/5452119cb1af9f83248b4c87/html5/thumbnails/40.jpg)
Feedback/Source/Contact
• @hyprwired
• github.com/hyprwired/osint-opsec-tool