Exploiting Twitter with Tinfoleak for investigative purposes

Presented at Still Hacking Anyway (SHA2017), Aug. 8, 2017, 1:30 p.m. (60 minutes).

In this talk, I will present a new version of my tool Tinfoleak, the most complete OSINT open-source tool for Twitter. I will show real examples of how to exploit the information in social networks for investigative tasks. The goal is to see, what kind of information can be extracted about a person or a location, and the purpose with which it can be used, with a live demo. Among other information, I will show useful information for security forces, private investigators, pentesters, social engineers, journalists, security analysts and anyone interested in the privacy or analysis of social networks for investigative purposes.

You are being watched. Not only the government has a secret system: ordinary people; people like you, can spy people every hour of every day. Anyone can get detailed information about you, or your immediate environment. Social networks are a source of information on our professional and personal lives. Among these networks, Twitter highlighted by the activity of its users given the ease of use, simplicity, and available features. However, we are not aware of all the data we provide (in particular, the information provided indirectly) and the use that a third party can make of the information we publish. Even being aware of the existing security risks, we are exposed.

In this talk I will show, for the first time, new features of Tinfoleak. I will explain how to use all the existing functionalities for investigative tasks. The attendees to the presentation will be able to use the new version of Tinfoleak and use their laptops to analyze different scenarios. Several live demonstrations will be performed to show the analytical capacity that can dispose any person. Information will be collected on various targets and will be used to generate intelligence, so that it can help to decision-makers.


Presenters:

  • Vicente Aguilera Díaz
    Vicente Aguilera Diaz began his professional career in the IT security sector in 2001. Vicente is co-founder of Internet Security Auditors (a Spanish firm specializing in security services), OWASP Spain Chapter Leader, member of the Technical Advisory Board of the RedSeguridad magazine, member of the Jury of the IT Security Awards organized by the RedSeguridad magazine, and member of Cybersecuritics Research Group. Vicente has collaborate in several open-source projects, is the author of Tinfoleak, is a regular speaker at industry conferences and has published several articles and vulnerabilities in specialized media. Also, Vicente has collaborate as a teacher in the “Master degree of Software Engineering” (Fundació UPC, Universitat Politècnica de Catalunya), the “Master degree of e-Tourism” (Escuela Universitaria de Hosteleria y Turismo, Universitat de Barcelona), and the “Master degree of Computer Security” (UNIR, Universidad Internacional de La Rioja). More information about me, here: http://www.vicenteaguileradiaz.com/

Links:

Similar Presentations: