MCH2022 Curated content

Collect all the data (more than you ever need)

Envelope ✉️
H. O. Klompenmaker
Are you curious, and looking for a fun project perhaps this workshop is something for you? The capabilities of both generating and collecting data have been increasing rapidly in the last several decades. Everybody needs info / data in life. Some examples: In your job to find new businesses opportunity’s or just to "spy" on employees or your competitors? Reverse engineering for a simple replay attack, you might need to know the frequency, Chip vendor .or layout Finding your long lost friends, loves-once from long ago. Some time's you know it must be out there somewhere but you just can't find it. Why can't you find it and how to improve your search skills on gathering or collecting data. Step by step I will guide you in the art off “collecting data”. And NO is not an option is something I hope to gain. This is NOT an debate about the ethics or politics of online reconnaissance on personal information gathering.* Further this is not a guide/training to steal information for criminal purposes. *If you would like to discuss this we could do this after in the Lounge
Abstract Are you curious, and looking for a fun project perhaps this workshop is something for you? The capabilities of both generating and collecting data have been increasing rapidly in the last several decades. Everybody needs info / data in life. Some examples: In your job to find new businesses opportunity’s or just to "spy" on employees or your competitors? Reverse engineering for a simple replay attack, you might need to know the frequency, Chip vendor .or layout Finding your long lost friends, loves-once from long ago. Some time's you know it must be out there somewhere but you just can't find it. Why can't you find it and how to improve your search skills on gathering or collecting data. Step by step I will guide you in the art off “collecting data”. And NO is not an option is something I hope to gain. This is NOT an debate about the ethics or politics of online reconnaissance on personal information gathering.* Further this is not a guide/training to steal information for criminal purposes. *If you would like to discuss this we could do this after in the Lounge Description The name of collecting data in Military terms is Open-source intelligence, often referred to as OSINT. This word OSINT can mean many things to many people.“Officially, it is defined as any data or Intelligence produced from publicly available information that is collected, exploited or disseminated in a manner to an audience in a form of an rapport or spoken word.” The main word for collection data is OSINT or Open-source intelligence this is just like an treasure chest. Mostly It includes lots of "possibly sensitive information". Sometimes it is publicly available on the internet, and the best of all, it’s “free”. With some simple tooling you can find more than you aspect. No need for expensive hardware, all you need is an internet browser and a terminal You could do this from you're phone all you need is an terminal and an browser. Some topics: Please keep in mind that tools and tricks get quickly obsolete. Public Government records Rental Vehicle License plate's exploratory data analysis (Data mining) Finding a (new) job with the help off open source data Animal tracking (cows) Social media content hidden, alias profile’s missing profile data Capture social media live streams Google dorking Deleted websites and post Website owner information Open directory’s Restricted media content File and FTP Search Online criminal activity. Scraping Telegram, Irc groups. Photo GPS and Metadata Document Metadata Sensitive Documents and photo’s location off Wireless routers Ip address of users Cellphone tower information. Radio communications Reverse engineering Regulatory filings (FCC), RFIC datasheets, standards documents Prior reverse-engineering work, Marketing material Free tools, Browser extensions and websites. Alternative search Engine’s How to setup up you're own search VM from scratch Repairing the machine for the event. It is all up to you if you like t run an vm (cloud based), from an USB or just on an older laptop that will be gone after this event. There is no wrong or right operation system but some “privacy bases system” attract unwanted attention. To install: Firefox, Chrome Some plugins are helpful, Copy links, adblocker, noscript, exif viewer, Screen capture like Fireshot /Nimbus, JSON viewer, Google docs viewer. The TOR bundel VPN of choice

Additional information

Type Long workshop
Language English

More sessions

7/22/22
MCH2022 Curated content
Elger "Stitch" Jonker
Abacus 🧮
⚠️ Warning! This talk may contain hackers. There may be hackers in the room. There may be hackers surrounding the room. There may be hackers recording this. There may be hackers listening in. There may be hackers that exfiltrate data. There may be hackers wearing shirts. There may be hackers carrying spying devices. OH NO! There are hackers EVERYWHERE! What can we do now, except having a party?
7/22/22
MCH2022 Curated content
Jelle vd ster
Abacus 🧮
What do big tech, synthesizers, the crucifixion and Matthäus Passion have in common? Find the answer in the tech performance The Silicon Passion. We’ve all embraced big tech —but is it a warm hug or a strangulation? Bear witness to a debate of biblical proportions between tech nerds, technology and its users. In The Silicon Passion SETUP, in collaboration with de Transmissie (David Schwarz en Derk Stenvers) and Rodrigo Ferreira, is looking for a way out of the pit that technology has ...
7/22/22
MCH2022 Curated content
Clairvoyance 🔮
Lightning talks are a 5 to 10 minute quick talk on an interesting subject. They can be with or without slides, and with or without proper preparation. if you weren't accepted in the main CfP, this is also a great opportunity to give an abridged version of your talk. These sessions will be available to sign up to later on, with details on the wiki.
7/22/22
MCH2022 Curated content
Mikko Hypponen
Abacus 🧮
This is a submission for a keynote talk at MCH2022. The Internet is both a familiar, comfortable place as well as a bottomless rabbit hole you can lose yourself in. The Internet has always been like this from its inception, the difference now is the scale and consequences are almost immeasurable - and it tests the limits of human imagination. When you look into the mirror of the Internet what you see reflected back depends on what you are looking for. It has become largely a reflection of ...
7/22/22
MCH2022 Curated content
Battery 🔋
Thanks to DNSSEC and DANE, it is possible to automatically verify user@domain.name identities by checking with domain.name servers. The real problem however, is integration with existing protocols, instead of inventing something completely new and perhaps web-only. The purpose of our work on Realm Crossover mechanisms has been to design generic solutions that extend many different application protocols, without changing their protocol specs.
7/22/22
MCH2022 Curated content
Klaus Agnoletti
Clairvoyance 🔮
Utilizing collaborative security to collect data on attacks we were able to detect Log4J in a quite unusual but effective manner. We'll show you how CrowdSec enables the entire infosec community to stand together by detecting attempts to exploit a critical 0day, reporting them centrally thereby enabling anyone to protect themselves shortly after the vulnerability was made public. The unusual part is that this is done using FOSS software and by analyzing logs of real production systems but in a ...
7/22/22
MCH2022 Curated content
bert hubert
Abacus 🧮
Building on the very well attended DNA presentations ("DNA: The Code Of Life") at SHA2017, this talk will cover: * A brief recap what DNA is and how it works * It is surprisingly digital! * How reading DNA is within 'pro-sumer' reach now * (I might bring a live demo for after the talk) * An overview of DNA editing technologies (offline, and online: on living organisms) * Including the famous CRISPR-CAS, but also newer variants * How does such editing actually work in a lab? * The surprising lack ...