1 00:00:00,000 --> 00:00:04,620 1995 server profile broken trust models 2 00:00:02,639 --> 00:00:06,898 not not just for ssl anymore 3 00:00:04,620 --> 00:00:09,269 where we'll be examining the methods of 4 00:00:06,899 --> 00:00:11,849 identification used by social media and 5 00:00:09,269 --> 00:00:14,910 internet companies and how by abusing 6 00:00:11,849 --> 00:00:17,369 two points they can be used to create 7 00:00:14,910 --> 00:00:20,130 untrustable or anonymous profiles and 8 00:00:17,369 --> 00:00:22,980 just keep understanding the quotes 9 00:00:20,130 --> 00:00:25,259 because the different methodology could 10 00:00:22,980 --> 00:00:29,640 be tracked by the right government 11 00:00:25,260 --> 00:00:32,520 agency or company first introduction to 12 00:00:29,640 --> 00:00:34,920 from a small-time boutique company to 13 00:00:32,520 --> 00:00:37,710 the corporate world legal disclaimers at 14 00:00:34,920 --> 00:00:39,600 its core this talk is just talking about 15 00:00:37,710 --> 00:00:41,340 the system that is there are no exploits 16 00:00:39,600 --> 00:00:43,079 of vulnerabilities being disclosed the 17 00:00:41,340 --> 00:00:45,930 company's mentions are not doing 18 00:00:43,079 --> 00:00:47,700 anything wrong or insecurely to give you 19 00:00:45,930 --> 00:00:49,710 a background on how I started getting 20 00:00:47,700 --> 00:00:54,629 involved in creating anonymous profiles 21 00:00:49,710 --> 00:00:56,100 and untraceable accounts is by work by 22 00:00:54,629 --> 00:00:58,320 working with people that have been 23 00:00:56,100 --> 00:00:59,969 abused abuse women people that word had 24 00:00:58,320 --> 00:01:04,760 orders protections people that needed to 25 00:00:59,969 --> 00:01:07,320 hide I work with different groups and 26 00:01:04,760 --> 00:01:10,380 providing suggestions on how they could 27 00:01:07,320 --> 00:01:11,850 get these covert or secondary channels 28 00:01:10,380 --> 00:01:13,259 of communication with their families 29 00:01:11,850 --> 00:01:15,960 during these times and that's how I 30 00:01:13,260 --> 00:01:17,850 first got involved with doing this type 31 00:01:15,960 --> 00:01:20,639 of stuff yeah I know it's kind of 32 00:01:17,850 --> 00:01:22,470 shocking that you can actually get asked 33 00:01:20,640 --> 00:01:24,090 to do something in IT security other 34 00:01:22,470 --> 00:01:26,570 than break into a girlfriend's computer 35 00:01:24,090 --> 00:01:30,450 an email account when things go south 36 00:01:26,570 --> 00:01:32,880 all right Who am I up here not really 37 00:01:30,450 --> 00:01:34,500 that important but contact details what 38 00:01:32,880 --> 00:01:39,329 I really want to be is a part-time 39 00:01:34,500 --> 00:01:42,390 farmer but just no money in it okay with 40 00:01:39,329 --> 00:01:45,029 this talk we can take over the world not 41 00:01:42,390 --> 00:01:49,290 really but we will be able to remove a 42 00:01:45,030 --> 00:01:51,770 little excuse me build members here all 43 00:01:49,290 --> 00:01:56,579 right we will be able to remove a little 44 00:01:51,770 --> 00:01:58,380 arbitrate air I apologize not usually 45 00:01:56,579 --> 00:02:00,148 standing in the room we're breaking in 46 00:01:58,380 --> 00:02:02,009 but what we're looking to do is remove a 47 00:02:00,149 --> 00:02:05,040 little out of station between ourselves 48 00:02:02,009 --> 00:02:06,960 and the targets mostly when the 49 00:02:05,040 --> 00:02:08,920 statesman's goes south or if an 50 00:02:06,960 --> 00:02:10,690 engagement calls for 51 00:02:08,919 --> 00:02:15,390 engaging in the blue team of the red 52 00:02:10,690 --> 00:02:17,859 team how can we remove these secondary 53 00:02:15,390 --> 00:02:20,619 associations between ourselves and these 54 00:02:17,860 --> 00:02:23,530 customers this is actually a 25-minute 55 00:02:20,620 --> 00:02:25,330 version of a 45-minute talk I did so I 56 00:02:23,530 --> 00:02:27,700 had to cut out some of the social media 57 00:02:25,330 --> 00:02:32,290 stuff to focus on the more interesting 58 00:02:27,700 --> 00:02:34,239 things all right so let's just do start 59 00:02:32,290 --> 00:02:35,730 out with a basic understanding of how 60 00:02:34,240 --> 00:02:38,680 things are currently done in the 61 00:02:35,730 --> 00:02:40,660 advanced engagements you have domain 62 00:02:38,680 --> 00:02:43,959 fronting purchase of expired domains 63 00:02:40,660 --> 00:02:45,730 maybe dynamic DNS services proxy in C to 64 00:02:43,959 --> 00:02:48,760 traffic redirection you know fake 65 00:02:45,730 --> 00:02:49,840 identities of onus all of this stuff is 66 00:02:48,760 --> 00:02:52,239 good stuff 67 00:02:49,840 --> 00:02:53,980 of course there's things like domain 68 00:02:52,239 --> 00:02:56,560 privacy which is a really a short time 69 00:02:53,980 --> 00:02:58,299 delay for certain targets a victim of a 70 00:02:56,560 --> 00:03:03,690 cyber attack can contact a domain 71 00:02:58,300 --> 00:03:03,690 provider and get that privacy pierced 72 00:03:04,890 --> 00:03:11,350 sorry but there's one thing that's 73 00:03:09,040 --> 00:03:13,510 missing in all of this in short the 74 00:03:11,350 --> 00:03:16,359 industry currently focuses on hiding the 75 00:03:13,510 --> 00:03:20,290 interactive c2 infrastructure but not 76 00:03:16,360 --> 00:03:22,510 that's not the how the services are 77 00:03:20,290 --> 00:03:25,840 bought and who owns that infrastructure 78 00:03:22,510 --> 00:03:27,760 that we pay for them in this talk look 79 00:03:25,840 --> 00:03:30,910 so you address that so why are all the 80 00:03:27,760 --> 00:03:32,798 trouble of creating a physical profiles 81 00:03:30,910 --> 00:03:34,209 since we all start with different points 82 00:03:32,799 --> 00:03:36,269 of knowledge and understanding I'm just 83 00:03:34,209 --> 00:03:39,670 going to cover a few basic things first 84 00:03:36,269 --> 00:03:42,549 as security companies we currently look 85 00:03:39,670 --> 00:03:46,059 to remove as station from our accounts 86 00:03:42,549 --> 00:03:47,530 with onus and the targets normally we 87 00:03:46,060 --> 00:03:51,370 don't need to worry about the secondary 88 00:03:47,530 --> 00:03:53,079 associations our metadata or having our 89 00:03:51,370 --> 00:03:56,079 infrastructure accounts privacy pierced 90 00:03:53,079 --> 00:03:57,880 but what if the target is law 91 00:03:56,079 --> 00:04:01,180 enforcement what if it's a government 92 00:03:57,880 --> 00:04:04,630 agency what are what if you are a dark 93 00:04:01,180 --> 00:04:06,940 web hunter or you know you work hunting 94 00:04:04,630 --> 00:04:08,709 down criminal organizations and again 95 00:04:06,940 --> 00:04:11,829 what if your purpose is to protect the 96 00:04:08,709 --> 00:04:13,269 abused and frankly you need for 97 00:04:11,829 --> 00:04:15,010 untraceable profiles is because you 98 00:04:13,269 --> 00:04:18,780 never know when you're going to show up 99 00:04:15,010 --> 00:04:21,849 on the Internet okay again continue 100 00:04:18,779 --> 00:04:23,859 metadata refer to that that is just a 101 00:04:21,849 --> 00:04:26,259 data that provides information about 102 00:04:23,860 --> 00:04:27,759 other data some of us in the room have 103 00:04:26,259 --> 00:04:30,310 used maybe data that compromised a 104 00:04:27,759 --> 00:04:31,960 target we look for the user names 105 00:04:30,310 --> 00:04:34,259 Durrell host names operating system 106 00:04:31,960 --> 00:04:36,758 software versions etc to further attacks 107 00:04:34,259 --> 00:04:39,249 but how often do you think about in your 108 00:04:36,759 --> 00:04:41,110 engagements metadata threat hunters have 109 00:04:39,249 --> 00:04:44,439 several models to correlate metadata 110 00:04:41,110 --> 00:04:46,169 such as the diamond in the sticks and as 111 00:04:44,439 --> 00:04:48,189 attackers we need to know about these 112 00:04:46,169 --> 00:04:50,770 information models they have about our 113 00:04:48,189 --> 00:04:52,810 metadata and the fact remains every 114 00:04:50,770 --> 00:04:55,568 threat under vendor has profiles on 115 00:04:52,810 --> 00:04:57,939 major pentest companies besides the 116 00:04:55,569 --> 00:04:59,500 threat actives our go-to plays the phone 117 00:04:57,939 --> 00:05:02,500 numbers the service providers the CG 118 00:04:59,500 --> 00:05:07,349 certain first initial vectors are all 119 00:05:02,500 --> 00:05:10,330 traceable trackable metadata so and 120 00:05:07,349 --> 00:05:12,250 because it serve economies I had to 121 00:05:10,330 --> 00:05:13,359 throw this one in there you know because 122 00:05:12,250 --> 00:05:14,500 you actually don't own the 123 00:05:13,360 --> 00:05:18,400 infrastructure when you buy these 124 00:05:14,500 --> 00:05:21,759 services all right creating untrustable 125 00:05:18,400 --> 00:05:23,258 and trackable identities so for myself 126 00:05:21,759 --> 00:05:25,089 thinking about the metadata of 127 00:05:23,259 --> 00:05:27,969 engagements with certain higher end 128 00:05:25,089 --> 00:05:30,069 targets I was thinking of looking at 129 00:05:27,969 --> 00:05:32,469 ways to mimic threat actors that use 130 00:05:30,069 --> 00:05:35,620 compromised third party host you know 131 00:05:32,469 --> 00:05:38,860 the host the malware or non-interactive 132 00:05:35,620 --> 00:05:40,810 see to a lot of rc2 is all interactive 133 00:05:38,860 --> 00:05:42,639 so we don't worry about this but I 134 00:05:40,810 --> 00:05:44,919 always kind of thinking you know it 135 00:05:42,639 --> 00:05:48,789 would be nice to stick long term malware 136 00:05:44,919 --> 00:05:51,128 on a client beacon out three months that 137 00:05:48,789 --> 00:05:53,318 type of stuff I was thinking about how 138 00:05:51,129 --> 00:05:54,969 ethical it is to redirect to a similar 139 00:05:53,319 --> 00:05:58,029 form looking company you know what is 140 00:05:54,969 --> 00:06:00,819 the potential impact on their brand and 141 00:05:58,029 --> 00:06:03,699 obviously retribution their prepetition 142 00:06:00,819 --> 00:06:06,969 service providers now search out that 143 00:06:03,699 --> 00:06:09,240 stuff all right so this got me thinking 144 00:06:06,969 --> 00:06:12,170 why not use real companies and not 145 00:06:09,240 --> 00:06:14,120 interest 146 00:06:12,170 --> 00:06:17,090 definitely thinking why not use a real 147 00:06:14,120 --> 00:06:18,620 company but an untraceable company to 148 00:06:17,090 --> 00:06:20,750 avoid the negative associations with a 149 00:06:18,620 --> 00:06:22,880 valid company instead of domain fronting 150 00:06:20,750 --> 00:06:24,380 you know an untraceable company would 151 00:06:22,880 --> 00:06:26,240 make it possible to use horrible 152 00:06:24,380 --> 00:06:29,210 software to host not an interactive 153 00:06:26,240 --> 00:06:31,460 malware I mean how would it look if you 154 00:06:29,210 --> 00:06:33,950 use multiple domains all using the same 155 00:06:31,460 --> 00:06:36,950 piece of software from valid looking 156 00:06:33,950 --> 00:06:39,469 companies to the right blue team 157 00:06:36,950 --> 00:06:42,020 or better yet you're using code base 158 00:06:39,470 --> 00:06:44,270 that looks like it is from 2000 again 159 00:06:42,020 --> 00:06:45,859 for the right blue team would that be 160 00:06:44,270 --> 00:06:49,609 enough to throw them off if an 161 00:06:45,860 --> 00:06:52,930 engagement goes south alright so again 162 00:06:49,610 --> 00:06:55,310 what is required for a cyber identity 163 00:06:52,930 --> 00:06:57,110 some of the big services for Onis in 164 00:06:55,310 --> 00:06:58,880 human intelligence Facebook LinkedIn 165 00:06:57,110 --> 00:07:01,430 Twitter business services that 166 00:06:58,880 --> 00:07:05,540 respectability and Trust Office 365 G 167 00:07:01,430 --> 00:07:07,340 suite drop box cetera virtual private 168 00:07:05,540 --> 00:07:10,280 servers to launch attacks from host 169 00:07:07,340 --> 00:07:13,669 domains engagement proxy engagements 170 00:07:10,280 --> 00:07:20,210 through but how can all this be got 171 00:07:13,670 --> 00:07:23,060 anonymously so before we start to attack 172 00:07:20,210 --> 00:07:24,590 utilize or abuse a system for hunting 173 00:07:23,060 --> 00:07:28,420 purposes we need to understand that 174 00:07:24,590 --> 00:07:30,739 system just basic hacking one on one so 175 00:07:28,420 --> 00:07:33,620 what is the main ways that these cyber 176 00:07:30,740 --> 00:07:35,810 business is used to validate an identity 177 00:07:33,620 --> 00:07:37,490 on their platforms so I've looked at 178 00:07:35,810 --> 00:07:40,220 multiple different service providers and 179 00:07:37,490 --> 00:07:42,620 at the core I've come up terms that I've 180 00:07:40,220 --> 00:07:45,410 determined that the trust model used is 181 00:07:42,620 --> 00:07:47,690 really an email address or a mobile 182 00:07:45,410 --> 00:07:49,940 phone if you can gain one of those two 183 00:07:47,690 --> 00:07:52,700 things anonymously you can actually 184 00:07:49,940 --> 00:07:55,910 start abusing Internet service providers 185 00:07:52,700 --> 00:07:56,539 and Dean of rather bizarre circle of 186 00:07:55,910 --> 00:08:00,950 trust 187 00:07:56,540 --> 00:08:04,229 through SSO to gain other services 188 00:08:00,950 --> 00:08:07,680 anonymity so 189 00:08:04,229 --> 00:08:09,900 my solution to this and this is to wear 190 00:08:07,680 --> 00:08:12,860 the part you go oh yeah of course that's 191 00:08:09,900 --> 00:08:17,900 the arrow next to the gas in the car 192 00:08:12,860 --> 00:08:20,249 bomb my easiest solution to create under 193 00:08:17,900 --> 00:08:21,659 untraceable identities and companies is 194 00:08:20,249 --> 00:08:23,699 just really two parts and then no it's 195 00:08:21,659 --> 00:08:26,188 not Bitcoin because Bitcoin at its core 196 00:08:23,699 --> 00:08:27,629 is traceable trackable we can talk 197 00:08:26,189 --> 00:08:31,650 offline and have at that kind of 198 00:08:27,629 --> 00:08:34,140 religious debate later having first for 199 00:08:31,650 --> 00:08:36,718 first having an honest mobile number aka 200 00:08:34,140 --> 00:08:39,689 burner phone is required this is a 201 00:08:36,719 --> 00:08:41,760 trivial thing to get loose mobile 202 00:08:39,690 --> 00:08:44,130 tracfone straight-talking TT are all 203 00:08:41,760 --> 00:08:47,819 available from large box stores they 204 00:08:44,130 --> 00:08:50,189 only require activation that's it they 205 00:08:47,820 --> 00:08:55,620 do not require any sort of 206 00:08:50,190 --> 00:08:58,130 identification to gain this so these 207 00:08:55,620 --> 00:09:00,750 service providers give you numbers 208 00:08:58,130 --> 00:09:03,149 without verifying contact details to 209 00:09:00,750 --> 00:09:05,880 recharge you need just the phone number 210 00:09:03,149 --> 00:09:08,699 and a pin on the account into an active 211 00:09:05,880 --> 00:09:10,350 recharge card from the store smart 212 00:09:08,699 --> 00:09:12,359 phones are brilliant because they give 213 00:09:10,350 --> 00:09:14,699 you two or three usage by changing out 214 00:09:12,360 --> 00:09:16,440 the SIM providers you gain a Google 215 00:09:14,699 --> 00:09:18,599 account or Apple account by using the 216 00:09:16,440 --> 00:09:20,339 right smart phone you gain the means of 217 00:09:18,600 --> 00:09:23,910 two FA either through the text or 218 00:09:20,339 --> 00:09:26,310 Authenticator app where the warning is 219 00:09:23,910 --> 00:09:28,529 some providers do expire the recharge 220 00:09:26,310 --> 00:09:31,109 cards so it's just a way of getting the 221 00:09:28,529 --> 00:09:33,720 liability off their write off sheets so 222 00:09:31,110 --> 00:09:36,149 you want to make sure that when you buy 223 00:09:33,720 --> 00:09:37,709 these service cards it's a 30-day 224 00:09:36,149 --> 00:09:39,870 service you use it you don't use it 225 00:09:37,709 --> 00:09:41,459 that's it just careful with what you're 226 00:09:39,870 --> 00:09:43,470 purchased so you don't waste money for 227 00:09:41,459 --> 00:09:46,800 long term companies I prefer you prefer 228 00:09:43,470 --> 00:09:48,120 using VoIP or sip providers or a simple 229 00:09:46,800 --> 00:09:51,269 flip phone just because it's more 230 00:09:48,120 --> 00:09:54,410 economical you better have I did use 231 00:09:51,269 --> 00:09:56,880 Google numbers um and they're okay for 232 00:09:54,410 --> 00:09:59,040 engagements the reverse lookup of the 233 00:09:56,880 --> 00:10:00,839 number shows Google with but you know 234 00:09:59,040 --> 00:10:03,120 that's fine if you're using G suite as 235 00:10:00,839 --> 00:10:04,700 your business platform and we're going 236 00:10:03,120 --> 00:10:07,580 to go into that 237 00:10:04,700 --> 00:10:11,300 so how do you get the untraceable and 238 00:10:07,580 --> 00:10:13,160 untrackable thing very simply our man 239 00:10:11,300 --> 00:10:14,689 Johnny that's right cash since the 240 00:10:13,160 --> 00:10:17,920 vendors don't require anything other 241 00:10:14,690 --> 00:10:20,360 than the Simms to provide a phone number 242 00:10:17,920 --> 00:10:22,579 attached purchase at a random large box 243 00:10:20,360 --> 00:10:24,380 store the Simms or the Simms phone 244 00:10:22,580 --> 00:10:26,540 combination and a recharge card is all 245 00:10:24,380 --> 00:10:28,700 you're going to need to get the phone 246 00:10:26,540 --> 00:10:34,849 obviously there's tracking of the cell 247 00:10:28,700 --> 00:10:37,850 towers etc but and as a side note if you 248 00:10:34,850 --> 00:10:40,310 are working with abuse people or victims 249 00:10:37,850 --> 00:10:43,430 of abuse having a smart mobile phone 250 00:10:40,310 --> 00:10:45,829 done this way is a must for 251 00:10:43,430 --> 00:10:50,120 communication for them and keeping the 252 00:10:45,830 --> 00:10:53,780 channel over from the abuser moving on 253 00:10:50,120 --> 00:10:55,130 so solution to the untrackable companies 254 00:10:53,780 --> 00:10:56,660 this is the second part in this is 255 00:10:55,130 --> 00:11:00,290 probably the part that you all came to 256 00:10:56,660 --> 00:11:04,490 hear about ok it is actually prepaid and 257 00:11:00,290 --> 00:11:05,439 gift cards again we use the cash to go 258 00:11:04,490 --> 00:11:08,960 ahead and buy it 259 00:11:05,440 --> 00:11:12,490 prepaid debit gift cards do not require 260 00:11:08,960 --> 00:11:14,990 any form of validation with create them 261 00:11:12,490 --> 00:11:18,800 several vendors all that requires is any 262 00:11:14,990 --> 00:11:21,980 physical address a name and up 263 00:11:18,800 --> 00:11:23,270 self-created pen there are bad ones that 264 00:11:21,980 --> 00:11:25,280 will burn eeeh those are the 265 00:11:23,270 --> 00:11:27,680 rechargeable ones the rechargeable debit 266 00:11:25,280 --> 00:11:30,370 cards are what you want to look for is 267 00:11:27,680 --> 00:11:32,599 if it says verify ID 268 00:11:30,370 --> 00:11:34,370 because of the terror intelligence 269 00:11:32,600 --> 00:11:37,130 reform and terrorism terrorism 270 00:11:34,370 --> 00:11:39,970 Prevention Act of 2004 those requiring 271 00:11:37,130 --> 00:11:44,750 SS number of green card or bank count to 272 00:11:39,970 --> 00:11:46,250 validate them off-camera 273 00:11:44,750 --> 00:11:47,870 can give you recommendations on which 274 00:11:46,250 --> 00:11:50,330 cards to actually use and stuff like 275 00:11:47,870 --> 00:11:51,770 that I just don't want to burn the ones 276 00:11:50,330 --> 00:11:53,810 I use but I will give you that 277 00:11:51,770 --> 00:11:55,189 information before spending any 278 00:11:53,810 --> 00:11:56,839 morning's if you look at the back of the 279 00:11:55,190 --> 00:12:00,110 card it will tell you the registration 280 00:11:56,840 --> 00:12:02,480 activation site just take go look at it 281 00:12:00,110 --> 00:12:06,550 and it will be pretty clear if they 282 00:12:02,480 --> 00:12:09,350 require any form of identification now 283 00:12:06,550 --> 00:12:13,500 what can you do with these prepaid debit 284 00:12:09,350 --> 00:12:15,000 cards well just lessons I've learned 285 00:12:13,500 --> 00:12:18,420 when you're setting up the business 286 00:12:15,000 --> 00:12:20,100 services and the addresses on these 287 00:12:18,420 --> 00:12:22,319 activations are the to activate the 288 00:12:20,100 --> 00:12:25,830 debit cards you want to make sure your 289 00:12:22,320 --> 00:12:27,150 addresses match also the burner phones 290 00:12:25,830 --> 00:12:30,710 the numbers should match the 291 00:12:27,150 --> 00:12:33,569 geographical area code of the address to 292 00:12:30,710 --> 00:12:36,210 umber phone providers do not restrict 293 00:12:33,570 --> 00:12:38,190 the geographical area code that you will 294 00:12:36,210 --> 00:12:41,640 request when you're setting up the phone 295 00:12:38,190 --> 00:12:43,920 I found good business addresses for 296 00:12:41,640 --> 00:12:45,540 businesses to use I look for a shared 297 00:12:43,920 --> 00:12:47,550 office space buildings or multiple 298 00:12:45,540 --> 00:12:51,599 tenant buildings that do not disclose 299 00:12:47,550 --> 00:12:54,300 the tenant information at the start of 300 00:12:51,600 --> 00:12:57,210 an engagement I usually pick up a couple 301 00:12:54,300 --> 00:13:00,719 of twenty or sorry sixty or a hundred 302 00:12:57,210 --> 00:13:02,940 dollar gift cards they play they provide 303 00:13:00,720 --> 00:13:05,040 the most flexibility to gain several 304 00:13:02,940 --> 00:13:07,350 months of service without having to 305 00:13:05,040 --> 00:13:09,030 waste any monies you'll see though any 306 00:13:07,350 --> 00:13:11,460 money's left over on these gift cards 307 00:13:09,030 --> 00:13:16,829 can actually be placed on to a prepaid 308 00:13:11,460 --> 00:13:19,910 provider of EPs service or VoIP vigor so 309 00:13:16,830 --> 00:13:23,160 it's a great way of recouping that money 310 00:13:19,910 --> 00:13:25,680 the use use the name on the gift card I 311 00:13:23,160 --> 00:13:27,959 find some vendors don't question that 312 00:13:25,680 --> 00:13:31,229 says gift card recipient just type that 313 00:13:27,960 --> 00:13:32,790 in his name other ones will accept the 314 00:13:31,230 --> 00:13:36,600 fake name that you put in when you 315 00:13:32,790 --> 00:13:38,010 activated the card having a card with 316 00:13:36,600 --> 00:13:40,050 the exact morning is more likely to get 317 00:13:38,010 --> 00:13:41,580 rejected because company's validating 318 00:13:40,050 --> 00:13:44,099 cards by placing a penny or dollar 319 00:13:41,580 --> 00:13:45,870 transaction so you want to make sure 320 00:13:44,100 --> 00:13:50,250 that you have a few dollars extra on the 321 00:13:45,870 --> 00:13:53,340 carbs cards can expire when you purchase 322 00:13:50,250 --> 00:13:55,380 these gift cards some vendors charge a 323 00:13:53,340 --> 00:13:57,450 monthly fee onto the first purchase 324 00:13:55,380 --> 00:14:01,560 again this is to get the liability off 325 00:13:57,450 --> 00:14:03,840 their balance sheets pay for one years 326 00:14:01,560 --> 00:14:07,020 of service even if the engagement is not 327 00:14:03,840 --> 00:14:09,780 that long by buying one year's worth of 328 00:14:07,020 --> 00:14:11,760 service it avoids the some of the 329 00:14:09,780 --> 00:14:14,100 rejections you could receive with a 330 00:14:11,760 --> 00:14:16,350 subscription because these prepaid debit 331 00:14:14,100 --> 00:14:19,320 cards are not designed for that and I 332 00:14:16,350 --> 00:14:21,520 find sometimes they are pin caught when 333 00:14:19,320 --> 00:14:26,320 you're signing up what 334 00:14:21,520 --> 00:14:27,910 oh yeah okay so the other addition again 335 00:14:26,320 --> 00:14:29,529 service providers you're looking for the 336 00:14:27,910 --> 00:14:32,800 ones that are credit balance model 337 00:14:29,529 --> 00:14:36,700 providers these are your voids a server 338 00:14:32,800 --> 00:14:38,319 point a few other ones you just have to 339 00:14:36,700 --> 00:14:41,200 duct up though fighters that accept 340 00:14:38,320 --> 00:14:42,640 prepaid Visa MasterCard debit cards what 341 00:14:41,200 --> 00:14:47,589 did you think I was going to say Google 342 00:14:42,640 --> 00:14:51,310 and an anonymous talk I also found out 343 00:14:47,589 --> 00:14:54,250 that PayPal will accept a prepaid debit 344 00:14:51,310 --> 00:14:57,099 gift card as the accounts credit card 345 00:14:54,250 --> 00:15:00,029 this opens up the whole view of other 346 00:14:57,100 --> 00:15:03,760 services that are not cash based 347 00:15:00,029 --> 00:15:04,779 providers and we'll go went out it get 348 00:15:03,760 --> 00:15:07,120 that stuff in a second 349 00:15:04,779 --> 00:15:08,439 fifteen minutes good okay so now that we 350 00:15:07,120 --> 00:15:13,930 know the house in the what so we're 351 00:15:08,440 --> 00:15:16,240 gonna look at how to create so why not 352 00:15:13,930 --> 00:15:17,260 just use tor well social media companies 353 00:15:16,240 --> 00:15:19,420 and other companies tend to be 354 00:15:17,260 --> 00:15:21,459 untrusting of IP addresses as the end 355 00:15:19,420 --> 00:15:23,500 tor point as we probably all know but 356 00:15:21,459 --> 00:15:25,779 what I do find out works really well as 357 00:15:23,500 --> 00:15:30,040 using a hidden tor service such as Open 358 00:15:25,779 --> 00:15:32,980 VPN on anonymously purchased VPS host 359 00:15:30,040 --> 00:15:37,779 then using the VPS host for my 360 00:15:32,980 --> 00:15:39,579 activities I have yet to have an account 361 00:15:37,779 --> 00:15:43,000 completely closed when a malicious 362 00:15:39,579 --> 00:15:45,370 activities are detected this way to the 363 00:15:43,000 --> 00:15:47,860 traditional vp8 fighters there are 364 00:15:45,370 --> 00:15:50,680 others but these are ones I use movin 365 00:15:47,860 --> 00:15:52,720 cash is king when you sign up for just 366 00:15:50,680 --> 00:15:53,890 account number one you don't need any 367 00:15:52,720 --> 00:15:55,480 other information when you're paying 368 00:15:53,890 --> 00:15:58,390 with cash you just mailed a cash with 369 00:15:55,480 --> 00:16:02,500 the account number off and it's good 370 00:15:58,390 --> 00:16:04,329 again a year's worth of service I like 371 00:16:02,500 --> 00:16:09,149 it it does accept also put the prepaid 372 00:16:04,329 --> 00:16:11,319 debit cards private Internet access 373 00:16:09,149 --> 00:16:13,660 again they take gift cards and prepaid 374 00:16:11,320 --> 00:16:16,209 debit cards you just need to sign up 375 00:16:13,660 --> 00:16:18,520 with an anonymous email on both of these 376 00:16:16,209 --> 00:16:21,729 services can be signed up coming from a 377 00:16:18,520 --> 00:16:25,209 tour endpoint so again you want to keep 378 00:16:21,730 --> 00:16:27,100 your communication base covered let's 379 00:16:25,209 --> 00:16:30,099 see there are others is these are just 380 00:16:27,100 --> 00:16:31,949 ones that I know about that I use and I 381 00:16:30,100 --> 00:16:33,860 know they work this is just basic 101 382 00:16:31,949 --> 00:16:35,000 arm 383 00:16:33,860 --> 00:16:36,560 but if you're not gonna keep your 384 00:16:35,000 --> 00:16:38,180 traffic untraceable at the beginning 385 00:16:36,560 --> 00:16:41,689 there's no sense of going to the rest of 386 00:16:38,180 --> 00:16:43,910 the trouble all right so the companies 387 00:16:41,690 --> 00:16:47,960 whatever is required you need a domain 388 00:16:43,910 --> 00:16:53,120 name hosting service email service and 389 00:16:47,960 --> 00:16:55,820 social media profiles so these are some 390 00:16:53,120 --> 00:16:57,770 of the companies I use again they're not 391 00:16:55,820 --> 00:16:59,360 doing anything wrong it's just that I 392 00:16:57,770 --> 00:17:02,960 know they work with the stuff 393 00:16:59,360 --> 00:17:06,140 methodology so prepaid services 394 00:17:02,960 --> 00:17:12,050 Namecheap great all on one service it 395 00:17:06,140 --> 00:17:13,790 gives you DNS VPN hosting email SSL they 396 00:17:12,050 --> 00:17:15,889 have their own SSL it takes a little 397 00:17:13,790 --> 00:17:17,780 manipulation to get let's encrypt to 398 00:17:15,890 --> 00:17:19,459 work but it is possible to get let's you 399 00:17:17,780 --> 00:17:22,280 to work just takes a little 400 00:17:19,459 --> 00:17:26,630 configuration there are others as I said 401 00:17:22,280 --> 00:17:29,120 GoDaddy blue hosting lots and lots of 402 00:17:26,630 --> 00:17:32,300 once again if you're looking for the 403 00:17:29,120 --> 00:17:35,899 credit based model providers they just 404 00:17:32,300 --> 00:17:38,020 always seem to work and again PayPal can 405 00:17:35,900 --> 00:17:44,600 be used to hide monthly service fees 406 00:17:38,020 --> 00:17:46,970 from these prepaid debit cards okay 407 00:17:44,600 --> 00:17:49,010 we're looking to create businesses well 408 00:17:46,970 --> 00:17:51,200 what's any what's better than creating 409 00:17:49,010 --> 00:17:56,000 using G suite business services or 410 00:17:51,200 --> 00:17:58,760 office 365 both to create the company or 411 00:17:56,000 --> 00:18:01,130 run their campaigns both these services 412 00:17:58,760 --> 00:18:05,150 can be part directly or as part of the 413 00:18:01,130 --> 00:18:10,640 VPS domain name providing offer G suite 414 00:18:05,150 --> 00:18:12,410 um it can set up the domain company for 415 00:18:10,640 --> 00:18:14,330 you or as I said it can be used part of 416 00:18:12,410 --> 00:18:16,220 the VPS provider the only thing that's 417 00:18:14,330 --> 00:18:18,260 required is a prepaid debit card the 418 00:18:16,220 --> 00:18:20,840 ability to modify a DNS record if you're 419 00:18:18,260 --> 00:18:22,580 not buying directly from Google or if 420 00:18:20,840 --> 00:18:23,990 you're buying directly from Google then 421 00:18:22,580 --> 00:18:25,820 all you need is an anonymous email 422 00:18:23,990 --> 00:18:27,110 account besides the prepaid debit card 423 00:18:25,820 --> 00:18:32,389 of course you get that with your burner 424 00:18:27,110 --> 00:18:36,949 Android phone office 365 I find it works 425 00:18:32,390 --> 00:18:40,430 brilliantly PayPal so this does require 426 00:18:36,950 --> 00:18:42,170 a burner phone office 365 is one of the 427 00:18:40,430 --> 00:18:43,040 email vendors that do require you to 428 00:18:42,170 --> 00:18:45,770 have a mobile 429 00:18:43,040 --> 00:18:49,190 because well you can't get you know a 430 00:18:45,770 --> 00:18:52,340 mobile phone anonymously let's see it 431 00:18:49,190 --> 00:18:55,250 can be set up as a domain name you'll 432 00:18:52,340 --> 00:18:57,379 see that throughout this talk is Fred 433 00:18:55,250 --> 00:18:58,820 fishmonger com that's just the test 434 00:18:57,380 --> 00:19:01,370 domain I used to create up it's actually 435 00:18:58,820 --> 00:19:02,960 not linked to any of my active campaigns 436 00:19:01,370 --> 00:19:04,219 or long term companies but you can go 437 00:19:02,960 --> 00:19:06,800 ahead and take a look at that domain 438 00:19:04,220 --> 00:19:07,550 their services are out there and stuff 439 00:19:06,800 --> 00:19:09,050 of that nature 440 00:19:07,550 --> 00:19:13,550 see if you can trace it back to myself 441 00:19:09,050 --> 00:19:17,030 I'll be very interested if you can all 442 00:19:13,550 --> 00:19:19,639 right all right let's see uh again other 443 00:19:17,030 --> 00:19:21,770 services you can get VoIP uh services 444 00:19:19,640 --> 00:19:23,900 again this is just another one of my 445 00:19:21,770 --> 00:19:26,980 burner accounts this Yannick again just 446 00:19:23,900 --> 00:19:29,750 needs a mobile phone it's a balance 447 00:19:26,980 --> 00:19:32,330 sorry it's just a balance model there 448 00:19:29,750 --> 00:19:34,430 are survivors that you can use with 449 00:19:32,330 --> 00:19:37,210 certain configurations to modify 450 00:19:34,430 --> 00:19:39,830 spoofing some of them do require a 451 00:19:37,210 --> 00:19:41,990 hardware bit of hosted in your 452 00:19:39,830 --> 00:19:43,460 infrastructure but what does that do 453 00:19:41,990 --> 00:19:45,980 with your voice campaigns when you're 454 00:19:43,460 --> 00:19:47,180 spoofing a company's a number or a 455 00:19:45,980 --> 00:19:49,970 client's number 456 00:19:47,180 --> 00:19:53,750 and again paid for with these prepaid 457 00:19:49,970 --> 00:19:55,130 debit cards with anonymous accounts now 458 00:19:53,750 --> 00:19:57,740 you'll notice that it says auto 459 00:19:55,130 --> 00:19:59,570 recharging is disabled again you want to 460 00:19:57,740 --> 00:20:01,940 make sure that you avoid these 461 00:19:59,570 --> 00:20:03,470 subscriptions on prepaid debit cards 462 00:20:01,940 --> 00:20:07,670 it's one way to get the transactions 463 00:20:03,470 --> 00:20:09,620 rejected alright what else can you do 464 00:20:07,670 --> 00:20:13,700 how about an app or developer account 465 00:20:09,620 --> 00:20:16,699 yep alright so what you need is an Apple 466 00:20:13,700 --> 00:20:19,190 ID 2fa both of those are gained by the 467 00:20:16,700 --> 00:20:20,660 smartphone it's a hundred and seven for 468 00:20:19,190 --> 00:20:23,600 a personal developer account so get a 469 00:20:20,660 --> 00:20:25,910 card for about 110 match the addresses 470 00:20:23,600 --> 00:20:28,280 between the developer account and the 471 00:20:25,910 --> 00:20:30,980 business services I find that using G 472 00:20:28,280 --> 00:20:32,990 suite or office 365 as the email 473 00:20:30,980 --> 00:20:37,590 provider will slide right on through 474 00:20:32,990 --> 00:20:38,740 Apple's authentication or identification 475 00:20:37,590 --> 00:20:42,199 [Music] 476 00:20:38,740 --> 00:20:44,090 you need to keep the burner phone around 477 00:20:42,200 --> 00:20:45,440 for the term of the engagement because 478 00:20:44,090 --> 00:20:49,429 you will need to keep putting in the 479 00:20:45,440 --> 00:20:52,429 token for the two-factor the text 480 00:20:49,430 --> 00:20:54,390 message based boy persists dude work 481 00:20:52,429 --> 00:20:58,710 before you think you're gonna load up 482 00:20:54,390 --> 00:21:01,170 malicious code to apples a store it 483 00:20:58,710 --> 00:21:04,530 won't work they're very very good at 484 00:21:01,170 --> 00:21:06,600 filtering out malicious code but you can 485 00:21:04,530 --> 00:21:10,080 actually send a developer signed app 486 00:21:06,600 --> 00:21:13,740 code to a target bypassing the App Store 487 00:21:10,080 --> 00:21:17,549 an Apple Store Apple can fix this by 488 00:21:13,740 --> 00:21:19,470 actually mailing your code I'll go over 489 00:21:17,549 --> 00:21:21,150 something you can't do but if Apple 490 00:21:19,470 --> 00:21:21,720 actually mailed the code to that fake 491 00:21:21,150 --> 00:21:24,929 address 492 00:21:21,720 --> 00:21:26,370 that address that you provided it this 493 00:21:24,929 --> 00:21:28,230 would blow it out the window because of 494 00:21:26,370 --> 00:21:31,020 the fact that unless you're being really 495 00:21:28,230 --> 00:21:33,090 unethical or paid somebody else to get 496 00:21:31,020 --> 00:21:34,470 someone in trouble okay so really 497 00:21:33,090 --> 00:21:36,059 quickly you're running out of time so I 498 00:21:34,470 --> 00:21:38,010 want to go through tracing what is 499 00:21:36,059 --> 00:21:42,059 required to create these social media 500 00:21:38,010 --> 00:21:42,870 accounts so LinkedIn email address or 501 00:21:42,059 --> 00:21:44,220 Facebook 502 00:21:42,870 --> 00:21:46,199 thus you know Facebook's one of the 503 00:21:44,220 --> 00:21:48,450 gatekeepers to identity one of the 504 00:21:46,200 --> 00:21:50,520 things you can do with LinkedIn you can 505 00:21:48,450 --> 00:21:53,669 actually use a prepaid debit card for a 506 00:21:50,520 --> 00:21:56,070 trial of the recruiter account so if you 507 00:21:53,669 --> 00:21:58,740 have a target you can go ahead create 508 00:21:56,070 --> 00:22:01,530 this anonymous and triple email address 509 00:21:58,740 --> 00:22:03,480 sign in to LinkedIn use a prepaid debit 510 00:22:01,530 --> 00:22:06,059 card when you're offered to the trial 511 00:22:03,480 --> 00:22:07,860 just cancel it in 30 days and you can 512 00:22:06,059 --> 00:22:11,610 just go through as a recruiter pulling 513 00:22:07,860 --> 00:22:14,399 out company contacts Gmail it requires a 514 00:22:11,610 --> 00:22:17,580 mobile number a lot of email providers 515 00:22:14,400 --> 00:22:18,059 now require mobile numbers or email 516 00:22:17,580 --> 00:22:19,530 address 517 00:22:18,059 --> 00:22:21,149 actually one thing I did notice in Gmail 518 00:22:19,530 --> 00:22:22,770 if you're logged in as a with a gmail 519 00:22:21,150 --> 00:22:24,299 account you can go ahead and create 520 00:22:22,770 --> 00:22:24,740 other gmail accounts it's no problem at 521 00:22:24,299 --> 00:22:28,200 all 522 00:22:24,740 --> 00:22:31,559 beautiful Twitter just email paypal 523 00:22:28,200 --> 00:22:33,179 email address mobile number they will 524 00:22:31,559 --> 00:22:35,250 keep sending you multiple text messages 525 00:22:33,179 --> 00:22:36,960 if you do not validate your account 526 00:22:35,250 --> 00:22:38,730 which you can't because you don't want 527 00:22:36,960 --> 00:22:41,750 to what the prepaid debit cards work 528 00:22:38,730 --> 00:22:44,340 brilliantly on these services Facebook 529 00:22:41,750 --> 00:22:46,980 because well that's one of the 530 00:22:44,340 --> 00:22:49,559 gatekeepers mobile number or a company 531 00:22:46,980 --> 00:22:51,360 domain name if you're using like the 532 00:22:49,559 --> 00:22:54,840 Gmail account or a third party company 533 00:22:51,360 --> 00:22:58,918 these Facebook does require a picture 534 00:22:54,840 --> 00:23:00,480 identification proof but you just use a 535 00:22:58,919 --> 00:23:02,230 mobile app and you're good to go to 536 00:23:00,480 --> 00:23:04,570 create the Facebook accounts 537 00:23:02,230 --> 00:23:06,790 um every once in a while facebook will 538 00:23:04,570 --> 00:23:09,490 ask to send a code to the phone number 539 00:23:06,790 --> 00:23:12,659 but I just clicked I don't have that 540 00:23:09,490 --> 00:23:15,549 number anymore to bypass the check and 541 00:23:12,660 --> 00:23:17,799 they never seem to ask me to change the 542 00:23:15,549 --> 00:23:18,639 phone number on the account so you can 543 00:23:17,799 --> 00:23:22,210 keep them around forever 544 00:23:18,640 --> 00:23:24,010 okay what about no well things you can't 545 00:23:22,210 --> 00:23:25,660 get you can't get code signing server 546 00:23:24,010 --> 00:23:27,220 you can't get a business or thing it 547 00:23:25,660 --> 00:23:29,770 requires identification and as I said 548 00:23:27,220 --> 00:23:33,130 you cannot get a Google business on 549 00:23:29,770 --> 00:23:36,340 Google Maps they will send they require 550 00:23:33,130 --> 00:23:38,100 a code to be mailed to you so unless you 551 00:23:36,340 --> 00:23:40,600 have done some manipulation with a 552 00:23:38,100 --> 00:23:47,080 business you can't get that code so 553 00:23:40,600 --> 00:23:49,959 don't try okay I'm done all right so 554 00:23:47,080 --> 00:23:53,080 here's my contact I do I know I do right 555 00:23:49,960 --> 00:23:54,970 I did very quickly ramble at you as I 556 00:23:53,080 --> 00:23:56,889 said this was a 25 minute cliff notes up 557 00:23:54,970 --> 00:23:58,840 the 45 minute talk if anyone has any 558 00:23:56,890 --> 00:24:00,340 questions or anything please contact me 559 00:23:58,840 --> 00:24:02,439 or talk to me at the con I will gladly 560 00:24:00,340 --> 00:24:04,480 fill in especially if it has to do with 561 00:24:02,440 --> 00:24:06,549 the extra steps you have to do to 562 00:24:04,480 --> 00:24:07,179 protect people that are with people of 563 00:24:06,549 --> 00:24:09,429 abuse 564 00:24:07,179 --> 00:24:12,270 well that is my time before you cut me 565 00:24:09,429 --> 00:24:12,270 off thank you 566 00:24:18,639 --> 00:24:22,330 but let's know sake