An Introduction to Pinworm: Man in the Middle for your Metadata

DEF CON 24

Presented by: bigezy, saci
Date: Sunday August 07, 2016
Time: 14:00 - 14:50
Location: Track Two

What is the root cause of memory and network traffic bloat? Our current research using tools we previously released Badger at Black Hat in 2014 and the Kobra released at BsidesLV 2015 shows a 40 percent increase in outside unique IP traffic destinations and a 400 percent increase in data transmitted towards these destinations. But through the course of the research we found currently used IRP monitoring tools were lacking to help produce enough information to forensically investigate the exfiltration of user metadata. Pinworm is a sniffer that shows all created IRPs created in the kernel in I/O devices. The IRPs are correlated with the processes that created them and the called driver stack. With network traffic data we are off to the races. Using pinworm which we released this week, we will show forensic case studies from cradle to grave of what happens when you do things online in social media sites.

Like all of our previously released tools, Pinworm is a framework including server side code you can use to collect and display user metadata inline in browser frames. Does this metadata collection happen in the browser, in userland, or in the kernel? Come to our talk and find out. We will demonstrate the collection of user metadata and collecting this information in a live browser session. Then we will show you how to intercept your personal data before it leaves your computer keeping your privacy, well, private. BYOTFH (Bring your own tin foil hat).

bigezy

bigezy has spent his career defending critical infrastructure hacking it from the inside to keep things from blowing up. Bigezy got his black badge from DEF CON in 2003. Bigezy currently works as a cyber security researcher at a place where these things are done. During the last 25 years, Bigezy has worked at fortune 500 companies in the electric sector, financial sector, and telecom. He has spoke at numerous conferences worldwide including bsidesLV and the DEF CON Crypto and Privacy village last year. Bigezy is also the president of Hackito Ergo Sum in Paris France. @bigezy_ When you are a one legged boogeyman slash system internals hacker, every kick is a flying kick. Twitter: @bigezy

saci

saci takes pride in his disdain for hypocrisy. We are sure you have seen him around in the usual places, and maybe you think you know who he is. But, you will never quite know who he is until you come to the talk. Twitter: @itsasstime


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats