Hide And Seek, Post-Exploitation Style presented at Shmoocon 2013

by Tim Tomes, TJ O'Connor,

Tags: Attack Tool Geolocation

URL : http://www.youtube.com/watch?v=VJTrRMqHU5U?

Summary : Geo-location allows us to translate the virtual location of an object to its physical location on Earth. For benign reasons, applications permit the use of different geo-location techniques. Some methods are transparent to users while others require explicit permission. Our talk briefly covers how geo-location works, discusses specific API Calls and available geo-location databases, and releases several new geo-location tools.
The first tool, Honey Badger, is a robust web based framework built for geo-locating targets. Through native HTML5 and client-side Java, Honey Badger forces the browser to reveal its current physical location to a remote command and control platform. Honey Badger will be released during the talk.
Next, Pushpin is a Python script that scrapes social media around specific geo-coordinates to reveal discussions, images, and videos that might assist during the physical reconnaissance phase of a penetration test. PushPin is currently available.
Finally, we will release a series of Metasploit post/exploitation scripts that can assist in physically identifying a target following a successful compromise. From using a victim’s wireless card against them, to scanning the machine for exif enabled imagery and parsing browser databases – these scripts will assist in getting the “pattern of life” of a hooked victim.