All Ur Base Are Known To Us presented at BsideSLisbon 2013

by Miguel Mota Veiga, André Pinheiro,

Summary : The talk will target different types of information gathering and analysis with the aim to study your target (regardless of your side of the “force”). We will cover some Opensource Tools for data mining, cross validation, social engineering, information gathering and how you can use your l33t h4xor skillz for Intelligence and to profile a target.On a more hands on approach we will present two personal projects where we have been applying the techniques described earlier.The first project will focus how can you “Know your Enemy” and how you can gain advantage over your adversary by analyzing it, studying his behavior, identify patterns, collect information and create scenarios.
We’ll show you how even with and extremely small amount of data we can learn alot about our target, gather new evidence/information, recognize his/their true motivation and, in some cases even identify our final target.
So, if you’re generating some heat, is better to keep your profile low and your guard high. The other project tries to measure the susceptibility of the portuguese population to spam and scams emails.
The project stresses out something important about information gathering: data is not always information, sometimes the process of collection information is the first step to the creation of real information.For this project we will stress the following 4 steps: data collection (gather the emails), data analysis (get the juicy information from your data), increase of information value (performing the spam test / spear phishing) and finally create a report with intelligence and the final conclusions.