SlideShare une entreprise Scribd logo

Intelligence Gathering Over Twitter

Brian Baskin
Brian Baskin

This document provides an overview of intelligence gathering capabilities on Twitter. It describes basics of Twitter including how it works, capabilities for searching tweets, analyzing tweet content and metadata, archiving tweets long-term, and performing link analysis on networks of Twitter users. Tools for more advanced analysis including NodeXL, D3.js, and Maltego are also mentioned.

Technologie
1  sur  52
Intelligence Gathering Over Twitter Brian Baskin Jan 2012
Who Am I? • Computer Forensic Examiner – DC3 / DCFL • Senior Consultant – cmdLabs • Published author/coauthor of some books
Overview • Basics of Twitter • Search Capabilities • Dissecting the Tweet • Long-term Archiving • Link Analysis
What is Twitter • Micro-blogging site – 140-character short messages – Twitter : Facebook : SMS : Email – Began in 2006 but already has 200mil users* – As of June 2010: 65m tweets/day, 750 tweets/second – Open design allows access from web or client * http://www.pcmag.com/article2/0,2817,2371826,00.asp
Twitter Clock
Twitter Clock (2011)
Tweet Philosophy • Celebrity-driven approach – Anyone can follow anyone – Focus for many is on collecting followers – One-way relationships instead of two-way (FaceBook/MySpace) • You can follow me, but I don’t have to follow you • Users follow others that interest them – Tweets made by others appear in your “timeline”
Who Uses It • 13% of Online Americans use Twitter* – Up from 8% a year ago – Most between ages of 18-29 – Ethnicity favored to Black and Hispanic – Urban environments more than suburban/rural – Biggest user base: young urban minorities – Large communities around any topic *http://www.pewinternet.org/~/media/Files/Reports/2011/Twit ter%20Update%202011.pdf
Comms Channel • Widely used as a communications channel when others fail (or are censored) – Iran – 2009 – Protests over election results • Twitter to take down site for maintenance • US State Department prompted Twitter to hold-off – Egypt – January 2011 • Protests to overthrow 30-year President and instill democracy
Comms Channel • Used extensively by Anonymous and Occupy movements
Tweets and Replies • Tweets appear in your public timeline • Only shows broadcast tweets or replies to others you follow • Will not include normal messages from people you do not follow
Mentions • When someone tweets your name preceded by @ • If you follow them, shows in timeline • Otherwise, have to check ‘@Mentions’
Retweets • Repeating someone’s message to all of your followers • Old and New Styles – Old: Manually add “RT” or “via” – New: Automatic
Yes, The World Can See It
Protected Accounts • Not viewable by public • Users have to request permission to follow you • Only users allowed to follow you can see your tweets • @Mentions only show up to followers • Tweets do not appear in search
Direct Messages • Private messages sent between two users • ‘D [or DM] User Message’ • Receiver must follow the sender – Possible for uni-directional DMs if both parties don’t follow each other • Message sent through Twitter and email • DM Fails* *http://thenextweb.com/socialmedia/ 2010/08/05/has-twitter-employees- dm-fail-confirmed-shoutout-feature/
Notifications • Users get email notifications when receiving: – New followers – Direct Messages – Often delayed – Not consistent – TweetDeck better
Favorites • Users can star a tweet to save it as a favorite • Anyone can view someone else’s favorite list twitter.com/<user>/favorites
Hash Tags • Popular way of grouping tweets • Simplifies searching • #Keyword – #CyberCrime2012 – #FF (Follow Friday) – #DFIR – #TheWalkingDead
Moving on… • Now that we got the basics out of the way…
Search Capabilities • http[s]://search.twitter.com
Search Limitations • Only search tweets up to about two weeks old • API limits on how many results you can retrieve at one time – Law enforcement request to Twitter can whitelist an LE account to near unlimited results • Very unreliable
Google Search • Google used to provide immediate Twitter search results • Results can span back multiple years • Service died at the start of Google Plus
Anatomy of a Tweet
Anatomy of a Tweet
{"in_reply_to_status_id_str":"57454830603616256","text":"@bbaskin That is an awesome site!","contributors":null,"retweeted":false,"in_reply_to_user_id_str":"1 7442948","id_str":"57476924934590464","entities":{"hashtags":[],"urls":[] ,"user_mentions":[{"screen_name":"bbaskin","indices":[0,8],"id_str":"1744 2948","name":"Brian Baskin","id":17442948}]},"place":null,"coordinates":null,"source":"web"," geo":null,"truncated":false,"created_at":"Mon Apr 11 16:15:41 +0000 2011","in_reply_to_user_id":17442948,"in_reply_to_status_id":574548306036 16256,"favorited":false,"user":{"time_zone":null,"profile_text_color":"33 3333","url":null,"screen_name":“LLRurik","profile_sidebar_fill_color":"DD EEF6","description":"The Other Me.","id_str":"134196003","show_all_inline_media":false,"follow_request_s ent":false,"lang":"en","geo_enabled":false,"profile_background_tile":fals e,"location":"Maryland","contributors_enabled":false,"profile_link_color" :"0084B4","is_translator":false,"statuses_count":1,"profile_sidebar_borde r_color":"C0DEED","followers_count":1,"default_profile":true,"listed_coun t":2,"created_at":"Sat Apr 17 18:26:02 +0000 2010","following":false,"notifications":false,"profile_use_background_ima ge":true,"friends_count":2,"protected":false,"verified":false,"profile_ba ckground_color":"C0DEED","name":"Rurik","profile_background_image_url":"h ttp://a3.twimg.com/a/1302214109/images/themes/theme1/bg.png","fav ourites_count":0,"profile_image_url":"http://a3.twimg.com/profile_imag es/830973443/Rurik-avatarpic-l_normal.png","id":134196003, "default_profile_image":false,"utc_offset":null},"retweet_count":0,"id":5 7476924934590464,"in_reply_to_screen_name":"bbaskin"}, ,
{"in_reply_to_status_id_str":"57454830603616256", "text":"@bbaskin That is an awesome site!", "in_reply_to_user_id_str":"17442948", "id_str":"57476924934590464", "entities":{"hashtags":[],"urls":[],"user_mentions":[{ "screen_name":"bbaskin","indices":[0,8],"id_str":"17442948", "name":"Brian Baskin","id":17442948}]}, "created_at":"Mon Apr 11 16:15:41 +0000 2011", "user":{ "time_zone":null, "url":null, "screen_name":“LLRurik", "description":"The Other Me.", "id_str":"134196003", "location":"Maryland", "created_at":"Sat Apr 17 18:26:02 +0000 2010", "protected":false, "name":“LLRurik", "profile_image_url":"http://a3.twimg.com/profile_images/83 0973443/LLRurik-avatarpic-l_normal.png", } Anatomy Excerpts
Twitter Account Creation • Gives date when any account was created – Chrome plugin (old Twitter only) • https://chrome.google.com/extensions/detail/pfpkfkhhigghmggnhfjdfjiihmeancof?hl=en – http://www.whendidyoujointwitter.com/
TweetDeck
TweetDeck Forensics • %AppData%Tweetdeck.<xyz>Local Store td_26_<username>.db (SQLite Database) – ‘friends’ – Details on all accounts the user follows • Twitter User #, Name, Screen Name, URL to profile image • fUserID (Twitter User #) can show relative age of accounts • Includes accounts that even no longer exist – ‘columns’ – What columns are currently shown to client – ‘lists’ – Lists the user manages • Name, public/private, URL, # of members, description
TweetDeck Forensics • %AppData%Tweetdeck.<xyz>Local Store preferences_<username>.xml – Recently used hash tags: <hashtags hash0="#FF" hash1="#RallyForSanity" hash2="#CyberCrime2012" hash3="#DEFCON" hash4="#OWS" hash5="#stuxnet" /> – Email service: <email service="0" url="https://mail.google.com/mail/"/>
Application Cached Data • Applications cache tweets upon download – If a tweet is deleted a cached copy may still exist in third-party application – Possible for message to be read/repeated even after being deleted at its source – Forensic Caching: • Archivist (http://visitmix.com/labs/archivist-desktop/) • Twinbox – Saves all tweets to Outlook inbox
Tweet Scraping • Tools to automatically collect and save relevant tweets – Archivist (http://visitmix.com/labs/archivist- desktop/) – Twinbox – Saves all tweets to Outlook inbox – Twitter Archive Google Spreadsheet (TAGS) - http://mashe.hawksey.info/2012/01/twitter- archive-tagsv3/
URL Shorteners • Due to size limitation of tweets, URL shorteners are common place – Vector of attack – Most offer preview capability: • http://bit.ly/gAhOlo+ • http://preview.tinyurl.com/62j4zla – http://resolves.me – Universal URL Previewer
Tweet Longer • Due to size limitation of tweets, message extension services are also somewhat common. – TwitLonger hosts extended posts – Hosts on TwitLonger.com – Uses tl.gd domain
Media Hosting • Twitter is limited to just text content. Media services provide image / video hosting – Images: yFrog, TwitPic, Flikr – Video: TwitVid, Twiddeo, Twitc • If tweet is removed media remains • EXIF data remains to be exploited – iCanStalkU.com Janis Krums
Media Hosting • TwitCaps.com – Searches all Twitter media sites – Results are often NSFW
Social Network Mapping • NodeXL – Free mapping tool for Microsoft Excel nodexl.codeplex.com Currently at 1.0.1.196 Marc Smith
NodeXL Associations
NodeXL #CyberCrime2012
D3.js Visualization
D3 Twitter Community Visualizer
Maltego • Professional data analysis tool • “Social Networking Special Ops” - Chris Sumner (Suggy) at BlackHat http://www.securityg33k.com/blog/?p=180 • Mining data from a Twitter scavenger hunt
Take Away Notes • Following someone does not show the entirety of their communications • Targets are notified if you follow/favorite them • Twitter’s search is very impaired • Information spreads beyond core-Twitter site • Follow early and archive tweets using third-party tools for later analysis • Use Link-Analysis to find outliers
Contact Us: e-mail: contact@cmdlabs.com p: 443.451.7330 www.cmdlabs.com 1101 E. 33rd Street, Suite C301 Baltimore, MD 21218 Brian Baskin

Recommandé

Docker Networking: Control plane and Data plane
Docker Networking: Control plane and Data planeDocker Networking: Control plane and Data plane
Docker Networking: Control plane and Data planeDocker, Inc.
 
Kubernetes Introduction
Kubernetes IntroductionKubernetes Introduction
Kubernetes IntroductionPeng Xiao
 
Docker 基礎介紹與實戰
Docker 基礎介紹與實戰Docker 基礎介紹與實戰
Docker 基礎介紹與實戰Bo-Yi Wu
 
[오픈소스컨설팅]RHEL7/CentOS7 Pacemaker기반-HA시스템구성-v1.0
[오픈소스컨설팅]RHEL7/CentOS7 Pacemaker기반-HA시스템구성-v1.0[오픈소스컨설팅]RHEL7/CentOS7 Pacemaker기반-HA시스템구성-v1.0
[오픈소스컨설팅]RHEL7/CentOS7 Pacemaker기반-HA시스템구성-v1.0Ji-Woong Choi
 
YAML Tips For Kubernetes by Neependra Khare
YAML Tips For Kubernetes by Neependra KhareYAML Tips For Kubernetes by Neependra Khare
YAML Tips For Kubernetes by Neependra KhareCodeOps Technologies LLP
 
OpenStack DevStack Configuration localrc local.conf Tutorial
OpenStack DevStack Configuration localrc local.conf TutorialOpenStack DevStack Configuration localrc local.conf Tutorial
OpenStack DevStack Configuration localrc local.conf TutorialSaju Madhavan
 
Getting started with Docker
Getting started with DockerGetting started with Docker
Getting started with DockerRavindu Fernando
 
Docker Container
Docker ContainerDocker Container
Docker ContainerSeung-Hoon Baek
 

Recommandé

Docker Networking: Control plane and Data plane
Docker Networking: Control plane and Data planeDocker Networking: Control plane and Data plane
Docker Networking: Control plane and Data planeDocker, Inc.
 
Kubernetes Introduction
Kubernetes IntroductionKubernetes Introduction
Kubernetes IntroductionPeng Xiao
 
Docker 基礎介紹與實戰
Docker 基礎介紹與實戰Docker 基礎介紹與實戰
Docker 基礎介紹與實戰Bo-Yi Wu
 
[오픈소스컨설팅]RHEL7/CentOS7 Pacemaker기반-HA시스템구성-v1.0
[오픈소스컨설팅]RHEL7/CentOS7 Pacemaker기반-HA시스템구성-v1.0[오픈소스컨설팅]RHEL7/CentOS7 Pacemaker기반-HA시스템구성-v1.0
[오픈소스컨설팅]RHEL7/CentOS7 Pacemaker기반-HA시스템구성-v1.0Ji-Woong Choi
 
YAML Tips For Kubernetes by Neependra Khare
YAML Tips For Kubernetes by Neependra KhareYAML Tips For Kubernetes by Neependra Khare
YAML Tips For Kubernetes by Neependra KhareCodeOps Technologies LLP
 
OpenStack DevStack Configuration localrc local.conf Tutorial
OpenStack DevStack Configuration localrc local.conf TutorialOpenStack DevStack Configuration localrc local.conf Tutorial
OpenStack DevStack Configuration localrc local.conf TutorialSaju Madhavan
 
Getting started with Docker
Getting started with DockerGetting started with Docker
Getting started with DockerRavindu Fernando
 
Docker Container
Docker ContainerDocker Container
Docker ContainerSeung-Hoon Baek
 
Linux privilege escalation
Linux privilege escalationLinux privilege escalation
Linux privilege escalationSongchaiDuangpan
 
Docker Networking
Docker NetworkingDocker Networking
Docker NetworkingKingston Smiler
 
Enable DPDK and SR-IOV for containerized virtual network functions with zun
Enable DPDK and SR-IOV for containerized virtual network functions with zunEnable DPDK and SR-IOV for containerized virtual network functions with zun
Enable DPDK and SR-IOV for containerized virtual network functions with zunheut2008
 
NGINX ADC: Basics and Best Practices
NGINX ADC: Basics and Best PracticesNGINX ADC: Basics and Best Practices
NGINX ADC: Basics and Best PracticesNGINX, Inc.
 
Cours java avance avancé thread arraylist
Cours java avance avancé thread arraylistCours java avance avancé thread arraylist
Cours java avance avancé thread arraylistHoussem Hamrouni
 
Gitlab Training with GIT and SourceTree
Gitlab Training with GIT and SourceTreeGitlab Training with GIT and SourceTree
Gitlab Training with GIT and SourceTreeTeerapat Khunpech
 
Introduction to Docker
Introduction to DockerIntroduction to Docker
Introduction to DockerAditya Konarde
 
CI/CD Overview
CI/CD OverviewCI/CD Overview
CI/CD OverviewAn Nguyen
 
Kubernetes internals (Kubernetes 해부하기)
Kubernetes internals (Kubernetes 해부하기)Kubernetes internals (Kubernetes 해부하기)
Kubernetes internals (Kubernetes 해부하기)DongHyeon Kim
 
주니어의 쿠버네티스 생태계에서 살아남기
주니어의 쿠버네티스 생태계에서 살아남기주니어의 쿠버네티스 생태계에서 살아남기
주니어의 쿠버네티스 생태계에서 살아남기InfraEngineer
 
PCP
PCPPCP
PCPBuland Singh
 
Kubernetes
KubernetesKubernetes
Kuberneteserialc_w
 
Deeper Dive in Docker Overlay Networks
Deeper Dive in Docker Overlay NetworksDeeper Dive in Docker Overlay Networks
Deeper Dive in Docker Overlay NetworksDocker, Inc.
 
[KubeCon EU 2020] containerd Deep Dive
[KubeCon EU 2020] containerd Deep Dive[KubeCon EU 2020] containerd Deep Dive
[KubeCon EU 2020] containerd Deep DiveAkihiro Suda
 
Introduction to container based virtualization with docker
Introduction to container based virtualization with dockerIntroduction to container based virtualization with docker
Introduction to container based virtualization with dockerBangladesh Network Operators Group
 
Docker Advanced registry usage
Docker Advanced registry usageDocker Advanced registry usage
Docker Advanced registry usageDocker, Inc.
 
Docker - un outil pour faciliter le développement et le déploiement informatique
Docker - un outil pour faciliter le développement et le déploiement informatiqueDocker - un outil pour faciliter le développement et le déploiement informatique
Docker - un outil pour faciliter le développement et le déploiement informatiquesdenier
 
[오픈소스컨설팅] Open Stack Ceph, Neutron, HA, Multi-Region
[오픈소스컨설팅] Open Stack Ceph, Neutron, HA, Multi-Region[오픈소스컨설팅] Open Stack Ceph, Neutron, HA, Multi-Region
[오픈소스컨설팅] Open Stack Ceph, Neutron, HA, Multi-RegionJi-Woong Choi
 
Mininet introduction
Mininet introductionMininet introduction
Mininet introductionVipin Gupta
 
Introduction to Qt
Introduction to QtIntroduction to Qt
Introduction to QtPuja Pramudya
 
Java bytecode Malware Analysis
Java bytecode Malware AnalysisJava bytecode Malware Analysis
Java bytecode Malware AnalysisBrian Baskin
 
P2P Forensics
P2P ForensicsP2P Forensics
P2P ForensicsBrian Baskin
 

Contenu connexe

Tendances

Linux privilege escalation
Linux privilege escalationLinux privilege escalation
Linux privilege escalationSongchaiDuangpan
 
Enable DPDK and SR-IOV for containerized virtual network functions with zun
Enable DPDK and SR-IOV for containerized virtual network functions with zunEnable DPDK and SR-IOV for containerized virtual network functions with zun
Enable DPDK and SR-IOV for containerized virtual network functions with zunheut2008
 
NGINX ADC: Basics and Best Practices
NGINX ADC: Basics and Best PracticesNGINX ADC: Basics and Best Practices
NGINX ADC: Basics and Best PracticesNGINX, Inc.
 
Cours java avance avancé thread arraylist
Cours java avance avancé thread arraylistCours java avance avancé thread arraylist
Cours java avance avancé thread arraylistHoussem Hamrouni
 
Gitlab Training with GIT and SourceTree
Gitlab Training with GIT and SourceTreeGitlab Training with GIT and SourceTree
Gitlab Training with GIT and SourceTreeTeerapat Khunpech
 
Introduction to Docker
Introduction to DockerIntroduction to Docker
Introduction to DockerAditya Konarde
 
CI/CD Overview
CI/CD OverviewCI/CD Overview
CI/CD OverviewAn Nguyen
 
Kubernetes internals (Kubernetes 해부하기)
Kubernetes internals (Kubernetes 해부하기)Kubernetes internals (Kubernetes 해부하기)
Kubernetes internals (Kubernetes 해부하기)DongHyeon Kim
 
주니어의 쿠버네티스 생태계에서 살아남기
주니어의 쿠버네티스 생태계에서 살아남기주니어의 쿠버네티스 생태계에서 살아남기
주니어의 쿠버네티스 생태계에서 살아남기InfraEngineer
 
Kubernetes
KubernetesKubernetes
Kuberneteserialc_w
 
Deeper Dive in Docker Overlay Networks
Deeper Dive in Docker Overlay NetworksDeeper Dive in Docker Overlay Networks
Deeper Dive in Docker Overlay NetworksDocker, Inc.
 
[KubeCon EU 2020] containerd Deep Dive
[KubeCon EU 2020] containerd Deep Dive[KubeCon EU 2020] containerd Deep Dive
[KubeCon EU 2020] containerd Deep DiveAkihiro Suda
 
Docker Advanced registry usage
Docker Advanced registry usageDocker Advanced registry usage
Docker Advanced registry usageDocker, Inc.
 
Docker - un outil pour faciliter le développement et le déploiement informatique
Docker - un outil pour faciliter le développement et le déploiement informatiqueDocker - un outil pour faciliter le développement et le déploiement informatique
Docker - un outil pour faciliter le développement et le déploiement informatiquesdenier
 
[오픈소스컨설팅] Open Stack Ceph, Neutron, HA, Multi-Region
[오픈소스컨설팅] Open Stack Ceph, Neutron, HA, Multi-Region[오픈소스컨설팅] Open Stack Ceph, Neutron, HA, Multi-Region
[오픈소스컨설팅] Open Stack Ceph, Neutron, HA, Multi-RegionJi-Woong Choi
 
Mininet introduction
Mininet introductionMininet introduction
Mininet introductionVipin Gupta
 

Tendances (20)

Linux privilege escalation
Linux privilege escalationLinux privilege escalation
Linux privilege escalation
 
Docker Networking
Docker NetworkingDocker Networking
Docker Networking
 
Enable DPDK and SR-IOV for containerized virtual network functions with zun
Enable DPDK and SR-IOV for containerized virtual network functions with zunEnable DPDK and SR-IOV for containerized virtual network functions with zun
Enable DPDK and SR-IOV for containerized virtual network functions with zun
 
NGINX ADC: Basics and Best Practices
NGINX ADC: Basics and Best PracticesNGINX ADC: Basics and Best Practices
NGINX ADC: Basics and Best Practices
 
Cours java avance avancé thread arraylist
Cours java avance avancé thread arraylistCours java avance avancé thread arraylist
Cours java avance avancé thread arraylist
 
Gitlab Training with GIT and SourceTree
Gitlab Training with GIT and SourceTreeGitlab Training with GIT and SourceTree
Gitlab Training with GIT and SourceTree
 
Introduction to Docker
Introduction to DockerIntroduction to Docker
Introduction to Docker
 
CI/CD Overview
CI/CD OverviewCI/CD Overview
CI/CD Overview
 
Kubernetes internals (Kubernetes 해부하기)
Kubernetes internals (Kubernetes 해부하기)Kubernetes internals (Kubernetes 해부하기)
Kubernetes internals (Kubernetes 해부하기)
 
주니어의 쿠버네티스 생태계에서 살아남기
주니어의 쿠버네티스 생태계에서 살아남기주니어의 쿠버네티스 생태계에서 살아남기
주니어의 쿠버네티스 생태계에서 살아남기
 
PCP
PCPPCP
PCP
 
Kubernetes
KubernetesKubernetes
Kubernetes
 
Deeper Dive in Docker Overlay Networks
Deeper Dive in Docker Overlay NetworksDeeper Dive in Docker Overlay Networks
Deeper Dive in Docker Overlay Networks
 
[KubeCon EU 2020] containerd Deep Dive
[KubeCon EU 2020] containerd Deep Dive[KubeCon EU 2020] containerd Deep Dive
[KubeCon EU 2020] containerd Deep Dive
 
Introduction to container based virtualization with docker
Introduction to container based virtualization with dockerIntroduction to container based virtualization with docker
Introduction to container based virtualization with docker
 
Docker Advanced registry usage
Docker Advanced registry usageDocker Advanced registry usage
Docker Advanced registry usage
 
Docker - un outil pour faciliter le développement et le déploiement informatique
Docker - un outil pour faciliter le développement et le déploiement informatiqueDocker - un outil pour faciliter le développement et le déploiement informatique
Docker - un outil pour faciliter le développement et le déploiement informatique
 
[오픈소스컨설팅] Open Stack Ceph, Neutron, HA, Multi-Region
[오픈소스컨설팅] Open Stack Ceph, Neutron, HA, Multi-Region[오픈소스컨설팅] Open Stack Ceph, Neutron, HA, Multi-Region
[오픈소스컨설팅] Open Stack Ceph, Neutron, HA, Multi-Region
 
Mininet introduction
Mininet introductionMininet introduction
Mininet introduction
 
Introduction to Qt
Introduction to QtIntroduction to Qt
Introduction to Qt
 

En vedette

Java bytecode Malware Analysis
Java bytecode Malware AnalysisJava bytecode Malware Analysis
Java bytecode Malware AnalysisBrian Baskin
 
Casual Cyber Crime
Casual Cyber CrimeCasual Cyber Crime
Casual Cyber CrimeBrian Baskin
 
The magic world of APT 0.6 - Pompili
The magic world of APT 0.6 - Pompili The magic world of APT 0.6 - Pompili
The magic world of APT 0.6 - Pompili Codemotion
 
The Dark Side of Malware Analysis - Andrea Pompili - Codemotion Rome 2015
The Dark Side of Malware Analysis - Andrea Pompili - Codemotion Rome 2015The Dark Side of Malware Analysis - Andrea Pompili - Codemotion Rome 2015
The Dark Side of Malware Analysis - Andrea Pompili - Codemotion Rome 2015Codemotion
 
Security in OSGi applications: Robust OSGi Platforms, secure Bundles
Security in OSGi applications: Robust OSGi Platforms, secure BundlesSecurity in OSGi applications: Robust OSGi Platforms, secure Bundles
Security in OSGi applications: Robust OSGi Platforms, secure BundlesKai Hackbarth
 
Building Custom Android Malware BruCON 2013
Building Custom Android Malware BruCON 2013Building Custom Android Malware BruCON 2013
Building Custom Android Malware BruCON 2013Stephan Chenette
 
Black Hat 2015 Arsenal: Noriben Malware Analysis
Black Hat 2015 Arsenal: Noriben Malware AnalysisBlack Hat 2015 Arsenal: Noriben Malware Analysis
Black Hat 2015 Arsenal: Noriben Malware AnalysisBrian Baskin
 
Forensic Analyst
Forensic AnalystForensic Analyst
Forensic AnalystBaileyShupe
 
Crime Scene Investigation
Crime Scene InvestigationCrime Scene Investigation
Crime Scene InvestigationLovable Raisin
 
B. ConcurSOL "Fundamentos de Energía Solar" (Dr Piacentini Rubén)
B. ConcurSOL "Fundamentos de Energía Solar" (Dr Piacentini Rubén)B. ConcurSOL "Fundamentos de Energía Solar" (Dr Piacentini Rubén)
B. ConcurSOL "Fundamentos de Energía Solar" (Dr Piacentini Rubén)IRICE CONICET
 
9147KR - Alternatives Consulting Panel Brochure AW
9147KR - Alternatives Consulting Panel Brochure AW9147KR - Alternatives Consulting Panel Brochure AW
9147KR - Alternatives Consulting Panel Brochure AWLeanne Bradley
 
Rúbrica foro-paysandú
Rúbrica foro-paysandúRúbrica foro-paysandú
Rúbrica foro-paysandúctepay
 
All+unit+1+test+english math-science+review+smt1+2015+grade+3-exercises
All+unit+1+test+english math-science+review+smt1+2015+grade+3-exercisesAll+unit+1+test+english math-science+review+smt1+2015+grade+3-exercises
All+unit+1+test+english math-science+review+smt1+2015+grade+3-exercisesFahmi Awaludin
 
Workshop-Brandlive en eModa Day
Workshop-Brandlive en eModa Day Workshop-Brandlive en eModa Day
Workshop-Brandlive en eModa Day VTEX Latam
 
Informe de administracion
Informe de administracionInforme de administracion
Informe de administraciongracealmao
 

En vedette (20)

Java bytecode Malware Analysis
Java bytecode Malware AnalysisJava bytecode Malware Analysis
Java bytecode Malware Analysis
 
P2P Forensics
P2P ForensicsP2P Forensics
P2P Forensics
 
Casual Cyber Crime
Casual Cyber CrimeCasual Cyber Crime
Casual Cyber Crime
 
A2 Cloning animals
A2 Cloning animalsA2 Cloning animals
A2 Cloning animals
 
The magic world of APT 0.6 - Pompili
The magic world of APT 0.6 - Pompili The magic world of APT 0.6 - Pompili
The magic world of APT 0.6 - Pompili
 
The Dark Side of Malware Analysis - Andrea Pompili - Codemotion Rome 2015
The Dark Side of Malware Analysis - Andrea Pompili - Codemotion Rome 2015The Dark Side of Malware Analysis - Andrea Pompili - Codemotion Rome 2015
The Dark Side of Malware Analysis - Andrea Pompili - Codemotion Rome 2015
 
Security in OSGi applications: Robust OSGi Platforms, secure Bundles
Security in OSGi applications: Robust OSGi Platforms, secure BundlesSecurity in OSGi applications: Robust OSGi Platforms, secure Bundles
Security in OSGi applications: Robust OSGi Platforms, secure Bundles
 
Building Custom Android Malware BruCON 2013
Building Custom Android Malware BruCON 2013Building Custom Android Malware BruCON 2013
Building Custom Android Malware BruCON 2013
 
Black Hat 2015 Arsenal: Noriben Malware Analysis
Black Hat 2015 Arsenal: Noriben Malware AnalysisBlack Hat 2015 Arsenal: Noriben Malware Analysis
Black Hat 2015 Arsenal: Noriben Malware Analysis
 
Forensic Analyst
Forensic AnalystForensic Analyst
Forensic Analyst
 
Crime Scene Investigation
Crime Scene InvestigationCrime Scene Investigation
Crime Scene Investigation
 
B. ConcurSOL "Fundamentos de Energía Solar" (Dr Piacentini Rubén)
B. ConcurSOL "Fundamentos de Energía Solar" (Dr Piacentini Rubén)B. ConcurSOL "Fundamentos de Energía Solar" (Dr Piacentini Rubén)
B. ConcurSOL "Fundamentos de Energía Solar" (Dr Piacentini Rubén)
 
9147KR - Alternatives Consulting Panel Brochure AW
9147KR - Alternatives Consulting Panel Brochure AW9147KR - Alternatives Consulting Panel Brochure AW
9147KR - Alternatives Consulting Panel Brochure AW
 
Rúbrica foro-paysandú
Rúbrica foro-paysandúRúbrica foro-paysandú
Rúbrica foro-paysandú
 
Proyecto excitación y qi gong
Proyecto excitación y qi gongProyecto excitación y qi gong
Proyecto excitación y qi gong
 
All+unit+1+test+english math-science+review+smt1+2015+grade+3-exercises
All+unit+1+test+english math-science+review+smt1+2015+grade+3-exercisesAll+unit+1+test+english math-science+review+smt1+2015+grade+3-exercises
All+unit+1+test+english math-science+review+smt1+2015+grade+3-exercises
 
5. teen star resumen
5. teen star resumen5. teen star resumen
5. teen star resumen
 
Workshop-Brandlive en eModa Day
Workshop-Brandlive en eModa Day Workshop-Brandlive en eModa Day
Workshop-Brandlive en eModa Day
 
TTW Media Kit Email
TTW Media Kit EmailTTW Media Kit Email
TTW Media Kit Email
 
Informe de administracion
Informe de administracionInforme de administracion
Informe de administracion
 

Similaire à Intelligence Gathering Over Twitter

Twitter in teaching and learning by dr.c.thanavathi
Twitter in teaching and learning by dr.c.thanavathiTwitter in teaching and learning by dr.c.thanavathi
Twitter in teaching and learning by dr.c.thanavathiThanavathi C
 
Twitter 101 - sending your first tweet
Twitter 101 - sending your first tweetTwitter 101 - sending your first tweet
Twitter 101 - sending your first tweetStephanie Butler
 
Twitter for Educators - Why Start Now (2012)
Twitter for Educators - Why Start Now (2012)Twitter for Educators - Why Start Now (2012)
Twitter for Educators - Why Start Now (2012)Kurtis Hewson
 
Twitter: A Hands-On Learning Session for Researcher
Twitter: A Hands-On Learning Session for ResearcherTwitter: A Hands-On Learning Session for Researcher
Twitter: A Hands-On Learning Session for ResearcherKMb Unit, York University
 
Social Media & International Justice
Social Media & International JusticeSocial Media & International Justice
Social Media & International JusticeRobin Johnson
 
How not to be all a flutter about Twitter
How not to be all a flutter about TwitterHow not to be all a flutter about Twitter
How not to be all a flutter about TwitterMargaret Hazel
 
Social Media Workshop 3: Twitter A bird's eye view
Social Media Workshop 3: Twitter A bird's eye viewSocial Media Workshop 3: Twitter A bird's eye view
Social Media Workshop 3: Twitter A bird's eye viewLeRoy Hill
 
Twitter for Business Talk 2012
Twitter for Business Talk 2012Twitter for Business Talk 2012
Twitter for Business Talk 2012Karen Kefauver
 
The Social Media Cheat Sheet - The Daily Social Media Workouts v3
The Social Media Cheat Sheet - The Daily Social Media Workouts v3The Social Media Cheat Sheet - The Daily Social Media Workouts v3
The Social Media Cheat Sheet - The Daily Social Media Workouts v3Lightspan Digital
 
Who gives a tweet? RGU 2014
Who gives a tweet? RGU 2014Who gives a tweet? RGU 2014
Who gives a tweet? RGU 2014Karen Strickland
 
Twitter Technical Training - St. Edward's University Instructional Technology
Twitter Technical Training - St. Edward's University Instructional TechnologyTwitter Technical Training - St. Edward's University Instructional Technology
Twitter Technical Training - St. Edward's University Instructional TechnologyMegan Ura
 
Twitter: A Hands On Learning Session for Researchers
Twitter: A Hands On Learning Session for ResearchersTwitter: A Hands On Learning Session for Researchers
Twitter: A Hands On Learning Session for ResearchersKMb Unit, York University
 

Similaire à Intelligence Gathering Over Twitter (20)

what is-twitter
what is-twitterwhat is-twitter
what is-twitter
 
Twitter in teaching and learning by dr.c.thanavathi
Twitter in teaching and learning by dr.c.thanavathiTwitter in teaching and learning by dr.c.thanavathi
Twitter in teaching and learning by dr.c.thanavathi
 
Twitter 101 - sending your first tweet
Twitter 101 - sending your first tweetTwitter 101 - sending your first tweet
Twitter 101 - sending your first tweet
 
Twitter 101
Twitter 101Twitter 101
Twitter 101
 
Twitter For Journalists
Twitter For JournalistsTwitter For Journalists
Twitter For Journalists
 
Twitter for Educators - Why Start Now (2012)
Twitter for Educators - Why Start Now (2012)Twitter for Educators - Why Start Now (2012)
Twitter for Educators - Why Start Now (2012)
 
Twitter: A Hands-On Learning Session for Researcher
Twitter: A Hands-On Learning Session for ResearcherTwitter: A Hands-On Learning Session for Researcher
Twitter: A Hands-On Learning Session for Researcher
 
Cdo
CdoCdo
Cdo
 
Social Media & International Justice
Social Media & International JusticeSocial Media & International Justice
Social Media & International Justice
 
How not to be all a flutter about Twitter
How not to be all a flutter about TwitterHow not to be all a flutter about Twitter
How not to be all a flutter about Twitter
 
Tweet 2
Tweet 2Tweet 2
Tweet 2
 
Social Media Workshop 3: Twitter A bird's eye view
Social Media Workshop 3: Twitter A bird's eye viewSocial Media Workshop 3: Twitter A bird's eye view
Social Media Workshop 3: Twitter A bird's eye view
 
Twitter for Business Talk 2012
Twitter for Business Talk 2012Twitter for Business Talk 2012
Twitter for Business Talk 2012
 
The Social Media Cheat Sheet - The Daily Social Media Workouts v3
The Social Media Cheat Sheet - The Daily Social Media Workouts v3The Social Media Cheat Sheet - The Daily Social Media Workouts v3
The Social Media Cheat Sheet - The Daily Social Media Workouts v3
 
Who gives a tweet? RGU 2014
Who gives a tweet? RGU 2014Who gives a tweet? RGU 2014
Who gives a tweet? RGU 2014
 
Twitter pp
Twitter ppTwitter pp
Twitter pp
 
Twitter Technical Training - St. Edward's University Instructional Technology
Twitter Technical Training - St. Edward's University Instructional TechnologyTwitter Technical Training - St. Edward's University Instructional Technology
Twitter Technical Training - St. Edward's University Instructional Technology
 
18apps
18apps18apps
18apps
 
Twitter: A Hands On Learning Session for Researchers
Twitter: A Hands On Learning Session for ResearchersTwitter: A Hands On Learning Session for Researchers
Twitter: A Hands On Learning Session for Researchers
 
Twiter101[1]
Twiter101[1]Twiter101[1]
Twiter101[1]
 

Dernier

Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 

Dernier (20)

Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 

Intelligence Gathering Over Twitter

  • 2. Who Am I? • Computer Forensic Examiner – DC3 / DCFL • Senior Consultant – cmdLabs • Published author/coauthor of some books
  • 3. Overview • Basics of Twitter • Search Capabilities • Dissecting the Tweet • Long-term Archiving • Link Analysis
  • 4. What is Twitter • Micro-blogging site – 140-character short messages – Twitter : Facebook : SMS : Email – Began in 2006 but already has 200mil users* – As of June 2010: 65m tweets/day, 750 tweets/second – Open design allows access from web or client * http://www.pcmag.com/article2/0,2817,2371826,00.asp
  • 7. Tweet Philosophy • Celebrity-driven approach – Anyone can follow anyone – Focus for many is on collecting followers – One-way relationships instead of two-way (FaceBook/MySpace) • You can follow me, but I don’t have to follow you • Users follow others that interest them – Tweets made by others appear in your “timeline”
  • 8. Who Uses It • 13% of Online Americans use Twitter* – Up from 8% a year ago – Most between ages of 18-29 – Ethnicity favored to Black and Hispanic – Urban environments more than suburban/rural – Biggest user base: young urban minorities – Large communities around any topic *http://www.pewinternet.org/~/media/Files/Reports/2011/Twit ter%20Update%202011.pdf
  • 9. Comms Channel • Widely used as a communications channel when others fail (or are censored) – Iran – 2009 – Protests over election results • Twitter to take down site for maintenance • US State Department prompted Twitter to hold-off – Egypt – January 2011 • Protests to overthrow 30-year President and instill democracy
  • 10. Comms Channel • Used extensively by Anonymous and Occupy movements
  • 11. Tweets and Replies • Tweets appear in your public timeline • Only shows broadcast tweets or replies to others you follow • Will not include normal messages from people you do not follow
  • 12. Mentions • When someone tweets your name preceded by @ • If you follow them, shows in timeline • Otherwise, have to check ‘@Mentions’
  • 13. Retweets • Repeating someone’s message to all of your followers • Old and New Styles – Old: Manually add “RT” or “via” – New: Automatic
  • 14. Yes, The World Can See It
  • 15. Protected Accounts • Not viewable by public • Users have to request permission to follow you • Only users allowed to follow you can see your tweets • @Mentions only show up to followers • Tweets do not appear in search
  • 16. Direct Messages • Private messages sent between two users • ‘D [or DM] User Message’ • Receiver must follow the sender – Possible for uni-directional DMs if both parties don’t follow each other • Message sent through Twitter and email • DM Fails* *http://thenextweb.com/socialmedia/ 2010/08/05/has-twitter-employees- dm-fail-confirmed-shoutout-feature/
  • 17. Notifications • Users get email notifications when receiving: – New followers – Direct Messages – Often delayed – Not consistent – TweetDeck better
  • 18. Favorites • Users can star a tweet to save it as a favorite • Anyone can view someone else’s favorite list twitter.com/<user>/favorites
  • 19. Hash Tags • Popular way of grouping tweets • Simplifies searching • #Keyword – #CyberCrime2012 – #FF (Follow Friday) – #DFIR – #TheWalkingDead
  • 20. Moving on… • Now that we got the basics out of the way…
  • 22. Search Limitations • Only search tweets up to about two weeks old • API limits on how many results you can retrieve at one time – Law enforcement request to Twitter can whitelist an LE account to near unlimited results • Very unreliable
  • 23. Google Search • Google used to provide immediate Twitter search results • Results can span back multiple years • Service died at the start of Google Plus
  • 24. Anatomy of a Tweet
  • 25. Anatomy of a Tweet
  • 26.
  • 27. {"in_reply_to_status_id_str":"57454830603616256","text":"@bbaskin That is an awesome site!","contributors":null,"retweeted":false,"in_reply_to_user_id_str":"1 7442948","id_str":"57476924934590464","entities":{"hashtags":[],"urls":[] ,"user_mentions":[{"screen_name":"bbaskin","indices":[0,8],"id_str":"1744 2948","name":"Brian Baskin","id":17442948}]},"place":null,"coordinates":null,"source":"web"," geo":null,"truncated":false,"created_at":"Mon Apr 11 16:15:41 +0000 2011","in_reply_to_user_id":17442948,"in_reply_to_status_id":574548306036 16256,"favorited":false,"user":{"time_zone":null,"profile_text_color":"33 3333","url":null,"screen_name":“LLRurik","profile_sidebar_fill_color":"DD EEF6","description":"The Other Me.","id_str":"134196003","show_all_inline_media":false,"follow_request_s ent":false,"lang":"en","geo_enabled":false,"profile_background_tile":fals e,"location":"Maryland","contributors_enabled":false,"profile_link_color" :"0084B4","is_translator":false,"statuses_count":1,"profile_sidebar_borde r_color":"C0DEED","followers_count":1,"default_profile":true,"listed_coun t":2,"created_at":"Sat Apr 17 18:26:02 +0000 2010","following":false,"notifications":false,"profile_use_background_ima ge":true,"friends_count":2,"protected":false,"verified":false,"profile_ba ckground_color":"C0DEED","name":"Rurik","profile_background_image_url":"h ttp://a3.twimg.com/a/1302214109/images/themes/theme1/bg.png","fav ourites_count":0,"profile_image_url":"http://a3.twimg.com/profile_imag es/830973443/Rurik-avatarpic-l_normal.png","id":134196003, "default_profile_image":false,"utc_offset":null},"retweet_count":0,"id":5 7476924934590464,"in_reply_to_screen_name":"bbaskin"}, ,
  • 28. {"in_reply_to_status_id_str":"57454830603616256", "text":"@bbaskin That is an awesome site!", "in_reply_to_user_id_str":"17442948", "id_str":"57476924934590464", "entities":{"hashtags":[],"urls":[],"user_mentions":[{ "screen_name":"bbaskin","indices":[0,8],"id_str":"17442948", "name":"Brian Baskin","id":17442948}]}, "created_at":"Mon Apr 11 16:15:41 +0000 2011", "user":{ "time_zone":null, "url":null, "screen_name":“LLRurik", "description":"The Other Me.", "id_str":"134196003", "location":"Maryland", "created_at":"Sat Apr 17 18:26:02 +0000 2010", "protected":false, "name":“LLRurik", "profile_image_url":"http://a3.twimg.com/profile_images/83 0973443/LLRurik-avatarpic-l_normal.png", } Anatomy Excerpts
  • 29.
  • 30. Twitter Account Creation • Gives date when any account was created – Chrome plugin (old Twitter only) • https://chrome.google.com/extensions/detail/pfpkfkhhigghmggnhfjdfjiihmeancof?hl=en – http://www.whendidyoujointwitter.com/
  • 32. TweetDeck Forensics • %AppData%Tweetdeck.<xyz>Local Store td_26_<username>.db (SQLite Database) – ‘friends’ – Details on all accounts the user follows • Twitter User #, Name, Screen Name, URL to profile image • fUserID (Twitter User #) can show relative age of accounts • Includes accounts that even no longer exist – ‘columns’ – What columns are currently shown to client – ‘lists’ – Lists the user manages • Name, public/private, URL, # of members, description
  • 33. TweetDeck Forensics • %AppData%Tweetdeck.<xyz>Local Store preferences_<username>.xml – Recently used hash tags: <hashtags hash0="#FF" hash1="#RallyForSanity" hash2="#CyberCrime2012" hash3="#DEFCON" hash4="#OWS" hash5="#stuxnet" /> – Email service: <email service="0" url="https://mail.google.com/mail/"/>
  • 34. Application Cached Data • Applications cache tweets upon download – If a tweet is deleted a cached copy may still exist in third-party application – Possible for message to be read/repeated even after being deleted at its source – Forensic Caching: • Archivist (http://visitmix.com/labs/archivist-desktop/) • Twinbox – Saves all tweets to Outlook inbox
  • 35. Tweet Scraping • Tools to automatically collect and save relevant tweets – Archivist (http://visitmix.com/labs/archivist- desktop/) – Twinbox – Saves all tweets to Outlook inbox – Twitter Archive Google Spreadsheet (TAGS) - http://mashe.hawksey.info/2012/01/twitter- archive-tagsv3/
  • 36.
  • 37.
  • 38.
  • 39. URL Shorteners • Due to size limitation of tweets, URL shorteners are common place – Vector of attack – Most offer preview capability: • http://bit.ly/gAhOlo+ • http://preview.tinyurl.com/62j4zla – http://resolves.me – Universal URL Previewer
  • 40.
  • 41.
  • 42. Tweet Longer • Due to size limitation of tweets, message extension services are also somewhat common. – TwitLonger hosts extended posts – Hosts on TwitLonger.com – Uses tl.gd domain
  • 43. Media Hosting • Twitter is limited to just text content. Media services provide image / video hosting – Images: yFrog, TwitPic, Flikr – Video: TwitVid, Twiddeo, Twitc • If tweet is removed media remains • EXIF data remains to be exploited – iCanStalkU.com Janis Krums
  • 44. Media Hosting • TwitCaps.com – Searches all Twitter media sites – Results are often NSFW
  • 45. Social Network Mapping • NodeXL – Free mapping tool for Microsoft Excel nodexl.codeplex.com Currently at 1.0.1.196 Marc Smith
  • 50. Maltego • Professional data analysis tool • “Social Networking Special Ops” - Chris Sumner (Suggy) at BlackHat http://www.securityg33k.com/blog/?p=180 • Mining data from a Twitter scavenger hunt
  • 51. Take Away Notes • Following someone does not show the entirety of their communications • Targets are notified if you follow/favorite them • Twitter’s search is very impaired • Information spreads beyond core-Twitter site • Follow early and archive tweets using third-party tools for later analysis • Use Link-Analysis to find outliers
  • 52. Contact Us: e-mail: contact@cmdlabs.com p: 443.451.7330 www.cmdlabs.com 1101 E. 33rd Street, Suite C301 Baltimore, MD 21218 Brian Baskin