Website owners identification

Слайд 2

OUR COMPANY

OUR COMPANY

Слайд 3

Clowns and faggots

01

Whoever doesn't want to work as a clown for a

Clowns and faggots 01 Whoever doesn't want to work as a clown
faggot will work as a faggot for a clown. For the same small price. Victor Pelevin.

Слайд 4

Main mission

Identify the owner of the website with picrelated article compromat.group

Main mission Identify the owner of the website with picrelated article compromat.group

Слайд 5

Enumerating similar domains

We started looking for the websites mirroring content from compromat.group

Enumerating similar domains We started looking for the websites mirroring content from
website. Successfully identified:
http://kompromat.group/
https://compromat.pro/
http://Compromat.ws

Слайд 10

VIEWDNS.INFO

Framework for technical OSINT. Reverse IP Lookup, Whois lookup, IP History etc.

VIEWDNS.INFO Framework for technical OSINT. Reverse IP Lookup, Whois lookup, IP History etc.

Слайд 11

IP History results

For compromat.pro website
Russian IP addresses is a win for law

IP History results For compromat.pro website Russian IP addresses is a win
enforcement, but we needed to go deeper

Слайд 12

Bypassing Cloudflare IP protection

Most of the websites we have identified used

Bypassing Cloudflare IP protection Most of the websites we have identified used
Cloudflare IP protection. So we came up with using WAF Bypass tool
https://github.com/vincentcox/bypass-firewalls-by-DNS-history

Слайд 13

WAF Bypass

This script will try to find:
- the direct IP address

WAF Bypass This script will try to find: - the direct IP
of a server behind a firewall like Cloudflare, Incapsula, SUCURI ...
- an old server which still running the same (inactive and unmaintained) website, not receiving active traffic because the A DNS record is not pointing towards it

Слайд 14

Whois Domain Bot

Whois information about IP address or domain in pocket format

Whois Domain Bot Whois information about IP address or domain in pocket format

Слайд 15

GO STUPID
GO CRAZY

GO STUPID GO CRAZY

Слайд 16

GO STUPID
GO CRAZY

GO STUPID GO CRAZY

Слайд 19

Builtwith.com

Find out what websites are built with
Analytics and Tracking
JavaScript Libraries and Functions
Webmaster

Builtwith.com Find out what websites are built with Analytics and Tracking JavaScript
Registration

Слайд 20

SpiderFoot HX

Framework for website, IP, human names etc. OSINT

SpiderFoot HX Framework for website, IP, human names etc. OSINT

Слайд 21

A PICTURE IS WORTH A THOUSAND WORDS

A PICTURE IS WORTH A THOUSAND WORDS
Имя файла: Website-owners-identification.pptx
Количество просмотров: 26
Количество скачиваний: 0