Data leaks have become an omnipresent concern in our digital landscape, demanding an understanding of their anatomy and the evolving trends that shape this realm. Join us at the Recon Village as we embark on a journey through the past year's data leaks, exploring their causes, consequences, and impact on organizations and the criminal underworld. We will dissect the anatomy of data leaks, examining vectors such as misconfigured cloud resources, insider threats, third-party vulns, and cybercrime group in-fighting. Through real-world case studies of the last year, including the Luxottica leak, the Toyota incident, the RAID forums leak, we will identify the common patterns and vulnerabilities that pave the way for breaches. Understanding the fallout from these breaches is crucial. We will analyze the consequences beyond financial and reputational damage, including the impact on customers and the broader ecosystem. No discussion of data leaks would be complete without exploring the criminal underworld. We will talk about where stolen data is sold and exchanged, drawing insights from recent posts on various cybercrime forums. Lastly, we will provide a panoramic view of the trends observed in the past year's data leaks. The increasing volume of cloud-based attacks, the persistence of legacy vulnerabilities, and the evolving tactics employed by cybercriminals will be explored. By understanding these trends, organizations can proactively adapt their security measures to counter emerging threats. Join us in this captivating talk as we navigate through Leakonomics 101: The Last Year in Data Leaks. ------------------------------------------------------------------------------------------------------------------------------------------ This talk was recorded at the @ReconVillage - at @DEFCONConference 31, Hotel Linq, Las Vegas. For more updates and announcements, follow us on Twitter: https://twitter.com/ReconVillage LinkedIn: https://www.linkedin.com/company/reconvillage YouTube: https://youtube.com/reconvillage DEFCON Mastadon: https://defcon.social/@reconvillage Cheers, Recon Village Team.

Research & Destroy (RaD) is a private security research group with big dreams. We are driven to impact the hacker community in big ways, by publicly releasing valuable research and forming relationships within the community. We strive to inspire those around us and encourage others to join our efforts in advancing our community's understanding and capabilities. DEF CON, being the epicentre of the culture that spawned us, we are highly motivated to give back to the community." --unixnerd Our goal is to normalize Breach Data Research in the hacker community. So much of this research happens under our noses without mention beyond the existing taboos associated with the origin of this data. Through our research, we’ve determined a method by which any US based company and/or independent researcher can work with their legal team or a lawyer to create a policy for curating publicly breached data to be utilized in Red Team operations and Penetration tests. We want to change the narrative as to how we utilize breach data in our daily lives within the industry. The more we talk about it, the more normalized it becomes. We cannot keep ignoring the elephant in the room. DEF CON is the cornerstone of the hacker culture; the masthead of a community where hackers gather to be with each other and learn from one another. We’re grateful to be part of such a vast community of brilliant minds and the opportunity to share our research." --M4x 5yn74x Breach Data Research (BDR) Legal Policy Guidance: Our aim is to dispel misinformation and normalize BDR for security professionals. While researching this topic we were preparing to seek legal council at work. Along the way we discovered guidance outlined by the federal government that spells out how to keep BDR legal. Armed with this guidance, we drafted a charter document along other artifacts to bring to our legal council. After our legal discussion we met with our CISO to ensure that we conform with company policy. We are currently in the final stages of approval with this initative. DorXNG: DorXNG (pronounced "Dorks NG") is a next generation solution for harvesting OSINT data using advanced search engine operators through multiple upstream search providers. On the backend it leverages a custom, containerized, privacy focused meta-search engine called "SearXNG". The DorXNG client application is written in Python3. It interacts with SearXNG's API to issue search queries concurrently and stores resulting search results in a SQL database. Deliverables: Template BDR charter documentation, DorXNG tool release. ------------------------------------------------------------------------------------------------------------------------------------------ This talk was recorded at the @ReconVillage - at @DEFCONConference , Hotel Linq, Las Vegas. For more updates and announcements, follow us on Twitter: https://twitter.com/ReconVillage LinkedIn: https://www.linkedin.com/company/reconvillage YouTube: https://youtube.com/reconvillage DEFCON Mastadon: https://defcon.social/@reconvillage Cheers, Recon Village Team.

This year Artificial Intelligence and Machine Learning (AI/ML) have quickly transitioned from buzzwords to useful capabilities. ChatGPT has received a lot of attention, but new AI/ML tools are being released every day and they’re changing the way we process and interpret vast amounts of publicly available information. In this talk we will delve into specific use-cases to look at how these tools can help you solve real world problems to increase your effectiveness and efficiency. ------------------------------------------------------------------------------------------------------------------------------------------ This talk was recorded at the @ReconVillage at @DEFCONConference Hotel Linq, Las Vegas. For more updates and announcements, follow us on Twitter: https://twitter.com/ReconVillage LinkedIn: https://www.linkedin.com/company/reconvillage YouTube: https://youtube.com/reconvillage DEFCON Mastadon: https://defcon.social/@reconvillage Cheers, Recon Village Team.

Embark on a whimsical journey into the realm of OSINT (Open Source Intelligence) through this captivating talk inspired by Dr. Seuss' "Oh the things you can think." Delve into the power of gathering information from open sources and explore the endless possibilities it presents. Discover the various sources available, from social media platforms to public records, news articles, and more. Unleash your inner digital detective as you learn to wield OSINT tools, uncover hidden secrets, and connect the dots. But don't forget about the ethical considerations and legal boundaries of OSINT. Privacy concerns, data protection, and responsible information handling will be emphasized, ensuring you become a conscientious OSINT practitioner. Join us on this enchanting journey into the world of OSINT, where you'll gain the skills to see beyond the surface, unveil hidden stories, and embrace the power of open source intelligence. Let your imagination soar as we dive into the wonders of OSINT together! ------------------------------------------------------------------------------------------------------------------------------------------ This talk was recorded at the @ReconVillage at @DEFCONConference Hotel Linq, Las Vegas. For more updates and announcements, follow us on Twitter: https://twitter.com/ReconVillage LinkedIn: https://www.linkedin.com/company/reconvillage YouTube: https://youtube.com/reconvillage DEFCON Mastadon: https://defcon.social/@reconvillage Cheers, Recon Village Team.

This talk will describe a novel technique that we developed to uncover the organizational structure and behavior of an ongoing coordinated inauthentic influence operation. The novelty of this technique comes from pairing image-search APIs and platform-search APIs with media metadata extraction and hashing. I will describe the technique, illustrate it with a case-study of a prominent pro-PRC influence operator, Dragonbridge, and delineate the advantages and disadvantages of this approach, relative to the more typical methods of discovering and analyzing these operations. ------------------------------------------------------------------------------------------------------------------------------------------ This talk was recorded at the @ReconVillage at @DEFCONConference Hotel Linq, Las Vegas. For more updates and announcements, follow us on Twitter: https://twitter.com/ReconVillage LinkedIn: https://www.linkedin.com/company/reconvillage YouTube: https://youtube.com/reconvillage DEFCON Mastadon: https://defcon.social/@reconvillage Cheers, Recon Village Team.

In the session titled "Mastering OSINT: Advanced Techniques in the Realm of Big Data," I will provide a deep dive into the intricacies of Open Source Intelligence (OSINT) and Big Data. Leveraging my extensive experience in the field, this presentation will elucidate the techniques, tools, and challenges in deploying OSINT methodologies in the context of Big Data. As an expert with years of practical experience in OSINT and Big Data analysis, I have a rich understanding of the possibilities and complexities that both these fields present. I will share this knowledge and experiences to help others more effectively navigate this exciting yet challenging landscape. The discussion will commence with an introduction to OSINT, including its origins, utility, and implications within the contemporary digital arena. This will lead us to the vast and complex realm of Big Data, where we'll understand its significance, challenges, and the role it plays in improving the efficacy of OSINT. A detailed overview of Google BigQuery will be provided, exploring how this powerful tool can be used for managing and analyzing big data. I will delve into its features, advantages, use-cases, and practical examples demonstrating how it can help in OSINT. I will also discuss other key resources such as CommonCrawl, which provides web crawl data, and Rapid7 Open-Data, a goldmine for security research. I will elucidate how these datasets can be harnessed for comprehensive analysis and deriving actionable intelligence. The section on Passive Search will cover various methods and best practices, with a special focus on how to leverage this technique in the context of Big Data. Finally, I will talk about Internet Search Engines' pivotal role in OSINT and how to extract maximum value from them. What sets this presentation apart is not only the comprehensiveness of the coverage but also the practical, hands-on approach, featuring real-world examples and demonstrative scenarios. It promises to be an enlightening session for anyone interested in advanced OSINT techniques and the potential of Big Data. ------------------------------------------------------------------------------------------------------------------------------------------ This talk was recorded at the @ReconVillage - at @DEFCONConference 31, Hotel Linq, Las Vegas. For more updates and announcements, follow us on Twitter: https://twitter.com/ReconVillage LinkedIn: https://www.linkedin.com/company/reconvillage YouTube: https://youtube.com/reconvillage DEFCON Mastadon: https://defcon.social/@reconvillage Cheers, Recon Village Team.

Detecting adversaries ahead of time is the holy grail to any defender. In this presentation we propose the usage of internet scanning services as a hunting ground of adversaries. Services like Shodan and BinaryEdge provide a great source of adversarial indicators, allowing defenders to get ahead of the risk. While this is not possible all the time many defenders try to get ahead by collecting information from several sources, some open some through private feeds. In this presentation we will demonstrate how these services can be used to find unknown adversarial infrastructure. We will illustrate how this can be done hunting for ip addresses serving payloads that match the MZ header. This allows the identification of attack framework hosting sites serving executable payloads directly, Metasploit is a good example of such frameworks. The technique does not end with the MZ header, other patterns can be searched which contribute to a better mapping of the Internet threat landscape. The presentation will continue to explain how this data can be processed in order to be transformed into something useful for defenders and threat researchers. During our research we also found different results, from funny stuff without any harm to powershell scripts or even source to be compiled locally. This method has been used to triage logs on incident response cases where we wanted to see if CobalStrike had been used. By supplying a list of recent CS servers delivering payloads we were able to identify the initial attack vector and corresponding patient zero of that incident. The presentation will finish with the presentation of other use cases, for this kind of data analysis. ------------------------------------------------------------------------------------------------------------------------------------------ This talk was recorded at the @ReconVillage - at @DEFCONConference 31, Hotel Linq, Las Vegas. For more updates and announcements, follow us on Twitter: https://twitter.com/ReconVillage LinkedIn: https://www.linkedin.com/company/reconvillage YouTube: https://youtube.com/reconvillage DEFCON Mastadon: https://defcon.social/@reconvillage Cheers, Recon Village Team.

Public service websites, including government websites, can inadvertently leak small pieces of information about a target, sometimes just parts of email addresses, the mother's name, year of birth, or parts of phone numbers. While these leaks may seem insignificant individually, these crumbs of data when pieced together are valuable to the open source intelligence (OSINT) community, they can help narrow the scope of a search or increase the knowledge we have about a target. These partial data points can be combined with other available information to reveal the full details of a target. In this talk, I will show some examples in Brazil, where with little or no information we managed to expand the knowledge about a target in addition to demonstrating a tool in beta to help with this task. ------------------------------------------------------------------------------------------------------------------------------------------ This talk was recorded at the @ReconVillage at @DEFCONConference 31, Hotel Linq, Las Vegas. For more updates and announcements, follow us on: Twitter: https://twitter.com/ReconVillage LinkedIn: https://www.linkedin.com/company/reconvillage YouTube: https://youtube.com/reconvillage DEFCON Mastadon: https://defcon.social/@reconvillage Cheers, Recon Village Team.