মৌসুমীর সেক্স
How To Find Your Lost Phone By Clapping | Best App 207 | Urdu/Hindi
Đăng ký:
Đăng Nhận xét (Atom)
-------------------------------------------
গণধর্ষণ গৃহবধুকে লিটনের ফ্লাটে নিয়ে GAME THE GAME - Duration: 5:09.
Nakita - Red Crucible Firestorm
-------------------------------------------
পরপুরুষের সাথে সেক্স GAME THE GAME - Duration: 5:09.
মৌসুমীর সেক্স
-------------------------------------------
DEF CON 24 - MasterChen - Weaponize Your Feature Codes - Duration: 42:10.
>>SO, so let's get started this is called Weaponize Your Feature Codes. Um My name is MasterChen.
Ah so ah let's get started. Ah first with the who I am, uh I am a GreyNoise podcast founder and
uh co host. Uh there's our website if you want to listen to some of our episodes, later, ah
not during the talk. Uh [chuckle] So check us out, ah we do a weekly podcast here in
Vegas, ah once a week. I'm born and raised here actually in Vegas so this is uh [audience
member: wooo.] yeah thanks [chuckle] this is why I need to be drunk on stage, it's just
natural, you know? [laughter]. Um, so anyway born and raised here but ah the podcast is done
weekly here at the local uh Syn Shop which is actually the next bullet point. I'm a member of
the Syn Shop Hacker Space here in Vegas ah we do some cool hardware hacking so check out
that website as well. Uh I am the secretary over at the uh Syn Shop uh it's actually next to
the Nevada DMV, perfect place [laughter]. Um I spoke at B-Sides uh in 2014 and actually
this year as well. In 2014 it was what I learned as a con man and uh two days ago I did a talk
on Vegas surveillance so the cameras now are on me, that's awesome [laughter]. Ah last year
I did a talk at the Sky talks on automating your stalking using Twitter to follow somebody who's
originally blocked you ah so [laughter] if you want those talk notes follow me on Twitter
[laughter] and I can DM those to you since that that talk was not recorded [laughter] uh and I I
do write some articles for 2600 do we have any 2600 readers out there? [audience: cheer]
alright, uh do we have any Telefreakers out there? [audience: silent] Oh okay oh
okay [audience: laughter] no worries I guess they figured they'd live stream the talk
later [laughter] alright cool uh and actually I kinda want to know a little bit about my
audience ah so how many people like this is your first Defcon? [audience: cheer] holy shit!
[laughter] uh welcome everybody, ah, this is a cool crowd, so I've been going to defcon since
DC12 so uh I I'd like to say I'm a veteran but this is my first time on a DC stage so I'm like
ohhh fuck, alright. [laughter] uh how many times, er how many of you guys this is your first
time in Vegas? [audience: cheer] be careful [laughter]. Alright so why this talk? Uh well I got
really involved with phone phreaking out like Defcon15 and I thought at that time I was
like shit! I missed the boat because all of this stuff is is done you know the the the the
beige box, the blue box, the any colored box they just don't work anymore because everyone is
transitioning to VOIP and you know it's just I can't do the cool shit that was done in the
80's and 90's but wait, like like I just said, there's VOIP um so that's why I can still be
considered a phone phreak hopefully. Um Now if you're wondering about the drawings
[laughter] um I looked for stock images on Google because I was like man I need you know I need
a picture of somebody missing the boat and [laughter] uh [laughter] so every stock photo
that I found I was like uh this kinda sucks like ehhh it's not something that I like I don't
want to put it on my slides. So I had my best friend who is in the audience there Ninja Nerd
BGM uh I had him draw some stick figures for me because that's what we used to do in high
school uh so there is me on the dock missing the boat [laughter] there's more in the talk.
Alright so today we'll be focusing on uh call flooding using our feature codes uh text
message bonding or SMS flooding using feature codes as well as caller ID spoofing again now not
all of this is new but we're gonna try to implement it in a new and more in efficient way.
And there's also potential for other feature codes uh so before we actually do some of the demos
we have the uh basic terminology we're talking about a vertical service codes so of course who's
ever heard of like star 69 right? Like we've all heard of star 69 you know who called you
last if they didn't block their caller ID, or star 672 block your caller ID right? Uh so
that's what we mean when we say vertical service codes or feature codes. Uh vertical
service codes is what you use to manipulate your little part of the phone network. Uh and uh the
next basic terminology is uh PBX or private branch exchange uh usually this is now done through
software where before it was a big you know big rack with circuit switching and what not
so it's cool that software has condensed uh that so. Uh okay before again before well
everything everything is before the demo [laughter] um before we go into the demos we have also
the history of the feature codes. So it was developed by AT&T it was called the custom
local area signaling service. And again it was developed in the the eh 60s and 70s and it
was designed to do such things as block caller ID, who called me last, uh call forwarding is
another one that's like star 72 excuse me. Star 72 so uh class was uh trademarked by AT&T so
the other telcos came up with vertical service code uh to mean the same thing. Uh now is it
called vertical service code? It's because you're dealing with your central office or your
specific carrier so for instance you can't dial star 69 to manipulate AT&T central office
if you are on the Verizon network and you know I'm just using that as an example but
when we say vertical it's like if your service is AT&T or if your service is Verizon that's
who you'll be dealing with when you're dealing with these ah vertical service codes. Now with
this demonstration I have my own PBX so I am the telco [laughter]. Okay so this might
be a little bit hard to see but I took this from Wikipedia and basically you see on the left
hand side um all of the vertical service codes for north america according to the north american
uh plan uh numbering plan association now I've zoomed into the part here where I've noticed
that you know star 30 has something and then it kinda just skips to the star 5 x area so
what I'm gonna do is I'm gonna add the feature codes into right in between there we're gonna be
using star 4x today okay? [sigh] So, what do we mean by weaponize, oh let's talk about
this drawing in a second [laughter] uh what do we mean by weaponize? Well obviously the
star codes are not meant to be malicious like you're not gonna star 69 and you know root
somebody or cause a DDOS or whatever So when we take something that's not meant to be
a weapon and then we turn it into a weapon it's called weaponizing ah and now the scope
of damage of course is simple annoyance you know like getting a million text messages all by a
couple of dialing digits uh and it can be all the way to uh business and personal
relationship ruining and so we could talk about some of the hypotheticals there uh later.
Imagine you know like, well I'm going to save that uh example for later. Uh so the materials
you will need, we're going to do this like a science project, uh you'll need a Linux machine, now
this can be physical or virtual it can be a VM uh but asterisk which is what we're using today
for the software PBX uh is run primarily on Linux it runs well on Linux um I've never ran it on
a Windows machine and I don't really care to, so [laughter] materials you will need is a
Linux box according to you know my research. Ah and then you'll need a hard or soft phone. Now a
hard or soft phone is gonna be a VOIP ready phone but it could be like a a application on your
phone such as Bria, X lite, uh Zoiper, which is what I'll be using today um or it could be a
hard phone such as Polycom, CISCO, Yab Lync, etcetera, etcetera, so as long as there
there tied to the PBX that has that that feature code, uh, it'll work. And you'll also need
imagination [laughter] uh so I don't watch Spongebob but I kinda like that image so...
[laugh] that's why I used it. Oh wait, I didn't talk about this one. So as you can see all these
feature codes are being shot at me, like star 69, uh, star 56, uh, and it kinda looks like it's
being shot at me from a penis [laughter]. I think the intention was like uh like a
bazooka of some sort, yeah thanks dude, but a a [laughter] it looks like a penis, I'm going
to be real with you you know? So the structure of our feature code in an asterisk dial plan
you have what's called the context and that separates your functions according to uh it you
know ah asterisk has it's own scripting language so this uh part here where it says context
label uh that's what it will look like in the code. And it think of it like your functions
or your your um uh yeah your functions or your operations that are your sub routines in
your program language uh we will start all of our feature codes today with star four x and x
meaning anything from 1 to 9 k? Uh before is the the star four is the uh feature code that
we've picked or that I've picked today and that's where uh it'll look like so in the code like
for an example uh star 42 and then 7028675309 nobody has that number I'm not DOXing anybody so
that'll be the example that'll be the structure of your dialing When you're di- when you're
dialing out with your outbound routes uh is anybody in here familiar with asterisk at all?
Um on a daily basis are you guys like VOIP administrators out there or anybody? Okay so you're
finding this interesting just because alright, cool [laughter] alright, so our first one is the
call flood and I will be flooding my own phone here in a second um, so basically as you
can see up here uh again the top starts with the context label and that's our subroutine uh so
you'll see that everything in here it's going to be grabbing input, it's going to then, my
server's then going to take that input and put it into a call file, okay now the call file is
then going to go into the asterisk spool and then out, uh out to your upstream carrier and
it'll send you know uh let's see so down here you'll see um call amount, CALL AMT all in caps,
that's the variable and it's accepting three digit dials so I can send anywhere from one call
to 999 calls at one time uh so that's that's just my own limit that I've set I figured ah we'll
be nice a little bit so I'm limited to at least 999 as a max um and so these ah this next
part is uh the call flood uh shell script so after we enter the information into the ten
digit dial or into the feature code it's going to be made into that text file and this script
right here takes that text file and forwards it to the spooler for us many times as I've
specified so the counter is equal basically to the call amount that I've given so it
could be five hundred it could be six hundred it could be one if I'm nice, I'm never nice uh
[laughter] for testing, for testing. Uh so and that's basically what the code looks
like all of this is on Github and the link is at the end of the uh of the presentation
[sigh] so now it's demo time. And as those who might may know uh live demos they just work
great uh [laugh] so we're going to see if the demo gods are in my favor um I'll let you guys
interpret this stick figure there [laugh] I think that's what the face of God might look
like or whatever I don't know [laugh] Okay so the way this is going to work is I'm going to
dial from my softphone uh it's the softphone Zoiper application I will dial from here it'll go
out to my PBX and then out and it'll come back around to my cell phone provider so uh I am
calling myself I am going to flood myself [laugh] and so you'll be able to hear all these
calls as I explain uh the next part so let's go ahead and do this, star 4 zero [beeping] ...
let's say what's a good number? Fifty, I'm gonna send myself fifty calls here. >>seven, zero,
two, eight [audience: laughter] >>I was ready [laughter] now I did put this on uh on full
volume so in a second you'll be hearing call after call after call after call and that's okay
because as long as the demo works, oh it's this one it's this one, oh the first one came
in that's great, okay well there will definitely be more as you will hear in just a second. Um
so basically the caller ID if you saw in the, uh previous slide, uh the caller ID is set
to 3020000001 so the caller ID is not coming from my phone or from my application it's
changed, its spoofed, you know. Um, let's see here, let's see what the voicemail sounds like,
because it's leaving me voicemails right now. Are you ready for this? Monkeys having
sex. Oh come on [phone: Bings] now you, now you don't want to work okay [laugh] let's try that
again, let's try that again [monkey shrieking] [audience: laughter] okay, so for those who
don't know, oh, there's another call [phone ringing] okay so I'm going to have to dismiss this
for the rest of my talk, okay so basically what you're hearing there [phone bings] so that's
another voicemail [audience: laughter] the live demo worked and now it's interrupting my
speech [phone bings] oh there's another text, this works, it worked, alright so what you're
hearing is the monkeys having sex so basically when the caller answers the phone, that is what
they will be hearing [clapping] [laughter] now if they ignore the call like I'm doing [phone
ringing] [laughter] 3020000001 end. That might get annoying, I should've picked like ten, oh
son of a bitch [laugh] okay so what you're hearing though is basically if you answer that
phone if you answer that call as the target [phone vibrating] I'm going to put this on silent now,
like maybe everybody else should be doing, no I'm just kidding I don't care, huh okay so
basically when you answer the call that's what you'll be hearing and even if you ignore
the call that's going to go to your voicemail so you either have a choice to check the
voicemail or to then delete it which if you don't have visual voicemail could get really
difficult [laughter]. [phone vibrating] So ah here we go, end, I gotta go to like silent
on this one, um but basically, no excuse me, sorry, oh it's interrupting me, okay yeah now
it's off now it's like no calls no vibration, uh so that's a way to call flood okay, so I sent
fifty calls to myself and as you can see it's just going to keep going until this call stream is
done and ready but you could send upwards of 900 and 999 and if you program to more than just
a four digit input it can go much further and much longer than that so you can probably
disrupt somebody's phone service for a good eight hour shift, or full day, [laughter] it's
completely dependent on you and how you wanna program by the way I'm not a lawyer uh INO so be
careful. Alright so the demo worked, okay that's cool thank you demo gods wherever you are,
the beard looks good on you. Okay so let's talk about the star four zero feature code
mitigations techniques how do we stop an attack like this? Well if you have an asterisk box you
can take that caller ID and then drop any call from that caller ID so if uh if you're the target
and you're getting spammed you can say ahhh let's drop all the calls from this particular uh uh
caller ID and it'll drop the call now that could easily be mi- remitigated or like a chess
board I can say okay well let me change the caller ID with every call so the first call would
come from 3020000001 the second call would come from 0002, 0003, eccetera, eccetera, eccetera, so
even if you're blocking that caller ID uh I will get through and [laugh] if you block all of
the 302 area code or whatever area code I'm using a lot of people don't want to do that
especially if you're a business because then that blocks potentially real business if I
was to block all of the 702 area codes uh none of Vegas would be able to call me and so that's
that's a business disruption so you can drop the calls um but mmm why would you want to if
that's disrupting your business and you don't know how long the attack is going so while that is
a mitigation technique uhh it's kind of on uh faulty ground there. Uh now what about people
who are not hiding behind a PBX like for instance this phone is still going and I can't stop it,
that's okay, hopefully it's done in an hour [laugh] but if you're not hiding behind a PBX where
you can control the call flow, uh what then? How would you then uh drop the calls or stop that
attack? I'd like to discuss that with people who know more than me actually Uh okay so our next
feature code is star four one and it's going to be the SMS flood. So instead of sending a
call flood now, we will be sending um uh a text message bomb or you know same idea but
instead of five hundred calls we're sending five hundred text messages okay? So the code is
set up the same way uh we're taking star four one as the input and that this next part in
the uh after that break in the code you'll see that that's uh what is that, star two two, or
sorry two two eight, so I'm going to use that as an extention to tell uh my feature
er my uh my call er my uh I'm sorry text message flooder I will denote that as AT&T two
eight eight AT&T right? So Sprint will be like SPR whatever that DTMF dial tone would be or
whatever that DTM er DTMF touch tone would be. Um I am personally a Google fi
subscriber so to flood this it would be four six six which is what we'll be using in just a
second [laugh] uh so this is how we start our text message flood. Now I will turn the volume back
on so you can hear how many times I get a text message because I'm a masochist uh who
wants to pick a number, I can't believe I'm doing this to mysel [audience member: four twenty]
four twe- [laugh] I like where your head is at [laughter], I'm just kidding [audience member:
256] two fifty six, okay let's see, uh let's see I guess I could be that mean to myself
awesome [audience: laughter] challenge accepted [laugh] okay what was that? Oh okay okay
[laugh] okay so again I am using my own phone as the test subject so I'm I'm calling out and it's
coming right back to my phone uh so I will be dialing star four one 702 redacted [laugh] and
then we'll go from there [phone: beeping] [phone: zero, two...] okay so I'll, two hundred times,
alright so it'll tell me who I'm targeting and for how many times uh so while I'm waiting for that
to come in, again, to explain this uh feature code it's going to dial out of my PBX uh it's
actually starting a call flooding script that then attacks the email gateway to my
MMS service so it's a big loop uh here we go uh the text is from actually let me do this
part the text is from your mom at porn hub dot com [laughter] yeah, so obviously the email was
spoofed okay so I am sending a MMS from my PBX server back through to the Google Fi uh
email gateway which then goes to my cell phone and uh it'll just keep going like that and uh for
a very long time I'm kind of waiting for more yep it's going it's going [beep] yep there you
go, ding, let's ding this a couple more times I've forgotten what number we picked [laugh] oh
two hundred that's right [beep] two hundred oh there's another one your mom at porn hub dot com
so you can see how this becomes very annoying. You could see how this becomes very annoying. You
could see how this becomes very annoying. See I just sent you three right there, right [laugh]
alright so, let's talk about practical use, so it's a text message bomb, it's an SMS flood,
it's pretty annoying but how can this be uh utilized on a really big attack surface. Uh so let's
say instead of just sending a you know your mom at porn hub dot com what if we sent a
message with a malicious link. Like if you want to stop the flood click on this link, we're
lying to the target [laughter] so you're not actually going to stop the flood by clicking on
the malicious link, but what if we told them that? What if we said hey, if you want to stop
this flood click the malicious link. So they click the malicious link, it installs
whatever you want to install or you know however you wanna set that up that's out of the scope
of this talk, but the links you can send, you can send these links and if there uh noob
enough or green enough they'll click on that because they want to stop the call flood, they
don't want two hundred messages, and they don't know that it's two hundred, they just know that
they have a flood of text messages going on right now. So they'll probably do anything to
stop it especially if you're sending upwards of four thousand, five thousand, any
upward limit, it's still going, there you go it's still going, the good news though is that the
calls stopped [laugh] so uh that's the thing we can send this through maliciously or we
can use this to send a malicious link, and again, we're lying, but that's an that's an easy way
to install that link right there. OKay now, another cool, well uhhh cools not the right
word, um another creepy thing, that's a better word, uh creepy thing, is a 3am text from a
mistress, so let's say for instance and this is just an example I promise, um, 3am you
know that your target is cheating on his wife. So you send three hundred messages at
3am saying I miss you [laughter] ding ding ding ding guess who starts asking questions? Uh I
don't suggest it this is just a hypothetical scenario okay? [laughter] But obviously you can
see how this does not just become annoying but then it becomes potentially relationship
ruining. Because then the person loses that trust it becomes more of a social engineering slash
phishing game right? So now the wife or the significant other is like who was that, who was that,
who is calling you from you know eccetera eccetera [laugh] and so that's how we can make this uh a
little bit more powerful and going a little bit beyond code. Uh so that's the end of the star
four one feature code, it's still going, so maybe it's not the end of it, I don't know why
I picked two hundred, oh yeah that's right, because I'm on stage [laugh] alright so SMS
flood mitigation uh okay so it's up to the carrier to limit SMS and how fast and how often it
comes through uh so that's kind of out of the hands of the target obviously this is kind of
just still going on uh I have fifty three currently [laugh] so I have about a hundred and fifty
more. Uh now you could also use Google Voice because I found out that the email gateway hosted by
Google Voice does not send those messages so as I try to send from a Google Voice number or
I'm sorry to a Google Voice number uh Google just drops it you can't get through that email
gateway at least by this method and so it won't uh it won't go through I've tested that and it
uh again my method it's verified that it does not work for Google Voice but the funny thing is it
works for Google Fi, project Fi, you can still send these messages and they still work. Is
that because Google Fi is running off of the T-Mobile and Sprint networks, ah maybe, ah
that part I haven't investigated but, you are still susceptible if you are a uh a project fi
user. Now as far as the other uh carriers uh with permission I have tested Verizon, AT&T and of
course the numbers were a lot smaller, like uh three, just to make sure it works, uh but I've
tested them on all these major carriers, and it does work, it's just exploiting the email
gateway that they have posted as public information on their website. Now what's another
mitigation technique, you could turn off your phone, just kidding because it won't work,
you turn on the phone, and you'll start getting those messages again, yeah, you won't
forget me [laugh]. Uh so that's the star four one uh feature code [clears throat] okay so
this next one I call it a spoofy ghost. We'll be spoofing caller ID. [phone: Ding] Ah there you
go dinged again, maybe I should turn it on silent again, no no let's keep it, let's keep it
going [laugh] As so spoofy ghost, it's the same idea, we are we are taking the feature
code and we are taking input from the dial pattern and then changing the caller ID to what
matches there, okay? So actually, the target will be uh, I'll be using star four two the
target will be the ten digit uh phone number that goes after that uh uh feature code and then
it'll ask for my target which will be myself so it'll ask for the target and then it'll go and
call me with whatever number I specify so just to let you guys know I know it's going to be
hard and I don't have a video of the caller ID but I will be spoofing from 702-867-5309 who
knows why? [Audience: Jenny's phone number] Thank you! Okay just making sure, you're at a
VOIP talk [laugh] you need to know your numbers. Ah so let's uh let's do this demo because
it's demo time [laugh]. Alright, here we go, star four two, [dialing] it said please wait
while I connect your call oh, I actually did that backwards [laugh] I'm sorry, I dialed all
zeros instead of the other way around so, [beep] okay so this time I called from all eights,
it's ringing, [ringing] okay it's hard to see but it's 702-888-8888888 uh so basically
what we're doing here uh is making it easier to launch a text and that's the whole point
of this talk is to make it easier to launch a text so uh and I'll get to that in just one
second, so again spoofing caller ID spoofing is not new it's been around for a long time but it's
still practical, we can use caller ID spoofing in uh social engineering attacks, um and you
can still use it for voicemail hacking on certain carriers but that's that's quickly becoming a
thing of the past. Um, but hey it's still something that can be used to gain trust and run an
exploit of the human variety. Uh so what was all that imagination talk I said earlier, see, it's
not Spongebob but it's my friends drawing, let's see there's a dinosaur in there, uh
an upside down purple fish not a gold fish ah but apparently there's imagination, I wonder
what goes on in his head, actually I don't, I don't wonder what is going on in his head, ah
so what about all that other talk, we had star four one, we had star four zero, we had star
four one, and star four two, uh I am working on using star four three as a voicemail brute
forcer but what about star four four through star four nine? These aren't used um these
aren't used by the north american numbering plan association so they're just kind
of there for the taking, I'm not stepping on any other administration or I'm not
stepping on any other configurations such as uh star sixty nine, or what not that
still is used regularly but what are we going to do with all of these other uh feature codes.
Well what if we use uh the feature code like star four four as an end maps scan, star four
four IP address as your input, right? So you can launch the attack without being at a at a
computer, you're doing it from your, you're doing it from your phone, so that's something that
I imagine as far as ways that the feature codes can be used. Another thing I see in my head
is like a combined attack, like what if we use star four six as both a call flooder and a text
message flooder at the same time? Like Roswell beat Roxy [laugh] okay nobody gets that
reference [laugh] so you have that too. So what are these combined attacks I mean there's
a lot of things you can do there's a lot of potential, and I leave that up to you guys, in
fact that's my question, uh do we have any idea of another way that we can launch an attack
from the star feature code? No? Alright. Um so the idea though here is to launch automated
campaigns. So for instance if you had and I'm going to go back to the end map example, if you
used, uh the IP address as um as input when you're dialing you have uh you have a script that's
already set up to search for these flags or to scan for these flags uh you know like you're
Christmas tree and all these other scan flags that you want for your end map scan you take
that IP address as input and then you're launching the attack or the scan from your phone
without being in front of a of a computer so that's that's something that I thought was
kind of cool. Uh that hasn't been coded yet so that's probably the next thing I'll
try. Uh, so it's still going, it's still going, let's see how many I'm at right now I'm at 152
[laugh] so there's still a little bit more to go, and there's another one, so uh
that's the end of the uh feature codes this is the these are my references, uh the code that I
used, the feature codes and the batch scripting it was just it was an asterisk scripting and
bash that's on my Github which you can see there that I prepared for Defcon and so there
we are. Uh are there any questions with uh today's talk? What was that? Oh yeah yeah you
know I'll keep that there, go ahead and take pictures I don't care, uh okay so I don't know if
there are microphones running around I will try to uh I I have really bad vision so I'll try to
see if hands are raised, yes? [audience member: asks inaudible question] uh I'm sorry can you
repeat that one more time? >>yeah okay, you're sending it to the email address, couldn't
you also they also have SMS addresses? >>Oh okay I apologize, that's ah me being
not so detailed. So the way that this attack is working right now, the one that is still going
on, I am actually sending it to that SMS gateway, I uh, the from address was the your mom at porn
hub dot com. >>right couldn't you just like bomb somebody basically and run up their data
charges? >>Ah yes, in fact a long time ago there was this uh coworker that I had who said I
don't need text messaging, five hundreds enough [laughter] you're laughing because you see
my face, so five hundred is not enough because you have stuff like stuff like what we've just
what we've just mentioned, uh you're five hundred allotted monthly text messages will, and
I don't think it's a problem in this room, but if somebody has that, I mean you're talking
about an average of a half an hour and the rest of your text messages are done for the month
>>Okay so with call flood you're spoofing the caller ID? >>yes >>So there's no way to backtrack
it for them to get you, trace you? >>Uh there would be a lot of work to trace and a lot of
involvement with other >>But if you're doing the email or you're doing the SMS then you're
probably, probably need to run like your own SMTP over a VPN and come out somewhere else?
>>Oh yeah absolutely, all of this can be done, so yep! Uh remember that the folk uh and I
know we have a lot of technical people in here obviously so the scope of this talk is how do we
launch the attack, now what attack are we talking about? Whether it be like an SMS bomb
through a VPN and etcetera etcetera that's obviously there but it's outside of the scot of
this of you know this talk but yes, that's there, how you decide to launch the attack is
up to you. The bottom line is that these feature codes are input vectors so you are
inputting information into your computer that then runs the attack so it's the it's this
linux box that we've set up that runs the attack so it's running the call flooder, it's running
the uh text message flooder and that's all you know taken care of on the server end. Uh yes?
>>[Inaudible question] >>So once you launch the attack you can't stop it. You better really want
your target to get these messages [laugh] um now as far as duration goes, that depends
on the speed of your computer because of how fast it can send out the spool it also depends on
how your carrier handles that type of calling or you know uh mass calling um and another
thing too is when we're talking about call flooding um and grabbing all those messages like
for instance uh if I wanted to send 100 calls I send such a high amount because not all of
them will go through so maybe the maybe your upstream provider only lets through 50 because
it's just inundated with a whole bunch of call attempts so it says okay I'll send out 50 but
not 500 and that's okay if we want to get the job done, fifty calls gets the message there you
go so yes? >>[inaudible question] >>Uhhh not a lot, I don't have the exact numbers, I
have been using this VOIP provider for quite awhile and I've never really, I mean, It's
cheap calling and that's the cool thing about VOIP right is it's cheap calling so even if
you're talking about outbound it's really not expensive at all actually. This attack is very
cheap as far as the call flooding goes because if the call is not answered you
actually don't get charged for the termination so you're really talking about a penny a minute
if answered so it's not it's not expensive at all. Uh over there, I'm sorry? >>[inaudible
question] >>So you're asking if I could change it to, I'm sorry if I can do uh MMS like change
the address of the MMS? Oh okay um so this SMS flood is actually a an MMS attack vector so you're
using the email gateway so you can I'm sorry what was that you're using the what? Um that's
a good question I will have to find out, I didn't do that for this talk so uh I could do
research and we could talk about that so. Uh orange shirt please [audience: inaudible question]
Oh and keep it on the line? Actually yes you can, so that's that's a good way to piss off
the attacker right? Uh luckily with all of my testing, that hasn't happened. But I'm
testing, you know, it's it's there, everybody who has been called, knows that I'm calling,
but uh yeah that's a good way to just rack up the bill. Uh not yet but I will now [laugh] but
you know, that's okay that's why I come to these things, that's why I come to Defcon because you
guys have better ideas than I do so I'm going to limit myself now, alright, any other
questions? >>[inaudible question] >>Um so it depends on the channel uh I believe like I
have a ten channel trunk so we're talking about like ten consistent calls of like like
consecutive calls so if uh if you have like a line of five hundred or five hundred calls,
ten will go at a, uh ten will go out at a time. >>[inaudible question] >>Uh let's make that
star four seven [laugh] right? Remember we still have all these feature codes uh and again I am
grabbing all of these ideas so hopefully I get to code it first [laugh] um but yes that is
absolutely possible, uh the uh basically you spoof one then you spoof the other they call each
other and piss each other off so ex boyfriend, ex girlfriend, call at 2 in the morning, ooooh
[laugh] uh let's see let's see if I can get any from this side, any questions guys? Yes >>Uh are
you able to accept input from the victim like if they hit call or if they press number three
have another script run? >>Uh yes actually, you would have to set up an IVR to do that, so an
IVR for those that don't know is like an auto attended, so you answer a call and it's like, so
you're saying press one for billing, press two for not getting owned, press three for
an operator, so you can do that yes, so basically the call would wait for input from the user and
it could then pick their poison, oh I want to get call flooded today [laugh] let's dial zero
for that, or let's let's get a thousand text messages, let's dial two. That's definitely
possible. Any other questions? Up front where? I am blind, ah yes >>[inaudible question] >>Um,
respect I guess? Like I mean there really is nothing stopping me from using any of the feature
code the PBX is my own creation as far as like you know the way it's set up the call flow
etcetera, so I could set up star 69 to do an attack like this, I just pick these other feature
codes because I didn't want to step on anybodies toes not that I would be but it's almost like
a like phreaker honor code like oh you know I'm not going to mess with the system that's
already there in place, I'm going to use that system, but let's keep you know star 69 for
what it is you know? It's It's my own limit. Was there a question in the front? Way okay
sorry the speaker was like sorry the speaker was in the way and I don't mean me, I mean the the
speaker. Uh if you have that question go ahead and answer- er ask it, yeah >>[inaudible
question] [laughter] >>I believe we have star four nine [laughter] again you guys uh all
of this is very good question all of this is potential ah and this is all uh within your minds
of like how do I want to code this thing so basically what I put here is kinda like a a
infrastructure a way to maybe do it but remember we don't have star four four we don't have
star four five yet so what else can we come up with? Absolutely we can do something like that,
that that can all be coded. Yes >>[inaudible question] >>I'm sorry >>how about you call dump
them and it puts them on hold for forty minutes? >>Ah now you're talking about toll fraud,
toll fraud, we'll call a 900 number well no I"m not going to call a 900 number [laugh] that's
three dollars a minute [laugh] uh but yeah again it's all potential it's all there uh
anything you want to do now it's up to your creativity so if this is inspiring to you guys, cool
um and I mean that that's where it is I've we've laid down some ground work and uh if you guys
have some coding ideas follow me on Twitter, get me on Github and uh let's talk about what we can
do next. Let's break some shit. In within reason. [laughter] within reason please [laugh] Uh
so I have five minutes here guys, I just want to say thank you again this is the biggest
crowd I've ever spoken in front of and it's not even big one of a con [applause]
-------------------------------------------
গৃহকর্মীর সাথে সেক্স GAME THE GAME - Duration: 5:09.
Pistoleros War Chest Opening! - Red Crucible Firestorm
-------------------------------------------
Weight loss journals: Why they work and how to use them - Duration: 9:22.
when you put behavior change into place
to achieve weight loss sometimes you're
going to find that they just don't work
problem is though if you don't know why
the way you turn because you've got no
indication of what your next step should
be so you'll either just keep trying to
an effective strategy or you're going to
end up pointing on your goal today I'm
going to give you something that's going
to clear the fog by keeping a simple
journal of a few key bits of information
you'll be else find what went wrong and
why this is going to then make seen what
you should do next really really simple
and so your situation brightens you want
to stop we're doing the same ineffective
thing or just giving up you've now got
the option of trying out something
that's likely to be more effective and
more importantly more enjoyable and this
make sticking to your goal and reaching
your destination far far easier
you
an essential part of your lifestyle
change is to test that behavior
modifications that you're going to make
this is because it's the only way that
you can work out which you're going to
be able to stick to for the long haul
and this is absolutely everything to
body vision this is everything to myself
this what my career education and life
is completely based on working out how
to achieve sustainable weight loss and
then teaching you all the tricks and
this one is one of the strongest because
if you don't have intrinsic enjoyment of
what you're doing then you won't stick
to it or in other words if the changes
you make are enjoyable to you personally
that eventually just go revert back to
doing what you already do this is a big
reason of weight loss goals aren't
successful for any longer than average
couple years because people use
strategies that they just don't enjoy by
testing your lifestyle adjustments you
can find which one's actually aren't all
that effective for you and this means
you can find out why and then you can
just accordingly and for any of this to
be possible you're going to need some
information to analyze you're going to
need to get your scientists white go on
and do some data collection now don't
click off just yet because okay granted
I'm an absolutely key to this stuff and
love my job being so involved in science
I know that for most people that
probably can't think of anything is more
boring but don't fear because that's
where I excel is taking boring and
complicated ideas and making them
interesting and simple for you to use if
you've missed any of the videos I've
done in series so far then this next bit
is going to be of less use for you so I
what I've done in the description is
linked to some of the essential bits you
want to be checking out so you can just
jump in there whenever it is you ready
okay now you understand why you want to
use small lifestyle adjustments you
found what critical changes you're going
to make and finally started implementing
them again check the links below for a
ton of tips on how to do fall in these
bins effectively now you're testing out
your critical news is time to get some
information on where they're working or
not and why a trick we use within the
body vision app to make this dead simple
is the behavior change journal this lays
out simply what you need to know down in
a nice format so that when you come back
to review this later it's a very easy
process so why do they still need to
have in it well first you get up split
up in today's monday sunday for the
duration of the testing phase as if by
during previous lessons of making
testing phase two weeks time that's long
enough for you to learn from the short
enough it doesn't drag on and delay your
weight loss if something isn't working
then underneath each day jot down each
behavior change that you're going to
make and that's your settled now all you
need to do is come back to it on each
day and just write down what happened if
you were able to stick to the change no
drama then write down why that was how
did you find sticking to the district
was it easy was it challenging was there
a moment of temptation and how did you
deal with these what kind of day where
you have in stressful relaxed emotional
busy fun whether any triggers that cause
you to stick to the change for instance
you plan to write on your exercise bike
before you ate breakfast did you
pre-plan in any way to make it easier
what did you do and could you have done
anything differently in your planning to
make it even simpler just into the
behavior change how it's sticking to
this critical move make you feel did you
find any advantage to stick into this
lifestyle adjustment and why are there
any disadvantages is this change
something you'd be happy about doing
rest of your life and finally would you
modify your judgment in any way and if
so how all this info is going to allow
you to work out why critical movement is
effective and if it could be improved
and by doing this you're going to make
creating positive habits really simple
but on the flip side maybe weren't able
to engage your behavior judgment in this
case you've got a different set of
questions to think about so you can work
out what caused you to fall top and
these include where were you who you
with what time of day was it how are you
feeling at the time were you distracted
or did you consciously decide to ignore
what you were meant to be doing what was
your day like were you having a bad one
was it busy stressful maybe there was a
lot of peer pressure being put on you we
you stressed about anything and if so
what was it moment a temptation to cause
you hiccup and if so what triggered it
what reward were you looking for from
breaking from your flight did you have
any plans in place to help you stick to
the behavior or mentum doing and if so
why didn't these work and could they be
adjusting in the future to make them
work better how did break in from your
planet make you feel at the time
immediately after and later in the day
did you find any advantage to not
sticking to your critical move whether
any disadvantages to breaking away from
the behavior and finally how could you
adjust at the planned lifestyle change
in the future to increase your chance of
being out stick to it it's possible the
planned behavior change is something you
have to apply several times over day
like refraining from eating sweet from a
bowl that you have to walk by at work
time if you find yourself dipping in a
few times throughout the day then treat
each one has its own mr. achievement and
answer each question for each time
because then you can use all of this too
late to find patterns and make sure you
persevere with this journal and treats
questions for good or bad appearance
every day and
anytime it may seem like a pain in the
backside to give with gracia you'll find
that when you're learning how to adjust
bad behaviour in the future and how to
make good ones into habits it speeds up
the job knowing trust me from personal
experience doing that without this
information is way more time consuming
of way more boring and that's it that's
all you need to do is not too difficult
it should only take about five minutes
of your day if that but if I completing
this task you're well on the way to
installing habits that you actually find
Germany and this will in no time it
leads are easy and satisfying weight
loss and once you're there sticking to
the change the rest of your life won't
even be something you need to concern
yourself with because they're just going
to be habits habits that you enjoy I
hope they just made the idea of data
collection seem a lot simpler for you a
bit less scary of course if you have any
questions and throws down the comments
where I'll be happy to help out and if
you feel like deserve it and really
appreciate it like because it will
really help in boosting the channel on
YouTube in what is a really competitive
subject with a huge amount of
misinformation I truly feel on provides
something unique from the other channels
so if you agree I'd love it you can help
me on my quest spread the knowledge the
next video will be up for you in about
three days you'll yet to become
subscriber you can press the button
below to make sure you get it until then
I hope your weight loss journey is
progressing well keep your head up
because I'm living proof that it is all
possible so take care I hope see you get
soup
-------------------------------------------
Peppa Pig Killing Game: New Funny Episode | Bloody Peppa Pig Toys Show Video - Duration: 3:15.
Balam he just came from long, long trip
he need a relaxation so, the best way, the best way to relax
to put out your aggresion in the natural way in the normal way
when you don't hurt anybody except Peppas, which I believe
a lot of parents hate of course, sweet hate
what we do here
we kill Peppas and do this Peppa killing activity
just a moment ago Jerry did do this with this Peppa
it is like: "wish you Happy Holidays Peppa in Rancho Las Txilas"
We came to this game really seriously we not only create little mountains for Peppas
but we also give them a blood you see, these Peppas really dead
they are full of blood but we know how to return them to life
we just need to refill blood to them and they will be happy again
of course, their face will look ugly I enjoy very much when Peppas have
so much blood, when they are nearly destroyed
but feel can return to the life we have here hospital for Peppas
if you are a Peppa and you are in a bad condition please come, we will make you in more bad
condition :)
-------------------------------------------
"If one man breaks your heart" - Duration: 0:44.
Men
Men
If you were done in by a man
You were played
and your heart was broken, real or perceived
Let me tell you the truth
God doesn't remove it like that
It's by one man, sin goes out
If one man broke your heart,
another man must come
to heal your heart.
Do you understand what I'm saying?
So if you start saying Men! Men!
You're stopping your deliverer from coming in.
-------------------------------------------
How to Connect your YouTube channel to Twitter - Duration: 1:56.
To link Twitter to your YouTube channel
sign into YouTube,
open the "Settings", and go to "Connected
Accounts". On the Connected Accounts page
you should see Twitter as an option.
Click the blue "Connect" button. A window
will pop up asking you to authorize
Google to link to your Twitter account.
If you are not yet signed into Twitter
you'll be prompted to sign in. Then click
"Authorize app" once your YouTube channel
is linked to your Twitter account, you
can choose what activity is
automatically shared to Twitter. You can
choose to share video uploads, new videos
added to public playlists, video likes, and
saving a playlist. As an added benefit if
somebody automatically shares your video
to Twitter by liking it you'll
automatically be mentioned. To disconnect
Twitter from your YouTube channel, go
back to your "Connected Accounts" page,
click Edit next to Twitter, and then
click "disconnect account". You can also
disconnect Twitter from YouTube in your
Twitter's "Apps settings" by finding
Google and clicking the "Revoke
access" button.
if you found this video helpful,
click my channel icon to subscribe for
more Creator tips and updates
-------------------------------------------
Raw Milk Cheese vs Pasteurized: Tasting the Difference - Duration: 3:10.
The first edition of Cheese was held 20 years ago
where we gathered signatures in defense of raw milk
After 20 years, this year's edition
from September 15-18
returns to this central theme, raw milk.
There are there good reasons to keep the tradition of raw milk cheese alive
The first reason is the taste
You can check that for yourself at home quite easily, with a small taste
With a Caprino cheese like this one, perhaps the best-selling Caprino in the world
Made by a massive French company, you can find it in all the supermarkets
And then compare it with a raw milk Caprino
In this case we have a Roccaverano Robiola, a Slow Food Presidium
Taste the industrial Caprino, it's made well, very well.
On first tasting you'll say: "How delicious!"
It's very sweet, with a pinch of salt, a slight tang, no goat smell
Then taste it again, eat more of it, and you'll notice that the cheese becomes sickly
On the second and third tastings, you'll have the impression that's more dessert than cheese
Because this is, undoubtedly, pasteurized milk
The French add cream between they're very good at hiding edges and defects
Which gives a balance of taste, and a mellowness which you won't find in the Roccaverano
And you'll say, "so what?"
This Roccaverano is certainly sharper,
less liquid, less creamy, a little grainy,
with a light discord between the acidity and salinity
But taste it again, keep going
and you'll notice how the pasture comes out in the taste
the grass comes out
you can taste the smell of the goat, because it comes from a goat,
and you should be able to taste a little goat, there's nothing wrong with that!
So it becomes a complex, territorial cheese.
This is the first big difference: the taste.
The second difference is the territoriality.
A pasteurized milk, full of enzymes, loses its territory
it loses the place where the cheese was made
but with a raw milk cheese, we keep this strong link.
The third reason we need to defend it is biodiversity
There's an invisible biodiversity, composed of billions of bacteria
Even those that live around us and keep us alive, in the soil and in our bodies
and if you pasteurize, these billions of bacteria
are slowly exterminated, and you reduce this biodiversity.
These are heavy costs will have to pay in the future
so long live raw milk!
-------------------------------------------
মাসিকে রাম Choda GAME THE GAME - Duration: 5:09.
Nakita - Red Crucible Firestorm
-------------------------------------------
Best Igor Lastochkin animal sketches (English subs) - Duration: 3:22.
It's not people only who do extreme.
Animals are involved in it as well.
Just imagine! A kitten that is being sold at a pet market for the second month.
Oh! Haaamster!
Is that your first day here?
Listen! How long does it take you to cross a bucket?
Have no idea?
You'll get used to it here, believe me!
Oh! Customers are coming!
Ugh! That's what our life is like!
-------------------------------------------
স্বামীর বন্ধুর সাথে ফষ্টি GAME THE GAME - Duration: 5:09.
Pistoleros War Chest Opening! - Red Crucible Firestorm
-------------------------------------------
মেয়েকে এতবার ধর্ষণ করেছে GAME THE GAME - Duration: 5:09.
Nakita - Red Crucible Firestorm
-------------------------------------------
দুই নামবার মাগী GAME THE GAME - Duration: 5:09.
Nakita - Red Crucible Firestorm
-------------------------------------------
সেক্স স্ক্যান্ডাল অবিশ্বাস্য GAME THE GAME - Duration: 5:09.
Nakita - Red Crucible Firestorm
-------------------------------------------
87 #Aaltonen - What they need vs. What you want - Duration: 3:39.
Hey, subscribe to our channel from down below. You'll get these videos straight to your email, if you prefer. A new episode every weekday at noon.
We're going to create 120 episodes of these videos where we're going to talk about common issues in marketing and content marketing.
Let's talk about we want versus what you need. We is a company and their marketing and sales team, board and directors.
We want. On the other side is your clients. What they need? It's quite interesting when we're talking about company's marketing efforts,
"We want"-attitude plays a huge role in everything. We want to sell, we want to meet clients, we want our client's time, we want them to buy and stay as our clients. We want. I want very selfishly, which is fine.
That's how capitalism works. We want something, but capitalism also works by not working if the other side doesn't need you.
Marketing communication should not focus on you but to them. I find it interesting, that customer's customer is very rarely seen and spoken of.
It's because somehow our brains are always fixed to "we want"-attitude. If we could serve the need and answer the questions and focused on the customer's world, we would be much more successful.
You'd be much more successful in your own business. For example if you're looking for a job, you need a job, but the potential employer wants something.
They want to see some action to be implemented. If you tell what kind of a person you are and about your skills, you're not telling about what the employer would get from you.
If you're selling a service, and you're thinking of how you can stand out from your competitors, start thinking about what your customers need.
Not what you can sell. If you're a communications agency, it's nice to talk about crisis communication and influencer communication, but you should think about what those people need and want.
Target to that. This all works in every branch of industry, including yours, where you're an individual and special, but your customers have their own needs and wants
Forget about what you're doing, what you want and start serving the person on the other side. I guarantee the results will be completely different than what they are now.
-------------------------------------------
IPL 2017: KKR vs RPS Highlight Scores | Match 30 | KKR Won By 7 Wickets - Duration: 1:35.
Sports Mania Present the scorecard of Match no 30 On IPL 2017 Where Kolkata Knight Riders
won by 7 wickets by beating Rising Pune Supergiant.
let's look out the scorecard.
Rising Pune Supergiant's batsman.
Ajinkya Rahane.
46 run.
Rahul Tripathi.
38 run.
Steven Smith.
51 run.
MS Dhoni.
23 run.
Manoj Tiwary.
1 run.
Daniel Christian.
16 run.
Kolkata Knight Riders bowlers who taked wicket.
Sunil Narine got 1 wicket.
Umesh Yadav got 1 wicket.
Piyush Chawla got 1 wicket.
Kuldeep Yadav got 2 wicket.
Kolkata Knight Riders batsmans.
Sunil Narine.
16 run.
Gautam Gambhir.
62 run.
Robin Uthappa.
87 run.
Darren Bravo.
6 run not out.
Manish Pandey.
0 run not out.
Rising Pune Supergiant's Bowlers Who taked wickets.
Jaydev Unadkat got 1 wicket.
Daniel Christian got 1 wicket.
player of The match Robin Uthappa.
Thanks for Watching.
Subscribe for More.
Bye.
-------------------------------------------
How To Find Your Lost Phone By Clapping | Best App 207 | Urdu/Hindi - Duration: 6:27.
How To Find Your Lost Phone By Clapping | Best App 207 | Urdu/Hindi
Không có nhận xét nào:
Đăng nhận xét