Wardialing in 2019

I know and I'm Sophia today this is coronal Panthers - war Dolan in 2019 and since is years besides phim it is quite the journeys into in Passaic before I try and incorporate a little bit of my journey pip into the presentations so that we could hear about that story Tamar said I have to use my phone because my computer's not cooperating for slightly - excuse me if I'm not looking down all the time yeah if you rip my body minor from Brampton but not originally from here though Brittany from England I went to high school of the equivalent of high school primary school over there and finished there and there was this all the time whereas finishing up with

my Jam's you get kind of two weeks of school or a couple months to do your exams where my parents allegedly moved so I was living there on my own with my sister and my uncle and it was a really awkward time because everybody was kind of growing up getting ready to go to college so I decided that I'm going to mess around on the Internet all right so that's that's really did I eventually time came and moved over and there was a number over time because being an out-of-state College is very expensive and we didn't have a whole lot of money we have been nine years gonna go to community college so it's originally

actually gonna go and be a carpenter I found out real quick that I didn't want to do that once to get here and it's very hot and carpet draining you know there's a little bit different than it is here here it's back in there wasn't two-by-fours of making houses over there it's more of a skilled like cabinetry and stuff so for what am I going to do maybe it can be an electrician quickly found out that I could not be an electrician because I'm not very good at math same as a realtor and it's a very electrical engineering just didn't do it you know I spend a lot of time in computers maybe I can get a job I've

done some AOL stuff like changing the colors of my profile that kind of thing makes misplacing webpages I'm gonna see if maybe a good job doing computer programming so I'll go for computer program it wasn't really the same programs at Community College back then around the 2000s as there is now now you can you can do some type of security right out community colleges is pretty awesome so I chose even computer science programming or I forget the oval but I chose programming to the full you know that's really cool they came around the road this man and the aroma room pretty much enroll me in all of his classes he was a Vietnam veteran still friends of him to this day

dearly they helped me out and got me a job in the college and everything so that was that was pretty cool on my appearance the first week was said I was surrounded by record of locals at the table because I couldn't leave I couldn't technically drive because I wasn't 18 yeah and I didn't have my GED so I couldn't leave college I get dropped off in the morning we picked up whenever just like school I was hearing by locals and they're all kind of harassing me like you look from around here where are you from and this guy came and rescued me pulled me out of the room or the room was outside but he

pulled me out off to the side and said hey what's up what he did and we became really good friends he'd drive me around with party as much as he could and yeah he he was an English major and he introduced me to the library didn't write him he introduced me to 2600 I didn't understand any of this maybe you do business super cool let's go to a meeting so we went to I went to my first 2600 meeting right before the first carolina club and they what's the word they were very enthusiastic about me presenting and they pretty much talked me into a know if it was me or them all those talked me

into presenting us and that was a mistake for ya so that's pretty much what happened with that and I did intend to supply it but my first presentation was pretty old voice on water and since then I've been trying to improve my presentation skills and kind of share the knowledge whose people's there that's the presentations I've done first was in 2005 2010 I did done a lot of Carolina content presented at Derby and most recently difficult and the OS charts on there because we're trying to stop back up so if any of you are interested web stuff huh next month so that's just coming out so who here has a telephone right I think I guess we don't

need to do raised hands everybody has a telephone or who has telephony connected devices zero know what Waldo Nia's I mean it's pretty pretty straightforward right you can't really talk about it without doing the classic clip let's see if it plays this mouse is backwards where are you don't left help right go down there we go so we're gonna have to try to play this

you got there like that well basically he's asking for the prefixes per divisionist from the marriages and I guess that's all about social engineer right there he's doing strike in the numbers this is all old stuff raised you know floppies and everything so you really can't talk about watering without sharing a clip from this movie connected it's going on this is protégés not happy now are these thoughts darling now I'm going to get back to the slides so this is you know just be dealing with we go up Commodore 64 software a haze modem scanner and it basically sequentially dial through a number prefix in and it would go down one by one very manual you have to babysit

those very basic so you get into and I think this was 1984 copyright I'm sure here it went through the trouble get a copyright our gym where these war those there's Commodore 64 and they can tell the graphics again way better in these let's see the next one I think is I mean look at those graphics written by riffraff in the Borgata this is the description right of the web so as far as hackers and orders go this one's a pretty nice one so let's see well that we have links now we get into more modern more darling with that THC scan the hackers choice das based you can probably still download this and run

this today if you really wanted to I don't see why you would there there's commercial dollars this one still sold to this day arm is very expensive I think that if you wanna die or 16 lines is about $20,000 plus you need 16 items to go with it plus phone lines that's owned by Nixon they actually bought sandstorm which helped the patent owners so they still there I have not used this software is very expensive but you can tell from the algorithm system requirements is pretty old a minute or until entropy and the latest of operating systems - any time I walk room by the Beave front of had no telephone believe it was to be able J Falcon

worked a lot miss to this one we get more into modern war darling with white blinds so this uses I accept all kind of tactile things this one's you know we're getting up there with this was released about the same time that's war vote which is probably the one everybody's most familiar if you talk war dining now HD more release this believe ten years ago someone that uses is to which is very similar to sit there's reasons towards doing that and it's written in Ruby says is the most potent system now why do people watering water in the past a lot of people did it for discovery of devices I trying to find BBS or names of people to talk to

and they may have done it for malicious intent of pranks on their friends you know others with malicious them may have done it to find carrier networks things in the background or voicemails for there's been a lot of voicemail hacking or others like dialing insane a so are are are places so on the security side people will also be more dying to make sure their devices are secure great you don't want to have a modem sitting out there that just has a password or no passwords so why would you want to ward out now from an asset management standpoint knowing what you have connected to your network is pretty important you can't secure you don't know is there free organic growth

people may be adding devices to your network you don't even know of or their devices rates in varies by industry but the number of employees that have telephony connected devices pretty much everybody but it's kind of far away with mobile devices and things they're not actually connected to the telephony network but things like building controls alarm systems and often connected to telephone clients for backup now the last one is the recent fax machines of a multifunctional printers and if anybody saw it was 2018 presentation done at DEFCON where they were actually bridging into a network and exploiting and I guess an internal network externally through a fax machine using the tunnel blue I can only imagine

that that kind of thing is going to become more popular as more people research these fantasies but see how I'm doing on time and the priority realities we my company no longer work for has a huge inventory side numbers we have think close to a million phone numbers and asset in the Tor asset management system that is less than perfect was that I mean that's pretty daunting thinking we got dial every single number at least one so potentially multiple times a quarter right we have legal issues to deal with drafters we're not bad guys very we have to comply with the law both domestic law and international or if we're dialing overseas they're going to be careful

with that in the time restrictions we come dialed down voice lines of people will pick up or do business on during the day time and then there's also the time restrictions if we've got to get it done right he can't just be darling at number a minute for the rest register my career my hands we have some requirements wanted to be pretty automated distributed cost-effective to run all basically cheap to run because nobody wants to pay a ton of money to see what's going to do the other side of the phone line and given the current tool set early the only choice was warlocks so if you want to Ward out what do you need and how do

you start your first again right so pretty much you're going to need an inventory of targets you can't just dial every number because there's laws against there in your let's say 704 prefix so you can be hard work to run asterisk unlikely and that's everyone's on just about anything but if you doing it up volume like you're trying to call a million numbers you're going to want to run it on some pretty beefy hardware something a bit better than a Raspberry Pi a toaster oven it could be internal it could be external it doesn't matter as long as it cannot talk to each other it should be good a station pretty much Romany things so I've had a lot of fun

running it on Debian with a Debian stable just because it's all packaged nicely in the context of goods then you can need some service I thought well we can just use plain out telephone wire to do this from my home phone yes you could possibly do that but you probably shouldn't just compliance and legal reasons and it's going to be slow if your business is willing to pay for playing on telephone service you could do it I know what the cost amount all about cellular for a wildly well let's get ten I'm limited to tell vampires and run it through they're probably going against the Terms of Service and then there's these other services that come

to mind when you think about making cheaper phone calls they describe Twilio et cetera this is I believe that describes pricing and we're looking at $2.99 a month for two thousand minutes notice may work for some people if you only need to make a mm cause 15 sentiment free box yes but when you're talking about a million phone numbers so on scoggs gonna be about 150 thousand dollars after that if she's trying to do in a month Tullio home I think it's about 1,300 bucks for the first hundred thousand which isn't too terrible and then about the next nine hundred thousand tons about twelve thousand dollars so kind of hard to swallow if you've got the budget

to work so really I would go with a void provider you can get some really good deals on the transit fare and it's pretty inexpensive you don't really pay per minute but it's built to fractions of a minute that's what we use and we ended up spending way less then I probably should have said current state Warhawks starts release mm what's that being is good at so unsupported there is no scheduling it has very limited reporting in it you there's analysis there I tell you what it is voice voice mail fax modem dial tone but it is limited you it's very you'd have to use it to kind of see see what I mean with that we've been working to

modernize it a little bit with jobs being able to submit a job scheduled jobs so that you can set the numbers you want leave for work and it will start whenever you specify that's pretty important for me that I want to be starting scans everything we've been working on making an inventory of targets II know what you want to dial you put it in database and it picks out from those every night so you can scan them working on improving rewarding that's a big one for us because I mean there's no point in the scanning if you can't have a good report and have something to show for it so that's probably the biggest thing

and update we could do is show some value from from this other than the automation because nobody wants to babysit we're adding they'll be doing a bunch of research into you adding device fingerprinting so that's mostly for fax machines I've modified a very old fact sender to connect to a fax machine graphic configuration parameters from it and then hang up the line and then the modem dialing in screenshots we're turning into a modem taking a screenshot once you're connected so we can quickly go through and say okay these are all password-protected and these are good together so let's see we're about 20 minutes the results we have we went from about 120 calls per hour so it's two

channels to everything over 500 and we're able to scan it 20,000 numbers in about 16 30 days so what we found there's a bunch of stuff that does not match the inventory modems whether not supposed to be fax machines when they're not supposed to be we have voicemails where other fax machines are supposed to be and some really odd find these where there be a dial tone like your darlings a number it would just be a dog attack they might be false positives I can't reproduce it on all of them but that's kind of alarming is there any questions well what we presented today if you want to get started into those two resources the operative stuff is

probably your best bet I'm going to be publishing all my changes I made to github so everybody else can enjoy the pleasures of all that that is about air of thing no questions all right go on so you

yeah we've the question was when you wore them Sinn féin modems what was hanging off of it there are a ton of modems out there still connected I don't know exactly what was behind them but a lot of times it's building controls IOT backup for alarm systems what else was there environmental control surgeries I mean there's also like backup service lines in to take the centers in case fiber good spot for up maintenance there's some of the things I'm aware of I don't know why I was hanging on the other end of of my my fighting days anymore it's I guess I think everybody should be if you're working in an enterprise doing more dialing and seeing

what is on on the other side of your telephone lines because they have we had a huge effort as a while back before us to go through a major with modems was Hewlett with passwords but as we know through IT work oftentimes stuff gets rolled back from I guess changed up dates get rolled back and we can't be sure that there are moments hanging out there don't have passwords or how do we know the perimeter was the question I like the telephony sorry so we have an internal database right of all every device connected to that in theory so that's one way we know but there are certain reports from your carriers so say if you use the ATT Verizon on etc in

whatever every couple of years they're required to do an audit on that and tell you which phone numbers you have inserts another way you can you can get you have us because if you were about time zoo Gemma I thank you for a mere them give me opportunity speak sir