Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Denis Makrushin - DeanonymizaTOR
Search
DC7499
May 22, 2015
Research
0
100
Denis Makrushin - DeanonymizaTOR
DEFCON Moscow 8
DC7499
May 22, 2015
Tweet
Share
More Decks by DC7499
See All by DC7499
Sergey Sobko - Hackashop: Hackathon + Pentest + Workshop [RU]
defcon
0
540
Dmitry Sklyarov - Intel ME: Security keys Genealogy, Obfuscation and other Magic
defcon
0
270
Anton Lopanitsyn - Initial reconnaissance of web applications.
defcon
0
290
Dmitry Volkov - Private messengers: without pain??
defcon
1
230
Andrey Skuratov and Sergey Migalin - DNS tunneling in 2018. What is that, and what to do with it?
defcon
2
210
Sergey Belov - Another side of Bug Bounty programs
defcon
0
300
Dmitry Sklyarov - Intel ME: Flash file system explained
defcon
0
520
Maxim Goryachiy & Mark Ermolov - Inside Intel Management Engine
defcon
0
600
Sergey Golovanov - Indecent Response 2018
defcon
0
520
Other Decks in Research
See All in Research
Delta Airlines® Customer Care in the U.S.: How to Reach Them Now
bookingcomcustomersupportusa
0
110
MetaEarth: A Generative Foundation Model for Global-Scale Remote Sensing Image Generation
satai
3
110
CSP: Self-Supervised Contrastive Spatial Pre-Training for Geospatial-Visual Representations
satai
3
250
能動適応的実験計画
masakat0
2
790
[輪講] SigLIP 2: Multilingual Vision-Language Encoders with Improved Semantic Understanding, Localization, and Dense Features
nk35jk
2
880
20250605_新交通システム推進議連_熊本都市圏「車1割削減、渋滞半減、公共交通2倍」から考える地方都市交通政策
trafficbrain
0
720
2025年度人工知能学会全国大会チュートリアル講演「深層基盤モデルの数理」
taiji_suzuki
25
18k
心理言語学の視点から再考する言語モデルの学習過程
chemical_tree
2
550
在庫管理のための機械学習と最適化の融合
mickey_kubo
3
1.1k
問いを起点に、社会と共鳴する知を育む場へ
matsumoto_r
PRO
0
580
Combinatorial Search with Generators
kei18
0
640
Minimax and Bayes Optimal Best-arm Identification: Adaptive Experimental Design for Treatment Choice
masakat0
0
160
Featured
See All Featured
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
31
2.2k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
44
2.5k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
50
5.5k
Faster Mobile Websites
deanohume
309
31k
Thoughts on Productivity
jonyablonski
69
4.8k
10 Git Anti Patterns You Should be Aware of
lemiorhan
PRO
656
61k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
358
30k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
161
15k
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
PRO
23
1.4k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
34
6k
Mobile First: as difficult as doing things right
swwweet
223
9.9k
Product Roadmaps are Hard
iamctodd
PRO
54
11k
Transcript
Немного лирики…
DeanonymizaTOR Denis Makrushin (@difezza) Maria Garnaeva Global Research and Analysis
Team
«Я знаю что ты делал прошлым летом»
… но как?!
Эксплойты, фингерпринтинг… ну-ну- да.
Flash, html5, entry-node detection… ну- ну-да.
Но КАК … … они нашли мой мегаприватный-0дей-форум?! … они
нашли мою квартиру?!
ПАССИВНАЯ СИСТЕМА СБОРА ДАННЫХ … ИЛИ КАК ОНИ НАШЛИ МОЙ
МЕГАПРИВАТНЫЙ-0ДЕЙ-ФОРУМ?!
>> ExitPolicy accept *:*
>>tshark –i 1 –w dump.pcap
Психологический портрет tor- пользователя
Психологический портрет. Часть 2.
13
14
АКТИВНАЯ СИСТЕМА СБОРА ДАННЫХ … ИЛИ КТО СТУЧИТСЯ В ДВЕРЬ
КО МНЕ?!
Traffic injection… ну-ну-да.
Скажи мне, кто ты
Такие разные печеньки
None
ТЕМ ВРЕМЕНЕМ В TBB
А ДАВАЙТЕ ТЕКСТ ПОМЕРЯЕМ
Measuretext
Proof-of-concept: готовим пациента
Proof-of-concept: делаем укольчик
СПОЙЛЕР: НЕ ТОЛЬКО MEASURETEXT ТУТ БЫЛ PHDAYS V
СПОЙЛЕР: АНАЛИЗИРУЕМ РЕЗУЛЬТАТ ТУТ БЫЛ PHDAYS V
XSS – головная боль onion-ресурсов
Вектор атаки
None
None
None
Wazzzzup?! twitter.com/difezza
[email protected]
defcon
bookingcomcustomersupportusa
.png){kind=avatar}
satai
masakat0
nk35jk
trafficbrain
taiji_suzuki
chemical_tree
mickey_kubo
matsumoto_r
kei18
marcduiker
bcantrill
reverentgeek
deanohume
jonyablonski
lemiorhan
bermonpainter
sstephenson
honnibal
kevinliebholz
swwweet
iamctodd
![Wazzzzup?! twitter.com/difezza [email protected]](https://files.speakerdeck.com/presentations/a534fa1e5dcb49a9a2291dec751596b0/slide_31.jpg){kind=link}