Explore the world of disinformation as a service in this 44-minute conference talk from Security BSides London. Delve into the origins of the HoneyPoC project, its evolution into AutoPOC, and the unexpected consequences of scaling disinformation tactics. Learn about templating techniques for maximum reach, geographical distribution of executions, and the top CVEs leveraged in the process. Examine the lasting impact of AutoPOC, including domain patterns and the chaos it unleashed. Gain insights into the risks and ethical implications of weaponizing disinformation in cybersecurity research.
Overview
Syllabus
Intro
Original HoneyPoC - How it Started...
Double Down?
AutoPOC - Disinformation as a Service - How?
AutoPoC - Templating for Maximum Reach
Where was it located and how was it accessed?
Timeline of Events
I bit off more than I could chew...
Breakdown By OS Execution
Executions without Sandboxes Mapped
Distribution OF Executions 42%
Top 10 CVEs Leveraged (Sorted by unique non sandbox execution)
A lot of people ran it.
The Upset (Cont)
Domains/Patterns
AutoPoC - Lasting Impact
Read More About The Chaos
Taught by
Security BSides London
