Web Forum Exploitation Using XKS

Web Forum Exploitation using XKEYSCRE 5217 July 2009

Page 2 from Web Forum Exploitation Using XKS

What forum data do we _ _have in I FISA full takei< for U.S. web forum servers under FISA coverage I Passive collection for OCONUS web forum server traffic I Passive collection for individual forum users located OCONUS

Page 3 from Web Forum Exploitation Using XKS

Content - Posts and private messages When FISA is available PINWALE is best for content (large amount of traffic) Time sensitive threats XKEYSCORE may be faster

Page 4 from Web Forum Exploitation Using XKS

All posts/ threads on one forum I HTTP Activity query form - Fingerprints: maiI/WebmaiI/vbulletin/post* - IP address (either): web forum server IP

Page 5 from Web Forum Exploitation Using XKS

All Private Messages for a Forum I HTTP Activity query form - Fingerprints: - IP address (either): web forum server IP

Page 6 from Web Forum Exploitation Using XKS

SysAdmin Activity I CPanek All web forum IP addresses AND Ports for CPaneI (2082 or 2083 or 2086 or 2087) - AdminCP: All web forum IP addresses AND - Application Info - *adminCp*

Page 7 from Web Forum Exploitation Using XKS

Applications Used on Forums I Example: all forum users with MS V2.0 private messages: And