 Hello, everyone. So this talk won't be quite like other talks you might have seen around. It's going to be very demo heavy. And it's on 3D web visualization. So congratulations, those of you who made it, this is one of DEF CON's unofficial scavenger hunts finding that isn't listed. So if you're in the audience, you're a winner. And if you're not in the audience and you're watching it on video, well, better luck next time. All right. So I'm Alejandro Casares. Call me Alex. I'm the owner of Hyperion Gray. I'm the back end developer for the tool that you're about to see. I'm interested in applying distributed computing as it relates to breaking things and finding vulnerabilities in things. So you're going to see a lot of that throughout the talk. It's kind of a theme of mine, if you will. Originally a web app pen tested by trade started focusing on software development after that. So I hope you like the tool. And my name is Teal Rogers. I am a maker and an interface developer specializing in 3D. We're actually a little bit ahead of time. So this is a, it's a 3D visualization of the web. Which is, so, they're not on the screen. Well, let's see about that. There we go. No, it's not really a big deal. We actually just have one slide and then we just get into the demo. Yeah, yeah. If you want to read about the problem we're solving. Yeah, it should be okay. All right. So once again, congratulations. Those are the of you who made it. And we're just going to jump right into it. Show you the program and take you around it a little bit. So this environment is, you know what I can do, if it cuts off the edge a little bit, I can move this over. Does that look good? Yeah, a little bit more. All right. So this is basically our application. It is a, it's a 3D environment. And what you see here is domains. Domains are represented in as globes with, you know, graphics and stuff. And when a domain spawns, there is smaller balls which represent pages. So this is not attempting to reproduce a web browser or anything like that. It is giving metadata for the internet. A sort of a view that no one else is doing. There's things that you can see from this organization that you can't see anywhere else except by like really digging into your HTML, digging into what your code is, doing vulnerability scans using scanning software which frankly most people don't do. So we wanted to make it easy to do that. And this is what this is designed to do. Yeah. And right now what you're seeing, all this is running in a test environment of ours. We have about 15 to 20 websites. Some of those websites have various vulnerabilities in them. Some of them have misconfigurations. Some of them just have really messed up configurations, just little things that make it an odd site. So along with that we do have a few production websites so we'll point those out when we go to them. If you're checking them out on your smart phone, you can see, you can see those. Things like hypergraingrade.com, trinerysoftware.com. So some of them are internet facing and some of them are not. So the first site we wanted to show you was DC graphics. And I'll just show you real quick in the web browser. It's a very small site. It's basically a joke site, really. It's two posts on WordPress. And I'll just give it a second here to reconnect. See the connection is right there. So it's a very small site in our environment. We do a crawl in advance and it maps all the links. So you can see a line from one page to another page is a link. And they're all directional because links are directional. So the skinny end is where it's pointing to, the fat end. It's kind of like an arrow. So this is a typical sort of WordPress site if it's very small. Larger WordPress sites tend to have a core and then an outer core. This one just has an inner core because it's too small to have two cores. So you see the cores is these sites here. And on the outside you see some feed sites which that's what WordPress does. It creates feed sites. Yeah, so on the back end the crawler is running continuously to keep everything updated. So the goal is to give you a continuously updated view of the websites that you're seeing. Right now you're actually just seeing a snapshot in time. But the way that it's built on the back end is it's a Hadoop based web crawler slash vulnerability scanner. So we can keep track of a ton of websites over a short period of time. And the more websites we keep track of, all we basically have to do is scale up cluster which is really, really easy. And that will shorten our crawling times and collection of metadata and all that stuff. So you might recognize that as somewhat similar to the Google model, how they're collecting metadata and collecting websites. And actually the back end is an open source implementation of exactly how Google is doing it. So here's another site. It's Boonville Lib. It's another joke site really. It will spawn in a second here. It's also written in WordPress. It's just a little bit bigger. It's got a few more posts. And in a little bit here you'll notice something strange which is why we're focusing on this one at the moment. It has this link that will appear to a domain called one dot gravatar dot com. And I made this site. And I don't know what one dot gravatar dot com is. I haven't dug through the source code. The only way I know that it's there is through this API. See there it is. See, we don't actually crawl one dot gravatar dot com. That's why it looks like a distortion. But one of the advantages of seeing the metadata of the internet, the internet is under belly, is you get to see that there's these weird links all over the place that you didn't even know were there. Even if you made the site you didn't know they were there. By the way, does anybody know what one dot gravatar dot com is by chance? You want to go to it? It's a picture site. All right. So we needed a 3D map and a dude in the audience to tell us what that was. That's cool. Yeah. Awesome. So next up Teal is going to show us punkspider dot hyperion gray dot com. This is an example of a live production site that's out there. Has anybody heard of the punk spider project by chance? No? Nobody? That guy? No, he was just fidgeting a little. Yeah, my girlfriend? Yeah. So this is punk spider. It's a distributed vulnerability search engine which was kind of a precursor to web 3.0. It's not in 3D. It's not quite this fancy. But it does use on the back end a distributed vulnerability scanner that I wrote that gives you back vulnerabilities on websites. Much like web 3.0 does. Which we'll get into a little bit later. But on the back end web 3.0 is a little bit fancier than punk spider is. It kind of froze up here a little bit. This is a production platform. Not that one. And we're still tracking down all the stuff. It's really easy to restart it. Yeah. It's a prototype. Sorry to interrupt you. No, you're fine. Thank you. So I was saying about punk spider. No, I was saying about web 3.0. So on the back end we're using a distributed H base back end. So you already might notice the theme here, right? Everything that I write on the back end is completely distributed. So what that means if you're not familiar with H base is it's a huge key value store that runs on a Hadoop cluster. So the more keys and values you have, the more you can just scale up your cluster by adding a machine, which again is really easy, takes about a minute to add a machine and makes it infinitely scalable. So the more data we have, just have to scale up our cluster since actually most of the stuff is in the cloud, that really just takes like 30 seconds to a minute. So if you notice sometimes domains disappear, sometimes they reappear, that this is controlled by interest. Whatever domain you have focused in the center of the view is the domain you're interested in. And it's a value that the interface keeps track of just to keep the screen less cluttered. And so as domains lose interest, as you're not focused on them, they disappear from the interface and then they reappear. So here we have a vulnerable domain. That's why it's spewing stuff. It's vulnerable to SQL injection. This particular domain we made on purpose to be vulnerable. That's why it's called SQL I1. And this is another thing that you can't really see from just looking at HTML, from looking at your page. You can't see whether your site is vulnerable to hacks. And with our Web 3.0 visualizer, you can see an overview of whether you're linked to sites that happen to be vulnerable or whether you just find sites randomly on the internet. You want to know whether they're vulnerable or not for various reasons. And so here we have HyperionGray.com, which is Alex's site. It is... Actually, one quick note about the vulnerability scanner. Every site that goes through the system gets scanned for vulnerabilities. The base of the vulnerability scanner right now is done. It's still pretty basic. It's essentially just a little fuzzer that goes through get parameters. But of course we're expanding that and making it a much fancier vulnerability scanner. So the way it works is a little bit unique. So a web crawler, when you actually go out and crawl sites with a web crawler, you're collecting a ton of metadata on those sites. What the scanner does is it makes vulnerabilities a completely integral part of that metadata. So you essentially don't crawl unless you're looking for vulnerabilities in a site, which is pretty cool. And again, going along with my theme, this is a fully distributed vulnerability scanner. So the more nodes we have in our cluster on the back end, the faster we can scan. So that makes it really useful. Essentially we can scale this up and keep track of not only a map of the entire internet, but we can scan the entire internet for vulnerabilities, which is pretty cool. So as you can tell, Alex is all about the scanner and the vulnerability. And I'm focused on the 3D engine. So here we have the Alex's site, which is built in Drupal. And this is one of the peculiarities you can find with Drupal sites sometimes, is that you'll find this area here, which is kind of weird URLs that don't really say much, node 26, node 29. And then you'll find longer URLs, human readable URLs over here. So Drupal is creating these weird little URLs and just forwarding them to the longer ones. And this kind of creates a kite, sort of a main page over here, and then a kite in the background, which is really funny, actually. But this isn't really the view that you would see as a user of the site. You would just see this, the stuff on the right. And as a crawler though, as Google, or as, you know, even somebody collecting information for whatever purposes you might collect information for a site, you would see, you'd want to know that there's this kind of little odd structure going on here. Because, you know, information is power. Yeah, so now Thiel is going to take us to a site, bushofficial.com. So bushofficial is an example of a live production site that we actually do not own. We've just kind of sample crawled the site, so this actually isn't the entire site. It is the official site of the band Bush. Do we have any Bush fans out there? Okay. Yeah, I've never actually heard Bush, but I think they're probably a great band. Yeah, and we're sure they're lovely people. And yeah, lovely people. Yeah. So the system is able to, as I mentioned, in a very non-invasive way, check for vulnerabilities in these sites. We're doing some really respectful stuff from a network standpoint. We're respecting robots.tax even during vulnerability scanning throughout the entire thing. And we never flood the site with traffic in any way. So you'll see just a few vulnerable links pop up. These are URLs in the domain with SQL injection. They are real, but don't misuse this. Don't be a dick, I guess, is all I'm trying to say. So yeah. Yeah, so you can see Bush is kind of a typical site. They love MySpace and they love Facebook back here, even though the labor. And here's Twitter. They love Twitter. And so they're showing a lot of love for social networks, which, well, that's pretty typical of a band. Twitter is, of course, a massive site, and we don't crawl it even though it kind of looks like we do. We just crawl if they happen to link to it. And over here, we find someone else who happens to link to it. Well, the distance is pretty random. You can actually take domains and just drag them around with the mouse. So you can grab Twitter and drag it over here. It's all organized dynamically based on whether it's connected to anything that happens to be shown on the screen at that time. So here we have the Defcon website, which is really quite interestingly organized. There's a core of pages here, which is the main site. And then here's a satellite page. So this isn't a full crawl of the Defcon website, or you'd see a bunch of different satellite pages also. But Defcon is one of the few sites that actually does this on purpose. Many sites do this by accident. So you can see Defcon shows a lot of love to Facebook. It shows a lot of love to Twitter. And it shows a little bit of love to Amazon, just in this one little URL, links slash booklist.html. So you can see where their priorities are. So we still have plenty of time. Actually, we probably have some time for questions in the end. I think Tilly's just going to show you www.trinariesoftware.com real quick and tell you a little bit about how you can get involved with the project. We definitely need your help. Tilly, you want to tell them a little bit about that? All right. So this is my website that I made in, like, the last week. And if you look at the structure in our Web 3.0 viewer, you see some really interesting things, actually. And you'll see that there's the structure here, which is pretty normal. But then there's this, like, weird little structure off to the side. And this is actually non www.trinariesoftware.com. So what I've done, and I haven't corrected it just so that you can show, I have accidentally, this is a purely organic mistake here, linked some of my pages to a different domain, a non www domain. And as far as, like, Google is concerned, this is, like, a big no no. And Google is kind of like the government of the internet, so to speak. And so this sort of mistake you can make will often get you Google find. And I made up that term. I'm hoping it sticks. But that isn't an actual term. But so it's a good example of why you would want to get a map of your website. Because if you just crawl manually through your own, through the web browser, examine your HTML, you're very likely to miss the fact that you stuck some of the pages in non www format. Fortunately my site doesn't have any SQL injection vulnerabilities on it. Or you'd be able to see that as well. So what we have here, what the software is, is, it's a prototype. It's under active development and there's a lot of directions that we could take this. We want our friends to get involved. And by our friends, I mean all of you guys. We want, so what we've done, what I've done is we've made this, we've made a mailing list for now. So if you're on the site on trinarysoftware.com, you can sign up for a mailing list and we're going to be offering everyone who is on the mailing list in a month or probably two months free access to the closed beta. So we're, we're, we really want you to be involved. And for contextual reasons we, we can't really offer an open beta. But we, we want to offer everyone here free access to the closed beta. Yeah. And for the back end engine, actually I'm releasing this free and open source under the Apache license so you can do whatever you want with it. I know Teal's also going to offer a free version of this when, when it does actually come out. Yeah, thanks for coming. One last note, if you're interested in offensive techniques and distributed computing, I talk, I have another talk here that's coming up at 3 p.m. at track one. So definitely catch that if that sounds like something that's interesting to you. And thanks for coming. Thanks a lot guys. We actually have about five minutes where we can take some questions. Where do you opt in for the beta? It's www.trynarysoftware.com. T-R-I-N-A-R-Y. Right on the top there. So it, it's actually very simple. It's a T-R-I-N-A-R-Y. T-R-I-N-A-R-Y. T-R-I-N-A-R-Y. Like three N-A-R-I-S. T-R-I-N-A-R-Y. T-R-I-N-A-R-Y software is technically meaningless term in almost any kind of functional sense. Unless you, unless you think of it in terms of 3D. So that's really the only way that you could take what is, you know, what is a T-R-I-N-A-R-Y software? It's a 3D software. Other questions? What? So actually it's a customized version of a crawler called Apache Nutsch. Which is where the Apache Hadoop project actually came from. It spawned from Apache Nutsch. So we customized it, added a bunch of plug-ins on the back end and again releasing all that stuff open source after. Yeah. I will be showing off a little bit more about the crawler and vulnerability scanner in my talk at 3 p.m. on track one. Thanks John. Anybody else? Yeah. Using a leak motion to control it? Using what kind of motion? Yeah. It could, we can use like biofeedback and leak motion and that is actually really easy to plug in and that's a direction we can take this. We're trying to figure out what directions. We want all the good suggestions like that that we can get and any kind of, you know, contributions, any kind of input that anybody can get. Feel free to email us or our emails are listed on our website. Or, you know, if you have any ideas or you have a project that this would really interrelate with, it would be very helpful. Yeah. We definitely are hoping to get a little back and forth with the community. I mean, we really want to make the community kind of an integral part of where we take this entire thing. So definitely if you have ideas or you just want to talk with us or have any additional questions, shoot us an email. Follow me on Twitter, dot slash punk on Twitter. Or come to my talk again at 3 p.m. on track one. All right. Thank you for coming. Thanks, everybody.