Read on Twitter
My wife just ran an educational seminar on @zoom_us for a volunteer organization she helps and ... we witnessed our first Zoom bombing!
Slide defacing, violent threats, racial slurs - the works!
Reported to trust @ zoom.
But that won't stop me from investigating on my own!
Slide defacing, violent threats, racial slurs - the works!
Reported to trust @ zoom.
But that won't stop me from investigating on my own!
They used a unique ID and password but distributed the invite too widely IMO 
The default logs (PRO acct) leave *quite* a bit to be desired.
I may setup up Zoom event API (via webhook) as shown by @MSSPete: https://twitter.com/ItsReallyNick/status/1255320077580320770?s=20 (overkill for charity, but fun for next time)
The default logs (PRO acct) leave *quite* a bit to be desired.
I may setup up Zoom event API (via webhook) as shown by @MSSPete: https://twitter.com/ItsReallyNick/status/1255320077580320770?s=20 (overkill for charity, but fun for next time)
I'll also have them disable the annotation feature (In Meeting > Basics).
Though a birdie tells me they're switching to @MicrosoftTeams anyway
That said, I'm pretty sure I can find these punks.
Zoom > Usage > Active Hosts:
Name (Original Name)
User Email
Join Time
Leave Time
Though a birdie tells me they're switching to @MicrosoftTeams anyway
That said, I'm pretty sure I can find these punks.
Zoom > Usage > Active Hosts:
Name (Original Name)
User Email
Join Time
Leave Time
Email not required. (will also look into that setting)
Unless email is only exposed if you use an explicit sign-up email. That is, I don't know if OAuth-based auth shows up in Zoom's Active Hosts logging. Anyone know?
Unless email is only exposed if you use an explicit sign-up email. That is, I don't know if OAuth-based auth shows up in Zoom's Active Hosts logging. Anyone know?
Personal opinion: when it comes to security vs. usability, @zoom_us is incredibly usable!
I don't know what's important to them
, so when sending this abuse report, I try to point to TOS 
https://zoom.us/terms
In the abuse report I just sent, I noted
d. Prohibited Use (vi)
I don't know what's important to them
, so when sending this abuse report, I try to point to TOS https://zoom.us/terms In the abuse report I just sent, I noted
d. Prohibited Use (vi)
Some free and probably legal thing you can do for those attendees w/ email addresses*
Thank them for attending the event inviting them to complete your survey/webhook using a tracking pixel [pictured]
THEY'RE VIEWING NOW.
*burner emails? compromised? are people this dumb?
![Some free and probably legal thing you can do for those attendees w/ email addresses*Thank them for attending the event inviting them to complete your survey/webhook using a tracking pixel [pictured]THEY'RE VIEWING NOW. *burner emails? compromised? are people this dumb?](https://pbs.twimg.com/media/EkvceToWMAYrQnf.jpg "Some free and probably legal thing you can do for those attendees w/ email addresses*Thank them for attending the event inviting them to complete your survey/webhook using a tracking pixel [pictured]THEY'RE VIEWING NOW. *burner emails? compromised? are people this dumb?")
![Some free and probably legal thing you can do for those attendees w/ email addresses*Thank them for attending the event inviting them to complete your survey/webhook using a tracking pixel [pictured]THEY'RE VIEWING NOW. *burner emails? compromised? are people this dumb?](https://pbs.twimg.com/media/Ekvcg1LXIAUeQ0k.png "Some free and probably legal thing you can do for those attendees w/ email addresses*Thank them for attending the event inviting them to complete your survey/webhook using a tracking pixel [pictured]THEY'RE VIEWING NOW. *burner emails? compromised? are people this dumb?")
Thank them for attending the event inviting them to complete your survey/webhook using a tracking pixel [pictured]THEY'RE VIEWING NOW.
*burner emails? compromised? are people this dumb?
Compose an email, view profile image/details on the respective service.Use full-size original image (drop passed URL parameters) + @TinEye / Google reverse image search / others? (suggestions?)
Check *IF* you can register for social media on that account or if already exists
I have a few other tricks for each service provider that I think are clever & legal (after reviewing TOS)... but I'm not comfortable broadcasting them since they're used in the occasional attribution investigation.A bunch of y'all do professional recon... what'd I leave out?
