A small tool to view real-world ActivityPub objects as JSON! Enter a URL
or username from Mastodon or a similar service below, and we'll send a
request with
the right
Accept
header
to the server to view the underlying object.
{
"@context": [
"https://www.w3.org/ns/activitystreams",
{
"ostatus": "http://ostatus.org#",
"atomUri": "ostatus:atomUri",
"inReplyToAtomUri": "ostatus:inReplyToAtomUri",
"conversation": "ostatus:conversation",
"sensitive": "as:sensitive",
"toot": "http://joinmastodon.org/ns#",
"votersCount": "toot:votersCount",
"litepub": "http://litepub.social/ns#",
"directMessage": "litepub:directMessage",
"blurhash": "toot:blurhash",
"focalPoint": {
"@container": "@list",
"@id": "toot:focalPoint"
},
"Hashtag": "as:Hashtag"
}
],
"id": "https://infosec.exchange/users/securescientist/statuses/109341720943313692",
"type": "Note",
"summary": null,
"inReplyTo": null,
"published": "2022-11-14T10:37:35Z",
"url": "https://infosec.exchange/@securescientist/109341720943313692",
"attributedTo": "https://infosec.exchange/users/securescientist",
"to": [
"https://www.w3.org/ns/activitystreams#Public"
],
"cc": [
"https://infosec.exchange/users/securescientist/followers",
"https://infosec.exchange/users/pavlo"
],
"sensitive": false,
"atomUri": "https://infosec.exchange/users/securescientist/statuses/109341720943313692",
"inReplyToAtomUri": null,
"conversation": "tag:infosec.exchange,2022-11-14:objectId=21439755:objectType=Conversation",
"content": "<p>A proper <a href=\"https://infosec.exchange/tags/introduction\" class=\"mention hashtag\" rel=\"tag\">#<span>introduction</span></a>. Will reboost periodically with new updates or new incoming waves from the birdsite. </p><p>I am faculty at TU Eindhoven in the Netherlands 🇳🇱 (group's website: <a href=\"http://security1.win.tue.nl/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" translate=\"no\"><span class=\"invisible\">http://</span><span class=\"\">security1.win.tue.nl/</span><span class=\"invisible\"></span></a>). I am interested in studying emergent <a href=\"https://infosec.exchange/tags/cyberthreats\" class=\"mention hashtag\" rel=\"tag\">#<span>cyberthreats</span></a> and attack innovation (from <a href=\"https://infosec.exchange/tags/malware\" class=\"mention hashtag\" rel=\"tag\">#<span>malware</span></a> to <a href=\"https://infosec.exchange/tags/socialEngineering\" class=\"mention hashtag\" rel=\"tag\">#<span>socialEngineering</span></a>), and how to integrate this into our defenses. I am the scientific director of the ESH-Security Operation Center (our own commercial <a href=\"https://infosec.exchange/tags/SOC\" class=\"mention hashtag\" rel=\"tag\">#<span>SOC</span></a>, <a href=\"https://www.eindhovensecurityhub.nl\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" translate=\"no\"><span class=\"invisible\">https://www.</span><span class=\"\">eindhovensecurityhub.nl</span><span class=\"invisible\"></span></a>; one day I'll make a thread about that).</p><p>Below and in the thumbnails some highlights from our recent work, to give you an idea of what we do. For more details/published work see my website: <a href=\"https://lallodi.github.io\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" translate=\"no\"><span class=\"invisible\">https://</span><span class=\"\">lallodi.github.io</span><span class=\"invisible\"></span></a>, or reach out to me here.</p><p><a href=\"https://infosec.exchange/tags/cybercrime\" class=\"mention hashtag\" rel=\"tag\">#<span>cybercrime</span></a>: our key questions in this area aim at understanding *which crime communities are capable of delivering innovative attack technology/business models* (i.e. how to distinguish communities producing <a href=\"https://infosec.exchange/tags/CTI\" class=\"mention hashtag\" rel=\"tag\">#<span>CTI</span></a> signals from those producing CTI noise, see 🔗 <a href=\"https://michelecampobasso.github.io/whitepapers/2021-03-01-proliferation-primer\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" translate=\"no\"><span class=\"invisible\">https://</span><span class=\"ellipsis\">michelecampobasso.github.io/wh</span><span class=\"invisible\">itepapers/2021-03-01-proliferation-primer</span></a> for a good summary of the problem space). We infiltrate prominent markets to understand social dynamics and economic incentives supporting fair trade (without which you only get scammers scamming wanna-be-scammers). Doing so we identify emergent, scalable, innovative threats. IMPersonation-as-a-Service (IMPaaS) is a good recent example of a criminal service solving long-standing attacker problems with credentials monetization, re-use of stolen resources, and technological implementation. Details + link to paper 🔗 <a href=\"https://michelecampobasso.github.io/publication/2020-11-10-impaas\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" translate=\"no\"><span class=\"invisible\">https://</span><span class=\"ellipsis\">michelecampobasso.github.io/pu</span><span class=\"invisible\">blication/2020-11-10-impaas</span></a>; another example is work on vulnerability & exploit economics 🔗 <a href=\"https://dl.acm.org/doi/abs/10.1145/3133956.3133960\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" translate=\"no\"><span class=\"invisible\">https://</span><span class=\"ellipsis\">dl.acm.org/doi/abs/10.1145/313</span><span class=\"invisible\">3956.3133960</span></a>. 🔥 More coming soon 🔥 </p><p><a href=\"https://infosec.exchange/tags/phishing\" class=\"mention hashtag\" rel=\"tag\">#<span>phishing</span></a>: we are interested in targeted phishing attacks. Tech filters aren't working, and attacks are too fast for blacklisting to work. Our take is that we need to focus on organizations' internal processes and instrument users with heuristic-based tooling to make informed decisions. Examples? With <span class=\"h-card\" translate=\"no\"><a href=\"https://infosec.exchange/@pavlo\" class=\"u-url mention\">@<span>pavlo</span></a></span> we built a cognition model to characterise advanced attacks (🔗 <a href=\"https://ieeexplore.ieee.org/document/9583678\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" translate=\"no\"><span class=\"invisible\">https://</span><span class=\"ellipsis\">ieeexplore.ieee.org/document/9</span><span class=\"invisible\">583678</span></a>, and "incidentally" unveiled the *huge* gap that exists in the scientific literature on our understanding of SE attacks 🔗<a href=\"https://lallodi.github.io/publications/Cognitive_SLR.pdf\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" translate=\"no\"><span class=\"invisible\">https://</span><span class=\"ellipsis\">lallodi.github.io/publications</span><span class=\"invisible\">/Cognitive_SLR.pdf</span></a>), ran experiments to test tailoring effects on attack success (🔗 <a href=\"https://dl.acm.org/doi/10.1145/3407023.3409178\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" translate=\"no\"><span class=\"invisible\">https://</span><span class=\"ellipsis\">dl.acm.org/doi/10.1145/3407023</span><span class=\"invisible\">.3409178</span></a>), and evaluated the effects of human characteristics on intention to report (to appear). We also have fun building tools both for attack simulations and for defense. More recent work on this on <span class=\"h-card\" translate=\"no\"><a href=\"https://infosec.exchange/@pavlo\" class=\"u-url mention\">@<span>pavlo</span></a></span>'s website: <a href=\"https://pburda.win.tue.nl\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" translate=\"no\"><span class=\"invisible\">https://</span><span class=\"\">pburda.win.tue.nl</span><span class=\"invisible\"></span></a>. Another honourable mention for the work of Amber van der Heijden, a former student of mine, who used notions from cognitive psychology to figure out which phishing attacks should be first responded to (🔗 <a href=\"https://www.usenix.org/system/files/sec19-van_der_heijden.pdf\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" translate=\"no\"><span class=\"invisible\">https://www.</span><span class=\"ellipsis\">usenix.org/system/files/sec19-</span><span class=\"invisible\">van_der_heijden.pdf</span></a>). 🔥 More coming soon 🔥 </p><p><a href=\"https://infosec.exchange/tags/soc\" class=\"mention hashtag\" rel=\"tag\">#<span>soc</span></a>: I'll dive into this more in detail the future, for the moment I want to mention SAIBERSOC, a tool we developed to inject attacks in monitored networks with the goal of testing the performance of a SOC. The tool uses so-called "attack traces", representing different phases of an attack, to generate attacks to inject. The tool is freely available. Paper here 🔗 <a href=\"https://dl.acm.org/doi/abs/10.1145/3427228.3427233\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" translate=\"no\"><span class=\"invisible\">https://</span><span class=\"ellipsis\">dl.acm.org/doi/abs/10.1145/342</span><span class=\"invisible\">7228.3427233</span></a>. 🔥 (Much) more coming soon 🔥</p>",
"contentMap": {
"en": "<p>A proper <a href=\"https://infosec.exchange/tags/introduction\" class=\"mention hashtag\" rel=\"tag\">#<span>introduction</span></a>. Will reboost periodically with new updates or new incoming waves from the birdsite. </p><p>I am faculty at TU Eindhoven in the Netherlands 🇳🇱 (group's website: <a href=\"http://security1.win.tue.nl/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" translate=\"no\"><span class=\"invisible\">http://</span><span class=\"\">security1.win.tue.nl/</span><span class=\"invisible\"></span></a>). I am interested in studying emergent <a href=\"https://infosec.exchange/tags/cyberthreats\" class=\"mention hashtag\" rel=\"tag\">#<span>cyberthreats</span></a> and attack innovation (from <a href=\"https://infosec.exchange/tags/malware\" class=\"mention hashtag\" rel=\"tag\">#<span>malware</span></a> to <a href=\"https://infosec.exchange/tags/socialEngineering\" class=\"mention hashtag\" rel=\"tag\">#<span>socialEngineering</span></a>), and how to integrate this into our defenses. I am the scientific director of the ESH-Security Operation Center (our own commercial <a href=\"https://infosec.exchange/tags/SOC\" class=\"mention hashtag\" rel=\"tag\">#<span>SOC</span></a>, <a href=\"https://www.eindhovensecurityhub.nl\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" translate=\"no\"><span class=\"invisible\">https://www.</span><span class=\"\">eindhovensecurityhub.nl</span><span class=\"invisible\"></span></a>; one day I'll make a thread about that).</p><p>Below and in the thumbnails some highlights from our recent work, to give you an idea of what we do. For more details/published work see my website: <a href=\"https://lallodi.github.io\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" translate=\"no\"><span class=\"invisible\">https://</span><span class=\"\">lallodi.github.io</span><span class=\"invisible\"></span></a>, or reach out to me here.</p><p><a href=\"https://infosec.exchange/tags/cybercrime\" class=\"mention hashtag\" rel=\"tag\">#<span>cybercrime</span></a>: our key questions in this area aim at understanding *which crime communities are capable of delivering innovative attack technology/business models* (i.e. how to distinguish communities producing <a href=\"https://infosec.exchange/tags/CTI\" class=\"mention hashtag\" rel=\"tag\">#<span>CTI</span></a> signals from those producing CTI noise, see 🔗 <a href=\"https://michelecampobasso.github.io/whitepapers/2021-03-01-proliferation-primer\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" translate=\"no\"><span class=\"invisible\">https://</span><span class=\"ellipsis\">michelecampobasso.github.io/wh</span><span class=\"invisible\">itepapers/2021-03-01-proliferation-primer</span></a> for a good summary of the problem space). We infiltrate prominent markets to understand social dynamics and economic incentives supporting fair trade (without which you only get scammers scamming wanna-be-scammers). Doing so we identify emergent, scalable, innovative threats. IMPersonation-as-a-Service (IMPaaS) is a good recent example of a criminal service solving long-standing attacker problems with credentials monetization, re-use of stolen resources, and technological implementation. Details + link to paper 🔗 <a href=\"https://michelecampobasso.github.io/publication/2020-11-10-impaas\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" translate=\"no\"><span class=\"invisible\">https://</span><span class=\"ellipsis\">michelecampobasso.github.io/pu</span><span class=\"invisible\">blication/2020-11-10-impaas</span></a>; another example is work on vulnerability & exploit economics 🔗 <a href=\"https://dl.acm.org/doi/abs/10.1145/3133956.3133960\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" translate=\"no\"><span class=\"invisible\">https://</span><span class=\"ellipsis\">dl.acm.org/doi/abs/10.1145/313</span><span class=\"invisible\">3956.3133960</span></a>. 🔥 More coming soon 🔥 </p><p><a href=\"https://infosec.exchange/tags/phishing\" class=\"mention hashtag\" rel=\"tag\">#<span>phishing</span></a>: we are interested in targeted phishing attacks. Tech filters aren't working, and attacks are too fast for blacklisting to work. Our take is that we need to focus on organizations' internal processes and instrument users with heuristic-based tooling to make informed decisions. Examples? With <span class=\"h-card\" translate=\"no\"><a href=\"https://infosec.exchange/@pavlo\" class=\"u-url mention\">@<span>pavlo</span></a></span> we built a cognition model to characterise advanced attacks (🔗 <a href=\"https://ieeexplore.ieee.org/document/9583678\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" translate=\"no\"><span class=\"invisible\">https://</span><span class=\"ellipsis\">ieeexplore.ieee.org/document/9</span><span class=\"invisible\">583678</span></a>, and "incidentally" unveiled the *huge* gap that exists in the scientific literature on our understanding of SE attacks 🔗<a href=\"https://lallodi.github.io/publications/Cognitive_SLR.pdf\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" translate=\"no\"><span class=\"invisible\">https://</span><span class=\"ellipsis\">lallodi.github.io/publications</span><span class=\"invisible\">/Cognitive_SLR.pdf</span></a>), ran experiments to test tailoring effects on attack success (🔗 <a href=\"https://dl.acm.org/doi/10.1145/3407023.3409178\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" translate=\"no\"><span class=\"invisible\">https://</span><span class=\"ellipsis\">dl.acm.org/doi/10.1145/3407023</span><span class=\"invisible\">.3409178</span></a>), and evaluated the effects of human characteristics on intention to report (to appear). We also have fun building tools both for attack simulations and for defense. More recent work on this on <span class=\"h-card\" translate=\"no\"><a href=\"https://infosec.exchange/@pavlo\" class=\"u-url mention\">@<span>pavlo</span></a></span>'s website: <a href=\"https://pburda.win.tue.nl\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" translate=\"no\"><span class=\"invisible\">https://</span><span class=\"\">pburda.win.tue.nl</span><span class=\"invisible\"></span></a>. Another honourable mention for the work of Amber van der Heijden, a former student of mine, who used notions from cognitive psychology to figure out which phishing attacks should be first responded to (🔗 <a href=\"https://www.usenix.org/system/files/sec19-van_der_heijden.pdf\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" translate=\"no\"><span class=\"invisible\">https://www.</span><span class=\"ellipsis\">usenix.org/system/files/sec19-</span><span class=\"invisible\">van_der_heijden.pdf</span></a>). 🔥 More coming soon 🔥 </p><p><a href=\"https://infosec.exchange/tags/soc\" class=\"mention hashtag\" rel=\"tag\">#<span>soc</span></a>: I'll dive into this more in detail the future, for the moment I want to mention SAIBERSOC, a tool we developed to inject attacks in monitored networks with the goal of testing the performance of a SOC. The tool uses so-called "attack traces", representing different phases of an attack, to generate attacks to inject. The tool is freely available. Paper here 🔗 <a href=\"https://dl.acm.org/doi/abs/10.1145/3427228.3427233\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" translate=\"no\"><span class=\"invisible\">https://</span><span class=\"ellipsis\">dl.acm.org/doi/abs/10.1145/342</span><span class=\"invisible\">7228.3427233</span></a>. 🔥 (Much) more coming soon 🔥</p>"
},
"updated": "2022-12-16T17:23:17Z",
"attachment": [
{
"type": "Document",
"mediaType": "image/png",
"url": "https://media.infosec.exchange/infosec.exchange/media_attachments/files/109/341/703/244/093/928/original/c0da562e5422989e.png",
"name": "Impersonation-as-a-Service paper. https://arxiv.org/pdf/2009.04344.pdf",
"blurhash": "U8Q]+wt7WBWB~qWBxuj[xuj[t7j[4nRjt7of",
"focalPoint": [
-0.8,
0.82
],
"width": 1895,
"height": 1094
},
{
"type": "Document",
"mediaType": "image/png",
"url": "https://media.infosec.exchange/infosec.exchange/media_attachments/files/109/341/704/256/319/573/original/1cc974ba1d1f5c19.png",
"name": "SAIBERSOC paper. https://dl.acm.org/doi/abs/10.1145/3427228.3427233",
"blurhash": "UDRV|To}$*oz~WtRxFtRVso}aKozRPkWRPoz",
"focalPoint": [
0.84,
0.79
],
"width": 1596,
"height": 1299
},
{
"type": "Document",
"mediaType": "image/png",
"url": "https://media.infosec.exchange/infosec.exchange/media_attachments/files/109/341/704/786/723/185/original/42b345ad958c142d.png",
"name": "Cognition model of Social engineering attacks. https://ieeexplore.ieee.org/document/9583678",
"blurhash": "UFR3TWayayfj~qayt7of%Moff7WB9FRjofof",
"focalPoint": [
-0.76,
0.85
],
"width": 1827,
"height": 1135
},
{
"type": "Document",
"mediaType": "image/png",
"url": "https://media.infosec.exchange/infosec.exchange/media_attachments/files/109/341/705/572/307/014/original/003acd7b521663c1.png",
"name": "Gap in the social engineering literature. https://lallodi.github.io/publications/Cognitive_SLR.pdf",
"blurhash": "U7RfkBD%%May_3IUfQj[~qayWBWB9FxuWBRj",
"focalPoint": [
0,
0
],
"width": 1817,
"height": 1141
}
],
"tag": [
{
"type": "Mention",
"href": "https://infosec.exchange/users/pavlo",
"name": "@pavlo"
},
{
"type": "Hashtag",
"href": "https://infosec.exchange/tags/introduction",
"name": "#introduction"
},
{
"type": "Hashtag",
"href": "https://infosec.exchange/tags/cyberthreats",
"name": "#cyberthreats"
},
{
"type": "Hashtag",
"href": "https://infosec.exchange/tags/malware",
"name": "#malware"
},
{
"type": "Hashtag",
"href": "https://infosec.exchange/tags/socialengineering",
"name": "#socialengineering"
},
{
"type": "Hashtag",
"href": "https://infosec.exchange/tags/soc",
"name": "#soc"
},
{
"type": "Hashtag",
"href": "https://infosec.exchange/tags/cybercrime",
"name": "#cybercrime"
},
{
"type": "Hashtag",
"href": "https://infosec.exchange/tags/cti",
"name": "#cti"
},
{
"type": "Hashtag",
"href": "https://infosec.exchange/tags/phishing",
"name": "#phishing"
}
],
"replies": {
"id": "https://infosec.exchange/users/securescientist/statuses/109341720943313692/replies",
"type": "Collection",
"first": {
"type": "CollectionPage",
"next": "https://infosec.exchange/users/securescientist/statuses/109341720943313692/replies?only_other_accounts=true&page=true",
"partOf": "https://infosec.exchange/users/securescientist/statuses/109341720943313692/replies",
"items": []
}
},
"likes": {
"id": "https://infosec.exchange/users/securescientist/statuses/109341720943313692/likes",
"type": "Collection",
"totalItems": 13
},
"shares": {
"id": "https://infosec.exchange/users/securescientist/statuses/109341720943313692/shares",
"type": "Collection",
"totalItems": 4
}
}