Using Haversine to Detect Stolen Credentials and Querying Who Stole Them with nInfo

Thursday, May 08 | 10:15AM–11:15AM | Gateway Ballroom 4
Session Type: Professional Development

How can you find stolen credentials more proactively? With a little math (already programmed) and free geolocation data, your access logs can be used to determine the feasibility of logins from two different geographic locations within a specified period. Tools like nInfo can then help identify who's using those compromised accounts. A plugin-based information gathering system, nInfo is a Google-like "get info" tool for querying multiple systems for an IP, MAC address, or username to collect information. It's a command line tool, a reusable library, and a web interface. Plugins for nInfo can be written to grab data from any internal or external system.


See how IP-based geolocation data can proactively detect compromised accounts using Haversine * Learn about a nicer way to query multiple data sources using nInfo * Learn how to get nInfo set up at your organization and how to write custom plugins


  • Justin Azoff

    Research Programmer, University of Illinois at Urbana-Champaign
  • Nick Hannon

    Sr. Information Security Architect, Swarthmore College

Resources & Downloads