2025-08-04 –, Misora
We built a tool HIBR, a system that crawls ransomware gang leak sites, downloads the chaos, and uses OCR + LLMs to sift through scanned IDs, contracts, HR PDFs, and anything else these digital hyenas leave behind. And yes, it works. No, we don’t show you the PII. But we know where it is.
This talk is a guided tour through a pipeline that’s half tool, half moral panic generator. You’ll see how we built it, what we found, and what it means when your passport is sitting in a ZIP file called pay_or_we_leak.zip.
This isn't a product demo. It’s a deep dive into uncomfortable data, blurry legal zones, and the fine art of not getting sued while looking directly at the internet's open wound.
HIBR was born out of frustration. Everyone’s talking about ransomware, but nobody wants to touch the fallout. I’m talking about the public dumps. The .7z files on sketchy TOR mirrors. The PDFs titled “contracts” that are actually scanned IDs from Ecuador to Estonia.
Most breach tools ignore these. They’re messy, hard to parse, and a legal migraine. So I built a system that does parse them, responsibly (as much as that’s possible), and answers one burning question: was my real-life data dumped by ransomware goons and forgotten?
We built:
A crawler (breach.house) that grabs leaks from known ransomware groups, also breaches, stealer logs and leads.
A processor that unzips the chaos, runs OCR over images, extracts text, and feeds it to an LLM trained to recognize personal data patterns (ID numbers, names, passport, driver license, ssn, etc).
A frontend (haveibeenransom.com) that lets you search for your email or ID without ever exposing the raw data.
This talk will include:
Real examples (redacted) of exposed IDs, tax files, and the dumbest things people name their internal folders.
The tradeoffs between “public service” and “this might get me a GDPR fine.”
A walkthrough of the tool, how it works, what it does well, and where it could go sideways.
This is the side of breach awareness people pretend isn’t there. We're not pretending.
Juanma is a security researcher and developer focused on threat intel tooling and dark web data analysis. He builds open-source tools that turn leaked chaos into structured awareness, with a strong focus on privacy, legality, and responsible disclosure. His current project, Have I Been Ransomed?, is part of a broader mission to make ransomware leak awareness accessible and useful—without exposing the data that bad actors already dumped.