SecurityTubeBeta Watch ... Learn ... Contribute |
 |
 |
 |
 |
 |
  |
|
Open Source Information Gathering (Brucon 2009)
This talk titled "Open Source Information Gathering" was given by Chris Gates at Brucon 2009. The presentation can be viewed here.
Abstract: This talk is about using the current open source tools to generate a detailed target footprint for a blackbox penetration test. Suppose for our penetration test we are given nothing but a domain name. Client-side and Social Engineering attacks are in scope, but we're on our own to come up with all the information needed to execute those attacks (just like a real attacker would be required to do). The days of running Sam Spade or simply querying a whois server for the totality of your information gathering are dead. We need to leverage all the information freely available to us on the net to build both our network attack list as well as our client attack list. This information includes network ranges, hidden company affiliations, hostnames, dns information, public documents with their metadata and email addresses for client side attacks.
Speaker Bio: Chris Gates (CG). Founder Full Scope Security performing full scope penetration testing and security engineering. Previous jobs includes full scope penetration tester for one of the DoD Red Teams and Army Signal Officer spending gobs of time in layer 2 and layer 3 land. EthicalHacker.net columnist and security blogger.
Abstract: This talk is about using the current open source tools to generate a detailed target footprint for a blackbox penetration test. Suppose for our penetration test we are given nothing but a domain name. Client-side and Social Engineering attacks are in scope, but we're on our own to come up with all the information needed to execute those attacks (just like a real attacker would be required to do). The days of running Sam Spade or simply querying a whois server for the totality of your information gathering are dead. We need to leverage all the information freely available to us on the net to build both our network attack list as well as our client attack list. This information includes network ranges, hidden company affiliations, hostnames, dns information, public documents with their metadata and email addresses for client side attacks.
Speaker Bio: Chris Gates (CG). Founder Full Scope Security performing full scope penetration testing and security engineering. Previous jobs includes full scope penetration tester for one of the DoD Red Teams and Army Signal Officer spending gobs of time in layer 2 and layer 3 land. EthicalHacker.net columnist and security blogger.
Related Videos from: Presentations from Brucon 2009 (2)
.jpg) | .jpg) | .jpg) | .jpg) | ||
You are Viewing this Video Now! | |||||
3549 views | 2735 views | 2403 views | 3102 views |
Author
Vivek Ramachandran is a security evangelist and has been working in computer security related fields for the past 7 years. In 2007, Vivek spoke at world renowned conferences Defcon (WEP Cloaking Exposed) and Toorcon (The Caffe Latte Attack). The discovery of the Caffe Latte Attack was covered by CBS5 news, BBC online, Network World etc news agencies.In 2006, Vivek was announced as one of winners of the Microsoft Security Shootout contest held in India among 65,000 participants. He has also been a recipient of a Team Achievement at Cisco Systems for his work on 802.1x and Port Security modules on the Catalyst 6500 switches. Currently he spends all of his time maintaining Security- Freak.Net , SecurityTube.Net and is the co-founder of Axonize. Vivek, is a Bachelor in Electronics and Communications Engineering from the prestigious Indian Institute of Technology, Guwahati.You can contact him at vivek[at]securitytube.net
©2007 Freak Labs |