[Owasp-australia] Presenting the OWASP "Google Hacking" Project at RUXCON 2K8
christian.heinrich at cmlh.id.au
Mon Nov 24 22:39:58 EST 2008
I am presenting the OWASP "Google Hacking" Project as part of the "googless"
presentation at RUXCON 2K8, which is held at UTS, this Sunday (30 November)
Further information on RUXCON 2K8 is available from
The abstract has been modified (it has not been republished on
http://www.ruxcon.org.au/presentations.shtml#19 yet) and has been reproduced
Two Proof of Concept (PoC) will be demonstrated that implement the Google
SOAP Search API to support the "reconnaissance" phase of a Penetration Test:
1. "Download Indexed Cache", which retrieves content indexed within
the Google Cache to support the testing specified in the "Search Engine
Reconnaissance" section of the recently released OWASP Testing Guide v3.
2. "TCP Input Text", which extracts TCP Ports from Google Search
Results into a .csv file and executes nmap and/or nc aka netcat for
assurance of a listening TCP service.
The "Speak English" Google Translate Workaround will be discussed and
demonstrated that evades the "English" to "English" translation restriction
to leverage their translation service as an anonymous proxy.
Mitigating controls, such as <META> Tags and robots.txt, will be discussed
and debated based on the recommendations within the
"Spiders/Robots/Crawlers" section of the recently released OWASP Testing
I am looking forward to seeing you all there.
OWASP "Google Hacking" Project Lead
From: owasp-australia-bounces at lists.owasp.org
[mailto:owasp-australia-bounces at lists.owasp.org] On Behalf Of
announce at ruxcon.org.au
Sent: Monday, 20 October 2008 8:39 PM
To: owasp-australia at lists.owasp.org
Subject: [Owasp-australia] Ruxcon 2008
Ruxcon is Australia's premier technical computer security conference,
held annually at the University of Technology (UTS), Sydney. After a
break in 2007, Ruxcon is back and bigger than ever.
Ruxcon brings together the best and the brightest security talent in
the Australia-Pacific region through live presentations, activities,
Ruxcon 2008 will be held on the weekend of the 29th of November to the
30th of November at the University of Technology, Sydney. Doors open
at 8:30am and the first presentation commences at 9:30am.
RUXCON 2008 Presentations :
1. Security Applications for Emulation - Silvio Cesare
2. Intelligent Web Fuzzing - Neil Archibald
3. Attacking the Vista Heap - Ben Hawkes
4. Targetted OLE2 Attacks, The New Black - Peter Taylor
5. Attacking Rich Internet Applications - Kuza55, Stefano Di Paola
6. Introduction to Reverse Engineering - Ashley Fox
7. Now you see it, now you don't! - Obfuscation '08 style... - Nishad
8. Heaps about Heaps - Brett Moore
9. Uninitialized Variables - Finding, Exploiting, Automating - Daniel
11. Enterprise Security, Softer than the foam on my Frappuccino - LUMC Crew
12. Pimping: Forensic Style - Adam Daniel
13. SCADA Penetration Testing: Hacking Modbus Enabled Devices - Daniel
14. Browser Memory Protection Bypasses in Vista - Mark Dowd
15. None More Black: The Dark Side of SEO - Roberto Suggi
16. Ghost Recon: Subverting Local Networks - Berne Campbell
17. Browser Rider: Your way to Fun Browsing - Nik Mijatovic, Ben Mosse
18. GPU Powered Malware - Daniel Reynaud
19. Google Hacking - Christian Heinrich
20. Netscreen of the Dead: Developing A Trojaned Firmware for Juniper
Netscreen Appliances - Graeme Neilson
As in previous years, there will be events and competitions, which
allow attendees to have fun, win prizes and socialise, all while
enjoying a cold beer on an Australian summer's day.
Register to reserve your spot at Ruxcon 2008 .
Hope to see you there,
Ruxcon 2008 Staff
Owasp-australia mailing list
Owasp-australia at lists.owasp.org
More information about the Owasp-australia