[Owasp-bayarea] Hacker Thursday:- 14th december
prashant k v
kvprashant at yahoo.com
Thu Dec 7 17:38:39 UTC 2017
I am happy to announce our December month's hands on event, Hacker Thursdays. Please fill the form below for blocking your seat.Details Below:
Topic:- Unorthodox Security Assessment: OSINT for Intelligent Attacks
Venue:- Shape Security 800 W El Camino Real #250, Mountain View, CA 94040
Date:- December 14th, 6 pm to 8 pm.
We have been performing assessments from long, the checklists and the approaches however differ. We, as a security tester generally don't give enough consideration to the Information Gathering phase, given it's a Penetration testing exercise, a bug bounty race, or any other hack. And seriously, this must not be ignored. You might not encounter vulnerable configurations and systems every time, nor it is necessary you have enough 0-days for your client or your new bug hunting target. What next?
You need more but useful information which you can utilize to perform more targeted attacks. Gathering precise information about your target is something which is mandatory for every intelligent attack. In this talk we will focus on our quick and dirty approach (not sure if it's dirty), which can be used to grab low hanging fruits as soon as they bloom. We will call it Intelligent Information Gathering.
Coming to the technical part, there are already a lot of services, techniques and Open Source tools available which if combined can do wonders, manifolds effective. You know you need to be fast and precise in bug hunting. And you also know how a little extra effort in your pen testing can give you chance to score some more critical vulns. We combined these techniques and used them altogether for cracking bounties real fast, and lot of fun while pen- testing. We will explain/demonstrate how doing a good amount of OSINT before diving into any kind of security testing gives you more precise knowledge of your target. It sharpens your approach and attacks by giving you information about potential attack vectors which you must not miss in your report. These techniques include diving into search engines for revolutionary information, information gained from meta data extraction, big data collection, social network analysis, etc. We will be using tools like Maltego, recon-ng, datasploit etc.
- Learn different sources, services, applications and their use with some of the case studies.
- Automate OSINT with many popular tools.
- Use all the learnings to solve some OSINT challenges.
- Basic knowledge of pen-testing. (so that you understand what exactly are we trying to do in this session). We don’t mind if you are learning OSINT for some other purpose, however we will keep our session around pen testing.
- A laptop (with ability to connect to Wi-Fi network), unless you have a folk whom you can disturb all the time. Also try to get one with full privileged access.
- Download and install Kali. Please make sure you have Kali up and running in your VM / system.
Nutan Kumar Panda aka TheOsintGuy is an Information Security professional with expertise in the field of Application and Network Security currently working as a Senior Information Security Engineer at eBay.inc. Apart from performing security assessments he has also been involved in conducting/ imparting information security training in various places such as Black hat US, Black hat Europe, BIU Israel, Ground Zero Summit, CISO Summit, Recon Village (DEFCON 25) etc. Apart from contributing to open source software such as DataSploit, he has also written various technical papers, contributed in “OWASP Mobile Security Testing Guideline” and Co -authored book “Hacking Web Intelligence”. Again, please fill the form to block your seat.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-bayarea