[Owasp-bayarea] Hacker Thurdays :-14th December

Prashant Kv kvprashant at owasp.org
Thu Dec 7 18:56:41 UTC 2017


Hi All,
I am happy to announce our December month's hands on event, Hacker
Thursdays. Please fill the form below for blocking your seat.Details Below:

Topic:- *Unorthodox Security Assessment: OSINT for Intelligent Attacks*

*Venue:- * Shape Security 800 W El Camino Real #250, Mountain View, CA 94040
*Date:-* December 14th, 6 pm to 8 pm.

*Form:- *https://goo.gl/forms/i21nX0r48piNzWpC2



*Talk Description:-*
We have been performing assessments from long, the checklists and the
approaches however differ. We, as a security tester generally don't give
enough consideration to the Information Gathering phase, given it's a
Penetration testing exercise, a bug bounty race, or any other hack. And
seriously, this must not be ignored. You might not encounter vulnerable
configurations and systems every time, nor it is necessary you have enough
0-days for your client or your new bug hunting target. What next?
You need more but useful information which you can utilize to perform more
targeted attacks. Gathering precise information about your target is
something which is mandatory for every intelligent attack. In this talk we
will focus on our quick and dirty approach (not sure if it's dirty), which
can be used to grab low hanging fruits as soon as they bloom. We will call
it Intelligent Information Gathering.
Coming to the technical part, there are already a lot of services,
techniques and Open Source tools available which if combined can do
wonders, manifolds effective. You know you need to be fast and precise in
bug hunting. And you also know how a little extra effort in your pen
testing can give you chance to score some more critical vulns. We combined
these techniques and used them altogether for cracking bounties real fast,
and lot of fun while pen- testing. We will explain/demonstrate how doing a
good amount of OSINT before diving into any kind of security testing gives
you more precise knowledge of your target. It sharpens your approach and
attacks by giving you information about potential attack vectors which you
must not miss in your report. These techniques include diving into search
engines for revolutionary information, information gained from meta data
extraction, big data collection, social network analysis, etc. We will be
using tools like Maltego, recon-ng, datasploit etc.

* Primary Goals:*

   1. Learn different sources, services, applications and their use with
   some of the case studies.
   2. Automate OSINT with many popular tools.
   3. Use all the learnings to solve some OSINT challenges.


 *Prerequisites:*

   1. Basic knowledge of pen-testing. (so that you understand what exactly
   are we trying to do in this session). We don’t mind if you are learning
   OSINT for some other purpose, however we will keep our session around pen
   testing.
   2. A laptop (with ability to connect to Wi-Fi network), unless you have
   a folk whom you can disturb all the time. Also try to get one with full
   privileged access.
   3. Download and install Kali. Please make sure you have Kali up and
   running in your VM / system.


*Speaker Bio:*
Nutan Kumar Panda aka TheOsintGuy is an Information Security professional
with expertise in the field of Application and Network Security currently
working as a Senior Information Security Engineer at eBay.inc. Apart from
performing security assessments he has also been involved in conducting/
imparting information security training in various places such as Black hat
US, Black hat Europe, BIU Israel, Ground Zero Summit, CISO Summit, Recon
Village (DEFCON 25) etc. Apart from contributing to open source software
such as DataSploit, he has also written various technical papers,
contributed in “OWASP Mobile Security Testing Guideline” and Co -authored
book “Hacking Web Intelligence”.


Again, please fill the form to block your seat.
*Form:- *https://goo.gl/forms/i21nX0r48piNzWpC2

Regards
Prashant
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-bayarea/attachments/20171207/f6b42030/attachment.html>


More information about the Owasp-bayarea mailing list