Successfully reported this slideshow.

Using Google to Hack Your Site #Pubcon

2

Share

Oct. 11, 2016
2 likes 5,838 views
Upcoming SlideShare
Introduction to Google AMP - Accelerated Mobile Pages #Pubcon
Introduction to Google AMP - Accelerated Mobile Pages #Pubcon
Loading in …3
×
1 of 21
1 of 21

Using Google to Hack Your Site #Pubcon

Oct. 11, 2016
2 likes 5,838 views

2

Share

Download to read offline

Internet

Slides from my talk at Pubcon Las Vegas in October 2016 about using Google to find site security weaknesses.

Slides from my talk at Pubcon Las Vegas in October 2016 about using Google to find site security weaknesses.

Internet
License: CC Attribution License

Recommended

More Related Content

Viewers also liked

TechSEO Boost 2017: The State of Technical SEO
Catalyst
Technical SEO: What I learned from crawling 10 billions of Pages and analysin...
Oncrawl
Google AMP - #SEMrushlive
Barry Adams
Lots of ways to speed up your site
Ian Lurie
AMP for Enterprises - SMX West - Patrick Stox
patrickstox
Boston WP Meetup 6/2010: SEO & WP
Casie Gillette
Advanced Technical SEO - Index Bloat & Discovery: from Facets to Javascript F...
Kahena Digital Marketing
Top 10 Technical SEO Mistakes (that we see time and again)...
Erudite
Lessons from the other side
Tim Plummer
SEO for developers (session 1)
RankAbove
The Rise of JavaScript and What it Means for SEO
Patrick Hathaway
How to Fix and Optimize ALL THE THINGS!
Jon Henshaw
Google News SEO - How Publishers Can Dominate Google Search
Barry Adams
Web Performance Optimisation
Chris Burgess
SEO Tools to Make You Awesomer!
Jon Henshaw
The New Renaissance of JavaScript
Hamlet Batista
WordPress SEO Basics - Melbourne WordPress Meetup
Chris Burgess
WordPress SEO & Optimisation
Joost de Valk
20 free SEO Tools you should be using - 20180829
Christoph C. Cemper

More from Barry Adams

Technical SEO for News Publishers
Barry Adams
A Deep-Dive into Technical SEO in 2021 and Beyond
Barry Adams
Technical SEO in 2021 and Beyond
Barry Adams
Technical SEO Audits that turn 2CV websites into F1 websites
Barry Adams
Prioritising Technical SEO Fixes
Barry Adams
Technical SEO for Content Marketers
Barry Adams
What you need to know about Core Web Vitals
Barry Adams
JavaScript is ruining the web (and I love it)
Barry Adams
The Secrets to Technical SEO Success - CMSEO2019
Barry Adams
How SEO for News can help all Websites
Barry Adams
From Search Engine to Answer Engine - How To Win in The New Google
Barry Adams
How to perform a Technical SEO Audit
Barry Adams
Winning in Ecommerce SEO
Barry Adams
Using Controversy to Build Links #SMX
Barry Adams
Technical SEO in the Real World - #FOS19
Barry Adams
Real-World Technical SEO Puzzles and Solutions
Barry Adams
Optimising for Google News - SEO for News Publishers
Barry Adams
From SEO Theory To Business Success - Turning SEO Audits in to Real-World Profit
Barry Adams
Technical SEO in 2018
Barry Adams
The Web Is Totally and Utterly Ruined
Barry Adams

Featured

What to Upload to SlideShare
SlideShare
Be A Great Product Leader (Amplify, Oct 2019)
Adam Nash
Trillion Dollar Coach Book (Bill Campbell)
Eric Schmidt
APIdays Paris 2019 - Innovation @ scale, APIs as Digital Factories' New Machi...
apidays
A few thoughts on work life-balance
Wim Vanderbauwhede
Is vc still a thing final
Mark Suster
The GaryVee Content Model
Gary Vaynerchuk
Mammalian Brain Chemistry Explains Everything
Loretta Breuning, PhD
Blockchain + AI + Crypto Economics Are We Creating a Code Tsunami?
Dinis Guarda
The AI Rush
Jean-Baptiste Dumont
AI and Machine Learning Demystified by Carol Smith at Midwest UX 2017
Carol Smith
10 facts about jobs in the future
Pew Research Center's Internet & American Life Project
Harry Surden - Artificial Intelligence and Law Overview
Harry Surden
Inside Google's Numbers in 2017
Rand Fishkin
Pinot: Realtime Distributed OLAP datastore
Kishore Gopalakrishna
How to Become a Thought Leader in Your Niche
Leslie Samuel
Visual Design with Data
Seth Familian
Designing Teams for Emerging Challenges
Aaron Irizarry
UX, ethnography and possibilities: for Libraries, Museums and Archives
Ned Potter
Winners and Losers - All the (Russian) President's Men
Ian Bremmer

Related Books

Free with a 14 day trial from Scribd

See all
In the Plex: How Google Thinks, Works, and Shapes Our Lives Steven Levy
(4.5/5)
Free
Hamlet's BlackBerry: A Practical Philosophy for Building a Good Life in the Digital Age William Powers
(4/5)
Free
The Impulse Economy: Understanding Mobile Shoppers and What Makes Them Buy Gary Schwartz
(4.5/5)
Free
Emergence: The Connected Lives of Ants, Brains, Cities, and Software Steven Johnson
(4.5/5)
Free
Tubes: A Journey to the Center of the Internet Andrew Blum
(4/5)
Free
World Wide Mind: The Coming Integration of Humanity, Machines, and the Internet Michael Chorost
(4/5)
Free
An Army of Davids: How Markets and Technology Empower Ordinary People to Beat Big Media, Big Government, and Other Goliaths Glenn Reynolds
(4/5)
Free
The End of Business As Usual: Rewire the Way You Work to Succeed in the Consumer Revolution Brian Solis
(5/5)
Free
Blog Schmog: The Truth About What Blogs Can (and Can't) Do for Your Business Robert W. Bly
(4/5)
Free
The Thank You Economy Gary Vaynerchuk
(4/5)
Free
Talking Back to Facebook: The Common Sense Guide to Raising Kids in the Digital Age James P. Steyer
(4.5/5)
Free
The Nature of the Future: Dispatches from the Socialstructed World Marina Gorbis
(4/5)
Free
Public Parts: How Sharing in the Digital Age Improves the Way We Work and Live Jeff Jarvis
(3.5/5)
Free
Socialnomics: How Social Media Transforms the Way We Live and Do Business Erik Qualman
(4/5)
Free
Paper Prototyping: The Fast and Easy Way to Design and Refine User Interfaces Carolyn Snyder
(3/5)
Free
The Internet Trap: How the Digital Economy Builds Monopolies and Undermines Democracy Matthew Hindman
(0/5)
Free

Related Audiobooks

Free with a 14 day trial from Scribd

See all
Cyberwar: How Russian Hackers and Trolls Helped Elect a President—What We Don't, Can't, and Do Know Kathleen Hall Jamieson
(3/5)
Free
Hacker, Hoaxer, Whistleblower, Spy: The Many Faces of Anonymous Gabriella Coleman
(4/5)
Free
Internet Riches: The Simple Money-Making Secrets of Online Millionaires Scott Fox
(4/5)
Free
Exploding Data: Reclaiming Our Cyber Security in the Digital Age Michael Chertoff
(4.5/5)
Free
Blockchain Revolution: How the Technology Behind Bitcoin Is Changing Money, Business, and the World Don Tapscott
(4/5)
Free
The Secret Life: Three True Stories of the Digital Age Andrew O'Hagan
(4/5)
Free
Ten Arguments for Deleting Your Social Media Accounts Right Now Jaron Lanier
(4/5)
Free
Platform: Get Noticed in a Noisy World Michael Hyatt
(4.5/5)
Free
So You Want to Start a Podcast: Finding Your Voice, Telling Your Story, and Building a Community that Will Listen Findaway
(4.5/5)
Free
Stop Checking Your Likes: Shake Off the Need for Approval and Live an Incredible Life Susie Moore
(4/5)
Free
This Machine Kills Secrets: How Wikileakers, Cypherpunks, and Hacktivists Aim to Free the World's Information Andy Greenberg
(4/5)
Free
The Dark Net: Inside the Digital Underworld Jamie Bartlett
(4/5)
Free
Cryptography: The Key to Digital Security, How It Works, and Why It Matters Keith Martin
(4/5)
Free
Kill All Normies: Online Culture Wars From 4Chan And Tumblr To Trump And The Alt-Right Angela Nagle
(4/5)
Free
Who Owns the Future? Jaron Lanier
(4/5)
Free
iRules: What Every Tech-healthy Family Needs to Know About Selfies, Sexting, Gaming, and Growing Up Janell Burley Hofmann
(4/5)
Free

Using Google to Hack Your Site #Pubcon

  1. 1. #pubcon@badams Using Google to Hack Your Site Presented by: Barry Adams Polemic Digital
  2. 2. #pubcon@badams About Barry Adams • Dutchman in Northern Ireland • Founder of Polemic Digital • Co-Chief Editor for StateofDigital.com • Twitter ranter: @badams • Lecturer & educator
  3. 3. #pubcon@badams Anatomy of a Hack 1. Reconnaissance 2. Scanning 3. Gaining Access 4. Maintaining Access 5. Covering Tracks
  4. 4. #pubcon@badams Prevention is the best cure • Security through obscurity – Enough to defeat script kiddies & automated tools • Won’t stop dedicated hackers – But then, few things will…
  5. 5. #pubcon@badams Becoming invisible…
  6. 6. #pubcon@badams Wappalyzer
  7. 7. #pubcon@badams Hide your version numbers <meta name="generator" content="WordPress 4.6.1"/>
  8. 8. #pubcon@badams Broadcasting your security in robots.txt • Don’t put your back-end login folder in your robots.txt – Use meta robots noindex,nofollow
  9. 9. #pubcon@badams Using Google to find weaknesses • Google is a hungry beast • It will crawl & index all it can • Even stuff it really shouldn’t … Advanced search commands allow you to use Google’s insatiable hunger for your own benefit/protection
  10. 10. #pubcon@badams Google Advanced Search Commands site:domain.com > only search within that domain ext:xxx > only show files with that extension inurl:xyz > only show pages with ‘xyz’ in the URL -abc > exclude pages that match ‘abc’ | > string searches together with pipes
  11. 11. #pubcon@badams Login folders
  12. 12. #pubcon@badams Database files
  13. 13. #pubcon@badams Configuration files
  14. 14. #pubcon@badams Log Files
  15. 15. #pubcon@badams Backups
  16. 16. #pubcon@badams Documents
  17. 17. #pubcon@badams Social Engineering • Be careful what you publish online! – Hackers can use personal information to gain confidence and extract more information. • Even passwords…
  18. 18. #pubcon@badams Shared Hosting / Shared Sites SpyOnWeb.com
  19. 19. #pubcon@badams Subdomains https://pentest-tools.com/
  20. 20. #pubcon@badams To summarise • Minimise your online footprint; – Anything online can and will be used against you • Don’t give away any clues; – Make your website difficult to reconnoitre • Educate your staff; – People are your biggest weakness
  21. 21. #pubcon@badams Thank You Follow me on Twitter: @badams Email me your questions: barry@polemicdigital.com

×