Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
#pubcon@badams Using Google to Hack Your Site Presented by: Barry Adams Polemic Digital
#pubcon@badams About Barry Adams • Dutchman in Northern Ireland • Founder of Polemic Digital • Co-Chief Editor for Stateof...
#pubcon@badams Anatomy of a Hack 1. Reconnaissance 2. Scanning 3. Gaining Access 4. Maintaining Access 5. Covering Tracks
#pubcon@badams Prevention is the best cure • Security through obscurity – Enough to defeat script kiddies & automated tool...
#pubcon@badams Becoming invisible…
#pubcon@badams Wappalyzer
#pubcon@badams Hide your version numbers <meta name="generator" content="WordPress 4.6.1"/>
#pubcon@badams Broadcasting your security in robots.txt • Don’t put your back-end login folder in your robots.txt – Use me...
#pubcon@badams Using Google to find weaknesses • Google is a hungry beast • It will crawl & index all it can • Even stuff ...
#pubcon@badams Google Advanced Search Commands site:domain.com > only search within that domain ext:xxx > only show files ...
#pubcon@badams Login folders
#pubcon@badams Database files
#pubcon@badams Configuration files
#pubcon@badams Log Files
#pubcon@badams Backups
#pubcon@badams Documents
#pubcon@badams Social Engineering • Be careful what you publish online! – Hackers can use personal information to gain con...
#pubcon@badams Shared Hosting / Shared Sites SpyOnWeb.com
#pubcon@badams Subdomains https://pentest-tools.com/
#pubcon@badams To summarise • Minimise your online footprint; – Anything online can and will be used against you • Don’t g...
#pubcon@badams Thank You Follow me on Twitter: @badams Email me your questions: barry@polemicdigital.com
Upcoming SlideShare
Loading in …5
×

Using Google to Hack Your Site #Pubcon

5,214 views

Published on

Slides from my talk at Pubcon Las Vegas in October 2016 about using Google to find site security weaknesses.

Published in: Internet
License: CC Attribution License
no profile picture user

  • Be the first to comment

Using Google to Hack Your Site #Pubcon

  1. 1. #pubcon@badams Using Google to Hack Your Site Presented by: Barry Adams Polemic Digital
  2. 2. #pubcon@badams About Barry Adams • Dutchman in Northern Ireland • Founder of Polemic Digital • Co-Chief Editor for StateofDigital.com • Twitter ranter: @badams • Lecturer & educator
  3. 3. #pubcon@badams Anatomy of a Hack 1. Reconnaissance 2. Scanning 3. Gaining Access 4. Maintaining Access 5. Covering Tracks
  4. 4. #pubcon@badams Prevention is the best cure • Security through obscurity – Enough to defeat script kiddies & automated tools • Won’t stop dedicated hackers – But then, few things will…
  5. 5. #pubcon@badams Becoming invisible…
  6. 6. #pubcon@badams Wappalyzer
  7. 7. #pubcon@badams Hide your version numbers <meta name="generator" content="WordPress 4.6.1"/>
  8. 8. #pubcon@badams Broadcasting your security in robots.txt • Don’t put your back-end login folder in your robots.txt – Use meta robots noindex,nofollow
  9. 9. #pubcon@badams Using Google to find weaknesses • Google is a hungry beast • It will crawl & index all it can • Even stuff it really shouldn’t … Advanced search commands allow you to use Google’s insatiable hunger for your own benefit/protection
  10. 10. #pubcon@badams Google Advanced Search Commands site:domain.com > only search within that domain ext:xxx > only show files with that extension inurl:xyz > only show pages with ‘xyz’ in the URL -abc > exclude pages that match ‘abc’ | > string searches together with pipes
  11. 11. #pubcon@badams Login folders
  12. 12. #pubcon@badams Database files
  13. 13. #pubcon@badams Configuration files
  14. 14. #pubcon@badams Log Files
  15. 15. #pubcon@badams Backups
  16. 16. #pubcon@badams Documents
  17. 17. #pubcon@badams Social Engineering • Be careful what you publish online! – Hackers can use personal information to gain confidence and extract more information. • Even passwords…
  18. 18. #pubcon@badams Shared Hosting / Shared Sites SpyOnWeb.com
  19. 19. #pubcon@badams Subdomains https://pentest-tools.com/
  20. 20. #pubcon@badams To summarise • Minimise your online footprint; – Anything online can and will be used against you • Don’t give away any clues; – Make your website difficult to reconnoitre • Educate your staff; – People are your biggest weakness
  21. 21. #pubcon@badams Thank You Follow me on Twitter: @badams Email me your questions: barry@polemicdigital.com

×