SlideShare uses cookies to improve functionality and performance, and to provide you with relevant advertising. If you continue browsing the site, you agree to the use of cookies on this website. See our User Agreement and Privacy Policy.
SlideShare uses cookies to improve functionality and performance, and to provide you with relevant advertising. If you continue browsing the site, you agree to the use of cookies on this website. See our Privacy Policy and User Agreement for details.
Successfully reported this slideshow.
Activate your 14 day free trial to unlock unlimited reading.
1.
#pubcon@badams
Using Google to Hack Your Site
Presented by:
Barry Adams
Polemic Digital
2.
#pubcon@badams
About Barry Adams
• Dutchman in Northern Ireland
• Founder of Polemic Digital
• Co-Chief Editor for StateofDigital.com
• Twitter ranter: @badams
• Lecturer & educator
3.
#pubcon@badams
Anatomy of a Hack
1. Reconnaissance
2. Scanning
3. Gaining Access
4. Maintaining Access
5. Covering Tracks
4.
#pubcon@badams
Prevention is the best cure
• Security through obscurity
– Enough to defeat script kiddies
& automated tools
• Won’t stop dedicated hackers
– But then, few things will…
7.
#pubcon@badams
Hide your version numbers
<meta name="generator" content="WordPress 4.6.1"/>
8.
#pubcon@badams
Broadcasting your security in robots.txt
• Don’t put your back-end
login folder in your
robots.txt
– Use meta robots
noindex,nofollow
9.
#pubcon@badams
Using Google to find weaknesses
• Google is a hungry beast
• It will crawl & index all it can
• Even stuff it really shouldn’t …
Advanced search commands allow you to
use Google’s insatiable hunger for your
own benefit/protection
10.
#pubcon@badams
Google Advanced Search Commands
site:domain.com > only search within that domain
ext:xxx > only show files with that extension
inurl:xyz > only show pages with ‘xyz’ in the URL
-abc > exclude pages that match ‘abc’
| > string searches together with pipes
17.
#pubcon@badams
Social Engineering
• Be careful what you publish online!
– Hackers can use personal information to gain
confidence and extract more information.
• Even passwords…
20.
#pubcon@badams
To summarise
• Minimise your online footprint;
– Anything online can and will be used against you
• Don’t give away any clues;
– Make your website difficult to reconnoitre
• Educate your staff;
– People are your biggest weakness
21.
#pubcon@badams
Thank You
Follow me on Twitter:
@badams
Email me your questions:
barry@polemicdigital.com