SlideShare a Scribd company logo
1 of 123
Christian Martorella
Source Conference Barcelona 2009
Tactical
          Information Gathering




Christian Martorella
Source Conference Barcelona 2009
Who am i ?

Christian Martorella
   Security Services S21sec
   CISSP, CISA, CISM, OPST, OPSA, C|EH
   OWASP WebSlayer Project Leader
   Edge-Security.com
Information Gathering


 “Is the collection of information before the attack.

 The idea is to collect as much information as
 possible about the target which may be valuable
 later.”
Tactical

 “Designed or implemented to gain a temporary
 limited advantage”
                               Wikipedia
I.G Why use it?
 It’s what the real attackers are doing
 Attackers doesn’t have a restricted scope
 Knowing what information about you or your company
 is available online
 Spear Phishing: 15.000 infected users, as results of 66
 campaings.
I.G what for?
 Infrastructure:
 Information for discovering new targets, to get a
 description of the hosts (NS,MX, AS,etc), shared
 resources, applications, software, etc.
 People and organizations :
 For performing brute force attacks on available
 services, Spear phishing, social engineering,
 investigations, background checks, information leaks
Typical Pentesting Methodology


                                    Post-     Cover     Write
 I.G   Scan   Enumerate   Exploit
                                    Exploit   Tracks   report
What everyone focus on:


             Enumera             Post-     Cover     Write
I.G   Scan             Exploit
                te               Exploit   Tracks   report
Real world Methodology
      I.G

  Discover what
makes the company
     money

                    Do whatever it
                                     Steal it
                       takes...

 Discover what is
  valuable to the
     attacker
Types	 of I.G
Types	 of I.G


   Passive                  Active




             Semi Passive
Where / how can we obtain
this kind of info?
Obtaining info - Old School way


 DNS Zone Transfer (active)
 DNS Reverse Lookup             Search engines
 (active)                       PGP Key Servers
 DNS BruteForce (active++)      Whois
 Mail headers (active)
 smtp Bruteforcing (active++)
Obtaining info - Old School way
      Active                      Passive


 DNS Zone Transfer (active)
 DNS Reverse Lookup             Search engines
 (active)                       PGP Key Servers
 DNS BruteForce (active++)      Whois
 Mail headers (active)
 smtp Bruteforcing (active++)
New sources for I.G
Obtaining - New sources

Web 2.0 - Social Networks and Search engines (passive)


Metadata (passive)


Private data (passive paid) Intelius, Lexis Nexis
Obtaining people info - New sources

 Professional and Business Social networks
Obtaining people info -
New sources
Obtaining people info -
New sources




    Current Job
     Pasts Jobs
     Education
   Job description
        Etc...
Obtaining employees names
from a company
Obtaining employees names
from a company
Linkedin I.G example
Linkedin I.G example



              I L
          FA
Obtaining people info -
New sources
Obtaining Emails from a
company
Obtaining Emails from a
company
Google Finance & Reuters
People information:
People search
People search
People search
   Name
 Username
   Email
  Phone
 Business
Nick name / username
verification
Nick name / username
verification
Nick name / username
verification
Nick name / username
verification
Private data - pay per view
Microblogs



 Small posts up to 140 characters
Microblogs



 Small posts up to 140 characters
Bookmarks
Bookmarks
Bookmarks
Bookmarks



             A IL
            F
Reverse Image search




Pic from
“Novartis”
search on
TwwepSearch
Reverse Image search




Pic from
“Novartis”
search on
TwwepSearch
WikiScanner

When you edit the wikipedia:
  You can edit leaving your username
  You can edit anonymous using your IP address
WikiScanner
Company IP ranges
Anonymous Wikipedia edits, from interesting
organizations
Provide an ip for a wikipedia username
http://wikiscanner.virgil.gr/
WikiScanner - IP ranges
WikiScanner - Wikipedia edits
Poor Man Check User
Provide an ip for a wikipedia username
New sources - Metadata


Metadata: is data about data.
New sources - Metadata


Metadata: is data about data.

Is used to facilitate the understanding, use and
management of data.
Obtaining more data - Metadata



Provides basic information such as the author of a
work, the date of creation, links to any related
works, etc.
Metadata - Dublin Core (schema)
Content & about the   Intellectual Property   Electronic or Physical
     Resource                                 manifestation

       Title           Author or Creator                Date

      Subject              Publisher                    Type

    Description           Contributor                 Format

     Language                Rights                   Identifier

      Relation
     Coverage
Metadata example
Metadata example
Metadata - Images
EXIF Exchangeable Image
File Format
• GPS coordinates
• Time
• Camera type
• Serial number
• Sometimes unaltered
 original photo can be
 found in thumbnail
 Online exif viewer.
Metadata - Images
EXIF Exchangeable Image
File Format
• GPS coordinates
• Time
• Camera type
• Serial number
• Sometimes unaltered
 original photo can be
 found in thumbnail
 Online exif viewer.
Metadata - example
Metadata - example
     logo-Kubuntu.png
                                    logo-Ubuntu.png




software - www.inkscape.org   software - Adobe ImageReady
size - 1501x379               size - 1501x391
mimetype - image/png          mimetype - image/png
Metadata - example
     logo-Kubuntu.png
                                         logo-Ubuntu.png




software - www.inkscape.org        software - Adobe ImageReady
size - 1501x379                    size - 1501x391
mimetype - image/png               mimetype - image/png



                              :/
Metadata - EXIF- Harry Pwner




     Deathly EXIF?
Cat Schwartz - Tech TV
Cat Schwartz - Tech TV
Cat Schwartz - Tech TV
Cat Schwartz - Tech TV



              I L
          FA
Washington Post

Botmaster location exposed by the Washington Post
Washington Post

Botmaster location exposed by the Washington Post

 SLUG: mag/hacker
 DATE: 12/19/2005
 PHOTOGRAPHER: Sarah L. Voisin/TWP
 id#: LOCATION: Roland, OK
 CAPTION:
 PICTURED: Canon Canon EOS 20D
 Adobe Photoshop CS2 Macintosh 2006:02:16 15:44:49 Sarah
 L. Voisin
Washington Post

Botmaster location exposed by the Washington Post

 SLUG: mag/hacker
 DATE: 12/19/2005
 PHOTOGRAPHER: Sarah L. Voisin/TWP
 id#: LOCATION: Roland, OK
 CAPTION:
 PICTURED: Canon Canon EOS 20D
 Adobe Photoshop CS2 Macintosh 2006:02:16 15:44:49 Sarah
 L. Voisin




There are only 1.500 males in Roland Oklahoma
Metadata


 Ok, I understand metadata... so what?
Metagoofil

 Metagoofil is an information gathering tool
 designed for extracting metadata of public
 documents (pdf,doc,xls,ppt,etc) availables in
 the target/victim websites.
Metagoofil

 Metagoofil is an information gathering tool
 designed for extracting metadata of public
 documents (pdf,doc,xls,ppt,etc) availables in
 the target/victim websites.
Metagoofil

 Metagoofil is an information gathering tool
 designed for extracting metadata of public
 documents (pdf,doc,xls,ppt,etc) availables in
 the target/victim websites.
Metagoofil

 Metagoofil is an information gathering tool
 designed for extracting metadata of public
 documents (pdf,doc,xls,ppt,etc) availables in
 the target/victim websites.
Metagoofil
Metagoofil

               Workers
 User names                 Server names
               names


                               Software
                 Paths
                            versions + Date



              Mac Address
Metagoofil

               Workers
 User names                 Server names
               names


 Computer                      Software
                 Paths
  names                     versions + Date



              Mac Address
Metagoofil
Metagoofil
      site:nasa.gov filetype:ppt
Metagoofil
      site:nasa.gov filetype:ppt
Metagoofil
Downloaded files
Metagoofil
Downloaded files

     ppt 1

     pptx 2
                   parsers /
                                 Results.html
     doc 3          filtering

                  Libextractor
    docx 3          Hachoir
                    Regexp
     pdf n          Own libs
Metagoofil - results
Metagoofil - results
Metagoofil - results
Metagoofil - results
Metagoofil - results
Metagoofil - results
Metadata - The Revisionist

         Tool developed by Michal Zalewski, this tool will
         extract comments and “Track changes” from Word
         documents.




http://download.microsoft.com/download/3/4/9/349c2166-4d53-43f6-b1fd-970090e23216/PARTNER/MSFreeShop.doc
Metagoofil & Linkedin results


 Now we have a lot of information, what can i do?
 • User profiling
Using results
Using results
User profiling

• User list creation John Doe

                john.doe
                     jdoe
                    j.doe
                 johndoe
                   johnd
                  john.d
                       jd
                      doe
                  john
Using results
User profiling

• User list creation John Doe

                john.doe
                     jdoe
                    j.doe
                 johndoe
                   johnd
                  john.d
                       jd
                      doe
                  john
Using results
User profiling

• User list creation John Doe

                john.doe
                     jdoe
                    j.doe
                 johndoe
                   johnd        ATTACK!
                  john.d
                       jd
                      doe
                  john
Using results
Using results
Password profiling

Dictionary creation: words from the different user sites



                 magic
              serra angel
             necropotence
             Shivan dragon
                   elf
              brainstorm
                   ...
                   ...
Using results
Password profiling

Dictionary creation: words from the different user sites



                 magic
              serra angel
             necropotence
             Shivan dragon
                   elf
              brainstorm
                   ...
                   ...
Using results
Password profiling

Dictionary creation: words from the different user sites



                 magic
              serra angel
             necropotence
             Shivan dragon                   Brute force
                   elf                        ATTACK
              brainstorm
                   ...
                   ...
One password to rule them
all
Maltego the ultimate I.G Tool
Maltego the ultimate I.G Tool
Maltego the ultimate I.G Tool
Maltego the ultimate I.G Tool
Other examples
Phone in sick and treat himself to a day in bed.




Kyle Doyle's Facebook profile makes it quite
obvious he was not off work for a 'valid medical
reason'
Phone in sick and treat himself to a day in bed.




                            I L
                  FA
Kyle Doyle's Facebook profile makes it quite
obvious he was not off work for a 'valid medical
reason'
Was shown the door after posting that her job was
        'boring' on her Facebook page
I L
                   FA
Was shown the door after posting that her job was
        'boring' on her Facebook page
More than meet the eyes
More than meet the eyes
More than meet the eyes
Daily life I.G
Looking for a Housekeeper on Craiglist, 3 interesting
resumes came up:
Daily life I.G
Looking for a Housekeeper on Craiglist, 3 interesting
resumes came up:

  Myspace page, applicant drinking beer from a
  funnel
Daily life I.G
Looking for a Housekeeper on Craiglist, 3 interesting
resumes came up:

  Myspace page, applicant drinking beer from a
  funnel
  Local police, applicant arrested 2 years before
  for shoplifting
Daily life I.G
Looking for a Housekeeper on Craiglist, 3 interesting
resumes came up:

  Myspace page, applicant drinking beer from a
  funnel
  Local police, applicant arrested 2 years before
  for shoplifting

  Personal blog, saying that she is applying for
  menial jobs, and will quit as soon she sells
  some paintings
Final thoughts
Be careful what you post/send, all stay online
Think twice what you post
Check the privacy configuration of your tools/sites
Too much information, difficult to classify
This is growing, more information is being indexed,
more search engines
References
www.edge-security.com

blog.s21sec.com

www.s21sec.com

carnal0wnage.blogspot.com

www.gnunet.org/libextractor
lcamtuf.coredump.cx/strikeout/
www.paterva.com
http://sethgodin.typepad.com/seths_blog/2009/02/personal-branding-in-the-age-
of-google.html
laramies.blogspot.com
http://www.eweek.com/c/a/Security/Washington-Post-Caught-in-Metadata-Gaffe/
Chris Gates Carnal0wnage Brucon 2009 Presentation

http://www.neuroproductions.be/twitter_friends_network_browser/
?
Thank you for coming



cmartorella@s21sec.com          http://laramies.blogspot.com
cmartorella@edge-security.com   http://twitter.com/laramies

More Related Content

What's hot

OSINT x UCCU Workshop on Open Source Intelligence
OSINT x UCCU Workshop on Open Source IntelligenceOSINT x UCCU Workshop on Open Source Intelligence
OSINT x UCCU Workshop on Open Source IntelligencePhilippe Lin
 
PHISHING DETECTION
PHISHING DETECTIONPHISHING DETECTION
PHISHING DETECTIONumme ayesha
 
Computer forensics toolkit
Computer forensics toolkitComputer forensics toolkit
Computer forensics toolkitMilap Oza
 
C2 Matrix A Comparison of Command and Control Frameworks
C2 Matrix A Comparison of Command and Control FrameworksC2 Matrix A Comparison of Command and Control Frameworks
C2 Matrix A Comparison of Command and Control FrameworksJorge Orchilles
 
Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingSachin Saini
 
REST API Pentester's perspective
REST API Pentester's perspectiveREST API Pentester's perspective
REST API Pentester's perspectiveSecuRing
 
OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...
OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...
OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...Falgun Rathod
 
Threat Hunting with Splunk
Threat Hunting with SplunkThreat Hunting with Splunk
Threat Hunting with SplunkSplunk
 
SEC599 - Breaking The Kill Chain
SEC599 - Breaking The Kill ChainSEC599 - Breaking The Kill Chain
SEC599 - Breaking The Kill ChainErik Van Buggenhout
 
Internet Traffic Monitoring and Analysis
Internet Traffic Monitoring and AnalysisInternet Traffic Monitoring and Analysis
Internet Traffic Monitoring and AnalysisInformation Technology
 
SplunkLive! Splunk App for VMware
SplunkLive! Splunk App for VMwareSplunkLive! Splunk App for VMware
SplunkLive! Splunk App for VMwareSplunk
 
Investigating Using the Dark Web
Investigating Using the Dark WebInvestigating Using the Dark Web
Investigating Using the Dark WebCase IQ
 
Cyber security and current trends
Cyber security and current trendsCyber security and current trends
Cyber security and current trendsShreedeep Rayamajhi
 

What's hot (20)

Spam
SpamSpam
Spam
 
OSINT x UCCU Workshop on Open Source Intelligence
OSINT x UCCU Workshop on Open Source IntelligenceOSINT x UCCU Workshop on Open Source Intelligence
OSINT x UCCU Workshop on Open Source Intelligence
 
PHISHING DETECTION
PHISHING DETECTIONPHISHING DETECTION
PHISHING DETECTION
 
Social Media Forensics
Social Media ForensicsSocial Media Forensics
Social Media Forensics
 
Computer forensics toolkit
Computer forensics toolkitComputer forensics toolkit
Computer forensics toolkit
 
C2 Matrix A Comparison of Command and Control Frameworks
C2 Matrix A Comparison of Command and Control FrameworksC2 Matrix A Comparison of Command and Control Frameworks
C2 Matrix A Comparison of Command and Control Frameworks
 
Securing Remote Access
Securing Remote AccessSecuring Remote Access
Securing Remote Access
 
Browser forensics
Browser forensicsBrowser forensics
Browser forensics
 
Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS Working
 
REST API Pentester's perspective
REST API Pentester's perspectiveREST API Pentester's perspective
REST API Pentester's perspective
 
OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...
OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...
OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...
 
Threat Hunting with Splunk
Threat Hunting with SplunkThreat Hunting with Splunk
Threat Hunting with Splunk
 
SEC599 - Breaking The Kill Chain
SEC599 - Breaking The Kill ChainSEC599 - Breaking The Kill Chain
SEC599 - Breaking The Kill Chain
 
Internet Traffic Monitoring and Analysis
Internet Traffic Monitoring and AnalysisInternet Traffic Monitoring and Analysis
Internet Traffic Monitoring and Analysis
 
SplunkLive! Splunk App for VMware
SplunkLive! Splunk App for VMwareSplunkLive! Splunk App for VMware
SplunkLive! Splunk App for VMware
 
Investigating Using the Dark Web
Investigating Using the Dark WebInvestigating Using the Dark Web
Investigating Using the Dark Web
 
Phishing
PhishingPhishing
Phishing
 
ETHICAL HACKING
ETHICAL HACKING ETHICAL HACKING
ETHICAL HACKING
 
OSINT - Open Source Intelligence
OSINT - Open Source IntelligenceOSINT - Open Source Intelligence
OSINT - Open Source Intelligence
 
Cyber security and current trends
Cyber security and current trendsCyber security and current trends
Cyber security and current trends
 

Viewers also liked

OSINT 2.0 - Past, present and future
OSINT 2.0  - Past, present and futureOSINT 2.0  - Past, present and future
OSINT 2.0 - Past, present and futureChristian Martorella
 
How to Use Open Source Intelligence (OSINT) in Investigations
How to Use Open Source Intelligence (OSINT) in InvestigationsHow to Use Open Source Intelligence (OSINT) in Investigations
How to Use Open Source Intelligence (OSINT) in InvestigationsCase IQ
 
The Android vs. Apple iOS Security Showdown
The Android vs. Apple iOS Security Showdown The Android vs. Apple iOS Security Showdown
The Android vs. Apple iOS Security Showdown Tom Eston
 
From Couch To Career In 80 Hours
From Couch To Career In 80 HoursFrom Couch To Career In 80 Hours
From Couch To Career In 80 HoursRob Fuller
 
What I learned from Seven Languages in Seven Weeks (IPRUG)
What I learned from Seven Languages in Seven Weeks (IPRUG)What I learned from Seven Languages in Seven Weeks (IPRUG)
What I learned from Seven Languages in Seven Weeks (IPRUG)Kerry Buckley
 
sete linguagens em sete semanas
sete linguagens em sete semanassete linguagens em sete semanas
sete linguagens em sete semanastdc-globalcode
 
Sponsorship program 2013 regional scrum gathering china
Sponsorship program 2013 regional scrum gathering chinaSponsorship program 2013 regional scrum gathering china
Sponsorship program 2013 regional scrum gathering chinaLetAgileFly
 
Askozia und peoplefone - Webinar 2016, deutsch
Askozia und peoplefone - Webinar 2016, deutschAskozia und peoplefone - Webinar 2016, deutsch
Askozia und peoplefone - Webinar 2016, deutschAskozia
 
Tipografia
TipografiaTipografia
TipografiaESPOL
 
MHS-Rads-Specification-Guide_JUNE-2015
MHS-Rads-Specification-Guide_JUNE-2015MHS-Rads-Specification-Guide_JUNE-2015
MHS-Rads-Specification-Guide_JUNE-2015Daniel Davis
 
Academic CV Jodi L Mathieu
Academic CV Jodi L MathieuAcademic CV Jodi L Mathieu
Academic CV Jodi L MathieuJodi Mathieu
 
Adwords Seminar 3: PLAs - How to do and Optimise
Adwords Seminar 3: PLAs - How to do and OptimiseAdwords Seminar 3: PLAs - How to do and Optimise
Adwords Seminar 3: PLAs - How to do and Optimiseindiumonline
 
How to improve your email productivity to be more effective at work
How to improve your email productivity to be more effective at workHow to improve your email productivity to be more effective at work
How to improve your email productivity to be more effective at workgmbudafonyhu
 
INTRODUCCIÓN A LA ECONOMÍA RODERICK RODRIGUEZ
INTRODUCCIÓN A LA ECONOMÍA RODERICK RODRIGUEZINTRODUCCIÓN A LA ECONOMÍA RODERICK RODRIGUEZ
INTRODUCCIÓN A LA ECONOMÍA RODERICK RODRIGUEZRodrigo Rofdriguez
 

Viewers also liked (20)

OSINT 2.0 - Past, present and future
OSINT 2.0  - Past, present and futureOSINT 2.0  - Past, present and future
OSINT 2.0 - Past, present and future
 
Offensive OSINT
Offensive OSINTOffensive OSINT
Offensive OSINT
 
How to Use Open Source Intelligence (OSINT) in Investigations
How to Use Open Source Intelligence (OSINT) in InvestigationsHow to Use Open Source Intelligence (OSINT) in Investigations
How to Use Open Source Intelligence (OSINT) in Investigations
 
The Android vs. Apple iOS Security Showdown
The Android vs. Apple iOS Security Showdown The Android vs. Apple iOS Security Showdown
The Android vs. Apple iOS Security Showdown
 
From Couch To Career In 80 Hours
From Couch To Career In 80 HoursFrom Couch To Career In 80 Hours
From Couch To Career In 80 Hours
 
What I learned from Seven Languages in Seven Weeks (IPRUG)
What I learned from Seven Languages in Seven Weeks (IPRUG)What I learned from Seven Languages in Seven Weeks (IPRUG)
What I learned from Seven Languages in Seven Weeks (IPRUG)
 
sete linguagens em sete semanas
sete linguagens em sete semanassete linguagens em sete semanas
sete linguagens em sete semanas
 
Acg 20130919 v2
Acg 20130919 v2Acg 20130919 v2
Acg 20130919 v2
 
Sponsorship program 2013 regional scrum gathering china
Sponsorship program 2013 regional scrum gathering chinaSponsorship program 2013 regional scrum gathering china
Sponsorship program 2013 regional scrum gathering china
 
Askozia und peoplefone - Webinar 2016, deutsch
Askozia und peoplefone - Webinar 2016, deutschAskozia und peoplefone - Webinar 2016, deutsch
Askozia und peoplefone - Webinar 2016, deutsch
 
Tipografia
TipografiaTipografia
Tipografia
 
Trish dillon 4.5
Trish dillon 4.5Trish dillon 4.5
Trish dillon 4.5
 
Mobicules iPhone profile
Mobicules iPhone profileMobicules iPhone profile
Mobicules iPhone profile
 
MHS-Rads-Specification-Guide_JUNE-2015
MHS-Rads-Specification-Guide_JUNE-2015MHS-Rads-Specification-Guide_JUNE-2015
MHS-Rads-Specification-Guide_JUNE-2015
 
Academic CV Jodi L Mathieu
Academic CV Jodi L MathieuAcademic CV Jodi L Mathieu
Academic CV Jodi L Mathieu
 
Adwords Seminar 3: PLAs - How to do and Optimise
Adwords Seminar 3: PLAs - How to do and OptimiseAdwords Seminar 3: PLAs - How to do and Optimise
Adwords Seminar 3: PLAs - How to do and Optimise
 
How to improve your email productivity to be more effective at work
How to improve your email productivity to be more effective at workHow to improve your email productivity to be more effective at work
How to improve your email productivity to be more effective at work
 
INTRODUCCIÓN A LA ECONOMÍA RODERICK RODRIGUEZ
INTRODUCCIÓN A LA ECONOMÍA RODERICK RODRIGUEZINTRODUCCIÓN A LA ECONOMÍA RODERICK RODRIGUEZ
INTRODUCCIÓN A LA ECONOMÍA RODERICK RODRIGUEZ
 
DKK 105
DKK 105DKK 105
DKK 105
 
Problemario av
Problemario avProblemario av
Problemario av
 

Similar to Tactical Information Gathering

A fresh new look into Information Gathering - OWASP Spain
A fresh new look into Information Gathering - OWASP SpainA fresh new look into Information Gathering - OWASP Spain
A fresh new look into Information Gathering - OWASP SpainChristian Martorella
 
Open Source Information Gathering Brucon Edition
Open Source Information Gathering Brucon EditionOpen Source Information Gathering Brucon Edition
Open Source Information Gathering Brucon EditionChris Gates
 
Tom Critchlow - Data Feed SEO & Advanced Site Architecture
Tom Critchlow - Data Feed SEO & Advanced Site ArchitectureTom Critchlow - Data Feed SEO & Advanced Site Architecture
Tom Critchlow - Data Feed SEO & Advanced Site Architectureauexpo Conference
 
Using Visualizations to Monitor Changes and Harvest Insights from a Global-sc...
Using Visualizations to Monitor Changes and Harvest Insights from a Global-sc...Using Visualizations to Monitor Changes and Harvest Insights from a Global-sc...
Using Visualizations to Monitor Changes and Harvest Insights from a Global-sc...Krist Wongsuphasawat
 
Intro to Python for Data Science
Intro to Python for Data ScienceIntro to Python for Data Science
Intro to Python for Data ScienceTJ Stalcup
 
Intro to Python for Data Science
Intro to Python for Data ScienceIntro to Python for Data Science
Intro to Python for Data ScienceTJ Stalcup
 
Shall we search? Lviv.
Shall we search? Lviv. Shall we search? Lviv.
Shall we search? Lviv. Vira Povkh
 
Adventure in Data: A tour of visualization projects at Twitter
Adventure in Data: A tour of visualization projects at TwitterAdventure in Data: A tour of visualization projects at Twitter
Adventure in Data: A tour of visualization projects at TwitterKrist Wongsuphasawat
 
Luiz eduardo. introduction to mobile snitch
Luiz eduardo. introduction to mobile snitchLuiz eduardo. introduction to mobile snitch
Luiz eduardo. introduction to mobile snitchYury Chemerkin
 
Schema.org Structured data the What, Why, & How
Schema.org Structured data the What, Why, & HowSchema.org Structured data the What, Why, & How
Schema.org Structured data the What, Why, & HowRichard Wallis
 
Web3.0 or The semantic web
Web3.0 or The semantic webWeb3.0 or The semantic web
Web3.0 or The semantic webDarren Wood
 
Making things findable
Making things findableMaking things findable
Making things findablePeter Mika
 
Living Labs Challenge Workshop
Living Labs Challenge WorkshopLiving Labs Challenge Workshop
Living Labs Challenge WorkshopTorben Brodt
 
Kiran karnad rtc2014 ghdb-final
Kiran karnad rtc2014 ghdb-finalKiran karnad rtc2014 ghdb-final
Kiran karnad rtc2014 ghdb-finalRomania Testing
 
Introducing Featured Search - Talk on the TYPO3 CAMP MALLORCA 2015
Introducing Featured Search - Talk on the TYPO3 CAMP MALLORCA 2015Introducing Featured Search - Talk on the TYPO3 CAMP MALLORCA 2015
Introducing Featured Search - Talk on the TYPO3 CAMP MALLORCA 2015sitegeist_svensson
 
AI, Search, and the Disruption of Knowledge Management
AI, Search, and the Disruption of Knowledge ManagementAI, Search, and the Disruption of Knowledge Management
AI, Search, and the Disruption of Knowledge ManagementTrey Grainger
 

Similar to Tactical Information Gathering (20)

A fresh new look into Information Gathering - OWASP Spain
A fresh new look into Information Gathering - OWASP SpainA fresh new look into Information Gathering - OWASP Spain
A fresh new look into Information Gathering - OWASP Spain
 
Open Source Information Gathering Brucon Edition
Open Source Information Gathering Brucon EditionOpen Source Information Gathering Brucon Edition
Open Source Information Gathering Brucon Edition
 
Tom Critchlow - Data Feed SEO & Advanced Site Architecture
Tom Critchlow - Data Feed SEO & Advanced Site ArchitectureTom Critchlow - Data Feed SEO & Advanced Site Architecture
Tom Critchlow - Data Feed SEO & Advanced Site Architecture
 
Using Visualizations to Monitor Changes and Harvest Insights from a Global-sc...
Using Visualizations to Monitor Changes and Harvest Insights from a Global-sc...Using Visualizations to Monitor Changes and Harvest Insights from a Global-sc...
Using Visualizations to Monitor Changes and Harvest Insights from a Global-sc...
 
Intro to Python for Data Science
Intro to Python for Data ScienceIntro to Python for Data Science
Intro to Python for Data Science
 
Intro to Python for Data Science
Intro to Python for Data ScienceIntro to Python for Data Science
Intro to Python for Data Science
 
Shall we search? Lviv.
Shall we search? Lviv. Shall we search? Lviv.
Shall we search? Lviv.
 
Adventure in Data: A tour of visualization projects at Twitter
Adventure in Data: A tour of visualization projects at TwitterAdventure in Data: A tour of visualization projects at Twitter
Adventure in Data: A tour of visualization projects at Twitter
 
Big Data and Hadoop in the Cloud
Big Data and Hadoop in the CloudBig Data and Hadoop in the Cloud
Big Data and Hadoop in the Cloud
 
Luiz eduardo. introduction to mobile snitch
Luiz eduardo. introduction to mobile snitchLuiz eduardo. introduction to mobile snitch
Luiz eduardo. introduction to mobile snitch
 
Schema.org Structured data the What, Why, & How
Schema.org Structured data the What, Why, & HowSchema.org Structured data the What, Why, & How
Schema.org Structured data the What, Why, & How
 
Web3.0 or The semantic web
Web3.0 or The semantic webWeb3.0 or The semantic web
Web3.0 or The semantic web
 
Making things findable
Making things findableMaking things findable
Making things findable
 
Living Labs Challenge Workshop
Living Labs Challenge WorkshopLiving Labs Challenge Workshop
Living Labs Challenge Workshop
 
Kiran karnad rtc2014 ghdb-final
Kiran karnad rtc2014 ghdb-finalKiran karnad rtc2014 ghdb-final
Kiran karnad rtc2014 ghdb-final
 
Logs & Visualizations at Twitter
Logs & Visualizations at TwitterLogs & Visualizations at Twitter
Logs & Visualizations at Twitter
 
Introducing Featured Search - Talk on the TYPO3 CAMP MALLORCA 2015
Introducing Featured Search - Talk on the TYPO3 CAMP MALLORCA 2015Introducing Featured Search - Talk on the TYPO3 CAMP MALLORCA 2015
Introducing Featured Search - Talk on the TYPO3 CAMP MALLORCA 2015
 
Mashing Up The Guardian
Mashing Up The GuardianMashing Up The Guardian
Mashing Up The Guardian
 
Free Tech Tools X Posed Pe Jun2010 Present
Free Tech Tools X Posed Pe Jun2010 PresentFree Tech Tools X Posed Pe Jun2010 Present
Free Tech Tools X Posed Pe Jun2010 Present
 
AI, Search, and the Disruption of Knowledge Management
AI, Search, and the Disruption of Knowledge ManagementAI, Search, and the Disruption of Knowledge Management
AI, Search, and the Disruption of Knowledge Management
 

More from Christian Martorella

A journey into Application Security
A journey into Application SecurityA journey into Application Security
A journey into Application SecurityChristian Martorella
 
Playing in a Satellite environment
Playing in a Satellite environmentPlaying in a Satellite environment
Playing in a Satellite environmentChristian Martorella
 
2011 and still bruteforcing - OWASP Spain
2011 and still bruteforcing - OWASP Spain2011 and still bruteforcing - OWASP Spain
2011 and still bruteforcing - OWASP SpainChristian Martorella
 
All your data are belong to us - FIST Conference 2007
All your data are belong to us - FIST Conference 2007All your data are belong to us - FIST Conference 2007
All your data are belong to us - FIST Conference 2007Christian Martorella
 
Principales vulnerabilidades en Aplicaciones Web - Rediris 2008
Principales vulnerabilidades en Aplicaciones Web - Rediris 2008Principales vulnerabilidades en Aplicaciones Web - Rediris 2008
Principales vulnerabilidades en Aplicaciones Web - Rediris 2008Christian Martorella
 

More from Christian Martorella (7)

A journey into Application Security
A journey into Application SecurityA journey into Application Security
A journey into Application Security
 
Python for Penetration testers
Python for Penetration testersPython for Penetration testers
Python for Penetration testers
 
Playing in a Satellite environment
Playing in a Satellite environmentPlaying in a Satellite environment
Playing in a Satellite environment
 
Wfuzz for Penetration Testers
Wfuzz for Penetration TestersWfuzz for Penetration Testers
Wfuzz for Penetration Testers
 
2011 and still bruteforcing - OWASP Spain
2011 and still bruteforcing - OWASP Spain2011 and still bruteforcing - OWASP Spain
2011 and still bruteforcing - OWASP Spain
 
All your data are belong to us - FIST Conference 2007
All your data are belong to us - FIST Conference 2007All your data are belong to us - FIST Conference 2007
All your data are belong to us - FIST Conference 2007
 
Principales vulnerabilidades en Aplicaciones Web - Rediris 2008
Principales vulnerabilidades en Aplicaciones Web - Rediris 2008Principales vulnerabilidades en Aplicaciones Web - Rediris 2008
Principales vulnerabilidades en Aplicaciones Web - Rediris 2008
 

Recently uploaded

Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...itnewsafrica
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Nikki Chapple
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxfnnc6jmgwh
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 

Recently uploaded (20)

Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 

Tactical Information Gathering