The document discusses 'dorking' and pentesting, emphasizing the focus on code rather than individuals. It introduces 'tacyt' and outlines various methods and tools for uncovering vulnerabilities in applications, including password lists, third-party credentials, and common injection attacks. The author, Chema Alonso, invites questions and credits Eleven Paths for the development of the tacyt service.

1. Dorking & Pentesting!
with Tacyt
Chema Alonso
@chemaalonso

2. Dorking

3. The target is the!
“What” not the “Who”

4. The Target is the Code

5. What is “Tacyt”?

6. Dorking with apps:!
code & metadata

7. 1.- Infrastructure

8. Infrastructure Surface

9. Well-Known Ports

10. Cpanel & Plesk

11. 2.- P@ssw0rdS

12. Password.txt

13. UserLists

14. Userlist.app

15. Databases

16. WebServices

17. 3.- Third Party Credentials

18. PathFinder

19. Social Networks

20. API Keys & Tokens

21. 4.- Bugs to get into
• SQL.asp/php/aspx/…
• Query
• ldapsearch
• exec
• sql
• command
• …

22. (Blind) SQL Injection

23. (Blind) SQL Injection 101

24. LDAP Search

25. (Blind) LDAP Injection 101

26. Surprise me, baby!

27. Questions?
• Chema Alonso
– http://twitter.com/chemaalonso
– chema@11paths.com
– http://www.elladodelmal.com
• Disclaimer: Tacyt Service has been
developed by Eleven Paths. All
things working well are because of
their hard work. All things *may*
went bad on this talk were my fault.