How Perceptual Analysis Helps Bug Hunters

•

2 likes•284 views

very picture I take, I pose a threat. By picture, I mean screenshot. By threat I mean attacker. What if there was a way to find more exposures without exactly knowing what we’re looking for? OWASP DirBuster had the right idea but was missing the power of perceptual analysis. This talk is full of dirty tricks to optimize the hunt for security exposures. Unlimited storage, scalable serverless infrastructure, and machine learning powered by collaborative filtering will enable us to usher in a new age of visibility into our attack surface. Around the world, bug hunters are leveraging OSINT techniques (e.g. using OWASP Amass) to find security vulnerabilities for organizations. However, they need better ways to perform analysis at scale. Traditional scanners require in-depth knowledge of each issue in order to write a signature. All we need with this new approach is a target, a path, and as output we will get potential exposures. Do this properly at scale and you have effectively taken what would be millions of results to review and filtered it to thousands of likely vulnerable candidates. Come watch the revolution unfold with new ways to: * Distribute requests to targets and paths using scalable serverless infrastructure * Screenshot results with unlimited storage and organize them by visual similarity * Automate identification of more exposures more quickly using collaborative filtering Focus these techniques on identifying RCEs and you now have a formidable weapon. In conclusion, this approach can be used for a variety of analysis use cases. Penetration testers, bug bounty, SOC analysts, threat researchers, vulnerability scan jockeys, will all benefit from this next generation approach.

Technology

15
/.git/config
Source Code Contains
Encryption Keys
DB Passwords
API Tokens
Internal Systems
Application Vulnerabilities
CRITICAL EXPOSURE
SOURCE CODE LEAK

17
OWASP DirBuster (2008)
Multi-threaded Crawling
Wordlist Path Brute-forcing
Directory
File
EVOLVING OLD WAYS
CONTENT DISCOVERY 10 YEARS AGO

19
/thisdefinitelydoesnotexist
Use “Fail Cases”
Soft 404 Checking
DOM Difference Analysis
Content Length
EVOLVING OLD WAYS
CONTENT DISCOVERY FAILS

20
/.docker/variables.env
Manual Review
Load Times
SSL Errors
Human Errors
PAINFUL + TIME CONSUMING
CONTENT DISCOVERY FAILS

2222
INCONSISTENCY – Actions performed pertaining to content discovery during
assessments are inconsistent despite the value proposition. It’s not feasible to
run large-scale comprehensive dictionaries on every target in a small time
window using traditional techniques.
DIVERGENCE – Information storage is disparate as new targets are discovered
throughout an assessment. Penetration testers often work off of separate
datasets and ensuring all targets were reviewed the same way is problematic.
EFFICIENCY – Results validation is time consuming when false positives are too
numerous. Too much noise and not enough signal. Dictionaries that are used
are often outdated or inefficiently utilized.
CONTENT DISCOVERY 2008 - 2018
PROCESS PROBLEMS

24
Pre-render Applications
Approximately 100 per minute
Tag for further review
Goal
Find Content to Attack
Sensitive Information
EVOLVING OLD WAYS
CONTENT DISCOVERY + SCREENSHOTS

32
OWASP Amass (2018)
Open Source Intelligence (OSINT)
Scrape web pages with DNS dragnet data
Aggregate Passive DNS API data
Crawling internet archives
Recursive brute-forcing subdomains
Permutations/alternative character substitutions
Reverse DNS lookups
Querying ASNs and netblocks
DOZENS OF SOURCES
TARGET DISCOVERY 2018

33
OWASP Amass (2018)
Open Source Intelligence (OSINT)
Scrape web pages with DNS dragnet data
Aggregate Passive DNS API data
Crawling internet archives
Recursive brute-forcing subdomains
Permutations/alternative character substitutions
Reverse DNS lookups
Querying ASNs and netblocks
DOZENS OF SOURCES
TARGET DISCOVERY 2018

Similar to How Perceptual Analysis Helps Bug Hunters

StorageOS, Storage for Containers Shouldn't Be Annoying at Container Camp UK

StorageOS

SPEC Innovations is starting its “How To MBSE” series this February 17th at 11:00 am ET. The series will begin with “How to Write Requirements.” Your host, Dr. Steven Dam, will discuss: 1. Gathering your requirements 2. Baselining and change management 3. Using AI to manage quality in your requirements 4. Checking for risk in your requirements 5. Adding relationships (traced, verified, and satisfied) 6. Creating reports and matrices This webinar is perfect if you are just learning to write requirements or are a seasoned requirements developer and want to learn how to utilize software tools and artificial intelligence to improve your requirements. Either way, you will learn a lot in this 45-minute webinar. Stay for the Q&A to ask Dr. Dam your questions. The “How to MBSE” series will continue with these webinars: March 24th 2022, 11:00 am ET - “How to Develop and Simulate Models (with no coding experience!)” https://attendee.gotowebinar.com/register/4521555073189509390 April 13, 2022, 11:00 am ET - “How to Perform Configuration Management” May 26, 2022, 11:00 am ET – “How to Verify and Validate a System or Process” June 21, 2022, 11:00 am ET - “How to Develop a Program Management Plan”

How to Write Requirements - How to MBSE PT.1

Elizabeth Steiner

A new model for Docker image distribution

Docker, Inc.

UiPath has made great strides towards allowing developers to securely store assets and credentials in the UiPath Orchestrator while using Excel config files for any solution configuration that we might need to store or manipulate, specifically when using the REFramework. There are a few challenges that pop up when using Excel files which do have work arounds available. Developers have explored more robust, longer term, solutions to get around this with additional functionality. During this session, we hope to work through some of these solutions.

UiPath Configuration Management

Cristina Vidu

Practical Guide to Securing Kubernetes

Lacework

DevOps tools for winning agility

Kellyn Pot'Vin-Gorman

Managing Changes to the Database Across the Project Life Cycle (presented by ...

eZ Systems

Managing changes to eZPublish Database

Gaetano Giunta

Building and Releasing a Golang CLI Tool

Bradley Cypert

This presentation will provide a high level overview of the current role that desktop applications play in enterprise environments, and the general risks associated with different deployment models. It will also cover common methodologies, techniques, and tools used to identify vulnerabilities in typical desktop application implementations. Although there will be some technical content. The discussion should be interesting and accessible to both operational and management levels. More security blogs by the authors can be found @ https://www.netspi.com/blog/

Thick Application Penetration Testing: Crash Course

Scott Sutherland

DevOps purists may chafe at the DevSecOps term given that security and other important practices are supposed to already be an integral part of routine DevOps workflows. But the reality is that security often gets more lip service than thoughtful and systematic integration into open source software sourcing, development pipelines, and operations processes--in spite of an increasing number of threats. The extensive use of modular open source software from third-parties, distributed development teams, and rapid iterative releases require a commitment to security and the adoption of security approaches that are continuous, adaptive, and heavily automated. In this session, Red Hat Technology Evangelist Gordon Haff look at successful practices that distributed and diverse teams use to iterate rapidly. While still reacting quickly to threats and minimizing business risk. I'll discuss how a container platform can serve as the foundation for DevSecOps in your organization. I'll also consider the risk management associated with integrating components from a variety of sources--a consideration that open source software has had to deal with since the beginning. Finally, I'll show ways by which automation and repeatable trusted delivery of code can be built directly into a DevOps pipeline.

DevSecOps: The Open Source Way for CloudExpo 2018

Gordon Haff

"Idempotence is a mathematical requirement of particular operations where the operation can be applied multiple times without changing the result beyond the initial application. The main driver behind the idempotency requirement is often to handle duplicated messages. As developers and architects, we need to pay close attention to how we deal with our production data during new deployments to ensure we are not losing any data, duplicating messages, or introducing malformed data into our system. Furthermore, we need to figure out how to automate the process and add testing guarantees to prevent any potential human error. In this session, you will learn about the idempotent Kafka Producer & Consumer architecture and how to automate the CI/CD process with open-source tools."

CI/CD with an Idempotent Kafka Producer & Consumer | Kafka Summit London 2022

HostedbyConfluent

IT Press Tour #17 - OpenIO & Technology

OpenIO Object Storage

Apache Jackrabbit Oak is a new JCR implementation with a completely new architecture. Based on concepts like eventual consistency and multi-version concurrency control, and borrowing ideas from distributed version control systems and cloud-scale databases, the Oak architecture is a major leap ahead for Jackrabbit. This presentation describes the Oak architecture and shows what it means for the scalability and performance of modern content applications. Changes to existing Jackrabbit functionality are described and the migration process is explained.

The architecture of oak

Michael Dürig

Many initiatives for running applications inside containers have been scoped to run on a single host. Using Docker containers for large-scale production environments poses interesting challenges, especially when deploying distributed big data applications like Apache Hadoop and Apache Spark. This session at Strata + Hadoop World in New York City (September 2016) explores various solutions and tips to address the challenges encountered while deploying multi-node Hadoop and Spark production workloads using Docker containers. Some of these challenges include container life-cycle management, smart scheduling for optimal resource utilization, network configuration and security, and performance. BlueData is "all in” on Docker containers—with a specific focus on big data applications. BlueData has learned firsthand how to address these challenges for Fortune 500 enterprises and government organizations that want to deploy big data workloads using Docker. This session by Thomas Phelan, co-founder and chief architect at BlueData, discusses how to securely network Docker containers across multiple hosts and discusses ways to achieve high availability across distributed big data applications and hosts in your data center. Since we’re talking about very large volumes of data, performance is a key factor, so Thomas shares some of the storage options implemented at BlueData to achieve near bare-metal I/O performance for Hadoop and Spark using Docker as well as lessons learned and some tips and tricks on how to Dockerize your big data applications in a reliable, scalable, and high-performance environment. http://conferences.oreilly.com/strata/hadoop-big-data-ny/public/schedule/detail/52042

Lessons Learned Running Hadoop and Spark in Docker Containers

BlueData, Inc.

AngularJS - Architecture decisionsin a large project

Elad Hirsch

Darwin Core Archive (DwC-A) validation: A New Collaborative Effort

kristgen

Batten Down the Hatches: A Practical Guide to Securing Kubernetes - RMISC 2019

Lacework

Database CI/CD Pipeline

muhammadhashir57

Watch full webinar here: https://bit.ly/2UhNem8 Many businesses are moving to the Cloud. This process can take many years with data spanning On-Prem and Cloud. When Denodo needs to be deployed in a Hybrid Cloud Architecture, how should one implement that? Join this session to get a deep dive look at how to create a shared Virtual Database that exposes a consistent Semantic Model using Denodo’s Interfaces. Both On Prem and Cloud will have their own Virtual Databases. Watch on-demand this webinar to learn: - How to create a Semantic Data Model - How to use Denodo Interfaces to abstract data access for the Semantic Model - How to create a shared Virtual Database

Building a Consistent Hybrid Cloud Semantic Model In Denodo

Denodo

Similar to How Perceptual Analysis Helps Bug Hunters (20)

StorageOS, Storage for Containers Shouldn't Be Annoying at Container Camp UK

How to Write Requirements - How to MBSE PT.1

A new model for Docker image distribution

UiPath Configuration Management

Practical Guide to Securing Kubernetes

DevOps tools for winning agility

Managing Changes to the Database Across the Project Life Cycle (presented by ...

Managing changes to eZPublish Database

Building and Releasing a Golang CLI Tool

Thick Application Penetration Testing: Crash Course

DevSecOps: The Open Source Way for CloudExpo 2018

CI/CD with an Idempotent Kafka Producer & Consumer | Kafka Summit London 2022

IT Press Tour #17 - OpenIO & Technology

The architecture of oak

Lessons Learned Running Hadoop and Spark in Docker Containers

AngularJS - Architecture decisionsin a large project

Darwin Core Archive (DwC-A) validation: A New Collaborative Effort

Batten Down the Hatches: A Practical Guide to Securing Kubernetes - RMISC 2019

Database CI/CD Pipeline

Building a Consistent Hybrid Cloud Semantic Model In Denodo

More from Bishop Fox

SharePoint Hacking - Advanced SharePoint Security Tools and Tips https://resources.bishopfox.com/resources/tools/sharepoint-hacking-diggity/ Microsoft SharePoint products and technologies continue to grow in popularity and have become the core foundation upon which many organizations have built their web presence. Unfortunately, guidance concerning common SharePoint security issues tends to be overly complex and often misunderstood. Ultimately this results in insecurely configured and deployed SharePoint instances in production environments. This demonstration rich presentation will cover our newly released SharePoint hacking tools and techniques that security professionals can easily use to identify and exploit common insecure configurations in SharePoint applications. Some of the areas we’ll attempt to tackle are: - Identifying vulnerable SharePoint applications using public search engines such as Google and Bing - Gaining unauthorized access to SharePoint administrative web interfaces - Exploiting holes in SharePoint site user permissions and inheritance - Illustrating the dangers of granting excessive access to normal user accounts - Pillaging Active Directory via insecure SharePoint services - Attacking 3rd party plugins/code within SharePoint - And much more…

OWASP LA – SharePoint Hacking – 22Feb2012 – Slides.PDF

Bishop Fox

05 April 2016 - DEF CON 23 (2015) Fran Brown & Shubham Shah - Bishop Fox https://resources.bishopfox.com/resources/tools/rfid-hacking/ https://www.defcon.org/html/defcon-23/dc-23-speakers.html#Brown Have you ever attended an RFID hacking presentation and walked away with more questions than answers? This talk will finally provide practical guidance for penetration testers on hacking High Frequency (HF - 13.56 MHz) and Ultra-High Frequency (UHF – 840-960 MHz). This includes Near Field Communication (NFC), which also operates at 13.56 MHz and can be found in things like mobile payment technologies, e.g., Apple Pay and Google Wallet. We’ll also be releasing a slew of new and free RFID hacking tools using Arduino microcontrollers, Raspberry Pis, phone/tablet apps, and even 3D printing. This presentation will NOT weigh you down with theoretical details or discussions of radio frequencies and modulation schemes. It WILL serve as a practical guide for penetration testers to better understand the attack tools and techniques available to them for stealing and using RFID tag information, specifically for HF and UHF systems. We will showcase the best-of-breed in hardware and software that you’ll need to build an RFID penetration toolkit. Our goal is to eliminate pervasive myths and accurately illustrate RFID risks via live attack DEMOS: o High Frequency / NFC – Attack Demos: - HF physical access control systems (e.g., iCLASS and MIFARE DESFire “contactless smart card” product families) - Credit cards, public transit cards, passports (book), mobile payment systems (e.g., Apple Pay, Google Wallet), NFC loyalty cards (e.g., MyCoke Rewards), new hotel room keys, smart home door locks, and more o Ultra-High Frequency – Attack Demos: - Ski passes, enhanced driver’s licenses, passports (card), U.S. Permanent Resident Card (“green card”), trusted traveler cards Schematics and Arduino code will be released, and 100 lucky audience members will receive one of a handful of new flavors of our Tastic RFID Thief custom PCB, which they can insert into almost any commercial RFID reader to steal badge info or use as a MITM backdoor device capable of card replay attacks. New versions include extended control capabilities via Arduino add-on modules such as Bluetooth low energy (BLE) and GSM/GPRS (SMS messaging) modules This DEMO-rich presentation will benefit both newcomers to RFID penetration testing as well as seasoned professionals. DISCLAIMER: This video is intended for pentesting training purposes only.

InfoSec World 2016 – RFIDiggity – Pentester Guide to Hacking HF/NFC and UHF...

Bishop Fox

https://resources.bishopfox.com/resources/tools/google-hacking-diggity/ As of late, security professionals have been waging a losing battle against hackers. Google, Bing, and other major search engines have been kind enough to index and make searchable all the vulnerabilities on the web, including everything from exposed password files to SQL injection points. This fact has not gone unnoticed by hackers. Last year, LulzSec employed Google hacking to go on an epic 50 day hacking spree that left in its wake a wide variety of major victims including Sony, PBS, Arizona's Department of Public Safety, Infraguard, the FBI, and the CIA. Botnets have also been confirmed to be utilizing search engines for identifying targets as part of mass injection campaigns and other malware distribution techniques. This falls in line with the results of the 2012 Verizon Data Breach Investigations Report which found that 79% of all victims were targets of opportunity. Google Hacking is the perfect vehicle to enable opportunistic attackers who are seeking quick and easy targets to exploit on a massive scale. It is imperative that security professionals learn to take equal advantage of these techniques to help safeguard their organizations. In this workshop, the audience will gain an understanding of the magnitude of this threat, as well as the importance of being proactive in addressing it. We’ll be introducing you to slew of new tools and techniques that will allow you to leverage Google, Bing, SHODAN and many more open search interfaces to track down and eliminate information disclosures and vulnerabilities in your public facing systems and applications before hackers have the chance to exploit them. Some of the topics to be covered are: • Search engine hacking – primary attack methods o Google Hacking o Bing Hacking o Toolkit overview:  Diggity toolset, Maltego, theHarvester, FOCA, and more… • Footprinting target organization networks and applications o Identifying applications, URLs, hostnames, domains, IP addresses, emails and more o Port scanning networks passively via Google o DNS data mining via DeepMagic search engine • Data loss prevention tools and techniques o Locating sensitive data leaks via public web applications • Cloud hacking via Google o Targeting cloud implementations via search engines o Using the cloud and custom search to identify vulnerabilities • Adobe Flash hacking via Google and Bing • Open source code vulnerabilities • Finding sensitive information disclosures on 3rd party sites o Facebook, Twitter, YouTube, PasteBin o Cloud document storage (Dropbox, Google Drive, etc.) • Malware and Search Engines – Bound by Destiny, Unholy Union o Understanding how search engines are used to distribute malware to users o Leveraging search engines to identify and avoid malware • Advanced defense tools and techniques o Search engine hacking alerts and intrusion detection systems (IDS)

InfoSec World 2013 – W4 – Using Google to Find Vulnerabilities in Your IT Env...

Bishop Fox

29 July 2012 - DEF CON 20 (2012) Fran Brown - Bishop Fox https://resources.bishopfox.com/resources/tools/google-hacking-diggity/ https://www.defcon.org/html/defcon-20/dc-20-speakers.html#Brown All brand new tool additions to the Google Hacking Diggity Project - The Next Generation Search Engine Hacking Arsenal. As always, all tools are free for download and use. When last we saw our heroes, the Diggity Duo had demonstrated how search engine hacking could be used to take over someone's Amazon cloud in less than 30 seconds, build out an attack profile of the Chinese government's external networks, and even download all of an organization's Internet facing documents and mine them for passwords and secrets. Google and Bing were forced to hug it out, as their services were seamlessly combined to identify which of the most popular websites on the Internet were unwittingly being used as malware distribution platforms against their own end-users. Now, we've traveled through space and time, my friend, to rock this house again... True to form, the legendary duo have toiled night and day in the studio (a one room apartment with no air conditioning) to bring you an entirely new search engine hacking tool arsenal that's packed with so much tiger blood and awesome-sauce, that it's banned on 6 continents. Many of these new Diggity tools are also fueled by the power of the cloud and provide you with vulnerability data faster and easier than ever thanks to the convenience of mobile applications.Just a few highlights of new tools to be unveiled are: * AlertDiggityDB * Diggity Dashboard * Bing Hacking Database (BHDB) 2.0 * NotInMyBackYardDiggity * PortScanDiggity * CloudDiggity Data Mining Tool Suite * CodeSearchDiggity-Cloud Edition * BingBinaryMalwareSearch (BBMS) * Diggity IDS So come ready to engage us as we explore these tools and more in this DEMO rich presentation. You are cordially invited to ride the lightning.

DEFCON 20 (2012) – Tenacious Diggity – 29July2012 – Slides.PDF

Bishop Fox

SpellCheckV2 Rules

Bishop Fox

As seen at Black Hat USA and DEF CON 27: Do you feel safe in your home with the security system armed? You may reconsider after watching a demo of our new hacking toolkit, ZigDiggity, where we target door & window sensors using an "ACK Attack". ZigDiggity will emerge as the weapon of choice for testing ZigBee-enabled systems, replacing all previous efforts. ZigBee continues to grow in popularity as a method for providing simple wireless communication between devices (i.e. low power/traffic, short distance), & can be found in a variety of consumer products that range from smart home automation to healthcare. Security concerns introduced by these systems are just as diverse and plentiful, underscoring a need for quality assessment tools. Unfortunately, existing ZigBee hacking solutions have fallen into disrepair, having barely been maintained, let alone improved upon. Left without a practical way to evaluate the security of ZigBee networks, we've created ZigDiggity, a new open-source pentest arsenal from Bishop Fox. Our DEMO-rich presentation showcases ZigDiggity's attack capabilities by pitting it against common Internet of Things (IoT) products that use ZigBee.

Smarter Home Invasion With ZigDiggity

Bishop Fox

Did you know that Elastic Block Storage (Amazon EBS) has a "public" mode that makes your virtual hard disk available to anyone on the internet? Apparently hundreds of thousands of others didn't either, because they're out there exposing secrets for everyone to see. I tore apart the petabytes of data for you and have some dirty laundry to air: encryption keys, passwords, authentication tokens, PII, you name it and it's here. Whole (virtual) hard drives to live sites and apps, just sitting there for anyone to read. So much data in fact that I had to invent a custom system to process it all. There's a massive Wall of Sheep out there on the internet, and you might not have even noticed that you're on it. Actually, you should stop reading and go check that out right now.

Hacking Exposed EBS Volumes

Bishop Fox

Bitflips happen more than you know, especially on mobile devices and especially on cheap phones with memory that has higher FIT rates (Failures-In-Time). In the past, encryption in-transit (TLS/SSL) would have protected you against the most dangerous opportunistic attackers because it was cost prohibitive. Today however, certificates are free. Free for you and threat actors, thanks to Let’s Encrypt and major cloud providers. While free certificate authorities are a net positive for internet security, we already know attackers are leveraging the HTTPS lock for subverting security awareness training and more successful phishing. What about corporate espionage? That’s precisely what we investigated and will demonstrate with this slide deck.

Ghost in the Browser: Broad-Scale Espionage with Bitsquatting

Bishop Fox

Internet scammers move pretty fast. If you don’t stop and look around once in a while, you could miss it. Just as Ferris Bueller always had another trick up his sleeve to dupe Principle Rooney, attackers are employing homoglyphs, subdomain attacks, typo-squats, bit-squats, and similar attacks to trick internet denizens with fraudulent websites. Adversaries may register domains permutations in order to commit fraud, distribute malware, redirect traffic, steal credentials, or for corporate espionage. We know these threats have been around for a while, but not many defenders adopt proactive technical controls in their social engineering incident response plans. The question isn’t what are we going to do about it. The question is what aren’t we going to do. With the capability to continuously monitor domain permutations for new HTTP, HTTPS, or SMTP services in real-time, the blue team doesn’t have to trust domain permutations any further than they can throw them. In this talk, we will demonstrate red team and blue team techniques. For Buellers, demonstrations include ways to leverage domain permutations in adversary simulations. For Rooneys, we will detail how to better prepare, identify, contain, and eradicate threats that utilize domain permutations. If you’re not leveraging our recommended technical controls to defeat attackers, you risk fishing for your wallet in a yard full of rage-fueled Rottweilers. (This was originally presented on March 3, 2019 at BSides San Francisco.)

Ferris Bueller’s Guide to Abuse Domain Permutations

Bishop Fox

So you’ve managed to get a foothold into the web server — now what? Privilege escalation can be an intimidating process for those unfamiliar with Linux systems or advanced penetration testing techniques. Servers are often cluttered with utilities, backups, and files; how do you find your way through to a root shell? Where are the first places an attacker might look for exploitable vulnerabilities? In this workshop, participants will learn about common privilege escalation paths on Linux systems, including sticky bits, shell escapes, wildcard injections, and how to identify vulnerable services. This presentation will demonstrate several techniques for those looking to improve their security skills. (This was originally presented on February 22, 2010 at Day of Shecurity Boston 2019). (This was originally presented on February 22, 2010 at Day of Shecurity Boston 2019). (This was originally presented on February 22, 2010 at Day of Shecurity Boston 2019). (This was originally presented at BSides Columbus 2019 on March 1, 2019.)

Check Your Privilege (Escalation)

Bishop Fox

So you’ve managed to get a foothold into the web server — now what? Privilege escalation can be an intimidating process for those unfamiliar with Linux systems or advanced penetration testing techniques. Servers are often cluttered with utilities, backups, and files; how do you find your way through to a root shell? Where are the first places an attacker might look for exploitable vulnerabilities? This slide deck will help you learn about common privilege escalation paths on Linux systems, including sticky bits, shell escapes, wildcard injections, and how to identify vulnerable services. Furthermore, it will illustrate several techniques for those looking to improve their security skills, with time for discussion afterward. (This was originally presented on February 22, 2010 at Day of Shecurity Boston 2019).

Introduction to Linux Privilege Escalation Methods

Bishop Fox

Penetration Testing Resource Guide

Bishop Fox

Learn the basics of network penetration testing success - an introduction to the top three tools that will help you on your security journey: Nmap, Netcat, and Metasploit. See how to use Nmap both for port scanning and vulnerability discovery. You'll also learn how to use Netcat to grab banners, make HTTP requests, and create both reverse and bind shells. Finally, we’ll learn the ins and outs of Metasploit, including how to integrate our Nmap scan results for even more ownage and using the built-in exploits to get shells. At the end of this, you will be port scanning, creating payloads, and popping shells. This technical workshop is designed to familiarize you with the necessary tools to continue your ethical hacking journey. From here, take your l33t new skillz and apply them to Capture The Flag (CTF) competitions or scanning your home network for vulnerabilities. (This was originally presented on February 22, 2010 at Day of Shecurity Boston 2019).

Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit Basics

Bishop Fox

You’ve heard about cloud, big data, server-less infrastructure, web scale, and other buzzwords that cause VCs to throw money at people - but how does this help you? If you’re getting bored going over the same checklist in your pentests then you’re missing out on what some of these new technologies can offer you. Using some of the newer cloud technologies not only can you automate all of your workflows, but you can do so with almost zero maintenance at a low cost with almost infinite scalability! This talk will show you how to blow conventional pentesters out of the water using some cool new technologies along with a little bit of trickery. Some of the topics we’ll go over include: * Cheap and scalable rainbow tables with BigQuery, 5TB in 10 seconds * SQS & Lambda, like Burp Intruder but 10K QPS * Scalable GPU Clusters on the cheap with Spot Instances and Elastic Beanstalk * Cloud exit nodes, rotating IPs via Elastic Beanstalk and nano instances * Cost effective fuzzing with Elastic Beanstalk and Spot Instances (This was originally presented on November 16, 2018 at Kiwicon 2038).

Getting Buzzed on Buzzwords: Using Cloud & Big Data to Pentest at Scale

Bishop Fox

When it comes to cybersecurity, the victim mindset is all too pervasive. Everyone is convinced a breach is imminent - and that this attitude justifies overinvesting in defenses instead of focusing on emerging threats. In this presentation, we will discuss why this approach is unsustainable and why red teaming is worth your organization's time and money in addition to the ways most organizations are compromised. As well, we will touch upon what you must consider before embarking on a red team engagement. (This was originally presented on November 6, 2018 as a Practising Law Institute SFO seminar.) To learn more about red teaming, check out our guide: https://www.bishopfox.com/blog/2018/07/a-primer-to-red-teaming/

Evolving Cyber Adversary Simulation: How Red Teaming Benefits Organizations

Bishop Fox

From Sun Devil to math teacher to professional pentester, Mike Ostrowski’s keynote will lay out the groundwork for an unconventional career in cybersecurity. You’ll learn firsthand what it’s like to be a cybersecurity consultant at Bishop Fox. Expect to hear about Mike’s distinct path to security. He will share what helped him reach this point, his stories what it was that sold him on a cybersecurity career, and finally, what he looks for in potential consultants. This will include explaining why communication is so important, why pieces of paper aren’t everything, and what the mindset is that you need to embrace for success. Come prepared to understand the reality of what it’s like to “break in” for a living – and how you can make that your professional reality someday.

ASU Cybersecurity Symposium - Breaking Into a Career of Breaking In

Bishop Fox

It’s 2018, and we are haunted by the same vulnerabilities from more than a decade ago. Organizations of all sizes still struggle with very common vulnerabilities like command injection, XSS, and insecure direct object reference … despite an abundance of code scanners on the market. The OWASP Top 10 is quickly becoming irrelevant because it has barely changed in the last several years. This is one of the most pressing issues for CISOs and there is no definitive solution. AppSec isn’t a product you can buy, it isn’t even a state that you can achieve. There is no how-to guide for application security. But there are some qualities shared by successful AppSec programs. This talk will provide security managers and directors who struggle with application security a better understanding of those common elements and answer some questions, such as: What are some of the critical functions of an AppSec program? Will that work in my <insert buzzword SDLC here> environment? Okay, so where do I start?

CactusCon 2018 - Anatomy of an AppSec Program

Bishop Fox

One of the main reasons information security is so hard to achieve today is that IT itself is changing so rapidly. Cloud computing places security in the hands of a third-party service provider. Mobile technology, meanwhile, places security in the hands of the end user. And the emergence of intelligent, Internet-connected, non-computer devices -- the Internet of Things -- represents an entirely new set of security challenges. In this slide deck, you'll learn how IT organizations can build a security strategy that works when so much of the computing environment is outside their span of control. She will also touch upon how security departments can implement technologies and practices that will work in both today's IT environment and tomorrow's dynamic, multi-dimensional computing world.

Preparing a Next Generation IT Strategy

Bishop Fox

During World War II the CIA created a special information intelligence unit to exploit information gathered from openly available sources. One classic example of the teamís resourcefulness was the ability to determine whether Allied forces had successfully bombed bridges leading into Paris based on increasing orange prices. Since then OSINT sources have surged in number and diversity, but none can compare to the wealth of information provided by the internet. Attackers have been clever enough in the past to take advantage of search engines to filter this information to identify vulnerabilities. However, current search hacking techniques have been stymied by search provider efforts to curb this type of behavior. Not anymore. Our demonstration-heavy presentation picks up the subtle art of search engine hacking at the current state and discusses why these techniques fail. We will then reveal several new search engine hacking techniques that have resulted in remarkable breakthroughs against both Google and Bing. Come ready to engage with us as we release two new tools, GoogleDiggity and BingDiggity, which take full advantage of the new hacking techniques. Weíll also be releasing the first ever 'live vulnerability feed', which will quickly become the new standard on how to detect and protect yourself against these types of attacks. This presentation will change the way you've previously thought about search engine hacking, so put on your helmets. We don't want a mess when we blow your minds.

Lord of the Bing: Taking Back Search Engine Hacking From Google and Bing

Bishop Fox

Last year's Lord of the Bing presentation stabbed Google Hacking in the heart with a syringe full of adrenaline and injected life back into a dying art form. New attack tools and modern defensive techniques redefined the way people thought about Google Hacking. Among these were the first ever Bing Hacking tool and the Google/Bing Hacking Alert RSS feeds, which have grown to become the world's single largest repository of live vulnerabilities on the web. And it was only the beginning… This year, we once again tear down the basic assumptions about what Google/Bing Hacking is and the extent to which it can be exploited to target organizations and even governments. In our secret underground laboratory, we've been busy creating an entirely new arsenal of Diggity Hacking tools that we'll be unveiling for the first time and releasing for free at Black Hat USA 2011. Just a few highlights of new tools to be unveiled are: BaiduDiggity:first ever Baidu hacking tool, which targets vulnerabilities disclosed by China's dominant search engine. DEMO: Live targeting of vulnerabilities in Chinese government websites exposed via Baidu. DroidDiggity:fully functional GoogleDiggity and BingDiggity application for Android phones. GoogleCodeSearchDiggity:identifying vulnerabilities in open source code projects hosted by Google Code, MS CodePlex, SourceForge, and more. The tool comes with over 40 default searches that identify SQL injection, cross-site scripting (XSS), insecure remote and local file includes, hard-coded passwords, and much more. FlashDiggity:automated Google searching/downloading/decompiling/analysis of SWF files to identify Flash vulnerabilities and info disclosures. SHODAN Hacking Alerts:new live vulnerability RSS feeds based on results from the popular SHODAN hacking search engine. MalwareDiggity and MalwareDiggity Alerts:leveraging Bing API and the Google SafeBrowsing API together to provide an answer to a simple question, "Am I being used as a platform to distribute malware to people who visit my website?" AlertDiggity:Windows systray application that filters the results of the various Google/Bing/Shodan Hacking Alerts RSS feeds and notifies the user if any new alerts match a domain belong to them. DiggityDLP:Data loss prevention tool that leverages Google/Bing to identify exposures of sensitive info (e.g. SSNs, credit card numbers, etc.) via common document formats such as .doc, .xls, and .pdf. Also utilizes Google APIs for searching across Google Docs/Spreadsheets for data leaks. That is just a taste of the new tools that will be explored in this DEMO rich presentation. So come ready to engage us as we re-define Google Hacking once again. WARNING: For safety, you should be in good health and free from high blood pressure, heart, back or neck problems, motion sickness, or other conditions that could be aggravated by this adventure.

Pulp Google Hacking

Bishop Fox

More from Bishop Fox (20)

OWASP LA – SharePoint Hacking – 22Feb2012 – Slides.PDF

InfoSec World 2016 – RFIDiggity – Pentester Guide to Hacking HF/NFC and UHF...

InfoSec World 2013 – W4 – Using Google to Find Vulnerabilities in Your IT Env...

DEFCON 20 (2012) – Tenacious Diggity – 29July2012 – Slides.PDF

SpellCheckV2 Rules

Smarter Home Invasion With ZigDiggity

Hacking Exposed EBS Volumes

Ghost in the Browser: Broad-Scale Espionage with Bitsquatting

Ferris Bueller’s Guide to Abuse Domain Permutations

Check Your Privilege (Escalation)

Introduction to Linux Privilege Escalation Methods

Penetration Testing Resource Guide

Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit Basics

Getting Buzzed on Buzzwords: Using Cloud & Big Data to Pentest at Scale

Evolving Cyber Adversary Simulation: How Red Teaming Benefits Organizations

ASU Cybersecurity Symposium - Breaking Into a Career of Breaking In

CactusCon 2018 - Anatomy of an AppSec Program

Preparing a Next Generation IT Strategy

Lord of the Bing: Taking Back Search Engine Hacking From Google and Bing

Pulp Google Hacking

Recently uploaded

Slack Application Development 101 Slides

praypatel2

[2024]Digital Global Overview Report 2024 Meltwater.pdf

hans926745

Imagine a world where information flows as swiftly as thought itself, making decision-making as fluid as the data driving it. Every moment is critical, and the right tools can significantly boost your organization’s performance. The power of real-time data automation through FME can turn this vision into reality. Aimed at professionals eager to leverage real-time data for enhanced decision-making and efficiency, this webinar will cover the essentials of real-time data and its significance. We’ll explore: FME’s role in real-time event processing, from data intake and analysis to transformation and reporting An overview of leveraging streams vs. automations FME’s impact across various industries highlighted by real-life case studies Live demonstrations on setting up FME workflows for real-time data Practical advice on getting started, best practices, and tips for effective implementation Join us to enhance your skills in real-time data automation with FME, and take your operational capabilities to the next level.

From Event to Action: Accelerate Your Decision Making with Real-Time Automation

Safe Software

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...

Neo4j

BooK Now Call us at +918448380779 to hire a gorgeous and seductive call girl for sex. Take a Delhi Escort Service. The help of our escort agency is mostly meant for men who want sexual Indian Escorts In Delhi NCR. It should be noted that any impersonator will get 100 attention from our Young Girls Escorts in Delhi. They will assume the position of reliable allies. VIP Call Girl With Original Photos Book Tonight +918448380779 Our Cheap Price 1 Hour not available 2 Hours 5000 Full Night 8000 TAG: Call Girls in Delhi, Noida, Gurgaon, Ghaziabad, Connaught Place, Greater Kailash Delhi, Lajpat Nagar Delhi, Mayur Vihar Delhi, Chanakyapuri Delhi, New Friends Colony Delhi, Majnu Ka Tilla, Karol Bagh, Malviya Nagar, Saket, Khan Market, Noida Sector 18, Noida Sector 76, Noida Sector 51, Gurgaon Mg Road, Iffco Chowk Gurgaon, Rajiv Chowk Gurgaon All Delhi Ncr Free Home Deliver

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men

Delhi Call girls

In an era where artificial intelligence (AI) stands at the forefront of business innovation, Information Architecture (IA) is at the core of functionality. See “There’s No AI Without IA” – (from 2016 but even more relevant today) Understanding and leveraging how Information Architecture (IA) supports AI synergies between knowledge engineering and prompt engineering is critical for senior leaders looking to successfully deploy AI for internal and externally facing knowledge processes. This webinar be a high-level overview of the methodologies that can elevate AI-driven knowledge processes supporting both employees and customers. Core Insights Include: Strategic Knowledge Engineering: Delve into how structuring AI's knowledge base is required to prevent hallucinations, enable contextual retrieval of accurate information. This will include discussion of gold standard libraries of use cases support testing various LLMs and structures and configurations of knowledge base. Precision in Prompt Engineering: Learn the art of crafting prompts that direct AI to deliver targeted, relevant responses, thereby optimizing customer experiences and business outcomes. Unified Approach for Enhanced AI Performance: Explore the intersection of knowledge and prompt engineering to develop AI systems that are not only more responsive but also aligned with overarching business strategies. Guiding Principles for Implementation: Equip yourself with best practices, ethical guidelines, and strategic considerations for embedding these technologies into your business ecosystem effectively. This webinar is designed to empower business and technology leaders with the knowledge to harness the full potential of AI, ensuring their organizations not only keep pace with digital transformation but lead the charge. Join us to map a roadmap to fully leverage Information Architecture (IA) and AI chart a course towards a future where AI is a key pillar of strategic innovation and business success.

EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx

Earley Information Science

Choosing the right accounts payable services provider is a strategic decision that can significantly impact your business's financial performance and operational efficiency. By considering factors such as expertise, range of services, technology infrastructure, scalability, cost, and reputation, businesses can make informed decisions and select a provider that aligns with their unique needs and objectives. Partnering with the right provider can streamline accounts payable processes, drive cost savings, and position your business for long-term success. https://katprotech.com/accounts-payable-and-purchase-order-automation/

Factors to Consider When Choosing Accounts Payable Services Providers.pptx

Katpro Technologies

With more memory available, system performance of three Dell devices increased, which can translate to a better user experience Conclusion When your system has plenty of RAM to meet your needs, you can efficiently access the applications and data you need to finish projects and to-do lists without sacrificing time and focus. Our test results show that with more memory available, three Dell PCs delivered better performance and took less time to complete the Procyon Office Productivity benchmark. These advantages translate to users being able to complete workflows more quickly and multitask more easily. Whether you need the mobility of the Latitude 5440, the creative capabilities of the Precision 3470, or the high performance of the OptiPlex Tower Plus 7010, configuring your system with more RAM can help keep processes running smoothly, enabling you to do more without compromising performance.

Boost PC performance: How more available memory can improve productivity

Principled Technologies

Scaling API-first – The story of a global engineering organization

Radu Cotescu

A Domino Admins Adventures (Engage 2024)

Gabriella Davis

CNv6 Instructor Chapter 6 Quality of Service

giselly40

Advantages of Hiring UIUX Design Service Providers for Your Business

Pixlogix Infotech

Presentation on how to chat with PDF using ChatGPT code interpreter

naman860154

Abhishek Deb(1), Mr Abdul Kalam(2) M. Des (UX) , School of Design, DIT University , Dehradun. This paper explores the future potential of AI-enabled smartphone processors, aiming to investigate the advancements, capabilities, and implications of integrating artificial intelligence (AI) into smartphone technology. The research study goals consist of evaluating the development of AI in mobile phone processors, analyzing the existing state as well as abilities of AI-enabled cpus determining future patterns as well as chances together with reviewing obstacles as well as factors to consider for more growth.

Exploring the Future Potential of AI-Enabled Smartphone Processors

debabhi2

2024: Domino Containers - The Next Step. News from the Domino Container commu...

Martijn de Jong

Heather Hedden, Senior Consultant at Enterprise Knowledge, presented “The Role of Taxonomy and Ontology in Semantic Layers” at a webinar hosted by Progress Semaphore on April 16, 2024. Taxonomies at their core enable effective tagging and retrieval of content, and combined with ontologies they extend to the management and understanding of related data. There are even greater benefits of taxonomies and ontologies to enhance your enterprise information architecture when applying them to a semantic layer. A survey by DBP-Institute found that enterprises using a semantic layer see their business outcomes improve by four times, while reducing their data and analytics costs. Extending taxonomies to a semantic layer can be a game-changing solution, allowing you to connect information silos, alleviate knowledge gaps, and derive new insights. Hedden, who specializes in taxonomy design and implementation, presented how the value of taxonomies shouldn’t reside in silos but be integrated with ontologies into a semantic layer. Learn about: - The essence and purpose of taxonomies and ontologies in information and knowledge management; - Advantages of semantic layers leveraging organizational taxonomies; and - Components and approaches to creating a semantic layer, including the integration of taxonomies and ontologies

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf

Enterprise Knowledge

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

The Digital Insurer

Automating Google Workspace (GWS) & more with Apps Script

wesley chun

Microsoft's Threat Matrix for Kubernetes helps organizations understand the attack surface a Kubernetes deployment introduces to their environments. This ensures that adequate detections and mitigations are in place. By covering over 40 different attacker techniques, defenders can learn about Kubernetes-specific mitigations and controls to deploy to their environments. In this session, we will explore the MS-TA9013 Host Path Mount technique, which is commonly used by attackers to perform privilege escalation in a Kubernetes cluster. Attendees will learn how attackers and defenders can: * Escape the container's host volume mount to gain persistence on an underlying node * Move laterally from the underlying node into the customer's cloud environment * Analyze Kubernetes audit logs to detect pods deployed with a hostPath mount * Deploy an admission controller that prevents new pods from using a hostPath mount

Breaking the Kubernetes Kill Chain: Host Path Mount

Puma Security, LLC

As privacy and data protection regulations evolve rapidly, organizations operating in multiple jurisdictions face mounting challenges to ensure compliance and safeguard customer data. With state-specific privacy laws coming up in multiple states this year, it is essential to understand what their unique data protection regulations will require clearly. How will data privacy evolve in the US in 2024? How to stay compliant? Our panellists will guide you through the intricacies of these states' specific data privacy laws, clarifying complex legal frameworks and compliance requirements. This webinar will review: - The essential aspects of each state's privacy landscape and the latest updates - Common compliance challenges faced by organizations operating in multiple states and best practices to achieve regulatory adherence - Valuable insights into potential changes to existing regulations and prepare your organization for the evolving landscape

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

TrustArc

Recently uploaded (20)

Slack Application Development 101 Slides

[2024]Digital Global Overview Report 2024 Meltwater.pdf

From Event to Action: Accelerate Your Decision Making with Real-Time Automation

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men

EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx

Factors to Consider When Choosing Accounts Payable Services Providers.pptx

Boost PC performance: How more available memory can improve productivity

Scaling API-first – The story of a global engineering organization

A Domino Admins Adventures (Engage 2024)

CNv6 Instructor Chapter 6 Quality of Service

Advantages of Hiring UIUX Design Service Providers for Your Business

Presentation on how to chat with PDF using ChatGPT code interpreter

Exploring the Future Potential of AI-Enabled Smartphone Processors

2024: Domino Containers - The Next Step. News from the Domino Container commu...

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

Automating Google Workspace (GWS) & more with Apps Script

Breaking the Kubernetes Kill Chain: Host Path Mount

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

How Perceptual Analysis Helps Bug Hunters

1. 1

2. 2

3. 3

4. 4

5. 5

9. 9

10.

11.

12. REDACTED

13. REDACTED

14.

15. 15 /.git/config Source Code Contains Encryption Keys DB Passwords API Tokens Internal Systems Application Vulnerabilities CRITICAL EXPOSURE SOURCE CODE LEAK

16. 16

17. 17 OWASP DirBuster (2008) Multi-threaded Crawling Wordlist Path Brute-forcing Directory File EVOLVING OLD WAYS CONTENT DISCOVERY 10 YEARS AGO

18. 18

19. 19 /thisdefinitelydoesnotexist Use “Fail Cases” Soft 404 Checking DOM Difference Analysis Content Length EVOLVING OLD WAYS CONTENT DISCOVERY FAILS

20. 20 /.docker/variables.env Manual Review Load Times SSL Errors Human Errors PAINFUL + TIME CONSUMING CONTENT DISCOVERY FAILS

21. 21

22. 2222 INCONSISTENCY – Actions performed pertaining to content discovery during assessments are inconsistent despite the value proposition. It’s not feasible to run large-scale comprehensive dictionaries on every target in a small time window using traditional techniques. DIVERGENCE – Information storage is disparate as new targets are discovered throughout an assessment. Penetration testers often work off of separate datasets and ensuring all targets were reviewed the same way is problematic. EFFICIENCY – Results validation is time consuming when false positives are too numerous. Too much noise and not enough signal. Dictionaries that are used are often outdated or inefficiently utilized. CONTENT DISCOVERY 2008 - 2018 PROCESS PROBLEMS

23. 23

24. 24 Pre-render Applications Approximately 100 per minute Tag for further review Goal Find Content to Attack Sensitive Information EVOLVING OLD WAYS CONTENT DISCOVERY + SCREENSHOTS

25. 25

26. 26

27. 27

28. 28

29. 29

30. 30

31. 31

32. 32 OWASP Amass (2018) Open Source Intelligence (OSINT) Scrape web pages with DNS dragnet data Aggregate Passive DNS API data Crawling internet archives Recursive brute-forcing subdomains Permutations/alternative character substitutions Reverse DNS lookups Querying ASNs and netblocks DOZENS OF SOURCES TARGET DISCOVERY 2018

33. 33 OWASP Amass (2018) Open Source Intelligence (OSINT) Scrape web pages with DNS dragnet data Aggregate Passive DNS API data Crawling internet archives Recursive brute-forcing subdomains Permutations/alternative character substitutions Reverse DNS lookups Querying ASNs and netblocks DOZENS OF SOURCES TARGET DISCOVERY 2018

34. 34

35. 35

36. 36

37. 37

38. 38

39. 39