Slide deck for my first presentation which took place at 2600 Edinburgh.
This presentation is a fun, audience engagement piece. With members of audience guessing the tool from the web interface.
To view all slides, please download as slides include animation.
Artificial Intelligence in testing - A STeP-IN Evening Talk Session Speech by...Kalilur Rahman
AI is the new ELECTRICITY - said Andrew Ng. There are two sides of the coin. There are a lot of nay-sayers for AI. At the end of the day, it will be Augmented Intelligence, Adaptive Intelligence, Automated Intelligence that will propel human intelligence forward - more than anything else. It will be a great time ahead. Whether it would be an "Eye(AI) Wash" as skeptics say or an "I wish" from them for starting late on the journey, only time will tell. It is a matter of when and how long, instead of an If. #ArtificialIntelligence #IntelligentTesting #QCoE #NextGenTesting #QualityFocusedDelivery #DigitalInnovation #ITIndustry #NewAgeIT #InnovativeTesting#AIFication #Automation #DigitalEconomy #Singularity #Transcendence #Futurism
This is the slides of the online talk given at @NullBhopal. This introduces people to Open Source INTelligence and their uses in daily life and pentesting.
Exploring the Potential of Shodan From Networking to Cybercrime.pdfDataSpace Academy
Rising cases of cyber threats have ushered in the growth of a long list of highly advanced cybersecurity tools. Shodan is one such cybersecurity tool that has gained massive recognition among security experts all across the world. Technically a vulnerability search engine, Shodan helps with comprehensive device discovery and network scans to detect hidden vulnerabilities. The blog offers a detailed overview of all the major aspects of Shodan. The article sheds light on the key features of the search engine, how it works, and its benefits. Finally, it wraps up with pointers on use cases and limitations of the tool.
DevFests are local tech conferences hosted by Google Developer Groups (GDG) around the world. Each DevFest event is crafted by its local organizers to fit the needs and interests of its local developer community. Whether it be through hands-on learning experiences, technical talks delivered in local languages by experts, or by simply meeting fellow local developers, DevFest attendees learn how to build together and innovate on Google's developer tools.
Artificial Intelligence in testing - A STeP-IN Evening Talk Session Speech by...Kalilur Rahman
AI is the new ELECTRICITY - said Andrew Ng. There are two sides of the coin. There are a lot of nay-sayers for AI. At the end of the day, it will be Augmented Intelligence, Adaptive Intelligence, Automated Intelligence that will propel human intelligence forward - more than anything else. It will be a great time ahead. Whether it would be an "Eye(AI) Wash" as skeptics say or an "I wish" from them for starting late on the journey, only time will tell. It is a matter of when and how long, instead of an If. #ArtificialIntelligence #IntelligentTesting #QCoE #NextGenTesting #QualityFocusedDelivery #DigitalInnovation #ITIndustry #NewAgeIT #InnovativeTesting#AIFication #Automation #DigitalEconomy #Singularity #Transcendence #Futurism
This is the slides of the online talk given at @NullBhopal. This introduces people to Open Source INTelligence and their uses in daily life and pentesting.
Exploring the Potential of Shodan From Networking to Cybercrime.pdfDataSpace Academy
Rising cases of cyber threats have ushered in the growth of a long list of highly advanced cybersecurity tools. Shodan is one such cybersecurity tool that has gained massive recognition among security experts all across the world. Technically a vulnerability search engine, Shodan helps with comprehensive device discovery and network scans to detect hidden vulnerabilities. The blog offers a detailed overview of all the major aspects of Shodan. The article sheds light on the key features of the search engine, how it works, and its benefits. Finally, it wraps up with pointers on use cases and limitations of the tool.
DevFests are local tech conferences hosted by Google Developer Groups (GDG) around the world. Each DevFest event is crafted by its local organizers to fit the needs and interests of its local developer community. Whether it be through hands-on learning experiences, technical talks delivered in local languages by experts, or by simply meeting fellow local developers, DevFest attendees learn how to build together and innovate on Google's developer tools.
Open-source intelligence (OSINT) is intelligence collected from publicly available sources. In the intelligence community (IC), the term "open" refers to overt, publicly available sources (as opposed to covert or clandestine sources); it is not related to open-source software or public intelligence.
101+ Cybersecurity Tools List And Beyond by westwp.com.pdfWestwp
Explore our comprehensive Cybersecurity Tool Guide featuring 101 essential tools by https://www.westwp.com/cybersecurity/free-audit/. The ultimate resource for professionals to bolster their security strategies.
Development of Android/ IOS Based Application to Access Aadhar Database For U...dbpublications
Based on the latest technology called - IoT (Internet of Things), now a day‟s, IoT becomes an essential and emerging technology. And by utilizing the aadhar database, we would like to propose an android/iOS based application named as “Aadhar Based Electoral Application”. This application is proposed to be base on aadhar database to elect the contestant in a particular constitution. Since aadhar is fulfilled with all the requirements and having complete database of each and every person. A prototype application was developed and tested. And this application with some modifications can also be useful for surveys and for online process.
Vulnerability Assessment and Penetration Testing using Webkillijtsrd
Data is more defenseless than any time in recent memory and each mechanical development raises new security danger that requires new security arrangements. web kill tool is directed to assess the security of an IT framework by securely uncovering its weaknesses. The performance of an application is measured based on the number of false negatives and false positives. Testing technique that is highly automated, which covers several boundary cases by means of invalid data as the application input to make sure that exploitable vulnerabilities are absent. Deepesh Seth | Ms. N. Priya "Vulnerability Assessment and Penetration Testing using Webkill" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-5 | Issue-1 , December 2020, URL: https://www.ijtsrd.com/papers/ijtsrd37919.pdf Paper URL : https://www.ijtsrd.com/computer-science/computer-security/37919/vulnerability-assessment-and-penetration-testing-using-webkill/deepesh-seth
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...Andrew Morris
It’s not just you. The frequency of severe vulnerabilities in internet-facing enterprise software being massively exploited at scale has increased drastically. The amount of time between disclosure and exploitation of these vulnerabilities has been reduced to near-zero, leaving defenders with less time to react and respond. While combating internet-wide opportunistic exploitation is a sprawling and complex problem, there is both an art and a science to staying ahead of large exploitation events such as Log4J.
In this talk we will share insights and challenges from operating a huge, shifting, adaptive, distributed sensor network listening to internet background noise and opportunistic exploitation traffic over the past four years. We will give a blunt state of the universe on mass exploitation. We will share patterns and unexplainable phenomena we’ve experienced across billions of internet scans. And we will make recommendations to defenders for preparing for the next time the cyber hits the fan.
OSINT mindset to protect your organization - Null monthly meet versionChandrapal Badshah
This presentation covers different sources of information about organization, some breach case studies and how we could have prevented it using OSINT and other techniques.
Cyber threats are common, notable large corporations have been witness to these attacks. A lot is know about the victim and the consequences of the threat. However we are still to understand the state of Chaos experienced by the victim of the threat.
You woke up in the middle of the night and had this great dream/idea for an amazing app, You were working in MacDonald’s and find it while listening to your customer or You find it while drinking in a bar.…
ANYWAY
If you can picture it, you know it is useful, and you can imagine that many people would like it, too
Then you are on the right path. (Start Reading)
Where there is money, there is crime – and financial institutions are among the prime targets for cyber criminals. This session will cover the threat that cybercrime poses to financial institutions, our first-hand run-ins with advanced attackers, real-world case studies, and the rise of cheap and damaging "hacking-as-a-service" tools that we’re seeing with increasing frequency and the damaging effects they have on financial institutions.
Ondrej Krehel, CEO & Founder, LIFARS, LLC
Dusan Petricko, Incident Response Manager, LIFARS, LLC
How to Build Your Future in the Internet of Things Economy. Jennifer RigginsFuture Insights
FOWA London 2015
The trillion-dollar IoT economy will impact our lives so much more than even the Internet itself. From IoT protocols to hypermedia APIs to devices to new networks of communication, you need to learn how to overcome very arduous security, privacy, and just-too-soon barriers in order to build your own future in the IoT space. Jennifer's talk is a result of talking to dozens of Internet of Things influencers and experts - come along to learn about her findings!
Open-source intelligence (OSINT) is intelligence collected from publicly available sources. In the intelligence community (IC), the term "open" refers to overt, publicly available sources (as opposed to covert or clandestine sources); it is not related to open-source software or public intelligence.
101+ Cybersecurity Tools List And Beyond by westwp.com.pdfWestwp
Explore our comprehensive Cybersecurity Tool Guide featuring 101 essential tools by https://www.westwp.com/cybersecurity/free-audit/. The ultimate resource for professionals to bolster their security strategies.
Development of Android/ IOS Based Application to Access Aadhar Database For U...dbpublications
Based on the latest technology called - IoT (Internet of Things), now a day‟s, IoT becomes an essential and emerging technology. And by utilizing the aadhar database, we would like to propose an android/iOS based application named as “Aadhar Based Electoral Application”. This application is proposed to be base on aadhar database to elect the contestant in a particular constitution. Since aadhar is fulfilled with all the requirements and having complete database of each and every person. A prototype application was developed and tested. And this application with some modifications can also be useful for surveys and for online process.
Vulnerability Assessment and Penetration Testing using Webkillijtsrd
Data is more defenseless than any time in recent memory and each mechanical development raises new security danger that requires new security arrangements. web kill tool is directed to assess the security of an IT framework by securely uncovering its weaknesses. The performance of an application is measured based on the number of false negatives and false positives. Testing technique that is highly automated, which covers several boundary cases by means of invalid data as the application input to make sure that exploitable vulnerabilities are absent. Deepesh Seth | Ms. N. Priya "Vulnerability Assessment and Penetration Testing using Webkill" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-5 | Issue-1 , December 2020, URL: https://www.ijtsrd.com/papers/ijtsrd37919.pdf Paper URL : https://www.ijtsrd.com/computer-science/computer-security/37919/vulnerability-assessment-and-penetration-testing-using-webkill/deepesh-seth
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...Andrew Morris
It’s not just you. The frequency of severe vulnerabilities in internet-facing enterprise software being massively exploited at scale has increased drastically. The amount of time between disclosure and exploitation of these vulnerabilities has been reduced to near-zero, leaving defenders with less time to react and respond. While combating internet-wide opportunistic exploitation is a sprawling and complex problem, there is both an art and a science to staying ahead of large exploitation events such as Log4J.
In this talk we will share insights and challenges from operating a huge, shifting, adaptive, distributed sensor network listening to internet background noise and opportunistic exploitation traffic over the past four years. We will give a blunt state of the universe on mass exploitation. We will share patterns and unexplainable phenomena we’ve experienced across billions of internet scans. And we will make recommendations to defenders for preparing for the next time the cyber hits the fan.
OSINT mindset to protect your organization - Null monthly meet versionChandrapal Badshah
This presentation covers different sources of information about organization, some breach case studies and how we could have prevented it using OSINT and other techniques.
Cyber threats are common, notable large corporations have been witness to these attacks. A lot is know about the victim and the consequences of the threat. However we are still to understand the state of Chaos experienced by the victim of the threat.
You woke up in the middle of the night and had this great dream/idea for an amazing app, You were working in MacDonald’s and find it while listening to your customer or You find it while drinking in a bar.…
ANYWAY
If you can picture it, you know it is useful, and you can imagine that many people would like it, too
Then you are on the right path. (Start Reading)
Where there is money, there is crime – and financial institutions are among the prime targets for cyber criminals. This session will cover the threat that cybercrime poses to financial institutions, our first-hand run-ins with advanced attackers, real-world case studies, and the rise of cheap and damaging "hacking-as-a-service" tools that we’re seeing with increasing frequency and the damaging effects they have on financial institutions.
Ondrej Krehel, CEO & Founder, LIFARS, LLC
Dusan Petricko, Incident Response Manager, LIFARS, LLC
How to Build Your Future in the Internet of Things Economy. Jennifer RigginsFuture Insights
FOWA London 2015
The trillion-dollar IoT economy will impact our lives so much more than even the Internet itself. From IoT protocols to hypermedia APIs to devices to new networks of communication, you need to learn how to overcome very arduous security, privacy, and just-too-soon barriers in order to build your own future in the IoT space. Jennifer's talk is a result of talking to dozens of Internet of Things influencers and experts - come along to learn about her findings!
Similar to The Potential of the Hacker's Search Engine (20)
ER(Entity Relationship) Diagram for online shopping - TAEHimani415946
https://bit.ly/3KACoyV
The ER diagram for the project is the foundation for the building of the database of the project. The properties, datatypes, and attributes are defined by the ER diagram.
1.Wireless Communication System_Wireless communication is a broad term that i...JeyaPerumal1
Wireless communication involves the transmission of information over a distance without the help of wires, cables or any other forms of electrical conductors.
Wireless communication is a broad term that incorporates all procedures and forms of connecting and communicating between two or more devices using a wireless signal through wireless communication technologies and devices.
Features of Wireless Communication
The evolution of wireless technology has brought many advancements with its effective features.
The transmitted distance can be anywhere between a few meters (for example, a television's remote control) and thousands of kilometers (for example, radio communication).
Wireless communication can be used for cellular telephony, wireless access to the internet, wireless home networking, and so on.
This 7-second Brain Wave Ritual Attracts Money To You.!nirahealhty
Discover the power of a simple 7-second brain wave ritual that can attract wealth and abundance into your life. By tapping into specific brain frequencies, this technique helps you manifest financial success effortlessly. Ready to transform your financial future? Try this powerful ritual and start attracting money today!
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesSanjeev Rampal
Talk presented at Kubernetes Community Day, New York, May 2024.
Technical summary of Multi-Cluster Kubernetes Networking architectures with focus on 4 key topics.
1) Key patterns for Multi-cluster architectures
2) Architectural comparison of several OSS/ CNCF projects to address these patterns
3) Evolution trends for the APIs of these projects
4) Some design recommendations & guidelines for adopting/ deploying these solutions.
1. The Potential of the
Hacker’s Search Engine
@TheHairyJ • Jamie • 4th Yr Cyber Security at Edinburgh Napier
2. What is Shodan?
● Search engine for Internet-
connected devices
● Can be filtered to find specific
devices
● Available on Shodan.io
Matherly, J. (2016). Complete Guide to Shodan. leanpub, p.3.
Matherly, J. (2014). Inside The World's Most Dangerous
Search Engine.
3. Overview
● Using distributed, randomized,
web crawlers that run 24/7
● Utilizes stateless scanning to
increase speed of scanning
● A form of passive recon!
● Making it a great OSINT tool
4. Randomizing
1. Generate a random IPv4
address
2. Generate a random port to test
from the list of ports Shodan
understands
3. Check this address on the
given port and if successful
grab the banner
4. Goto 1
Matherly, J. (2016). Complete Guide to Shodan. leanpub
5. Stateless
Scanning*
● No waiting for handshake
SYN
● x equals hash of the recipient IP
SYN-ACK
● once receiving x + 1
● recipient does x – 1 to reveal IP
SYN Cookies/Zmap/Massscan
*Simplified
6. ● There is a delay!
● In 2014, reported multi day lag
● Timestamps can alleviate this
Latency
7.
8.
9. DISCLAIMER
The following slides showcase the extent of the unsecure internet. Slides will feature
pictures of devices. These pictures have been obtained passively by the presenter or
from other researchers’ work. No access to the devices featured has took place by
the presenter.
The presenter would like to make it abundantly clear that he is not responsible for you
being arrested, if you go actively pursuing access to devices like those featured. See
Computer Misuse Act 1990 Section 1.
The presenter would also like to make it clear, that taking publishing pictures of the
following ‘orange’ slides are at the photographers own risk.
10. How can Shodan
be used?
● “Search the Internet of Things,
perform market research and
check the external security of
your business.”
Shodan (@shodanhq) | Twitter
12. “Universities are the most insecure organizations out there”
35,792
27,607
9,574
2,352
1,154
734
252
Massachusetts Institute of Technology
University of Texas
University of Oxford
University of Edinburgh
Strathclyde University
University of Glasgow
Edinburgh Napier University
Educational Institutions Results on
Shodan
Matherly, J. (2014). Inside The World's Most Dangerous Search Engine.
13.
14. @EdinburghShodan
● Daily tweets of the total count
of devices Shodan can find in
Edinburgh .
● Also got one for Glasgow too!
what Shodan is
How it works
What it can be used for
What it can find
Where it is currently growing academically and practically
If Google and Yellow Pages had a baby that did computer stuff
Another way is to say
A population Census of the internet
Shodan is essentially a database
Uses these methods to create a database of results
Creating a passive approach
Bias
Blocking
Mean Emails
Saves Time which is important to give quality data
High Failure rate
Not the internet currently
Maybe a day or so behind
3G/4G devices
What Shodan.io looks like
Backbone
This is the output for the api too!
So if you have just finished your scripting class, or learning regex, you might want to look into this for some extra-curricualar work
This uses filtering – unable to do so unless you have an account. But don’t fret! Shodan is free if you have an ac.uk or any educational email address.
Answers:
1 - iKettle
2 – CSGO Servers
3 – Minecraft Servers
4 – Mongolian MongoDBs
5 - Evil Corp servers from Mr Robot
6 – VoIP
7 – University of Glasgow
3 – Area 51
Fringe drop / School term increase
UK
Western Europe
French Cities
German Cities
US Cities
1 – Printer
2 – RDP
3 – Pub Camera
4 – House Camera
5 – Shop Camera
6 – Weed Grower
7 – PLC/Air Con/ Vent/ Temp
8 - ? Best answer wins
9 – Fluid Mgmt System(Pool)
10 – Butchers
11 – Cinema
12 – Train Toyset
13 – Xray
14 – French Hydro Electric Plant
15 - Crematorium
Make sure to use filters to remove RDPs to get to the juicy bits