SlideShare uma empresa Scribd logo

Reconnaissance not always about resources

idsecconf
idsecconf

This document discusses Information Of Everything (IoE) and the importance of information for success as a bug hunter and penetration tester. It provides tips on bug bounty hunting and penetration testing, noting they involve a time constraint. It introduces the Sudomy tool for automated reconnaissance and subdomain enumeration. Sudomy utilizes both active and passive techniques to efficiently gather subdomain information, resolve IPs, check for duplicates, scan ports, and more. Comparisons are made to other enumeration tools and the benefits of Sudomy's customized workflow are discussed.

Internet
1 de 46
Baixar para ler offline
Information Of Everything [IoE] Information is your key to success when you become Bug hunter and Penetration tester KEY
N O T A L W A Y S A B O U T R E S O U R C E S
Fight Against Time  Penetration Testing = Timebox  Bug bounty = Race BUG BOUNTY & PENETRATION TESTING
You Are Not Alone Who become a bug hunter is just not you , so you must to work harder and smarter than others
Reconnaissance consists of techniques that involve adversaries actively or passively gathering information that can be used to support targeting MITRE ATT&CK (TA0043) [ rəˈkänəsəns ]
RECONNAISSANCE Data collection by interacting directly with the target /.victim Active Reconnaissance The opposite of active reconnaissance, which means we do not interact directly with the target/victim Passive Reconnaisance METHODE
1 But if we do RECON, it can help us to increase the chances of finding the vulnerability / SECURITY ISSUE RECON =! SECURITY ISSUE 2 Best way to perform recon is to use a hybrid approach by combining manual and automated processes RECON =! MANUAL APPROACH 3 If we can perform a recon in the right workflow you can save a lot of time RECON =! TIME CONSUMING RECON FACT [fækt]
PROBLEM & QUESTION METHODOLOGY/WORKFLOW Should we to use a methodology or workflow that exist on internet? BOUNTY TIPS 1 LINER it's that enough if we just copy and paste one liners command which we obtain through bug bounty tips from twitter? RESOURCES IS EVERYTHING ? should we to use much of resource? combine all of engine/tools recon on internet? Are You Solving the Right Problem?
N O T A L W A Y S A B O U T R E S O U R C E S , I T S A B O U T R E S O U R C E F U L L N E S S the ability to find quick and clever ways to overcome difficulties. re·source·ful·ness
MAKE YOUR OWN The best way to make the recon process more optimal is to create your recon workflow and automation tool by making the best use of resources T O O L S A N D W O R F K L O W R E C O N
Here we will talk sharing about recon workflow, tools, point of view & some ideas. Maybe that will help you to increase the effectiveness when doing pentest & bug hunting. TOOLS RECON WORKFLOW
SU OMY v1.2 Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance. This tool can also be used for OSINT (Open-source intelligence) activities. S u b d o m a i n E n u m e r a t i o n & A n a l y s i s
Information Systems Security Assessment Framework Sudomy was built to complement the tools needed by the bug hunter & pentester following the rules of The Information Systems Security Assessment Framework (ISSAF) by applying two techniques active and passive
I am still care with open source and i want to share it with you guys, so we can collaborate We Care About Open Source Making processes more effective and efficient is essential WHY YOU BUILD THIS (?) We Care About Community We Care About Doing What’s Right Simplify activities in gathering information and completing the tools needed by the pentester/Bug hunter
IT’S NATURAL TO WANT TO COMPARE
How this different than S u b l i s t 3 r & S u b f i n d e r Sublist3r is a python tool designed to enumerate subdomains of websites using OSINT (Open-source intelligence) subfinder is a subdomain discovery tool that discovers valid subdomains for websites by using passive online sources
Minimize More Resources When Use Third-Party Sites By evaluating and selecting the good third-party sites/resources, so the enumeration process can be optimized. SUD MY
Sudomy does not use third party resources such as Google, Baidu, Ask Yahoo and Bing. Because the results obtained from these third-party resources are not optimal and there are also other factors such as being hampered by the captcha RESOURCES YahooGoogleBingBaiduAsk 0 COMPARISON 5 8 SecurityTrails 35
Results data DIAGRAM VENN Security Trails 0 35 Yahoo&Bing 6Ask, Baidu & Google
Tota ls Resou rc es Tr ea ds/M u lt ipr ocess Rea ls Times Resu lts Sudomy 22 Engine Multiprocessing 0m7.724s 662 subdomains Subfinder 35 Engine Concurency (Threads 200) 0m7.844s 615 subdomains Sublister 11 Engine Multithreads (Threads 200) 0m12.434s 94 Subdomains Domain : Tiket.com 1- Target Name: Ubuntu Version: 16.04.7 LTS (Xenial Xerus) Model name: Intel(R) Xeon(R) CPU E5-2686 v4 @ 2.30GHz Architecture: x86_64 CPU op-mode(s): 32-bit, 64-bit CPU & Core(s): 8 3- Materials 2- Connection Speed Server: E2C AWS Download: 945.02 Mbit/s Upload: 914.69 Mbit/s RESOURCES COMPARISON R e q u i r e m e n t s
S U D O M Y v 1 . 2 . 0 VIDEO
S U B F I N D E R v 2 . 4 . 5 VIDEO
S U B L I S T 3 R v 1 . 1 . 0 VIDEO
BUT GO IS POWERFULL & FASTER Exactly, im agree with you. Use go programming language is quite effective for doing a lot of work simultaneously or we can say with concurrency. For example in tools subfinder, here subfinder is still classified as very fast for collecting subdomains by utilizing quite a lot of resources Especially if the resources used have been optimized (?)
M a y b e I n t h e f u t u r e , s u d o m y w i l l u s e g o l a n g . When I have free time, if you want to contributes its open to pull requests FREE TIME
BAD IMPLEMENATION This tool uses a lot of subdomain enumeration tools like Sublist3r, enumall, knock, subbrute, massdns ,recon-ng, ammass, subfinder. For informations , resource shodan used by tools subfinder, ammass, recon-ng. So this tools will collect subdomains using shodan service in 3x repetitions which results are the same
Information is your key to success when you become Bug hunter and Penetration tester KEY But, did you hear reNgine (?) reNgine is an automated reconnaissance framework meant information gathering during penetration testing of web applications.
Subdomain Enumeration Resolver IP Duplicates Port Scanning reNgine Capabilities W o r k f l o w a u t o m a t e d P o r t s c a n Collecting subdomain from tools subfinder, sublist3r, recon-ng andm ore resolve the collected subdomains to IP addresses, Sorting and remove duplicates IP Perform active scanning using nababu
SU OMY S u d o m y p e r f o r m a c t i v e & p a s s i v e p o r t s c a n Port scanning with top-ports using nmap from domain list Collecting/Scraping open port from 3rd party (Default::Shodan), For right now just using Shodan [Future::Censys,Zoomeye]
Subdomain Enumeration Resolver IP Duplicates Cloudfare Sudomy Capabilities W o r k f l o w a u t o m a t e d P o r t s c a n Collecting subdomain from tools subfinder, sublist3r, recon-ng andm ore resolve the collected subdomains to IP addresses, Sorting and remove duplicates IP Check an IP is Owned by Cloudflare Port Scanning Perform active scanning using nababu
rEngine Subdomain Enumeration Tools reNgine Capabilities W o r k f l o w a u t o m a t e d C o l l e c t e d H i d d e n E n d p o i n t / U R L s RAW DATA EXTRACT & COLLECINT SUBDOMAIN Tools Fetch Hidden Enpoint/URL Using Resources: Commoncrawl,waybackurl, urlscanio alienvault Subfinder Ammass Gau Hakrawler Using Resources: Commoncrawl,waybackurl, urlscanio alienvault RAW DATA EXTRACT & COLLECINT ENDPOINT/URLs
Sudomy Capabilities W o r k f l o w a u t o m a t e d C o l l e c t e d H i d d e n E n d p o i n t / U R L s Sudomy Using Resources: Commoncrawl,waybackurl, urlscanio alienvault RAW DATA EXTRACT & COLLECINT SUBDOMAIN EXTRACT & COLLECINT ENDPOINT/URLs
- $ / lifetime Free Validation Subdomain HTTP Check [ status code, title, content ] Subdomain Screenshots Detection Virtualhost Identify technologies COMMERCIAL VS NON-COMMERCIAL IS THE SAME WITH AS FINDOMAIN? 59$ / Mo Premium/VIP Webhook alerts Validation Subdomain HTTP Check [ status code, title, content ] Subdomain Screenshots Detection Virtualhost Identify technologies Webhook alerts Sudomy Findomain is a complete reconnaissance solution for enterprises and cybersecurity specialists that uses cutting edge technology, able to send alerts about new subdomains, their HTTP status, HTTP content size, HTTP content type & more is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance. This tool can also be used for OSINT (Open-source intelligence) activities.
Detection urls, ports, title, content-length, status- code, response-body probbing. Detection HTTP Information More Feature Sudomy Test the list of collected subdomains and probe for working http or https servers. This feature uses a third- party tool, httprobe. Subdomain Validation
Perform to check subdomain is vulnerable to subdomain takeover Testing Subdomain TakeOver Performed active and passive port scanning .Sudomy will resolve the collected subdomains to IP addresses, then classify them if several subdomains resolve to single IP address. The Ability To Detect Virtualhost Active : Port scanning with top-ports using nmap from domain list Passive Collecting/Scraping open port from 3rd party (Default using Shodan),
Taking Screenshots of subdomains default using gowitness or you can choice another screenshot tools like webscreeenshot Website Screenshot Collecting Juicy URL/Endpoint/Path Identify technologies on website from subdomain list like getting information about category, application, version. Identify technologies on website Collecting Juicy URL. Parameter, interesting path (api|.git|admin|etc), document (doc|pdf), javascript (js|node) and more
Generate and make report output in HTML & CSV format Making Report Sending notifications to a slack channel Webhook Alert Generate & make wordlist based on collecting url resources (wayback,urlscan,commoncrawl. To make that, we Extract All the paramater and path from our domain recon Generate Wordlist
Installation Sudomy is currently extended with the following tools. Instructions on how to install & use the application are linked below. 2- Dependencies pip install -r requirements.txt 1- Download Sudomy git clone --recursive https://github.com/screetsec/ Sudomy.git 3- Package • apt-get update • apt-get install jq nmap phantomjs npm chromium parallel • npm i -g wappalyzer wscat 4- Post Installation API Key is needed before querying on some third-party sites, The API key setting can be done in sudomy.api file
Sudomy: Usage To use all 22 Sources and Probe for working http or https servers: root@kali:~ sudomy –d tiket.com USE ALL RESOURCES/ENGINE To use one or more source: root@kali:~ sudomy –d tiket.com –s spyse, securitytrails
Sudomy: Usage To use all plugins: testing host status, http/https status code, subdomain takeover and screenshots. Nmap,Gobuster,wappalyzer and wscat Not Included. root@kali:~ sudomy –d tiket.com –pS –sC –sS TO USE ONE OR MORE PLUGINS Plugin resolving ip & virtualhostPlugin check http status code EXAMPLE LOOK
Sudomy: Usage Sample output
HTML Report Sample The sudomy application has been equipped with a reporting system with HTML and CSV output format that makes it easy for Cyber Security researchers and / or analyst To create report in HTML Format: • sudomy --all -d hackerone.com --html
SU OMY Sudomy -d tiket.com -dP -eP -rS -cF -pS -tO -gW --httpx --dnsprobe -aI webanalyze --slack -sS Run the best arguments to collect subdomains and analyze by doing automatic recon
This Recon Workflow Sudomy v1.1.8#dev
So What’s The Point (?) You didn;t have to write things from scratch every time Optimizing what you have, whether you're making something new or just thinking about how to do something better
Thank You Thank you for idsecconf, darknetdiaries for the awesome picsart and you for the the attention redteamlab.id screetsec screetsec edomaland screetsec@gmail.com

Recomendados

A tale story of building and maturing threat hunting program
A tale story of building and maturing threat hunting programA tale story of building and maturing threat hunting program
A tale story of building and maturing threat hunting program
idsecconf
 
IDSECCONF 2020 : A Tale Story of Building and Maturing Threat Hunting Program
IDSECCONF 2020 : A Tale Story of Building and Maturing Threat Hunting ProgramIDSECCONF 2020 : A Tale Story of Building and Maturing Threat Hunting Program
IDSECCONF 2020 : A Tale Story of Building and Maturing Threat Hunting Program
Digit Oktavianto
 
MITRE ATT&CK framework
MITRE ATT&CK frameworkMITRE ATT&CK framework
MITRE ATT&CK framework
Bhushan Gurav
 
PHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On LabPHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On Lab
Teymur Kheirkhabarov
 
Cyber Threat Hunting Training (CCTHP)
Cyber Threat Hunting Training (CCTHP)Cyber Threat Hunting Training (CCTHP)
Cyber Threat Hunting Training (CCTHP)
ENOInstitute
 
Applied machine learning defeating modern malicious documents
Applied machine learning defeating modern malicious documentsApplied machine learning defeating modern malicious documents
Applied machine learning defeating modern malicious documents
Priyanka Aash
 
Applied cognitive security complementing the security analyst
Applied cognitive security complementing the security analyst Applied cognitive security complementing the security analyst
Applied cognitive security complementing the security analyst
Priyanka Aash
 
Threat hunting and achieving security maturity
Threat hunting and achieving security maturityThreat hunting and achieving security maturity
Threat hunting and achieving security maturity
DNIF
 

Recomendados

A tale story of building and maturing threat hunting program
A tale story of building and maturing threat hunting programA tale story of building and maturing threat hunting program
A tale story of building and maturing threat hunting program
idsecconf
 
IDSECCONF 2020 : A Tale Story of Building and Maturing Threat Hunting Program
IDSECCONF 2020 : A Tale Story of Building and Maturing Threat Hunting ProgramIDSECCONF 2020 : A Tale Story of Building and Maturing Threat Hunting Program
IDSECCONF 2020 : A Tale Story of Building and Maturing Threat Hunting Program
Digit Oktavianto
 
MITRE ATT&CK framework
MITRE ATT&CK frameworkMITRE ATT&CK framework
MITRE ATT&CK framework
Bhushan Gurav
 
PHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On LabPHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On Lab
Teymur Kheirkhabarov
 
Cyber Threat Hunting Training (CCTHP)
Cyber Threat Hunting Training (CCTHP)Cyber Threat Hunting Training (CCTHP)
Cyber Threat Hunting Training (CCTHP)
ENOInstitute
 
Applied machine learning defeating modern malicious documents
Applied machine learning defeating modern malicious documentsApplied machine learning defeating modern malicious documents
Applied machine learning defeating modern malicious documents
Priyanka Aash
 
Applied cognitive security complementing the security analyst
Applied cognitive security complementing the security analyst Applied cognitive security complementing the security analyst
Applied cognitive security complementing the security analyst
Priyanka Aash
 
Threat hunting and achieving security maturity
Threat hunting and achieving security maturityThreat hunting and achieving security maturity
Threat hunting and achieving security maturity
DNIF
 
Advances in cloud scale machine learning for cyber-defense
Advances in cloud scale machine learning for cyber-defenseAdvances in cloud scale machine learning for cyber-defense
Advances in cloud scale machine learning for cyber-defense
Priyanka Aash
 
Cyber Threat hunting workshop
Cyber Threat hunting workshopCyber Threat hunting workshop
Cyber Threat hunting workshop
Arpan Raval
 
Sophisticated Attacks vs. Advanced Persistent Security
Sophisticated Attacks vs. Advanced Persistent SecuritySophisticated Attacks vs. Advanced Persistent Security
Sophisticated Attacks vs. Advanced Persistent Security
Priyanka Aash
 
Threat hunting in cyber world
Threat hunting in cyber worldThreat hunting in cyber world
Threat hunting in cyber world
Akash Sarode
 
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOsSPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
Rod Soto
 
IDSECCONF2018 Keynote Speaker - Agung Nugraha, S.IP., M.Si (Han)
IDSECCONF2018 Keynote Speaker - Agung Nugraha, S.IP., M.Si (Han)IDSECCONF2018 Keynote Speaker - Agung Nugraha, S.IP., M.Si (Han)
IDSECCONF2018 Keynote Speaker - Agung Nugraha, S.IP., M.Si (Han)
idsecconf
 
Machine learning cybersecurity boon or boondoggle
Machine learning cybersecurity boon or boondoggleMachine learning cybersecurity boon or boondoggle
Machine learning cybersecurity boon or boondoggle
Priyanka Aash
 
Threat Hunting with Splunk
Threat Hunting with SplunkThreat Hunting with Splunk
Threat Hunting with Splunk
Splunk
 
Penetration and hacking training brief
Penetration and hacking training briefPenetration and hacking training brief
Penetration and hacking training brief
Bill Nelson
 
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CKIntroduction to MITRE ATT&CK
Introduction to MITRE ATT&CK
Arpan Raval
 
Windows Threat Hunting
Windows Threat HuntingWindows Threat Hunting
Windows Threat Hunting
GIBIN JOHN
 
Hands on Security, Disrupting the Kill Chain, SplunkLive! Austin
Hands on Security, Disrupting the Kill Chain, SplunkLive! AustinHands on Security, Disrupting the Kill Chain, SplunkLive! Austin
Hands on Security, Disrupting the Kill Chain, SplunkLive! Austin
Splunk
 
Sec 572 Effective Communication - tutorialrank.com
Sec 572 Effective Communication - tutorialrank.comSec 572 Effective Communication - tutorialrank.com
Sec 572 Effective Communication - tutorialrank.com
Bartholomew99
 
Sharpening your Threat-Hunting Program with ATTACK Framework
Sharpening your Threat-Hunting Program with ATTACK FrameworkSharpening your Threat-Hunting Program with ATTACK Framework
Sharpening your Threat-Hunting Program with ATTACK Framework
MITRE - ATT&CKcon
 
Malware Classification and Analysis
Malware Classification and AnalysisMalware Classification and Analysis
Malware Classification and Analysis
Prashant Chopra
 
Helping Small Companies Leverage CTI with an Open Source Threat Mapping
Helping Small Companies Leverage CTI with an Open Source Threat MappingHelping Small Companies Leverage CTI with an Open Source Threat Mapping
Helping Small Companies Leverage CTI with an Open Source Threat Mapping
MITRE - ATT&CKcon
 
AktaionPPTv5_JZedits
AktaionPPTv5_JZeditsAktaionPPTv5_JZedits
AktaionPPTv5_JZedits
Rod Soto
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing Basics
Rick Wanner
 
Introduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivismIntroduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivism
Global Micro Solutions
 
Cyber threat-hunting---part-2-25062021-095909pm
Cyber threat-hunting---part-2-25062021-095909pmCyber threat-hunting---part-2-25062021-095909pm
Cyber threat-hunting---part-2-25062021-095909pm
MuhammadJalalShah1
 
Different Methodology To Recon Your Targets
Different Methodology To Recon Your TargetsDifferent Methodology To Recon Your Targets
Different Methodology To Recon Your Targets
EslamAkl
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
Amine SAIGHI
 

Mais conteúdo relacionado

Mais procurados

SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOsSPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
Rod Soto
 
Threat Hunting with Splunk
Threat Hunting with SplunkThreat Hunting with Splunk
Threat Hunting with Splunk
Splunk
 
Sharpening your Threat-Hunting Program with ATTACK Framework
Sharpening your Threat-Hunting Program with ATTACK FrameworkSharpening your Threat-Hunting Program with ATTACK Framework
Sharpening your Threat-Hunting Program with ATTACK Framework
MITRE - ATT&CKcon
 
Helping Small Companies Leverage CTI with an Open Source Threat Mapping
Helping Small Companies Leverage CTI with an Open Source Threat MappingHelping Small Companies Leverage CTI with an Open Source Threat Mapping
Helping Small Companies Leverage CTI with an Open Source Threat Mapping
MITRE - ATT&CKcon
 
AktaionPPTv5_JZedits
AktaionPPTv5_JZeditsAktaionPPTv5_JZedits
AktaionPPTv5_JZedits
Rod Soto
 

Mais procurados (20)

Advances in cloud scale machine learning for cyber-defense
Advances in cloud scale machine learning for cyber-defenseAdvances in cloud scale machine learning for cyber-defense
Advances in cloud scale machine learning for cyber-defense
 
Cyber Threat hunting workshop
Cyber Threat hunting workshopCyber Threat hunting workshop
Cyber Threat hunting workshop
 
Sophisticated Attacks vs. Advanced Persistent Security
Sophisticated Attacks vs. Advanced Persistent SecuritySophisticated Attacks vs. Advanced Persistent Security
Sophisticated Attacks vs. Advanced Persistent Security
 
Threat hunting in cyber world
Threat hunting in cyber worldThreat hunting in cyber world
Threat hunting in cyber world
 
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOsSPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
 
IDSECCONF2018 Keynote Speaker - Agung Nugraha, S.IP., M.Si (Han)
IDSECCONF2018 Keynote Speaker - Agung Nugraha, S.IP., M.Si (Han)IDSECCONF2018 Keynote Speaker - Agung Nugraha, S.IP., M.Si (Han)
IDSECCONF2018 Keynote Speaker - Agung Nugraha, S.IP., M.Si (Han)
 
Machine learning cybersecurity boon or boondoggle
Machine learning cybersecurity boon or boondoggleMachine learning cybersecurity boon or boondoggle
Machine learning cybersecurity boon or boondoggle
 
Threat Hunting with Splunk
Threat Hunting with SplunkThreat Hunting with Splunk
Threat Hunting with Splunk
 
Penetration and hacking training brief
Penetration and hacking training briefPenetration and hacking training brief
Penetration and hacking training brief
 
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CKIntroduction to MITRE ATT&CK
Introduction to MITRE ATT&CK
 
Windows Threat Hunting
Windows Threat HuntingWindows Threat Hunting
Windows Threat Hunting
 
Hands on Security, Disrupting the Kill Chain, SplunkLive! Austin
Hands on Security, Disrupting the Kill Chain, SplunkLive! AustinHands on Security, Disrupting the Kill Chain, SplunkLive! Austin
Hands on Security, Disrupting the Kill Chain, SplunkLive! Austin
 
Sec 572 Effective Communication - tutorialrank.com
Sec 572 Effective Communication - tutorialrank.comSec 572 Effective Communication - tutorialrank.com
Sec 572 Effective Communication - tutorialrank.com
 
Sharpening your Threat-Hunting Program with ATTACK Framework
Sharpening your Threat-Hunting Program with ATTACK FrameworkSharpening your Threat-Hunting Program with ATTACK Framework
Sharpening your Threat-Hunting Program with ATTACK Framework
 
Malware Classification and Analysis
Malware Classification and AnalysisMalware Classification and Analysis
Malware Classification and Analysis
 
Helping Small Companies Leverage CTI with an Open Source Threat Mapping
Helping Small Companies Leverage CTI with an Open Source Threat MappingHelping Small Companies Leverage CTI with an Open Source Threat Mapping
Helping Small Companies Leverage CTI with an Open Source Threat Mapping
 
AktaionPPTv5_JZedits
AktaionPPTv5_JZeditsAktaionPPTv5_JZedits
AktaionPPTv5_JZedits
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing Basics
 
Introduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivismIntroduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivism
 
Cyber threat-hunting---part-2-25062021-095909pm
Cyber threat-hunting---part-2-25062021-095909pmCyber threat-hunting---part-2-25062021-095909pm
Cyber threat-hunting---part-2-25062021-095909pm
 

Semelhante a Reconnaissance not always about resources

Lab-4 Reconnaissance and Information Gathering  A hacker.docx
Lab-4 Reconnaissance and Information Gathering  A hacker.docxLab-4 Reconnaissance and Information Gathering  A hacker.docx
Lab-4 Reconnaissance and Information Gathering  A hacker.docx
LaticiaGrissomzz
 
Ceh v8 labs module 02 footprinting and reconnaissance
Ceh v8 labs module 02 footprinting and reconnaissanceCeh v8 labs module 02 footprinting and reconnaissance
Ceh v8 labs module 02 footprinting and reconnaissance
Mehrdad Jingoism
 
Integris Security - Hacking With Glue ℠
Integris Security - Hacking With Glue ℠Integris Security - Hacking With Glue ℠
Integris Security - Hacking With Glue ℠
Integris Security LLC
 

Semelhante a Reconnaissance not always about resources (20)

Different Methodology To Recon Your Targets
Different Methodology To Recon Your TargetsDifferent Methodology To Recon Your Targets
Different Methodology To Recon Your Targets
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
 
Hack information of any website using webkiller
Hack information of any website using webkillerHack information of any website using webkiller
Hack information of any website using webkiller
 
Open Source Information Gathering Brucon Edition
Open Source Information Gathering Brucon EditionOpen Source Information Gathering Brucon Edition
Open Source Information Gathering Brucon Edition
 
Saying Hello to Bug Bounty
Saying Hello to Bug BountySaying Hello to Bug Bounty
Saying Hello to Bug Bounty
 
Computer security
Computer securityComputer security
Computer security
 
Lab-4 Reconnaissance and Information Gathering  A hacker.docx
Lab-4 Reconnaissance and Information Gathering  A hacker.docxLab-4 Reconnaissance and Information Gathering  A hacker.docx
Lab-4 Reconnaissance and Information Gathering  A hacker.docx
 
Pentesting Using Burp Suite
Pentesting Using Burp SuitePentesting Using Burp Suite
Pentesting Using Burp Suite
 
Ceh v8 labs module 02 footprinting and reconnaissance
Ceh v8 labs module 02 footprinting and reconnaissanceCeh v8 labs module 02 footprinting and reconnaissance
Ceh v8 labs module 02 footprinting and reconnaissance
 
( Ethical hacking tools ) Information grathring
( Ethical hacking tools ) Information grathring( Ethical hacking tools ) Information grathring
( Ethical hacking tools ) Information grathring
 
Reconnaissance - For pentesting and user awareness
Reconnaissance - For pentesting and user awarenessReconnaissance - For pentesting and user awareness
Reconnaissance - For pentesting and user awareness
 
Ceh v8 labs module 02 footprinting and reconnaissance
Ceh v8 labs module 02 footprinting and reconnaissanceCeh v8 labs module 02 footprinting and reconnaissance
Ceh v8 labs module 02 footprinting and reconnaissance
 
Information gathering
Information gatheringInformation gathering
Information gathering
 
Integris Security - Hacking With Glue ℠
Integris Security - Hacking With Glue ℠Integris Security - Hacking With Glue ℠
Integris Security - Hacking With Glue ℠
 
Syed Ubaid Ali Jafri - Black Box Penetration testing for Associates
Syed Ubaid Ali Jafri - Black Box Penetration testing for AssociatesSyed Ubaid Ali Jafri - Black Box Penetration testing for Associates
Syed Ubaid Ali Jafri - Black Box Penetration testing for Associates
 
technical-information-gathering-slides.pdf
technical-information-gathering-slides.pdftechnical-information-gathering-slides.pdf
technical-information-gathering-slides.pdf
 
Threat Hunting with Splunk
Threat Hunting with SplunkThreat Hunting with Splunk
Threat Hunting with Splunk
 
HackerOne X IoT Lab Bug Bounty 101 with Encryptsaan & IoT Lab at KIIT Univers...
HackerOne X IoT Lab Bug Bounty 101 with Encryptsaan & IoT Lab at KIIT Univers...HackerOne X IoT Lab Bug Bounty 101 with Encryptsaan & IoT Lab at KIIT Univers...
HackerOne X IoT Lab Bug Bounty 101 with Encryptsaan & IoT Lab at KIIT Univers...
 
SHOWDOWN: Threat Stack vs. Red Hat AuditD
SHOWDOWN: Threat Stack vs. Red Hat AuditDSHOWDOWN: Threat Stack vs. Red Hat AuditD
SHOWDOWN: Threat Stack vs. Red Hat AuditD
 
Security Handbook
Security Handbook Security Handbook
Security Handbook
 

Mais de idsecconf

idsecconf2023 - Neil Armstrong - Leveraging IaC for Stealthy Infrastructure A...
idsecconf2023 - Neil Armstrong - Leveraging IaC for Stealthy Infrastructure A...idsecconf2023 - Neil Armstrong - Leveraging IaC for Stealthy Infrastructure A...
idsecconf2023 - Neil Armstrong - Leveraging IaC for Stealthy Infrastructure A...
idsecconf
 
idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...
idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...
idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...
idsecconf
 
idsecconf2023 - Rama Tri Nanda - Hacking Smart Doorbell.pdf
idsecconf2023 - Rama Tri Nanda - Hacking Smart Doorbell.pdfidsecconf2023 - Rama Tri Nanda - Hacking Smart Doorbell.pdf
idsecconf2023 - Rama Tri Nanda - Hacking Smart Doorbell.pdf
idsecconf
 
idsecconf2023 - Akshantula Neha, Mohammad Febri Ramadlan - Cyber Harmony Auto...
idsecconf2023 - Akshantula Neha, Mohammad Febri Ramadlan - Cyber Harmony Auto...idsecconf2023 - Akshantula Neha, Mohammad Febri Ramadlan - Cyber Harmony Auto...
idsecconf2023 - Akshantula Neha, Mohammad Febri Ramadlan - Cyber Harmony Auto...
idsecconf
 
Muh. Fani Akbar - Infiltrate Into Your AWS Cloud Environment Through Public E...
Muh. Fani Akbar - Infiltrate Into Your AWS Cloud Environment Through Public E...Muh. Fani Akbar - Infiltrate Into Your AWS Cloud Environment Through Public E...
Muh. Fani Akbar - Infiltrate Into Your AWS Cloud Environment Through Public E...
idsecconf
 
Rama Tri Nanda - NFC Hacking Hacking NFC Reverse Power Supply Padlock.pdf
Rama Tri Nanda - NFC Hacking Hacking NFC Reverse Power Supply Padlock.pdfRama Tri Nanda - NFC Hacking Hacking NFC Reverse Power Supply Padlock.pdf
Rama Tri Nanda - NFC Hacking Hacking NFC Reverse Power Supply Padlock.pdf
idsecconf
 
Arief Karfianto - Proposed Security Model for Protecting Patients Data in Ele...
Arief Karfianto - Proposed Security Model for Protecting Patients Data in Ele...Arief Karfianto - Proposed Security Model for Protecting Patients Data in Ele...
Arief Karfianto - Proposed Security Model for Protecting Patients Data in Ele...
idsecconf
 
Baskoro Adi Pratomo - Evaluasi Perlindungan Privasi Pengguna pada Aplikasi-Ap...
Baskoro Adi Pratomo - Evaluasi Perlindungan Privasi Pengguna pada Aplikasi-Ap...Baskoro Adi Pratomo - Evaluasi Perlindungan Privasi Pengguna pada Aplikasi-Ap...
Baskoro Adi Pratomo - Evaluasi Perlindungan Privasi Pengguna pada Aplikasi-Ap...
idsecconf
 
Utian Ayuba - Profiling The Cloud Crime.pdf
Utian Ayuba - Profiling The Cloud Crime.pdfUtian Ayuba - Profiling The Cloud Crime.pdf
Utian Ayuba - Profiling The Cloud Crime.pdf
idsecconf
 
Hacking oximeter untuk membantu pasien covid19 di indonesia - Ryan fabella
Hacking oximeter untuk membantu pasien covid19 di indonesia - Ryan fabellaHacking oximeter untuk membantu pasien covid19 di indonesia - Ryan fabella
Hacking oximeter untuk membantu pasien covid19 di indonesia - Ryan fabella
idsecconf
 

Mais de idsecconf (20)

idsecconf2023 - Mochammad Riyan Firmansyah - Takeover Cloud Managed Router vi...
idsecconf2023 - Mochammad Riyan Firmansyah - Takeover Cloud Managed Router vi...idsecconf2023 - Mochammad Riyan Firmansyah - Takeover Cloud Managed Router vi...
idsecconf2023 - Mochammad Riyan Firmansyah - Takeover Cloud Managed Router vi...
 
idsecconf2023 - Neil Armstrong - Leveraging IaC for Stealthy Infrastructure A...
idsecconf2023 - Neil Armstrong - Leveraging IaC for Stealthy Infrastructure A...idsecconf2023 - Neil Armstrong - Leveraging IaC for Stealthy Infrastructure A...
idsecconf2023 - Neil Armstrong - Leveraging IaC for Stealthy Infrastructure A...
 
idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...
idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...
idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...
 
idsecconf2023 - Rama Tri Nanda - Hacking Smart Doorbell.pdf
idsecconf2023 - Rama Tri Nanda - Hacking Smart Doorbell.pdfidsecconf2023 - Rama Tri Nanda - Hacking Smart Doorbell.pdf
idsecconf2023 - Rama Tri Nanda - Hacking Smart Doorbell.pdf
 
idsecconf2023 - Akshantula Neha, Mohammad Febri Ramadlan - Cyber Harmony Auto...
idsecconf2023 - Akshantula Neha, Mohammad Febri Ramadlan - Cyber Harmony Auto...idsecconf2023 - Akshantula Neha, Mohammad Febri Ramadlan - Cyber Harmony Auto...
idsecconf2023 - Akshantula Neha, Mohammad Febri Ramadlan - Cyber Harmony Auto...
 
idsecconf2023 - Aan Wahyu - Hide n seek with android app protections and beat...
idsecconf2023 - Aan Wahyu - Hide n seek with android app protections and beat...idsecconf2023 - Aan Wahyu - Hide n seek with android app protections and beat...
idsecconf2023 - Aan Wahyu - Hide n seek with android app protections and beat...
 
idsecconf2023 - Satria Ady Pradana - Launch into the Stratus-phere Adversary ...
idsecconf2023 - Satria Ady Pradana - Launch into the Stratus-phere Adversary ...idsecconf2023 - Satria Ady Pradana - Launch into the Stratus-phere Adversary ...
idsecconf2023 - Satria Ady Pradana - Launch into the Stratus-phere Adversary ...
 
Ali - The Journey-Hack Electron App Desktop (MacOS).pdf
Ali - The Journey-Hack Electron App Desktop (MacOS).pdfAli - The Journey-Hack Electron App Desktop (MacOS).pdf
Ali - The Journey-Hack Electron App Desktop (MacOS).pdf
 
Muh. Fani Akbar - Infiltrate Into Your AWS Cloud Environment Through Public E...
Muh. Fani Akbar - Infiltrate Into Your AWS Cloud Environment Through Public E...Muh. Fani Akbar - Infiltrate Into Your AWS Cloud Environment Through Public E...
Muh. Fani Akbar - Infiltrate Into Your AWS Cloud Environment Through Public E...
 
Rama Tri Nanda - NFC Hacking Hacking NFC Reverse Power Supply Padlock.pdf
Rama Tri Nanda - NFC Hacking Hacking NFC Reverse Power Supply Padlock.pdfRama Tri Nanda - NFC Hacking Hacking NFC Reverse Power Supply Padlock.pdf
Rama Tri Nanda - NFC Hacking Hacking NFC Reverse Power Supply Padlock.pdf
 
Arief Karfianto - Proposed Security Model for Protecting Patients Data in Ele...
Arief Karfianto - Proposed Security Model for Protecting Patients Data in Ele...Arief Karfianto - Proposed Security Model for Protecting Patients Data in Ele...
Arief Karfianto - Proposed Security Model for Protecting Patients Data in Ele...
 
Nosa Shandy - Clickjacking That Worthy-Google Bug Hunting Story.pdf
Nosa Shandy - Clickjacking That Worthy-Google Bug Hunting Story.pdfNosa Shandy - Clickjacking That Worthy-Google Bug Hunting Story.pdf
Nosa Shandy - Clickjacking That Worthy-Google Bug Hunting Story.pdf
 
Baskoro Adi Pratomo - Evaluasi Perlindungan Privasi Pengguna pada Aplikasi-Ap...
Baskoro Adi Pratomo - Evaluasi Perlindungan Privasi Pengguna pada Aplikasi-Ap...Baskoro Adi Pratomo - Evaluasi Perlindungan Privasi Pengguna pada Aplikasi-Ap...
Baskoro Adi Pratomo - Evaluasi Perlindungan Privasi Pengguna pada Aplikasi-Ap...
 
Utian Ayuba - Profiling The Cloud Crime.pdf
Utian Ayuba - Profiling The Cloud Crime.pdfUtian Ayuba - Profiling The Cloud Crime.pdf
Utian Ayuba - Profiling The Cloud Crime.pdf
 
Proactive cyber defence through adversary emulation for improving your securi...
Proactive cyber defence through adversary emulation for improving your securi...Proactive cyber defence through adversary emulation for improving your securi...
Proactive cyber defence through adversary emulation for improving your securi...
 
Perkembangan infrastruktur kunci publik di indonesia - Andika Triwidada
Perkembangan infrastruktur kunci publik di indonesia - Andika TriwidadaPerkembangan infrastruktur kunci publik di indonesia - Andika Triwidada
Perkembangan infrastruktur kunci publik di indonesia - Andika Triwidada
 
Pentesting react native application for fun and profit - Abdullah
Pentesting react native application for fun and profit - AbdullahPentesting react native application for fun and profit - Abdullah
Pentesting react native application for fun and profit - Abdullah
 
Hacking oximeter untuk membantu pasien covid19 di indonesia - Ryan fabella
Hacking oximeter untuk membantu pasien covid19 di indonesia - Ryan fabellaHacking oximeter untuk membantu pasien covid19 di indonesia - Ryan fabella
Hacking oximeter untuk membantu pasien covid19 di indonesia - Ryan fabella
 
Vm escape: case study virtualbox bug hunting and exploitation - Muhammad Alif...
Vm escape: case study virtualbox bug hunting and exploitation - Muhammad Alif...Vm escape: case study virtualbox bug hunting and exploitation - Muhammad Alif...
Vm escape: case study virtualbox bug hunting and exploitation - Muhammad Alif...
 
Devsecops: membangun kemampuan soc di dalam devsecops pipeline - Dedi Dwianto
Devsecops: membangun kemampuan soc di dalam devsecops pipeline - Dedi DwiantoDevsecops: membangun kemampuan soc di dalam devsecops pipeline - Dedi Dwianto
Devsecops: membangun kemampuan soc di dalam devsecops pipeline - Dedi Dwianto
 

Último

一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
pxcywzqs
 
Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call GirlsMira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Priya Reddy
 
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
ayvbos
 
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
gajnagarg
 
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfpdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
JOHNBEBONYAP1
 
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理
F
 
Call girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girlsCall girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girls
Monica Sydney
 
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsRussian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Monica Sydney
 
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
ydyuyu
 

Último (20)

Trump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts SweatshirtTrump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts Sweatshirt
 
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency""Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
 
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
 
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
 
Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call GirlsMira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
 
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Ballia
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime BalliaBallia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Ballia
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Ballia
 
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
 
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
 
Real Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtReal Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirt
 
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
 
Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...
Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...
Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...
 
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfpdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
 
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrStory Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
 
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53
 
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
 
一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理
 
Call girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girlsCall girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girls
 
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsRussian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
 
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
 

Reconnaissance not always about resources

  • 1. Information Of Everything [IoE] Information is your key to success when you become Bug hunter and Penetration tester KEY
  • 2. N O T A L W A Y S A B O U T R E S O U R C E S
  • 3. Fight Against Time  Penetration Testing = Timebox  Bug bounty = Race BUG BOUNTY & PENETRATION TESTING
  • 4. You Are Not Alone Who become a bug hunter is just not you , so you must to work harder and smarter than others
  • 5. Reconnaissance consists of techniques that involve adversaries actively or passively gathering information that can be used to support targeting MITRE ATT&CK (TA0043) [ rəˈkänəsəns ]
  • 6. RECONNAISSANCE Data collection by interacting directly with the target /.victim Active Reconnaissance The opposite of active reconnaissance, which means we do not interact directly with the target/victim Passive Reconnaisance METHODE
  • 7. 1 But if we do RECON, it can help us to increase the chances of finding the vulnerability / SECURITY ISSUE RECON =! SECURITY ISSUE 2 Best way to perform recon is to use a hybrid approach by combining manual and automated processes RECON =! MANUAL APPROACH 3 If we can perform a recon in the right workflow you can save a lot of time RECON =! TIME CONSUMING RECON FACT [fækt]
  • 8. PROBLEM & QUESTION METHODOLOGY/WORKFLOW Should we to use a methodology or workflow that exist on internet? BOUNTY TIPS 1 LINER it's that enough if we just copy and paste one liners command which we obtain through bug bounty tips from twitter? RESOURCES IS EVERYTHING ? should we to use much of resource? combine all of engine/tools recon on internet? Are You Solving the Right Problem?
  • 9. N O T A L W A Y S A B O U T R E S O U R C E S , I T S A B O U T R E S O U R C E F U L L N E S S the ability to find quick and clever ways to overcome difficulties. re·source·ful·ness
  • 10. MAKE YOUR OWN The best way to make the recon process more optimal is to create your recon workflow and automation tool by making the best use of resources T O O L S A N D W O R F K L O W R E C O N
  • 11. Here we will talk sharing about recon workflow, tools, point of view & some ideas. Maybe that will help you to increase the effectiveness when doing pentest & bug hunting. TOOLS RECON WORKFLOW
  • 12. SU OMY v1.2 Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance. This tool can also be used for OSINT (Open-source intelligence) activities. S u b d o m a i n E n u m e r a t i o n & A n a l y s i s
  • 13. Information Systems Security Assessment Framework Sudomy was built to complement the tools needed by the bug hunter & pentester following the rules of The Information Systems Security Assessment Framework (ISSAF) by applying two techniques active and passive
  • 14. I am still care with open source and i want to share it with you guys, so we can collaborate We Care About Open Source Making processes more effective and efficient is essential WHY YOU BUILD THIS (?) We Care About Community We Care About Doing What’s Right Simplify activities in gathering information and completing the tools needed by the pentester/Bug hunter
  • 15. IT’S NATURAL TO WANT TO COMPARE
  • 16. How this different than S u b l i s t 3 r & S u b f i n d e r Sublist3r is a python tool designed to enumerate subdomains of websites using OSINT (Open-source intelligence) subfinder is a subdomain discovery tool that discovers valid subdomains for websites by using passive online sources
  • 17. Minimize More Resources When Use Third-Party Sites By evaluating and selecting the good third-party sites/resources, so the enumeration process can be optimized. SUD MY
  • 18. Sudomy does not use third party resources such as Google, Baidu, Ask Yahoo and Bing. Because the results obtained from these third-party resources are not optimal and there are also other factors such as being hampered by the captcha RESOURCES YahooGoogleBingBaiduAsk 0 COMPARISON 5 8 SecurityTrails 35
  • 19. Results data DIAGRAM VENN Security Trails 0 35 Yahoo&Bing 6Ask, Baidu & Google
  • 20. Tota ls Resou rc es Tr ea ds/M u lt ipr ocess Rea ls Times Resu lts Sudomy 22 Engine Multiprocessing 0m7.724s 662 subdomains Subfinder 35 Engine Concurency (Threads 200) 0m7.844s 615 subdomains Sublister 11 Engine Multithreads (Threads 200) 0m12.434s 94 Subdomains Domain : Tiket.com 1- Target Name: Ubuntu Version: 16.04.7 LTS (Xenial Xerus) Model name: Intel(R) Xeon(R) CPU E5-2686 v4 @ 2.30GHz Architecture: x86_64 CPU op-mode(s): 32-bit, 64-bit CPU & Core(s): 8 3- Materials 2- Connection Speed Server: E2C AWS Download: 945.02 Mbit/s Upload: 914.69 Mbit/s RESOURCES COMPARISON R e q u i r e m e n t s
  • 21. S U D O M Y v 1 . 2 . 0 VIDEO
  • 22. S U B F I N D E R v 2 . 4 . 5 VIDEO
  • 23. S U B L I S T 3 R v 1 . 1 . 0 VIDEO
  • 24. BUT GO IS POWERFULL & FASTER Exactly, im agree with you. Use go programming language is quite effective for doing a lot of work simultaneously or we can say with concurrency. For example in tools subfinder, here subfinder is still classified as very fast for collecting subdomains by utilizing quite a lot of resources Especially if the resources used have been optimized (?)
  • 25. M a y b e I n t h e f u t u r e , s u d o m y w i l l u s e g o l a n g . When I have free time, if you want to contributes its open to pull requests FREE TIME
  • 26. BAD IMPLEMENATION This tool uses a lot of subdomain enumeration tools like Sublist3r, enumall, knock, subbrute, massdns ,recon-ng, ammass, subfinder. For informations , resource shodan used by tools subfinder, ammass, recon-ng. So this tools will collect subdomains using shodan service in 3x repetitions which results are the same
  • 27. Information is your key to success when you become Bug hunter and Penetration tester KEY But, did you hear reNgine (?) reNgine is an automated reconnaissance framework meant information gathering during penetration testing of web applications.
  • 28. Subdomain Enumeration Resolver IP Duplicates Port Scanning reNgine Capabilities W o r k f l o w a u t o m a t e d P o r t s c a n Collecting subdomain from tools subfinder, sublist3r, recon-ng andm ore resolve the collected subdomains to IP addresses, Sorting and remove duplicates IP Perform active scanning using nababu
  • 29. SU OMY S u d o m y p e r f o r m a c t i v e & p a s s i v e p o r t s c a n Port scanning with top-ports using nmap from domain list Collecting/Scraping open port from 3rd party (Default::Shodan), For right now just using Shodan [Future::Censys,Zoomeye]
  • 30. Subdomain Enumeration Resolver IP Duplicates Cloudfare Sudomy Capabilities W o r k f l o w a u t o m a t e d P o r t s c a n Collecting subdomain from tools subfinder, sublist3r, recon-ng andm ore resolve the collected subdomains to IP addresses, Sorting and remove duplicates IP Check an IP is Owned by Cloudflare Port Scanning Perform active scanning using nababu
  • 31. rEngine Subdomain Enumeration Tools reNgine Capabilities W o r k f l o w a u t o m a t e d C o l l e c t e d H i d d e n E n d p o i n t / U R L s RAW DATA EXTRACT & COLLECINT SUBDOMAIN Tools Fetch Hidden Enpoint/URL Using Resources: Commoncrawl,waybackurl, urlscanio alienvault Subfinder Ammass Gau Hakrawler Using Resources: Commoncrawl,waybackurl, urlscanio alienvault RAW DATA EXTRACT & COLLECINT ENDPOINT/URLs
  • 32. Sudomy Capabilities W o r k f l o w a u t o m a t e d C o l l e c t e d H i d d e n E n d p o i n t / U R L s Sudomy Using Resources: Commoncrawl,waybackurl, urlscanio alienvault RAW DATA EXTRACT & COLLECINT SUBDOMAIN EXTRACT & COLLECINT ENDPOINT/URLs
  • 33. - $ / lifetime Free Validation Subdomain HTTP Check [ status code, title, content ] Subdomain Screenshots Detection Virtualhost Identify technologies COMMERCIAL VS NON-COMMERCIAL IS THE SAME WITH AS FINDOMAIN? 59$ / Mo Premium/VIP Webhook alerts Validation Subdomain HTTP Check [ status code, title, content ] Subdomain Screenshots Detection Virtualhost Identify technologies Webhook alerts Sudomy Findomain is a complete reconnaissance solution for enterprises and cybersecurity specialists that uses cutting edge technology, able to send alerts about new subdomains, their HTTP status, HTTP content size, HTTP content type & more is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance. This tool can also be used for OSINT (Open-source intelligence) activities.
  • 34. Detection urls, ports, title, content-length, status- code, response-body probbing. Detection HTTP Information More Feature Sudomy Test the list of collected subdomains and probe for working http or https servers. This feature uses a third- party tool, httprobe. Subdomain Validation
  • 35. Perform to check subdomain is vulnerable to subdomain takeover Testing Subdomain TakeOver Performed active and passive port scanning .Sudomy will resolve the collected subdomains to IP addresses, then classify them if several subdomains resolve to single IP address. The Ability To Detect Virtualhost Active : Port scanning with top-ports using nmap from domain list Passive Collecting/Scraping open port from 3rd party (Default using Shodan),
  • 36. Taking Screenshots of subdomains default using gowitness or you can choice another screenshot tools like webscreeenshot Website Screenshot Collecting Juicy URL/Endpoint/Path Identify technologies on website from subdomain list like getting information about category, application, version. Identify technologies on website Collecting Juicy URL. Parameter, interesting path (api|.git|admin|etc), document (doc|pdf), javascript (js|node) and more
  • 37. Generate and make report output in HTML & CSV format Making Report Sending notifications to a slack channel Webhook Alert Generate & make wordlist based on collecting url resources (wayback,urlscan,commoncrawl. To make that, we Extract All the paramater and path from our domain recon Generate Wordlist
  • 38. Installation Sudomy is currently extended with the following tools. Instructions on how to install & use the application are linked below. 2- Dependencies pip install -r requirements.txt 1- Download Sudomy git clone --recursive https://github.com/screetsec/ Sudomy.git 3- Package • apt-get update • apt-get install jq nmap phantomjs npm chromium parallel • npm i -g wappalyzer wscat 4- Post Installation API Key is needed before querying on some third-party sites, The API key setting can be done in sudomy.api file
  • 39. Sudomy: Usage To use all 22 Sources and Probe for working http or https servers: root@kali:~ sudomy –d tiket.com USE ALL RESOURCES/ENGINE To use one or more source: root@kali:~ sudomy –d tiket.com –s spyse, securitytrails
  • 40. Sudomy: Usage To use all plugins: testing host status, http/https status code, subdomain takeover and screenshots. Nmap,Gobuster,wappalyzer and wscat Not Included. root@kali:~ sudomy –d tiket.com –pS –sC –sS TO USE ONE OR MORE PLUGINS Plugin resolving ip & virtualhostPlugin check http status code EXAMPLE LOOK
  • 42. HTML Report Sample The sudomy application has been equipped with a reporting system with HTML and CSV output format that makes it easy for Cyber Security researchers and / or analyst To create report in HTML Format: • sudomy --all -d hackerone.com --html
  • 43. SU OMY Sudomy -d tiket.com -dP -eP -rS -cF -pS -tO -gW --httpx --dnsprobe -aI webanalyze --slack -sS Run the best arguments to collect subdomains and analyze by doing automatic recon
  • 44. This Recon Workflow Sudomy v1.1.8#dev
  • 45. So What’s The Point (?) You didn;t have to write things from scratch every time Optimizing what you have, whether you're making something new or just thinking about how to do something better
  • 46. Thank You Thank you for idsecconf, darknetdiaries for the awesome picsart and you for the the attention redteamlab.id screetsec screetsec edomaland screetsec@gmail.com