Doing recon like it's 2017

now stuff to be search technology all the old faces but there are new faces I always you can have other stuff so I am going to talk about a bunch of the msi attacks you is owned by me so we have the permission to do that yes but let me start with this idea what is reconnaissance reconnaissance is about gathering intelligence gathering fulness of information about a partner so when you start attacking if you are registered you feel a bug buffer or even if you look back there when you want to attack someone the first thing that you do is you gather information and why do you gather information because you must plan your attack or something season in

Catholic information you get complete access there are X point about they just get access using information cavity and he can be done actively or passively but for this stuff we don't care about it it doesn't matter so why what do we do moment we do because new deposits to you for attacks we

you haven't even drove in this photo for today's we are the you are the right now so selfie transparency is a Google started it came up that few years later though we came up with this idea is that has ever been it's on fire this year or whatever it might almost rival parties never is oh my hello you know where the lava beds are gonna be okay I just looking for the lowest so we have to stop - I thought you have all the aces pls tell you what is the idea of inside the transparency so we have a success beginners as the little man placed now you do follow the specifics but exactly what exactly you are an

administrator you go there you have it any other certificates but then you move into this document you have 50 then you know the other 500 ropes activities no such evidence is big from masses involving ssl/tls won't like you have a fabulous technically have HTTPS but entity for example Samantha gave a certificate for Google like furious as one it was as massive issues like it when you bring the ball in HTTP is persistent so this is something Google started fighting it what opposite official offer you look at me if you find yourself occurring so that's a blessing

it is a way you can ask for Tippit's a lot which I think name

[Music]

so in the email addresses and then you start you are at that you is your school so that's what I do it no sensitive information and you could actually get it there's nobody will know that you actually accessed it how do you do this that question so we have search engines so first of all you see that

but actually factory certificate issue for them it was because he was in a fight

justice purse was twice so for example this is semantics of decision everybody's one but company's thing to come to this pin you know what it's a little so many ways so you put the bunt off flow it's fun I pointed that but you can generate so there's no way of you going there but it is forever when you go there but actually find it so for example if my folks are going to is it so that some of us is the domain I'm going to see how it on this is I just put it in so you can see yeah you can see some josephovich offer huge opportunity but the things you could find some softness and applications that

might have other reputation but officers are repeated so for that I just a specific this is one this is for analysis that message and this is some I mean I don't apparently we fixed up its the Internet disappointing supervisor so yeah you want a bunch of common sense these are all you need and we sort belong to that stuff others so this is how you doing if you're the Papa this is a really big name even if you're in system and clean if you're not my company is a clean technique you should keep checking your block well so that you understand how the next thing so the stiffness available over there you can see the game

this is a customer from since it's not Michael this is not business is going on getting all the supplements you have that Spencer this is mystified so Facebook let's just search they also have this idea where you can actually put mine on you can subscribe so whenever you some in terms of my company you can actually get an email other so if you're number 49 for example a desk or something just subscribe so you get a feather you could put next before anyone else very interesting so it's of 64 the problem is that see the dogs are up and only you can put in Genesis that what you can delete it it's going to be there forever it's something

like a blockchain so that's a smoke up if it's going to stay forever you would have a lot of domains that don't exist I do this yeah how are you so open up you could see something here I think the Providence of spot warning and I didn't know mine over there someone had food or bird or power so that of mine actually doesn't exist but if you put seasoning there's only open it is equal to stay there forever for everybody just as it exists what am I going to bust so this is variable and this all in front of it so you have a bunch of matrix for example for Tesla they were like one

another but they're only in the valley how do you handle this this is called as mastery and I still cleaning the children sleep and it says super fast in a slow burn there's all that millions of the main engine few minutes so what you could do is what I am doing is I am running c05 which is going to be almost as if it's for example.com and you can see the commodity so I'm you need to match the energy so much of a man like you could read about it so what it does is he takes each of the domain and it checks if it has a valid IP addresses going rather than the others one may

intensify their trust it's burning so right now you started inserting a transferee you burn a bunch of the vents and the photography sheets you use that to make unique domains oh that's has avocado or what is one of the use cases I mean this is a fabulous technology we know about attacking stuff but is there any use case so for example when you were setting up something like WordPress lots of collector few of the management systems when you said and producer a lot of people in this room change some management system so we need system at first there is no authentication for some period of time and a lot of this a lot of one person

they support HTTP thank you very quickly at some points so can you add about that's it were to be that other C's you know you get a certificate so the domain is going to be a tough interstate belongs so you thought I think I might you are talking on that before you can restore the boiler so if you leave this for a day or if you can get it you can actually take over yours or mine itself application itself I mean this is what is nice evening is to move CC is VD value implemented nothing happens is really your life even SSL certificate even just look at among sees you know particularly real life that's a scary

you never know who is under management system actually fixed it after the party find another pudding but this made a portly so quite but that comfort is much he claims it has fighters what's the situation scariest and also his display he present in every cell within something a few months so season of mitigation how do you litigate it so no your I mean you don't want your mantra lost you know what is the about the easiest ways Burnham ourselves over here is just don't do that and this is a fantastic I mean this is the easiest it on there we have to me you should have a success fearless that's it - about shredder do HTTP not having SS us again

this is not an option have as its appearance other thing you could do is you could use my words as if it when you say start out the window so you're I'm going to give the details of the dimensions of the range itself but the comments he's part of failure and it should not use it the others is not talks about supplement after the talks about surgical intercepts which thought to use by the turtle face after other medications use its effects along so even if you're a botanist company you would actually have your own topic until you have your own certificate of certificate authority for unit elements for external means there's no way for that you have projects like CFS research

manager thanking that we learn I will publicly infrastructure after for safety locks that's stake for what you're going to miss about the security benefits that you get out of it and there's also this interesting decision going on where they won't Bernanke's of the main part in the same erodes but that's something that because if you are going to put this off my part there's no way that you know what the certificate is issued for its partners but this as I guess if you look at it I'm going to be an assist because it is not really with the details of DNA success for that equality we go to the second of it so anomaly if the stick is adding a

layer of security number the NS 500 signatures so usually when they do p.m. is people for example we just did air ecology in DMS if you get security people you also get is where the server site will be privately and it also deals with the public key so you can actually verify that example we want an authentic concept what is it that is a forgiveness and I mean it's okay if you don't understand it so being the second part of new records to the DNS first one is to further procedures so if you have any records the explained assignment is going to put it the couple admitted it but just until it's good for the public

from the training when did you get bit by that but the missus you each other but there is a problem here is that in head of existence let's say smash it tough domain or domain that doesn't exist in Venus is normally enough and there's rhodium to set the way for this you get an answer for nest and excavate which is energetic answer for anything on existing domain you already seen meadow Matt so as far as an X domain and its various is good but it's a little hard at first because if you will do generally and its domain message and if you get what I mean this citing the sponsors of the flight doesn't happen so Indian is pretty you

are signing the records privately it happens halfway because this is efficient system we can't give you a priority to a result you actually cited it much tougher and then you give the sign records for you don't actually signing all the servers the more utility try at least the bigger it is written smoothly image bookings is possible because they are being so it's English so the company I was in a society that says if Ernest N Sync so insistent for example if you ask for a non-existent away like example.com what it does is it says that well I didn't say ABC sorry that I gave you see it twice is not exactly the poem you asked for it and it

doesn't exist the way it tasted both me puts also the coaches alphabetical order all the time it's alphabetical order and then it boosts the previous woman and gets you the insects report it actually did not set so Amy let's just let's put it this way in the end I said you could use two recounts - there are pouring out to make use deny the existence offer to lend

because it Negus is asleep okay so Indian asleep now they're shooting solution offered this there is a second desert sect leader so for example assist these guys respect you can also supplement these are very interesting so you could also do something like an icy solving its natural form etc in here if you do something you get all the comments that they won't it's around six thousand so that's actually increases its electric mystic monologue it with the fur off man but not a lot of people actually nobody trains nervously so this is our unit eventually these are you install it on

and 60 so incest is well I don't know what they came up with something called us and said free so we Nancy see if you see the interesting part is that there is not the only border there's a a show of it so right now even if you were if you want to otherwise so elastic misses its bone density walk because it's a linked list we assets for non-existent though make sense you get all the domains that's it so in this to walk you what to get means you are going to get the hashes this was supposed to stop John walking but it did not stop it just made it a little expensive so there are society isn't it

back this is showing an example for example birth control if you are sitting between example for example example norm is going to tell some examples are for example nothing exists something like that so this is exactly so that woods naked sex evaporates it came at by which you can actually walk this one as well and sex is not it's if somebody wants to get your domains it's only a matter of how much computation power they wrap so you seem stolen since they operated two strips one is solid which is from public that means to the waning and it collects all the hashes and we have unhatched when you long as all the hashes domain I can't order so I ran in my kitchen I

gotta go I grabbed it oh yeah and then I did a workup I got 180

so I got 188 you could open so I can although there was no other way of getting it they were trying it particular but if we could get it this is nothing so if you are using the NSA and since it's me which still pocket so there's also a necessity it misses the other six are supposed to be for couples are particularly but now if you use HTTP you're going to end up it sees loves but used EMS IQ ever to end up with zone walking so this is very interesting from a tech model particularly but your interrogated just over the reference so I'm going to talk about my sister box because my box is a

stone so few reasons I'm going to talk about how many ways that consciousness is what changed in a way I suppose there are a lot of things not yet but first off things that change that the way we do storage change the way we do authentication is changed and this is one more quote now you talk about demo second box you write a lot of code and there's a lot of CIC pipelines so how does this happen let's see storage person storage has become really inexpensive I come everybody's stupid so cloud storage has become very easy to set up so it has gained a lot of popularity and you can put anything about that but it come if you talk about

object storage like it means an object storage for this solution space is a solution you can put anything audio/video documents anything like that the problem is when you give people and access to anything they will put anything that is the problem so they're going to put them play image passport they put pictures of their friends anything on there and putting anything but don't worry uh quickly that is a problem so let's talk about of SSD buckets Amazon is a story that you can put anything over there so the idea is you can store several lights family netiquette system the problem and I so the certificates is reduced by a bit early everyone refers to as his

parents say but the problem is this the majors are time and it happened because of this once again in ugliest package then father died it's by taking a look at it again and travel money is from again what he says the classes they just sue antiquated of you it's alright let up so people putting their and they just put it as public for everybody who sees nothing in this novel ready but also this is just a the news article where they talk about a de minimis attacked me the flavor of thousands recipe but it is when you start interpreting system focused he reckons Amazon people event putting public and it's going to be insecure Travis have been by default aw

privately but is not there is someone who actually put their sensitive data over then they've been there and they give the public button I put my puppet date on it and I'm going to make it I put my CC tornado then I'm going to make it public which as fancy as its decision for someone to s Christie over here it is specific to the large service oriented company they can get from anybody can so how do you hunt for a certificate so there is a stigma it's the idea is that you are the only thing in the URL that we use is the bucket any other URL is go to the same so how we

attack again just take a picture you can run all the way it's either you lose part of a ability I want to talk about it in the divider so thanks today also you put this especially good go on Google Docs Google Docs is basically advanced Google searches where you see I want to check is 300 days but this is the best wonderful amenities have come find PDF you could get PDFs that are publicly available our reduces password and you can know they snippets that says custom this quote this is so brilliant because everybody search through Google and they got them they done but the other it is not what I was talking about pixel image that I'm so this is

something this is not made of the Esper we can just change it because the dictionary attack and their tools to do that interview is up under survivors to highlight the first one the second one the second one is making a movie so that is they actually find us again reiterated pudding since it to turn on Estevan which is still okay but don't make it public that same security not putting it but it's the dispenser but anything you choose to put against a student of third parties faces again it sounds different its delegate AWS s3 buckets easy solutions they release and vixen this is wonderful and if I'm a business person they just wanted to operate with assesses and then these

stories for this space system so this is it needs to be compatible with energy this is the area that say you nobody doesn't have a space T and it would mean is some region at the bottom of it and the black part is consistently still adjusting its basis for power so I mean you look through deposits you can find out the details is what wouldn't define you would find all the buckets and if you convert for system so just somebody come up with the answers Felicity for it were completely actresses in space will look like this when you go to that equality it actually shows what file is there and the bucket but if you put if I do something like

this it should say access denied so public versus private this is public this is privately if you have enough women if you have some sensitive data that's a problem so I am when space is not released an interesting area that I wanted to walk through spaces is just but there was one booth another but the whatever it is anything about will be made up so I hope this tool and I just wanted to work with spaces

so this episode I among these delicious basis is the suppose this person has an automatic so they would a bigger table and then super cheesy that's that's important because I'm going to take it up a level so this is the tool that's running you just download in fact was a public response at the tower of the palace and now the different changed with a pH is authentication previously

if this

[Music]

so what the process becomes interview then therefore system which is like sport again it's just a platform but the interesting part is it has a really powerful search feature allows region has a really meant is investigated so head over is about what is popular but for the other we automatically what is income over body a few of my next X opportunities one to so much stuff if you have to be use beat up then for things on this deposit base which is a project itself the other one is for the whole files none of its coverage and there is something called as issues an idea is that if we look at an deposit we can see what it does for example you

could say that opposing this is something like password manager then that expedite the software maybe you just move my budget at the world level you can find a BAE is necessary to find password chapter which is going to come it was not my favorite because then you know what you know for example some assistant beta or there and then suddenly they both they both in everything they wanted at the DVD but the problem is that it will be then in the package that's something a lot of people don't recognize and he uses other interesting both people are crazy human race issues like and if the number is odd holidays my holiday Johanna technical application just what is something wrong with this

image I already find them what seems to go

so this is a private necessity that he put in the boat he deleted it but his coming still to assist that's what's wrong that's how people don't understand how much inspector boys so if you run into this problem let's go if insure last something it's very easy anything you do something like something negative it's it's a lot but it's worth that's how you can move our previous table which if they go back and look at your puppets if you have this is to data please know I learned in touch me I learn it reversed because I put my assistants forgive us my mistake and then I get to basically you can find it now now the other interesting this is

how much issues we should send it time just what their abilities few people not mind about six per injection dictator you use multiple accesses for that because what are they are not fixed connect up the street somebody actually they go so fast so you become so you know if you're having enormous you could go to the he talked about and you pull it's like it comes under fire it would get all the pole and you can have a local copy and then you can analyze it that's how you would be operated this is a very handy tool and static code analysis once you take this for people do all the first you would set it to auto maintain static code

analysis tool something like great man follow me or and it is Python these are suppose that was our sacred feeling that's where they looking for and they warn you of what basic security problem this is really know having full power body others and also you take about and then you look for API pass 20 Stoker's HTTP things exactly what is due to heat up curves so Google Docs unlike will you if you don't know particularly seems were valuing that as to what Google Docs are woman also advanced dual operators they can search things like specific violence from a specific domain extract it also has a really powerful sir so it have subsequently comes out there's a selection of it somewhere you

wanna but if you were not a common languages you should have your own customizable notes but you have a list over there and then there's the pool which has become but a bit of those and they say this is reached or that posit we accept these are the interests with you know better so my last topic is beta six there are various different there are various projects out there any points kind like they Business University its terabytes of data and this was this a security community could use if it could be DNS data such as Els data they find a needle in a haystack it's going to be an element of going to find a ton of gigabytes so why use

public data if you if you have a local copy of the data system you don't need to rely upon party abs so for example if you are doing a bit mixed you don't have to put your valsa sister lab if you do you better if you want to put your company there but we must policies that's a question so you reduce your third party a dependency and you want to reduce the active coping of pocketing positive if we have an open it

so do something I don't know about the harshly do something that does responses at least among for my company this has only infinite and this kind of unit for in this online idea is that it is that most the domains on the Internet I promise is other nuggets but they try to find almost all the mummies of the internet with the career death it's a massive data set it's 20 GB persistent we have their pluses the uncompressed what is the problem so you need this money TP file whatever do is you put up as much of commands check this tag I'm just chatting the output of this is as fine a little bit even be the quickest which is a funding

to the compressor and I'm hoping for example so you can find all the topics is is dead asses so this is I mean completely as you have a tetanus it's not looking for domains and then slowing of the know if organizations know that this is very fabulous you can actually get visualizations that's how you scale the recover system so for example our losses in the first comment what I'm doing is applying the funny TV and then these people but at least we'll just of there's a song on the planet and then you get all the permits pull over department and all the other men's that's just if it says any capitalistic thing I use I use it that book ferry

over so that's about it and then I give this again same thing of God previously a bucket of level of confidence and I notice is the t-34 Sullivan enumeration which is not have already can look become what makes work whale so again this Gigi thought that maybe it isn't so hard after speaking about this visualization man I had this thing since my catalog so the first they think is of mister you my security men about of software which is it don't it's of Michael's researches on search engines force also means so my talk more on that Sasuke it's us comments but I can talk this week resolve those estimates no repetitions is no invalid awakens and

uses ready to transfer his logs I don't have 46 of uses over DNS data says my confidence has been a negative are the vainest that you know my cat or dog bite into a toaster oven oven is because of those moments of SSTP and main servers so there was there's no way that they were the last of these so moving is again said like for money if you love it so this is how have you seen they're not the same thinking works it is all the other things you should think about how you domain is if you have excess rain there's a point at that in in such kind but if your domain doesn't basically

there's no point in moving that certificate transverses all sizes so you should for what you're doing just to can you can find a lot of information the problem with even Mississippi's that I cover available here those lecture there are few systems that are part that I push Italy is like this is America I did a lot of research office thank you would start a snack so that's why you know if you are following and following questions you can ask I think we already intelligence I think can use mic so that other one yeah oh you this much the paid level would be the one of the what because I have asked it so that is from other conference this

has always give me such tickle a cop you Peter Schneider has a future I will open