Discovery - What You Look Like To An Attacker

This talk will cover various aspects of "Discovery" on an organization. This is the process of finding all domains, IPs, usernames, email addresses, passwords and keys for a target without actually breaking in. This consists of various areas of open source intelligence, such as certificate information, web archives, and various tools. It also consists of more in-depth information gathering, such as using LinkedIn and public password dumps. The aim is to show how an attacker can map out very detailed information on a target, to result in an external or internal compromise. This talk will also cover some things an organization can do to defend against these various attacks.