Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Your Internet Exposure the Makes You Vulnerable

Your Internet Exposure the Makes You Vulnerable

In this talk we will take you on a simple step by step discovery of how an attacker (or your competition) can uncover your internet exposure. We will explain what the findings mean from the point of view of cyber security and what are the things to worry about and what are somethings that are out of your control and not worth spending effort on.

Abhisek Datta

August 17, 2019

More Decks by Abhisek Datta

Other Decks in Technology


  1. About Me – Abhisek Datta • Head of Technology (appsecco.com)

    • A boutique security consulting company • TechWing @ null0x00 (null.co.in) • An Open Security Community • Security Researcher • Discovered vulnerabilities in MS Office, Internet Explorer, HP SiteScope etc. • Open Source Contributor • Wireplay, RbWinDBG etc. github.com/abhisek
  2. Let's start with how attackers work An attacker wants to

    hack a target and for this, will perform a bunch of activities 1. Online Attack Surfaces 2. Breached Credentials 3. Known Vulnerable Software 4. (Easy to?) exploit security vulnerabilities
  3. • Your-Company.com • Who is the registrar • Where is

    it hosted • Self-hosted or managed e-mail service • External help desk services • 3rd party services What Attackers See – Domain Enumeration whois whois your-company.com whois <IP> dig dig your-company.com NS dig @NS1 your-company.com MX dig @NS1 your-company.com TXT
  4. What Attackers See – Subdomain Enumeration • Your-Company.com • Host-1

    • Host-2 • Host-3 • Etc. amass enum –passive –d your-company.com amass intel –whois –d your-company.com
  5. What Attackers See – Application Discovery • Your-Company.com • http://app1.your-company.com

    • http://app2.your-company.com • Etc. nmap –p 80,443,8080 -sV -A –iL hosts.txt
  6. What Attackers See – Technology Discovery • Your-Company.com • App1

    – Java/JavaEE • App2 – NodeJS, AngularJS • App3 – PHP • Etc. Wappalyzer npm i -g wappalyzer wappalyzer https://app1.your- company.com
  7. Domain External Services Help Desk Mailers Email Breached Credentials Hosts

    Apps Technologies What Attackers See – Putting it all Together Unpatched Services App Vulnerabilities Credential Spraying Ticket Trick Credential Spraying
  8. Threat What can I do about it? Attacker able to

    identify host names Ensure all hosts exposed online are patched Attacker able to discover email address Enforce strong password policy along with use of password managers Attacker able to discovered breached credentials from public password dump Enforce 2FA where possible Subscribe to breach notification and rotate passwords Attackers able to discover applications Follow AppSec best practices OWASP Testers Guide OWASP Secure Coding Practices OWASP Proactive Security Controls Attacker able to discover my application technology and dependencies Ensure regular patching of application framework and external dependencies Attacker able to discover untracked or long forgotten online asset Asset inventory Infrastructure as Code Auditing, Logging and Alerting Staying Safe
  9. Fill the form below by 4pm today and we will

    share the results with you by 21 August 2019 https://bit.ly/31Jl7ed Interested in Discovering Your Internet Exposure?
  10. Abhisek Datta https://github.com/abhisek https://twitter.com/abh1sek Thank You Want us to discover

    your Internet exposure and give a report? https://bit.ly/31Jl7ed