Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Using OSINT to Attack Web Applications

Casey Dunham
October 03, 2015
Research
2
230

Using OSINT to Attack Web Applications

A mostly demo filled talk given at the 2015 OWASP Boston Application Security Conference (BASC). The general idea is that we can use OSINT tools to find known vulnerabilities in web applications that are exposed to the internet. This can be useful to identify sites that may be vulnerable to known vulnerabilities, as well as to find vulnerabilities in a specific target web site.

Casey Dunham

October 03, 2015
Tweet

More Decks by Casey Dunham

See All by Casey Dunham
Advanced XSS and Injection Attacks
caseydunham
1
1.2k
Hibernate Blind SQLi MISC 2016
caseydunham
0
500

Other Decks in Research

See All in Research
文化が形作る音楽推薦の消費と、その逆
kuri8ive
0
100
Active Adaptive Experimental Design for Treatment Effect Estimation with Covariate Choices
masakat0
0
210
第60回名古屋CV・PRML勉強会:CVPR2024論文紹介(AM-RADIO)
naok615
0
240
日本語医療LLM評価ベンチマークの構築と性能分析
fta98
3
550
marukotenant01/tenant-20240826
marketing2024
0
510
秘伝:脆弱性診断をうまく活用してセキュリティを確保するには
okdt
PRO
3
730
工学としてのSRE再訪 / Revisiting SRE as Engineering
yuukit
19
11k
20240710_熊本県議会・熊本市議会_都市交通勉強会
trafficbrain
0
780
20240725異文化融合研究セミナーiSeminar
tadook
0
150
JMED-LLM: 日本語医療LLM評価データセットの公開
fta98
5
1.2k
snlp2024_multiheadMoE
takase
0
410
授業評価アンケートのテキストマイニング
langstat
1
360

Featured

See All Featured
Art, The Web, and Tiny UX
lynnandtonic
296
20k
The Illustrated Children's Guide to Kubernetes
chrisshort
48
48k
Speed Design
sergeychernyshev
24
570
Building an army of robots
kneath
302
42k
A designer walks into a library…
pauljervisheath
202
24k
Music & Morning Musume
bryan
46
6.1k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
27
4.2k
Bootstrapping a Software Product
garrettdimon
PRO
305
110k
Building a Modern Day 
E-commerce SEO Strategy
aleyda
38
6.9k
Typedesign – Prime Four
hannesfritz
39
2.4k
Designing Experiences People Love
moore
138
23k
GraphQLの誤解/rethinking-graphql
sonatard
66
9.9k

Transcript

  1. Using OSINT to Attack Web Applications

  2. Casey Dunham

  3. None
  4. None
  5. None
  6. None
  7. None

  8. Disclaimer This presentation is for personal enjoyment only. Views expressed

    are those of the author (that’s me) and do not reflect the opinion of any organization I am affiliated with.
  9. None

  10. What is OSINT?

  11. Open-source intelligence (OSINT) is intelligence collected from publicly available sources

  12. i.e.

  13. None
  14. None

  15. What Information Can We Find?

  16. None
  17. None
  18. None
  19. None
  20. None
  21. None
  22. None
  23. None
  24. None
  25. None
  26. None
  27. None
  28. None
  29. None
  30. None
  31. None
  32. None
  33. None

  34. Thank You!

  35. @CaseyDunham

  36. http://www.guidepointsecurity.com http://www.hackersforcharity.org http://www.googleguide.com https://www.exploit-db.com https://www.paterva.com https://www.shodan.io https://www.punkspider.org http://register.automatingosint.com http://www.social-engineer.org