Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Using OSINT to Attack Web Applications

Casey Dunham
October 03, 2015
Research
2
240

Using OSINT to Attack Web Applications

A mostly demo filled talk given at the 2015 OWASP Boston Application Security Conference (BASC). The general idea is that we can use OSINT tools to find known vulnerabilities in web applications that are exposed to the internet. This can be useful to identify sites that may be vulnerable to known vulnerabilities, as well as to find vulnerabilities in a specific target web site.

Casey Dunham

October 03, 2015
Tweet

More Decks by Casey Dunham

See All by Casey Dunham
Advanced XSS and Injection Attacks
caseydunham
1
1.2k
Hibernate Blind SQLi MISC 2016
caseydunham
0
500

Other Decks in Research

See All in Research
FOSS4G 山陰 Meetup 2024@砂丘 はじめの挨拶
wata909
1
110
第79回 産総研人工知能セミナー 発表資料
agiats
2
160
機械学習でヒトの行動を変える
hiromu1996
1
300
20240918 交通くまもとーく 未来の鉄道網編(太田恒平)
trafficbrain
0
230
機械学習による言語パフォーマンスの評価
langstat
6
720
非ガウス性と非線形性に基づく統計的因果探索
sshimizu2006
0
360
marukotenant01/tenant-20240916
marketing2024
0
500
大規模言語モデルを用いた日本語視覚言語モデルの評価方法とベースラインモデルの提案 【MIRU 2024】
kentosasaki
2
520
3次元点群の分類における評価指標について
kentaitakura
0
420
尺度開発における質的研究アプローチ(自主企画シンポジウム7:認知行動療法における尺度開発のこれから)
litalicolab
0
350
論文読み会 SNLP2024 Instruction-tuned Language Models are Better Knowledge Learners. In: ACL 2024
s_mizuki_nlp
1
350
研究の進め方 ランダムネスとの付き合い方について
joisino
PRO
55
19k

Featured

See All Featured
Build The Right Thing And Hit Your Dates
maggiecrowley
33
2.4k
YesSQL, Process and Tooling at Scale
rocio
169
14k
Become a Pro
speakerdeck
PRO
25
5k
KATA
mclloyd
29
14k
Automating Front-end Workflow
addyosmani
1366
200k
Designing Experiences People Love
moore
138
23k
Fireside Chat
paigeccino
34
3k
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
0
93
Building Your Own Lightsaber
phodgson
103
6.1k
Designing on Purpose - Digital PM Summit 2013
jponch
115
7k
We Have a Design System, Now What?
morganepeng
50
7.2k
GraphQLの誤解/rethinking-graphql
sonatard
67
10k

Transcript

  1. Using OSINT to Attack Web Applications

  2. Casey Dunham

  3. None
  4. None
  5. None
  6. None
  7. None

  8. Disclaimer This presentation is for personal enjoyment only. Views expressed

    are those of the author (that’s me) and do not reflect the opinion of any organization I am affiliated with.
  9. None

  10. What is OSINT?

  11. Open-source intelligence (OSINT) is intelligence collected from publicly available sources

  12. i.e.

  13. None
  14. None

  15. What Information Can We Find?

  16. None
  17. None
  18. None
  19. None
  20. None
  21. None
  22. None
  23. None
  24. None
  25. None
  26. None
  27. None
  28. None
  29. None
  30. None
  31. None
  32. None
  33. None

  34. Thank You!

  35. @CaseyDunham

  36. http://www.guidepointsecurity.com http://www.hackersforcharity.org http://www.googleguide.com https://www.exploit-db.com https://www.paterva.com https://www.shodan.io https://www.punkspider.org http://register.automatingosint.com http://www.social-engineer.org