Anton Lopanitsyn - Initial reconnaissance of web applications.

November 10, 2018

250

Anton Lopanitsyn - Initial reconnaissance of web applications.

Often, everything that is right in front of your eyes is being checked more meticulously than parts inaccessible to the average user. We are looking for hidden functionality of web applications for the subsequent search for vulnerabilities.

DC7499

November 10, 2018

More Decks by DC7499

See All by DC7499

Sergey Sobko - Hackashop: Hackathon + Pentest + Workshop [RU]

defcon

430

Dmitry Sklyarov - Intel ME: Security keys Genealogy, Obfuscation and other Magic

defcon

220

Dmitry Volkov - Private messengers: without pain??

defcon

210

Andrey Skuratov and Sergey Migalin - DNS tunneling in 2018. What is that, and what to do with it?

defcon

190

Sergey Belov - Another side of Bug Bounty programs

defcon

240

Dmitry Sklyarov - Intel ME: Flash file system explained

defcon

400

Maxim Goryachiy & Mark Ermolov - Inside Intel Management Engine

defcon

460

Sergey Golovanov - Indecent Response 2018

defcon

370

Kupreev Oleg & Putin Vladimir - Your very own driver for the custom NVMe device from the scratch: reading of the flash memory of iPhone 7

defcon

480

Other Decks in Research

See All in Research

The Theory behind Vector DB

matsui_528

1.4k

研究効率化Tips_2024 / Research Efficiency Tips 2024

ryo_nakamura

2.2k

Rの機械学習フレームワークの紹介〜tidymodelsを中心に〜 / machine_learning_with_r2024

s_uryu

210

Prompt Tuning から Fine Tuning への移行時期推定

icoxfog417

6.8k

Azure Arc-enabled Serversを利用したハイブリッド・マルチクラウド環境の管理 / Managing Hybrid Multi-cloud Environments with Azure Arc-enabled Servers

nttcom

210

20240209 データを肴に熊本の交通を考える会「車１割削減、渋滞半減、公共交通２倍」をめざし世界に学ぼう

trafficbrain

770

第59回名古屋CV・PRMU勉強会：ICCV2023論文紹介（自己教師あり学習）

naok615

310

Active Retrieval Augmented Generation

kiyohiro8

440

CSC590 Lecture 01

javiergs

PRO

130

20240127_熊本から今いちど真面目に都市交通～めざせ「車1割削減、渋滞半減、公共交通2倍」～全国路面電車サミット2024宇都宮

trafficbrain

650

論文紹介 DISN: Deep Implicit Surface Network for High quality Single-view 3D Reconstruction / DISN: Deep Implicit Surface Network for High quality Single-view 3D Reconstruction

nttcom

110

Sosiaalisen median katsaus 02/2024

hponka

2.4k

Featured

See All Featured

Building Applications with DynamoDB

mza

5.6k

From Idea to $5000 a Month in 5 Months

shpigford

377

45k

Designing Dashboards & Data Visualisations in Web Apps

destraynor

226

51k

Large-scale JavaScript Application Architecture

addyosmani

503

110k

Facilitating Awesome Meetings

lara

5.6k

Become a Pro

speakerdeck

PRO

4.5k

Typedesign – Prime Four

hannesfritz

2.1k

Bootstrapping a Software Product

garrettdimon

PRO

301

110k

Infographics Made Easy

chrislema

237

18k

XXLCSS - How to scale CSS and keep your sanity

sugarenia

240

1.2M

Producing Creativity

orderedlist

PRO

336

39k

Designing for humans not robots

tammielis

247

25k

Transcript

Предварительная разведка веб-приложений Bo0oM
subdomain enumeration • theharvester • recon-ng • aquatone • Sn1per
• Massdns • Aquatone • Amass
directory enumeration • Dirbuster • Dirsearch • Wfuzz • Hehdirb
None
None
diff Length - 5 Length - 5
Расстояние Левенштейна
SLIDE NAME
Дерево DOM Document Object Model
Обогащение словаря
Обогащение словаря
Обогащение словаря
Обогащение словаря PARSE_JS = False: python3 ParamPP.py -u "https://vk.com/login" ['m',
'b', 'u', 'al’] PARSE_JS = True: python3 ParamPP.py -u "https://vk.com/login" ['b', 'm', 'al', 'async', 'u', 'ad_video']
Ограничение веб-серверов
Param-Pam-Pam https://github.com/Bo0oM/ParamPamPam #TODO • Json data • Keep-alive • Ченить-там-еще
Param-miner
Q? @i_bo0om @webpwn