Академический Документы
Профессиональный Документы
Культура Документы
Presented by: Francis Brown and Rob Ragan Stach & Liu, LLC www.stachliu.com
A Agenda d
OVERVIEW
Introduction Advanced Attacks Google/Bing Hacking Other OSINT Attack Techniques Advanced Defenses Future Directions
2
G l Goals
DESIRED OUTCOME
To think differently about exposures caused by publicly available sources To blow your mind!
Introduction/ B k Background d
GETTING UP TO SPEED
OSINT is a form of intelligence collection management that involves finding, selecting, and acquiring i f information ti from f publicly bli l available il bl sources and analyzing it to produce actionable intelligence.
Q i k History Quick Hi t
GOOGLE HACKING RECAP
Dates 2004 May2004 2005 J 2005 Jan. Feb.13,2005 Jan. 10,2005 Dec. 5,2006 Event Google g Hacking gDatabase(GHDB) ( )begins g Foundstone SiteDigger v1released GoogleHacking v1releasedbyJohnnyLong F Foundstone dt Sit Di SiteDigger v2 2released l d GoogleHackHoneypot firstrelease MSNPawn v1.0released GooglestopsissuingGoogleSOAPAPIkeys
Q i k History Quick Hi t
GOOGLE HACKING RECAP
Dates Mar. 2007 Nov.2,2007 Mar.2008 J June 3, 3 2009 Sept.7,2009 Nov.2009 Dec.1,2009 2010 Event Bing gdisablesinurl:link:andlinkdomain: GoogleHackingv2released cDc Goolag gui toolreleased Bi goesonline Bing li GoogleshutsdownSOAPSearchAPI Bingingtoolreleased FoundStone SiteDigger v3.0 released Googlag.orgdisappears
Th Threat A Areas
WHAT YOU SHOULD KNOW
Our favorites are Google and Bing Crawl and Index Cache and RSS are forever Query modifiers site:target.com related:target.com filetype:xls yp ip:69.63.184.142
1 0
Examples
E Error Messages M filetype:asp + "[ODBC SQL "Warning: mysql_query()" "invalid query Files containing passwords inurl:passlist.txt
11
SiteDigger v3.0
Uses Google AJAX API
Not blocked by Google But restricted to 64 results/query
Binging Bi i
Uses Microsoft Bing search engine Limited domain/ip profiling utils
Gooscan, Goolag
Work still, but get blocked by Google bot detection Download sites no longer around
12
13
14
DEMO
15
16
17
18
D f Defenses
GOOGLE/BING HACKING DEFENSES Google Hack yourself organization
Employ p y tools and techniques q used by y hackers
Policy and Legal Restrictions Regularly update your robots.txt robots txt Data Loss Prevention/Extrusion Prevention Systems
Free Tools: OpenDLP, Senf
Social Sentry
Service to monitor employee FaceBook and Twitter for $2-$8 per employee (MySpace, y p YouTube, and LinkedIn support pp by y summer)
19
20
G Google l PhoneBook Ph B k
SPEAR PHISHING
21
Regex search for vulnerabilities in public code Example: SQL Injection in ASP querystring select.*from.*request\.QUERYSTRING
22
DEMO
23
SHODAN
HACKER SEARCH ENGINE
SHODAN Computer Search Engine Scans S and d probes b the h Internet I for f open HTTP ports and indexes the headers returned in the response Profile a target without directly probing their systems Discover specific network appliances Easily y find vulnerable systems! y
24
25
Target SCADA
CRITICAL INFRASTRUCTURE SECURITY
26
Target SCADA
CRITICAL INFRASTRUCTURE SECURITY
27
Why use reall news events? Wh ? Black hats make their own fake news Faux celebrity sex tape anyone? Send to college students It works! O h scammers imitate what Other h works k
28
Google Trends
BLACK HAT SEO RECON
29
D f Defenses
BLACKHAT SEO DEFENSES
Google SafeBrowsing plugin Microsoft SmartScreen Filter No No-script script and Ad Ad-block block browser plugins Install software security updates Stick to reputable sites!
Google results arent safe.
30
Its everywhere!
In documents (doc, (doc xls, xls pdf) In images
FOCA
AUTO METADATA MINING Automated doc search via Google/Bing Specify domains to target Automated download and analysis of docs
32
D f Defenses
METADATA MINING DEFENSES
Implement a policy to review files for sensitive metadata before they theyre re released Run metadata extraction tools on your resources Utilize metadata cleaning tools Digital Rights Management (DRM) tools
33
Advanced D f Defenses
PROTECT YO NECK
34
E i ti D Existing Defenses f
H A C K Y O U R S E L F