Next Generation Web Reconnaissance Hack3rcon 3 (Hacking Illustrated Series InfoSec Tutorial Videos)
Next Generation Web Reconnaissance
Hack3rcon 3
It's no secret, black hats have been using open sources of information to
conduct precise targeting for social engineering and network attacks for years.
Penetration testers, often confronted with time constraints, overlook this all
important step in the attack process, and fail to show the true, complete threat
that their customers face. Even when an honest attempt at reconnaissance is
made, the ever-changing nature of search engines and web technologies make
automating the reconnaissance process painful to accomplish and maintain. In
many cases, it just isn't done right, which leads to improper reconnaissance and
bad intelligence. I have been working to create several quality tools that
leverage the power of search engines, social networks, and cloud CRMs to
automate the reconnaissance process and increase the integrity of the
intelligence gathered before the attack occurs. I'll be releasing these tools
during the talk, and will begin to explore a new reconnaissance concept;
conducting physical reconnaissance of a target without ever setting foot on the
ground. As a part of this new discussion, I'll also be releasing an updated
version of Pushpin, a social networking proximity geolocation tool.
Tim Tomes is a Senior Security Consultant and Research Specialist for Black
Hills Information Security with over 15 years' experience in information
technology and application development. Tim has performed many consultative
engagements including enterprise security and risk assessments, perimeter
penetration testing, web application security testing, vulnerability
assessments, social engineering, and physical security testing, with
extensive experience in dealing with Department of Defense systems. Prior to
joining BHIS, Tim spent a brief period of time as a Senior Security
Consultant for Accuvant Labs and enjoyed a 9-year career as an Officer in
the United States Army where he was the principle designer and manager of
the Army's first Cyber Defense Training program. Tim also spent 3 years as
the Army Red Team's Senior Team Leader where he managed and led teams in
full scope security assessments on Department of Defense systems. Tim is a
Technical Security blogger for PaulDotCom Security Weekly, the world's
largest computer security podcast, and has presented at security conferences
such as DerbyCon 2 and Hack3rCon II.