A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Next Generation Web Reconnaissance Hack3rcon 3 (Hacking Illustrated Series InfoSec Tutorial Videos)

Next Generation Web Reconnaissance
Hack3rcon 3


It's no secret, black hats have been using open sources of information to conduct precise targeting for social engineering and network attacks for years. Penetration testers, often confronted with time constraints, overlook this all important step in the attack process, and fail to show the true, complete threat that their customers face. Even when an honest attempt at reconnaissance is made, the ever-changing nature of search engines and web technologies make automating the reconnaissance process painful to accomplish and maintain. In many cases, it just isn't done right, which leads to improper reconnaissance and bad intelligence. I have been working to create several quality tools that leverage the power of search engines, social networks, and cloud CRMs to automate the reconnaissance process and increase the integrity of the intelligence gathered before the attack occurs. I'll be releasing these tools during the talk, and will begin to explore a new reconnaissance concept; conducting physical reconnaissance of a target without ever setting foot on the ground. As a part of this new discussion, I'll also be releasing an updated version of Pushpin, a social networking proximity geolocation tool.

Speakers
Tim Tomes

Tim Tomes is a Senior Security Consultant and Research Specialist for Black Hills Information Security with over 15 years' experience in information technology and application development. Tim has performed many consultative engagements including enterprise security and risk assessments, perimeter penetration testing, web application security testing, vulnerability assessments, social engineering, and physical security testing, with extensive experience in dealing with Department of Defense systems. Prior to joining BHIS, Tim spent a brief period of time as a Senior Security Consultant for Accuvant Labs and enjoyed a 9-year career as an Officer in the United States Army where he was the principle designer and manager of the Army's first Cyber Defense Training program. Tim also spent 3 years as the Army Red Team's Senior Team Leader where he managed and led teams in full scope security assessments on Department of Defense systems. Tim is a Technical Security blogger for PaulDotCom Security Weekly, the world's largest computer security podcast, and has presented at security conferences such as DerbyCon 2 and Hack3rCon II.

Back to Hack3rcon 3 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast