Deep Dive: External Attack Surface Mapping - Digging Deeper (Part 2 of 2)

Event start: 10 months, 3 weeks ago // Event Information


Intent of this workshop is to shed light on the techniques and methodologies around OSINT reconnaissance. Everything that we explore throughout this workshop can be achieved using open source tooling and scaled up effectively. This journey won't be just a scratch of the (attack) surface, but a true deep dive in what is happening behind all of the steps and the reasoning behind it.

External attack surface mapping is an important capability to have in the toolkit for everyone working on internet security, for both defensive and offensive sides of the coin. With it we can gain a good visibility of what kind of services and information is exposed for the public internet - the results may surprise you. As you know, inventory management is a huge issue for entities large and small, but when you add network security and service configuration to the mix it gets even more difficult.

Intent of this workshop is to shed light on the techniques and methodologies around the subject matter. Everything that we explore throughout this workshop can be achieved using open source tooling and scaled up effectively.

This journey won't be just a scratch of the (attack) surface, but a true deep dive in what is happening behind all of the steps and the reasoning behind it.

Workshop structure: 1. Technology inspection - frameworks, exposed software version info 2. Gathering the low hanging fruit - common vulnerabilities, known weaknesses 3. Bringing out the guns - brute forcing, context specific vulnerabilities

The participants should have a laptop with a Linux based operating system (or virtual machine) with internet connectivity to carry out the hands-on part of the workshop. Testing range for the scope will be provided.



recommendations