Difference between revisions of "Atlanta Member Meeting 09.15.10"

From OWASP
Jump to: navigation, search
Line 17: Line 17:
 
During World War II the CIA created a special information intelligence unit to exploit information gathered from openly available sources. One classic example of the team’s resourcefulness was the ability to determine whether Allied forces had successfully bombed bridges leading into Paris based on increasing orange prices. Since then OSINT sources have surged in number and diversity, but none can compare to the wealth of information provided by the Internet. Attackers have been clever enough in the past to take advantage of search engines to filter this information to identify vulnerabilities. However, current search hacking techniques have been stymied by search provider efforts to curb this type of behavior. Not anymore - this demonstration-heavy presentation picks up the subtle art of search engine hacking at the current state and discusses why these techniques fail. Several new search engine hacking techniques will be demonstrated that have resulted in remarkable breakthroughs against both Google and Bing. New tools will be demonstrated, along with the first ever "live vulnerability feed", which will quickly become the new standard on how to detect and protect yourself against these types of attacks.  
 
During World War II the CIA created a special information intelligence unit to exploit information gathered from openly available sources. One classic example of the team’s resourcefulness was the ability to determine whether Allied forces had successfully bombed bridges leading into Paris based on increasing orange prices. Since then OSINT sources have surged in number and diversity, but none can compare to the wealth of information provided by the Internet. Attackers have been clever enough in the past to take advantage of search engines to filter this information to identify vulnerabilities. However, current search hacking techniques have been stymied by search provider efforts to curb this type of behavior. Not anymore - this demonstration-heavy presentation picks up the subtle art of search engine hacking at the current state and discusses why these techniques fail. Several new search engine hacking techniques will be demonstrated that have resulted in remarkable breakthroughs against both Google and Bing. New tools will be demonstrated, along with the first ever "live vulnerability feed", which will quickly become the new standard on how to detect and protect yourself against these types of attacks.  
  
'''SLIDES::''' [[File:Owasp_Atl_Oct-2010_Meeting-Lord_of_The_Bing.pdf]]
+
'''SLIDES::''' [http://www.owasp.org/images/5/54/Owasp_Atl_Oct-2010_Meeting-Lord_of_The_Bing.pdf Presentation Download]

Revision as of 14:07, 14 October 2010

September 2010 Meeting

WHAT:: September Chapter Meeting

WHEN:: September 15th 2010 - 7-9PM

WHERE:: Building 400, 2nd floor. 1000 Abernathy Road, Building 400 Suite 250 Atlanta, GA 30328


WHO:: Rob Ragan Rob Ragan is a Senior Security Associate at Stach & Liu where he primarily performs application penetration tests and source code review. Before joining Stach & Liu, Rob served as a Software Engineer at Hewlett-Packard’s Application Security Center where he developed web application security testing tools and conducted application penetration testing. Rob actively conducts web application security research and has presented at Black Hat, Defcon, InfoSec World, and Outerz0ne. Rob has also has published several white papers and is a contributing author to the upcoming Hacking Exposed: Web Applications 3rd edition.

ABSTRACT:: Lord of the Bing: Taking back search engine hacking from Google and Bing

During World War II the CIA created a special information intelligence unit to exploit information gathered from openly available sources. One classic example of the team’s resourcefulness was the ability to determine whether Allied forces had successfully bombed bridges leading into Paris based on increasing orange prices. Since then OSINT sources have surged in number and diversity, but none can compare to the wealth of information provided by the Internet. Attackers have been clever enough in the past to take advantage of search engines to filter this information to identify vulnerabilities. However, current search hacking techniques have been stymied by search provider efforts to curb this type of behavior. Not anymore - this demonstration-heavy presentation picks up the subtle art of search engine hacking at the current state and discusses why these techniques fail. Several new search engine hacking techniques will be demonstrated that have resulted in remarkable breakthroughs against both Google and Bing. New tools will be demonstrated, along with the first ever "live vulnerability feed", which will quickly become the new standard on how to detect and protect yourself against these types of attacks.

SLIDES:: Presentation Download