Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Presented by:
Francis Brown & Rob Ragan
Stach & Liu, LLC
www.stachliu.com
Agenda
OVERVIEW
Introduction/Background
Advanced Attacks
Advanced Defenses
Future Directions
Introduction/Background
G E T T I N G UP T O S P E E D
Diggity Tools
PROJECT OVERVIEW
Diggity Tools
ATTACK TOOLS
Tool
Description
GoogleDiggity
BingDiggity
FlashDiggity
DLPDiggity
LinkFromDomain
Diggity Tools
NEW ATTACK TOOLS
Tool
Description
PortScan Diggity
NotInMyBackYard
BHDB 2.0
Bing BinaryMalware
Diggity Scraping
NEW ACROSS ALL ATTACK TOOLS
Diggity Scraping
PROXIES SPECIFICATION
Diggity Scraping
MANUAL PROXIES SPECIFICATION
Advanced Attacks
W H AT YO U S H O U L D K N O W
10
PortScan Diggity
11
PortScanning
TARGETING HTTP ADMIN CONSOLES
12
PortScanning
TARGETING PORT RANGES
13
PortScanning
TARGETING VULNERABILITY
14
PortScan Diggity
TARGETING HTTP ADMIN CONSOLES
15
NotInMyBackYard
16
Data Leaks on
rd
3
Party Sites
17
PasteBin Leaks
PASSWORDS IN PASTEBIN.COM POSTS
18
19
20
21
NotInMyBackYard
L O C A T I O N, L O C A T I O N, L O C A T I O N
Cloud storage:
Google Docs, DropBox,
Microsoft SkyDrive, Amazon S3
22
NotInMyBackYard
PASTEBIN EXAMPLE
23
NotInMyBackYard
XLS IN CLOUD EXAMPLE
24
25
UPDATES (2012)
BingBinaryMalwareSearch (BBMS)
28
29
30
CodeSearch Diggity
31
32
CodeSearch Diggity
AMAZON CLOUD SECRET KEYS
33
Cloud Security
N O P R O M I S E S . . .N O N E
http://aws.amazon.com/agreement/#10
34
Cloud Crawling
CREATE YOUR OWN SEARCH ENGINES
35
SHODAN Diggity
36
SHODAN
HACKER SEARCH ENGINE
Indexed service banners for whole Internet for HTTP (Port 80), as well
as some FTP (23), SSH (22) and Telnet (21) services
37
SHODAN
FINDING SCADA SYSTEMS
38
SHODAN
FINDING SCADA SYSTEMS
39
SHODAN Diggity
FINDING SCADA SYSTEMS
40
Advanced Defenses
P RO T E CT YO N E CK
41
Diggity Alert DB
DATA MINING VULNS
Diggity Alerts
Database
42
Future Directions
W H AT W I L L H A P P E N
43
Diggity Dashboards
COMING SOON
Google Charts
Mobile BI Apps
44
DLP Reporting
PRACTICAL EXAMPLES
45
Questions?
Ask us something
Well try to answer it.
For more info:
Fran Brown
Rob Ragan (@sweepthatleg)
Email: contact@stachliu.com
Project: diggity@stachliu.com
Stach & Liu, LLC
www.stachliu.com
Thank You
http://www.stachliu.com/index.php/resources/tools/google-hacking-diggity-project/
47