SlideShare a Scribd company logo

Black Hat 2011 - Pulp Google Hacking: The Next Generation Search Engine Hacking Arsenal

Rob Ragan
Rob Ragan

Last year's Lord of the Bing presentation stabbed Google Hacking in the heart with a syringe full of adrenaline and injected life back into a dying art form. New attack tools and modern defensive techniques redefined the way people thought about Google Hacking. Among these were the first ever Bing Hacking tool and the Google/Bing Hacking Alert RSS feeds, which have grown to become the world's single largest repository of live vulnerabilities on the web. And it was only the beginning… This year, we once again tear down the basic assumptions about what Google/Bing Hacking is and the extent to which it can be exploited to target organizations and even governments. In our secret underground laboratory, we've been busy creating an entirely new arsenal of Diggity Hacking tools that we'll be unveiling for the first time and releasing for free at Black Hat USA 2011. Just a few highlights of new tools to be unveiled are: BaiduDiggity:first ever Baidu hacking tool, which targets vulnerabilities disclosed by China's dominant search engine. DEMO: Live targeting of vulnerabilities in Chinese government websites exposed via Baidu. DroidDiggity:fully functional GoogleDiggity and BingDiggity application for Android phones. GoogleCodeSearchDiggity:identifying vulnerabilities in open source code projects hosted by Google Code, MS CodePlex, SourceForge, and more. The tool comes with over 40 default searches that identify SQL injection, cross-site scripting (XSS), insecure remote and local file includes, hard-coded passwords, and much more. FlashDiggity:automated Google searching/downloading/decompiling/analysis of SWF files to identify Flash vulnerabilities and info disclosures. SHODAN Hacking Alerts:new live vulnerability RSS feeds based on results from the popular SHODAN hacking search engine. MalwareDiggity and MalwareDiggity Alerts:leveraging Bing API and the Google SafeBrowsing API together to provide an answer to a simple question, "Am I being used as a platform to distribute malware to people who visit my website?" AlertDiggity:Windows systray application that filters the results of the various Google/Bing/Shodan Hacking Alerts RSS feeds and notifies the user if any new alerts match a domain belong to them. DiggityDLP:Data loss prevention tool that leverages Google/Bing to identify exposures of sensitive info (e.g. SSNs, credit card numbers, etc.) via common document formats such as .doc, .xls, and .pdf. Also utilizes Google APIs for searching across Google Docs/Spreadsheets for data leaks. That is just a taste of the new tools that will be explored in this DEMO rich presentation. So come ready to engage us as we re-define Google Hacking once again. http://www.stachliu.com/resources/tools/google-hacking-diggity-project/

TechnologyNews & Politics
1 of 59
Download to read offline
Pulp Google Hacking The Next Generation Search Engine Hacking Arsenal 3 August 2011 – Black Hat 2011 – Las Vegas, NV Presented by: Francis Brown Rob Ragan Stach & Liu, LLC www.stachliu.com
Agenda OVERVIEW • Introduction/Background • Advanced Attacks • Google/Bing Hacking - Core Tools • NEW Diggity Attack Tools • Advanced Defenses • Google/Bing Hacking Alert RSS Feeds • NEW Diggity Alert Feeds and Updates • NEW Diggity Alert RSS Feed Client Tools • Future Directions 2
Introduction/ Background GETTING UP TO SPEED 3
Open Source Intelligence SEARCHING PUBLIC SOURCES OSINT – is a form of intelligence collection management that involves finding, selecting, and acquiring information from publicly available sources and analyzing it to produce actionable intelligence. 4
Google/Bing Hacking SEARCH ENGINE ATTACKS 5
Google/Bing Hacking SEARCH ENGINE ATTACKS Bing's source leaked! class Bing { public static string Search(string query) { return Google.Search(query); } } 6
Attack Targets GOOGLE HACKING DATABASE • Advisories and Vulnerabilities (215) • Pages containing network or • Error Messages (58) vulnerability data (59) • Files containing juicy info (230) • Sensitive Directories (61) • Files containing passwords (135) • Sensitive Online Shopping Info (9) • Files containing usernames (15) • Various Online Devices (201) • Footholds (21) • Vulnerable Files (57) • Pages containing login portals (232) • Vulnerable Servers (48) • Web Server Detection (72) 7
Google Hacking = Lulz REAL WORLD THREAT LulzSec and Anonymous believed to use Google Hacking as a primary means of identifying vulnerable targets. Their releases have nothing to do with their goals or their lulz. It's purely based on whatever they find with their "google hacking" queries and then release it. -- A-Team, 28 June 2011 8
Google Hacking = Lulz REAL WORLD THREAT 22:14 <@kayla> Sooooo...using the link above and the google hack string. !Host=*.* intext:enc_UserPassword=* ext:pcf Take your pick of VPNs you want access too. Ugghh.. Aaron Barr CEO HBGary Federal Inc. 22:15 <@kayla> download the pcf file 22:16 <@kayla> then use http://www.unix-ag.uni- kl.de/~massar/bin/cisco-decode?enc= to clear text it 22:16 <@kayla> = free VPN 9
Quick History GOOGLE HACKING RECAP Dates Event 2004 Google Hacking Database (GHDB) begins May 2004 Foundstone SiteDigger v1 released Jan 2005 Foundstone SiteDigger v2 released Feb 13, 2005 Google Hack Honeypot first release Feb 20, 2005 Google Hacking v1 released by Johnny Long Jan 10, 2006 MSNPawn v1.0 released by NetSquare Dec 5, 2006 Google stops issuing Google SOAP API keys Mar 2007 Bing disables inurl: link: and linkdomain: Nov 2, 2007 Google Hacking v2 released 10
Quick History…cont. GOOGLE HACKING RECAP Dates Event Mar 2008 cDc Goolag - gui tool released Sept 7, 2009 Google shuts down SOAP Search API Nov 2009 Binging tool released by Blueinfy Dec 1, 2009 FoundStone SiteDigger v 3.0 released 2010 Googlag.org disappears April 21, 2010 Google Hacking Diggity Project initial releases Nov 1, 2010 Google AJAX API slated for retirement Nov 9, 2010 GHDB Reborn Announced – Exploit-db.com July 2011 Bing ceases ‘&format=rss’ support 11
Advanced Attacks WHAT YOU SHOULD KNOW 12
Diggity Core Tools STACH & LIU TOOLS Google Diggity • Uses Google JSON/ATOM API • Not blocked by Google bot detection • Does not violate Terms of Service • Required to use Bing Diggity • Uses Bing 2.0 SOAP API • Company/Webapp Profiling • Enumerate: URLs, IP-to-virtual hosts, etc. • Bing Hacking Database (BHDB) • Vulnerability search queries in Bing format 13
New Features DIGGITY CORE TOOLS Google Diggity - New API • Updated to use Google JSON/ATOM API • Due to deprecated Google AJAX API Misc. Feature Uprades • Auto-update for dictionaries • Output export formats • Now also XLS and HTML • Help File – chm file added 14
New Features DOWNLOAD BUTTON Download Buttons for Google/Bing Diggity • Download actual files from Google/Bing search results • Downloads to default: C:DiggityDownloads • Used by other tools for file download/analysis: • FlashDiggity, DLP Diggity, MalwareDiggity,… 15
New Features AUTO-UPDATES SLDB Updates in Progress • Example: SharePoint Google Dictionary • http://www.stachliu.com/resources/tools/sharepoint-hacking-diggity- project/#SharePoint – GoogleDiggity Dictionary File 16
Google Diggity DIGGITY CORE TOOLS 17
Bing Diggity DIGGITY CORE TOOLS 18
Bing Hacking Database STACH & LIU TOOLS BHDB – Bing Hacking Data Base Example - Bing vulnerability search: • GHDB query • First ever Bing hacking database • "allintitle:Netscape FastTrack Server Home Page" • BHDB version • Bing hacking limitations • intitle:”Netscape FastTrack Server Home Page" • Disabled inurl:, link: and linkdomain: directives in March 2007 • No support for ext:, allintitle:, allinurl: • Limited filetype: functionality • Only 12 extensions supported 19
Hacking CSE’s ALL TOP LEVEL DOMAINS 20
NEW GOOGLE HACKING TOOLS Code Search Diggity 21
Google Code Search VULNS IN OPEN SOURCE CODE • Regex search for vulnerabilities in indexed public code, including popular open source code repositories: • Example: SQL Injection in ASP querystring • select.*from.*request.QUERYSTRING 22
CodeSearch Diggity AMAZON CLOUD SECRET KEYS 23
NEW GOOGLE HACKING TOOLS Bing LinkFromDomainDiggity 24
Bing LinkFromDomain DIGGITY TOOLKIT 25
Bing LinkFromDomain FOOTPRINTING LARGE ORGANIZATIONS 26
NEW GOOGLE HACKING TOOLS Malware Diggity 27
MalwareDiggity DIGGITY TOOLKIT 1. Leverages Bing’s linkfromdomain: search directive to find off-site links of target applications/domains 2. Runs off-site links against Google’s Safe Browsing API to determine if any are malware distribution sites 3. Return results that identify malware sites that your web applications are directly linking to 28
Mass Injection Attacks MALWARE GONE WILD Malware Distribution Woes – WSJ.com – June2010 • Popular websites victimized, become malware distribution sites to their own customers 29
Mass Injection Attacks MALWARE GONE WILD Malware Distribution Woes – LizaMoon – April2011 • Popular websites victimized, become malware distribution sites to their own customers 30
Mass Injection Attacks MALWARE GONE WILD Malware Distribution Woes – willysy.com - August2011 • Popular websites victimized, become malware distribution sites to their own customers 31
Malware Diggity DIGGITY TOOLKIT 32
Malware Diggity DIGGITY TOOLKIT 33
Malware Diggity DIAGNOSTICS IN RESULTS 34
NEW GOOGLE HACKING TOOLS DLP Diggity 35
DLP Diggity LOTS OF FILES TO DATA MINE 36
DLP Diggity MORE DATA SEARCHABLE EVERY YEAR Google Results for Common Docs 513,000,000 600,000,000 500,000,000 400,000,000 260,000,000 2004 300,000,000 2007 84,500,000 200,000,000 2011 17,300,000 46,400,000 42,000,000 100,000,000 16,100,000 2011 10,900,000 30,100,000 2,100,000 0 2007 969,000 PDF 1,720,000 DOC 2004 XLS TXT 37
DLP Diggity DIGGITY TOOLKIT 38
NEW GOOGLE HACKING TOOLS FlashDiggity 39
Flash Diggity DIGGITY TOOLKIT • Google for SWF files on target domains • Example search: filetype:swf site:example.com • Download SWF files to C:DiggityDownloads • Disassemble SWF files and analyze for Flash vulnerabilities 40
NEW GOOGLE HACKING TOOLS DEMO 41
GoogleScrape Diggity DIGGITY TOOLKIT GoogleScrape Diggity • Uses Google mobile interface • Light-weight, no advertisements • Violates Terms of Service • Bot detection avoidance • Distributed via proxies • Spoofs User-agent and Referer headers • Random &userip= value • Across Google servers 42
NEW GOOGLE HACKING TOOLS Baidu Diggity 43
BaiduDiggity CHINA SEARCH ENGINE • Fighting back 44
Advanced Defenses PROTECT YO NECK 45
Traditional Defenses GOOGLE HACKING DEFENSES • “Google Hack yourself” organization • Employ tools and techniques used by hackers • Remove info leaks from Google cache • Using Google Webmaster Tools • Regularly update your robots.txt. • Or robots meta tags for individual page exclusion • Data Loss Prevention/Extrusion Prevention Systems • Free Tools: OpenDLP, Senf • Policy and Legal Restrictions 46
Existing Defenses “H A C K Y O U R S E L F”  Tools exist  Convenient  Real-time updates  Multi-engine results  Historical archived data  Multi-domain searching 47
Advanced Defenses NEW HOT SIZZLE Stach & Liu now proudly presents: • Google and Bing Hacking Alerts • SharePoint Hacking Alerts – 118 dorks • SHODAN Hacking Alerts – 26 dorks • Diggity Alerts FUNdle Bundles • Consolidated alerts into 1 RSS feed • Alert Client Tools • Alert Diggity – Windows systray notifications • iDiggity Alerts – iPhone notification app 48
Google Hacking Alerts ADVANCED DEFENSES Google Hacking Alerts • All hacking database queries using • Real-time vuln updates to >2400 hack queries via RSS • Organized and available via importable file 49
Google Hacking Alerts ADVANCED DEFENSES 50
Bing Hacking Alerts ADVANCED DEFENSES Bing Hacking Alerts • Bing searches with regexs from BHDB • Leverages http://api.bing.com/rss.aspx • Real-time vuln updates to >900 Bing hack queries via RSS 51
Bing/Google Alerts LIVE VULNERABILITY FEEDS World’s Largest Live Vulnerability Repository • Daily updates of ~3000 new hits per day 52
Diggity Alerts One Feed to Rule Them All ADVANCED DEFENSE TOOLS Diggity Alert Fundle Bundle 53
FUNdle Bundle ADVANCED DEFENSES 54
FUNdle Bundle ADVANCED DEFENSES 55
FUNdle Bundle MOBILE FRIENDLY 56
ADVANCED DEFENSE TOOLS SHODAN Alerts 57
SHODAN Alerts FINDING SCADA SYSTEMS 58
SHODAN Alerts SHODAN RSS FEEDS 59

Recommended

Tenacious Diggity - Skinny Dippin in a Sea of Bing
Tenacious Diggity - Skinny Dippin in a Sea of BingTenacious Diggity - Skinny Dippin in a Sea of Bing
Tenacious Diggity - Skinny Dippin in a Sea of BingRob Ragan
 
Lord of the Bing - Black Hat USA 2010
Lord of the Bing - Black Hat USA 2010Lord of the Bing - Black Hat USA 2010
Lord of the Bing - Black Hat USA 2010Rob Ragan
 
CloudBots - Harvesting Crypto Currency Like a Botnet Farmer
CloudBots - Harvesting Crypto Currency Like a Botnet FarmerCloudBots - Harvesting Crypto Currency Like a Botnet Farmer
CloudBots - Harvesting Crypto Currency Like a Botnet FarmerRob Ragan
 
Hack attack pulp google
Hack attack pulp googleHack attack pulp google
Hack attack pulp googlesourav6388
 
Lord of the bing b-sides atl
Lord of the bing b-sides atlLord of the bing b-sides atl
Lord of the bing b-sides atlSecurity B-Sides
 
InfoSec World 2013 – W4 – Using Google to Find Vulnerabilities in Your IT Env...
InfoSec World 2013 – W4 – Using Google to Find Vulnerabilities in Your IT Env...InfoSec World 2013 – W4 – Using Google to Find Vulnerabilities in Your IT Env...
InfoSec World 2013 – W4 – Using Google to Find Vulnerabilities in Your IT Env...Bishop Fox
 
OSINT tools for security auditing with python
OSINT tools for security auditing with pythonOSINT tools for security auditing with python
OSINT tools for security auditing with pythonJose Manuel Ortega Candel
 
DEFCON 20 (2012) – Tenacious Diggity – 29July2012 – Slides.PDF
DEFCON 20 (2012) – Tenacious Diggity – 29July2012 – Slides.PDFDEFCON 20 (2012) – Tenacious Diggity – 29July2012 – Slides.PDF
DEFCON 20 (2012) – Tenacious Diggity – 29July2012 – Slides.PDFBishop Fox
 

Recommended

Tenacious Diggity - Skinny Dippin in a Sea of Bing
Tenacious Diggity - Skinny Dippin in a Sea of BingTenacious Diggity - Skinny Dippin in a Sea of Bing
Tenacious Diggity - Skinny Dippin in a Sea of BingRob Ragan
 
Lord of the Bing - Black Hat USA 2010
Lord of the Bing - Black Hat USA 2010Lord of the Bing - Black Hat USA 2010
Lord of the Bing - Black Hat USA 2010Rob Ragan
 
CloudBots - Harvesting Crypto Currency Like a Botnet Farmer
CloudBots - Harvesting Crypto Currency Like a Botnet FarmerCloudBots - Harvesting Crypto Currency Like a Botnet Farmer
CloudBots - Harvesting Crypto Currency Like a Botnet FarmerRob Ragan
 
Hack attack pulp google
Hack attack pulp googleHack attack pulp google
Hack attack pulp googlesourav6388
 
Lord of the bing b-sides atl
Lord of the bing b-sides atlLord of the bing b-sides atl
Lord of the bing b-sides atlSecurity B-Sides
 
InfoSec World 2013 – W4 – Using Google to Find Vulnerabilities in Your IT Env...
InfoSec World 2013 – W4 – Using Google to Find Vulnerabilities in Your IT Env...InfoSec World 2013 – W4 – Using Google to Find Vulnerabilities in Your IT Env...
InfoSec World 2013 – W4 – Using Google to Find Vulnerabilities in Your IT Env...Bishop Fox
 
OSINT tools for security auditing with python
OSINT tools for security auditing with pythonOSINT tools for security auditing with python
OSINT tools for security auditing with pythonJose Manuel Ortega Candel
 
DEFCON 20 (2012) – Tenacious Diggity – 29July2012 – Slides.PDF
DEFCON 20 (2012) – Tenacious Diggity – 29July2012 – Slides.PDFDEFCON 20 (2012) – Tenacious Diggity – 29July2012 – Slides.PDF
DEFCON 20 (2012) – Tenacious Diggity – 29July2012 – Slides.PDFBishop Fox
 
Are your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman
Are your cloud servers under attack?– Hacker Halted 2019 – Brian HilemanAre your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman
Are your cloud servers under attack?– Hacker Halted 2019 – Brian HilemanEC-Council
 
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...EC-Council
 
RAR and GNAP for VC HTTP API
RAR and GNAP for VC HTTP APIRAR and GNAP for VC HTTP API
RAR and GNAP for VC HTTP APIJustin Richer
 
OWASP – Internet of Things (IoT) – Top 10 Vulnerabilities List
OWASP – Internet of Things (IoT) – Top 10 Vulnerabilities ListOWASP – Internet of Things (IoT) – Top 10 Vulnerabilities List
OWASP – Internet of Things (IoT) – Top 10 Vulnerabilities ListBishop Fox
 
POC 2018 - whatever talk_ Let's go OSINT using DeepWeb
POC 2018 - whatever talk_ Let's go OSINT using DeepWebPOC 2018 - whatever talk_ Let's go OSINT using DeepWeb
POC 2018 - whatever talk_ Let's go OSINT using DeepWebDASOM KIM
 
Hunting for the secrets in a cloud forest
Hunting for the secrets in a cloud forestHunting for the secrets in a cloud forest
Hunting for the secrets in a cloud forestSecuRing
 
Thotcon 0x5 - Retroactive Wiretapping VPN over DNS
Thotcon 0x5 - Retroactive Wiretapping VPN over DNSThotcon 0x5 - Retroactive Wiretapping VPN over DNS
Thotcon 0x5 - Retroactive Wiretapping VPN over DNSJohn Bambenek
 
Incident Response for the Work-from-home Workforce
Incident Response for the Work-from-home WorkforceIncident Response for the Work-from-home Workforce
Incident Response for the Work-from-home WorkforceChristopher Gerritz
 
Lazarus talk tlp white
Lazarus talk tlp whiteLazarus talk tlp white
Lazarus talk tlp whiteChristopher Doman
 
Hunting for the secrets in a cloud forest
Hunting for the secrets in a cloud forestHunting for the secrets in a cloud forest
Hunting for the secrets in a cloud forestSecuRing
 
Blackhat 2018 - The New Pentest? Rise of the Compromise Assessment
Blackhat 2018 - The New Pentest? Rise of the Compromise AssessmentBlackhat 2018 - The New Pentest? Rise of the Compromise Assessment
Blackhat 2018 - The New Pentest? Rise of the Compromise AssessmentChristopher Gerritz
 
THOTCON 0x6: Going Kinetic on Electronic Crime Networks
THOTCON 0x6: Going Kinetic on Electronic Crime NetworksTHOTCON 0x6: Going Kinetic on Electronic Crime Networks
THOTCON 0x6: Going Kinetic on Electronic Crime NetworksJohn Bambenek
 
The Boring Security Talk - Azure Global Bootcamp Melbourne 2019
The Boring Security Talk - Azure Global Bootcamp Melbourne 2019The Boring Security Talk - Azure Global Bootcamp Melbourne 2019
The Boring Security Talk - Azure Global Bootcamp Melbourne 2019kieranjacobsen
 
The Background Noise of the Internet
The Background Noise of the InternetThe Background Noise of the Internet
The Background Noise of the InternetAndrew Morris
 
OSINT Tool - Reconnaissance with Maltego
OSINT Tool - Reconnaissance with MaltegoOSINT Tool - Reconnaissance with Maltego
OSINT Tool - Reconnaissance with MaltegoRaghav Bisht
 
Identifying and Correlating Internet-wide Scan Traffic to Newsworthy Security...
Identifying and Correlating Internet-wide Scan Traffic to Newsworthy Security...Identifying and Correlating Internet-wide Scan Traffic to Newsworthy Security...
Identifying and Correlating Internet-wide Scan Traffic to Newsworthy Security...Andrew Morris
 
Advanced Information Gathering AKA Google Hacking
Advanced Information Gathering AKA Google HackingAdvanced Information Gathering AKA Google Hacking
Advanced Information Gathering AKA Google HackingGareth Davies
 
Four years of breaking HTTPS with BGP hijacking
Four years of breaking HTTPS with BGP hijackingFour years of breaking HTTPS with BGP hijacking
Four years of breaking HTTPS with BGP hijackingAPNIC
 
CSW2017 Kyle ehmke lots of squats- ap-ts never miss leg day
CSW2017 Kyle ehmke lots of squats- ap-ts never miss leg dayCSW2017 Kyle ehmke lots of squats- ap-ts never miss leg day
CSW2017 Kyle ehmke lots of squats- ap-ts never miss leg dayCanSecWest
 
Microblogging: A Semantic Web and Distributed Approach
Microblogging: A Semantic Web and Distributed ApproachMicroblogging: A Semantic Web and Distributed Approach
Microblogging: A Semantic Web and Distributed ApproachAlexandre Passant
 
Dangerous google dorks
Dangerous google dorksDangerous google dorks
Dangerous google dorksWitgie Solutions
 
Google hacking 2015
Google hacking 2015Google hacking 2015
Google hacking 2015gopartheredbuff
 

More Related Content

What's hot

Are your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman
Are your cloud servers under attack?– Hacker Halted 2019 – Brian HilemanAre your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman
Are your cloud servers under attack?– Hacker Halted 2019 – Brian HilemanEC-Council
 
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...EC-Council
 
RAR and GNAP for VC HTTP API
RAR and GNAP for VC HTTP APIRAR and GNAP for VC HTTP API
RAR and GNAP for VC HTTP APIJustin Richer
 
OWASP – Internet of Things (IoT) – Top 10 Vulnerabilities List
OWASP – Internet of Things (IoT) – Top 10 Vulnerabilities ListOWASP – Internet of Things (IoT) – Top 10 Vulnerabilities List
OWASP – Internet of Things (IoT) – Top 10 Vulnerabilities ListBishop Fox
 
POC 2018 - whatever talk_ Let's go OSINT using DeepWeb
POC 2018 - whatever talk_ Let's go OSINT using DeepWebPOC 2018 - whatever talk_ Let's go OSINT using DeepWeb
POC 2018 - whatever talk_ Let's go OSINT using DeepWebDASOM KIM
 
Hunting for the secrets in a cloud forest
Hunting for the secrets in a cloud forestHunting for the secrets in a cloud forest
Hunting for the secrets in a cloud forestSecuRing
 
Thotcon 0x5 - Retroactive Wiretapping VPN over DNS
Thotcon 0x5 - Retroactive Wiretapping VPN over DNSThotcon 0x5 - Retroactive Wiretapping VPN over DNS
Thotcon 0x5 - Retroactive Wiretapping VPN over DNSJohn Bambenek
 
Incident Response for the Work-from-home Workforce
Incident Response for the Work-from-home WorkforceIncident Response for the Work-from-home Workforce
Incident Response for the Work-from-home WorkforceChristopher Gerritz
 
Hunting for the secrets in a cloud forest
Hunting for the secrets in a cloud forestHunting for the secrets in a cloud forest
Hunting for the secrets in a cloud forestSecuRing
 
Blackhat 2018 - The New Pentest? Rise of the Compromise Assessment
Blackhat 2018 - The New Pentest? Rise of the Compromise AssessmentBlackhat 2018 - The New Pentest? Rise of the Compromise Assessment
Blackhat 2018 - The New Pentest? Rise of the Compromise AssessmentChristopher Gerritz
 
THOTCON 0x6: Going Kinetic on Electronic Crime Networks
THOTCON 0x6: Going Kinetic on Electronic Crime NetworksTHOTCON 0x6: Going Kinetic on Electronic Crime Networks
THOTCON 0x6: Going Kinetic on Electronic Crime NetworksJohn Bambenek
 
The Boring Security Talk - Azure Global Bootcamp Melbourne 2019
The Boring Security Talk - Azure Global Bootcamp Melbourne 2019The Boring Security Talk - Azure Global Bootcamp Melbourne 2019
The Boring Security Talk - Azure Global Bootcamp Melbourne 2019kieranjacobsen
 
The Background Noise of the Internet
The Background Noise of the InternetThe Background Noise of the Internet
The Background Noise of the InternetAndrew Morris
 
OSINT Tool - Reconnaissance with Maltego
OSINT Tool - Reconnaissance with MaltegoOSINT Tool - Reconnaissance with Maltego
OSINT Tool - Reconnaissance with MaltegoRaghav Bisht
 
Identifying and Correlating Internet-wide Scan Traffic to Newsworthy Security...
Identifying and Correlating Internet-wide Scan Traffic to Newsworthy Security...Identifying and Correlating Internet-wide Scan Traffic to Newsworthy Security...
Identifying and Correlating Internet-wide Scan Traffic to Newsworthy Security...Andrew Morris
 
Advanced Information Gathering AKA Google Hacking
Advanced Information Gathering AKA Google HackingAdvanced Information Gathering AKA Google Hacking
Advanced Information Gathering AKA Google HackingGareth Davies
 
Four years of breaking HTTPS with BGP hijacking
Four years of breaking HTTPS with BGP hijackingFour years of breaking HTTPS with BGP hijacking
Four years of breaking HTTPS with BGP hijackingAPNIC
 
CSW2017 Kyle ehmke lots of squats- ap-ts never miss leg day
CSW2017 Kyle ehmke lots of squats- ap-ts never miss leg dayCSW2017 Kyle ehmke lots of squats- ap-ts never miss leg day
CSW2017 Kyle ehmke lots of squats- ap-ts never miss leg dayCanSecWest
 
Microblogging: A Semantic Web and Distributed Approach
Microblogging: A Semantic Web and Distributed ApproachMicroblogging: A Semantic Web and Distributed Approach
Microblogging: A Semantic Web and Distributed ApproachAlexandre Passant
 

What's hot (20)

Are your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman
Are your cloud servers under attack?– Hacker Halted 2019 – Brian HilemanAre your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman
Are your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman
 
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
 
RAR and GNAP for VC HTTP API
RAR and GNAP for VC HTTP APIRAR and GNAP for VC HTTP API
RAR and GNAP for VC HTTP API
 
OWASP – Internet of Things (IoT) – Top 10 Vulnerabilities List
OWASP – Internet of Things (IoT) – Top 10 Vulnerabilities ListOWASP – Internet of Things (IoT) – Top 10 Vulnerabilities List
OWASP – Internet of Things (IoT) – Top 10 Vulnerabilities List
 
POC 2018 - whatever talk_ Let's go OSINT using DeepWeb
POC 2018 - whatever talk_ Let's go OSINT using DeepWebPOC 2018 - whatever talk_ Let's go OSINT using DeepWeb
POC 2018 - whatever talk_ Let's go OSINT using DeepWeb
 
Hunting for the secrets in a cloud forest
Hunting for the secrets in a cloud forestHunting for the secrets in a cloud forest
Hunting for the secrets in a cloud forest
 
Thotcon 0x5 - Retroactive Wiretapping VPN over DNS
Thotcon 0x5 - Retroactive Wiretapping VPN over DNSThotcon 0x5 - Retroactive Wiretapping VPN over DNS
Thotcon 0x5 - Retroactive Wiretapping VPN over DNS
 
Incident Response for the Work-from-home Workforce
Incident Response for the Work-from-home WorkforceIncident Response for the Work-from-home Workforce
Incident Response for the Work-from-home Workforce
 
Lazarus talk tlp white
Lazarus talk tlp whiteLazarus talk tlp white
Lazarus talk tlp white
 
Hunting for the secrets in a cloud forest
Hunting for the secrets in a cloud forestHunting for the secrets in a cloud forest
Hunting for the secrets in a cloud forest
 
Blackhat 2018 - The New Pentest? Rise of the Compromise Assessment
Blackhat 2018 - The New Pentest? Rise of the Compromise AssessmentBlackhat 2018 - The New Pentest? Rise of the Compromise Assessment
Blackhat 2018 - The New Pentest? Rise of the Compromise Assessment
 
THOTCON 0x6: Going Kinetic on Electronic Crime Networks
THOTCON 0x6: Going Kinetic on Electronic Crime NetworksTHOTCON 0x6: Going Kinetic on Electronic Crime Networks
THOTCON 0x6: Going Kinetic on Electronic Crime Networks
 
The Boring Security Talk - Azure Global Bootcamp Melbourne 2019
The Boring Security Talk - Azure Global Bootcamp Melbourne 2019The Boring Security Talk - Azure Global Bootcamp Melbourne 2019
The Boring Security Talk - Azure Global Bootcamp Melbourne 2019
 
The Background Noise of the Internet
The Background Noise of the InternetThe Background Noise of the Internet
The Background Noise of the Internet
 
OSINT Tool - Reconnaissance with Maltego
OSINT Tool - Reconnaissance with MaltegoOSINT Tool - Reconnaissance with Maltego
OSINT Tool - Reconnaissance with Maltego
 
Identifying and Correlating Internet-wide Scan Traffic to Newsworthy Security...
Identifying and Correlating Internet-wide Scan Traffic to Newsworthy Security...Identifying and Correlating Internet-wide Scan Traffic to Newsworthy Security...
Identifying and Correlating Internet-wide Scan Traffic to Newsworthy Security...
 
Advanced Information Gathering AKA Google Hacking
Advanced Information Gathering AKA Google HackingAdvanced Information Gathering AKA Google Hacking
Advanced Information Gathering AKA Google Hacking
 
Four years of breaking HTTPS with BGP hijacking
Four years of breaking HTTPS with BGP hijackingFour years of breaking HTTPS with BGP hijacking
Four years of breaking HTTPS with BGP hijacking
 
CSW2017 Kyle ehmke lots of squats- ap-ts never miss leg day
CSW2017 Kyle ehmke lots of squats- ap-ts never miss leg dayCSW2017 Kyle ehmke lots of squats- ap-ts never miss leg day
CSW2017 Kyle ehmke lots of squats- ap-ts never miss leg day
 
Microblogging: A Semantic Web and Distributed Approach
Microblogging: A Semantic Web and Distributed ApproachMicroblogging: A Semantic Web and Distributed Approach
Microblogging: A Semantic Web and Distributed Approach
 

Viewers also liked

Kiran karnad rtc2014 ghdb-final
Kiran karnad rtc2014 ghdb-finalKiran karnad rtc2014 ghdb-final
Kiran karnad rtc2014 ghdb-finalRomania Testing
 
Composición básica de dorks
Composición básica de dorksComposición básica de dorks
Composición básica de dorksTensor
 
Attack Chaining: Advanced Maneuvers for Hack Fu
Attack Chaining: Advanced Maneuvers for Hack FuAttack Chaining: Advanced Maneuvers for Hack Fu
Attack Chaining: Advanced Maneuvers for Hack FuRob Ragan
 
Guessing CVV, Spoofing Payment and Experiences with Fraud Detection Systems
Guessing CVV, Spoofing Payment and Experiences with Fraud Detection SystemsGuessing CVV, Spoofing Payment and Experiences with Fraud Detection Systems
Guessing CVV, Spoofing Payment and Experiences with Fraud Detection SystemsPositive Hack Days
 
Social Engineering: the Bad, Better, and Best Incident Response Plans
Social Engineering: the Bad, Better, and Best Incident Response PlansSocial Engineering: the Bad, Better, and Best Incident Response Plans
Social Engineering: the Bad, Better, and Best Incident Response PlansRob Ragan
 
Intro to Web Application Security
Intro to Web Application SecurityIntro to Web Application Security
Intro to Web Application SecurityRob Ragan
 
BSidesPGH - Never Surrender - Reducing Social Engineering Risk
BSidesPGH - Never Surrender - Reducing Social Engineering RiskBSidesPGH - Never Surrender - Reducing Social Engineering Risk
BSidesPGH - Never Surrender - Reducing Social Engineering RiskRob Ragan
 
CITEC #CON2-Dirty Attack with Google Hacking
CITEC #CON2-Dirty Attack with Google HackingCITEC #CON2-Dirty Attack with Google Hacking
CITEC #CON2-Dirty Attack with Google HackingPrathan Phongthiproek
 

Viewers also liked (13)

Dangerous google dorks
Dangerous google dorksDangerous google dorks
Dangerous google dorks
 
Google hacking 2015
Google hacking 2015Google hacking 2015
Google hacking 2015
 
Kiran karnad rtc2014 ghdb-final
Kiran karnad rtc2014 ghdb-finalKiran karnad rtc2014 ghdb-final
Kiran karnad rtc2014 ghdb-final
 
Composición básica de dorks
Composición básica de dorksComposición básica de dorks
Composición básica de dorks
 
Attack Chaining: Advanced Maneuvers for Hack Fu
Attack Chaining: Advanced Maneuvers for Hack FuAttack Chaining: Advanced Maneuvers for Hack Fu
Attack Chaining: Advanced Maneuvers for Hack Fu
 
Guessing CVV, Spoofing Payment and Experiences with Fraud Detection Systems
Guessing CVV, Spoofing Payment and Experiences with Fraud Detection SystemsGuessing CVV, Spoofing Payment and Experiences with Fraud Detection Systems
Guessing CVV, Spoofing Payment and Experiences with Fraud Detection Systems
 
Google as a Hacking Tool
Google as a Hacking ToolGoogle as a Hacking Tool
Google as a Hacking Tool
 
Google Dorks
Google DorksGoogle Dorks
Google Dorks
 
Social Engineering: the Bad, Better, and Best Incident Response Plans
Social Engineering: the Bad, Better, and Best Incident Response PlansSocial Engineering: the Bad, Better, and Best Incident Response Plans
Social Engineering: the Bad, Better, and Best Incident Response Plans
 
Google Dorks and SQL Injection
Google Dorks and SQL InjectionGoogle Dorks and SQL Injection
Google Dorks and SQL Injection
 
Intro to Web Application Security
Intro to Web Application SecurityIntro to Web Application Security
Intro to Web Application Security
 
BSidesPGH - Never Surrender - Reducing Social Engineering Risk
BSidesPGH - Never Surrender - Reducing Social Engineering RiskBSidesPGH - Never Surrender - Reducing Social Engineering Risk
BSidesPGH - Never Surrender - Reducing Social Engineering Risk
 
CITEC #CON2-Dirty Attack with Google Hacking
CITEC #CON2-Dirty Attack with Google HackingCITEC #CON2-Dirty Attack with Google Hacking
CITEC #CON2-Dirty Attack with Google Hacking
 

Similar to Black Hat 2011 - Pulp Google Hacking: The Next Generation Search Engine Hacking Arsenal

Pulp Google Hacking
Pulp Google HackingPulp Google Hacking
Pulp Google HackingBishop Fox
 
Lord of the Bing: Taking Back Search Engine Hacking From Google and Bing
Lord of the Bing: Taking Back Search Engine Hacking From Google and BingLord of the Bing: Taking Back Search Engine Hacking From Google and Bing
Lord of the Bing: Taking Back Search Engine Hacking From Google and BingBishop Fox
 
Google Final Draft With Kts
Google Final Draft With KtsGoogle Final Draft With Kts
Google Final Draft With KtsJoseph Teye-Kofi
 
Crypto Night at CSUS - Bug Bounties
Crypto Night at CSUS - Bug Bounties Crypto Night at CSUS - Bug Bounties
Crypto Night at CSUS - Bug Bounties Behrouz Sadeghipour
 
Effective googling
Effective googlingEffective googling
Effective googlingNiraj Bariya
 
Google Cloud for Data Crunchers - Strata Conf 2011
Google Cloud for Data Crunchers - Strata Conf 2011Google Cloud for Data Crunchers - Strata Conf 2011
Google Cloud for Data Crunchers - Strata Conf 2011Patrick Chanezon
 
Guardian devexp and_discovery
Guardian devexp and_discoveryGuardian devexp and_discovery
Guardian devexp and_discoveryAde Oshineye
 
Google, Developer Experience and Discovery
Google, Developer Experience and DiscoveryGoogle, Developer Experience and Discovery
Google, Developer Experience and DiscoveryAde Oshineye
 
Open Source Insight: NVD's New Look, Struts Vuln Ransomware & Google Open So...
Open Source Insight: NVD's New Look, Struts Vuln Ransomware & Google Open So...Open Source Insight: NVD's New Look, Struts Vuln Ransomware & Google Open So...
Open Source Insight: NVD's New Look, Struts Vuln Ransomware & Google Open So...Black Duck by Synopsys
 
Basics of getting Into Bug Bounty Hunting
Basics of getting Into Bug Bounty HuntingBasics of getting Into Bug Bounty Hunting
Basics of getting Into Bug Bounty HuntingMuhammad Khizer Javed
 
Preventing Code Leaks & Other Critical Security Risks from Code
Preventing Code Leaks & Other Critical Security Risks from CodePreventing Code Leaks & Other Critical Security Risks from Code
Preventing Code Leaks & Other Critical Security Risks from CodeDevOps.com
 
Effective googling
Effective googlingEffective googling
Effective googlingNiraj Bariya
 
Enterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringEnterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringTom Eston
 
Abusing Adobe Reader’s JavaScript APIs by Abdul-Aziz Hariri & Brian Gorenc - ...
Abusing Adobe Reader’s JavaScript APIs by Abdul-Aziz Hariri & Brian Gorenc - ...Abusing Adobe Reader’s JavaScript APIs by Abdul-Aziz Hariri & Brian Gorenc - ...
Abusing Adobe Reader’s JavaScript APIs by Abdul-Aziz Hariri & Brian Gorenc - ...CODE BLUE
 
HackU: IIT Madras: Hacking Yahoo! Social
HackU: IIT Madras: Hacking Yahoo! SocialHackU: IIT Madras: Hacking Yahoo! Social
HackU: IIT Madras: Hacking Yahoo! SocialSaurabh Sahni
 
Luiz eduardo. introduction to mobile snitch
Luiz eduardo. introduction to mobile snitchLuiz eduardo. introduction to mobile snitch
Luiz eduardo. introduction to mobile snitchYury Chemerkin
 

Similar to Black Hat 2011 - Pulp Google Hacking: The Next Generation Search Engine Hacking Arsenal (20)

Pulp Google Hacking
Pulp Google HackingPulp Google Hacking
Pulp Google Hacking
 
Lord of the Bing: Taking Back Search Engine Hacking From Google and Bing
Lord of the Bing: Taking Back Search Engine Hacking From Google and BingLord of the Bing: Taking Back Search Engine Hacking From Google and Bing
Lord of the Bing: Taking Back Search Engine Hacking From Google and Bing
 
Google Final Draft With Kts
Google Final Draft With KtsGoogle Final Draft With Kts
Google Final Draft With Kts
 
Crypto Night at CSUS - Bug Bounties
Crypto Night at CSUS - Bug Bounties Crypto Night at CSUS - Bug Bounties
Crypto Night at CSUS - Bug Bounties
 
Effective googling
Effective googlingEffective googling
Effective googling
 
Google Hacking 101
Google Hacking 101Google Hacking 101
Google Hacking 101
 
Google Cloud for Data Crunchers - Strata Conf 2011
Google Cloud for Data Crunchers - Strata Conf 2011Google Cloud for Data Crunchers - Strata Conf 2011
Google Cloud for Data Crunchers - Strata Conf 2011
 
Offensive OSINT
Offensive OSINTOffensive OSINT
Offensive OSINT
 
Guardian devexp and_discovery
Guardian devexp and_discoveryGuardian devexp and_discovery
Guardian devexp and_discovery
 
Google, Developer Experience and Discovery
Google, Developer Experience and DiscoveryGoogle, Developer Experience and Discovery
Google, Developer Experience and Discovery
 
Open Source Insight: NVD's New Look, Struts Vuln Ransomware & Google Open So...
Open Source Insight: NVD's New Look, Struts Vuln Ransomware & Google Open So...Open Source Insight: NVD's New Look, Struts Vuln Ransomware & Google Open So...
Open Source Insight: NVD's New Look, Struts Vuln Ransomware & Google Open So...
 
Basics of getting Into Bug Bounty Hunting
Basics of getting Into Bug Bounty HuntingBasics of getting Into Bug Bounty Hunting
Basics of getting Into Bug Bounty Hunting
 
Web 2.0
Web 2.0Web 2.0
Web 2.0
 
Preventing Code Leaks & Other Critical Security Risks from Code
Preventing Code Leaks & Other Critical Security Risks from CodePreventing Code Leaks & Other Critical Security Risks from Code
Preventing Code Leaks & Other Critical Security Risks from Code
 
Effective googling
Effective googlingEffective googling
Effective googling
 
Enterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringEnterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence Gathering
 
Abusing Adobe Reader’s JavaScript APIs by Abdul-Aziz Hariri & Brian Gorenc - ...
Abusing Adobe Reader’s JavaScript APIs by Abdul-Aziz Hariri & Brian Gorenc - ...Abusing Adobe Reader’s JavaScript APIs by Abdul-Aziz Hariri & Brian Gorenc - ...
Abusing Adobe Reader’s JavaScript APIs by Abdul-Aziz Hariri & Brian Gorenc - ...
 
GOOGLE
GOOGLEGOOGLE
GOOGLE
 
HackU: IIT Madras: Hacking Yahoo! Social
HackU: IIT Madras: Hacking Yahoo! SocialHackU: IIT Madras: Hacking Yahoo! Social
HackU: IIT Madras: Hacking Yahoo! Social
 
Luiz eduardo. introduction to mobile snitch
Luiz eduardo. introduction to mobile snitchLuiz eduardo. introduction to mobile snitch
Luiz eduardo. introduction to mobile snitch
 

More from Rob Ragan

Nbt hacker fight
Nbt hacker fightNbt hacker fight
Nbt hacker fightRob Ragan
 
Expose Yourself Without Insecurity: Cloud Breach Patterns
Expose Yourself Without Insecurity: Cloud Breach PatternsExpose Yourself Without Insecurity: Cloud Breach Patterns
Expose Yourself Without Insecurity: Cloud Breach PatternsRob Ragan
 
DeadDropSF - Better Red Than Dead
DeadDropSF - Better Red Than DeadDeadDropSF - Better Red Than Dead
DeadDropSF - Better Red Than DeadRob Ragan
 
Interop 2017 - Defeating Social Engineering, BEC, and Phishing
Interop 2017 - Defeating Social Engineering, BEC, and PhishingInterop 2017 - Defeating Social Engineering, BEC, and Phishing
Interop 2017 - Defeating Social Engineering, BEC, and PhishingRob Ragan
 
Filter Evasion: Houdini on the Wire
Filter Evasion: Houdini on the WireFilter Evasion: Houdini on the Wire
Filter Evasion: Houdini on the WireRob Ragan
 
Static Analysis: The Art of Fighting without Fighting
Static Analysis: The Art of Fighting without FightingStatic Analysis: The Art of Fighting without Fighting
Static Analysis: The Art of Fighting without FightingRob Ragan
 

More from Rob Ragan (6)

Nbt hacker fight
Nbt hacker fightNbt hacker fight
Nbt hacker fight
 
Expose Yourself Without Insecurity: Cloud Breach Patterns
Expose Yourself Without Insecurity: Cloud Breach PatternsExpose Yourself Without Insecurity: Cloud Breach Patterns
Expose Yourself Without Insecurity: Cloud Breach Patterns
 
DeadDropSF - Better Red Than Dead
DeadDropSF - Better Red Than DeadDeadDropSF - Better Red Than Dead
DeadDropSF - Better Red Than Dead
 
Interop 2017 - Defeating Social Engineering, BEC, and Phishing
Interop 2017 - Defeating Social Engineering, BEC, and PhishingInterop 2017 - Defeating Social Engineering, BEC, and Phishing
Interop 2017 - Defeating Social Engineering, BEC, and Phishing
 
Filter Evasion: Houdini on the Wire
Filter Evasion: Houdini on the WireFilter Evasion: Houdini on the Wire
Filter Evasion: Houdini on the Wire
 
Static Analysis: The Art of Fighting without Fighting
Static Analysis: The Art of Fighting without FightingStatic Analysis: The Art of Fighting without Fighting
Static Analysis: The Art of Fighting without Fighting
 

Recently uploaded

Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesThousandEyes
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...amber724300
 
Landscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfLandscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfAarwolf Industries LLC
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkPixlogix Infotech
 
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Mark Simos
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 
Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...
Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...
Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...itnewsafrica
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Karmanjay Verma
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
Digital Tools & AI in Career Development
Digital Tools & AI in Career DevelopmentDigital Tools & AI in Career Development
Digital Tools & AI in Career DevelopmentMahmoud Rabie
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sectoritnewsafrica
 

Recently uploaded (20)

Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
 
Landscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfLandscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdf
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App Framework
 
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...
Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...
Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
Digital Tools & AI in Career Development
Digital Tools & AI in Career DevelopmentDigital Tools & AI in Career Development
Digital Tools & AI in Career Development
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
 

Black Hat 2011 - Pulp Google Hacking: The Next Generation Search Engine Hacking Arsenal

  • 1. Pulp Google Hacking The Next Generation Search Engine Hacking Arsenal 3 August 2011 – Black Hat 2011 – Las Vegas, NV Presented by: Francis Brown Rob Ragan Stach & Liu, LLC www.stachliu.com
  • 2. Agenda OVERVIEW • Introduction/Background • Advanced Attacks • Google/Bing Hacking - Core Tools • NEW Diggity Attack Tools • Advanced Defenses • Google/Bing Hacking Alert RSS Feeds • NEW Diggity Alert Feeds and Updates • NEW Diggity Alert RSS Feed Client Tools • Future Directions 2
  • 4. Open Source Intelligence SEARCHING PUBLIC SOURCES OSINT – is a form of intelligence collection management that involves finding, selecting, and acquiring information from publicly available sources and analyzing it to produce actionable intelligence. 4
  • 5. Google/Bing Hacking SEARCH ENGINE ATTACKS 5
  • 6. Google/Bing Hacking SEARCH ENGINE ATTACKS Bing's source leaked! class Bing { public static string Search(string query) { return Google.Search(query); } } 6
  • 7. Attack Targets GOOGLE HACKING DATABASE • Advisories and Vulnerabilities (215) • Pages containing network or • Error Messages (58) vulnerability data (59) • Files containing juicy info (230) • Sensitive Directories (61) • Files containing passwords (135) • Sensitive Online Shopping Info (9) • Files containing usernames (15) • Various Online Devices (201) • Footholds (21) • Vulnerable Files (57) • Pages containing login portals (232) • Vulnerable Servers (48) • Web Server Detection (72) 7
  • 8. Google Hacking = Lulz REAL WORLD THREAT LulzSec and Anonymous believed to use Google Hacking as a primary means of identifying vulnerable targets. Their releases have nothing to do with their goals or their lulz. It's purely based on whatever they find with their "google hacking" queries and then release it. -- A-Team, 28 June 2011 8
  • 9. Google Hacking = Lulz REAL WORLD THREAT 22:14 <@kayla> Sooooo...using the link above and the google hack string. !Host=*.* intext:enc_UserPassword=* ext:pcf Take your pick of VPNs you want access too. Ugghh.. Aaron Barr CEO HBGary Federal Inc. 22:15 <@kayla> download the pcf file 22:16 <@kayla> then use http://www.unix-ag.uni- kl.de/~massar/bin/cisco-decode?enc= to clear text it 22:16 <@kayla> = free VPN 9
  • 10. Quick History GOOGLE HACKING RECAP Dates Event 2004 Google Hacking Database (GHDB) begins May 2004 Foundstone SiteDigger v1 released Jan 2005 Foundstone SiteDigger v2 released Feb 13, 2005 Google Hack Honeypot first release Feb 20, 2005 Google Hacking v1 released by Johnny Long Jan 10, 2006 MSNPawn v1.0 released by NetSquare Dec 5, 2006 Google stops issuing Google SOAP API keys Mar 2007 Bing disables inurl: link: and linkdomain: Nov 2, 2007 Google Hacking v2 released 10
  • 11. Quick History…cont. GOOGLE HACKING RECAP Dates Event Mar 2008 cDc Goolag - gui tool released Sept 7, 2009 Google shuts down SOAP Search API Nov 2009 Binging tool released by Blueinfy Dec 1, 2009 FoundStone SiteDigger v 3.0 released 2010 Googlag.org disappears April 21, 2010 Google Hacking Diggity Project initial releases Nov 1, 2010 Google AJAX API slated for retirement Nov 9, 2010 GHDB Reborn Announced – Exploit-db.com July 2011 Bing ceases ‘&format=rss’ support 11
  • 12. Advanced Attacks WHAT YOU SHOULD KNOW 12
  • 13. Diggity Core Tools STACH & LIU TOOLS Google Diggity • Uses Google JSON/ATOM API • Not blocked by Google bot detection • Does not violate Terms of Service • Required to use Bing Diggity • Uses Bing 2.0 SOAP API • Company/Webapp Profiling • Enumerate: URLs, IP-to-virtual hosts, etc. • Bing Hacking Database (BHDB) • Vulnerability search queries in Bing format 13
  • 14. New Features DIGGITY CORE TOOLS Google Diggity - New API • Updated to use Google JSON/ATOM API • Due to deprecated Google AJAX API Misc. Feature Uprades • Auto-update for dictionaries • Output export formats • Now also XLS and HTML • Help File – chm file added 14
  • 15. New Features DOWNLOAD BUTTON Download Buttons for Google/Bing Diggity • Download actual files from Google/Bing search results • Downloads to default: C:DiggityDownloads • Used by other tools for file download/analysis: • FlashDiggity, DLP Diggity, MalwareDiggity,… 15
  • 16. New Features AUTO-UPDATES SLDB Updates in Progress • Example: SharePoint Google Dictionary • http://www.stachliu.com/resources/tools/sharepoint-hacking-diggity- project/#SharePoint – GoogleDiggity Dictionary File 16
  • 17. Google Diggity DIGGITY CORE TOOLS 17
  • 18. Bing Diggity DIGGITY CORE TOOLS 18
  • 19. Bing Hacking Database STACH & LIU TOOLS BHDB – Bing Hacking Data Base Example - Bing vulnerability search: • GHDB query • First ever Bing hacking database • "allintitle:Netscape FastTrack Server Home Page" • BHDB version • Bing hacking limitations • intitle:”Netscape FastTrack Server Home Page" • Disabled inurl:, link: and linkdomain: directives in March 2007 • No support for ext:, allintitle:, allinurl: • Limited filetype: functionality • Only 12 extensions supported 19
  • 20. Hacking CSE’s ALL TOP LEVEL DOMAINS 20
  • 21. NEW GOOGLE HACKING TOOLS Code Search Diggity 21
  • 22. Google Code Search VULNS IN OPEN SOURCE CODE • Regex search for vulnerabilities in indexed public code, including popular open source code repositories: • Example: SQL Injection in ASP querystring • select.*from.*request.QUERYSTRING 22
  • 23. CodeSearch Diggity AMAZON CLOUD SECRET KEYS 23
  • 24. NEW GOOGLE HACKING TOOLS Bing LinkFromDomainDiggity 24
  • 25. Bing LinkFromDomain DIGGITY TOOLKIT 25
  • 26. Bing LinkFromDomain FOOTPRINTING LARGE ORGANIZATIONS 26
  • 27. NEW GOOGLE HACKING TOOLS Malware Diggity 27
  • 28. MalwareDiggity DIGGITY TOOLKIT 1. Leverages Bing’s linkfromdomain: search directive to find off-site links of target applications/domains 2. Runs off-site links against Google’s Safe Browsing API to determine if any are malware distribution sites 3. Return results that identify malware sites that your web applications are directly linking to 28
  • 29. Mass Injection Attacks MALWARE GONE WILD Malware Distribution Woes – WSJ.com – June2010 • Popular websites victimized, become malware distribution sites to their own customers 29
  • 30. Mass Injection Attacks MALWARE GONE WILD Malware Distribution Woes – LizaMoon – April2011 • Popular websites victimized, become malware distribution sites to their own customers 30
  • 31. Mass Injection Attacks MALWARE GONE WILD Malware Distribution Woes – willysy.com - August2011 • Popular websites victimized, become malware distribution sites to their own customers 31
  • 32. Malware Diggity DIGGITY TOOLKIT 32
  • 33. Malware Diggity DIGGITY TOOLKIT 33
  • 34. Malware Diggity DIAGNOSTICS IN RESULTS 34
  • 35. NEW GOOGLE HACKING TOOLS DLP Diggity 35
  • 36. DLP Diggity LOTS OF FILES TO DATA MINE 36
  • 37. DLP Diggity MORE DATA SEARCHABLE EVERY YEAR Google Results for Common Docs 513,000,000 600,000,000 500,000,000 400,000,000 260,000,000 2004 300,000,000 2007 84,500,000 200,000,000 2011 17,300,000 46,400,000 42,000,000 100,000,000 16,100,000 2011 10,900,000 30,100,000 2,100,000 0 2007 969,000 PDF 1,720,000 DOC 2004 XLS TXT 37
  • 38. DLP Diggity DIGGITY TOOLKIT 38
  • 39. NEW GOOGLE HACKING TOOLS FlashDiggity 39
  • 40. Flash Diggity DIGGITY TOOLKIT • Google for SWF files on target domains • Example search: filetype:swf site:example.com • Download SWF files to C:DiggityDownloads • Disassemble SWF files and analyze for Flash vulnerabilities 40
  • 41. NEW GOOGLE HACKING TOOLS DEMO 41
  • 42. GoogleScrape Diggity DIGGITY TOOLKIT GoogleScrape Diggity • Uses Google mobile interface • Light-weight, no advertisements • Violates Terms of Service • Bot detection avoidance • Distributed via proxies • Spoofs User-agent and Referer headers • Random &userip= value • Across Google servers 42
  • 43. NEW GOOGLE HACKING TOOLS Baidu Diggity 43
  • 44. BaiduDiggity CHINA SEARCH ENGINE • Fighting back 44
  • 45. Advanced Defenses PROTECT YO NECK 45
  • 46. Traditional Defenses GOOGLE HACKING DEFENSES • “Google Hack yourself” organization • Employ tools and techniques used by hackers • Remove info leaks from Google cache • Using Google Webmaster Tools • Regularly update your robots.txt. • Or robots meta tags for individual page exclusion • Data Loss Prevention/Extrusion Prevention Systems • Free Tools: OpenDLP, Senf • Policy and Legal Restrictions 46
  • 47. Existing Defenses “H A C K Y O U R S E L F”  Tools exist  Convenient  Real-time updates  Multi-engine results  Historical archived data  Multi-domain searching 47
  • 48. Advanced Defenses NEW HOT SIZZLE Stach & Liu now proudly presents: • Google and Bing Hacking Alerts • SharePoint Hacking Alerts – 118 dorks • SHODAN Hacking Alerts – 26 dorks • Diggity Alerts FUNdle Bundles • Consolidated alerts into 1 RSS feed • Alert Client Tools • Alert Diggity – Windows systray notifications • iDiggity Alerts – iPhone notification app 48
  • 49. Google Hacking Alerts ADVANCED DEFENSES Google Hacking Alerts • All hacking database queries using • Real-time vuln updates to >2400 hack queries via RSS • Organized and available via importable file 49
  • 50. Google Hacking Alerts ADVANCED DEFENSES 50
  • 51. Bing Hacking Alerts ADVANCED DEFENSES Bing Hacking Alerts • Bing searches with regexs from BHDB • Leverages http://api.bing.com/rss.aspx • Real-time vuln updates to >900 Bing hack queries via RSS 51
  • 52. Bing/Google Alerts LIVE VULNERABILITY FEEDS World’s Largest Live Vulnerability Repository • Daily updates of ~3000 new hits per day 52
  • 53. Diggity Alerts One Feed to Rule Them All ADVANCED DEFENSE TOOLS Diggity Alert Fundle Bundle 53
  • 54. FUNdle Bundle ADVANCED DEFENSES 54
  • 55. FUNdle Bundle ADVANCED DEFENSES 55
  • 56. FUNdle Bundle MOBILE FRIENDLY 56
  • 58. SHODAN Alerts FINDING SCADA SYSTEMS 58
  • 59. SHODAN Alerts SHODAN RSS FEEDS 59
  • 60. Bing/Google Alerts THICK CLIENTS TOOLS Google/Bing Hacking Alert Thick Clients • Google/Bing Alerts RSS feeds as input • Allow user to set one or more filters • e.g. “yourcompany.com” in the URL • Several thick clients being released: • Windows Systray App • Droid app (coming soon) • iPhone app 60
  • 62. Alerts Diggity ADVANCED DEFENSES 62
  • 63. iDiggity Alerts ADVANCED DEFENSE TOOLS iDiggity Alerts 63
  • 64. iDiggity Alerts ADVANCED DEFENSES 64
  • 65. iDiggity Alerts ADVANCED DEFENSES 65
  • 66. New Defenses “G O O G L E / B I N G H A C K A L E R T S”  Tools exist  Convenient  Real-time updates  Multi-engine results  Historical archived data  Multi-domain searching 66
  • 67. Future Direction IS NOW 67
  • 68. Diggity Alert DB DATA MINING VULNS Diggity Alerts Database 68
  • 69. Dictionary Updates 3RD P A R T Y I N T E G R A T I O N New maintainers of the GHDB – 09 Nov 2010 • http://www.exploit-db.com/google-hacking-database-reborn/ 69
  • 70. Special Thanks Oscar “The Bull” Salazar Brad “BeSickWittIt” Sickles Nick “King Luscious” Harbin Prajakta “The Flasher” Jagdale Ruihai “Ninja” Fang Jason “Blk-majik” Lash
  • 71. Questions? Ask us something We’ll try to answer it. For more info: Email: contact@stachliu.com Project: diggity@stachliu.com Stach & Liu, LLC www.stachliu.com
  • 72. Thank You Stach & Liu Google Hacking Diggity Project info: http://www.stachliu.com/index.php/resources/tools/google-hacking-diggity-project/ 72