A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Human Error and It's Impact on Your Infosec Program - Mike Baker AIDE 2017 (Hacking Illustrated Series InfoSec Tutorial Videos)

Human Error and It's Impact on Your Infosec Program
Mike Baker
AIDE 2017

 

This talk will combine updated aspects of a talk I did at SecureWV in 2016 regarding automated Human Error Pwning, and discuss what tips and tricks I've extracted over the last 3+ years running this project to aide in preventing a lot of common pitfalls. I will get into a bit of technical detail about how I replicated a Shodan-like functionality to make a targeted, automated active-scanning and data-replicating system that seeks out and replicates open Mongo instances, Redis instances, and Apache / $webserver open indexes amongst other things. Time-permitting, I'll also cover some of the most memorable results both in findings at customer sites and in bug bounties.

Mike is the Founder & Lead Researcher for BHaFSec, LLC. in Ann Arbor, and also contributes to buffing up the AppSec program at Arbor Networks. He's been involved in the infosec arena since the late 90's, and has been recognized by organizations ranging from Google, AT&T, MIT, NASA/JPL, and many others.

Recorded at AIDE 2017

Back to AIDE 2017 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2016, IronGeek
Louisville / Kentuckiana Information Security Enthusiast