| |||||
| |||||
Search Irongeek.com:
Help Irongeek.com pay for bandwidth and research equipment: |
This talk will combine updated aspects of a talk I did at SecureWV in 2016 regarding
automated Human Error Pwning, and discuss what tips and tricks I've extracted over the last 3+
years running this project to aide in preventing a lot of common pitfalls. I will get into a bit of
technical detail about how I replicated a Shodan-like functionality to make a targeted, automated
active-scanning and data-replicating system that seeks out and replicates open Mongo
instances, Redis instances, and Apache / $webserver open indexes amongst other things.
Time-permitting, I'll also cover some of the most memorable results both in findings at customer
sites and in bug bounties.
Mike is the Founder & Lead Researcher for BHaFSec, LLC. in Ann Arbor, and also
contributes to buffing up the AppSec program at Arbor Networks. He's been involved in the
infosec arena since the late 90's, and has been recognized by organizations ranging from
Google, AT&T, MIT, NASA/JPL, and many others.
Recorded at AIDE 2017
15 most recent posts on Irongeek.com:
|
If you would like to republish one of the articles from this site on your
webpage or print journal please contact IronGeek.
Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast