A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
ISDPodcast Button
RootSecure Button
Social-engineer-training Button
Irongeek Button

Web Hosting:
Dreamhost Logo
Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Tim Tomes "LanMaSteR53": Next Generation Web Reconnaissance Derbycon 2012 (Hacking Illustrated Series InfoSec Tutorial Videos)

Tim Tomes "LanMaSteR53": Next Generation Web Reconnaissance
Derbycon 2012 Stable Talk

It's no secret, black hats have been using open sources of information to conduct precise targeting for social engineering and network attacks for years. Penetration testers, often confronted with time constraints, overlook this all important step in the attack process, and fail to show the true, complete threat that their customers face. Even when an honest attempt at reconnaissance is made, the ever-changing nature of search engines and web technologies make automating the reconnaissance process painful to accomplish and maintain. In many cases, it just isn't done right, which leads to improper reconnaissance and bad intelligence. I have been working to create several quality tools that leverage the power of search engines, social networks, and cloud CRMs to automate the reconnaissance process and increase the integrity of the intelligence gathered before the attack occurs. I'll be releasing these tools during the talk, and will begin to explore a new reconnaissance concept; conducting physical reconnaissance of a target without ever setting foot on the ground. As a part of this new discussion, I'll also be releasing an updated version of Pushpin, a social networking proximity geolocation tool.

Tim Tomes is a Senior Security Consultant and Research Specialist for Black Hills Information Security with over 15 years' experience in information technology and application development. Tim has performed many consultative engagements including enterprise security and risk assessments, perimeter penetration testing, web application security testing, vulnerability assessments, social engineering, and physical security testing, with extensive experience in dealing with Department of Defense systems. Prior to joining BHIS, Tim spent a brief period of time as a Senior Security Consultant for Accuvant Labs and enjoyed a 9-year career as an Officer in the United States Army where he was the principle designer and manager of the Army's first Cyber Defense Training program. Tim also spent 3 years as the Army Red Team's Senior Team Leader where he managed and led teams in full scope security assessments on Department of Defense systems. Tim is a Technical Security blogger for PaulDotCom Security Weekly, the world's largest computer security podcast, and has presented at security conferences such as Hack3rCon II, 2011.

Big thanks to Damian Profancik for recording these.

Back to Derbycon 2012 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2014, IronGeek
Louisville / Kentuckiana Information Security Enthusiast