This talk will cover how I replicated a Shodan-like functionality to make a targeted, automated active-scanning and data-replicating system that seeks out and replicates open Mongo instances, Redis instances, and Apache / $webserver open indexes amongst other things. These findings are used in bug bounty submissions, all automated, and often collected while I sleep! Time-permitting, I'll also cover some of the most memorable results both in findings and in rewards for the findings.

Mike is the Founder & Lead Researcher for BHaFSec, LLC. in Ann Arbor, and also contributes to buffing up the AppSec program at Arbor Networks. He's been involved in the infosec arena since the late 90's, and has been recognized by organizations ranging from Google, AT&T, MIT, NASA/JPL, and many others.

Back to SecureWV 2016 video list