Atlanta Member Meeting 09.15.10 - Revision history

Shauvik at 19:07, 14 October 2010

2010-10-14T19:07:59Z

Shauvik at 19:07, 14 October 2010

2010-10-14T19:07:37Z

Shauvik at 19:06, 14 October 2010

2010-10-14T19:06:37Z

Shauvik: Created page with '===September 2010 Meeting=== '''WHAT::''' September Chapter Meeting '''WHEN::''' September 15th 2010 - 7-9PM '''WHERE::''' Building 400, 2nd floor. 1000 Abernathy Road, Buildi…'

2010-09-27T17:08:31Z

Created page with '===September 2010 Meeting=== '''WHAT::''' September Chapter Meeting '''WHEN::''' September 15th 2010 - 7-9PM '''WHERE::''' Building 400, 2nd floor. 1000 Abernathy Road, Buildi…'

New page

===September 2010 Meeting===
'''WHAT::''' September Chapter Meeting

'''WHEN::''' September 15th 2010 - 7-9PM

'''WHERE::''' Building 400, 2nd floor.
1000 Abernathy Road, Building 400
Suite 250
Atlanta, GA 30328

'''WHO::''' '''Rob Ragan'''
Rob Ragan is a Senior Security Associate at Stach & Liu where he primarily performs application penetration tests and source code review. Before joining Stach & Liu, Rob served as a Software Engineer at Hewlett-Packard’s Application Security Center where he developed web application security testing tools and conducted application penetration testing. Rob actively conducts web application security research and has presented at Black Hat, Defcon, InfoSec World, and Outerz0ne. Rob has also has published several white papers and is a contributing author to the upcoming Hacking Exposed: Web Applications 3rd edition.

'''ABSTRACT:: ''' Lord of the Bing: Taking back search engine hacking from Google and Bing

During World War II the CIA created a special information intelligence unit to exploit information gathered from openly available sources. One classic example of the team’s resourcefulness was the ability to determine whether Allied forces had successfully bombed bridges leading into Paris based on increasing orange prices. Since then OSINT sources have surged in number and diversity, but none can compare to the wealth of information provided by the Internet. Attackers have been clever enough in the past to take advantage of search engines to filter this information to identify vulnerabilities. However, current search hacking techniques have been stymied by search provider efforts to curb this type of behavior. Not anymore - this demonstration-heavy presentation picks up the subtle art of search engine hacking at the current state and discusses why these techniques fail. Several new search engine hacking techniques will be demonstrated that have resulted in remarkable breakthroughs against both Google and Bing. New tools will be demonstrated, along with the first ever "live vulnerability feed", which will quickly become the new standard on how to detect and protect yourself against these types of attacks.

'''SLIDES::''' TBD

← Older revision		Revision as of 19:07, 14 October 2010
Line 17:		Line 17:
	During World War II the CIA created a special information intelligence unit to exploit information gathered from openly available sources. One classic example of the team’s resourcefulness was the ability to determine whether Allied forces had successfully bombed bridges leading into Paris based on increasing orange prices. Since then OSINT sources have surged in number and diversity, but none can compare to the wealth of information provided by the Internet. Attackers have been clever enough in the past to take advantage of search engines to filter this information to identify vulnerabilities. However, current search hacking techniques have been stymied by search provider efforts to curb this type of behavior. Not anymore - this demonstration-heavy presentation picks up the subtle art of search engine hacking at the current state and discusses why these techniques fail. Several new search engine hacking techniques will be demonstrated that have resulted in remarkable breakthroughs against both Google and Bing. New tools will be demonstrated, along with the first ever "live vulnerability feed", which will quickly become the new standard on how to detect and protect yourself against these types of attacks.		During World War II the CIA created a special information intelligence unit to exploit information gathered from openly available sources. One classic example of the team’s resourcefulness was the ability to determine whether Allied forces had successfully bombed bridges leading into Paris based on increasing orange prices. Since then OSINT sources have surged in number and diversity, but none can compare to the wealth of information provided by the Internet. Attackers have been clever enough in the past to take advantage of search engines to filter this information to identify vulnerabilities. However, current search hacking techniques have been stymied by search provider efforts to curb this type of behavior. Not anymore - this demonstration-heavy presentation picks up the subtle art of search engine hacking at the current state and discusses why these techniques fail. Several new search engine hacking techniques will be demonstrated that have resulted in remarkable breakthroughs against both Google and Bing. New tools will be demonstrated, along with the first ever "live vulnerability feed", which will quickly become the new standard on how to detect and protect yourself against these types of attacks.

−	'''SLIDES::''' [http://www.owasp.org/images/5/54/Owasp_Atl_Oct-2010_Meeting-Lord_of_The_Bing.pdf ~~Presentation~~ Download]	+	'''SLIDES::''' [http://www.owasp.org/images/5/54/Owasp_Atl_Oct-2010_Meeting-Lord_of_The_Bing.pdf Download]

← Older revision		Revision as of 19:07, 14 October 2010
Line 17:		Line 17:
	During World War II the CIA created a special information intelligence unit to exploit information gathered from openly available sources. One classic example of the team’s resourcefulness was the ability to determine whether Allied forces had successfully bombed bridges leading into Paris based on increasing orange prices. Since then OSINT sources have surged in number and diversity, but none can compare to the wealth of information provided by the Internet. Attackers have been clever enough in the past to take advantage of search engines to filter this information to identify vulnerabilities. However, current search hacking techniques have been stymied by search provider efforts to curb this type of behavior. Not anymore - this demonstration-heavy presentation picks up the subtle art of search engine hacking at the current state and discusses why these techniques fail. Several new search engine hacking techniques will be demonstrated that have resulted in remarkable breakthroughs against both Google and Bing. New tools will be demonstrated, along with the first ever "live vulnerability feed", which will quickly become the new standard on how to detect and protect yourself against these types of attacks.		During World War II the CIA created a special information intelligence unit to exploit information gathered from openly available sources. One classic example of the team’s resourcefulness was the ability to determine whether Allied forces had successfully bombed bridges leading into Paris based on increasing orange prices. Since then OSINT sources have surged in number and diversity, but none can compare to the wealth of information provided by the Internet. Attackers have been clever enough in the past to take advantage of search engines to filter this information to identify vulnerabilities. However, current search hacking techniques have been stymied by search provider efforts to curb this type of behavior. Not anymore - this demonstration-heavy presentation picks up the subtle art of search engine hacking at the current state and discusses why these techniques fail. Several new search engine hacking techniques will be demonstrated that have resulted in remarkable breakthroughs against both Google and Bing. New tools will be demonstrated, along with the first ever "live vulnerability feed", which will quickly become the new standard on how to detect and protect yourself against these types of attacks.

−	'''SLIDES::''' [~~[File~~:Owasp_Atl_Oct-2010_Meeting-Lord_of_The_Bing.pdf]]	+	'''SLIDES::''' [http://www.owasp.org/images/5/54/Owasp_Atl_Oct-2010_Meeting-Lord_of_The_Bing.pdf Presentation Download]

← Older revision		Revision as of 19:06, 14 October 2010
Line 17:		Line 17:
	During World War II the CIA created a special information intelligence unit to exploit information gathered from openly available sources. One classic example of the team’s resourcefulness was the ability to determine whether Allied forces had successfully bombed bridges leading into Paris based on increasing orange prices. Since then OSINT sources have surged in number and diversity, but none can compare to the wealth of information provided by the Internet. Attackers have been clever enough in the past to take advantage of search engines to filter this information to identify vulnerabilities. However, current search hacking techniques have been stymied by search provider efforts to curb this type of behavior. Not anymore - this demonstration-heavy presentation picks up the subtle art of search engine hacking at the current state and discusses why these techniques fail. Several new search engine hacking techniques will be demonstrated that have resulted in remarkable breakthroughs against both Google and Bing. New tools will be demonstrated, along with the first ever "live vulnerability feed", which will quickly become the new standard on how to detect and protect yourself against these types of attacks.		During World War II the CIA created a special information intelligence unit to exploit information gathered from openly available sources. One classic example of the team’s resourcefulness was the ability to determine whether Allied forces had successfully bombed bridges leading into Paris based on increasing orange prices. Since then OSINT sources have surged in number and diversity, but none can compare to the wealth of information provided by the Internet. Attackers have been clever enough in the past to take advantage of search engines to filter this information to identify vulnerabilities. However, current search hacking techniques have been stymied by search provider efforts to curb this type of behavior. Not anymore - this demonstration-heavy presentation picks up the subtle art of search engine hacking at the current state and discusses why these techniques fail. Several new search engine hacking techniques will be demonstrated that have resulted in remarkable breakthroughs against both Google and Bing. New tools will be demonstrated, along with the first ever "live vulnerability feed", which will quickly become the new standard on how to detect and protect yourself against these types of attacks.

−	'''SLIDES::''' ~~TBD~~	+	'''SLIDES::''' [[File:Owasp_Atl_Oct-2010_Meeting-Lord_of_The_Bing.pdf]]