Overview
Explore the intricacies of modern digital footprinting in this 51-minute conference talk from Derbycon 2015. Delve into various digital channels, decentralization challenges, and annual pin testing practices. Examine issues like impersonating apps, lack of monitoring, and rapid growth in third-party libraries. Analyze security challenges posed by CDN breaches and mobile platforms like Snapchat. Learn techniques for fully targeted attacks, including network mapping, search source mining, and public source code analysis on platforms like GitHub. Discover the importance of geofencing, passive DNS, and proxy log mining in creating comprehensive databases for pin testing. Gain valuable insights into the modern digital landscape and enhance your understanding of cybersecurity vulnerabilities and mitigation strategies.
Syllabus
Introduction
The Agenda
Overview
Digital Channels
Decentralization
Delusional
Annual Pin Test
Three Annoying Issues
Impersonating Apps
No Monitoring
Rapid Growth
ThirdParty Libraries
ThirdParty Security Challenge
CDN Breach
Giga
Hacktivism
Mobile
Snapchat
Things to think about
Fully Targeted
ThirdParty Components
Who is my target
Network Mapping
Search Sources
Public Source Code
GitHub
Live Example
Capture Search Engine Mining
Geofencing
Missing from programs
Passive DNS
One database
Pin testing
Conclusion
Mining proxy logs
Creating a database