Explore the intricacies of wordlist creation and utilization in this 50-minute conference talk from NahamCon2020. Delve into the importance of wordlists, their applications, and the challenges associated with pre-baked lists. Learn techniques for manually curating target-specific lists, extracting and processing path data, and finding words unique to a target. Discover methods for fetching and tokenizing data, writing big queries, and using paths to uncover valuable information. Gain insights into processing GitHub files and leveraging custom but generic approaches for effective wordlist generation and application in cybersecurity contexts.
Overview
Syllabus
Intro
What's a wordlist?
Why are they useful?
Where can they be used?
Pre-baked lists
So what's the problem?
Manually curated
Target-specific lists
Getting path data
Processing path data
Extract all the parts
While we're here...
Using the list
Finding words unique to a target
Tokenizing
Fetch all the things
Custom but generic
Writing Big Queries
Finding paths
Using paths to find things instead
The bug
The results
3 GitHub
Processing the files
More files
Taught by
NahamSec
