Gone in 60 Minutes: Stealing Sensitive Data from Thousands of Systems Simultaneously with OpenDLP

Presented at DEF CON 19 (2011), Aug. 5, 2011, 5:30 p.m. (20 minutes)

Got domain admin to a couple of thousand Windows systems? Got an hour to spare? Steal sensitive data from all of these systems simultaneously in under an hour with OpenDLP. OpenDLP is an open source, agent-based, massively distributable, centrally managed data discovery program that runs as a service on Windows systems and is controlled from a centralized web application. The agent is written in C, has no .NET requirements, uses PCREs for pattern matching, reads inside ZIPs like Office 2007 and OpenOffice files, runs as a low priority service so users do not see or feel it, and securely transmits results to the centralized web application on a regular basis. The web application distributes, installs, and uninstalls agents over SMB; allows you to create reusable profiles, view results in realtime, and mark false positives; and exports results as XML. OpenDLP also supports scanning databases for sensitive information. It can also perform agentless scans of Windows systems over SMB and UNIX/Linux systems over SSH.


  • Andrew Gavin - Consultant, Verizon Business
    Andrew Gavin creator of OpenDLP, is an information security consultant at Verizon Business. He has more than 11 years of experience in security assessments of networks and applications. He has consulted for numerous customers in various industries around the world. Twitter: @andrewgavin