Full-Contact Recon

Presented at DerbyCon 7.0 Legacy (2017), Sept. 23, 2017, 4 p.m. (50 minutes)

"Imagine starting your pentest with a shell. Better yet, a shell with privileges. Skip the web app. Forget bruteforcing. Hackers often take the path of least resistance, and so should you. Not a pentester? You can still do this, and defend your infrastructure. Full-Contact Recon will guide the audience through practical information looting from public sources like Travis-CI, GitHub, Data.com, and popular social platforms (LinkedIn, Twitter, etc). We will also release three tools to streamline the process. Coupled with experiences from actual red team operations; we will show you several ways to make your first connection a privileged shell." int0x80 - int0x80 is the rapper in Dual Core. savant - savant is not in the sudoers file. This incident will be reported. int0x80 - @dualcoremusic savant - @savant42

Presenters:

• savant
• int0x80 (of Dual Core)

Links:

• https://www.derbycon.com/saturday-schedule/#event-107
• https://infocon.org/cons/DerbyCon/DerbyCon 7 2017/Full Contact Recon int0x80 of Dual Core savant.mp4