Let's Rethink Enumeration

Presented at Kernelcon 2022, April 2, 2022, 11:15 a.m. (20 minutes)

When you think "enumeration", you probably think "nmap, dns brute force, maybe shodan", right? What if I told you there's a way to get to the same ends without nearly as much scanning and touching the perimeter of the org you want info on? In this talk I'll cover some clever enumeration techniques that will tell you more about the org you're interested in, and go beyond simple host and ip discovery. We can learn a bit about who they are, how they operate, and what assumptions are safe to make about them based on the findings like "do they put stuff that isnt production ready online", and "are they posting secrets somewhere public"?


  • Dan Tentler / Viss as Dan Tentler
    Dan Tentler is the Executive Founder and CTO of Phobos Group, a boutique information security services and products company. Having been on both red and blue teams, Dan brings a wealth of defensive and adversarial knowledge to security landscape 2022 produces for us all. Dan has spent time at Twitter, British Telecom, Websense, Anonymizer, Intuit and Sempra Energy, to name a few and has a strong background in systems, networking, architecture and wireless networks, translating to strengths in lateral movement, data exfiltration, hiding from the blue team, physical security and a variety of other redteam techniques. Outside of work, Dan cooking, FPV drones and making hot sauce.

Similar Presentations: