Give the dog a bone - Exploring OSINT capabilities of pen-testing tools

Presented at BSidesLV 2019, Aug. 6, 2019, 5 p.m. (55 minutes)

We're moving from pets to cattle when it comes to infrastructure. How has the adversary adopted? Given servers are ephemeral, stateless and usually well secured, is brute-forcing still a top priority? This talk will identify brute forcing patterns and timing metrics on fully-patched SSH servers in public clouds. It also comes with a twist: what happens when we give them a hint. Are reconnaissance and attacking tools so automated that they ignore useful information?

Presenters:

• John Brunn
  John has over 20 years of infosec experience, and is currently head of security at CMD. Settling in San Francisco in 2000, he has run security teams at retail and travel e-commerce companies, as well as a mobile security startup. He once cooked the breakfast bar at Michigan Big Boy restaurants. In his free time he plays guitar in an Alt-Country band and plays beer-league ice hockey. His dog probably hates him.

Similar Presentations:

• BruCON 0x09 (2017) / Knock Knock... Who's there? admin admin and get in! An overview of the CMS brute-forcing malware landscape.