Just gave a SANS @MIC talk and wanted to share the links to the sites and tools I discussed. A video of the talk is below: https://www.youtube.com/watch?v=BVFhMqktkeE https://osintcurio.us/http://osintframework.dehttp://www.cnn.com/robots.txthttps://www.cisco.com/robots.txthttps://www.apple.com/robots.txthttps://email@example.com,41.053944,3.75zhttps://whatsmyname.app/https://www.bellingcat.com/news/2020/05/18/military-and-intelligence-personnel-can-be-tracked-with-the-untappd-beer-app/https://untappd.com/NorthernMonkhttps://untappd.osint.ninjahttps://wifi.xfinity.com/https://viewdns.info/https://www.osintcombine.com/data-visualization-toolhttps://haveibeenpwned.com/https://dehashed.com/https://sans.org/sec487https://github.com/webbreacher/untappdscraperInstant Data Scraper Google Chrome Extension
The links from my SANS @MIC talk/webcast from 2020-03-16.
This is a guest post by Ori. In the past 12 months I attended two SANS training events as a Work Study participant and decided to write this post based on my observations. SANS Institute is the biggest player in information security education field with the best and brightest instructors and unmatched content quality. This... Continue Reading →
SEC487 SANS Institute OSINT course http://www.sans.org/sec487
Some students in my SEC542 SANS class noted the funky Bash shell prompt I have for my terminal windows and wanted me to share it. So, this is a post to share it. My Bash shell prompt is: ┌─[HH:MM:SS]─[hostname: PresentWorkingDirectory] └──> $ and looks like this in the terminal when I took a pic of... Continue Reading →
Overview This is a list of steps to perform to perform a web application session hijacking attack against a logged-in user of a web app. It uses the wonderful Mutillidae (https://www.owasp.org/index.php/OWASP_Mutillidae_2_Project) vulnerable web application for the victim server, Burp Suite (free or pro, https://portswigger.net/burp/download.html) and a web browser (in this case, I've chosen Firefox). Steps... Continue Reading →
Of course if you aren't one of my students you still can read this. 🙂 In class I showed some extra slides on SQL injection. They are here http://www.slideshare.net/webbreacher/sans-night-talk-sql-injection-exploited Additionally, for the RFI (Remote File Include) examples, I showed a text file with the following in it: <?php $command='uname -a;id -a'; echo "Running the '$command' command:";... Continue Reading →
This post is just a follow-up for things I spoke about during the SANS Rocky Mountain conference held in Denver, CO in June 2014...well...now.MindMaps for Note-takingAs I mentioned in class, one way that I like to organize information during testing and just when taking notes, is in a MindMap format. There are some gorgeous "infographic-type" MindMaps... Continue Reading →