SlideShare ist ein Scribd-Unternehmen logo

Sploitego

Als PPTX, PDF herunterladen
London School of Cyber Security
London School of Cyber Security

Nadeem Douba, GWAPT, GPEN currently situated in the Ottawa (Ontario, Canada) valley, Nadeem provides technical security consulting services primarily to clients in the health, education, and public sectors. Nadeem has been involved within the security community for over ten years and has frequently presented talks in his local ISSA chapter, and most recently at DEF CON 20 on the topics of Open Source Intelligence and mobile security. He is also an active member of the open source software community and has contributed to projects such as libnet, Backtrack, and Maltego.

BildungTechnologie
1 von 23
Presented by Nadeem Douba 1Monday, July 29, 2013@ndouba | ndouba@gmail.com
 Situated in Ottawa, ON, Canada  Work at Cygnos Information Security as Pen- Tester ◦ Subsidiary of Raymond Chabot Grant Thornton  Open Source Intelligence (OSInt)/Data Science Fanatic!  Open Source Software Fanatic: https://github.com/allfro  Credentials? ◦ Yes I sold my soul to the devil… 2Monday, July 29, 2013@ndouba | ndouba@gmail.com
 A Brief Intro to Maltego  What is Sploitego?  Why Sploitego?  Cool Demos  Installing Sploitego on Backtrack  Creating Your Own Transforms  Wrap Up  Questions Monday, July 29, 2013 3@ndouba | ndouba@gmail.com
For those who are not familiar… Monday, July 29, 2013 4@ndouba | ndouba@gmail.com
Sounds interesting… Monday, July 29, 2013 5@ndouba | ndouba@gmail.com
Monday, July 29, 2013 6@ndouba | ndouba@gmail.com
 Pen-test transforms for Maltego! ◦ Transforms for all stages  Built with Python and Canari Framework ◦ Rapid Development Local Transform Framework Monday, July 29, 2013 7@ndouba | ndouba@gmail.com
Hasn’t this been done before? Monday, July 29, 2013 8@ndouba | ndouba@gmail.com
 Open Source Intelligence (OSInt) gathering is a big part of our assessments.  Information we collect about our targets can break them.  Most OSINT tools work with Public information repositories.  What if you are working with something Private? Monday, July 29, 2013@ndouba | ndouba@gmail.com 9
Monday, July 29, 2013 10@ndouba | ndouba@gmail.com
Monday, July 29, 2013@ndouba | ndouba@gmail.com 11
Pros Cons  Full Client-side Control  Maintain Privacy  Great Data Visibility ✗ Processing Overhead ✗ Development ✗ IP Disclosure Monday, July 29, 2013 12@ndouba | ndouba@gmail.com
That can’t already be done with a remote transform? Monday, July 29, 2013@ndouba | ndouba@gmail.com 13
On Backtrack… Monday, July 29, 2013@ndouba | ndouba@gmail.com 14
Sploitego DNS Transforms Monday, July 29, 2013 15@ndouba | ndouba@gmail.com
Service Discovery Demo Monday, July 29, 2013 16@ndouba | ndouba@gmail.com
Vulnerability Discovery Demo Monday, July 29, 2013 17@ndouba | ndouba@gmail.com
With the Canari Framework! Monday, July 29, 2013 18@ndouba | ndouba@gmail.com
 Malformity by Keith Gilbert and team: ◦ https://github.com/digital4rensics/Malformity  NWMaltego, PaMalt, and CuckooForCanari by J. David Bressler and Rich Popson: ◦ https://github.com/bostonlink/nwmaltego_canari ◦ https://github.com/bostonlink/pamalt_canari ◦ https://github.com/bostonlink/cuckooforcanari  CookieGrabber by Adam Maxwell: ◦ https://github.com/catalyst256/canariCookieGrabber Monday, July 29, 2013@ndouba | ndouba@gmail.com 19
 Canari Websites: ◦ http://www.canariproject.com ◦ https://forums.canariproject.com  Limited Documentation: ◦ https://github.com/allfro/canari ◦ https://github.com/allfro/sploitego  Youtube Channel: ◦ http://youtube.com/allfro  Source Code/Bugging me Monday, July 29, 2013 20@ndouba | ndouba@gmail.com
 Email: ndouba@gmail.com  Twitter: @ndouba  Skype: nadeem.douba 21Monday, July 29, 2013@ndouba | ndouba@gmail.com
 Paterva: ◦ Andrew MacPherson (Mohawk) ◦ Roelof Temmingh (RT)  Cygnos/RCGTCI  The Security Community 22Monday, July 29, 2013@ndouba | ndouba@gmail.com
Questions in Q&A 23Monday, July 29, 2013@ndouba | ndouba@gmail.com

Empfohlen

451 Research Report on Avalon Big Data Capabilities - 2017
451 Research Report on Avalon Big Data Capabilities - 2017451 Research Report on Avalon Big Data Capabilities - 2017
451 Research Report on Avalon Big Data Capabilities - 2017Tom Reidy
 
Maltego Radium Mapping Network Ties and Identities across the Internet
Maltego Radium Mapping Network Ties and Identities across the InternetMaltego Radium Mapping Network Ties and Identities across the Internet
Maltego Radium Mapping Network Ties and Identities across the InternetShalin Hai-Jew
 
Ethical Hacking and Penetration Testing
Ethical Hacking and Penetration Testing Ethical Hacking and Penetration Testing
Ethical Hacking and Penetration Testing Rishabh Upadhyay
 
Web hackingtools cf-summit2014
Web hackingtools cf-summit2014Web hackingtools cf-summit2014
Web hackingtools cf-summit2014ColdFusionConference
 
Kali Linux, Introduction to Ethical Hacking and Penetration Tools
Kali Linux, Introduction to Ethical Hacking and Penetration ToolsKali Linux, Introduction to Ethical Hacking and Penetration Tools
Kali Linux, Introduction to Ethical Hacking and Penetration ToolsRassoul Ghaznavi Zadeh
 
OWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesOWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesSoftware Guru
 
Ethical Hacking & Penetration Testing
Ethical Hacking & Penetration TestingEthical Hacking & Penetration Testing
Ethical Hacking & Penetration TestingSurachai Chatchalermpun
 
Sizma testi bilgi toplama
Sizma testi bilgi toplamaSizma testi bilgi toplama
Sizma testi bilgi toplamaBTRisk Bilgi Güvenliği ve BT Yönetişim Hizmetleri
 

Empfohlen

451 Research Report on Avalon Big Data Capabilities - 2017
451 Research Report on Avalon Big Data Capabilities - 2017451 Research Report on Avalon Big Data Capabilities - 2017
451 Research Report on Avalon Big Data Capabilities - 2017Tom Reidy
 
Maltego Radium Mapping Network Ties and Identities across the Internet
Maltego Radium Mapping Network Ties and Identities across the InternetMaltego Radium Mapping Network Ties and Identities across the Internet
Maltego Radium Mapping Network Ties and Identities across the InternetShalin Hai-Jew
 
Ethical Hacking and Penetration Testing
Ethical Hacking and Penetration Testing Ethical Hacking and Penetration Testing
Ethical Hacking and Penetration Testing Rishabh Upadhyay
 
Web hackingtools cf-summit2014
Web hackingtools cf-summit2014Web hackingtools cf-summit2014
Web hackingtools cf-summit2014ColdFusionConference
 
Kali Linux, Introduction to Ethical Hacking and Penetration Tools
Kali Linux, Introduction to Ethical Hacking and Penetration ToolsKali Linux, Introduction to Ethical Hacking and Penetration Tools
Kali Linux, Introduction to Ethical Hacking and Penetration ToolsRassoul Ghaznavi Zadeh
 
OWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesOWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesSoftware Guru
 
Ethical Hacking & Penetration Testing
Ethical Hacking & Penetration TestingEthical Hacking & Penetration Testing
Ethical Hacking & Penetration TestingSurachai Chatchalermpun
 
Sizma testi bilgi toplama
Sizma testi bilgi toplamaSizma testi bilgi toplama
Sizma testi bilgi toplamaBTRisk Bilgi Güvenliği ve BT Yönetişim Hizmetleri
 
Using source control for domino development - AUSLUG 2016
Using source control for domino development - AUSLUG 2016Using source control for domino development - AUSLUG 2016
Using source control for domino development - AUSLUG 2016gregorbyte
 
The Mindset Change for the Agile Tester
The Mindset Change for the Agile TesterThe Mindset Change for the Agile Tester
The Mindset Change for the Agile TesterTechWell
 
Real User Measurement Expert Panel by SOASTA
Real User Measurement Expert Panel by SOASTAReal User Measurement Expert Panel by SOASTA
Real User Measurement Expert Panel by SOASTASOASTA
 
Design is a Process, not an Artefact - Trisha Gee (MongoDB)
Design is a Process, not an Artefact - Trisha Gee (MongoDB)Design is a Process, not an Artefact - Trisha Gee (MongoDB)
Design is a Process, not an Artefact - Trisha Gee (MongoDB)jaxLondonConference
 
Distributed Agile Testing: Yes, You Can
Distributed Agile Testing: Yes, You CanDistributed Agile Testing: Yes, You Can
Distributed Agile Testing: Yes, You CanTechWell
 
MDN is easy!
MDN is easy!MDN is easy!
MDN is easy!Chris Mills
 
Ignite combined uxpa2013_2013-7-10
Ignite combined uxpa2013_2013-7-10Ignite combined uxpa2013_2013-7-10
Ignite combined uxpa2013_2013-7-10UXPA International
 
"Crazy Uses of DNS" Rule 53: If you can think of it, someone's done it in the...
"Crazy Uses of DNS" Rule 53: If you can think of it, someone's done it in the..."Crazy Uses of DNS" Rule 53: If you can think of it, someone's done it in the...
"Crazy Uses of DNS" Rule 53: If you can think of it, someone's done it in the...DNSFilter
 
The Business Case for UX
The Business Case for UXThe Business Case for UX
The Business Case for UXDanielle Cooley
 
GDG Athens I/O Extended 2022
GDG Athens I/O Extended 2022GDG Athens I/O Extended 2022
GDG Athens I/O Extended 2022HeliumYang
 
Is there a Future for devops ?
Is there a Future for devops ? Is there a Future for devops ?
Is there a Future for devops ? Kris Buytaert
 
Digibury: SciVisum - Making your website fast - and scalable
Digibury: SciVisum - Making your website fast - and scalableDigibury: SciVisum - Making your website fast - and scalable
Digibury: SciVisum - Making your website fast - and scalableLizzie Hodgson
 
TestBoss October 2019
TestBoss October 2019TestBoss October 2019
TestBoss October 2019Corecom Consulting
 
Google Associate Cloud Engineer Certification Tips
Google Associate Cloud Engineer Certification TipsGoogle Associate Cloud Engineer Certification Tips
Google Associate Cloud Engineer Certification TipsDaniel Zivkovic
 
ACM @ UGA + GDG Athens presents: UGA Tech Organizations Showcase
ACM @ UGA + GDG Athens presents: UGA Tech Organizations ShowcaseACM @ UGA + GDG Athens presents: UGA Tech Organizations Showcase
ACM @ UGA + GDG Athens presents: UGA Tech Organizations ShowcaseHeliumYang
 
Aten ntc-stories
Aten ntc-storiesAten ntc-stories
Aten ntc-storiesJ Matthew Saunders
 
Dagslore Technology Solutions- company profile
Dagslore Technology Solutions- company profileDagslore Technology Solutions- company profile
Dagslore Technology Solutions- company profileDagslore
 
Google Assistant Overview
Google Assistant Overview Google Assistant Overview
Google Assistant Overview AI.academy
 
PhoneGap in 60 Minutes or Less
PhoneGap in 60 Minutes or LessPhoneGap in 60 Minutes or Less
PhoneGap in 60 Minutes or LessTroy Miles
 
1.1. course introduction
1.1. course introduction1.1. course introduction
1.1. course introductionNicholas Wong
 
The Panama Papers Hack
The Panama Papers HackThe Panama Papers Hack
The Panama Papers HackLondon School of Cyber Security
 
ISIS and Cyber Terrorism
ISIS and Cyber TerrorismISIS and Cyber Terrorism
ISIS and Cyber TerrorismLondon School of Cyber Security
 

Weitere ähnliche Inhalte

Ähnlich wie Sploitego

Using source control for domino development - AUSLUG 2016
Using source control for domino development - AUSLUG 2016Using source control for domino development - AUSLUG 2016
Using source control for domino development - AUSLUG 2016gregorbyte
 
The Mindset Change for the Agile Tester
The Mindset Change for the Agile TesterThe Mindset Change for the Agile Tester
The Mindset Change for the Agile TesterTechWell
 
Real User Measurement Expert Panel by SOASTA
Real User Measurement Expert Panel by SOASTAReal User Measurement Expert Panel by SOASTA
Real User Measurement Expert Panel by SOASTASOASTA
 
Design is a Process, not an Artefact - Trisha Gee (MongoDB)
Design is a Process, not an Artefact - Trisha Gee (MongoDB)Design is a Process, not an Artefact - Trisha Gee (MongoDB)
Design is a Process, not an Artefact - Trisha Gee (MongoDB)jaxLondonConference
 
Distributed Agile Testing: Yes, You Can
Distributed Agile Testing: Yes, You CanDistributed Agile Testing: Yes, You Can
Distributed Agile Testing: Yes, You CanTechWell
 
Ignite combined uxpa2013_2013-7-10
Ignite combined uxpa2013_2013-7-10Ignite combined uxpa2013_2013-7-10
Ignite combined uxpa2013_2013-7-10UXPA International
 
"Crazy Uses of DNS" Rule 53: If you can think of it, someone's done it in the...
"Crazy Uses of DNS" Rule 53: If you can think of it, someone's done it in the..."Crazy Uses of DNS" Rule 53: If you can think of it, someone's done it in the...
"Crazy Uses of DNS" Rule 53: If you can think of it, someone's done it in the...DNSFilter
 
The Business Case for UX
The Business Case for UXThe Business Case for UX
The Business Case for UXDanielle Cooley
 
GDG Athens I/O Extended 2022
GDG Athens I/O Extended 2022GDG Athens I/O Extended 2022
GDG Athens I/O Extended 2022HeliumYang
 
Is there a Future for devops ?
Is there a Future for devops ? Is there a Future for devops ?
Is there a Future for devops ? Kris Buytaert
 
Digibury: SciVisum - Making your website fast - and scalable
Digibury: SciVisum - Making your website fast - and scalableDigibury: SciVisum - Making your website fast - and scalable
Digibury: SciVisum - Making your website fast - and scalableLizzie Hodgson
 
Google Associate Cloud Engineer Certification Tips
Google Associate Cloud Engineer Certification TipsGoogle Associate Cloud Engineer Certification Tips
Google Associate Cloud Engineer Certification TipsDaniel Zivkovic
 
ACM @ UGA + GDG Athens presents: UGA Tech Organizations Showcase
ACM @ UGA + GDG Athens presents: UGA Tech Organizations ShowcaseACM @ UGA + GDG Athens presents: UGA Tech Organizations Showcase
ACM @ UGA + GDG Athens presents: UGA Tech Organizations ShowcaseHeliumYang
 
Dagslore Technology Solutions- company profile
Dagslore Technology Solutions- company profileDagslore Technology Solutions- company profile
Dagslore Technology Solutions- company profileDagslore
 
Google Assistant Overview
Google Assistant Overview Google Assistant Overview
Google Assistant Overview AI.academy
 
PhoneGap in 60 Minutes or Less
PhoneGap in 60 Minutes or LessPhoneGap in 60 Minutes or Less
PhoneGap in 60 Minutes or LessTroy Miles
 
1.1. course introduction
1.1. course introduction1.1. course introduction
1.1. course introductionNicholas Wong
 

Ähnlich wie Sploitego (20)

Using source control for domino development - AUSLUG 2016
Using source control for domino development - AUSLUG 2016Using source control for domino development - AUSLUG 2016
Using source control for domino development - AUSLUG 2016
 
The Mindset Change for the Agile Tester
The Mindset Change for the Agile TesterThe Mindset Change for the Agile Tester
The Mindset Change for the Agile Tester
 
Real User Measurement Expert Panel by SOASTA
Real User Measurement Expert Panel by SOASTAReal User Measurement Expert Panel by SOASTA
Real User Measurement Expert Panel by SOASTA
 
Design is a Process, not an Artefact - Trisha Gee (MongoDB)
Design is a Process, not an Artefact - Trisha Gee (MongoDB)Design is a Process, not an Artefact - Trisha Gee (MongoDB)
Design is a Process, not an Artefact - Trisha Gee (MongoDB)
 
Distributed Agile Testing: Yes, You Can
Distributed Agile Testing: Yes, You CanDistributed Agile Testing: Yes, You Can
Distributed Agile Testing: Yes, You Can
 
MDN is easy!
MDN is easy!MDN is easy!
MDN is easy!
 
Ignite combined uxpa2013_2013-7-10
Ignite combined uxpa2013_2013-7-10Ignite combined uxpa2013_2013-7-10
Ignite combined uxpa2013_2013-7-10
 
"Crazy Uses of DNS" Rule 53: If you can think of it, someone's done it in the...
"Crazy Uses of DNS" Rule 53: If you can think of it, someone's done it in the..."Crazy Uses of DNS" Rule 53: If you can think of it, someone's done it in the...
"Crazy Uses of DNS" Rule 53: If you can think of it, someone's done it in the...
 
The Business Case for UX
The Business Case for UXThe Business Case for UX
The Business Case for UX
 
GDG Athens I/O Extended 2022
GDG Athens I/O Extended 2022GDG Athens I/O Extended 2022
GDG Athens I/O Extended 2022
 
Is there a Future for devops ?
Is there a Future for devops ? Is there a Future for devops ?
Is there a Future for devops ?
 
Digibury: SciVisum - Making your website fast - and scalable
Digibury: SciVisum - Making your website fast - and scalableDigibury: SciVisum - Making your website fast - and scalable
Digibury: SciVisum - Making your website fast - and scalable
 
TestBoss October 2019
TestBoss October 2019TestBoss October 2019
TestBoss October 2019
 
Google Associate Cloud Engineer Certification Tips
Google Associate Cloud Engineer Certification TipsGoogle Associate Cloud Engineer Certification Tips
Google Associate Cloud Engineer Certification Tips
 
ACM @ UGA + GDG Athens presents: UGA Tech Organizations Showcase
ACM @ UGA + GDG Athens presents: UGA Tech Organizations ShowcaseACM @ UGA + GDG Athens presents: UGA Tech Organizations Showcase
ACM @ UGA + GDG Athens presents: UGA Tech Organizations Showcase
 
Aten ntc-stories
Aten ntc-storiesAten ntc-stories
Aten ntc-stories
 
Dagslore Technology Solutions- company profile
Dagslore Technology Solutions- company profileDagslore Technology Solutions- company profile
Dagslore Technology Solutions- company profile
 
Google Assistant Overview
Google Assistant Overview Google Assistant Overview
Google Assistant Overview
 
PhoneGap in 60 Minutes or Less
PhoneGap in 60 Minutes or LessPhoneGap in 60 Minutes or Less
PhoneGap in 60 Minutes or Less
 
1.1. course introduction
1.1. course introduction1.1. course introduction
1.1. course introduction
 

Mehr von London School of Cyber Security

How To Defeat Advanced Malware. New Tools for Protection and Forensics
How To Defeat Advanced Malware. New Tools for Protection and ForensicsHow To Defeat Advanced Malware. New Tools for Protection and Forensics
How To Defeat Advanced Malware. New Tools for Protection and ForensicsLondon School of Cyber Security
 
Website Impersonation Attacks. Who is REALLY Behind That Mask?
Website Impersonation Attacks. Who is REALLY Behind That Mask?Website Impersonation Attacks. Who is REALLY Behind That Mask?
Website Impersonation Attacks. Who is REALLY Behind That Mask?London School of Cyber Security
 
Changing the Mindset: Creating a Risk-Conscious Culture - Hacker Hotshots
Changing the Mindset: Creating a Risk-Conscious Culture - Hacker HotshotsChanging the Mindset: Creating a Risk-Conscious Culture - Hacker Hotshots
Changing the Mindset: Creating a Risk-Conscious Culture - Hacker HotshotsLondon School of Cyber Security
 

Mehr von London School of Cyber Security (20)

The Panama Papers Hack
The Panama Papers HackThe Panama Papers Hack
The Panama Papers Hack
 
ISIS and Cyber Terrorism
ISIS and Cyber TerrorismISIS and Cyber Terrorism
ISIS and Cyber Terrorism
 
Silk Road & Online Narcotic Distribution
Silk Road & Online Narcotic DistributionSilk Road & Online Narcotic Distribution
Silk Road & Online Narcotic Distribution
 
Ashely Madison Hack
Ashely Madison HackAshely Madison Hack
Ashely Madison Hack
 
How To Protect Your Website From Bot Attacks
How To Protect Your Website From Bot AttacksHow To Protect Your Website From Bot Attacks
How To Protect Your Website From Bot Attacks
 
How To Defeat Advanced Malware. New Tools for Protection and Forensics
How To Defeat Advanced Malware. New Tools for Protection and ForensicsHow To Defeat Advanced Malware. New Tools for Protection and Forensics
How To Defeat Advanced Malware. New Tools for Protection and Forensics
 
How To Catch a Phish: User Awareness and Training
How To Catch a Phish: User Awareness and TrainingHow To Catch a Phish: User Awareness and Training
How To Catch a Phish: User Awareness and Training
 
Advanced Threat Detection in ICS – SCADA Environments
Advanced Threat Detection in ICS – SCADA EnvironmentsAdvanced Threat Detection in ICS – SCADA Environments
Advanced Threat Detection in ICS – SCADA Environments
 
What Everybody Ought to Know About PCI DSS and PA-DSS
What Everybody Ought to Know About PCI DSS and PA-DSSWhat Everybody Ought to Know About PCI DSS and PA-DSS
What Everybody Ought to Know About PCI DSS and PA-DSS
 
Building an Effective Cyber Intelligence Program
Building an Effective Cyber Intelligence ProgramBuilding an Effective Cyber Intelligence Program
Building an Effective Cyber Intelligence Program
 
Crowdsourced Vulnerability Testing
Crowdsourced Vulnerability TestingCrowdsourced Vulnerability Testing
Crowdsourced Vulnerability Testing
 
Memory forensics and incident response
Memory forensics and incident responseMemory forensics and incident response
Memory forensics and incident response
 
Gauntlt Rugged By Example
Gauntlt Rugged By ExampleGauntlt Rugged By Example
Gauntlt Rugged By Example
 
Application Hackers Have A Handbook. Why Shouldn't You?
Application Hackers Have A Handbook. Why Shouldn't You?Application Hackers Have A Handbook. Why Shouldn't You?
Application Hackers Have A Handbook. Why Shouldn't You?
 
Website Impersonation Attacks. Who is REALLY Behind That Mask?
Website Impersonation Attacks. Who is REALLY Behind That Mask?Website Impersonation Attacks. Who is REALLY Behind That Mask?
Website Impersonation Attacks. Who is REALLY Behind That Mask?
 
Sploitego
SploitegoSploitego
Sploitego
 
Legal Issues in Mobile Security Research
Legal Issues in Mobile Security ResearchLegal Issues in Mobile Security Research
Legal Issues in Mobile Security Research
 
Blind XSS
Blind XSSBlind XSS
Blind XSS
 
Changing the Mindset: Creating a Risk-Conscious Culture - Hacker Hotshots
Changing the Mindset: Creating a Risk-Conscious Culture - Hacker HotshotsChanging the Mindset: Creating a Risk-Conscious Culture - Hacker Hotshots
Changing the Mindset: Creating a Risk-Conscious Culture - Hacker Hotshots
 
Bulletproof IT Security
Bulletproof IT SecurityBulletproof IT Security
Bulletproof IT Security
 

Kürzlich hochgeladen

USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...Postal Advocate Inc.
 
Concurrency Control in Database Management system
Concurrency Control in Database Management systemConcurrency Control in Database Management system
Concurrency Control in Database Management systemChristalin Nelson
 
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxQ4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxlancelewisportillo
 
EMBODO Lesson Plan Grade 9 Law of Sines.docx
EMBODO Lesson Plan Grade 9 Law of Sines.docxEMBODO Lesson Plan Grade 9 Law of Sines.docx
EMBODO Lesson Plan Grade 9 Law of Sines.docxElton John Embodo
 
Active Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdfActive Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdfPatidar M
 
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Celine George
 
Activity 2-unit 2-update 2024. English translation
Activity 2-unit 2-update 2024. English translationActivity 2-unit 2-update 2024. English translation
Activity 2-unit 2-update 2024. English translationRosabel UA
 
Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4JOYLYNSAMANIEGO
 
Textual Evidence in Reading and Writing of SHS
Textual Evidence in Reading and Writing of SHSTextual Evidence in Reading and Writing of SHS
Textual Evidence in Reading and Writing of SHSMae Pangan
 
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfGrade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfJemuel Francisco
 
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptxAUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptxiammrhaywood
 
Dust Of Snow By Robert Frost Class-X English CBSE
Dust Of Snow By Robert Frost Class-X English CBSEDust Of Snow By Robert Frost Class-X English CBSE
Dust Of Snow By Robert Frost Class-X English CBSEaurabinda banchhor
 
Oppenheimer Film Discussion for Philosophy and Film
Oppenheimer Film Discussion for Philosophy and FilmOppenheimer Film Discussion for Philosophy and Film
Oppenheimer Film Discussion for Philosophy and FilmStan Meyer
 
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfVirtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfErwinPantujan2
 
ClimART Action | eTwinning Project
ClimART Action | eTwinning ProjectClimART Action | eTwinning Project
ClimART Action | eTwinning Projectjordimapav
 
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONHumphrey A Beña
 
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSGRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSJoshuaGantuangco2
 
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfInclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfTechSoup
 

Kürzlich hochgeladen (20)

USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
 
Concurrency Control in Database Management system
Concurrency Control in Database Management systemConcurrency Control in Database Management system
Concurrency Control in Database Management system
 
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxQ4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
 
EMBODO Lesson Plan Grade 9 Law of Sines.docx
EMBODO Lesson Plan Grade 9 Law of Sines.docxEMBODO Lesson Plan Grade 9 Law of Sines.docx
EMBODO Lesson Plan Grade 9 Law of Sines.docx
 
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptxYOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
 
Active Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdfActive Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdf
 
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
 
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptxYOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
 
Activity 2-unit 2-update 2024. English translation
Activity 2-unit 2-update 2024. English translationActivity 2-unit 2-update 2024. English translation
Activity 2-unit 2-update 2024. English translation
 
Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4
 
Textual Evidence in Reading and Writing of SHS
Textual Evidence in Reading and Writing of SHSTextual Evidence in Reading and Writing of SHS
Textual Evidence in Reading and Writing of SHS
 
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfGrade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
 
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptxAUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
 
Dust Of Snow By Robert Frost Class-X English CBSE
Dust Of Snow By Robert Frost Class-X English CBSEDust Of Snow By Robert Frost Class-X English CBSE
Dust Of Snow By Robert Frost Class-X English CBSE
 
Oppenheimer Film Discussion for Philosophy and Film
Oppenheimer Film Discussion for Philosophy and FilmOppenheimer Film Discussion for Philosophy and Film
Oppenheimer Film Discussion for Philosophy and Film
 
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfVirtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
 
ClimART Action | eTwinning Project
ClimART Action | eTwinning ProjectClimART Action | eTwinning Project
ClimART Action | eTwinning Project
 
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
 
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSGRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
 
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfInclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
 

Sploitego

  • 1. Presented by Nadeem Douba 1Monday, July 29, 2013@ndouba | ndouba@gmail.com
  • 2.  Situated in Ottawa, ON, Canada  Work at Cygnos Information Security as Pen- Tester ◦ Subsidiary of Raymond Chabot Grant Thornton  Open Source Intelligence (OSInt)/Data Science Fanatic!  Open Source Software Fanatic: https://github.com/allfro  Credentials? ◦ Yes I sold my soul to the devil… 2Monday, July 29, 2013@ndouba | ndouba@gmail.com
  • 3.  A Brief Intro to Maltego  What is Sploitego?  Why Sploitego?  Cool Demos  Installing Sploitego on Backtrack  Creating Your Own Transforms  Wrap Up  Questions Monday, July 29, 2013 3@ndouba | ndouba@gmail.com
  • 4. For those who are not familiar… Monday, July 29, 2013 4@ndouba | ndouba@gmail.com
  • 5. Sounds interesting… Monday, July 29, 2013 5@ndouba | ndouba@gmail.com
  • 6. Monday, July 29, 2013 6@ndouba | ndouba@gmail.com
  • 7.  Pen-test transforms for Maltego! ◦ Transforms for all stages  Built with Python and Canari Framework ◦ Rapid Development Local Transform Framework Monday, July 29, 2013 7@ndouba | ndouba@gmail.com
  • 8. Hasn’t this been done before? Monday, July 29, 2013 8@ndouba | ndouba@gmail.com
  • 9.  Open Source Intelligence (OSInt) gathering is a big part of our assessments.  Information we collect about our targets can break them.  Most OSINT tools work with Public information repositories.  What if you are working with something Private? Monday, July 29, 2013@ndouba | ndouba@gmail.com 9
  • 10. Monday, July 29, 2013 10@ndouba | ndouba@gmail.com
  • 11. Monday, July 29, 2013@ndouba | ndouba@gmail.com 11
  • 12. Pros Cons  Full Client-side Control  Maintain Privacy  Great Data Visibility ✗ Processing Overhead ✗ Development ✗ IP Disclosure Monday, July 29, 2013 12@ndouba | ndouba@gmail.com
  • 13. That can’t already be done with a remote transform? Monday, July 29, 2013@ndouba | ndouba@gmail.com 13
  • 14. On Backtrack… Monday, July 29, 2013@ndouba | ndouba@gmail.com 14
  • 15. Sploitego DNS Transforms Monday, July 29, 2013 15@ndouba | ndouba@gmail.com
  • 16. Service Discovery Demo Monday, July 29, 2013 16@ndouba | ndouba@gmail.com
  • 17. Vulnerability Discovery Demo Monday, July 29, 2013 17@ndouba | ndouba@gmail.com
  • 18. With the Canari Framework! Monday, July 29, 2013 18@ndouba | ndouba@gmail.com
  • 19.  Malformity by Keith Gilbert and team: ◦ https://github.com/digital4rensics/Malformity  NWMaltego, PaMalt, and CuckooForCanari by J. David Bressler and Rich Popson: ◦ https://github.com/bostonlink/nwmaltego_canari ◦ https://github.com/bostonlink/pamalt_canari ◦ https://github.com/bostonlink/cuckooforcanari  CookieGrabber by Adam Maxwell: ◦ https://github.com/catalyst256/canariCookieGrabber Monday, July 29, 2013@ndouba | ndouba@gmail.com 19
  • 20.  Canari Websites: ◦ http://www.canariproject.com ◦ https://forums.canariproject.com  Limited Documentation: ◦ https://github.com/allfro/canari ◦ https://github.com/allfro/sploitego  Youtube Channel: ◦ http://youtube.com/allfro  Source Code/Bugging me Monday, July 29, 2013 20@ndouba | ndouba@gmail.com
  • 21.  Email: ndouba@gmail.com  Twitter: @ndouba  Skype: nadeem.douba 21Monday, July 29, 2013@ndouba | ndouba@gmail.com
  • 22.  Paterva: ◦ Andrew MacPherson (Mohawk) ◦ Roelof Temmingh (RT)  Cygnos/RCGTCI  The Security Community 22Monday, July 29, 2013@ndouba | ndouba@gmail.com
  • 23. Questions in Q&A 23Monday, July 29, 2013@ndouba | ndouba@gmail.com