SlideShare ist ein Scribd-Unternehmen logo

Lord of the Bing - Black Hat USA 2010

Rob Ragan
Rob Ragan

During World War II the CIA created a special information intelligence unit to exploit information gathered from openly available sources. One classic example of the team’s resourcefulness was the ability to determine whether Allied forces had successfully bombed bridges leading into Paris based on increasing orange prices. Since then OSINT sources have surged in number and diversity, but none can compare to the wealth of information provided by the Internet. Attackers have been clever enough in the past to take advantage of search engines to filter this information to identify vulnerabilities. However, current search hacking techniques have been stymied by search provider efforts to curb this type of behavior. Not anymore - our demonstration-heavy presentation picks up the subtle art of search engine hacking at the current state and discusses why these techniques fail. We will then reveal several new search engine hacking techniques that have resulted in remarkable breakthroughs against both Google and Bing. Come ready to engage with us as we release two new tools, GoogleDiggity and BingDiggity, which take full advantage of the new hacking techniques. We’ll also be releasing the first ever “live vulnerability feed”, which will quickly become the new standard on how to detect and protect yourself against these types of attacks. This presentation will change the way you've previously thought about search engine hacking, so put on your helmets. We don't want a mess when we blow your minds.

Technologie
1 von 47
Downloaden Sie, um offline zu lesen
Lord of the Bing d f h Taking Back Search Engine Hacking From Google and Bing 29 July 2010 Presented by: Francis Brown and Rob Ragan Stach & Liu, LLC www.stachliu.com
Goals G l DESIRED OUTCOME • To improve Google Hacking • Attacks and defenses • Advanced tools and techniques • To think differently about exposures in publicly available sources • To blow your mind! 3
Google/Bing H ki G l /Bi Hacking SEARCH ENGINE ATTACKS 4
Attack Targets Att k T t GOOGLE HACKING DATABASE • Advisories and Vulnerabilities (215) • Pages containing network or • Error Messages (58) vulnerability data (59) y • Files containing juicy info (230) • Sensitive Directories (61) • Files containing passwords (135) • Sensitive Online Shopping Info (9) • Files containing usernames (15) • Various Online Devices (201) • Footholds (21) • Vulnerable Files (57) • Pages containing login portals (232) • Vulnerable Servers (48) • Web Server Detection (72) 5
Attack Targets Att k T t GOOGLE HACKING DATABASE Old School Examples • E Error Messages M • filetype:asp + "[ODBC SQL“ • "Warning: mysql_query()" "invalid query“ • Files containing passwords • inurl:passlist.txt 6
New Toolkit N T lkit STACH & LIU TOOLS Google Diggity • Uses Google AJAX API g J • Not blocked by Google bot detection • Does not violate Terms of Service • Can leverage Bing Diggity • Uses Bing SOAP API • Company/Webapp Profiling • Enumerate: URLs, IP-to-virtual hosts, etc. • Bing Hacking Database (BHDB) • V l Vulnerability search queries in Bing format bilit h i i Bi f t 7
New Toolkit N T lkit STACH & LIU TOOLS GoogleScrape Diggity • Uses Google mobile interface • Light-weight, no advertisements or extras • V l Violates T Terms of S f Service • Automatically leverages valid open proxies • Spoofs User agent and User-agent Referer headers • Random &userip= value 8
New Hack Databases N H kD t b ATTACK QUERIES BHDB – Bing Hacking Data Base Example - Bing vulnerability search: • First ever Bing Hacking database • GHDB query • "allintitle:Netscape FastTrack Server Home Page" allintitle:Netscape Page • Bing has limitations that make it • BHDB version • "intitle:Netscape FastTrack Server Home Page" difficult to create vuln search queries • Bing disabled the link: and linkdomain: directives to combat abuse in March 2007 • Does not support ext: or inurl: • The filetype: functionality is limited 9
New Hack Databases N H kD t b ATTACK QUERIES SLDB - Stach & Liu Data Base • New Google/Bing hacking searches in active development by the S&L team SLDB Examples • ext:(doc | pdf | xls | txt | ps | rtf | odt | sxw | psw | ppt | pps | xml) (intext:confidential salary | intext:"budget approved") inurl:confidential • ( filetype:mail | filetype:eml | filetype:mbox | filetype:mbx ) intext:password|subject • filetype:sql "insert into" (pass|passwd|password) • !Host=*.* intext:enc_UserPassword=* ext:pcf • "your password is" filetype:log 10
NEW GOOGLE HACKING TOOLS DEMO 11
Traditional D f T diti l Defenses GOOGLE HACKING DEFENSES • “Google Hack yourself” organization • Employ tools and techniques used by hackers p y q y • Remove info leaks from Google cache • Using Google Webmaster Tools • Regularly update your robots.txt. • Or robots meta tags for individual page exclusion • Data Loss Prevention/Extrusion Prevention Systems • Free Tools: OpenDLP, Senf OpenDLP • Policy and Legal Restrictions 12
Traditional D f T diti l Defenses GOOGLE HACKING DEFENSES • “Google Hack yourself” organization • Employ tools and techniques used by hackers p y q y • Remove info leaks from Google cache • Using Google Webmaster Tools • Regularly update your robots.txt. • Or robots meta tags for individual page exclusion • Data Loss Prevention/Extrusion Prevention Systems • Free Tools: OpenDLP, Senf OpenDLP • Policy and Legal Restrictions 13
Advanced Defenses Ad dD f PROTECT YO NECK 14
Existing D f E i ti Defenses “H A C K Y O U R S E L F”  Tools exist  Convenient  Real-time updates Real time  Multi-engine results  Historical archived data  Multi-domain searchingg 15
Advanced Defenses Ad dD f NEW HOT SIZZLE Stach & Liu now proudly presents: p yp • Google Hacking Alerts • Bing Hacking Alerts 16
Google H ki Alerts G l Hacking Al t ADVANCED DEFENSES Google Hacking Alerts • All hacking database queries using • Real-time vuln updates to >2400 hack queries via RSS • Organized and available via importable file 17
Google H ki Alerts G l Hacking Al t ADVANCED DEFENSES 18
Bing H ki Al t Bi Hacking Alerts ADVANCED DEFENSES Bing Hacking Alerts • Bing searches with regexs from BHDB • Leverage &format rss directive to turn into update feeds &format=rss 19
Alert Cli t Tools Al t Client T l GOOGLE/BING ALERT CLIENTS Google/Bing Hacking Alert Thick Clients • Take in Google/Bing Alert RSS feeds as input • Allow user to set one or more filters to generate alerts when one of the RSS alert entries matches something they are interested in (e.g. “yourcompany.com” in the URL) • Several thick clients being released by Stach & Liu: • Windows app • iPhone app (coming soon) • Droid app (coming soon) 20
ADVANCED DEFENSE TOOLS DEMO 21
New Defenses N D f “G O O G L E / B I N G H A C K A L E R T S”  Tools exist  Convenient  Real-time updates Real time  Multi-engine results  Historical archived data  Multi-domain searchingg 22
Google A G l Apps E l i Explosion SO MANY APPLICATIONS TO ABUSE 23
Google Ph G l PhoneBook B k SPEAR PHISHING 24
Google C d S G l Code Search h VULNS IN OPEN SOURCE CODE • Regex search for vulnerabilities in public code • Example: SQL Injection in ASP querystring • select.*from.*request.QUERYSTRING 25
GOOGLE CODE SEARCH HACKING DEMO 26
Google C d S G l Code Search h VULNS IN OPEN SOURCE CODE 27
Google C d S G l Code Search h VULNS IN OPEN SOURCE CODE 28
Black Hat SEO SEARCH ENGINE OPTIMIZATION • Use popular search topics d jour du • Pollute results with links to badware • Increase chances of a successful attack 29
Google Trends BLACK HAT SEO RECON 30
Defenses D f BLACKHAT SEO DEFENSES • Malware Warning Filters • Google Safe Browsing g g • Microsoft SmartScreen Filter • Yahoo Search Scan • Sandbox Software • Sandboxie (sandboxie.com) • Dell KACE - Secure Browser • Adobe Reader Sandbox (Protected Mode) • No-script and Ad-block browser plugins 32
Mass I j ti Att k M Injection Attacks MALWARE GONE WILD Malware Distribution Woes • Popular websites victimized, become malware distribution sites to their own customers 33
Malware B M l Browser Fil Filters URL BLACK LIST Protecting users from known threats • Joint effort to protect customers from known malware and phishing links 34
Inconvenient T th I i t Truth DICKHEAD ALERTS Malware Black List Woes • Average web administrator has no idea when their site gets black listed 35
Advanced Defenses Ad dD f PROTECT YO NECK 36
Malware Di it M l Diggity ADVANCED DEFENSES Malware Diggity • Uses Bing’s linkfromdomain: directive to identify off-site links of the domain(s) g y () you wish to monitor • Compares to known malware sites/domains • Alerts if site is compromised and now distributing malware • Monitors new Google Trends links Malware Diggity Alerts • L Leverages the Bing ‘&f h B ’ directive, to actively monitor new off-site ‘&format=rss’ d l ff links of your site as they appear • Immediately lets you know if you have been compromised by one of these mass injection attacks or if your site has been black listed 37
Malware Di it M l Diggity ADVANCED DEFENSES 38
Malware Di it M l Diggity ADVANCED DEFENSES 39
40
Malware M i i M l Monitoring INFECTION DETECTION Identify  External Links Identify  Alert Incoming Links Detect  Compare to  Infected Links Black List 41
Search Engine deOptimization BLACK LIST YOUR FOES Identify  Malware Links Mass Inject  Profit Competition Competition  Competition  PageRank is 0 Black Listed 42
Future Direction F Di i PREDICTIONS 43
Predictions P di ti FUTURE DIRECTIONS Data Explosion Renewed Tool Dev • More data indexed, • Google Ajax API based searchable • Bing/Yahoo/other engines • Real-time, streaming updates • Search engine aggregators • Faster more robust search Faster, • G Google C d and Oth O l Code d Other Open interfaces Source Repositories • MS CodePlex, SourceForge, … Google Involvement g • More automation in tools Mo e au o a o oo s • Filtering of search results • Real-time detection and • Better GH detection and exploitation tool blocking • Google worms 44
Real-time U d t R l ti Updates FUTURE DIRECTIONS 45
Questions? Ask us something W We’ll try to answer it. y w For more info: Email: contact@stachliu.com Project: diggity@stachliu.com Stach Liu, St h & Li LLC www.stachliu.com
Thank Yo You Stach & Liu Project info: http://www.stachliu.com/index.php/resources/tools/google-hacking-diggity-project/ htt //www t hli /i d h / /t l / l h ki di it j t/ 47

Empfohlen

Black Hat 2011 - Pulp Google Hacking: The Next Generation Search Engine Hacki...
Black Hat 2011 - Pulp Google Hacking: The Next Generation Search Engine Hacki...Black Hat 2011 - Pulp Google Hacking: The Next Generation Search Engine Hacki...
Black Hat 2011 - Pulp Google Hacking: The Next Generation Search Engine Hacki...Rob Ragan
 
Tenacious Diggity - Skinny Dippin in a Sea of Bing
Tenacious Diggity - Skinny Dippin in a Sea of BingTenacious Diggity - Skinny Dippin in a Sea of Bing
Tenacious Diggity - Skinny Dippin in a Sea of BingRob Ragan
 
Hack attack pulp google
Hack attack pulp googleHack attack pulp google
Hack attack pulp googlesourav6388
 
Lord of the bing b-sides atl
Lord of the bing b-sides atlLord of the bing b-sides atl
Lord of the bing b-sides atlSecurity B-Sides
 
CloudBots - Harvesting Crypto Currency Like a Botnet Farmer
CloudBots - Harvesting Crypto Currency Like a Botnet FarmerCloudBots - Harvesting Crypto Currency Like a Botnet Farmer
CloudBots - Harvesting Crypto Currency Like a Botnet FarmerRob Ragan
 
OSINT tools for security auditing with python
OSINT tools for security auditing with pythonOSINT tools for security auditing with python
OSINT tools for security auditing with pythonJose Manuel Ortega Candel
 
POC 2018 - whatever talk_ Let's go OSINT using DeepWeb
POC 2018 - whatever talk_ Let's go OSINT using DeepWebPOC 2018 - whatever talk_ Let's go OSINT using DeepWeb
POC 2018 - whatever talk_ Let's go OSINT using DeepWebDASOM KIM
 
RAR and GNAP for VC HTTP API
RAR and GNAP for VC HTTP APIRAR and GNAP for VC HTTP API
RAR and GNAP for VC HTTP APIJustin Richer
 

Empfohlen

Black Hat 2011 - Pulp Google Hacking: The Next Generation Search Engine Hacki...
Black Hat 2011 - Pulp Google Hacking: The Next Generation Search Engine Hacki...Black Hat 2011 - Pulp Google Hacking: The Next Generation Search Engine Hacki...
Black Hat 2011 - Pulp Google Hacking: The Next Generation Search Engine Hacki...Rob Ragan
 
Tenacious Diggity - Skinny Dippin in a Sea of Bing
Tenacious Diggity - Skinny Dippin in a Sea of BingTenacious Diggity - Skinny Dippin in a Sea of Bing
Tenacious Diggity - Skinny Dippin in a Sea of BingRob Ragan
 
Hack attack pulp google
Hack attack pulp googleHack attack pulp google
Hack attack pulp googlesourav6388
 
Lord of the bing b-sides atl
Lord of the bing b-sides atlLord of the bing b-sides atl
Lord of the bing b-sides atlSecurity B-Sides
 
CloudBots - Harvesting Crypto Currency Like a Botnet Farmer
CloudBots - Harvesting Crypto Currency Like a Botnet FarmerCloudBots - Harvesting Crypto Currency Like a Botnet Farmer
CloudBots - Harvesting Crypto Currency Like a Botnet FarmerRob Ragan
 
OSINT tools for security auditing with python
OSINT tools for security auditing with pythonOSINT tools for security auditing with python
OSINT tools for security auditing with pythonJose Manuel Ortega Candel
 
POC 2018 - whatever talk_ Let's go OSINT using DeepWeb
POC 2018 - whatever talk_ Let's go OSINT using DeepWebPOC 2018 - whatever talk_ Let's go OSINT using DeepWeb
POC 2018 - whatever talk_ Let's go OSINT using DeepWebDASOM KIM
 
RAR and GNAP for VC HTTP API
RAR and GNAP for VC HTTP APIRAR and GNAP for VC HTTP API
RAR and GNAP for VC HTTP APIJustin Richer
 
Hunting for the secrets in a cloud forest
Hunting for the secrets in a cloud forestHunting for the secrets in a cloud forest
Hunting for the secrets in a cloud forestSecuRing
 
Blackhat 2018 - The New Pentest? Rise of the Compromise Assessment
Blackhat 2018 - The New Pentest? Rise of the Compromise AssessmentBlackhat 2018 - The New Pentest? Rise of the Compromise Assessment
Blackhat 2018 - The New Pentest? Rise of the Compromise AssessmentChristopher Gerritz
 
2011 and still bruteforcing - OWASP Spain
2011 and still bruteforcing - OWASP Spain2011 and still bruteforcing - OWASP Spain
2011 and still bruteforcing - OWASP SpainChristian Martorella
 
Red Team Apocalypse
Red Team ApocalypseRed Team Apocalypse
Red Team ApocalypseBeau Bullock
 
Hunting for the secrets in a cloud forest
Hunting for the secrets in a cloud forestHunting for the secrets in a cloud forest
Hunting for the secrets in a cloud forestSecuRing
 
Fade from Whitehat... to Black
Fade from Whitehat... to BlackFade from Whitehat... to Black
Fade from Whitehat... to BlackBeau Bullock
 
Lord of the Bing: Taking Back Search Engine Hacking From Google and Bing
Lord of the Bing: Taking Back Search Engine Hacking From Google and BingLord of the Bing: Taking Back Search Engine Hacking From Google and Bing
Lord of the Bing: Taking Back Search Engine Hacking From Google and BingBishop Fox
 
Pulp Google Hacking
Pulp Google HackingPulp Google Hacking
Pulp Google HackingBishop Fox
 
InfoSec World 2013 – W4 – Using Google to Find Vulnerabilities in Your IT Env...
InfoSec World 2013 – W4 – Using Google to Find Vulnerabilities in Your IT Env...InfoSec World 2013 – W4 – Using Google to Find Vulnerabilities in Your IT Env...
InfoSec World 2013 – W4 – Using Google to Find Vulnerabilities in Your IT Env...Bishop Fox
 
DEFCON 20 (2012) – Tenacious Diggity – 29July2012 – Slides.PDF
DEFCON 20 (2012) – Tenacious Diggity – 29July2012 – Slides.PDFDEFCON 20 (2012) – Tenacious Diggity – 29July2012 – Slides.PDF
DEFCON 20 (2012) – Tenacious Diggity – 29July2012 – Slides.PDFBishop Fox
 
UI Dev in Big data world using open source
UI Dev in Big data world using open sourceUI Dev in Big data world using open source
UI Dev in Big data world using open sourceTech Triveni
 
Information update march 2013.ppt
Information update march 2013.pptInformation update march 2013.ppt
Information update march 2013.pptInbar Yasur ענבר יסעור
 
BinaryPig - Scalable Malware Analytics in Hadoop
BinaryPig - Scalable Malware Analytics in HadoopBinaryPig - Scalable Malware Analytics in Hadoop
BinaryPig - Scalable Malware Analytics in HadoopJason Trost
 
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)PRISMA CSI
 
Shaun-Ellis-feb25
Shaun-Ellis-feb25Shaun-Ellis-feb25
Shaun-Ellis-feb25National Information Standards Organization (NISO)
 
Building RESTful APIs
Building RESTful APIsBuilding RESTful APIs
Building RESTful APIsSilota Inc.
 
Google Cloud Technologies Overview
Google Cloud Technologies OverviewGoogle Cloud Technologies Overview
Google Cloud Technologies OverviewChris Schalk
 
Google Dorks
Google DorksGoogle Dorks
Google DorksAdhoura Academy
 
Gwt app start to finish
Gwt app start to finishGwt app start to finish
Gwt app start to finishdanrubel
 
Abusing Adobe Reader’s JavaScript APIs by Abdul-Aziz Hariri & Brian Gorenc - ...
Abusing Adobe Reader’s JavaScript APIs by Abdul-Aziz Hariri & Brian Gorenc - ...Abusing Adobe Reader’s JavaScript APIs by Abdul-Aziz Hariri & Brian Gorenc - ...
Abusing Adobe Reader’s JavaScript APIs by Abdul-Aziz Hariri & Brian Gorenc - ...CODE BLUE
 
Google Cloud for Data Crunchers - Strata Conf 2011
Google Cloud for Data Crunchers - Strata Conf 2011Google Cloud for Data Crunchers - Strata Conf 2011
Google Cloud for Data Crunchers - Strata Conf 2011Patrick Chanezon
 
hacking techniques and intrusion techniques useful in OSINT.pptx
hacking techniques and intrusion techniques useful in OSINT.pptxhacking techniques and intrusion techniques useful in OSINT.pptx
hacking techniques and intrusion techniques useful in OSINT.pptxsconalbg
 

Weitere ähnliche Inhalte

Was ist angesagt?

Hunting for the secrets in a cloud forest
Hunting for the secrets in a cloud forestHunting for the secrets in a cloud forest
Hunting for the secrets in a cloud forestSecuRing
 
Blackhat 2018 - The New Pentest? Rise of the Compromise Assessment
Blackhat 2018 - The New Pentest? Rise of the Compromise AssessmentBlackhat 2018 - The New Pentest? Rise of the Compromise Assessment
Blackhat 2018 - The New Pentest? Rise of the Compromise AssessmentChristopher Gerritz
 
2011 and still bruteforcing - OWASP Spain
2011 and still bruteforcing - OWASP Spain2011 and still bruteforcing - OWASP Spain
2011 and still bruteforcing - OWASP SpainChristian Martorella
 
Red Team Apocalypse
Red Team ApocalypseRed Team Apocalypse
Red Team ApocalypseBeau Bullock
 
Hunting for the secrets in a cloud forest
Hunting for the secrets in a cloud forestHunting for the secrets in a cloud forest
Hunting for the secrets in a cloud forestSecuRing
 
Fade from Whitehat... to Black
Fade from Whitehat... to BlackFade from Whitehat... to Black
Fade from Whitehat... to BlackBeau Bullock
 

Was ist angesagt? (6)

Hunting for the secrets in a cloud forest
Hunting for the secrets in a cloud forestHunting for the secrets in a cloud forest
Hunting for the secrets in a cloud forest
 
Blackhat 2018 - The New Pentest? Rise of the Compromise Assessment
Blackhat 2018 - The New Pentest? Rise of the Compromise AssessmentBlackhat 2018 - The New Pentest? Rise of the Compromise Assessment
Blackhat 2018 - The New Pentest? Rise of the Compromise Assessment
 
2011 and still bruteforcing - OWASP Spain
2011 and still bruteforcing - OWASP Spain2011 and still bruteforcing - OWASP Spain
2011 and still bruteforcing - OWASP Spain
 
Red Team Apocalypse
Red Team ApocalypseRed Team Apocalypse
Red Team Apocalypse
 
Hunting for the secrets in a cloud forest
Hunting for the secrets in a cloud forestHunting for the secrets in a cloud forest
Hunting for the secrets in a cloud forest
 
Fade from Whitehat... to Black
Fade from Whitehat... to BlackFade from Whitehat... to Black
Fade from Whitehat... to Black
 

Ähnlich wie Lord of the Bing - Black Hat USA 2010

Lord of the Bing: Taking Back Search Engine Hacking From Google and Bing
Lord of the Bing: Taking Back Search Engine Hacking From Google and BingLord of the Bing: Taking Back Search Engine Hacking From Google and Bing
Lord of the Bing: Taking Back Search Engine Hacking From Google and BingBishop Fox
 
Pulp Google Hacking
Pulp Google HackingPulp Google Hacking
Pulp Google HackingBishop Fox
 
InfoSec World 2013 – W4 – Using Google to Find Vulnerabilities in Your IT Env...
InfoSec World 2013 – W4 – Using Google to Find Vulnerabilities in Your IT Env...InfoSec World 2013 – W4 – Using Google to Find Vulnerabilities in Your IT Env...
InfoSec World 2013 – W4 – Using Google to Find Vulnerabilities in Your IT Env...Bishop Fox
 
DEFCON 20 (2012) – Tenacious Diggity – 29July2012 – Slides.PDF
DEFCON 20 (2012) – Tenacious Diggity – 29July2012 – Slides.PDFDEFCON 20 (2012) – Tenacious Diggity – 29July2012 – Slides.PDF
DEFCON 20 (2012) – Tenacious Diggity – 29July2012 – Slides.PDFBishop Fox
 
UI Dev in Big data world using open source
UI Dev in Big data world using open sourceUI Dev in Big data world using open source
UI Dev in Big data world using open sourceTech Triveni
 
BinaryPig - Scalable Malware Analytics in Hadoop
BinaryPig - Scalable Malware Analytics in HadoopBinaryPig - Scalable Malware Analytics in Hadoop
BinaryPig - Scalable Malware Analytics in HadoopJason Trost
 
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)PRISMA CSI
 
Building RESTful APIs
Building RESTful APIsBuilding RESTful APIs
Building RESTful APIsSilota Inc.
 
Google Cloud Technologies Overview
Google Cloud Technologies OverviewGoogle Cloud Technologies Overview
Google Cloud Technologies OverviewChris Schalk
 
Gwt app start to finish
Gwt app start to finishGwt app start to finish
Gwt app start to finishdanrubel
 
Abusing Adobe Reader’s JavaScript APIs by Abdul-Aziz Hariri & Brian Gorenc - ...
Abusing Adobe Reader’s JavaScript APIs by Abdul-Aziz Hariri & Brian Gorenc - ...Abusing Adobe Reader’s JavaScript APIs by Abdul-Aziz Hariri & Brian Gorenc - ...
Abusing Adobe Reader’s JavaScript APIs by Abdul-Aziz Hariri & Brian Gorenc - ...CODE BLUE
 
Google Cloud for Data Crunchers - Strata Conf 2011
Google Cloud for Data Crunchers - Strata Conf 2011Google Cloud for Data Crunchers - Strata Conf 2011
Google Cloud for Data Crunchers - Strata Conf 2011Patrick Chanezon
 
hacking techniques and intrusion techniques useful in OSINT.pptx
hacking techniques and intrusion techniques useful in OSINT.pptxhacking techniques and intrusion techniques useful in OSINT.pptx
hacking techniques and intrusion techniques useful in OSINT.pptxsconalbg
 
Osint, shoelaces, bubblegum
Osint, shoelaces, bubblegumOsint, shoelaces, bubblegum
Osint, shoelaces, bubblegumJamieMcMurray
 
Tech Job Conference: Software Engineer @Criteo
Tech Job Conference: Software Engineer @CriteoTech Job Conference: Software Engineer @Criteo
Tech Job Conference: Software Engineer @CriteoGilles Legoux
 
SplunkLive London 2014 Developer Presentation
SplunkLive London 2014 Developer PresentationSplunkLive London 2014 Developer Presentation
SplunkLive London 2014 Developer PresentationDamien Dallimore
 
Google WorkShop for STC LoneStar Chapter
Google WorkShop for STC LoneStar ChapterGoogle WorkShop for STC LoneStar Chapter
Google WorkShop for STC LoneStar ChapterChristopher Ward
 

Ähnlich wie Lord of the Bing - Black Hat USA 2010 (20)

Lord of the Bing: Taking Back Search Engine Hacking From Google and Bing
Lord of the Bing: Taking Back Search Engine Hacking From Google and BingLord of the Bing: Taking Back Search Engine Hacking From Google and Bing
Lord of the Bing: Taking Back Search Engine Hacking From Google and Bing
 
Pulp Google Hacking
Pulp Google HackingPulp Google Hacking
Pulp Google Hacking
 
InfoSec World 2013 – W4 – Using Google to Find Vulnerabilities in Your IT Env...
InfoSec World 2013 – W4 – Using Google to Find Vulnerabilities in Your IT Env...InfoSec World 2013 – W4 – Using Google to Find Vulnerabilities in Your IT Env...
InfoSec World 2013 – W4 – Using Google to Find Vulnerabilities in Your IT Env...
 
DEFCON 20 (2012) – Tenacious Diggity – 29July2012 – Slides.PDF
DEFCON 20 (2012) – Tenacious Diggity – 29July2012 – Slides.PDFDEFCON 20 (2012) – Tenacious Diggity – 29July2012 – Slides.PDF
DEFCON 20 (2012) – Tenacious Diggity – 29July2012 – Slides.PDF
 
UI Dev in Big data world using open source
UI Dev in Big data world using open sourceUI Dev in Big data world using open source
UI Dev in Big data world using open source
 
Information update march 2013.ppt
Information update march 2013.pptInformation update march 2013.ppt
Information update march 2013.ppt
 
BinaryPig - Scalable Malware Analytics in Hadoop
BinaryPig - Scalable Malware Analytics in HadoopBinaryPig - Scalable Malware Analytics in Hadoop
BinaryPig - Scalable Malware Analytics in Hadoop
 
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
 
Shaun-Ellis-feb25
Shaun-Ellis-feb25Shaun-Ellis-feb25
Shaun-Ellis-feb25
 
Building RESTful APIs
Building RESTful APIsBuilding RESTful APIs
Building RESTful APIs
 
Google Cloud Technologies Overview
Google Cloud Technologies OverviewGoogle Cloud Technologies Overview
Google Cloud Technologies Overview
 
Google Dorks
Google DorksGoogle Dorks
Google Dorks
 
Gwt app start to finish
Gwt app start to finishGwt app start to finish
Gwt app start to finish
 
Abusing Adobe Reader’s JavaScript APIs by Abdul-Aziz Hariri & Brian Gorenc - ...
Abusing Adobe Reader’s JavaScript APIs by Abdul-Aziz Hariri & Brian Gorenc - ...Abusing Adobe Reader’s JavaScript APIs by Abdul-Aziz Hariri & Brian Gorenc - ...
Abusing Adobe Reader’s JavaScript APIs by Abdul-Aziz Hariri & Brian Gorenc - ...
 
Google Cloud for Data Crunchers - Strata Conf 2011
Google Cloud for Data Crunchers - Strata Conf 2011Google Cloud for Data Crunchers - Strata Conf 2011
Google Cloud for Data Crunchers - Strata Conf 2011
 
hacking techniques and intrusion techniques useful in OSINT.pptx
hacking techniques and intrusion techniques useful in OSINT.pptxhacking techniques and intrusion techniques useful in OSINT.pptx
hacking techniques and intrusion techniques useful in OSINT.pptx
 
Osint, shoelaces, bubblegum
Osint, shoelaces, bubblegumOsint, shoelaces, bubblegum
Osint, shoelaces, bubblegum
 
Tech Job Conference: Software Engineer @Criteo
Tech Job Conference: Software Engineer @CriteoTech Job Conference: Software Engineer @Criteo
Tech Job Conference: Software Engineer @Criteo
 
SplunkLive London 2014 Developer Presentation
SplunkLive London 2014 Developer PresentationSplunkLive London 2014 Developer Presentation
SplunkLive London 2014 Developer Presentation
 
Google WorkShop for STC LoneStar Chapter
Google WorkShop for STC LoneStar ChapterGoogle WorkShop for STC LoneStar Chapter
Google WorkShop for STC LoneStar Chapter
 

Mehr von Rob Ragan

Nbt hacker fight
Nbt hacker fightNbt hacker fight
Nbt hacker fightRob Ragan
 
Expose Yourself Without Insecurity: Cloud Breach Patterns
Expose Yourself Without Insecurity: Cloud Breach PatternsExpose Yourself Without Insecurity: Cloud Breach Patterns
Expose Yourself Without Insecurity: Cloud Breach PatternsRob Ragan
 
DeadDropSF - Better Red Than Dead
DeadDropSF - Better Red Than DeadDeadDropSF - Better Red Than Dead
DeadDropSF - Better Red Than DeadRob Ragan
 
Interop 2017 - Defeating Social Engineering, BEC, and Phishing
Interop 2017 - Defeating Social Engineering, BEC, and PhishingInterop 2017 - Defeating Social Engineering, BEC, and Phishing
Interop 2017 - Defeating Social Engineering, BEC, and PhishingRob Ragan
 
Social Engineering: the Bad, Better, and Best Incident Response Plans
Social Engineering: the Bad, Better, and Best Incident Response PlansSocial Engineering: the Bad, Better, and Best Incident Response Plans
Social Engineering: the Bad, Better, and Best Incident Response PlansRob Ragan
 
BSidesPGH - Never Surrender - Reducing Social Engineering Risk
BSidesPGH - Never Surrender - Reducing Social Engineering RiskBSidesPGH - Never Surrender - Reducing Social Engineering Risk
BSidesPGH - Never Surrender - Reducing Social Engineering RiskRob Ragan
 
Attack Chaining: Advanced Maneuvers for Hack Fu
Attack Chaining: Advanced Maneuvers for Hack FuAttack Chaining: Advanced Maneuvers for Hack Fu
Attack Chaining: Advanced Maneuvers for Hack FuRob Ragan
 
Filter Evasion: Houdini on the Wire
Filter Evasion: Houdini on the WireFilter Evasion: Houdini on the Wire
Filter Evasion: Houdini on the WireRob Ragan
 
Static Analysis: The Art of Fighting without Fighting
Static Analysis: The Art of Fighting without FightingStatic Analysis: The Art of Fighting without Fighting
Static Analysis: The Art of Fighting without FightingRob Ragan
 
Intro to Web Application Security
Intro to Web Application SecurityIntro to Web Application Security
Intro to Web Application SecurityRob Ragan
 

Mehr von Rob Ragan (10)

Nbt hacker fight
Nbt hacker fightNbt hacker fight
Nbt hacker fight
 
Expose Yourself Without Insecurity: Cloud Breach Patterns
Expose Yourself Without Insecurity: Cloud Breach PatternsExpose Yourself Without Insecurity: Cloud Breach Patterns
Expose Yourself Without Insecurity: Cloud Breach Patterns
 
DeadDropSF - Better Red Than Dead
DeadDropSF - Better Red Than DeadDeadDropSF - Better Red Than Dead
DeadDropSF - Better Red Than Dead
 
Interop 2017 - Defeating Social Engineering, BEC, and Phishing
Interop 2017 - Defeating Social Engineering, BEC, and PhishingInterop 2017 - Defeating Social Engineering, BEC, and Phishing
Interop 2017 - Defeating Social Engineering, BEC, and Phishing
 
Social Engineering: the Bad, Better, and Best Incident Response Plans
Social Engineering: the Bad, Better, and Best Incident Response PlansSocial Engineering: the Bad, Better, and Best Incident Response Plans
Social Engineering: the Bad, Better, and Best Incident Response Plans
 
BSidesPGH - Never Surrender - Reducing Social Engineering Risk
BSidesPGH - Never Surrender - Reducing Social Engineering RiskBSidesPGH - Never Surrender - Reducing Social Engineering Risk
BSidesPGH - Never Surrender - Reducing Social Engineering Risk
 
Attack Chaining: Advanced Maneuvers for Hack Fu
Attack Chaining: Advanced Maneuvers for Hack FuAttack Chaining: Advanced Maneuvers for Hack Fu
Attack Chaining: Advanced Maneuvers for Hack Fu
 
Filter Evasion: Houdini on the Wire
Filter Evasion: Houdini on the WireFilter Evasion: Houdini on the Wire
Filter Evasion: Houdini on the Wire
 
Static Analysis: The Art of Fighting without Fighting
Static Analysis: The Art of Fighting without FightingStatic Analysis: The Art of Fighting without Fighting
Static Analysis: The Art of Fighting without Fighting
 
Intro to Web Application Security
Intro to Web Application SecurityIntro to Web Application Security
Intro to Web Application Security
 

Kürzlich hochgeladen

Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 

Kürzlich hochgeladen (20)

Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 

Lord of the Bing - Black Hat USA 2010

  • 1. Lord of the Bing d f h Taking Back Search Engine Hacking From Google and Bing 29 July 2010 Presented by: Francis Brown and Rob Ragan Stach & Liu, LLC www.stachliu.com
  • 2.
  • 3. Goals G l DESIRED OUTCOME • To improve Google Hacking • Attacks and defenses • Advanced tools and techniques • To think differently about exposures in publicly available sources • To blow your mind! 3
  • 4. Google/Bing H ki G l /Bi Hacking SEARCH ENGINE ATTACKS 4
  • 5. Attack Targets Att k T t GOOGLE HACKING DATABASE • Advisories and Vulnerabilities (215) • Pages containing network or • Error Messages (58) vulnerability data (59) y • Files containing juicy info (230) • Sensitive Directories (61) • Files containing passwords (135) • Sensitive Online Shopping Info (9) • Files containing usernames (15) • Various Online Devices (201) • Footholds (21) • Vulnerable Files (57) • Pages containing login portals (232) • Vulnerable Servers (48) • Web Server Detection (72) 5
  • 6. Attack Targets Att k T t GOOGLE HACKING DATABASE Old School Examples • E Error Messages M • filetype:asp + "[ODBC SQL“ • "Warning: mysql_query()" "invalid query“ • Files containing passwords • inurl:passlist.txt 6
  • 7. New Toolkit N T lkit STACH & LIU TOOLS Google Diggity • Uses Google AJAX API g J • Not blocked by Google bot detection • Does not violate Terms of Service • Can leverage Bing Diggity • Uses Bing SOAP API • Company/Webapp Profiling • Enumerate: URLs, IP-to-virtual hosts, etc. • Bing Hacking Database (BHDB) • V l Vulnerability search queries in Bing format bilit h i i Bi f t 7
  • 8. New Toolkit N T lkit STACH & LIU TOOLS GoogleScrape Diggity • Uses Google mobile interface • Light-weight, no advertisements or extras • V l Violates T Terms of S f Service • Automatically leverages valid open proxies • Spoofs User agent and User-agent Referer headers • Random &userip= value 8
  • 9. New Hack Databases N H kD t b ATTACK QUERIES BHDB – Bing Hacking Data Base Example - Bing vulnerability search: • First ever Bing Hacking database • GHDB query • "allintitle:Netscape FastTrack Server Home Page" allintitle:Netscape Page • Bing has limitations that make it • BHDB version • "intitle:Netscape FastTrack Server Home Page" difficult to create vuln search queries • Bing disabled the link: and linkdomain: directives to combat abuse in March 2007 • Does not support ext: or inurl: • The filetype: functionality is limited 9
  • 10. New Hack Databases N H kD t b ATTACK QUERIES SLDB - Stach & Liu Data Base • New Google/Bing hacking searches in active development by the S&L team SLDB Examples • ext:(doc | pdf | xls | txt | ps | rtf | odt | sxw | psw | ppt | pps | xml) (intext:confidential salary | intext:"budget approved") inurl:confidential • ( filetype:mail | filetype:eml | filetype:mbox | filetype:mbx ) intext:password|subject • filetype:sql "insert into" (pass|passwd|password) • !Host=*.* intext:enc_UserPassword=* ext:pcf • "your password is" filetype:log 10
  • 11. NEW GOOGLE HACKING TOOLS DEMO 11
  • 12. Traditional D f T diti l Defenses GOOGLE HACKING DEFENSES • “Google Hack yourself” organization • Employ tools and techniques used by hackers p y q y • Remove info leaks from Google cache • Using Google Webmaster Tools • Regularly update your robots.txt. • Or robots meta tags for individual page exclusion • Data Loss Prevention/Extrusion Prevention Systems • Free Tools: OpenDLP, Senf OpenDLP • Policy and Legal Restrictions 12
  • 13. Traditional D f T diti l Defenses GOOGLE HACKING DEFENSES • “Google Hack yourself” organization • Employ tools and techniques used by hackers p y q y • Remove info leaks from Google cache • Using Google Webmaster Tools • Regularly update your robots.txt. • Or robots meta tags for individual page exclusion • Data Loss Prevention/Extrusion Prevention Systems • Free Tools: OpenDLP, Senf OpenDLP • Policy and Legal Restrictions 13
  • 14. Advanced Defenses Ad dD f PROTECT YO NECK 14
  • 15. Existing D f E i ti Defenses “H A C K Y O U R S E L F”  Tools exist  Convenient  Real-time updates Real time  Multi-engine results  Historical archived data  Multi-domain searchingg 15
  • 16. Advanced Defenses Ad dD f NEW HOT SIZZLE Stach & Liu now proudly presents: p yp • Google Hacking Alerts • Bing Hacking Alerts 16
  • 17. Google H ki Alerts G l Hacking Al t ADVANCED DEFENSES Google Hacking Alerts • All hacking database queries using • Real-time vuln updates to >2400 hack queries via RSS • Organized and available via importable file 17
  • 18. Google H ki Alerts G l Hacking Al t ADVANCED DEFENSES 18
  • 19. Bing H ki Al t Bi Hacking Alerts ADVANCED DEFENSES Bing Hacking Alerts • Bing searches with regexs from BHDB • Leverage &format rss directive to turn into update feeds &format=rss 19
  • 20. Alert Cli t Tools Al t Client T l GOOGLE/BING ALERT CLIENTS Google/Bing Hacking Alert Thick Clients • Take in Google/Bing Alert RSS feeds as input • Allow user to set one or more filters to generate alerts when one of the RSS alert entries matches something they are interested in (e.g. “yourcompany.com” in the URL) • Several thick clients being released by Stach & Liu: • Windows app • iPhone app (coming soon) • Droid app (coming soon) 20
  • 22. New Defenses N D f “G O O G L E / B I N G H A C K A L E R T S”  Tools exist  Convenient  Real-time updates Real time  Multi-engine results  Historical archived data  Multi-domain searchingg 22
  • 23. Google A G l Apps E l i Explosion SO MANY APPLICATIONS TO ABUSE 23
  • 24. Google Ph G l PhoneBook B k SPEAR PHISHING 24
  • 25. Google C d S G l Code Search h VULNS IN OPEN SOURCE CODE • Regex search for vulnerabilities in public code • Example: SQL Injection in ASP querystring • select.*from.*request.QUERYSTRING 25
  • 26. GOOGLE CODE SEARCH HACKING DEMO 26
  • 27. Google C d S G l Code Search h VULNS IN OPEN SOURCE CODE 27
  • 28. Google C d S G l Code Search h VULNS IN OPEN SOURCE CODE 28
  • 29. Black Hat SEO SEARCH ENGINE OPTIMIZATION • Use popular search topics d jour du • Pollute results with links to badware • Increase chances of a successful attack 29
  • 30. Google Trends BLACK HAT SEO RECON 30
  • 31.
  • 32. Defenses D f BLACKHAT SEO DEFENSES • Malware Warning Filters • Google Safe Browsing g g • Microsoft SmartScreen Filter • Yahoo Search Scan • Sandbox Software • Sandboxie (sandboxie.com) • Dell KACE - Secure Browser • Adobe Reader Sandbox (Protected Mode) • No-script and Ad-block browser plugins 32
  • 33. Mass I j ti Att k M Injection Attacks MALWARE GONE WILD Malware Distribution Woes • Popular websites victimized, become malware distribution sites to their own customers 33
  • 34. Malware B M l Browser Fil Filters URL BLACK LIST Protecting users from known threats • Joint effort to protect customers from known malware and phishing links 34
  • 35. Inconvenient T th I i t Truth DICKHEAD ALERTS Malware Black List Woes • Average web administrator has no idea when their site gets black listed 35
  • 36. Advanced Defenses Ad dD f PROTECT YO NECK 36
  • 37. Malware Di it M l Diggity ADVANCED DEFENSES Malware Diggity • Uses Bing’s linkfromdomain: directive to identify off-site links of the domain(s) g y () you wish to monitor • Compares to known malware sites/domains • Alerts if site is compromised and now distributing malware • Monitors new Google Trends links Malware Diggity Alerts • L Leverages the Bing ‘&f h B ’ directive, to actively monitor new off-site ‘&format=rss’ d l ff links of your site as they appear • Immediately lets you know if you have been compromised by one of these mass injection attacks or if your site has been black listed 37
  • 38. Malware Di it M l Diggity ADVANCED DEFENSES 38
  • 39. Malware Di it M l Diggity ADVANCED DEFENSES 39
  • 40. 40
  • 41. Malware M i i M l Monitoring INFECTION DETECTION Identify  External Links Identify  Alert Incoming Links Detect  Compare to  Infected Links Black List 41
  • 42. Search Engine deOptimization BLACK LIST YOUR FOES Identify  Malware Links Mass Inject  Profit Competition Competition  Competition  PageRank is 0 Black Listed 42
  • 43. Future Direction F Di i PREDICTIONS 43
  • 44. Predictions P di ti FUTURE DIRECTIONS Data Explosion Renewed Tool Dev • More data indexed, • Google Ajax API based searchable • Bing/Yahoo/other engines • Real-time, streaming updates • Search engine aggregators • Faster more robust search Faster, • G Google C d and Oth O l Code d Other Open interfaces Source Repositories • MS CodePlex, SourceForge, … Google Involvement g • More automation in tools Mo e au o a o oo s • Filtering of search results • Real-time detection and • Better GH detection and exploitation tool blocking • Google worms 44
  • 45. Real-time U d t R l ti Updates FUTURE DIRECTIONS 45
  • 46. Questions? Ask us something W We’ll try to answer it. y w For more info: Email: contact@stachliu.com Project: diggity@stachliu.com Stach Liu, St h & Li LLC www.stachliu.com
  • 47. Thank Yo You Stach & Liu Project info: http://www.stachliu.com/index.php/resources/tools/google-hacking-diggity-project/ htt //www t hli /i d h / /t l / l h ki di it j t/ 47