SlideShare ist ein Scribd-Unternehmen logo

Pulp Google Hacking

Bishop Fox
Bishop Fox

This document summarizes a presentation about advanced Google and Bing hacking techniques and tools. It introduces the Diggity tool suite for searching Google and Bing using advanced queries to find vulnerabilities. New tools in the suite include CodeSearchDiggity to find vulnerabilities in open source code, MalwareDiggity to detect malware sites linked from a domain, and alert tools that monitor hacking databases and provide notifications of new vulnerabilities. The presentation demonstrates how these tools can be used to identify security issues through search engine hacking.

Software
1 von 72
Downloaden Sie, um offline zu lesen
Pulp Google Hacking The Next Generation Search Engine Hacking Arsenal 3 August 2011 – Black Hat 2011 – Las Vegas, NV Presented by: Francis Brown Rob Ragan Stach & Liu, LLC www.stachliu.com
Agenda 2 • Introduction/Background • Advanced Attacks • Google/Bing Hacking - Core Tools • NEW Diggity Attack Tools • Advanced Defenses • Google/Bing Hacking Alert RSS Feeds • NEW Diggity Alert Feeds and Updates • NEW Diggity Alert RSS Feed Client Tools • Future Directions O V E R V I E W
Introduction/ Background 3 G E T T I N G U P T O S P E E D
Open Source Intelligence 4 S E A R C H I N G P U B L I C S O U R C E S OSINT – is a form of intelligence collection management that involves finding, selecting, and acquiring information from publicly available sources and analyzing it to produce actionable intelligence.
Google/Bing Hacking 5 S E A R C H E N G I N E A T T A C K S
Google/Bing Hacking 6 S E A R C H E N G I N E A T T A C K S Bing's source leaked! class Bing { public static string Search(string query) { return Google.Search(query); } }
Attack Targets 7 • Advisories and Vulnerabilities (215) • Error Messages (58) • Files containing juicy info (230) • Files containing passwords (135) • Files containing usernames (15) • Footholds (21) • Pages containing login portals (232) G O O G L E H A C K I N G D A T A B A S E • Pages containing network or vulnerability data (59) • Sensitive Directories (61) • Sensitive Online Shopping Info (9) • Various Online Devices (201) • Vulnerable Files (57) • Vulnerable Servers (48) • Web Server Detection (72)
Google Hacking = Lulz 8 LulzSec and Anonymous believed to use Google Hacking as a primary means of identifying vulnerable targets. Their releases have nothing to do with their goals or their lulz. It's purely based on whatever they find with their "google hacking" queries and then release it. -- A-Team, 28 June 2011 R E A L W O R L D T H R E A T
Google Hacking = Lulz 9 R E A L W O R L D T H R E A T 22:14 <@kayla> Sooooo...using the link above and the google hack string. !Host=*.* intext:enc_UserPassword=* ext:pcf Take your pick of VPNs you want access too. Ugghh.. Aaron Barr CEO HBGary Federal Inc. 22:15 <@kayla> download the pcf file 22:16 <@kayla> then use http://www.unix-ag.uni- kl.de/~massar/bin/cisco-decode?enc= to clear text it 22:16 <@kayla> = free VPN
Quick History 10 G O O G L E H A C K I N G R E C A P Dates Event 2004 Google Hacking Database (GHDB) begins May 2004 Foundstone SiteDigger v1 released Jan 2005 Foundstone SiteDigger v2 released Feb 13, 2005 Google Hack Honeypot first release Feb 20, 2005 Google Hacking v1 released by Johnny Long Jan 10, 2006 MSNPawn v1.0 released by NetSquare Dec 5, 2006 Google stops issuing Google SOAP API keys Mar 2007 Bing disables inurl: link: and linkdomain: Nov 2, 2007 Google Hacking v2 released
Quick History…cont. 11 G O O G L E H A C K I N G R E C A P Dates Event Mar 2008 cDc Goolag - gui tool released Sept 7, 2009 Google shuts down SOAP Search API Nov 2009 Binging tool released by Blueinfy Dec 1, 2009 FoundStone SiteDigger v 3.0 released 2010 Googlag.org disappears April 21, 2010 Google Hacking Diggity Project initial releases Nov 1, 2010 Google AJAX API slated for retirement Nov 9, 2010 GHDB Reborn Announced – Exploit-db.com July 2011 Bing ceases ‘&format=rss’ support
Advanced Attacks 12 W H A T Y O U S H O U L D K N O W
Diggity Core Tools 13 Google Diggity • Uses Google JSON/ATOM API • Not blocked by Google bot detection • Does not violate Terms of Service • Required to use Bing Diggity • Uses Bing 2.0 SOAP API • Company/Webapp Profiling • Enumerate: URLs, IP-to-virtual hosts, etc. • Bing Hacking Database (BHDB) • Vulnerability search queries in Bing format S T A C H & L I U T O O L S
New Features 14 Google Diggity - New API • Updated to use Google JSON/ATOM API • Due to deprecated Google AJAX API Misc. Feature Uprades • Auto-update for dictionaries • Output export formats • Now also XLS and HTML • Help File – chm file added D I G G I T Y C O R E T O O L S
New Features 15 Download Buttons for Google/Bing Diggity • Download actual files from Google/Bing search results • Downloads to default: C:DiggityDownloads • Used by other tools for file download/analysis: • FlashDiggity, DLP Diggity, MalwareDiggity,… D O W N L O A D B U T T O N
New Features 16 SLDB Updates in Progress • Example: SharePoint Google Dictionary • http://www.stachliu.com/resources/tools/sharepoint-hacking-diggity- project/#SharePoint – GoogleDiggity Dictionary File A U T O - U P D A T E S
Google Diggity 17 D I G G I T Y C O R E T O O L S
Bing Diggity 18 D I G G I T Y C O R E T O O L S
Bing Hacking Database 19 BHDB – Bing Hacking Data Base • First ever Bing hacking database • Bing hacking limitations • Disabled inurl:, link: and linkdomain: directives in March 2007 • No support for ext:, allintitle:, allinurl: • Limited filetype: functionality • Only 12 extensions supported Example - Bing vulnerability search: • GHDB query • "allintitle:Netscape FastTrack Server Home Page" • BHDB version • intitle:”Netscape FastTrack Server Home Page" S T A C H & L I U T O O L S
Hacking CSE’s 20 A L L T O P L E V E L D O M A I N S
N E W G O O G L E H A C K I N G T O O L S 21 Code Search Diggity
Google Code Search 22 V U L N S I N O P E N S O U R C E C O D E • Regex search for vulnerabilities in indexed public code, including popular open source code repositories: • Example: SQL Injection in ASP querystring • select.*from.*request.QUERYSTRING
CodeSearch Diggity 23 A M A Z O N C L O U D S E C R E T K E Y S
N E W G O O G L E H A C K I N G T O O L S 24 Bing LinkFromDomainDiggity
Bing LinkFromDomain 25 D I G G I T Y T O O L K I T
Bing LinkFromDomain 26 F O O T P R I N T I N G L A R G E O R G A N I Z A T I O N S
N E W G O O G L E H A C K I N G T O O L S 27 Malware Diggity
MalwareDiggity 28 D I G G I T Y T O O L K I T 1. Leverages Bing’s linkfromdomain: search directive to find off-site links of target applications/domains 2. Runs off-site links against Google’s Safe Browsing API to determine if any are malware distribution sites 3. Return results that identify malware sites that your web applications are directly linking to
Mass Injection Attacks 29 M A L W A R E G O N E W I L D Malware Distribution Woes – WSJ.com – June2010 • Popular websites victimized, become malware distribution sites to their own customers
Mass Injection Attacks 30 M A L W A R E G O N E W I L D Malware Distribution Woes – LizaMoon – April2011 • Popular websites victimized, become malware distribution sites to their own customers
Mass Injection Attacks 31 M A L W A R E G O N E W I L D Malware Distribution Woes – willysy.com - August2011 • Popular websites victimized, become malware distribution sites to their own customers
Malware Diggity 32 D I G G I T Y T O O L K I T
Malware Diggity 33 D I G G I T Y T O O L K I T
Malware Diggity 34 D I A G N O S T I C S I N R E S U L T S
N E W G O O G L E H A C K I N G T O O L S 35 DLP Diggity
DLP Diggity 36 L O T S O F F I L E S T O D A T A M I N E
DLP Diggity 37 M O R E D A T A S E A R C H A B L E E V E R Y Y E A R 2004 2007 2011 0 100,000,000 200,000,000 300,000,000 400,000,000 500,000,000 600,000,000 PDF DOC XLS TXT 10,900,000 2,100,000 969,000 1,720,000 260,000,000 42,000,000 16,100,000 30,100,000 513,000,000 84,500,000 17,300,000 46,400,000 Google Results for Common Docs 2004 2007 2011
DLP Diggity 38 D I G G I T Y T O O L K I T
N E W G O O G L E H A C K I N G T O O L S 39 FlashDiggity
Flash Diggity 40 D I G G I T Y T O O L K I T • Google for SWF files on target domains • Example search: filetype:swf site:example.com • Download SWF files to C:DiggityDownloads • Disassemble SWF files and analyze for Flash vulnerabilities
DEMO N E W G O O G L E H A C K I N G T O O L S 41
GoogleScrape Diggity 42 GoogleScrape Diggity • Uses Google mobile interface • Light-weight, no advertisements • Violates Terms of Service • Bot detection avoidance • Distributed via proxies • Spoofs User-agent and Referer headers • Random &userip= value • Across Google servers D I G G I T Y T O O L K I T
N E W G O O G L E H A C K I N G T O O L S 43 Baidu Diggity
BaiduDiggity 44 C H I N A S E A R C H E N G I N E • Fighting back
Advanced Defenses 45 P R O T E C T Y O N E C K
• “Google Hack yourself” organization • Employ tools and techniques used by hackers • Remove info leaks from Google cache • Using Google Webmaster Tools • Regularly update your robots.txt. • Or robots meta tags for individual page exclusion • Data Loss Prevention/Extrusion Prevention Systems • Free Tools: OpenDLP, Senf • Policy and Legal Restrictions Traditional Defenses 46 G O O G L E H A C K I N G D E F E N S E S
Existing Defenses 47 “H A C K Y O U R S E L F” Multi-engine results Real-time updates Convenient Historical archived data  Multi-domain searching Tools exist
Advanced Defenses 48 N E W H O T S I Z Z L E Stach & Liu now proudly presents: • Google and Bing Hacking Alerts • SharePoint Hacking Alerts – 118 dorks • SHODAN Hacking Alerts – 26 dorks • Diggity Alerts FUNdle Bundles • Consolidated alerts into 1 RSS feed • Alert Client Tools • Alert Diggity – Windows systray notifications • iDiggity Alerts – iPhone notification app
Google Hacking Alerts 49 Google Hacking Alerts • All hacking database queries using • Real-time vuln updates to >2400 hack queries via RSS • Organized and available via importable file A D V A N C E D D E F E N S E S
Google Hacking Alerts 50 A D V A N C E D D E F E N S E S
Bing Hacking Alerts 51 Bing Hacking Alerts • Bing searches with regexs from BHDB • Leverages http://api.bing.com/rss.aspx • Real-time vuln updates to >900 Bing hack queries via RSS A D V A N C E D D E F E N S E S
Bing/Google Alerts 52 L I V E V U L N E R A B I L I T Y F E E D S World’s Largest Live Vulnerability Repository • Daily updates of ~3000 new hits per day
A D V A N C E D D E F E N S E T O O L S 53 Diggity Alert Fundle Bundle Diggity Alerts One Feed to Rule Them All
FUNdle Bundle 54 A D V A N C E D D E F E N S E S
FUNdle Bundle 55 A D V A N C E D D E F E N S E S
FUNdle Bundle 56 M O B I L E F R I E N D L Y
A D V A N C E D D E F E N S E T O O L S 57 SHODAN Alerts
SHODAN Alerts 58 F I N D I N G S C A D A S Y S T E M S
SHODAN Alerts 59 S H O D A N R S S F E E D S
Bing/Google Alerts 60 T H I C K C L I E N T S T O O L S Google/Bing Hacking Alert Thick Clients • Google/Bing Alerts RSS feeds as input • Allow user to set one or more filters • e.g. “yourcompany.com” in the URL • Several thick clients being released: • Windows Systray App • Droid app (coming soon) • iPhone app
A D V A N C E D D E F E N S E T O O L S 61 Alert Diggity
Alerts Diggity 62 A D V A N C E D D E F E N S E S
A D V A N C E D D E F E N S E T O O L S 63 iDiggity Alerts iDiggity Alerts
iDiggity Alerts 64 A D V A N C E D D E F E N S E S
iDiggity Alerts 65 A D V A N C E D D E F E N S E S
New Defenses 66 “G O O G L E / B I N G H A C K A L E R T S” Multi-engine results Real-time updates Convenient Historical archived data  Multi-domain searching Tools exist
Future Direction 67 I S N O W
Diggity Alert DB 68 D A T A M I N I N G V U L N S Diggity Alerts Database
Dictionary Updates 69 T H I R D - P A R T Y I N T E G R A T I O N New maintainers of the GHDB – 09 Nov 2010 • http://www.exploit-db.com/google-hacking-database-reborn/
Special Thanks Oscar “The Bull” Salazar Brad “BeSickWittIt” Sickles Nick “King Luscious” Harbin Prajakta “The Flasher” Jagdale Ruihai “Ninja” Fang Jason “Blk-majik” Lash
Questions? Ask us something We’ll try to answer it. For more info: Email: contact@stachliu.com Project: diggity@stachliu.com Stach & Liu, LLC www.stachliu.com
Thank You 72 Stach & Liu Google Hacking Diggity Project info: http://www.stachliu.com/index.php/resources/tools/google-hacking-diggity-project/

Empfohlen

Lord of the Bing: Taking Back Search Engine Hacking From Google and Bing
Lord of the Bing: Taking Back Search Engine Hacking From Google and BingLord of the Bing: Taking Back Search Engine Hacking From Google and Bing
Lord of the Bing: Taking Back Search Engine Hacking From Google and BingBishop Fox
 
OWASP LA – SharePoint Hacking – 22Feb2012 – Slides.PDF
OWASP LA – SharePoint Hacking – 22Feb2012 – Slides.PDFOWASP LA – SharePoint Hacking – 22Feb2012 – Slides.PDF
OWASP LA – SharePoint Hacking – 22Feb2012 – Slides.PDFBishop Fox
 
InfoSec World 2013 – W4 – Using Google to Find Vulnerabilities in Your IT Env...
InfoSec World 2013 – W4 – Using Google to Find Vulnerabilities in Your IT Env...InfoSec World 2013 – W4 – Using Google to Find Vulnerabilities in Your IT Env...
InfoSec World 2013 – W4 – Using Google to Find Vulnerabilities in Your IT Env...Bishop Fox
 
DEFCON 20 (2012) – Tenacious Diggity – 29July2012 – Slides.PDF
DEFCON 20 (2012) – Tenacious Diggity – 29July2012 – Slides.PDFDEFCON 20 (2012) – Tenacious Diggity – 29July2012 – Slides.PDF
DEFCON 20 (2012) – Tenacious Diggity – 29July2012 – Slides.PDFBishop Fox
 
StachLiu-NotInMyBackYard
StachLiu-NotInMyBackYardStachLiu-NotInMyBackYard
StachLiu-NotInMyBackYarddiggityslides
 
OWASP – Internet of Things (IoT) – Top 10 Vulnerabilities List
OWASP – Internet of Things (IoT) – Top 10 Vulnerabilities ListOWASP – Internet of Things (IoT) – Top 10 Vulnerabilities List
OWASP – Internet of Things (IoT) – Top 10 Vulnerabilities ListBishop Fox
 
DEF CON 25 (2017)- Game of Drones - Brown,Latimer - 29July2017 - Slides.PDF
DEF CON 25 (2017)- Game of Drones - Brown,Latimer - 29July2017 - Slides.PDFDEF CON 25 (2017)- Game of Drones - Brown,Latimer - 29July2017 - Slides.PDF
DEF CON 25 (2017)- Game of Drones - Brown,Latimer - 29July2017 - Slides.PDFBishop Fox
 
Wrangle Your Defense Using Offensive Tactics BSides CT 2019
Wrangle Your Defense Using Offensive Tactics BSides CT 2019Wrangle Your Defense Using Offensive Tactics BSides CT 2019
Wrangle Your Defense Using Offensive Tactics BSides CT 2019Matt Dunn
 

Empfohlen

Lord of the Bing: Taking Back Search Engine Hacking From Google and Bing
Lord of the Bing: Taking Back Search Engine Hacking From Google and BingLord of the Bing: Taking Back Search Engine Hacking From Google and Bing
Lord of the Bing: Taking Back Search Engine Hacking From Google and BingBishop Fox
 
OWASP LA – SharePoint Hacking – 22Feb2012 – Slides.PDF
OWASP LA – SharePoint Hacking – 22Feb2012 – Slides.PDFOWASP LA – SharePoint Hacking – 22Feb2012 – Slides.PDF
OWASP LA – SharePoint Hacking – 22Feb2012 – Slides.PDFBishop Fox
 
InfoSec World 2013 – W4 – Using Google to Find Vulnerabilities in Your IT Env...
InfoSec World 2013 – W4 – Using Google to Find Vulnerabilities in Your IT Env...InfoSec World 2013 – W4 – Using Google to Find Vulnerabilities in Your IT Env...
InfoSec World 2013 – W4 – Using Google to Find Vulnerabilities in Your IT Env...Bishop Fox
 
DEFCON 20 (2012) – Tenacious Diggity – 29July2012 – Slides.PDF
DEFCON 20 (2012) – Tenacious Diggity – 29July2012 – Slides.PDFDEFCON 20 (2012) – Tenacious Diggity – 29July2012 – Slides.PDF
DEFCON 20 (2012) – Tenacious Diggity – 29July2012 – Slides.PDFBishop Fox
 
StachLiu-NotInMyBackYard
StachLiu-NotInMyBackYardStachLiu-NotInMyBackYard
StachLiu-NotInMyBackYarddiggityslides
 
OWASP – Internet of Things (IoT) – Top 10 Vulnerabilities List
OWASP – Internet of Things (IoT) – Top 10 Vulnerabilities ListOWASP – Internet of Things (IoT) – Top 10 Vulnerabilities List
OWASP – Internet of Things (IoT) – Top 10 Vulnerabilities ListBishop Fox
 
DEF CON 25 (2017)- Game of Drones - Brown,Latimer - 29July2017 - Slides.PDF
DEF CON 25 (2017)- Game of Drones - Brown,Latimer - 29July2017 - Slides.PDFDEF CON 25 (2017)- Game of Drones - Brown,Latimer - 29July2017 - Slides.PDF
DEF CON 25 (2017)- Game of Drones - Brown,Latimer - 29July2017 - Slides.PDFBishop Fox
 
Wrangle Your Defense Using Offensive Tactics BSides CT 2019
Wrangle Your Defense Using Offensive Tactics BSides CT 2019Wrangle Your Defense Using Offensive Tactics BSides CT 2019
Wrangle Your Defense Using Offensive Tactics BSides CT 2019Matt Dunn
 
Wrangle Your Defense Using Offensive Tactics - ISSA May Meeting
Wrangle Your Defense Using Offensive Tactics - ISSA May MeetingWrangle Your Defense Using Offensive Tactics - ISSA May Meeting
Wrangle Your Defense Using Offensive Tactics - ISSA May MeetingMatt Dunn
 
CITEC #CON2-Dirty Attack with Google Hacking
CITEC #CON2-Dirty Attack with Google HackingCITEC #CON2-Dirty Attack with Google Hacking
CITEC #CON2-Dirty Attack with Google HackingPrathan Phongthiproek
 
Ramon Vicens & Antonio Molina - Seguimiento de actores cibercriminales en Dar...
Ramon Vicens & Antonio Molina - Seguimiento de actores cibercriminales en Dar...Ramon Vicens & Antonio Molina - Seguimiento de actores cibercriminales en Dar...
Ramon Vicens & Antonio Molina - Seguimiento de actores cibercriminales en Dar...RootedCON
 
How to Reuse Your Content - Search Marketing Summit Sydney
How to Reuse Your Content - Search Marketing Summit SydneyHow to Reuse Your Content - Search Marketing Summit Sydney
How to Reuse Your Content - Search Marketing Summit SydneyAshley Segura
 
How to Take a Month Off From Content - Pubtelligence
How to Take a Month Off From Content - PubtelligenceHow to Take a Month Off From Content - Pubtelligence
How to Take a Month Off From Content - PubtelligenceAshley Segura
 
Guccifer 2.0 the DNC Hack, and Fancy Bears, Oh My!
Guccifer 2.0 the DNC Hack, and Fancy Bears, Oh My!Guccifer 2.0 the DNC Hack, and Fancy Bears, Oh My!
Guccifer 2.0 the DNC Hack, and Fancy Bears, Oh My!ThreatConnect
 
Digital Summit Denver: Reusable Content
Digital Summit Denver: Reusable ContentDigital Summit Denver: Reusable Content
Digital Summit Denver: Reusable ContentAshley Segura
 
Hack attack pulp google
Hack attack pulp googleHack attack pulp google
Hack attack pulp googlesourav6388
 
Black Hat 2011 - Pulp Google Hacking: The Next Generation Search Engine Hacki...
Black Hat 2011 - Pulp Google Hacking: The Next Generation Search Engine Hacki...Black Hat 2011 - Pulp Google Hacking: The Next Generation Search Engine Hacki...
Black Hat 2011 - Pulp Google Hacking: The Next Generation Search Engine Hacki...Rob Ragan
 
Lord of the Bing - Black Hat USA 2010
Lord of the Bing - Black Hat USA 2010Lord of the Bing - Black Hat USA 2010
Lord of the Bing - Black Hat USA 2010Rob Ragan
 
Lord of the bing b-sides atl
Lord of the bing b-sides atlLord of the bing b-sides atl
Lord of the bing b-sides atlSecurity B-Sides
 
Tenacious Diggity - Skinny Dippin in a Sea of Bing
Tenacious Diggity - Skinny Dippin in a Sea of BingTenacious Diggity - Skinny Dippin in a Sea of Bing
Tenacious Diggity - Skinny Dippin in a Sea of BingRob Ragan
 
Automatic Detection of Web Trackers by Vasia Kalavri
Automatic Detection of Web Trackers by Vasia KalavriAutomatic Detection of Web Trackers by Vasia Kalavri
Automatic Detection of Web Trackers by Vasia KalavriFlink Forward
 
Google Hacking 101
Google Hacking 101Google Hacking 101
Google Hacking 101Sais Abdelkrim
 
Google Developers Overview Deck 2015
Google Developers Overview Deck 2015Google Developers Overview Deck 2015
Google Developers Overview Deck 2015Houssem Eddine LASSOUED
 
Enterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringEnterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringTom Eston
 
Jeremy cabral search marketing summit - scraping data-driven content (1)
Jeremy cabral search marketing summit - scraping data-driven content (1)Jeremy cabral search marketing summit - scraping data-driven content (1)
Jeremy cabral search marketing summit - scraping data-driven content (1)Jeremy Cabral
 
Offensive OSINT
Offensive OSINTOffensive OSINT
Offensive OSINTChristian Martorella
 
apidays LIVE Helsinki & North 2022_Building an Accessible API Spec with Tradi...
apidays LIVE Helsinki & North 2022_Building an Accessible API Spec with Tradi...apidays LIVE Helsinki & North 2022_Building an Accessible API Spec with Tradi...
apidays LIVE Helsinki & North 2022_Building an Accessible API Spec with Tradi...apidays
 
[CB19] I KNOW WHAT YOU DID LAST NIGHT : Pwning The State-Of-The-Art the IoT H...
[CB19] I KNOW WHAT YOU DID LAST NIGHT : Pwning The State-Of-The-Art the IoT H...[CB19] I KNOW WHAT YOU DID LAST NIGHT : Pwning The State-Of-The-Art the IoT H...
[CB19] I KNOW WHAT YOU DID LAST NIGHT : Pwning The State-Of-The-Art the IoT H...CODE BLUE
 
Open Source Insight: Hub Detect & DevOps, OSS for Cars & 1.8 M Voter Info Leaked
Open Source Insight: Hub Detect & DevOps, OSS for Cars & 1.8 M Voter Info LeakedOpen Source Insight: Hub Detect & DevOps, OSS for Cars & 1.8 M Voter Info Leaked
Open Source Insight: Hub Detect & DevOps, OSS for Cars & 1.8 M Voter Info LeakedBlack Duck by Synopsys
 
Dissecting and Mitigating the Privacy Risk of Personal Cloud Apps (at PETS 2016)
Dissecting and Mitigating the Privacy Risk of Personal Cloud Apps (at PETS 2016)Dissecting and Mitigating the Privacy Risk of Personal Cloud Apps (at PETS 2016)
Dissecting and Mitigating the Privacy Risk of Personal Cloud Apps (at PETS 2016)Hamza Harkous
 

Weitere ähnliche Inhalte

Was ist angesagt?

Wrangle Your Defense Using Offensive Tactics - ISSA May Meeting
Wrangle Your Defense Using Offensive Tactics - ISSA May MeetingWrangle Your Defense Using Offensive Tactics - ISSA May Meeting
Wrangle Your Defense Using Offensive Tactics - ISSA May MeetingMatt Dunn
 
CITEC #CON2-Dirty Attack with Google Hacking
CITEC #CON2-Dirty Attack with Google HackingCITEC #CON2-Dirty Attack with Google Hacking
CITEC #CON2-Dirty Attack with Google HackingPrathan Phongthiproek
 
Ramon Vicens & Antonio Molina - Seguimiento de actores cibercriminales en Dar...
Ramon Vicens & Antonio Molina - Seguimiento de actores cibercriminales en Dar...Ramon Vicens & Antonio Molina - Seguimiento de actores cibercriminales en Dar...
Ramon Vicens & Antonio Molina - Seguimiento de actores cibercriminales en Dar...RootedCON
 
How to Reuse Your Content - Search Marketing Summit Sydney
How to Reuse Your Content - Search Marketing Summit SydneyHow to Reuse Your Content - Search Marketing Summit Sydney
How to Reuse Your Content - Search Marketing Summit SydneyAshley Segura
 
How to Take a Month Off From Content - Pubtelligence
How to Take a Month Off From Content - PubtelligenceHow to Take a Month Off From Content - Pubtelligence
How to Take a Month Off From Content - PubtelligenceAshley Segura
 
Guccifer 2.0 the DNC Hack, and Fancy Bears, Oh My!
Guccifer 2.0 the DNC Hack, and Fancy Bears, Oh My!Guccifer 2.0 the DNC Hack, and Fancy Bears, Oh My!
Guccifer 2.0 the DNC Hack, and Fancy Bears, Oh My!ThreatConnect
 
Digital Summit Denver: Reusable Content
Digital Summit Denver: Reusable ContentDigital Summit Denver: Reusable Content
Digital Summit Denver: Reusable ContentAshley Segura
 

Was ist angesagt? (7)

Wrangle Your Defense Using Offensive Tactics - ISSA May Meeting
Wrangle Your Defense Using Offensive Tactics - ISSA May MeetingWrangle Your Defense Using Offensive Tactics - ISSA May Meeting
Wrangle Your Defense Using Offensive Tactics - ISSA May Meeting
 
CITEC #CON2-Dirty Attack with Google Hacking
CITEC #CON2-Dirty Attack with Google HackingCITEC #CON2-Dirty Attack with Google Hacking
CITEC #CON2-Dirty Attack with Google Hacking
 
Ramon Vicens & Antonio Molina - Seguimiento de actores cibercriminales en Dar...
Ramon Vicens & Antonio Molina - Seguimiento de actores cibercriminales en Dar...Ramon Vicens & Antonio Molina - Seguimiento de actores cibercriminales en Dar...
Ramon Vicens & Antonio Molina - Seguimiento de actores cibercriminales en Dar...
 
How to Reuse Your Content - Search Marketing Summit Sydney
How to Reuse Your Content - Search Marketing Summit SydneyHow to Reuse Your Content - Search Marketing Summit Sydney
How to Reuse Your Content - Search Marketing Summit Sydney
 
How to Take a Month Off From Content - Pubtelligence
How to Take a Month Off From Content - PubtelligenceHow to Take a Month Off From Content - Pubtelligence
How to Take a Month Off From Content - Pubtelligence
 
Guccifer 2.0 the DNC Hack, and Fancy Bears, Oh My!
Guccifer 2.0 the DNC Hack, and Fancy Bears, Oh My!Guccifer 2.0 the DNC Hack, and Fancy Bears, Oh My!
Guccifer 2.0 the DNC Hack, and Fancy Bears, Oh My!
 
Digital Summit Denver: Reusable Content
Digital Summit Denver: Reusable ContentDigital Summit Denver: Reusable Content
Digital Summit Denver: Reusable Content
 

Ähnlich wie Pulp Google Hacking

Hack attack pulp google
Hack attack pulp googleHack attack pulp google
Hack attack pulp googlesourav6388
 
Black Hat 2011 - Pulp Google Hacking: The Next Generation Search Engine Hacki...
Black Hat 2011 - Pulp Google Hacking: The Next Generation Search Engine Hacki...Black Hat 2011 - Pulp Google Hacking: The Next Generation Search Engine Hacki...
Black Hat 2011 - Pulp Google Hacking: The Next Generation Search Engine Hacki...Rob Ragan
 
Lord of the Bing - Black Hat USA 2010
Lord of the Bing - Black Hat USA 2010Lord of the Bing - Black Hat USA 2010
Lord of the Bing - Black Hat USA 2010Rob Ragan
 
Lord of the bing b-sides atl
Lord of the bing b-sides atlLord of the bing b-sides atl
Lord of the bing b-sides atlSecurity B-Sides
 
Tenacious Diggity - Skinny Dippin in a Sea of Bing
Tenacious Diggity - Skinny Dippin in a Sea of BingTenacious Diggity - Skinny Dippin in a Sea of Bing
Tenacious Diggity - Skinny Dippin in a Sea of BingRob Ragan
 
Automatic Detection of Web Trackers by Vasia Kalavri
Automatic Detection of Web Trackers by Vasia KalavriAutomatic Detection of Web Trackers by Vasia Kalavri
Automatic Detection of Web Trackers by Vasia KalavriFlink Forward
 
Enterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringEnterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringTom Eston
 
Jeremy cabral search marketing summit - scraping data-driven content (1)
Jeremy cabral search marketing summit - scraping data-driven content (1)Jeremy cabral search marketing summit - scraping data-driven content (1)
Jeremy cabral search marketing summit - scraping data-driven content (1)Jeremy Cabral
 
apidays LIVE Helsinki & North 2022_Building an Accessible API Spec with Tradi...
apidays LIVE Helsinki & North 2022_Building an Accessible API Spec with Tradi...apidays LIVE Helsinki & North 2022_Building an Accessible API Spec with Tradi...
apidays LIVE Helsinki & North 2022_Building an Accessible API Spec with Tradi...apidays
 
[CB19] I KNOW WHAT YOU DID LAST NIGHT : Pwning The State-Of-The-Art the IoT H...
[CB19] I KNOW WHAT YOU DID LAST NIGHT : Pwning The State-Of-The-Art the IoT H...[CB19] I KNOW WHAT YOU DID LAST NIGHT : Pwning The State-Of-The-Art the IoT H...
[CB19] I KNOW WHAT YOU DID LAST NIGHT : Pwning The State-Of-The-Art the IoT H...CODE BLUE
 
Open Source Insight: Hub Detect & DevOps, OSS for Cars & 1.8 M Voter Info Leaked
Open Source Insight: Hub Detect & DevOps, OSS for Cars & 1.8 M Voter Info LeakedOpen Source Insight: Hub Detect & DevOps, OSS for Cars & 1.8 M Voter Info Leaked
Open Source Insight: Hub Detect & DevOps, OSS for Cars & 1.8 M Voter Info LeakedBlack Duck by Synopsys
 
Dissecting and Mitigating the Privacy Risk of Personal Cloud Apps (at PETS 2016)
Dissecting and Mitigating the Privacy Risk of Personal Cloud Apps (at PETS 2016)Dissecting and Mitigating the Privacy Risk of Personal Cloud Apps (at PETS 2016)
Dissecting and Mitigating the Privacy Risk of Personal Cloud Apps (at PETS 2016)Hamza Harkous
 
Web Scraping_ Gathering Data from Websites.pptx
Web Scraping_ Gathering Data from Websites.pptxWeb Scraping_ Gathering Data from Websites.pptx
Web Scraping_ Gathering Data from Websites.pptxHitechIOT
 
apidays LIVE Paris 2021 - Building an Accessible API Spec with Traditional En...
apidays LIVE Paris 2021 - Building an Accessible API Spec with Traditional En...apidays LIVE Paris 2021 - Building an Accessible API Spec with Traditional En...
apidays LIVE Paris 2021 - Building an Accessible API Spec with Traditional En...apidays
 
What You Need to Know About Google Penguin 2.0
What You Need to Know About Google Penguin 2.0What You Need to Know About Google Penguin 2.0
What You Need to Know About Google Penguin 2.0DNN
 
Crypto Night at CSUS - Bug Bounties
Crypto Night at CSUS - Bug Bounties Crypto Night at CSUS - Bug Bounties
Crypto Night at CSUS - Bug Bounties Behrouz Sadeghipour
 

Ähnlich wie Pulp Google Hacking (20)

Hack attack pulp google
Hack attack pulp googleHack attack pulp google
Hack attack pulp google
 
Black Hat 2011 - Pulp Google Hacking: The Next Generation Search Engine Hacki...
Black Hat 2011 - Pulp Google Hacking: The Next Generation Search Engine Hacki...Black Hat 2011 - Pulp Google Hacking: The Next Generation Search Engine Hacki...
Black Hat 2011 - Pulp Google Hacking: The Next Generation Search Engine Hacki...
 
Lord of the Bing - Black Hat USA 2010
Lord of the Bing - Black Hat USA 2010Lord of the Bing - Black Hat USA 2010
Lord of the Bing - Black Hat USA 2010
 
Lord of the bing b-sides atl
Lord of the bing b-sides atlLord of the bing b-sides atl
Lord of the bing b-sides atl
 
Tenacious Diggity - Skinny Dippin in a Sea of Bing
Tenacious Diggity - Skinny Dippin in a Sea of BingTenacious Diggity - Skinny Dippin in a Sea of Bing
Tenacious Diggity - Skinny Dippin in a Sea of Bing
 
Automatic Detection of Web Trackers by Vasia Kalavri
Automatic Detection of Web Trackers by Vasia KalavriAutomatic Detection of Web Trackers by Vasia Kalavri
Automatic Detection of Web Trackers by Vasia Kalavri
 
Google Hacking 101
Google Hacking 101Google Hacking 101
Google Hacking 101
 
Google Developers Overview Deck 2015
Google Developers Overview Deck 2015Google Developers Overview Deck 2015
Google Developers Overview Deck 2015
 
Enterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringEnterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence Gathering
 
Jeremy cabral search marketing summit - scraping data-driven content (1)
Jeremy cabral search marketing summit - scraping data-driven content (1)Jeremy cabral search marketing summit - scraping data-driven content (1)
Jeremy cabral search marketing summit - scraping data-driven content (1)
 
Offensive OSINT
Offensive OSINTOffensive OSINT
Offensive OSINT
 
apidays LIVE Helsinki & North 2022_Building an Accessible API Spec with Tradi...
apidays LIVE Helsinki & North 2022_Building an Accessible API Spec with Tradi...apidays LIVE Helsinki & North 2022_Building an Accessible API Spec with Tradi...
apidays LIVE Helsinki & North 2022_Building an Accessible API Spec with Tradi...
 
[CB19] I KNOW WHAT YOU DID LAST NIGHT : Pwning The State-Of-The-Art the IoT H...
[CB19] I KNOW WHAT YOU DID LAST NIGHT : Pwning The State-Of-The-Art the IoT H...[CB19] I KNOW WHAT YOU DID LAST NIGHT : Pwning The State-Of-The-Art the IoT H...
[CB19] I KNOW WHAT YOU DID LAST NIGHT : Pwning The State-Of-The-Art the IoT H...
 
Open Source Insight: Hub Detect & DevOps, OSS for Cars & 1.8 M Voter Info Leaked
Open Source Insight: Hub Detect & DevOps, OSS for Cars & 1.8 M Voter Info LeakedOpen Source Insight: Hub Detect & DevOps, OSS for Cars & 1.8 M Voter Info Leaked
Open Source Insight: Hub Detect & DevOps, OSS for Cars & 1.8 M Voter Info Leaked
 
Dissecting and Mitigating the Privacy Risk of Personal Cloud Apps (at PETS 2016)
Dissecting and Mitigating the Privacy Risk of Personal Cloud Apps (at PETS 2016)Dissecting and Mitigating the Privacy Risk of Personal Cloud Apps (at PETS 2016)
Dissecting and Mitigating the Privacy Risk of Personal Cloud Apps (at PETS 2016)
 
Web Scraping_ Gathering Data from Websites.pptx
Web Scraping_ Gathering Data from Websites.pptxWeb Scraping_ Gathering Data from Websites.pptx
Web Scraping_ Gathering Data from Websites.pptx
 
Tactical Information Gathering
Tactical Information GatheringTactical Information Gathering
Tactical Information Gathering
 
apidays LIVE Paris 2021 - Building an Accessible API Spec with Traditional En...
apidays LIVE Paris 2021 - Building an Accessible API Spec with Traditional En...apidays LIVE Paris 2021 - Building an Accessible API Spec with Traditional En...
apidays LIVE Paris 2021 - Building an Accessible API Spec with Traditional En...
 
What You Need to Know About Google Penguin 2.0
What You Need to Know About Google Penguin 2.0What You Need to Know About Google Penguin 2.0
What You Need to Know About Google Penguin 2.0
 
Crypto Night at CSUS - Bug Bounties
Crypto Night at CSUS - Bug Bounties Crypto Night at CSUS - Bug Bounties
Crypto Night at CSUS - Bug Bounties
 

Mehr von Bishop Fox

InfoSec World 2016 – RFIDiggity – Pentester Guide to Hacking HF/NFC and UHF...
InfoSec World 2016 – RFIDiggity – Pentester Guide to Hacking HF/NFC and UHF... InfoSec World 2016 – RFIDiggity – Pentester Guide to Hacking HF/NFC and UHF...
InfoSec World 2016 – RFIDiggity – Pentester Guide to Hacking HF/NFC and UHF...Bishop Fox
 
SpellCheckV2 Rules
SpellCheckV2 RulesSpellCheckV2 Rules
SpellCheckV2 RulesBishop Fox
 
Smarter Home Invasion With ZigDiggity
Smarter Home Invasion With ZigDiggitySmarter Home Invasion With ZigDiggity
Smarter Home Invasion With ZigDiggityBishop Fox
 
Hacking Exposed EBS Volumes
Hacking Exposed EBS Volumes Hacking Exposed EBS Volumes
Hacking Exposed EBS Volumes Bishop Fox
 
Ghost in the Browser: Broad-Scale Espionage with Bitsquatting
Ghost in the Browser: Broad-Scale Espionage with Bitsquatting Ghost in the Browser: Broad-Scale Espionage with Bitsquatting
Ghost in the Browser: Broad-Scale Espionage with BitsquattingBishop Fox
 
Ferris Bueller’s Guide to Abuse Domain Permutations
Ferris Bueller’s Guide to Abuse Domain PermutationsFerris Bueller’s Guide to Abuse Domain Permutations
Ferris Bueller’s Guide to Abuse Domain PermutationsBishop Fox
 
Check Your Privilege (Escalation)
Check Your Privilege (Escalation) Check Your Privilege (Escalation)
Check Your Privilege (Escalation) Bishop Fox
 
Introduction to Linux Privilege Escalation Methods
Introduction to Linux Privilege Escalation MethodsIntroduction to Linux Privilege Escalation Methods
Introduction to Linux Privilege Escalation MethodsBishop Fox
 
Penetration Testing Resource Guide
Penetration Testing Resource Guide Penetration Testing Resource Guide
Penetration Testing Resource Guide Bishop Fox
 
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit Basics
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit BasicsNetwork Penetration Testing Toolkit - Nmap, Netcat, and Metasploit Basics
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit BasicsBishop Fox
 
How Perceptual Analysis Helps Bug Hunters
How Perceptual Analysis Helps Bug HuntersHow Perceptual Analysis Helps Bug Hunters
How Perceptual Analysis Helps Bug HuntersBishop Fox
 
Getting Buzzed on Buzzwords: Using Cloud & Big Data to Pentest at Scale
Getting Buzzed on Buzzwords: Using Cloud & Big Data to Pentest at ScaleGetting Buzzed on Buzzwords: Using Cloud & Big Data to Pentest at Scale
Getting Buzzed on Buzzwords: Using Cloud & Big Data to Pentest at ScaleBishop Fox
 
Evolving Cyber Adversary Simulation: How Red Teaming Benefits Organizations
Evolving Cyber Adversary Simulation: How Red Teaming Benefits OrganizationsEvolving Cyber Adversary Simulation: How Red Teaming Benefits Organizations
Evolving Cyber Adversary Simulation: How Red Teaming Benefits OrganizationsBishop Fox
 
ASU Cybersecurity Symposium - Breaking Into a Career of Breaking In
ASU Cybersecurity Symposium - Breaking Into a Career of Breaking In ASU Cybersecurity Symposium - Breaking Into a Career of Breaking In
ASU Cybersecurity Symposium - Breaking Into a Career of Breaking In Bishop Fox
 
CactusCon 2018 - Anatomy of an AppSec Program
CactusCon 2018 - Anatomy of an AppSec Program CactusCon 2018 - Anatomy of an AppSec Program
CactusCon 2018 - Anatomy of an AppSec Program Bishop Fox
 
Preparing a Next Generation IT Strategy
Preparing a Next Generation IT StrategyPreparing a Next Generation IT Strategy
Preparing a Next Generation IT StrategyBishop Fox
 
Black Hat USA - CloudBots Harvesting Crypto Coins Like a Botnet Farmer
Black Hat USA - CloudBots Harvesting Crypto Coins Like a Botnet FarmerBlack Hat USA - CloudBots Harvesting Crypto Coins Like a Botnet Farmer
Black Hat USA - CloudBots Harvesting Crypto Coins Like a Botnet FarmerBishop Fox
 
RFID Hacking: Live Free or RFID Hard
RFID Hacking: Live Free or RFID HardRFID Hacking: Live Free or RFID Hard
RFID Hacking: Live Free or RFID HardBishop Fox
 
Defeating Social Engineering, BECs & Phishing
Defeating Social Engineering, BECs & PhishingDefeating Social Engineering, BECs & Phishing
Defeating Social Engineering, BECs & PhishingBishop Fox
 
Black Hat USA 2016 - Highway to the Danger Drone - 03Aug2016 - Slides - UPDAT...
Black Hat USA 2016 - Highway to the Danger Drone - 03Aug2016 - Slides - UPDAT...Black Hat USA 2016 - Highway to the Danger Drone - 03Aug2016 - Slides - UPDAT...
Black Hat USA 2016 - Highway to the Danger Drone - 03Aug2016 - Slides - UPDAT...Bishop Fox
 

Mehr von Bishop Fox (20)

InfoSec World 2016 – RFIDiggity – Pentester Guide to Hacking HF/NFC and UHF...
InfoSec World 2016 – RFIDiggity – Pentester Guide to Hacking HF/NFC and UHF... InfoSec World 2016 – RFIDiggity – Pentester Guide to Hacking HF/NFC and UHF...
InfoSec World 2016 – RFIDiggity – Pentester Guide to Hacking HF/NFC and UHF...
 
SpellCheckV2 Rules
SpellCheckV2 RulesSpellCheckV2 Rules
SpellCheckV2 Rules
 
Smarter Home Invasion With ZigDiggity
Smarter Home Invasion With ZigDiggitySmarter Home Invasion With ZigDiggity
Smarter Home Invasion With ZigDiggity
 
Hacking Exposed EBS Volumes
Hacking Exposed EBS Volumes Hacking Exposed EBS Volumes
Hacking Exposed EBS Volumes
 
Ghost in the Browser: Broad-Scale Espionage with Bitsquatting
Ghost in the Browser: Broad-Scale Espionage with Bitsquatting Ghost in the Browser: Broad-Scale Espionage with Bitsquatting
Ghost in the Browser: Broad-Scale Espionage with Bitsquatting
 
Ferris Bueller’s Guide to Abuse Domain Permutations
Ferris Bueller’s Guide to Abuse Domain PermutationsFerris Bueller’s Guide to Abuse Domain Permutations
Ferris Bueller’s Guide to Abuse Domain Permutations
 
Check Your Privilege (Escalation)
Check Your Privilege (Escalation) Check Your Privilege (Escalation)
Check Your Privilege (Escalation)
 
Introduction to Linux Privilege Escalation Methods
Introduction to Linux Privilege Escalation MethodsIntroduction to Linux Privilege Escalation Methods
Introduction to Linux Privilege Escalation Methods
 
Penetration Testing Resource Guide
Penetration Testing Resource Guide Penetration Testing Resource Guide
Penetration Testing Resource Guide
 
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit Basics
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit BasicsNetwork Penetration Testing Toolkit - Nmap, Netcat, and Metasploit Basics
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit Basics
 
How Perceptual Analysis Helps Bug Hunters
How Perceptual Analysis Helps Bug HuntersHow Perceptual Analysis Helps Bug Hunters
How Perceptual Analysis Helps Bug Hunters
 
Getting Buzzed on Buzzwords: Using Cloud & Big Data to Pentest at Scale
Getting Buzzed on Buzzwords: Using Cloud & Big Data to Pentest at ScaleGetting Buzzed on Buzzwords: Using Cloud & Big Data to Pentest at Scale
Getting Buzzed on Buzzwords: Using Cloud & Big Data to Pentest at Scale
 
Evolving Cyber Adversary Simulation: How Red Teaming Benefits Organizations
Evolving Cyber Adversary Simulation: How Red Teaming Benefits OrganizationsEvolving Cyber Adversary Simulation: How Red Teaming Benefits Organizations
Evolving Cyber Adversary Simulation: How Red Teaming Benefits Organizations
 
ASU Cybersecurity Symposium - Breaking Into a Career of Breaking In
ASU Cybersecurity Symposium - Breaking Into a Career of Breaking In ASU Cybersecurity Symposium - Breaking Into a Career of Breaking In
ASU Cybersecurity Symposium - Breaking Into a Career of Breaking In
 
CactusCon 2018 - Anatomy of an AppSec Program
CactusCon 2018 - Anatomy of an AppSec Program CactusCon 2018 - Anatomy of an AppSec Program
CactusCon 2018 - Anatomy of an AppSec Program
 
Preparing a Next Generation IT Strategy
Preparing a Next Generation IT StrategyPreparing a Next Generation IT Strategy
Preparing a Next Generation IT Strategy
 
Black Hat USA - CloudBots Harvesting Crypto Coins Like a Botnet Farmer
Black Hat USA - CloudBots Harvesting Crypto Coins Like a Botnet FarmerBlack Hat USA - CloudBots Harvesting Crypto Coins Like a Botnet Farmer
Black Hat USA - CloudBots Harvesting Crypto Coins Like a Botnet Farmer
 
RFID Hacking: Live Free or RFID Hard
RFID Hacking: Live Free or RFID HardRFID Hacking: Live Free or RFID Hard
RFID Hacking: Live Free or RFID Hard
 
Defeating Social Engineering, BECs & Phishing
Defeating Social Engineering, BECs & PhishingDefeating Social Engineering, BECs & Phishing
Defeating Social Engineering, BECs & Phishing
 
Black Hat USA 2016 - Highway to the Danger Drone - 03Aug2016 - Slides - UPDAT...
Black Hat USA 2016 - Highway to the Danger Drone - 03Aug2016 - Slides - UPDAT...Black Hat USA 2016 - Highway to the Danger Drone - 03Aug2016 - Slides - UPDAT...
Black Hat USA 2016 - Highway to the Danger Drone - 03Aug2016 - Slides - UPDAT...
 

Kürzlich hochgeladen

Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Steffen Staab
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 
Active Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfActive Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfCionsystems
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️anilsa9823
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerThousandEyes
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...OnePlan Solutions
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionSolGuruz
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...gurkirankumar98700
 
Test Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendTest Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendArshad QA
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AIABDERRAOUF MEHENNI
 

Kürzlich hochgeladen (20)

Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
Active Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfActive Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdf
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with Precision
 
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
 
Test Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendTest Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and Backend
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
 

Pulp Google Hacking

  • 1. Pulp Google Hacking The Next Generation Search Engine Hacking Arsenal 3 August 2011 – Black Hat 2011 – Las Vegas, NV Presented by: Francis Brown Rob Ragan Stach & Liu, LLC www.stachliu.com
  • 2. Agenda 2 • Introduction/Background • Advanced Attacks • Google/Bing Hacking - Core Tools • NEW Diggity Attack Tools • Advanced Defenses • Google/Bing Hacking Alert RSS Feeds • NEW Diggity Alert Feeds and Updates • NEW Diggity Alert RSS Feed Client Tools • Future Directions O V E R V I E W
  • 3. Introduction/ Background 3 G E T T I N G U P T O S P E E D
  • 4. Open Source Intelligence 4 S E A R C H I N G P U B L I C S O U R C E S OSINT – is a form of intelligence collection management that involves finding, selecting, and acquiring information from publicly available sources and analyzing it to produce actionable intelligence.
  • 5. Google/Bing Hacking 5 S E A R C H E N G I N E A T T A C K S
  • 6. Google/Bing Hacking 6 S E A R C H E N G I N E A T T A C K S Bing's source leaked! class Bing { public static string Search(string query) { return Google.Search(query); } }
  • 7. Attack Targets 7 • Advisories and Vulnerabilities (215) • Error Messages (58) • Files containing juicy info (230) • Files containing passwords (135) • Files containing usernames (15) • Footholds (21) • Pages containing login portals (232) G O O G L E H A C K I N G D A T A B A S E • Pages containing network or vulnerability data (59) • Sensitive Directories (61) • Sensitive Online Shopping Info (9) • Various Online Devices (201) • Vulnerable Files (57) • Vulnerable Servers (48) • Web Server Detection (72)
  • 8. Google Hacking = Lulz 8 LulzSec and Anonymous believed to use Google Hacking as a primary means of identifying vulnerable targets. Their releases have nothing to do with their goals or their lulz. It's purely based on whatever they find with their "google hacking" queries and then release it. -- A-Team, 28 June 2011 R E A L W O R L D T H R E A T
  • 9. Google Hacking = Lulz 9 R E A L W O R L D T H R E A T 22:14 <@kayla> Sooooo...using the link above and the google hack string. !Host=*.* intext:enc_UserPassword=* ext:pcf Take your pick of VPNs you want access too. Ugghh.. Aaron Barr CEO HBGary Federal Inc. 22:15 <@kayla> download the pcf file 22:16 <@kayla> then use http://www.unix-ag.uni- kl.de/~massar/bin/cisco-decode?enc= to clear text it 22:16 <@kayla> = free VPN
  • 10. Quick History 10 G O O G L E H A C K I N G R E C A P Dates Event 2004 Google Hacking Database (GHDB) begins May 2004 Foundstone SiteDigger v1 released Jan 2005 Foundstone SiteDigger v2 released Feb 13, 2005 Google Hack Honeypot first release Feb 20, 2005 Google Hacking v1 released by Johnny Long Jan 10, 2006 MSNPawn v1.0 released by NetSquare Dec 5, 2006 Google stops issuing Google SOAP API keys Mar 2007 Bing disables inurl: link: and linkdomain: Nov 2, 2007 Google Hacking v2 released
  • 11. Quick History…cont. 11 G O O G L E H A C K I N G R E C A P Dates Event Mar 2008 cDc Goolag - gui tool released Sept 7, 2009 Google shuts down SOAP Search API Nov 2009 Binging tool released by Blueinfy Dec 1, 2009 FoundStone SiteDigger v 3.0 released 2010 Googlag.org disappears April 21, 2010 Google Hacking Diggity Project initial releases Nov 1, 2010 Google AJAX API slated for retirement Nov 9, 2010 GHDB Reborn Announced – Exploit-db.com July 2011 Bing ceases ‘&format=rss’ support
  • 12. Advanced Attacks 12 W H A T Y O U S H O U L D K N O W
  • 13. Diggity Core Tools 13 Google Diggity • Uses Google JSON/ATOM API • Not blocked by Google bot detection • Does not violate Terms of Service • Required to use Bing Diggity • Uses Bing 2.0 SOAP API • Company/Webapp Profiling • Enumerate: URLs, IP-to-virtual hosts, etc. • Bing Hacking Database (BHDB) • Vulnerability search queries in Bing format S T A C H & L I U T O O L S
  • 14. New Features 14 Google Diggity - New API • Updated to use Google JSON/ATOM API • Due to deprecated Google AJAX API Misc. Feature Uprades • Auto-update for dictionaries • Output export formats • Now also XLS and HTML • Help File – chm file added D I G G I T Y C O R E T O O L S
  • 15. New Features 15 Download Buttons for Google/Bing Diggity • Download actual files from Google/Bing search results • Downloads to default: C:DiggityDownloads • Used by other tools for file download/analysis: • FlashDiggity, DLP Diggity, MalwareDiggity,… D O W N L O A D B U T T O N
  • 16. New Features 16 SLDB Updates in Progress • Example: SharePoint Google Dictionary • http://www.stachliu.com/resources/tools/sharepoint-hacking-diggity- project/#SharePoint – GoogleDiggity Dictionary File A U T O - U P D A T E S
  • 17. Google Diggity 17 D I G G I T Y C O R E T O O L S
  • 18. Bing Diggity 18 D I G G I T Y C O R E T O O L S
  • 19. Bing Hacking Database 19 BHDB – Bing Hacking Data Base • First ever Bing hacking database • Bing hacking limitations • Disabled inurl:, link: and linkdomain: directives in March 2007 • No support for ext:, allintitle:, allinurl: • Limited filetype: functionality • Only 12 extensions supported Example - Bing vulnerability search: • GHDB query • "allintitle:Netscape FastTrack Server Home Page" • BHDB version • intitle:”Netscape FastTrack Server Home Page" S T A C H & L I U T O O L S
  • 20. Hacking CSE’s 20 A L L T O P L E V E L D O M A I N S
  • 21. N E W G O O G L E H A C K I N G T O O L S 21 Code Search Diggity
  • 22. Google Code Search 22 V U L N S I N O P E N S O U R C E C O D E • Regex search for vulnerabilities in indexed public code, including popular open source code repositories: • Example: SQL Injection in ASP querystring • select.*from.*request.QUERYSTRING
  • 23. CodeSearch Diggity 23 A M A Z O N C L O U D S E C R E T K E Y S
  • 24. N E W G O O G L E H A C K I N G T O O L S 24 Bing LinkFromDomainDiggity
  • 25. Bing LinkFromDomain 25 D I G G I T Y T O O L K I T
  • 26. Bing LinkFromDomain 26 F O O T P R I N T I N G L A R G E O R G A N I Z A T I O N S
  • 27. N E W G O O G L E H A C K I N G T O O L S 27 Malware Diggity
  • 28. MalwareDiggity 28 D I G G I T Y T O O L K I T 1. Leverages Bing’s linkfromdomain: search directive to find off-site links of target applications/domains 2. Runs off-site links against Google’s Safe Browsing API to determine if any are malware distribution sites 3. Return results that identify malware sites that your web applications are directly linking to
  • 29. Mass Injection Attacks 29 M A L W A R E G O N E W I L D Malware Distribution Woes – WSJ.com – June2010 • Popular websites victimized, become malware distribution sites to their own customers
  • 30. Mass Injection Attacks 30 M A L W A R E G O N E W I L D Malware Distribution Woes – LizaMoon – April2011 • Popular websites victimized, become malware distribution sites to their own customers
  • 31. Mass Injection Attacks 31 M A L W A R E G O N E W I L D Malware Distribution Woes – willysy.com - August2011 • Popular websites victimized, become malware distribution sites to their own customers
  • 32. Malware Diggity 32 D I G G I T Y T O O L K I T
  • 33. Malware Diggity 33 D I G G I T Y T O O L K I T
  • 34. Malware Diggity 34 D I A G N O S T I C S I N R E S U L T S
  • 35. N E W G O O G L E H A C K I N G T O O L S 35 DLP Diggity
  • 36. DLP Diggity 36 L O T S O F F I L E S T O D A T A M I N E
  • 37. DLP Diggity 37 M O R E D A T A S E A R C H A B L E E V E R Y Y E A R 2004 2007 2011 0 100,000,000 200,000,000 300,000,000 400,000,000 500,000,000 600,000,000 PDF DOC XLS TXT 10,900,000 2,100,000 969,000 1,720,000 260,000,000 42,000,000 16,100,000 30,100,000 513,000,000 84,500,000 17,300,000 46,400,000 Google Results for Common Docs 2004 2007 2011
  • 38. DLP Diggity 38 D I G G I T Y T O O L K I T
  • 39. N E W G O O G L E H A C K I N G T O O L S 39 FlashDiggity
  • 40. Flash Diggity 40 D I G G I T Y T O O L K I T • Google for SWF files on target domains • Example search: filetype:swf site:example.com • Download SWF files to C:DiggityDownloads • Disassemble SWF files and analyze for Flash vulnerabilities
  • 41. DEMO N E W G O O G L E H A C K I N G T O O L S 41
  • 42. GoogleScrape Diggity 42 GoogleScrape Diggity • Uses Google mobile interface • Light-weight, no advertisements • Violates Terms of Service • Bot detection avoidance • Distributed via proxies • Spoofs User-agent and Referer headers • Random &userip= value • Across Google servers D I G G I T Y T O O L K I T
  • 43. N E W G O O G L E H A C K I N G T O O L S 43 Baidu Diggity
  • 44. BaiduDiggity 44 C H I N A S E A R C H E N G I N E • Fighting back
  • 45. Advanced Defenses 45 P R O T E C T Y O N E C K
  • 46. • “Google Hack yourself” organization • Employ tools and techniques used by hackers • Remove info leaks from Google cache • Using Google Webmaster Tools • Regularly update your robots.txt. • Or robots meta tags for individual page exclusion • Data Loss Prevention/Extrusion Prevention Systems • Free Tools: OpenDLP, Senf • Policy and Legal Restrictions Traditional Defenses 46 G O O G L E H A C K I N G D E F E N S E S
  • 47. Existing Defenses 47 “H A C K Y O U R S E L F” Multi-engine results Real-time updates Convenient Historical archived data  Multi-domain searching Tools exist
  • 48. Advanced Defenses 48 N E W H O T S I Z Z L E Stach & Liu now proudly presents: • Google and Bing Hacking Alerts • SharePoint Hacking Alerts – 118 dorks • SHODAN Hacking Alerts – 26 dorks • Diggity Alerts FUNdle Bundles • Consolidated alerts into 1 RSS feed • Alert Client Tools • Alert Diggity – Windows systray notifications • iDiggity Alerts – iPhone notification app
  • 49. Google Hacking Alerts 49 Google Hacking Alerts • All hacking database queries using • Real-time vuln updates to >2400 hack queries via RSS • Organized and available via importable file A D V A N C E D D E F E N S E S
  • 50. Google Hacking Alerts 50 A D V A N C E D D E F E N S E S
  • 51. Bing Hacking Alerts 51 Bing Hacking Alerts • Bing searches with regexs from BHDB • Leverages http://api.bing.com/rss.aspx • Real-time vuln updates to >900 Bing hack queries via RSS A D V A N C E D D E F E N S E S
  • 52. Bing/Google Alerts 52 L I V E V U L N E R A B I L I T Y F E E D S World’s Largest Live Vulnerability Repository • Daily updates of ~3000 new hits per day
  • 53. A D V A N C E D D E F E N S E T O O L S 53 Diggity Alert Fundle Bundle Diggity Alerts One Feed to Rule Them All
  • 54. FUNdle Bundle 54 A D V A N C E D D E F E N S E S
  • 55. FUNdle Bundle 55 A D V A N C E D D E F E N S E S
  • 56. FUNdle Bundle 56 M O B I L E F R I E N D L Y
  • 57. A D V A N C E D D E F E N S E T O O L S 57 SHODAN Alerts
  • 58. SHODAN Alerts 58 F I N D I N G S C A D A S Y S T E M S
  • 59. SHODAN Alerts 59 S H O D A N R S S F E E D S
  • 60. Bing/Google Alerts 60 T H I C K C L I E N T S T O O L S Google/Bing Hacking Alert Thick Clients • Google/Bing Alerts RSS feeds as input • Allow user to set one or more filters • e.g. “yourcompany.com” in the URL • Several thick clients being released: • Windows Systray App • Droid app (coming soon) • iPhone app
  • 61. A D V A N C E D D E F E N S E T O O L S 61 Alert Diggity
  • 62. Alerts Diggity 62 A D V A N C E D D E F E N S E S
  • 63. A D V A N C E D D E F E N S E T O O L S 63 iDiggity Alerts iDiggity Alerts
  • 64. iDiggity Alerts 64 A D V A N C E D D E F E N S E S
  • 65. iDiggity Alerts 65 A D V A N C E D D E F E N S E S
  • 66. New Defenses 66 “G O O G L E / B I N G H A C K A L E R T S” Multi-engine results Real-time updates Convenient Historical archived data  Multi-domain searching Tools exist
  • 68. Diggity Alert DB 68 D A T A M I N I N G V U L N S Diggity Alerts Database
  • 69. Dictionary Updates 69 T H I R D - P A R T Y I N T E G R A T I O N New maintainers of the GHDB – 09 Nov 2010 • http://www.exploit-db.com/google-hacking-database-reborn/
  • 70. Special Thanks Oscar “The Bull” Salazar Brad “BeSickWittIt” Sickles Nick “King Luscious” Harbin Prajakta “The Flasher” Jagdale Ruihai “Ninja” Fang Jason “Blk-majik” Lash
  • 71. Questions? Ask us something We’ll try to answer it. For more info: Email: contact@stachliu.com Project: diggity@stachliu.com Stach & Liu, LLC www.stachliu.com
  • 72. Thank You 72 Stach & Liu Google Hacking Diggity Project info: http://www.stachliu.com/index.php/resources/tools/google-hacking-diggity-project/