FOCA is a tool to extract information in footprinting and fingerprinting phases during a penetration test. It helps auditors to extract and analyze information from metadata, hidden info and lost data in published files. This new release of FOCA, version 2, adds tools to scans internal domains using PTR Scanning, Software recognition through installation paths, etc. The idea of FOCA is to give as much info as can be discovered automatically starting from a public domain name.
Chema Alonso is a Computer Engineer by the Rey Juan Carlos University and System Engineer by the Politecnica University of Madrid. He has been working as security consultant last six years and had been awarded as Microsoft Most Valuable Professional since 2005 to present time. He is a Microsoft frequent speaker in Security Conferences. He writes monthly in several Spanish Technical Magazines. He is currently working on his PhD thesis about Blind Techniques. Recently spoke in BH Europe 2008 about LDAP Injection & Blind LDAP Injection attacks, in DEF CON 16 about Time-Based Blind SQL Injection using heavy Queries, in Toorcon X about RFD (Remote File Downloading) and in DeepSec 2k8 in Austria. Recently has been selected to be presenting in HackCon#4 and HackCon #5 in Norway and in SchmooCon 2k9 in Washington DC, Black Hat Europe 2k9 , DEF CON 17 and Ekoparty and Argentina.
José Palazón "Palako" is globally responsible for mobile security at Yahoo!. With more than 9 years experience in security auditing, consulting and training for the public, private and academic sectors, his areas of expertise include mobile, web security, unix systems security and digital forensics. Frequent international speaker, he has presented, among others, at DEFCON (Las Vegas), Shmoocon (Washington) and FOWA (London), as well as published vulnerabilities in key sites such as securityfocus.com.