Tenacious Diggity: Skinny Dippin' in a Sea of Bing

DEF CON 20

Presented by: Francis Brown, Rob Ragan
Date: Sunday July 29, 2012
Time: 13:00 - 13:50
Location: Track 1

All brand new tool additions to the Google Hacking Diggity Project - The Next Generation Search Engine Hacking Arsenal. As always, all tools are free for download and use.

When last we saw our heroes, the Diggity Duo had demonstrated how search engine hacking could be used to take over someone’s Amazon cloud in less than 30 seconds, build out an attack profile of the Chinese government’s external networks, and even download all of an organization’s Internet facing documents and mine them for passwords and secrets. Google and Bing were forced to hug it out, as their services were seamlessly combined to identify which of the most popular websites on the Internet were unwittingly being used as malware distribution platforms against their own end-users.

Now, we've traveled through space and time, my friend, to rock this house again...

True to form, the legendary duo have toiled night and day in the studio (a one room apartment with no air conditioning) to bring you an entirely new search engine hacking tool arsenal that’s packed with so much tiger blood and awesome-sauce, that it’s banned on 6 continents. Many of these new Diggity tools are also fueled by the power of the cloud and provide you with vulnerability data faster and easier than ever thanks to the convenience of mobile applications.Just a few highlights of new tools to be unveiled are:

So come ready to engage us as we explore these tools and more in this DEMO rich presentation. You are cordially invited to ride the lightning.

Francis Brown

Francis Brown CISA, CISSP, MCSE, is a Managing Partner at Stach & Liu, a security consulting firm providing IT security services to the Fortune 500 and global financial institutions as well as U.S. and foreign governments. Before joining Stach & Liu, Francis served as an IT Security Specialist with the Global Risk Assessment team of Honeywell International where he performed network and application penetration testing, product security evaluations, incident response, and risk assessments of critical infrastructure. Prior to that, Francis was a consultant with the Ernst & Young Advanced Security Centers and conducted network, application, wireless, and remote access penetration tests for Fortune 500 clients. Francis has presented his research at leading conferences such as Black Hat USA, DEF CON, InfoSec World, ToorCon, and HackCon and has been cited in numerous industry and academic publications. Francis holds a Bachelor of Science and Engineering from the University of Pennsylvania with a major in Computer Science and Engineering and a minor in Psychology. While at Penn, Francis taught operating system implementation, C programming, and participated in DARPA-funded research into advanced intrusion prevention system techniques. Facebook: StachLiu

Rob Ragan

Rob Ragan is a Senior Security Associate at Stach & Liu, a specialized security consulting firm serving the Fortune 1000 and high-tech startups. We protect our clients from the bad guys by breaking-in and bending the rules before the hackers do. From critical infrastructure to credit cards, popular websites to mobile games, and flight navigation systems to frozen waffle factories, we're there. Before joining Stach & Liu, Rob served as a Software Engineer with the Application Security Center team of Hewlett-Packard (formerly SPI Dynamics) where he developed automated web application security testing tools, performed penetration tests, and researched vulnerabi lity assessment and identification techniques. Rob has presented his research at leading conferences such as Black Hat, DEF CON, SummerCon, InfoSec World, HackCon, OuterZ0ne, and HackerHalted. He has published several white papers and is a contributing author to the Hacking Exposed: Web Applications 3rd edition. Twitter: @sweepthatleg Facebook: StachLiu


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats