Fingerprinting the Modern Digital Footprint

DerbyCon V - Unity

Presented by: Arian Evans
Date: Saturday September 26, 2015
Time: 14:00 - 14:50
Location: Track 3
Track: Teach Me

The purpose of this presentation will be to introduce the audience to new techniques attackers use to fingerprint the the application attack surface of targeted organizations. The emphasis of the presentation will be on how attackers are increasingly leveraging Shadow IT (systems infosec doesn’t know about, but are plugged into legitimate systems), 3rd party components of all types (server-side and client-side), and rogue look-alike applications to target customers and employees. This data has been collected from analyzing real-world attack-surface mapping activities of real attackers ranging from SQLi Bots to what appear to be nation-state actors, and what type of data and tools they leverage and use. The attack-surface mapping data & techniques have been collected using a global proxy network that includes hundreds of covert nodes distributed around the world, along with collaboration with several highly-regarded pen-testing teams that have written “Discovery” tools and methodologies. The first part of this presentation will be an introduction to “Digital Channels”, or how most organizations increasingly communicate with their customers, and employees. We will break down the primary digital channels that make up an organization’s digital footprint - Web, Mobile, Social Media, and Rogue (copycat apps of any of the aforementioned types). The second part of the presentation will break down the new challenges organizations face, that are leading to real-world compromises. This will be short and straightforward, and talk about decentralization of the datacenter, and the limitations of snapshot-in-time security for dynamic dev environments. This section is simply to ensure we are all on the same page about the issues we are focusing on in this presentation. Third we will breakdown successful major exploit campaigns, including several high profile attacks that have gone largely ignored by the media, or we believe misunderstood, and mis-measured by the infosec crowd at large. Forth and finally we will talk about what it takes to build an accurate, dynamic digital fingerprint of an organization’s Internet-exposed application-attack-surface. This will cover a broad scope of data, from search engine & whois mining, to PDNS, to email and client-side data collection. We are consistently finding a range from 20% to 4-5x more Internet-exposed, exploitable app-attack-surface on engagements using our holistic method than traditional discovery methods are finding. We will also explain how old school attacks like phishing, and simple app fraud, all fall under the same patterns of attack in discovering and securing your digital footprint, and how you can squash them all as one holistic issue.

Arian Evans


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats