Pentesters and corporate spies alike have a desire to get their hands on the secret information of their corporate targets. Normally this involves recruiting and turning insiders, social engineering or intrusions into corporate networks. The reality is that a good deal of information is already lying around in the open available for the taking if the hunter knows where to look. This talk will highlight new techniques of passively mining security data (such as repositories like VirusTotal) to uncover sensitive documents, private encryption keys, security configurations and proprietary code on the target. As an example, by running a simple yara rule it was trivial to retrieve over 10,000 private ssh keys. This talk will cover the hunting techniques to retrieve this data as well as sensitive documents that can be immediately weaponized for a penetration test or for monitoring competitors.
John Bambenek is a Sr. Threat Analyst at Fidelis Cybersecurity and runs several private intelligence groups.