The Experts below are selected from a list of 75 Experts worldwide ranked by ideXlab platform
Johnny Long - One of the best experts on this subject based on the ideXlab platform.
-
no tech Hacking a guide to social engineering dumpster diving and shoulder surfing
2008Co-Authors: Johnny Long, Jack WilesAbstract:Johnny Long's last book sold 12,000 units worldwide. Kevin Mitnick's last book sold 40,000 units in North America. As the clich goes, information is power. In this age of technology, an increasing majority of the world's information is stored electronically. It makes sense then that we rely on high-tech electronic protection systems to guard that information. As professional hackers, Johnny Long and Kevin Mitnick get paid to uncover weaknesses in those systems and exploit them. Whether breaking into buildings or slipping past industrial-grade firewalls, their goal has always been the same: extract the information using any means necessary. After hundreds of jobs, they have discovered the secrets to bypassing every conceivable high-tech security system. This book reveals those secrets; as the title suggests, it has nothing to do with high technology. Dumpster Diving Be a good sport and dont read the two D words written in big bold letters above, and act surprised when I tell you hackers can accomplish this without relying on a single bit of technology (punny). Tailgating Hackers and ninja both like wearing black, and they do share the ability to slip inside a building and blend with the shadows. Shoulder SurfingIf you like having a screen on your laptop so you can see what youre working on, dont read this chapter. Physical Security Locks are serious business and lock technicians are true engineers, most backed with years of hands-on experience. But what happens when you take the age-old respected profession of the locksmith and sprinkle it with hacker ingenuity? Social Engineering with Jack WilesJack has trained hundreds of federal agents, corporate attorneys, CEOs and internal auditors on computer crime and security-related topics. His unforgettable presentations are filled with three decades of personal "war stories" from the trenches of Information Security and Physical Security. Google Hacking A hacker doesnt even need his own computer to do the necessary research. If he can make it to a public library, Kinko's or Internet cafe, he can use Google to process all that data into something useful. P2P HackingLets assume a guy has no budget, no commercial Hacking software, no support from organized crime and no fancy gear. With all those restrictions, is this guy still a threat to you? Have a look at this chapter and judge for yourself. People Watching Skilled people watchers can learn a whole lot in just a few quick glances. In this chapter well take a look at a few examples of the types of things that draws a no-tech hackers eye. Kiosks What happens when a kiosk is more than a kiosk? What happens when the kiosk holds airline passenger information? What if the kiosk holds confidential patient information? What if the kiosk holds cash? Vehicle Surveillance Most people dont realize that some of the most thrilling vehicular espionage happens when the cars aren't moving at all!
-
Google Hacking Showcase
No Tech Hacking, 2008Co-Authors: Johnny Long, Scott Pinzon, Jack Wiles, Kevin D. MitnickAbstract:This chapter focuses on what can go drastically wrong when the Google Hacking threat is ignored. A decent no-tech hacker can accumulate a library of significant data just by observing the world around him. But often that data is completely useless on its own. Arguably the most well known of no-tech Hacking techniques among hackers in the know, Google Hacking has become a standard weapon in every attacker's arsenal. A self-respecting Google hacker spends hours trolling the Internet for juicy stuff. Firing off search after search, they thrive on the thrill of finding clean, mean, streamlined queries and get a real rush from sharing those queries and trading screenshots of their findings. Google Hacking Showcase consists of screenshots of wild Google hacks the author had witnessed. Borrowing from the pool of interesting Google queries he had created, along with scores of queries from the community. The author snagged screenshots and presented them one at a time, making smarmy comments along the way. It makes sense to include the showcase in the edition of Google Hacking .
-
chapter 11 Google Hacking showcase
Google Hacking for Penetration Testers Volume 2, 2008Co-Authors: Johnny LongAbstract:Publisher Summary This chapter deals with the Google Hacking showcase. As quoted by the founder of the Google Hacking database, this chapter states that Google searches can reveal medical, financial, proprietary and even classified information. Despite government edicts, regulation and protection acts like HIPPA and the constant barking of security watchdogs, this problem still persists. Stuff still makes it out onto the web, and Google hackers access it at their disposal. It takes a look at some technical discoveries uncovered by Google hackers. It begins by various utilities that really have no business being online, unless of course one's goal is to aid hackers. Following this, it considers open network devices and open applications, neither of which requires any real Hacking to gain access to. Through various examples, it describes what can go drastically wrong when the Google Hacking threat is ignored, thus emphasizing the importance of knowledge of understanding of Google Hacking, and online security measures.
-
Google Hacking basics
Google Hacking for Penetration Testers (Third Edition), 2008Co-Authors: Johnny LongAbstract:This chapter will cover Google Hacking basics. Subjects will include using caches for anonymity, directory listings, and traversal techniques.
-
Google Hacking for penetration testers volume 2
2008Co-Authors: Johnny LongAbstract:A self-respecting Google hacker spends hours trolling the Internet for juicy stuff. Firing off search after search, they thrive on the thrill of finding clean, mean, streamlined queries and get a real rush from sharing those queries and trading screenshots of their findings. I know because I’ve seen it with my own eyes. As the founder of the Google Hacking Database (GHDB) and the Search engine Hacking forums at http://johnny.ihackstuff.com, I am constantly amazed at what the Google Hacking community comes up with. It turns out the rumors are true—creative Google searches can reveal medical, financial, proprietary and even classified information. Despite government edicts, regulation and protection acts like HIPPA and the constant barking of security watchdogs, this problem still persists. Stuff still makes it out onto the web, and Google hackers snatch it right up. Protect yourself from Google hackers with this new volume of information. –Johnny Long • Learn Google Searching Basics Explore Google’s Web-based Interface, build Google queries, and work with Google URLs. • Use Advanced Operators to Perform Advanced Queries Combine advanced operators and learn about colliding operators and bad search-fu. • Learn the Ways of the Google Hacker See how to use caches for anonymity and review directory listings and traversal techniques. • Review Document Grinding and Database Digging See the ways to use Google to locate documents and then search within the documents to locate information. • Understand Google’s Part in an Information Collection Framework Learn the principles of automating searches and the applications of data mining. • Locate Exploits and Finding Targets Locate exploit code and then vulnerable targets. • See Ten Simple Security Searches Learn a few searches that give good results just about every time and are good for a security assessment. • Track Down Web Servers Locate and profile web servers, login portals, network hardware and utilities. • See How Bad Guys Troll for Data Find ways to search for usernames, passwords, credit card numbers, social security numbers, and other juicy information. • Hack Google Services Learn more about the AJAX Search API, Calendar, Blogger, Blog Search, and more.
Steve Mansfield-devine - One of the best experts on this subject based on the ideXlab platform.
-
Google Hacking: Google Hacking 101
Network Security archive, 2009Co-Authors: Steve Mansfield-devineAbstract:Google provides penetration testers and hackers alike with a surprisingly powerful tool. It relentlessly indexes error messages, files in unprotected directories, log files and a plethora of other information useful to anyone wanting to probe the security weaknesses of a site. But specially crafted searches - the technique of Google Hacking - will find all sites with known vulnerabilities, making Google a virtual directory of attackable sites. A weakness in your site will attract hackers who might otherwise never have heard of you. It's like advertising your weak points. Steve Mansfield-Devine examines the basic techniques of Google Hacking - the so-called Google dorks - as well as simple countermeasures. If you're looking for weak security points in a website, forget NMAP, Nessus and all those tools of the pen-tester's trade. Your first stop should be something much more basic: Google.
Dawn Song - One of the best experts on this subject based on the ideXlab platform.
-
insights from the inside a view of botnet management from infiltration
USENIX conference on Large-scale exploits and emergent threats, 2010Co-Authors: Chia Yuan Cho, Juan Caballero, Chris Grier, Vern Paxson, Dawn SongAbstract:Recent work has leveraged botnet infiltration techniques to track the activities of bots over time, particularly with regard to spam campaigns. Building on our previous success in reverse-engineering C&C protocols, we have conducted a 4-month infiltration of the MegaD botnet, beginning in October 2009. Our infiltration provides us with constant feeds on MegaD's complex and evolving C&C architecture as well as its spam operations, and provides an opportunity to analyze the botmasters' operations. In particular, we collect significant evidence on the MegaD infrastructure being managed by multiple botmasters. Further, FireEye's attempt to shutdown MegaD on Nov. 6, 2009, which occurred during our infiltration, allows us to gain an inside view on the takedown and how MegaD not only survived it but bounced back with significantly greater vigor. In addition, we present new techniques for mining information about botnet C&C architecture: "Google Hacking" to dig out MegaD C&C servers and "milking" C&C servers to extract not only the spectrum of commands sent to bots but the C&C's overall structure. The resulting overall picture then gives us insight into MegaD's management structure, its complex and evolving C&C architecture, and its ability to withstand takedown.
-
insights from the inside a view of botnet management from infiltration
USENIX conference on Large-scale exploits and emergent threats, 2010Co-Authors: Juan Caballero, Chris Grier, Vern Paxson, Dawn SongAbstract:Recent work has leveraged botnet infiltration techniques to track the activities of bots over time, particularly with regard to spam campaigns. Building on our previous success in reverse-engineering C&C protocols, we have conducted a 4-month infiltration of the MegaD botnet, beginning in October 2009. Our infiltration provides us with constant feeds on MegaD's complex and evolving C&C architecture as well as its spam operations, and provides an opportunity to analyze the botmasters' operations. In particular, we collect significant evidence on the MegaD infrastructure being managed by multiple botmasters. Further, FireEye's attempt to shutdown MegaD on Nov. 6, 2009, which occurred during our infiltration, allows us to gain an inside view on the takedown and how MegaD not only survived it but bounced back with significantly greater vigor. In addition, we present new techniques for mining information about botnet C&C architecture: "Google Hacking" to dig out MegaD C&C servers and "milking" C&C servers to extract not only the spectrum of commands sent to bots but the C&C's overall structure. The resulting overall picture then gives us insight into MegaD's management structure, its complex and evolving C&C architecture, and its ability to withstand takedown.
Justin C. Brown - One of the best experts on this subject based on the ideXlab platform.
-
Google Hacking for Penetration Testers
2004Co-Authors: Johnny Long, Bill Gardner, Justin C. BrownAbstract:Google is the most popular search engine ever created, but Google's search capabilities are so powerful, they sometimes discover content that no one ever intended to be publicly available on the Web, including social security numbers, credit card numbers, trade secrets, and federally classified documents. Google Hacking for Penetration Testers, Third Edition, shows you how security professionals and system administratord manipulate Google to find this sensitive information and "self-police" their own organizations. You will learn how Google Maps and Google Earth provide pinpoint military accuracy, see how bad guys can manipulate Google to create super worms, and see how they can "mash up" Google with Facebook, LinkedIn, and more for passive reconnaissance. This third editionincludes completely updated content throughout and all new hacks such as Google scripting and using Google Hacking with other search engines and APIs. Noted author Johnny Long, founder of Hackers for Charity, gives you all the tools you need to conduct the ultimate open source reconnaissance and penetration testing. Third edition of the seminal work on Google Hacking Google Hacking continues to be a critical phase of reconnaissance in penetration testing and Open Source Intelligence (OSINT) Features cool new hacks such as finding reports generated by security scanners and back-up files, finding sensitive info in WordPress and SSH configuration, and all new chapters on scripting Google hacks for better searches as well as using Google Hacking with other search engines and APIs Table of Contents Chapter 1 Google Searching Basics Chapter 2 Advanced Operators Chapter 3 Google Hacking Basics - The new location of the GHDB Chapter 4 Document Grinding and Database Digging - Finding Reports Generated By Security Scanners and Back-Up Files Chapter 5 Google's Part in an Information Collection Framework Chapter 6 Locating Exploits and Finding Targets Chapter 7 Ten Simple Security Searches That Work Chapter 8 Tracking Down Web Servers, Login Portals, and Network Hardware - Finding Sensitive WordPress and SSH Configuration Chapter 9 Usernames, Passwords, and Secret Stuff, Oh My! - Finding GitHub, SQL, Gmail, Facebook, and other Passwords Chapter 10 Hacking Google Services Chapter 11 Google Hacking Showcase Chapter 12 Protecting Yourself from Google Hackers Chapter 13 Scripting Google Hacking For Better Searching Chapter 14 Using Google Hacking with Other Web Search Engines and APIs
Jack Wiles - One of the best experts on this subject based on the ideXlab platform.
-
no tech Hacking a guide to social engineering dumpster diving and shoulder surfing
2008Co-Authors: Johnny Long, Jack WilesAbstract:Johnny Long's last book sold 12,000 units worldwide. Kevin Mitnick's last book sold 40,000 units in North America. As the clich goes, information is power. In this age of technology, an increasing majority of the world's information is stored electronically. It makes sense then that we rely on high-tech electronic protection systems to guard that information. As professional hackers, Johnny Long and Kevin Mitnick get paid to uncover weaknesses in those systems and exploit them. Whether breaking into buildings or slipping past industrial-grade firewalls, their goal has always been the same: extract the information using any means necessary. After hundreds of jobs, they have discovered the secrets to bypassing every conceivable high-tech security system. This book reveals those secrets; as the title suggests, it has nothing to do with high technology. Dumpster Diving Be a good sport and dont read the two D words written in big bold letters above, and act surprised when I tell you hackers can accomplish this without relying on a single bit of technology (punny). Tailgating Hackers and ninja both like wearing black, and they do share the ability to slip inside a building and blend with the shadows. Shoulder SurfingIf you like having a screen on your laptop so you can see what youre working on, dont read this chapter. Physical Security Locks are serious business and lock technicians are true engineers, most backed with years of hands-on experience. But what happens when you take the age-old respected profession of the locksmith and sprinkle it with hacker ingenuity? Social Engineering with Jack WilesJack has trained hundreds of federal agents, corporate attorneys, CEOs and internal auditors on computer crime and security-related topics. His unforgettable presentations are filled with three decades of personal "war stories" from the trenches of Information Security and Physical Security. Google Hacking A hacker doesnt even need his own computer to do the necessary research. If he can make it to a public library, Kinko's or Internet cafe, he can use Google to process all that data into something useful. P2P HackingLets assume a guy has no budget, no commercial Hacking software, no support from organized crime and no fancy gear. With all those restrictions, is this guy still a threat to you? Have a look at this chapter and judge for yourself. People Watching Skilled people watchers can learn a whole lot in just a few quick glances. In this chapter well take a look at a few examples of the types of things that draws a no-tech hackers eye. Kiosks What happens when a kiosk is more than a kiosk? What happens when the kiosk holds airline passenger information? What if the kiosk holds confidential patient information? What if the kiosk holds cash? Vehicle Surveillance Most people dont realize that some of the most thrilling vehicular espionage happens when the cars aren't moving at all!
-
Google Hacking Showcase
No Tech Hacking, 2008Co-Authors: Johnny Long, Scott Pinzon, Jack Wiles, Kevin D. MitnickAbstract:This chapter focuses on what can go drastically wrong when the Google Hacking threat is ignored. A decent no-tech hacker can accumulate a library of significant data just by observing the world around him. But often that data is completely useless on its own. Arguably the most well known of no-tech Hacking techniques among hackers in the know, Google Hacking has become a standard weapon in every attacker's arsenal. A self-respecting Google hacker spends hours trolling the Internet for juicy stuff. Firing off search after search, they thrive on the thrill of finding clean, mean, streamlined queries and get a real rush from sharing those queries and trading screenshots of their findings. Google Hacking Showcase consists of screenshots of wild Google hacks the author had witnessed. Borrowing from the pool of interesting Google queries he had created, along with scores of queries from the community. The author snagged screenshots and presented them one at a time, making smarmy comments along the way. It makes sense to include the showcase in the edition of Google Hacking .
