Advanced Recon with OWASP Amass
Recon Village @ DEF CON 27 • 9th, 10th and 11th August 2019
Abstract
Today, organizations deal with the challenge of running their infrastructure across many networks and namespaces due to the use of cloud and hosting services, legacy environments and acquisitions. This can make it difficult for an organization to maintain visibility of its Internet-facing assets and an ability to track down systems that pose a risk to its security posture. The OWASP Amass Project gives its users visibility into their target infrastructure through in-depth subdomain enumeration, using techniques such as scraping data sources, recursive brute forcing, crawling web archives, permuting/altering names, and reverse DNS sweeping. Everything is stored in a graph database that can be queried to perform analytics during or after each enumeration.
The OWASP Amass tool is simple to start using, yet has many options and ways to leverage the graph database. This talk will dive deeper into those more advanced features to help users take full advantage of Amass and paint the clearest picture possible of target organizations on the Internet.
Speaker
Amass Project Leader, OWASP Foundation
Jeff Foley has over 20 years of industry experience focused on research & development and security assessment. He is the Vice Chairman for the OWASP Projects Committee. He is also the Project Leader for Amass, an OWASP Foundation Flagship Project that performs in-depth attack surface mapping and asset discovery. Previously, he served as the Vice President of Attack Surface Protection for ZeroFox. Jeff was also the Global Head of Attack Surface Management at Citi. Prior to this, Jeff served as the Program Manager for Offensive Cyber Warfare Research & Development at Northrop Grumman Corporation. In his spare time, Jeff enjoys giving back to the information security community.
View full speaker profile →