Back to Talks 2026
Workshopintermediate

The Hard Part of ASM: Ownership Attribution

Recon Village @ DEF CON 34August 6-9, 2026

Saturday, August 8 · 12:40 PM – 3:10 PMRecon Village Workshop Area

Abstract

Attack Surface Management (ASM) lives or dies on a deceptively simple question: who owns this? Without reliable attribution, an asset inventory is just a pile of hosts, domains, certificates, and cloud endpoints—with no defensible way to scope an organization’s true digital footprint or separate first-party infrastructure from vendors, subsidiaries, acquisitions, joint ventures, and brand portfolios.

This talk dives into the real-world challenge of attributing internet-exposed assets to legal entities, not just names. Corporate identity is messy: organizations operate under trade names, localized spellings, legacy names, and jurisdiction-specific registrations. Meanwhile, the internet leaks ownership signals through fragmented, lossy metadata—RDAP/WHOIS, certificate subject/issuer fields, ASN registrations, DNS TXT verification records, trademark references, and public corporate registries. Each source is incomplete on its own; together they can still conflict, drift over time, and create duplicate “identities” that quietly degrade attribution accuracy.

Using the OWASP Amass Project as a concrete reference point, we’ll walk through an attribution-centric discovery workflow: collecting signals, normalizing entity identity, resolving aliases across jurisdictions, and scoring confidence to decide when to merge, when to split, and when to escalate for analyst review. We’ll also explore how attribution errors propagate into ASM outcomes—missed scope, false positives, and blind spots in third-party exposure—and how disciplined entity modeling can turn noisy OSINT into a repeatable system of record.

Attendees will leave with practical techniques for improving attribution quality, a mental model for entity resolution, and actionable ideas for making ASM outputs trustworthy enough to drive risk decisions.

Prerequisites

  • If you want to following along in the workshop demonstrations, then you'll need to have a Mac or Linux laptop with Docker installed.

Speaker

Jeff Foley
Jeff Foley

Amass Project Leader, OWASP Foundation

Jeff Foley has over 20 years of industry experience focused on research & development and security assessment. He is the Vice Chairman for the OWASP Projects Committee. He is also the Project Leader for Amass, an OWASP Foundation Flagship Project that performs in-depth attack surface mapping and asset discovery. Previously, he served as the Vice President of Attack Surface Protection for ZeroFox. Jeff was also the Global Head of Attack Surface Management at Citi. Prior to this, Jeff served as the Program Manager for Offensive Cyber Warfare Research & Development at Northrop Grumman Corporation. In his spare time, Jeff enjoys giving back to the information security community.

View full speaker profile →