OWASP Amass Expanding Data Horizons: Amassing More Than Subdomains

Join us at Recon Village for an in-depth workshop on the OWASP Amass Project, a powerful open-source tool used for network mapping, attack surface analysis, and asset discovery. This workshop will delve into the exciting advancements in data collection capabilities within Amass, demonstrating how these enhancements have taken the project from a humble subdomain enumeration tool to an OSINT collection system. Participants will gain hands-on experience with new features, learn best practices for leveraging Amass, and explore the broader dataset of findings and associated assets. Whether you are a seasoned security professional or new to network reconnaissance, this session will provide valuable insights and practical skills to elevate your reconnaissance game.

Workshop Outline

Introduction (15 minutes)

- Welcome and speaker introductions

- Overview of OWASP Amass

- Brief history and evolution

- Core functionalities and typical use cases

- Workshop objectives and agenda

Understanding Amass's Data Collection Capabilities (15 minutes)

- Current data sources utilized by Amass

- Public data sources

- OSINT (Open Source Intelligence) integration

- Third-party APIs

- Introduction to new data collection features

- Enhanced API integrations

- Proprietary data sources

Hands-On with New Data Collection Features (30 minutes)

- Setting up Amass for expanded data collection

- Installation and configuration

- API key management and integration

- Practical demonstration

- Running Amass with new data sources

- Interpreting results

- Case study: Real-world scenarios and outcomes

Analyzing and Utilizing Recon Data (30 minutes)

- Attack surface mapping is more than internet infrastructure

- Introduction to the Open Asset Model (OAM)

- Collecting email addresses with Amass

- OAM types to be supported by the project

- The Future of Mapping attack surfaces

Q&A Session (20 minutes)

Conclusion (10 minutes)

- Recap of key takeaways

- Additional resources and further learning

- Closing remarks and feedback session

---

Preparation Requirements:**

- Participants are encouraged to bring laptops with pre-installed OWASP Amass.

- API keys for various data sources (details to be provided prior to the workshop).

Target Audience:**

- Security researchers and professionals

- Penetration testers

- Network administrators

- Anyone interested in improving their reconnaissance skills and knowledge

This workshop promises to be an engaging and educational experience, equipping attendees with the latest techniques and tools to enhance their security reconnaissance capabilities using OWASP Amass.