Copyright ©2004 Foundstone, Inc. All Rights Reserved »Google Hacking Searching For Ways To Stop Hackers Copyright ©2004 Foundstone, Inc. All Rights Reserved.

Slides:



Advertisements
Similar presentations
What’s New in Fireware XTM v11.3.2
Advertisements

Web Application Security
DSL-2730B, DSL-2740B, DSL-2750B.
CONSUMER & COMMERCIAL PERFORMANCE SOLUTIONS | FOR INTERNAL USE ONLY | DO NOT COPY OR DISTRIBUTE | © COPYRIGHT WELLPOINT, INC. Producer Toolbox Exchange.
Web Filtering. ExchangeDefender Web Filtering provides policy-controlled protection from dangerous content on the web. Web Filtering is agent based, allowing.
LIS618 lecture 9 Thomas Krichel Structure Google “theory”, see essay by Brin and Page fullpapers/1921/com1921.htm.
Managing Your Network Environment © 2004 Cisco Systems, Inc. All rights reserved. Managing Cisco IOS Devices INTRO v2.0—9-1.
Hacking Borhan Kazimi pour. Agenda How to hack How to hack using How to prevent hack using.
Google Search Using internet search engine as a tool to find information related to creativity & innovation.
Ahmad Radaideh.  Abstract  Introduction  Google Cached Content  GOOGLE HACKING Procedures  Google Advance Operators  Google hacking Result Categories.
Introduction The Basic Google Hacking Techniques How to Protect your Websites.
Ethical Hacking by Shivam.
07 December 2009Slide 1 of 1207 December 2009Slide 1 of 12 SQL Injection Primer By Nicole Gray, Cliff McCullough, Joe Hernandez.
07 December 2009Slide 1 of 9 SQL Injection Primer By Nicole Gray, Cliff McCullough, Joe Hernandez.
Lesson 2: Configuring Servers
Maintaining and Updating Windows Server 2008
Information Technology Audit Process Business Practices Seminar Paul Toffenetti, CISA Internal Audit 29 February 2008.
Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer
Cummins® Inc. Update Manager 3.0 Training Electronic Service Tools.
Nikto LUCA ALEXANDRA ADELA. Nikto  Web server assessment tool  Written by Chris Solo and David Lodge  Released on December 27, 2001  Stable release:
1 © 2006 Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Using the Cisco Technical Support & Documentation Website for Security.
Ch 11 Managing System Reliability and Availability 1.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Enterprise Network Security Accessing the WAN – Chapter 4.
Chapter-4 Windows 2000 Professional Win2K Professional provides a very usable interface and was designed for use in the desktop PC. Microsoft server system.
GOOGLE HACKING FOR PENETRATION TESTERS Chris Chromiak SentryMetrics March 27 th, 2007.
DONE-10: Adminserver Survival Tips Brian Bowman Product Manager, Data Management Group.
Troubleshooting Replication and Geodata Services
Web Browser Security Prepared By Mohammed EL-Batta Mohammed Soubih Supervised By Eng. Eman alajrami Explain Date 10. may University of Palestine.
Using CIITS to Create Classroom Assessments Copyright © 2011 Schoolnet, Inc. All rights reserved.
CIITS: Scheduling and Administering Online Common Assessments Copyright © 2011 Schoolnet, Inc. All rights reserved.
0 Y! Mail Application Development Platform Open Hack day 14 th Feb 2009.
McGraw-Hill/Irwin The Interactive Computing Series © 2002 The McGraw-Hill Companies, Inc. All rights reserved. Microsoft Word 2002 Lesson 3 Advanced Editing.
1 Chapter Overview Performing Configuration Tasks Setting Up Additional Features Performing Maintenance Tasks.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Enterprise Network Security Accessing the WAN – Chapter 4.
Copyright Security-Assessment.com 2005 GoogleMonster Using The Google Search Engine For Underhand Purposes by Nick von Dadelszen.
OPSEC and Geospatial Information. Five step process Our operations from an adversary point of view Compilation Indicators Operations Security.
Small Business Security Keith Slagle April 24, 2007.
Enterprise Network Security Accessing the WAN – Chapter 4.
OCS-Data Import Tool (DIT) A tool designed to import OASIS files into the OCS Database Provided by OCS Education E-learning Network A tool.
Copyright © 2006 Pilothouse Consulting Inc. All rights reserved. Search Overview Search Features: WSS and Office Search Architecture Content Sources and.
CSC350: Learning Management Systems COMSATS Institute of Information Technology (Virtual Campus)
What is hacking? Hacking is the use of a computer and its files with out being allowed by the owner. Hacking is used to find out peoples passwords and.
Advanced Google Search Tips
Lesson 12: Configuring Remote Management
Database Security Cmpe 226 Fall 2015 By Akanksha Jain Jerry Mengyuan Zheng.
3 Copyright © 2010, Oracle. All rights reserved. Product Data Hub: PIM Functional Training Program Setup Workbench Fundamentals.
Schedule and Administer Online Assessments Copyright © 2011 Schoolnet, Inc. All rights reserved.
Schedule and Administer Online Assessments Copyright © 2011 Schoolnet, Inc. All rights reserved.
Google Hacking University of Sunderland CSEM02 Harry R Erwin, PhD Peter Dunne, PhD.
Enumeration. Definition Scanning identifies live hosts and running services Enumeration probes the identified services more fully for known weaknesses.
Using CIITS to Create Classroom Assessments Copyright © 2011 Schoolnet, Inc. All rights reserved.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Course about Information Gathering for Hacking. Agenda day 1 Introduction about Information Gathering Why information are useful Using free tool Let’s.
Copyright © 2012 Pearson Education, Inc. or its affiliate(s). All rights reserved
Maintaining and Updating Windows Server 2008 Lesson 8.
Modern information gathering Dave van Stein 9 april 2009.
Google Hacking: Tame the internet Information Assurance Group 2011.
Company LOGO Search Engine Hacking Steve at SnakeOilLabs dot com.
Tools We Are Going To Use
Defense In Depth: Minimizing the Risk of SQL Injection
Hotspot Shield Protect Your Online Identity
Lesson 6: Configuring Servers for Remote Management
WEB APPLICATION TESTING
ADVANCED BATCH.
20/09/2018 Hacking with Google for fun and profit! October 2004 Robert Masse & Jian Hui Wang GoSecure Inc.
Introduction to the New SSA OnePoint Online Website
My life at the Cooperators
The Art of Passive Recon
Presentation transcript:

Copyright ©2004 Foundstone, Inc. All Rights Reserved »Google Hacking Searching For Ways To Stop Hackers Copyright ©2004 Foundstone, Inc. All Rights Reserved George Kurtz McAfee, Inc. Senior Vice President Risk Management

“Using public sources openly and without resorting to illegal means, it is possible to gather at least 80 percent of all information required about the enemy” - Al Qaeda training manual

AGENDA  How Google works  Threats  Tools  Countermeasures

How Google Works

 Advanced Search Operators  site (.edu,.gov, foundstone.com, usc.edu)  filetype (txt, xls, mdb, pdf,.log)  Daterange (julian date format)  Intitle / allintitle  Inurl / allinurl

Threats - filetype:pwd service

Threats – allinurl: admin mdb

Threats - intitle:Remote.Desktop.Web.Connection inurl:tsweb

Threats  intitle:"Index of" finances.xls  "Network Vulnerability Assessment Report“ / filetype:pdf "Assessment Report" nessus  "not for distribution" confidential  site:edu grades admin  "ORA-00921: unexpected end of SQL command“  "VNC Desktop" inurl:5800  intitle:guestbook "advanced guestbook 2.2 powered“  intitle:"index of" trillian.ini

Threats - Categories  Private information  Usernames / passwords  Configuration management / Remote Admin Interface  Error messages  Backup files / log files  Public vulnerabilities

Tools  Using Web interface  GooScan  Athena  Using Web Service API  SiteDigger

Tools - GooScan

Tools - Athena

Tools - SiteDigger By: Kartik Trivedi Foundstone

Tools - SiteDigger

 Version 2 features  Proxy support / Google appliance support  XML signatures in OASIS WAS format  Adding signatures for OWASP top 10  Signature contribution option  Raw search tab  Configurable # of results

Countermeasures  Keep sensitive data off the web!!  Perform periodic Google Assessments  Update robots.txt  Use meta-tags: NOARCHIVE 

SUMMARY How is Google exposing my information??

Thanks ….for listening

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.