Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright ©2004 Foundstone, Inc. All Rights Reserved »Google Hacking Searching For Ways To Stop Hackers Copyright ©2004 Foundstone, Inc. All Rights Reserved.

Published byAmberlynn Cunningham Modified over 9 years ago

Similar presentations

Presentation on theme: "Copyright ©2004 Foundstone, Inc. All Rights Reserved »Google Hacking Searching For Ways To Stop Hackers Copyright ©2004 Foundstone, Inc. All Rights Reserved."— Presentation transcript:

1 Copyright ©2004 Foundstone, Inc. All Rights Reserved »Google Hacking Searching For Ways To Stop Hackers Copyright ©2004 Foundstone, Inc. All Rights Reserved George Kurtz McAfee, Inc. Senior Vice President Risk Management

2 “Using public sources openly and without resorting to illegal means, it is possible to gather at least 80 percent of all information required about the enemy” - Al Qaeda training manual

3 AGENDA  How Google works  Threats  Tools  Countermeasures

4 How Google Works

5

6  Advanced Search Operators  site (.edu,.gov, foundstone.com, usc.edu)  filetype (txt, xls, mdb, pdf,.log)  Daterange (julian date format)  Intitle / allintitle  Inurl / allinurl

7 Threats - filetype:pwd service

8 Threats – allinurl: admin mdb

9 Threats - intitle:Remote.Desktop.Web.Connection inurl:tsweb

10 Threats  intitle:"Index of" finances.xls  "Network Vulnerability Assessment Report“ / filetype:pdf "Assessment Report" nessus  "not for distribution" confidential  site:edu grades admin  "ORA-00921: unexpected end of SQL command“  "VNC Desktop" inurl:5800  intitle:guestbook "advanced guestbook 2.2 powered“  intitle:"index of" trillian.ini

11 Threats - Categories  Private information  Usernames / passwords  Configuration management / Remote Admin Interface  Error messages  Backup files / log files  Public vulnerabilities

12 Tools  Using Web interface  GooScan  Athena  Using Web Service API  SiteDigger

13 Tools - GooScan

14 Tools - Athena

15 Tools - SiteDigger By: Kartik Trivedi Foundstone

16 Tools - SiteDigger

17  Version 2 features  Proxy support / Google appliance support  XML signatures in OASIS WAS format  Adding signatures for OWASP top 10  Signature contribution option  Raw search tab  Configurable # of results

18 Countermeasures  Keep sensitive data off the web!!  Perform periodic Google Assessments  Update robots.txt  Use meta-tags: NOARCHIVE  http://www.google.com/remove.html http://www.google.com/remove.html

19 SUMMARY How is Google exposing my information??

20 Thanks ….for listening george.kurtz@foundstone.com

Download ppt "Copyright ©2004 Foundstone, Inc. All Rights Reserved »Google Hacking Searching For Ways To Stop Hackers Copyright ©2004 Foundstone, Inc. All Rights Reserved."

Similar presentations

What’s New in Fireware XTM v11.3.2

What’s New in Fireware XTM v11.3.2
Web Application Security

Web Application Security
DSL-2730B, DSL-2740B, DSL-2750B.

DSL-2730B, DSL-2740B, DSL-2750B.
CONSUMER & COMMERCIAL PERFORMANCE SOLUTIONS | FOR INTERNAL USE ONLY | DO NOT COPY OR DISTRIBUTE | © COPYRIGHT WELLPOINT, INC. Producer Toolbox Exchange.

CONSUMER & COMMERCIAL PERFORMANCE SOLUTIONS | FOR INTERNAL USE ONLY | DO NOT COPY OR DISTRIBUTE | © COPYRIGHT WELLPOINT, INC. Producer Toolbox Exchange.
Web Filtering. ExchangeDefender Web Filtering provides policy-controlled protection from dangerous content on the web. Web Filtering is agent based, allowing.

Web Filtering. ExchangeDefender Web Filtering provides policy-controlled protection from dangerous content on the web. Web Filtering is agent based, allowing.
LIS618 lecture 9 Thomas Krichel 2003-04-06. Structure Google “theory”, see essay by Brin and Page fullpapers/1921/com1921.htm.

LIS618 lecture 9 Thomas Krichel Structure Google “theory”, see essay by Brin and Page fullpapers/1921/com1921.htm.
Managing Your Network Environment © 2004 Cisco Systems, Inc. All rights reserved. Managing Cisco IOS Devices INTRO v2.0—9-1.

Managing Your Network Environment © 2004 Cisco Systems, Inc. All rights reserved. Managing Cisco IOS Devices INTRO v2.0—9-1.
Hacking Borhan Kazimi pour. Agenda How to hack How to hack using How to prevent hack using.

Hacking Borhan Kazimi pour. Agenda How to hack How to hack using How to prevent hack using.
Google Search Using internet search engine as a tool to find information related to creativity & innovation.

Google Search Using internet search engine as a tool to find information related to creativity & innovation.
Ahmad Radaideh.  Abstract  Introduction  Google Cached Content  GOOGLE HACKING Procedures  Google Advance Operators  Google hacking Result Categories.

Ahmad Radaideh.  Abstract  Introduction  Google Cached Content  GOOGLE HACKING Procedures  Google Advance Operators  Google hacking Result Categories.
Introduction The Basic Google Hacking Techniques How to Protect your Websites.

Introduction The Basic Google Hacking Techniques How to Protect your Websites.
Ethical Hacking by Shivam.

Ethical Hacking by Shivam.
07 December 2009Slide 1 of 1207 December 2009Slide 1 of 12 SQL Injection Primer By Nicole Gray, Cliff McCullough, Joe Hernandez.

07 December 2009Slide 1 of 1207 December 2009Slide 1 of 12 SQL Injection Primer By Nicole Gray, Cliff McCullough, Joe Hernandez.
07 December 2009Slide 1 of 9 SQL Injection Primer By Nicole Gray, Cliff McCullough, Joe Hernandez.

07 December 2009Slide 1 of 9 SQL Injection Primer By Nicole Gray, Cliff McCullough, Joe Hernandez.
Lesson 2: Configuring Servers

Lesson 2: Configuring Servers
Maintaining and Updating Windows Server 2008

Maintaining and Updating Windows Server 2008
Information Technology Audit Process Business Practices Seminar Paul Toffenetti, CISA Internal Audit 29 February 2008.

Information Technology Audit Process Business Practices Seminar Paul Toffenetti, CISA Internal Audit 29 February 2008.
Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer

Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer
Cummins® Inc. Update Manager 3.0 Training Electronic Service Tools.

Cummins® Inc. Update Manager 3.0 Training Electronic Service Tools.
Nikto LUCA ALEXANDRA ADELA. Nikto  Web server assessment tool  Written by Chris Solo and David Lodge  Released on December 27, 2001  Stable release:

Nikto LUCA ALEXANDRA ADELA. Nikto  Web server assessment tool  Written by Chris Solo and David Lodge  Released on December 27, 2001  Stable release:

Similar presentations

Ads by Google