SlideShare ist ein Scribd-Unternehmen logo

Dorking & Pentesting with Tacyt

Chema Alonso
Chema Alonso

Talk delivered by Chema Alonso at RootedCON Satellite (Saturday 12th of September 2015) about how to do hacking & pentesting using dorks over Tacyt, a Big Data of Android Apps

Technologie
1 von 27
Downloaden Sie, um offline zu lesen
Dorking & Pentesting! with Tacyt Chema Alonso @chemaalonso
Dorking
The target is the! “What” not the “Who”
The Target is the Code
What is “Tacyt”?
Dorking with apps:! code & metadata
1.- Infrastructure
Infrastructure Surface
Well-Known Ports
Cpanel & Plesk
2.- P@ssw0rdS
Password.txt
UserLists
Userlist.app
Databases
WebServices
3.- Third Party Credentials
PathFinder
Social Networks
API Keys & Tokens
4.- Bugs to get into •  SQL.asp/php/aspx/… •  Query •  ldapsearch •  exec •  sql •  command •  …
(Blind) SQL Injection
(Blind) SQL Injection 101
LDAP Search
(Blind) LDAP Injection 101
Surprise me, baby!
Questions? •  Chema Alonso –  http://twitter.com/chemaalonso –  chema@11paths.com –  http://www.elladodelmal.com •  Disclaimer: Tacyt Service has been developed by Eleven Paths. All things working well are because of their hard work. All things *may* went bad on this talk were my fault.

Empfohlen

Cazando Cibercriminales con: OSINT + Cloud Computing + Big Data
Cazando Cibercriminales con: OSINT + Cloud Computing + Big DataCazando Cibercriminales con: OSINT + Cloud Computing + Big Data
Cazando Cibercriminales con: OSINT + Cloud Computing + Big DataChema Alonso
 
CyberCamp 2015: Low Hanging Fruit
CyberCamp 2015: Low Hanging FruitCyberCamp 2015: Low Hanging Fruit
CyberCamp 2015: Low Hanging FruitChema Alonso
 
Security for Human Beings
Security for Human BeingsSecurity for Human Beings
Security for Human Beingszekivazquez
 
Practical iOS App Security
Practical iOS App SecurityPractical iOS App Security
Practical iOS App SecurityTotem_Training
 
Liran tal Stranger Danger Security vulnerabilities - Negev Web Developers mee...
Liran tal Stranger Danger Security vulnerabilities - Negev Web Developers mee...Liran tal Stranger Danger Security vulnerabilities - Negev Web Developers mee...
Liran tal Stranger Danger Security vulnerabilities - Negev Web Developers mee...Liran Tal
 
Berkarir di Cyber Security
Berkarir di Cyber SecurityBerkarir di Cyber Security
Berkarir di Cyber SecuritySatria Ady Pradana
 
Deception in Cyber Security (League of Women in Cyber Security)
Deception in Cyber Security (League of Women in Cyber Security)Deception in Cyber Security (League of Women in Cyber Security)
Deception in Cyber Security (League of Women in Cyber Security)Phillip Maddux
 
All Your Base Still Belong To Us Physical Penetration Testing Tales From The ...
All Your Base Still Belong To Us Physical Penetration Testing Tales From The ...All Your Base Still Belong To Us Physical Penetration Testing Tales From The ...
All Your Base Still Belong To Us Physical Penetration Testing Tales From The ...EC-Council
 

Empfohlen

Cazando Cibercriminales con: OSINT + Cloud Computing + Big Data
Cazando Cibercriminales con: OSINT + Cloud Computing + Big DataCazando Cibercriminales con: OSINT + Cloud Computing + Big Data
Cazando Cibercriminales con: OSINT + Cloud Computing + Big DataChema Alonso
 
CyberCamp 2015: Low Hanging Fruit
CyberCamp 2015: Low Hanging FruitCyberCamp 2015: Low Hanging Fruit
CyberCamp 2015: Low Hanging FruitChema Alonso
 
Security for Human Beings
Security for Human BeingsSecurity for Human Beings
Security for Human Beingszekivazquez
 
Practical iOS App Security
Practical iOS App SecurityPractical iOS App Security
Practical iOS App SecurityTotem_Training
 
Liran tal Stranger Danger Security vulnerabilities - Negev Web Developers mee...
Liran tal Stranger Danger Security vulnerabilities - Negev Web Developers mee...Liran tal Stranger Danger Security vulnerabilities - Negev Web Developers mee...
Liran tal Stranger Danger Security vulnerabilities - Negev Web Developers mee...Liran Tal
 
Berkarir di Cyber Security
Berkarir di Cyber SecurityBerkarir di Cyber Security
Berkarir di Cyber SecuritySatria Ady Pradana
 
Deception in Cyber Security (League of Women in Cyber Security)
Deception in Cyber Security (League of Women in Cyber Security)Deception in Cyber Security (League of Women in Cyber Security)
Deception in Cyber Security (League of Women in Cyber Security)Phillip Maddux
 
All Your Base Still Belong To Us Physical Penetration Testing Tales From The ...
All Your Base Still Belong To Us Physical Penetration Testing Tales From The ...All Your Base Still Belong To Us Physical Penetration Testing Tales From The ...
All Your Base Still Belong To Us Physical Penetration Testing Tales From The ...EC-Council
 
Keeping you and your library safe and secure
Keeping you and your library safe and secureKeeping you and your library safe and secure
Keeping you and your library safe and secureLYRASIS
 
Securing Underprotected APIs - Deja vu Security
Securing Underprotected APIs - Deja vu SecuritySecuring Underprotected APIs - Deja vu Security
Securing Underprotected APIs - Deja vu SecurityDeja vu Security
 
Mobile phone Data Hacking
Mobile phone Data HackingMobile phone Data Hacking
Mobile phone Data HackingMd Abu Syeem Dipu
 
WiFi Data Leakage by Solomon Sonya
WiFi Data Leakage by Solomon SonyaWiFi Data Leakage by Solomon Sonya
WiFi Data Leakage by Solomon SonyaEC-Council
 
How to Learn Ethical Hacking from Scratch?
How to Learn Ethical Hacking from Scratch?How to Learn Ethical Hacking from Scratch?
How to Learn Ethical Hacking from Scratch?Intellipaat
 
How to Get into ICS Security byChris Sistrunk
How to Get into ICS Security byChris SistrunkHow to Get into ICS Security byChris Sistrunk
How to Get into ICS Security byChris SistrunkEC-Council
 
SL_Long Beach_Creative Artists_12_04_2015
SL_Long Beach_Creative Artists_12_04_2015SL_Long Beach_Creative Artists_12_04_2015
SL_Long Beach_Creative Artists_12_04_2015Jon Papp
 
October 1 Cleared Job Fair, Security Clearance Briefings, Resume Review
October 1 Cleared Job Fair, Security Clearance Briefings, Resume ReviewOctober 1 Cleared Job Fair, Security Clearance Briefings, Resume Review
October 1 Cleared Job Fair, Security Clearance Briefings, Resume ReviewClearedJobs.Net
 
Security is sim
Security is simSecurity is sim
Security is simTim Krabec
 
Monitorama 2017 - Who Watches the Watchers?
Monitorama 2017 - Who Watches the Watchers?Monitorama 2017 - Who Watches the Watchers?
Monitorama 2017 - Who Watches the Watchers?brantstrand
 
CSA Raleigh application security and deception in the cloud
CSA Raleigh application security and deception in the cloudCSA Raleigh application security and deception in the cloud
CSA Raleigh application security and deception in the cloudPhillip Maddux
 
Datasploit - An Open Source Intelligence Tool
Datasploit - An Open Source Intelligence ToolDatasploit - An Open Source Intelligence Tool
Datasploit - An Open Source Intelligence ToolShubham Mittal
 
Ha(Attackers) Exposed
Ha(Attackers) ExposedHa(Attackers) Exposed
Ha(Attackers) ExposedEugene Tawiah
 
Jim Wojno: Incident Response - No Pain, No Gain!
Jim Wojno: Incident Response - No Pain, No Gain!Jim Wojno: Incident Response - No Pain, No Gain!
Jim Wojno: Incident Response - No Pain, No Gain!centralohioissa
 
Information technology Vs Information security
Information technology Vs Information securityInformation technology Vs Information security
Information technology Vs Information securityS Periyakaruppan CISM,ISO31000,C-EH,ITILF
 
iOS and Android security: Differences you need to know
iOS and Android security: Differences you need to knowiOS and Android security: Differences you need to know
iOS and Android security: Differences you need to knowNowSecure
 
How To Prevent Cyber Attacks | Types of Cyber Attack | What is Cyber Attack |...
How To Prevent Cyber Attacks | Types of Cyber Attack | What is Cyber Attack |...How To Prevent Cyber Attacks | Types of Cyber Attack | What is Cyber Attack |...
How To Prevent Cyber Attacks | Types of Cyber Attack | What is Cyber Attack |...Intellipaat
 
Fun with Application Security
Fun with Application SecurityFun with Application Security
Fun with Application SecurityBruce Abernethy
 
Security and ethical hacking initiative first session
Security and ethical hacking initiative first sessionSecurity and ethical hacking initiative first session
Security and ethical hacking initiative first sessionSithira Pathirana
 
Hacking Roman Codes with Mobile Phones
Hacking Roman Codes with Mobile PhonesHacking Roman Codes with Mobile Phones
Hacking Roman Codes with Mobile PhonesDavid Rogers
 
Recuperar dispositivos de sonido en Windows Vista y Windows 7
Recuperar dispositivos de sonido en Windows Vista y Windows 7Recuperar dispositivos de sonido en Windows Vista y Windows 7
Recuperar dispositivos de sonido en Windows Vista y Windows 7Chema Alonso
 
It's a Kind of Magic
It's a Kind of MagicIt's a Kind of Magic
It's a Kind of MagicChema Alonso
 

Weitere ähnliche Inhalte

Was ist angesagt?

Keeping you and your library safe and secure
Keeping you and your library safe and secureKeeping you and your library safe and secure
Keeping you and your library safe and secureLYRASIS
 
Securing Underprotected APIs - Deja vu Security
Securing Underprotected APIs - Deja vu SecuritySecuring Underprotected APIs - Deja vu Security
Securing Underprotected APIs - Deja vu SecurityDeja vu Security
 
WiFi Data Leakage by Solomon Sonya
WiFi Data Leakage by Solomon SonyaWiFi Data Leakage by Solomon Sonya
WiFi Data Leakage by Solomon SonyaEC-Council
 
How to Learn Ethical Hacking from Scratch?
How to Learn Ethical Hacking from Scratch?How to Learn Ethical Hacking from Scratch?
How to Learn Ethical Hacking from Scratch?Intellipaat
 
How to Get into ICS Security byChris Sistrunk
How to Get into ICS Security byChris SistrunkHow to Get into ICS Security byChris Sistrunk
How to Get into ICS Security byChris SistrunkEC-Council
 
SL_Long Beach_Creative Artists_12_04_2015
SL_Long Beach_Creative Artists_12_04_2015SL_Long Beach_Creative Artists_12_04_2015
SL_Long Beach_Creative Artists_12_04_2015Jon Papp
 
October 1 Cleared Job Fair, Security Clearance Briefings, Resume Review
October 1 Cleared Job Fair, Security Clearance Briefings, Resume ReviewOctober 1 Cleared Job Fair, Security Clearance Briefings, Resume Review
October 1 Cleared Job Fair, Security Clearance Briefings, Resume ReviewClearedJobs.Net
 
Security is sim
Security is simSecurity is sim
Security is simTim Krabec
 
Monitorama 2017 - Who Watches the Watchers?
Monitorama 2017 - Who Watches the Watchers?Monitorama 2017 - Who Watches the Watchers?
Monitorama 2017 - Who Watches the Watchers?brantstrand
 
CSA Raleigh application security and deception in the cloud
CSA Raleigh application security and deception in the cloudCSA Raleigh application security and deception in the cloud
CSA Raleigh application security and deception in the cloudPhillip Maddux
 
Datasploit - An Open Source Intelligence Tool
Datasploit - An Open Source Intelligence ToolDatasploit - An Open Source Intelligence Tool
Datasploit - An Open Source Intelligence ToolShubham Mittal
 
Ha(Attackers) Exposed
Ha(Attackers) ExposedHa(Attackers) Exposed
Ha(Attackers) ExposedEugene Tawiah
 
Jim Wojno: Incident Response - No Pain, No Gain!
Jim Wojno: Incident Response - No Pain, No Gain!Jim Wojno: Incident Response - No Pain, No Gain!
Jim Wojno: Incident Response - No Pain, No Gain!centralohioissa
 
iOS and Android security: Differences you need to know
iOS and Android security: Differences you need to knowiOS and Android security: Differences you need to know
iOS and Android security: Differences you need to knowNowSecure
 
How To Prevent Cyber Attacks | Types of Cyber Attack | What is Cyber Attack |...
How To Prevent Cyber Attacks | Types of Cyber Attack | What is Cyber Attack |...How To Prevent Cyber Attacks | Types of Cyber Attack | What is Cyber Attack |...
How To Prevent Cyber Attacks | Types of Cyber Attack | What is Cyber Attack |...Intellipaat
 
Fun with Application Security
Fun with Application SecurityFun with Application Security
Fun with Application SecurityBruce Abernethy
 
Security and ethical hacking initiative first session
Security and ethical hacking initiative first sessionSecurity and ethical hacking initiative first session
Security and ethical hacking initiative first sessionSithira Pathirana
 
Hacking Roman Codes with Mobile Phones
Hacking Roman Codes with Mobile PhonesHacking Roman Codes with Mobile Phones
Hacking Roman Codes with Mobile PhonesDavid Rogers
 

Was ist angesagt? (20)

Keeping you and your library safe and secure
Keeping you and your library safe and secureKeeping you and your library safe and secure
Keeping you and your library safe and secure
 
Securing Underprotected APIs - Deja vu Security
Securing Underprotected APIs - Deja vu SecuritySecuring Underprotected APIs - Deja vu Security
Securing Underprotected APIs - Deja vu Security
 
Mobile phone Data Hacking
Mobile phone Data HackingMobile phone Data Hacking
Mobile phone Data Hacking
 
WiFi Data Leakage by Solomon Sonya
WiFi Data Leakage by Solomon SonyaWiFi Data Leakage by Solomon Sonya
WiFi Data Leakage by Solomon Sonya
 
How to Learn Ethical Hacking from Scratch?
How to Learn Ethical Hacking from Scratch?How to Learn Ethical Hacking from Scratch?
How to Learn Ethical Hacking from Scratch?
 
How to Get into ICS Security byChris Sistrunk
How to Get into ICS Security byChris SistrunkHow to Get into ICS Security byChris Sistrunk
How to Get into ICS Security byChris Sistrunk
 
SL_Long Beach_Creative Artists_12_04_2015
SL_Long Beach_Creative Artists_12_04_2015SL_Long Beach_Creative Artists_12_04_2015
SL_Long Beach_Creative Artists_12_04_2015
 
October 1 Cleared Job Fair, Security Clearance Briefings, Resume Review
October 1 Cleared Job Fair, Security Clearance Briefings, Resume ReviewOctober 1 Cleared Job Fair, Security Clearance Briefings, Resume Review
October 1 Cleared Job Fair, Security Clearance Briefings, Resume Review
 
Security is sim
Security is simSecurity is sim
Security is sim
 
Monitorama 2017 - Who Watches the Watchers?
Monitorama 2017 - Who Watches the Watchers?Monitorama 2017 - Who Watches the Watchers?
Monitorama 2017 - Who Watches the Watchers?
 
CSA Raleigh application security and deception in the cloud
CSA Raleigh application security and deception in the cloudCSA Raleigh application security and deception in the cloud
CSA Raleigh application security and deception in the cloud
 
Datasploit - An Open Source Intelligence Tool
Datasploit - An Open Source Intelligence ToolDatasploit - An Open Source Intelligence Tool
Datasploit - An Open Source Intelligence Tool
 
Ha(Attackers) Exposed
Ha(Attackers) ExposedHa(Attackers) Exposed
Ha(Attackers) Exposed
 
Jim Wojno: Incident Response - No Pain, No Gain!
Jim Wojno: Incident Response - No Pain, No Gain!Jim Wojno: Incident Response - No Pain, No Gain!
Jim Wojno: Incident Response - No Pain, No Gain!
 
Information technology Vs Information security
Information technology Vs Information securityInformation technology Vs Information security
Information technology Vs Information security
 
iOS and Android security: Differences you need to know
iOS and Android security: Differences you need to knowiOS and Android security: Differences you need to know
iOS and Android security: Differences you need to know
 
How To Prevent Cyber Attacks | Types of Cyber Attack | What is Cyber Attack |...
How To Prevent Cyber Attacks | Types of Cyber Attack | What is Cyber Attack |...How To Prevent Cyber Attacks | Types of Cyber Attack | What is Cyber Attack |...
How To Prevent Cyber Attacks | Types of Cyber Attack | What is Cyber Attack |...
 
Fun with Application Security
Fun with Application SecurityFun with Application Security
Fun with Application Security
 
Security and ethical hacking initiative first session
Security and ethical hacking initiative first sessionSecurity and ethical hacking initiative first session
Security and ethical hacking initiative first session
 
Hacking Roman Codes with Mobile Phones
Hacking Roman Codes with Mobile PhonesHacking Roman Codes with Mobile Phones
Hacking Roman Codes with Mobile Phones
 

Andere mochten auch

Recuperar dispositivos de sonido en Windows Vista y Windows 7
Recuperar dispositivos de sonido en Windows Vista y Windows 7Recuperar dispositivos de sonido en Windows Vista y Windows 7
Recuperar dispositivos de sonido en Windows Vista y Windows 7Chema Alonso
 
It's a Kind of Magic
It's a Kind of MagicIt's a Kind of Magic
It's a Kind of MagicChema Alonso
 
Ingenieros y hackers
Ingenieros y hackersIngenieros y hackers
Ingenieros y hackersChema Alonso
 
El juego es el mismo
El juego es el mismoEl juego es el mismo
El juego es el mismoChema Alonso
 
Tu iPhone es tan (in)seguro como tu Windows
Tu iPhone es tan (in)seguro como tu WindowsTu iPhone es tan (in)seguro como tu Windows
Tu iPhone es tan (in)seguro como tu WindowsChema Alonso
 
Codemotion ES 2014: Love Always Takes Care & Humility
Codemotion ES 2014: Love Always Takes Care & HumilityCodemotion ES 2014: Love Always Takes Care & Humility
Codemotion ES 2014: Love Always Takes Care & HumilityChema Alonso
 
XSS Google Persistentes
XSS Google PersistentesXSS Google Persistentes
XSS Google PersistentesChema Alonso
 
No me indexes que me cacheo
No me indexes que me cacheoNo me indexes que me cacheo
No me indexes que me cacheoChema Alonso
 
RootedCON 2014: Playing and Hacking with Digital Latches
RootedCON 2014: Playing and Hacking with Digital LatchesRootedCON 2014: Playing and Hacking with Digital Latches
RootedCON 2014: Playing and Hacking with Digital LatchesChema Alonso
 
X Fórum AUSAPE 2014: Un Decálogo de Seguridad Máligna
X Fórum AUSAPE 2014: Un Decálogo de Seguridad MálignaX Fórum AUSAPE 2014: Un Decálogo de Seguridad Máligna
X Fórum AUSAPE 2014: Un Decálogo de Seguridad MálignaChema Alonso
 
New Paradigms of Digital Identity: Authentication & Authorization as a Servic...
New Paradigms of Digital Identity: Authentication & Authorization as a Servic...New Paradigms of Digital Identity: Authentication & Authorization as a Servic...
New Paradigms of Digital Identity: Authentication & Authorization as a Servic...Chema Alonso
 
Configurar y utilizar Latch en Magento
Configurar y utilizar Latch en MagentoConfigurar y utilizar Latch en Magento
Configurar y utilizar Latch en MagentoChema Alonso
 
WebBrowsing Fingerprinting y Privacidad en entornos de Big Data
WebBrowsing Fingerprinting y Privacidad en entornos de Big DataWebBrowsing Fingerprinting y Privacidad en entornos de Big Data
WebBrowsing Fingerprinting y Privacidad en entornos de Big DataChema Alonso
 
Latch Security Scenarios
Latch Security ScenariosLatch Security Scenarios
Latch Security ScenariosChema Alonso
 
Índice Pentesting con Kali 2.0
Índice Pentesting con Kali 2.0Índice Pentesting con Kali 2.0
Índice Pentesting con Kali 2.0Chema Alonso
 
Digital latches for your digital Life
Digital latches for your digital LifeDigital latches for your digital Life
Digital latches for your digital LifeChema Alonso
 
Ataques XSS Google Persistentes
Ataques XSS Google PersistentesAtaques XSS Google Persistentes
Ataques XSS Google PersistentesChema Alonso
 
ShmooCON 2009 : Re-playing with (Blind) SQL Injection
ShmooCON 2009 : Re-playing with (Blind) SQL InjectionShmooCON 2009 : Re-playing with (Blind) SQL Injection
ShmooCON 2009 : Re-playing with (Blind) SQL InjectionChema Alonso
 
CritoReto 4: Buscando una aguja en un pajar
CritoReto 4: Buscando una aguja en un pajarCritoReto 4: Buscando una aguja en un pajar
CritoReto 4: Buscando una aguja en un pajarChema Alonso
 

Andere mochten auch (20)

Recuperar dispositivos de sonido en Windows Vista y Windows 7
Recuperar dispositivos de sonido en Windows Vista y Windows 7Recuperar dispositivos de sonido en Windows Vista y Windows 7
Recuperar dispositivos de sonido en Windows Vista y Windows 7
 
It's a Kind of Magic
It's a Kind of MagicIt's a Kind of Magic
It's a Kind of Magic
 
Ingenieros y hackers
Ingenieros y hackersIngenieros y hackers
Ingenieros y hackers
 
El juego es el mismo
El juego es el mismoEl juego es el mismo
El juego es el mismo
 
Shuabang Botnet
Shuabang BotnetShuabang Botnet
Shuabang Botnet
 
Tu iPhone es tan (in)seguro como tu Windows
Tu iPhone es tan (in)seguro como tu WindowsTu iPhone es tan (in)seguro como tu Windows
Tu iPhone es tan (in)seguro como tu Windows
 
Codemotion ES 2014: Love Always Takes Care & Humility
Codemotion ES 2014: Love Always Takes Care & HumilityCodemotion ES 2014: Love Always Takes Care & Humility
Codemotion ES 2014: Love Always Takes Care & Humility
 
XSS Google Persistentes
XSS Google PersistentesXSS Google Persistentes
XSS Google Persistentes
 
No me indexes que me cacheo
No me indexes que me cacheoNo me indexes que me cacheo
No me indexes que me cacheo
 
RootedCON 2014: Playing and Hacking with Digital Latches
RootedCON 2014: Playing and Hacking with Digital LatchesRootedCON 2014: Playing and Hacking with Digital Latches
RootedCON 2014: Playing and Hacking with Digital Latches
 
X Fórum AUSAPE 2014: Un Decálogo de Seguridad Máligna
X Fórum AUSAPE 2014: Un Decálogo de Seguridad MálignaX Fórum AUSAPE 2014: Un Decálogo de Seguridad Máligna
X Fórum AUSAPE 2014: Un Decálogo de Seguridad Máligna
 
New Paradigms of Digital Identity: Authentication & Authorization as a Servic...
New Paradigms of Digital Identity: Authentication & Authorization as a Servic...New Paradigms of Digital Identity: Authentication & Authorization as a Servic...
New Paradigms of Digital Identity: Authentication & Authorization as a Servic...
 
Configurar y utilizar Latch en Magento
Configurar y utilizar Latch en MagentoConfigurar y utilizar Latch en Magento
Configurar y utilizar Latch en Magento
 
WebBrowsing Fingerprinting y Privacidad en entornos de Big Data
WebBrowsing Fingerprinting y Privacidad en entornos de Big DataWebBrowsing Fingerprinting y Privacidad en entornos de Big Data
WebBrowsing Fingerprinting y Privacidad en entornos de Big Data
 
Latch Security Scenarios
Latch Security ScenariosLatch Security Scenarios
Latch Security Scenarios
 
Índice Pentesting con Kali 2.0
Índice Pentesting con Kali 2.0Índice Pentesting con Kali 2.0
Índice Pentesting con Kali 2.0
 
Digital latches for your digital Life
Digital latches for your digital LifeDigital latches for your digital Life
Digital latches for your digital Life
 
Ataques XSS Google Persistentes
Ataques XSS Google PersistentesAtaques XSS Google Persistentes
Ataques XSS Google Persistentes
 
ShmooCON 2009 : Re-playing with (Blind) SQL Injection
ShmooCON 2009 : Re-playing with (Blind) SQL InjectionShmooCON 2009 : Re-playing with (Blind) SQL Injection
ShmooCON 2009 : Re-playing with (Blind) SQL Injection
 
CritoReto 4: Buscando una aguja en un pajar
CritoReto 4: Buscando una aguja en un pajarCritoReto 4: Buscando una aguja en un pajar
CritoReto 4: Buscando una aguja en un pajar
 

Ähnlich wie Dorking & Pentesting with Tacyt

Our path to apache spark
Our path to apache sparkOur path to apache spark
Our path to apache sparkppetr82
 
API 101 - Understanding APIs
API 101 - Understanding APIsAPI 101 - Understanding APIs
API 101 - Understanding APIs3scale
 
API 101 - Understanding APIs.
API 101 - Understanding APIs.API 101 - Understanding APIs.
API 101 - Understanding APIs.Kirsten Hunter
 
API 101 Workshop from APIStrat Conference
API 101 Workshop from APIStrat ConferenceAPI 101 Workshop from APIStrat Conference
API 101 Workshop from APIStrat ConferenceKirsten Hunter
 
Lares from LOW to PWNED
Lares from LOW to PWNEDLares from LOW to PWNED
Lares from LOW to PWNEDChris Gates
 
API101 Workshop - APIStrat Amsterdam 2014
API101 Workshop - APIStrat Amsterdam 2014API101 Workshop - APIStrat Amsterdam 2014
API101 Workshop - APIStrat Amsterdam 20143scale
 
Dev days. windows phone development
Dev days. windows phone developmentDev days. windows phone development
Dev days. windows phone developmentVolha Banadyseva
 
Enterprise Data Governance and Compliance at Scale with Sri Eshasubbiah and S...
Enterprise Data Governance and Compliance at Scale with Sri Eshasubbiah and S...Enterprise Data Governance and Compliance at Scale with Sri Eshasubbiah and S...
Enterprise Data Governance and Compliance at Scale with Sri Eshasubbiah and S...Databricks
 
Building a Lightweight Discovery Interface for China's Patents@NYC Solr/Lucen...
Building a Lightweight Discovery Interface for China's Patents@NYC Solr/Lucen...Building a Lightweight Discovery Interface for China's Patents@NYC Solr/Lucen...
Building a Lightweight Discovery Interface for China's Patents@NYC Solr/Lucen...OpenSource Connections
 
B-sides Las Vegas - social network security
B-sides Las Vegas - social network securityB-sides Las Vegas - social network security
B-sides Las Vegas - social network securityDamon Cortesi
 
Our Brave Modular Future
Our Brave Modular FutureOur Brave Modular Future
Our Brave Modular FutureOrchestrate
 
Beyond Automated Testing - RVAsec 2016
Beyond Automated Testing - RVAsec 2016Beyond Automated Testing - RVAsec 2016
Beyond Automated Testing - RVAsec 2016Andrew McNicol
 
BSidesDC 2016 Beyond Automated Testing
BSidesDC 2016 Beyond Automated TestingBSidesDC 2016 Beyond Automated Testing
BSidesDC 2016 Beyond Automated TestingAndrew McNicol
 
Intro to Coding and APIs by Women Who Code Co-Founder NYC
Intro to Coding and APIs by Women Who Code Co-Founder NYCIntro to Coding and APIs by Women Who Code Co-Founder NYC
Intro to Coding and APIs by Women Who Code Co-Founder NYCProduct School
 
Andrew and Zac RVA-Beyond-Automated-Testing-2016.ppt
Andrew and Zac RVA-Beyond-Automated-Testing-2016.pptAndrew and Zac RVA-Beyond-Automated-Testing-2016.ppt
Andrew and Zac RVA-Beyond-Automated-Testing-2016.pptBUSHRASHAIKH804312
 
REST API Pentester's perspective
REST API Pentester's perspectiveREST API Pentester's perspective
REST API Pentester's perspectiveSecuRing
 
Modern Web Technologies — Jerusalem Web Professionals, January 2011
Modern Web Technologies — Jerusalem Web Professionals, January 2011Modern Web Technologies — Jerusalem Web Professionals, January 2011
Modern Web Technologies — Jerusalem Web Professionals, January 2011Reuven Lerner
 
Introduction to Security Testing
Introduction to Security TestingIntroduction to Security Testing
Introduction to Security TestingvodQA
 
Mindspark 21' - Sparrow platform
Mindspark 21' - Sparrow platform Mindspark 21' - Sparrow platform
Mindspark 21' - Sparrow platform Jay Lohokare
 
Rental Cars and Industrialized Learning to Rank with Sean Downes
Rental Cars and Industrialized Learning to Rank with Sean DownesRental Cars and Industrialized Learning to Rank with Sean Downes
Rental Cars and Industrialized Learning to Rank with Sean DownesDatabricks
 

Ähnlich wie Dorking & Pentesting with Tacyt (20)

Our path to apache spark
Our path to apache sparkOur path to apache spark
Our path to apache spark
 
API 101 - Understanding APIs
API 101 - Understanding APIsAPI 101 - Understanding APIs
API 101 - Understanding APIs
 
API 101 - Understanding APIs.
API 101 - Understanding APIs.API 101 - Understanding APIs.
API 101 - Understanding APIs.
 
API 101 Workshop from APIStrat Conference
API 101 Workshop from APIStrat ConferenceAPI 101 Workshop from APIStrat Conference
API 101 Workshop from APIStrat Conference
 
Lares from LOW to PWNED
Lares from LOW to PWNEDLares from LOW to PWNED
Lares from LOW to PWNED
 
API101 Workshop - APIStrat Amsterdam 2014
API101 Workshop - APIStrat Amsterdam 2014API101 Workshop - APIStrat Amsterdam 2014
API101 Workshop - APIStrat Amsterdam 2014
 
Dev days. windows phone development
Dev days. windows phone developmentDev days. windows phone development
Dev days. windows phone development
 
Enterprise Data Governance and Compliance at Scale with Sri Eshasubbiah and S...
Enterprise Data Governance and Compliance at Scale with Sri Eshasubbiah and S...Enterprise Data Governance and Compliance at Scale with Sri Eshasubbiah and S...
Enterprise Data Governance and Compliance at Scale with Sri Eshasubbiah and S...
 
Building a Lightweight Discovery Interface for China's Patents@NYC Solr/Lucen...
Building a Lightweight Discovery Interface for China's Patents@NYC Solr/Lucen...Building a Lightweight Discovery Interface for China's Patents@NYC Solr/Lucen...
Building a Lightweight Discovery Interface for China's Patents@NYC Solr/Lucen...
 
B-sides Las Vegas - social network security
B-sides Las Vegas - social network securityB-sides Las Vegas - social network security
B-sides Las Vegas - social network security
 
Our Brave Modular Future
Our Brave Modular FutureOur Brave Modular Future
Our Brave Modular Future
 
Beyond Automated Testing - RVAsec 2016
Beyond Automated Testing - RVAsec 2016Beyond Automated Testing - RVAsec 2016
Beyond Automated Testing - RVAsec 2016
 
BSidesDC 2016 Beyond Automated Testing
BSidesDC 2016 Beyond Automated TestingBSidesDC 2016 Beyond Automated Testing
BSidesDC 2016 Beyond Automated Testing
 
Intro to Coding and APIs by Women Who Code Co-Founder NYC
Intro to Coding and APIs by Women Who Code Co-Founder NYCIntro to Coding and APIs by Women Who Code Co-Founder NYC
Intro to Coding and APIs by Women Who Code Co-Founder NYC
 
Andrew and Zac RVA-Beyond-Automated-Testing-2016.ppt
Andrew and Zac RVA-Beyond-Automated-Testing-2016.pptAndrew and Zac RVA-Beyond-Automated-Testing-2016.ppt
Andrew and Zac RVA-Beyond-Automated-Testing-2016.ppt
 
REST API Pentester's perspective
REST API Pentester's perspectiveREST API Pentester's perspective
REST API Pentester's perspective
 
Modern Web Technologies — Jerusalem Web Professionals, January 2011
Modern Web Technologies — Jerusalem Web Professionals, January 2011Modern Web Technologies — Jerusalem Web Professionals, January 2011
Modern Web Technologies — Jerusalem Web Professionals, January 2011
 
Introduction to Security Testing
Introduction to Security TestingIntroduction to Security Testing
Introduction to Security Testing
 
Mindspark 21' - Sparrow platform
Mindspark 21' - Sparrow platform Mindspark 21' - Sparrow platform
Mindspark 21' - Sparrow platform
 
Rental Cars and Industrialized Learning to Rank with Sean Downes
Rental Cars and Industrialized Learning to Rank with Sean DownesRental Cars and Industrialized Learning to Rank with Sean Downes
Rental Cars and Industrialized Learning to Rank with Sean Downes
 

Mehr von Chema Alonso

Pentesting con PowerShell: Libro de 0xWord
Pentesting con PowerShell: Libro de 0xWordPentesting con PowerShell: Libro de 0xWord
Pentesting con PowerShell: Libro de 0xWordChema Alonso
 
Cuarta Edición del Curso Online de Especialización en Seguridad Informática p...
Cuarta Edición del Curso Online de Especialización en Seguridad Informática p...Cuarta Edición del Curso Online de Especialización en Seguridad Informática p...
Cuarta Edición del Curso Online de Especialización en Seguridad Informática p...Chema Alonso
 
Auditoría de TrueCrypt: Informe final fase II
Auditoría de TrueCrypt: Informe final fase IIAuditoría de TrueCrypt: Informe final fase II
Auditoría de TrueCrypt: Informe final fase IIChema Alonso
 
El Hardware en Apple ¿Es tan bueno?
El Hardware en Apple ¿Es tan bueno?El Hardware en Apple ¿Es tan bueno?
El Hardware en Apple ¿Es tan bueno?Chema Alonso
 
Latch en Linux (Ubuntu): El cerrojo digital
Latch en Linux (Ubuntu): El cerrojo digitalLatch en Linux (Ubuntu): El cerrojo digital
Latch en Linux (Ubuntu): El cerrojo digitalChema Alonso
 
Hacking con Python
Hacking con PythonHacking con Python
Hacking con PythonChema Alonso
 
Analizando la efectividad de ataques de correlación pasivos en la red de ano...
Analizando la efectividad de ataques de correlación pasivos en la red de ano...Analizando la efectividad de ataques de correlación pasivos en la red de ano...
Analizando la efectividad de ataques de correlación pasivos en la red de ano...Chema Alonso
 
Guía de uso de Latch en la UNIR
Guía de uso de Latch en la UNIRGuía de uso de Latch en la UNIR
Guía de uso de Latch en la UNIRChema Alonso
 
Curso Online de Especialización en Seguridad Informática para la Ciberdefensa
Curso Online de Especialización en Seguridad Informática para la CiberdefensaCurso Online de Especialización en Seguridad Informática para la Ciberdefensa
Curso Online de Especialización en Seguridad Informática para la CiberdefensaChema Alonso
 
Modelado de amenazas en el contexto de la indexación de páginas y propuesta d...
Modelado de amenazas en el contexto de la indexación de páginas y propuesta d...Modelado de amenazas en el contexto de la indexación de páginas y propuesta d...
Modelado de amenazas en el contexto de la indexación de páginas y propuesta d...Chema Alonso
 
LDAP Injection Techniques
LDAP Injection TechniquesLDAP Injection Techniques
LDAP Injection TechniquesChema Alonso
 
X Forum AUSAPE 2014
X Forum AUSAPE 2014X Forum AUSAPE 2014
X Forum AUSAPE 2014Chema Alonso
 
Código para Latch físico: Touch_calibrate.py
Código para Latch físico: Touch_calibrate.pyCódigo para Latch físico: Touch_calibrate.py
Código para Latch físico: Touch_calibrate.pyChema Alonso
 

Mehr von Chema Alonso (14)

Pentesting con PowerShell: Libro de 0xWord
Pentesting con PowerShell: Libro de 0xWordPentesting con PowerShell: Libro de 0xWord
Pentesting con PowerShell: Libro de 0xWord
 
Foca API v0.1
Foca API v0.1Foca API v0.1
Foca API v0.1
 
Cuarta Edición del Curso Online de Especialización en Seguridad Informática p...
Cuarta Edición del Curso Online de Especialización en Seguridad Informática p...Cuarta Edición del Curso Online de Especialización en Seguridad Informática p...
Cuarta Edición del Curso Online de Especialización en Seguridad Informática p...
 
Auditoría de TrueCrypt: Informe final fase II
Auditoría de TrueCrypt: Informe final fase IIAuditoría de TrueCrypt: Informe final fase II
Auditoría de TrueCrypt: Informe final fase II
 
El Hardware en Apple ¿Es tan bueno?
El Hardware en Apple ¿Es tan bueno?El Hardware en Apple ¿Es tan bueno?
El Hardware en Apple ¿Es tan bueno?
 
Latch en Linux (Ubuntu): El cerrojo digital
Latch en Linux (Ubuntu): El cerrojo digitalLatch en Linux (Ubuntu): El cerrojo digital
Latch en Linux (Ubuntu): El cerrojo digital
 
Hacking con Python
Hacking con PythonHacking con Python
Hacking con Python
 
Analizando la efectividad de ataques de correlación pasivos en la red de ano...
Analizando la efectividad de ataques de correlación pasivos en la red de ano...Analizando la efectividad de ataques de correlación pasivos en la red de ano...
Analizando la efectividad de ataques de correlación pasivos en la red de ano...
 
Guía de uso de Latch en la UNIR
Guía de uso de Latch en la UNIRGuía de uso de Latch en la UNIR
Guía de uso de Latch en la UNIR
 
Curso Online de Especialización en Seguridad Informática para la Ciberdefensa
Curso Online de Especialización en Seguridad Informática para la CiberdefensaCurso Online de Especialización en Seguridad Informática para la Ciberdefensa
Curso Online de Especialización en Seguridad Informática para la Ciberdefensa
 
Modelado de amenazas en el contexto de la indexación de páginas y propuesta d...
Modelado de amenazas en el contexto de la indexación de páginas y propuesta d...Modelado de amenazas en el contexto de la indexación de páginas y propuesta d...
Modelado de amenazas en el contexto de la indexación de páginas y propuesta d...
 
LDAP Injection Techniques
LDAP Injection TechniquesLDAP Injection Techniques
LDAP Injection Techniques
 
X Forum AUSAPE 2014
X Forum AUSAPE 2014X Forum AUSAPE 2014
X Forum AUSAPE 2014
 
Código para Latch físico: Touch_calibrate.py
Código para Latch físico: Touch_calibrate.pyCódigo para Latch físico: Touch_calibrate.py
Código para Latch físico: Touch_calibrate.py
 

Kürzlich hochgeladen

Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 

Kürzlich hochgeladen (20)

Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 

Dorking & Pentesting with Tacyt