Art Into Science - Pose a Threat: How Perceptual Analysis Helps Bug Hunters

Date & Time: January 31, 2019
Location: Dell - Round Rock: 200 Dell Way, Round Rock, Texas 78682
Speaker: Rob Ragan and Oscar Salazar

Every picture I take, I pose a threat. By picture, I mean screenshot. By threat I mean attacker. What if there was a way to find more exposures without exactly knowing what we’re looking for? OWASP DirBuster had the right idea but was missing the power of perceptual analysis.

This talk is full of dirty tricks to optimize the hunt for security exposures. Unlimited storage, scalable serverless infrastructure, and machine learning powered by collaborative filtering will enable us to usher in a new age of visibility into our attack surface. Around the world, bug hunters are leveraging OSINT techniques (e.g. using OWASP Amass) to find security vulnerabilities for organizations. However, they need better ways to perform analysis at scale. Traditional scanners require in-depth knowledge of each issue in order to write a signature. All we need with this new approach is a target, a path, and as output we will get potential exposures. Do this properly at scale and you have effectively taken what would be millions of results to review and filtered it to thousands of likely vulnerable candidates.

Come watch the revolution unfold with new ways to:
* Distribute requests to targets and paths using scalable serverless infrastructure
* Screenshot results with unlimited storage and organize them by visual similarity
* Automate identification of more exposures more quickly using collaborative filtering

Focus these techniques on identifying RCEs and you now have a formidable weapon. In conclusion, this approach can be used for a variety of analysis use cases. Penetration testers, bug bounty, SOC analysts, threat researchers, vulnerability scan jockeys, will all benefit from this next generation approach.

Rob Ragan, Partner, and Oscar “One Line Man” Salazar, Principal Security Associate, will present Pose a Threat: How Perceptual Analysis Helps Bug Hunters at the Art Into Science conference on Thursday, January 31st. 

Topics:Speaking EngagementsArt into Science

Comments

Need a Cybersecurity Expert to Speak at Your Event?

Please get in touch with our Speaker Bureau program manager, Virginie Jenck. Please email her at contact@bishopfox.com

More...

Subscribe to Updates