Thursday, March 24, 2011

Pastenum – Pastebin/pastie enumeration tool

When conducting a pen-test, the process typically starts with the reconnaissance phase, the process of gathering information about your target(s) system, organization or person.
Today, we want to present a tool that can be added to your reconnaissance toolkit.
Text dump sites such as pastebin and allow users to dump large amounts of text for sharing and storage.
As these sites become more popular the amount of sensitive information being posted will inevitably increase.
Pastenum is designed to help you find that information and bring it into one easy to read location.
The hope is it will allow internal security teams to run simple queries about their companies and determine if they have sensitive information residing in one of these text dumps. It will also help pen-testers with the recon phase by allowing them to enumerate more data faster.
In order to do so, it uses a series of search queries for keywords, provided by the pentester.  Since it queries public sources (and not the target network itself), this should be stealth to the target.

Hacker Trail Mix - Appalachian Institute of Digital Evidence

I gave a talk at AIDE winter meeting February 18th. The talk was ment to be many rapid fire topics being covered in a short amount of time. Below is a list of the stuff I can remember talking about:

Pastenum (Preview)
DNS Zone Transfers