Advanced Information Gathering AKA Google Hacking at HITB 2004

So this was the first real talk I gave, I’d just moved to Malaysia not long beforehand and I’d started work at NSS as the lead for the penetration testing team. We were a sponsor of Hack in the Box 2004 so we got a speakers slot, but it couldn’t be a product/company pitch it had to be a proper infosec/technical talk which passed the regular CFP (Call for paper) requirements.

It was decided that I give the talk..I was very nervous as you can imagine, even back then it was rather a large conference, and this was my first real shot at talking. Looking back at the slides 10 years later though, I think I did a pretty good – much of the information is still relevant today.

And when I gave the talk the room was packed, people were standing and listening. I think because it was actually one of the less technical talks, more people could enjoy it – it went down really well. The subject was something I did at work, and often the first stage in a penetration test – information gathering. Arguably it’s also the most important phase as it gives you all the entry points and people to target in later phases. The hot keywords at that time were Google Hacking and the GHDB (Google Hacks Database).

Information Gathering AKA Google Hacking

It was about 6 years after this that I gave me next talk, not sure why – perhaps just lack of opportunity. I also did an interview with The Star afterwards titled Guarding against Google hacking, where I met Chris Chong.

Google Hacking - The Star

The talk covers the lesser known aspects of Google, tools such as Athena and Sitedigger and the amount of random misconfiguration that can be found with a little careful search engine manipulation. Other useful public databases will be covered with some details on how to leverage the maximum amount of detail on any given target.

Also an introduction to the Google API and how it can be used or abused during a penetration test or hack attempt. This presentation will include a live demonstration in which the above techniques will used to gather coveted information about both random and targeted organizations.

So here are the slides:

And the video (yah we had recordings back then, shared via Torrent!):


You can see all my talks given here.




You can subscribe via e-mail to get my posts in your Inbox, or stalk me on numerous other platforms.

, , , , , , , , , ,

Comments are closed.
Keep up with me on Social Media by following me below - Thanks so much!