SPARK: Open Source Collection for Network Defense
A common perception of network defense is that it begins at the perimeter, at boundary devices. Attacks are expected to start in the form of port and vulnerability scanning directed against the organization’s assets. During the Reconnaissance Phase of penetration activities far more intelligence can be collected in preparation for an attack than is generally acknowledged. An intensive level of research can reduce and sometimes eliminate the need for activities that network defenders are expecting, creating essentially a cyber “blitz.”
Known vulnerabilities and compromised accounts for an organization can be readily acquired without any indicators of attack (IOA). Unintentional information disclosure and subsequent asset protection are becoming more difficult as the sheer quantity of information on the Internet accumulates. According to SecurityIntelligence the global cost of cybercrime will reach $2 trillion by 2018. Costs from cyber breaches are increasing. Eliminating or controlling the company’s information footprint is critical, yet at the same time must remain visible for public accessibility.
The presentation will demonstrate websites, tools, and tactics used to collect information in preparation for an attack. Information presented here can also be used by an organization to perform self-assessments, reducing unnecessary exposure. If time permits, some of the next steps will be demonstrated as well, for example: creating phishing sites and virus creation to bypass antivirus tools.
Specific topics to be included:
- Manipulating search engines
- Determining operating systems, applications, and hardware
- Discovering usernames and passwords
- Image and wifi searches
- Open source tools for collecting this information
Rex Scifres, an instructor on Advanced Ethical Hacking Concepts, was an Air Force Intelligence Specialist for 10 years. Rex graduated Strayer University summa cum laude in 2006 in computer networking. Since his completion of active duty Rex has worked on contracts as a security engineer consultant supporting companies such as Honeywell, Lockheed Martin, SAIC, ITT, and Jacobs Engineering. Rex now works as a cyber security consultant with Kaiser Permanente and part time instructor for cyber security certifications. For cyber-related fun he participates in OWASP activities, bug-bounty hunting, local security training, and capture-the-flag events. Outside of the computer realm, Rex is an active martial artist who trains various disciplines and competes in the State of Colorado, holding a state championship in forms.