talk proposal crawling web (darker way) for fun and profit
TRANSCRIPT
Crawling Web (Darker Way) for Fun and Profit
Section A - Personal Data:
1. Name: Tamaghna Basu
2. Email Address: [email protected]
3. Cell phone: +91 9880307435
4. Brief biography:
Tamaghna Basu, OSCP, GCIH, RHCE, CEH, ECSA, co-founder of www.weekendsecurity.org, is a security researcher at heart and has been his main areas of research include Web app security and network pen‐testing, exploit development, incident handling and cyber forensic. Being a software developer earlier, he worked in java, .net, ruby etc. and various domains like finance, insurance, gaming etc. He was the winner of NULLCON 2010's hacking challenge.
He is a SANS certified mentor for the course – “Sec 504: Hacker Techniques, Exploits and Incident Handling”. He also presented in other security conferences like NULLCON, C0C0N, OWASP, ISACA etc. Tamaghna is one of the core members of NULL security community, he facilitates Chennai/Bangalore NULL Chapter, a frequent speaker of NULL and OWASP meets, conducted multiple hacking workshops in NULL HUMLA, Bangalore. He is an active member of security communities like honeynet, NAISG, DSCI, Clubhack etc. He also contributed to security magazines like Clubhack and ISACA journal. He has achieved various other certifications like Cyber Crime Investigation, Diploma in Cyber Law etc.
Talks by Tamaghna: “Network Forensic” at Ground Zero Summit, 2013 (www.g0s.org)
“Web Application Security” at ISACA Bangalore 2013
“ “Public Exploit Held in Private” at OWASP Conference Delhi 2012 (www.2012.owasp.in)
“Client Side Exploits using PDF” at C0C0N Cochin 2010 (http://is-ra.org/c0c0n/)
“JSON Fuzzing” at NULLCON Goa 2011(www.nullcon.net)
“Practical Exploitation” at ISACA Bangalore Chapter 2011
Information Security, Past, Present and Future” at Amrita College Cochin 2012
Trainings/workshops by Tamaghna: Network Forensics : 1 day workshop at Ground Zero Summit, 2013 (www.g0s.org)
Network Forensics : 1 day workshop at C0C0N Trivandrum September 2013 (http://is-ra.org/c0c0n/)
Hackers Versus Developers: 1 day workshop at Clubhack Pune December 2012 (http://www.clubhack.com/)
Basics of Web Security: 1 day workshop at Payatu/TestYantra Bangalore November 2012
Basics of Web Hacking: 1 day workshop at Amrita College Cochin September 2012
Network Forensic: 1 day workshop at C0C0N Trivandrum September 2013 (http://is-ra.org/c0c0n/)
Cyber Crime Investigation and Information Warfare : Multiple workshops for govt. agencies and defense organizations
Cyber Security Awareness: 1 day workshop in BVB Eng. College, Hubli, 2014
Ethical Hacking: at Corporates Bangalore 2010-11
Online Twitter: @titanlambda
Linkedin: http://www.linkedin.com/in/tamaghnabasu
Slideshare: http://slideshare.net/titanlambda/presentations
Section B – Topic details:
1. Title: Crawling Web (Darker Way) for Fun and Profit
2. Brief Description:
Lots of times we talk about targeted attacks where profiling or in general reconnaissance
is critical and most important thing to do very well. Without gathering valid and
appropriate information you might not be able to trigger a successful attack. Here I have
created a web proxy based tool which helps to map the web based on their relevance and
internal references.
What I will be mostly covering in this topic is:
a) How to crawl through web and search through it in automated manner for a
specific interest.
b) How to bypass, or rather postpone captcha which prevents you to do automated
crawling through search engines
c) TOOL RELEASE - Site Mapper : A web proxy based tool which parses through
the web proxy logs after the user is done with browsing and give you hidden,
juicy information about internal servers which the public server refer to while
loading the responses.