This repo is supplemental material for my presentation for Red Team Village during nahamsec's nahamcon event. If you have any questions or just want to talk get in touch with me:
- Discord
- Email me at yxakl5mae@relay.firefox.com
By far the most important – and time consuming – aspect of offensive operations is the initial reconnaissance phase of our engagements. Doing a good job during this phase sets the tone for the rest of the engagement. Didn’t see that web server on port 8080 running an outdated and vulnerable version of Tomcat? You done messed up!
This workshop will focus on various ways to discover a target’s attack surface and monitor for new assets, domains, and cloud configurations in an automated fashion - saving us time and doing a better job than we could have done manually.
Starting with a list of requirements, we will work with various API’s and toolsets to build a modular python application that can be turned into a system service or used in other automated fashions.
By the end of this workshop participants will have a working automated attack surface recon application built in Python. This application will serve as a foundation for future improvements which participants can continue to build upon.
Thanks to Red Team Village and nahamsec for having me during NahamCon23.