Thursday, July 15, 2010

Open Source Intelligence Gathering for Pentesting

For the pleasure of Argentinian women, and the joy of all the geeks, the charismatic presence of Chema Alonso will join us again this year offering one of the most interesting training of ekoparty!!

Check here for more information.

Open Source Intelligence Gathering for Pentesting

Before a penetration test, the collection of prior information could establish the difference between success and failure. This training is a training that grab the available information sources and information can be inferred through them, besides all the security breaches caused by members of the company. At the end of training students will be able to prepare an intelligence report about an organization to start building a pentesting plan

- Open Intelligence Gathering
o Goals
o Resources
o Phases
- Footprinting
o Public Data Infrastructure Gathering
* Organization Identification
* Internet Presence: InterNIC, Whois, DNS, etc..
* Service Providers
* State Records
* Published Services
o People Public Data Gathering
* People Identification
* Social tracing
* Maltego
- Fingerpinting
o Service Figerprinting
o OS fingerprinting
o Google/Bing/DNS fingerprinting
o Thrashing services
o Metadata fingerprinting
* Document exploration
* Document recognition
o Network mapping with FOCA
* Hand tunning
- Protection against data leaks
o DLP Techniques


All the submitters will receive a version of FOCA Pro.

TRAINER: Chema Alonso

Chema Alonso is Computer Engineering from the Universidad Rey Juan Carlos of Madrid where he is finishing his doctoral thesis on Web application security. He has been awarded the title of Most Valuable Professional by Microsoft in the area of computer security since 2004, a distinction that today, only three people have in Spain. It is usual writer on computer security technology magazines and speaker at national conferences such as the Microsoft Security Tour, Masters, or Technet Security Day @ Secure IT also participated in international conferences such as Blackhat, Defcon, ToorCon or ShmooCon among others. He works as a security consultant in computer 64 and writes a blog on computer security entitled "Un informático del lado del mal."


  1. commission express reviews I really like and appreciate your blog post.Much thanks again. Want more.

  2. Melbourne Motorcycle Accident Attorney Sinclair Law - Leading Florida Law Firm Attorney Brad Sinclair Represents Personal Injury, Car Accident, Motorcycle Accident Victims in Melbourne.

  3. Thanks for your sharing! The information your share is very useful to me and many people are looking for them just like me. Thanks!

    If you want you can click here to see friv online games for kids. Thanks!

  4. It's very important for modern people to use phones and computers to study! Talking about that, I lost my phone and only advices from this useful source could help me.