50p 2018

India's first independent conference on payments and the payment ecosystem

OSINT Techniques for Pwning Fintech

Submitted by Akash Mahajan (@makash) on Friday, 17 November 2017

Section: Full talk Technical level: Intermediate

View proposal in schedule

Abstract

Attackers have been using OSINT techniques against HVT successfully to identify and exploit information assets. Unfortunately, conventional security assessment and guidance doesn’t address these exposures very well. This talk delves into what are some of the techniques Fintech companies should be using to build a complete picture of its Internet exposed assets. Once this big picture is available, they can figure out ways of staying secure.

Based on the techniques described, we will also share some of our findings. We will present aggregates around the various security issues discovered and general mitigations for those.

Outline

We will demonstrate OSINT techniques to:

  • Discover Internet exposed assets
  • Fingerprint and gather technical details
  • Correlate information to plan attacks
  • Threat Modeling with table top scenarios

Speaker bio

Akash is a Director at Appsecco, a company that specializes in Web Application Security. He is an accomplished security professional with over a decade’s experience of providing specialist application and infrastructure consulting services at the highest levels to companies, governments and organisations around the world.

He has a deep experience of working with clients to provide cutting edge security insight that truly reflects the commercial and operational needs of the organisation from strategic advice to testing and analysis to incident response and recovery.

Akash has also authored a book titled “BurpSuite Essentials” that comes recommended by the creator of BurpSuite itself and is an active participant in the international security community and conference speaker both individually, as chapter lead of the Bangalore chapter of OWASP the global organisation responsible for defining the standards for web application security and as a co-founder of NULL India’s largest open security community.

Comments

Login with Twitter or Google to leave a comment