MadSec
Watching the Watchers - Analyzing URL Scanning Solutions at Scale
Hey there hacker! As a reward for your curiosity and determination, we've got some exclusive goodies for you. We appreciate that you share our enthusiasm and interest in the topic.
Talk Abstract and Slides
Nicholas showcased a personal project that analyzes defensive cybersecurity solutions. More specifically, he dove into companies that scrutinize URLs within phishing emails to irk out their weaknesses and indicators that can be used to bypass modern security controls at scale. During the talk, we had some fun with Elasticsearch, FastAPI, and Javascript wrapped up into a neat project coined “httpot.”
A Honey Baked Solution
Get access to the javascript used in leveraging these exclusive tools!
Javascript snippet used to leverage the techniques and tactics discovered during Nicholas’ research.
Don’t do anything too naughty with it!
Reference Material from The Presentation
Included below are the references included in the slideshow.
- Proofpudding Talk @ Derbycon https://www.youtube.com/watch?v=CsykYoxtexQ
- Detecting Scraping https://incolumitas.com/2021/03/11/detecting-scraping-services/
- Evading Link Scanning https://www.akamai.com/blog/security/evading-link-scanning-security-services-with-passive-fingerprinting
- Web App Security Blog https://incolumitas.com/
- Browser Testing Tool https://abrahamjuliotgithub.io/creepjs/
Don’t hesitate to reach out with any questions about the content to nanastasi@sprocketsecurity.com.