Palestra: Full-Contact Recon
Imagine starting your pentest with a shell. Better yet, a shell with privileges. Skip the web app. Forget bruteforcing. Hackers often take the path of least resistance, and so should you. Not a pentester? You can still do this, and defend your infrastructure.
Full-Contact Recon will guide the audience through practical information looting from public sources like Travis-CI, GitHub, Data.com, and popular social platforms (LinkedIn, Twitter, etc). We will also release some tools to streamline the process. Coupled with experiences from actual red team operations; we will show you several ways to make your first connection a privileged shell.