Fear the Foca - Troopers IT-Security Conference4) Search#NS,#MX,#SPF#records#for#domain.com# 5)...
Transcript of Fear the Foca - Troopers IT-Security Conference4) Search#NS,#MX,#SPF#records#for#domain.com# 5)...
![Page 1: Fear the Foca - Troopers IT-Security Conference4) Search#NS,#MX,#SPF#records#for#domain.com# 5) sub.domain.com#is#a subdomain# 6) Search#NS,#MX,#SPF#records#for#sub.domain.com# 7)](https://reader034.fdocuments.us/reader034/viewer/2022042111/5e8c069375e6bd017d5c9464/html5/thumbnails/1.jpg)
Is here again…. Chema Alonso
![Page 2: Fear the Foca - Troopers IT-Security Conference4) Search#NS,#MX,#SPF#records#for#domain.com# 5) sub.domain.com#is#a subdomain# 6) Search#NS,#MX,#SPF#records#for#sub.domain.com# 7)](https://reader034.fdocuments.us/reader034/viewer/2022042111/5e8c069375e6bd017d5c9464/html5/thumbnails/2.jpg)
Previously on FOCA….
![Page 3: Fear the Foca - Troopers IT-Security Conference4) Search#NS,#MX,#SPF#records#for#domain.com# 5) sub.domain.com#is#a subdomain# 6) Search#NS,#MX,#SPF#records#for#sub.domain.com# 7)](https://reader034.fdocuments.us/reader034/viewer/2022042111/5e8c069375e6bd017d5c9464/html5/thumbnails/3.jpg)
FOCA 0.X
![Page 4: Fear the Foca - Troopers IT-Security Conference4) Search#NS,#MX,#SPF#records#for#domain.com# 5) sub.domain.com#is#a subdomain# 6) Search#NS,#MX,#SPF#records#for#sub.domain.com# 7)](https://reader034.fdocuments.us/reader034/viewer/2022042111/5e8c069375e6bd017d5c9464/html5/thumbnails/4.jpg)
What kind of data can be found?
• Metadata: – InformaDon stored to give informaDon about the document. • For example: Creator, OrganizaDon, etc..
• Hidden informaDon: – InformaDon internally stored by programs and not editable. • For example: Template paths, Printers, db structure, etc…
• Lost data: – InformaDon which is in documents due to human mistakes or negligence, because it was not intended to be there. • For example: Links to internal servers, data hidden by format, etc…
![Page 5: Fear the Foca - Troopers IT-Security Conference4) Search#NS,#MX,#SPF#records#for#domain.com# 5) sub.domain.com#is#a subdomain# 6) Search#NS,#MX,#SPF#records#for#sub.domain.com# 7)](https://reader034.fdocuments.us/reader034/viewer/2022042111/5e8c069375e6bd017d5c9464/html5/thumbnails/5.jpg)
Metadata Risks • “Secret” relaDonships – Government & companies – Companies & providers
• Piracy • ReputaDon • Social engineering aSacks • TargeDng Malware
![Page 6: Fear the Foca - Troopers IT-Security Conference4) Search#NS,#MX,#SPF#records#for#domain.com# 5) sub.domain.com#is#a subdomain# 6) Search#NS,#MX,#SPF#records#for#sub.domain.com# 7)](https://reader034.fdocuments.us/reader034/viewer/2022042111/5e8c069375e6bd017d5c9464/html5/thumbnails/6.jpg)
2003 – MS Word bytes Tony Blair
![Page 7: Fear the Foca - Troopers IT-Security Conference4) Search#NS,#MX,#SPF#records#for#domain.com# 5) sub.domain.com#is#a subdomain# 6) Search#NS,#MX,#SPF#records#for#sub.domain.com# 7)](https://reader034.fdocuments.us/reader034/viewer/2022042111/5e8c069375e6bd017d5c9464/html5/thumbnails/7.jpg)
TargeDng Malware
![Page 8: Fear the Foca - Troopers IT-Security Conference4) Search#NS,#MX,#SPF#records#for#domain.com# 5) sub.domain.com#is#a subdomain# 6) Search#NS,#MX,#SPF#records#for#sub.domain.com# 7)](https://reader034.fdocuments.us/reader034/viewer/2022042111/5e8c069375e6bd017d5c9464/html5/thumbnails/8.jpg)
TargeDng Malware
![Page 9: Fear the Foca - Troopers IT-Security Conference4) Search#NS,#MX,#SPF#records#for#domain.com# 5) sub.domain.com#is#a subdomain# 6) Search#NS,#MX,#SPF#records#for#sub.domain.com# 7)](https://reader034.fdocuments.us/reader034/viewer/2022042111/5e8c069375e6bd017d5c9464/html5/thumbnails/9.jpg)
ElecDng the entry point
![Page 10: Fear the Foca - Troopers IT-Security Conference4) Search#NS,#MX,#SPF#records#for#domain.com# 5) sub.domain.com#is#a subdomain# 6) Search#NS,#MX,#SPF#records#for#sub.domain.com# 7)](https://reader034.fdocuments.us/reader034/viewer/2022042111/5e8c069375e6bd017d5c9464/html5/thumbnails/10.jpg)
Social Engineering ASack
![Page 11: Fear the Foca - Troopers IT-Security Conference4) Search#NS,#MX,#SPF#records#for#domain.com# 5) sub.domain.com#is#a subdomain# 6) Search#NS,#MX,#SPF#records#for#sub.domain.com# 7)](https://reader034.fdocuments.us/reader034/viewer/2022042111/5e8c069375e6bd017d5c9464/html5/thumbnails/11.jpg)
Anonym0us case
![Page 12: Fear the Foca - Troopers IT-Security Conference4) Search#NS,#MX,#SPF#records#for#domain.com# 5) sub.domain.com#is#a subdomain# 6) Search#NS,#MX,#SPF#records#for#sub.domain.com# 7)](https://reader034.fdocuments.us/reader034/viewer/2022042111/5e8c069375e6bd017d5c9464/html5/thumbnails/12.jpg)
GPS informaDon
![Page 13: Fear the Foca - Troopers IT-Security Conference4) Search#NS,#MX,#SPF#records#for#domain.com# 5) sub.domain.com#is#a subdomain# 6) Search#NS,#MX,#SPF#records#for#sub.domain.com# 7)](https://reader034.fdocuments.us/reader034/viewer/2022042111/5e8c069375e6bd017d5c9464/html5/thumbnails/13.jpg)
Lost Data
![Page 14: Fear the Foca - Troopers IT-Security Conference4) Search#NS,#MX,#SPF#records#for#domain.com# 5) sub.domain.com#is#a subdomain# 6) Search#NS,#MX,#SPF#records#for#sub.domain.com# 7)](https://reader034.fdocuments.us/reader034/viewer/2022042111/5e8c069375e6bd017d5c9464/html5/thumbnails/14.jpg)
FOCA: File types supported
• Office documents: – Open Office documents. – MS Office documents. – PDF Documents.
• XMP. – EPS Documents. – Graphic documents.
• EXIFF. • XMP.
– Adobe Indesign, SVG, SVGZ (NEW)
![Page 15: Fear the Foca - Troopers IT-Security Conference4) Search#NS,#MX,#SPF#records#for#domain.com# 5) sub.domain.com#is#a subdomain# 6) Search#NS,#MX,#SPF#records#for#sub.domain.com# 7)](https://reader034.fdocuments.us/reader034/viewer/2022042111/5e8c069375e6bd017d5c9464/html5/thumbnails/15.jpg)
What can be found? • Users:
– Creators. – Modifiers . – Users in paths.
• C:\Documents and secngs\jfoo\myfile
• /home/johnnyf
• OperaDng systems. • Printers.
– Local and remote. • Paths.
– Local and remote. • Network info.
– Shared Printers.
– Shared Folders. – ACLS.
• Internal Servers. – NetBIOS Name. – Domain Name. – IP Address.
• Database structures. – Table names. – Colum names.
• Devices info. – Mobiles. – Photo cameras.
• Private Info. – Personal data.
• History of use. • Sofware versions.
![Page 16: Fear the Foca - Troopers IT-Security Conference4) Search#NS,#MX,#SPF#records#for#domain.com# 5) sub.domain.com#is#a subdomain# 6) Search#NS,#MX,#SPF#records#for#sub.domain.com# 7)](https://reader034.fdocuments.us/reader034/viewer/2022042111/5e8c069375e6bd017d5c9464/html5/thumbnails/16.jpg)
Demo: Single files
![Page 17: Fear the Foca - Troopers IT-Security Conference4) Search#NS,#MX,#SPF#records#for#domain.com# 5) sub.domain.com#is#a subdomain# 6) Search#NS,#MX,#SPF#records#for#sub.domain.com# 7)](https://reader034.fdocuments.us/reader034/viewer/2022042111/5e8c069375e6bd017d5c9464/html5/thumbnails/17.jpg)
Sample: FBI.gov
Total: 4841 files
![Page 18: Fear the Foca - Troopers IT-Security Conference4) Search#NS,#MX,#SPF#records#for#domain.com# 5) sub.domain.com#is#a subdomain# 6) Search#NS,#MX,#SPF#records#for#sub.domain.com# 7)](https://reader034.fdocuments.us/reader034/viewer/2022042111/5e8c069375e6bd017d5c9464/html5/thumbnails/18.jpg)
Are they cleaned?
![Page 19: Fear the Foca - Troopers IT-Security Conference4) Search#NS,#MX,#SPF#records#for#domain.com# 5) sub.domain.com#is#a subdomain# 6) Search#NS,#MX,#SPF#records#for#sub.domain.com# 7)](https://reader034.fdocuments.us/reader034/viewer/2022042111/5e8c069375e6bd017d5c9464/html5/thumbnails/19.jpg)
Metadata in Search Engines
![Page 20: Fear the Foca - Troopers IT-Security Conference4) Search#NS,#MX,#SPF#records#for#domain.com# 5) sub.domain.com#is#a subdomain# 6) Search#NS,#MX,#SPF#records#for#sub.domain.com# 7)](https://reader034.fdocuments.us/reader034/viewer/2022042111/5e8c069375e6bd017d5c9464/html5/thumbnails/20.jpg)
FOCA 1 v. RC3
• FingerprinDng OrganizaDons with Collected Archives – Search for documents in Google and Bing – AutomaDc file downloading – Capable of extracDng Metadata, hidden info and lost data
– Cluster informaDon – Analyzes the info to fingerprint the network.
![Page 21: Fear the Foca - Troopers IT-Security Conference4) Search#NS,#MX,#SPF#records#for#domain.com# 5) sub.domain.com#is#a subdomain# 6) Search#NS,#MX,#SPF#records#for#sub.domain.com# 7)](https://reader034.fdocuments.us/reader034/viewer/2022042111/5e8c069375e6bd017d5c9464/html5/thumbnails/21.jpg)
Demo: A lot of files
![Page 22: Fear the Foca - Troopers IT-Security Conference4) Search#NS,#MX,#SPF#records#for#domain.com# 5) sub.domain.com#is#a subdomain# 6) Search#NS,#MX,#SPF#records#for#sub.domain.com# 7)](https://reader034.fdocuments.us/reader034/viewer/2022042111/5e8c069375e6bd017d5c9464/html5/thumbnails/22.jpg)
How may days to do the pentesDng?
![Page 23: Fear the Foca - Troopers IT-Security Conference4) Search#NS,#MX,#SPF#records#for#domain.com# 5) sub.domain.com#is#a subdomain# 6) Search#NS,#MX,#SPF#records#for#sub.domain.com# 7)](https://reader034.fdocuments.us/reader034/viewer/2022042111/5e8c069375e6bd017d5c9464/html5/thumbnails/23.jpg)
SomeDmes don´t
hSp://www.sam.usace.army.mil/en/Upload/FTPLink.html
![Page 24: Fear the Foca - Troopers IT-Security Conference4) Search#NS,#MX,#SPF#records#for#domain.com# 5) sub.domain.com#is#a subdomain# 6) Search#NS,#MX,#SPF#records#for#sub.domain.com# 7)](https://reader034.fdocuments.us/reader034/viewer/2022042111/5e8c069375e6bd017d5c9464/html5/thumbnails/24.jpg)
FOCA 2.5 • Network Discovery • Recursive algorithm • InformaDon Gathering • Sw RecogniDon • DNS Cache Snooping • ReporDng Tool
![Page 25: Fear the Foca - Troopers IT-Security Conference4) Search#NS,#MX,#SPF#records#for#domain.com# 5) sub.domain.com#is#a subdomain# 6) Search#NS,#MX,#SPF#records#for#sub.domain.com# 7)](https://reader034.fdocuments.us/reader034/viewer/2022042111/5e8c069375e6bd017d5c9464/html5/thumbnails/25.jpg)
DNS Search Panel
![Page 26: Fear the Foca - Troopers IT-Security Conference4) Search#NS,#MX,#SPF#records#for#domain.com# 5) sub.domain.com#is#a subdomain# 6) Search#NS,#MX,#SPF#records#for#sub.domain.com# 7)](https://reader034.fdocuments.us/reader034/viewer/2022042111/5e8c069375e6bd017d5c9464/html5/thumbnails/26.jpg)
FOCA 2.5: Exalead
![Page 27: Fear the Foca - Troopers IT-Security Conference4) Search#NS,#MX,#SPF#records#for#domain.com# 5) sub.domain.com#is#a subdomain# 6) Search#NS,#MX,#SPF#records#for#sub.domain.com# 7)](https://reader034.fdocuments.us/reader034/viewer/2022042111/5e8c069375e6bd017d5c9464/html5/thumbnails/27.jpg)
Huge domains case
![Page 28: Fear the Foca - Troopers IT-Security Conference4) Search#NS,#MX,#SPF#records#for#domain.com# 5) sub.domain.com#is#a subdomain# 6) Search#NS,#MX,#SPF#records#for#sub.domain.com# 7)](https://reader034.fdocuments.us/reader034/viewer/2022042111/5e8c069375e6bd017d5c9464/html5/thumbnails/28.jpg)
DNS Search & Zone Transfer • IP resoluDon • Well-‐Known records – NS – TXT (SPF) – MX – SOA (Primary.master)
• Zone Transfer • Diccionary search
![Page 29: Fear the Foca - Troopers IT-Security Conference4) Search#NS,#MX,#SPF#records#for#domain.com# 5) sub.domain.com#is#a subdomain# 6) Search#NS,#MX,#SPF#records#for#sub.domain.com# 7)](https://reader034.fdocuments.us/reader034/viewer/2022042111/5e8c069375e6bd017d5c9464/html5/thumbnails/29.jpg)
Network Discovery Algorithm hSp://apple1.sub.domain.com/~chema/dir/fil.doc 1) hSp -‐> Web server 2) GET Banner HTTP 3) domain.com is a domain 4) Search NS, MX, SPF records for domain.com 5) sub.domain.com is a subdomain 6) Search NS, MX, SPF records for sub.domain.com 7) Try all the non verified servers on all new domains
1) server01.domain.com 2) server01.sub.domain.com
8) Apple1.sub.domain.com is a hostname 9) Try DNS PredicDon (apple1) on all domains 10) Try Google Sets(apple1) on all domains
![Page 30: Fear the Foca - Troopers IT-Security Conference4) Search#NS,#MX,#SPF#records#for#domain.com# 5) sub.domain.com#is#a subdomain# 6) Search#NS,#MX,#SPF#records#for#sub.domain.com# 7)](https://reader034.fdocuments.us/reader034/viewer/2022042111/5e8c069375e6bd017d5c9464/html5/thumbnails/30.jpg)
Network Discovery Algorithm hSp://apple1.sub.domain.com/~chema/dir/fil.doc 11) Resolve IP Address 12) Get CerDficate in hSps://IP 13) Search for domain names in it 14) Get HTTP Banner of hSp://IP 15) Use Bing Ip:IP to find all domains sharing it 16) Repeat for every new domain 17) Connect to the internal NS (1 or all) 18) Perform a PTR Scan searching for internal servers 19) For every new IP discovered try Bing IP recursively 20) ~chema -‐> chema is probably a user
![Page 31: Fear the Foca - Troopers IT-Security Conference4) Search#NS,#MX,#SPF#records#for#domain.com# 5) sub.domain.com#is#a subdomain# 6) Search#NS,#MX,#SPF#records#for#sub.domain.com# 7)](https://reader034.fdocuments.us/reader034/viewer/2022042111/5e8c069375e6bd017d5c9464/html5/thumbnails/31.jpg)
Network Discovery Algorithm hSp://apple1.sub.domain.com/~chema/dir/fil.doc 21) / , /~chema/ and /~chema/dir/ are paths 22) Try directory lisDng in all the paths 23) Search for PUT, DELETE, TRACE methods in every path 24) Fingerprint sofware from 404 error messages 25) Fingerprint sofware from applicaDon error messages 26) Try common names on all domains (dicDonary) 27) Try Zone Transfer on all NS 28) Search for any URL indexed by web engines related to the hostname 29) Download the file 30) Extract the metadata, hidden info and lost data 31) Sort all this informaDon and present it nicely 32) For every new IP/URL start over again
![Page 32: Fear the Foca - Troopers IT-Security Conference4) Search#NS,#MX,#SPF#records#for#domain.com# 5) sub.domain.com#is#a subdomain# 6) Search#NS,#MX,#SPF#records#for#sub.domain.com# 7)](https://reader034.fdocuments.us/reader034/viewer/2022042111/5e8c069375e6bd017d5c9464/html5/thumbnails/32.jpg)
![Page 33: Fear the Foca - Troopers IT-Security Conference4) Search#NS,#MX,#SPF#records#for#domain.com# 5) sub.domain.com#is#a subdomain# 6) Search#NS,#MX,#SPF#records#for#sub.domain.com# 7)](https://reader034.fdocuments.us/reader034/viewer/2022042111/5e8c069375e6bd017d5c9464/html5/thumbnails/33.jpg)
Demo: disa.mil
![Page 34: Fear the Foca - Troopers IT-Security Conference4) Search#NS,#MX,#SPF#records#for#domain.com# 5) sub.domain.com#is#a subdomain# 6) Search#NS,#MX,#SPF#records#for#sub.domain.com# 7)](https://reader034.fdocuments.us/reader034/viewer/2022042111/5e8c069375e6bd017d5c9464/html5/thumbnails/34.jpg)
Digital CerDficates
![Page 35: Fear the Foca - Troopers IT-Security Conference4) Search#NS,#MX,#SPF#records#for#domain.com# 5) sub.domain.com#is#a subdomain# 6) Search#NS,#MX,#SPF#records#for#sub.domain.com# 7)](https://reader034.fdocuments.us/reader034/viewer/2022042111/5e8c069375e6bd017d5c9464/html5/thumbnails/35.jpg)
FOCA 2.5 URL Analysis
![Page 36: Fear the Foca - Troopers IT-Security Conference4) Search#NS,#MX,#SPF#records#for#domain.com# 5) sub.domain.com#is#a subdomain# 6) Search#NS,#MX,#SPF#records#for#sub.domain.com# 7)](https://reader034.fdocuments.us/reader034/viewer/2022042111/5e8c069375e6bd017d5c9464/html5/thumbnails/36.jpg)
Unsecure HSp Methods
![Page 37: Fear the Foca - Troopers IT-Security Conference4) Search#NS,#MX,#SPF#records#for#domain.com# 5) sub.domain.com#is#a subdomain# 6) Search#NS,#MX,#SPF#records#for#sub.domain.com# 7)](https://reader034.fdocuments.us/reader034/viewer/2022042111/5e8c069375e6bd017d5c9464/html5/thumbnails/37.jpg)
Search & Upload
![Page 38: Fear the Foca - Troopers IT-Security Conference4) Search#NS,#MX,#SPF#records#for#domain.com# 5) sub.domain.com#is#a subdomain# 6) Search#NS,#MX,#SPF#records#for#sub.domain.com# 7)](https://reader034.fdocuments.us/reader034/viewer/2022042111/5e8c069375e6bd017d5c9464/html5/thumbnails/38.jpg)
Searching for Server-‐Side Technologies
![Page 39: Fear the Foca - Troopers IT-Security Conference4) Search#NS,#MX,#SPF#records#for#domain.com# 5) sub.domain.com#is#a subdomain# 6) Search#NS,#MX,#SPF#records#for#sub.domain.com# 7)](https://reader034.fdocuments.us/reader034/viewer/2022042111/5e8c069375e6bd017d5c9464/html5/thumbnails/39.jpg)
FOCA 2.5 & Shodan
![Page 40: Fear the Foca - Troopers IT-Security Conference4) Search#NS,#MX,#SPF#records#for#domain.com# 5) sub.domain.com#is#a subdomain# 6) Search#NS,#MX,#SPF#records#for#sub.domain.com# 7)](https://reader034.fdocuments.us/reader034/viewer/2022042111/5e8c069375e6bd017d5c9464/html5/thumbnails/40.jpg)
Demo: whitehouse.gov
![Page 41: Fear the Foca - Troopers IT-Security Conference4) Search#NS,#MX,#SPF#records#for#domain.com# 5) sub.domain.com#is#a subdomain# 6) Search#NS,#MX,#SPF#records#for#sub.domain.com# 7)](https://reader034.fdocuments.us/reader034/viewer/2022042111/5e8c069375e6bd017d5c9464/html5/thumbnails/41.jpg)
Fuzzing opDons (PRO)
![Page 42: Fear the Foca - Troopers IT-Security Conference4) Search#NS,#MX,#SPF#records#for#domain.com# 5) sub.domain.com#is#a subdomain# 6) Search#NS,#MX,#SPF#records#for#sub.domain.com# 7)](https://reader034.fdocuments.us/reader034/viewer/2022042111/5e8c069375e6bd017d5c9464/html5/thumbnails/42.jpg)
.lisDng
![Page 43: Fear the Foca - Troopers IT-Security Conference4) Search#NS,#MX,#SPF#records#for#domain.com# 5) sub.domain.com#is#a subdomain# 6) Search#NS,#MX,#SPF#records#for#sub.domain.com# 7)](https://reader034.fdocuments.us/reader034/viewer/2022042111/5e8c069375e6bd017d5c9464/html5/thumbnails/43.jpg)
DNS Cache Snooping
![Page 44: Fear the Foca - Troopers IT-Security Conference4) Search#NS,#MX,#SPF#records#for#domain.com# 5) sub.domain.com#is#a subdomain# 6) Search#NS,#MX,#SPF#records#for#sub.domain.com# 7)](https://reader034.fdocuments.us/reader034/viewer/2022042111/5e8c069375e6bd017d5c9464/html5/thumbnails/44.jpg)
DNS Cache Snooping
![Page 45: Fear the Foca - Troopers IT-Security Conference4) Search#NS,#MX,#SPF#records#for#domain.com# 5) sub.domain.com#is#a subdomain# 6) Search#NS,#MX,#SPF#records#for#sub.domain.com# 7)](https://reader034.fdocuments.us/reader034/viewer/2022042111/5e8c069375e6bd017d5c9464/html5/thumbnails/45.jpg)
DNS Cache Snooping • Internal Sofware – Windows Update – Gtalk
• Evilgrade – DetecDng vulnerable sofware to Evilgrade aSacks
• AV evassion – DetecDng internal AV systems
• Malware driven by URL – Hacking a web site ussually visited by internal users
![Page 46: Fear the Foca - Troopers IT-Security Conference4) Search#NS,#MX,#SPF#records#for#domain.com# 5) sub.domain.com#is#a subdomain# 6) Search#NS,#MX,#SPF#records#for#sub.domain.com# 7)](https://reader034.fdocuments.us/reader034/viewer/2022042111/5e8c069375e6bd017d5c9464/html5/thumbnails/46.jpg)
FOCA ReporDng Module (PRO)
![Page 47: Fear the Foca - Troopers IT-Security Conference4) Search#NS,#MX,#SPF#records#for#domain.com# 5) sub.domain.com#is#a subdomain# 6) Search#NS,#MX,#SPF#records#for#sub.domain.com# 7)](https://reader034.fdocuments.us/reader034/viewer/2022042111/5e8c069375e6bd017d5c9464/html5/thumbnails/47.jpg)
Demo: DNS Cache Snooping
![Page 48: Fear the Foca - Troopers IT-Security Conference4) Search#NS,#MX,#SPF#records#for#domain.com# 5) sub.domain.com#is#a subdomain# 6) Search#NS,#MX,#SPF#records#for#sub.domain.com# 7)](https://reader034.fdocuments.us/reader034/viewer/2022042111/5e8c069375e6bd017d5c9464/html5/thumbnails/48.jpg)
Fear The FOCA
![Page 49: Fear the Foca - Troopers IT-Security Conference4) Search#NS,#MX,#SPF#records#for#domain.com# 5) sub.domain.com#is#a subdomain# 6) Search#NS,#MX,#SPF#records#for#sub.domain.com# 7)](https://reader034.fdocuments.us/reader034/viewer/2022042111/5e8c069375e6bd017d5c9464/html5/thumbnails/49.jpg)
FOCA on Linux?
![Page 50: Fear the Foca - Troopers IT-Security Conference4) Search#NS,#MX,#SPF#records#for#domain.com# 5) sub.domain.com#is#a subdomain# 6) Search#NS,#MX,#SPF#records#for#sub.domain.com# 7)](https://reader034.fdocuments.us/reader034/viewer/2022042111/5e8c069375e6bd017d5c9464/html5/thumbnails/50.jpg)
FOCA Online hSp://www.informaDca64.com/FOCA
![Page 51: Fear the Foca - Troopers IT-Security Conference4) Search#NS,#MX,#SPF#records#for#domain.com# 5) sub.domain.com#is#a subdomain# 6) Search#NS,#MX,#SPF#records#for#sub.domain.com# 7)](https://reader034.fdocuments.us/reader034/viewer/2022042111/5e8c069375e6bd017d5c9464/html5/thumbnails/51.jpg)
Cleaning documents • OOMetaExtractor
hSp://www.codeplex.org/oometaextractor
![Page 52: Fear the Foca - Troopers IT-Security Conference4) Search#NS,#MX,#SPF#records#for#domain.com# 5) sub.domain.com#is#a subdomain# 6) Search#NS,#MX,#SPF#records#for#sub.domain.com# 7)](https://reader034.fdocuments.us/reader034/viewer/2022042111/5e8c069375e6bd017d5c9464/html5/thumbnails/52.jpg)
IIS MetaShield Protector
hSp://www.metashieldprotector.com
![Page 53: Fear the Foca - Troopers IT-Security Conference4) Search#NS,#MX,#SPF#records#for#domain.com# 5) sub.domain.com#is#a subdomain# 6) Search#NS,#MX,#SPF#records#for#sub.domain.com# 7)](https://reader034.fdocuments.us/reader034/viewer/2022042111/5e8c069375e6bd017d5c9464/html5/thumbnails/53.jpg)
Get FOCA! • FOCA Free 2.6.1 – hSp://www.informaDca64.com/FOCA
• Love FOCA and want the Pro Version? – Book for an online training! (28th April) – hSp://www.informaDca64.com/DownloadFOCA/Trainings.aspx
• Have the Pro version but not the last version? – Help FOCA
• Spread the word! • Buy a FOCA T-‐Shirt • Buy me something to drink
![Page 54: Fear the Foca - Troopers IT-Security Conference4) Search#NS,#MX,#SPF#records#for#domain.com# 5) sub.domain.com#is#a subdomain# 6) Search#NS,#MX,#SPF#records#for#sub.domain.com# 7)](https://reader034.fdocuments.us/reader034/viewer/2022042111/5e8c069375e6bd017d5c9464/html5/thumbnails/54.jpg)
Buy a FOCA T-‐Shirt
And be «Sexy» }:))
![Page 55: Fear the Foca - Troopers IT-Security Conference4) Search#NS,#MX,#SPF#records#for#domain.com# 5) sub.domain.com#is#a subdomain# 6) Search#NS,#MX,#SPF#records#for#sub.domain.com# 7)](https://reader034.fdocuments.us/reader034/viewer/2022042111/5e8c069375e6bd017d5c9464/html5/thumbnails/55.jpg)
QuesDons? -‐ Chema Alonso
-‐ [email protected] -‐ hSp://www.informaDca64.com -‐ hSp://www.elladodelmal.com -‐ hSp://twiSer.com/chemaalonso -‐ hSp://www.forefront-‐es.com -‐ hSp://www.seguridadapple.com -‐ hSp://www.windowstecnico.com -‐ hSp://www.puntocomparDdo.com
-‐ Working on FOCA: -‐ Chema Alonso -‐ Alejandro Marvn -‐ Francisco Oca -‐ Manuel Fernández «The Sur» -‐ Daniel Romero -‐ Enrique Rando -‐ Pedro Laguna -‐ Special Thanks to: John Matherly [Shodan]