Security - Know your scope and automate the process

23/06/2021 : 10:15 - 11:15 | Online | Maxence Schmitt, Maxime Escourbiac

As defender or as attacker, when we are talking about security, one important thing is to know the attack surface. You will not be able to defend something that you don’t know.

In this talk, we will present you the different phases of reconnaissance, this will be useful if you want to do bug hunting or if you want to protect yourself.

We will go step by step, from company name to vulnerabilities: Subdomain enumeration, port scanning, service identification, technology identification, content discovery, screenshooting subdomain takeover etc…

We will also present you our new Michelin CERT Open Source project : REDSCAN which automate this process with the following golden rules :

  • Modularity.
  • Scalability.
  • Reactivity.
  • Simplicity.

REDSCAN source code will be published during the conference.

Archi, Perf et Sécu