2025-10-17 –, Tramshed Tech
As a London-based security researcher specialising in open-source intelligence (OSINT) and attack surface discovery, I am excited to attend BSides Cymru and share my work with the wider security community. This talk introduces a DNS-based OSINT methodology for uncovering products, services, and supply chain dependencies through large-scale DNS TXT record scanning. By integrating this technique into widely used tools like Nuclei and Amass, the talk provides actionable tactics for both red teamers and defenders to identify inadvertent information leakage, enhance reconnaissance workflows, and gain a deeper understanding of an organisation’s digital footprint.
I will present a DNS-based OSINT methodology for uncovering products and services through large-scale TXT record scanning. This previously unpublished approach shows how certain TXT records reveal more than domain ownership or validation details, exposing the presence of third-party services and platforms. For example, entries like google-site-verification, MS=msXXXX, or vendor-specific SPF includes can highlight dependencies on Google Workspace, Microsoft 365, or other cloud services.
By analysing these records programmatically across large DNS zones, security teams can create detailed maps of an organisation’s technology stack and supply chain affiliations. This intelligence is invaluable for identifying weaknesses and understanding attack paths, providing defenders actionable context while showing the scale of information accessible to attackers.
I integrated this scanning technique into open-source tools including Nuclei and OWASP Amass. These enhancements let security professionals incorporate TXT record reconnaissance into broader asset discovery workflows, improving the depth and precision of enumeration efforts.
This talk features a real-world case study from the August–September 2025 Salesloft breach, where this method identified the Drift service across infrastructure. Attendees will gain practical tactics, reproducible methods, and tooling to strengthen assessments and apply actionable insights in real-world engagements.
As a London-based security researcher specialising in open-source intelligence (OSINT) and attack surface discovery, I am excited to attend BSides Cymru and share my work with the wider security community. This talk introduces a DNS-based OSINT methodology for uncovering products, services, and supply chain dependencies through large-scale DNS TXT record scanning. By integrating this technique into widely used tools like Nuclei and Amass, the talk provides actionable tactics for both red teamers and defenders to identify inadvertent information leakage, enhance reconnaissance workflows, and gain a deeper understanding of an organisation’s digital footprint.