Mastering Recon: Mapping the External Perimeter
2023-12-09 , Workshop Room 4

In the rapidly evolving landscape of cybersecurity, the first step to secure or penetrate any network is reconnaissance. A poorly executed recon phase can leave you blindsided, either missing critical vulnerabilities or wasting time on irrelevant leads. This 90-minute workshop is designed to give you the tools and techniques you need for an effective reconnaissance strategy, using a real-world target for your learning.


What You Will Learn:
Asset Discovery: Gain insights into different methods for identifying the critical assets of an organization, from publicly accessible host to internal assets.

Attack Surface Mapping: Learn how to extend the attack surface by uncovering additional leads that could give you a significant advantage.

Content Discovery: Master the art of discovering exploitable assets or endpoints by scanning through OSINT sources, scrapping web archives, GitHub and more.

Key Takeaways:
Strategic Approaches to Reconnaissance: Not all reconnaissance techniques are created equal. Learn how to choose the right approach for the right problem.

Real-World Application: Practice what you learn in a controlled environment using a real-world target as your playground.

Operational Efficiency: Improve the effectiveness of your reconnaissance, saving time and resources in your future engagements.

Who Should Attend:
This workshop is ideal for security researchers, penetration testers, and network administrators interested in understanding the crucial first phase of any security assessment or engagement.

Pre-requisites:
Basic knowledge of cybersecurity concepts and common tools used in reconnaissance is recommended but not mandatory.

Perquisite
- Laptop with internet access
- Any modern web browser
- Understanding of OWASP Top 10 Vulnerabilities

Ben Sadeghipour AKA NahamSec is a security researcher and content creator. He’s currently in the top 100 for both HackerOne(25) and Bugcrowd’s (95) leaderboards. He has helped identify over a thousand vulnerabilities in companies like Amazon, Apple, Airbnb, Lyft, Snapchat and more. Prior to doing content creation full time, he worked as a research and community education executive at Hadrian and HackerOne. Ben has presented many talks and workshops at cons such DEFCON, BSides, OWASP AppSec, RSA, Red Team Village, and more. He also enjoys hosting and organizing hacker meetups or virtual conferences such as NahamCon and Hacktivitycon!

Worked in the realms of web development and web application security for the past 20 years. I create educational content such as interactive labs, Capture The Flag (CTF) Events and gamified learning experiences.