Will Vandevanter
With 14 years of experience in penetration testing, Will Vandevanter keeps coming back to his original obsession — hacking web apps. He has previously spoken at Blackhat, DEFCON, OWASP, HackMiami and a number of other conferences on web application security. He has also released popular open source tools and trained hundreds through in-person and online courses.
He currently works as Senior Staff Security Researcher at Sprocket Security hacking hard things at scale.
Session
When it comes to OSINT and penetration testing, WHOIS data is among the prime resources for uncovering and examining apex domains. Unfortunately that data is typically locked up behind rate limited systems, third party APIs, and expensive bulk purchases. In this 20 minute technical presentation we give our experience building a 15MM+ WHOIS dataset for recon, setting up notifications on newly acquired domains by companies, the intricacies of WHOIS and RDAP, and hunting for archival WHOIS data. Finally, we will cover open source tools that currently fill in the gaps of this process.