2024-08-06 –, Florentine E
When it comes to OSINT and penetration testing, WHOIS data is among the prime resources for uncovering and examining apex domains. Unfortunately that data is typically locked up behind rate limited systems, third party APIs, and expensive bulk purchases. In this 20 minute technical presentation we give our experience building a 15MM+ WHOIS dataset for recon, setting up notifications on newly acquired domains by companies, the intricacies of WHOIS and RDAP, and hunting for archival WHOIS data. Finally, we will cover open source tools that currently fill in the gaps of this process.
Despite being a common OSINT technique and used by almost all external testing, this area hasn't been refreshed in a long time. I believe WHOIS recon, the modern role of RDAP, and the application of reverse lookups need to be revisited. I want to share our experience building out a dataset and I am curious how others are approaching this problem.
With 14 years of experience in penetration testing, Will Vandevanter keeps coming back to his original obsession — hacking web apps. He has previously spoken at Blackhat, DEFCON, OWASP, HackMiami and a number of other conferences on web application security. He has also released popular open source tools and trained hundreds through in-person and online courses.
He currently works as Senior Staff Security Researcher at Sprocket Security hacking hard things at scale.