10-23, 15:00–15:30 (Europe/Luxembourg), Europe - Main Room
How to scan more than 500 thousand domains and subdomains and identify almost 300 thousand vulnerabilities and misconfigurations, ranging from minor (lack of proper SSL or DMARC configuration), to critical (SQL Injections or RCEs)?
Since the beginning of 2023, CERT PL has been periodically scanning more than 500 thousand domains and subdomains of universities, hospitals, government institutions, schools, banks and other organizations, and detecting hundreds of thousands of issues (including high-severity ones, such as SQL Injection, in important entities).
For that task we built a custom tool: Artemis (https://github.com/CERT-Polska/Artemis). It checks various aspects of website security and builds easy-to-read messages informing organizations about the scanning results.
During the presentation, I will describe the way Artemis works, what we are looking for, and most significantly - lessons we've learned during our large-scale scanning project. As the tool is open-source, I will touch upon how to set up your own scanning pipeline.
Senior Threat Analysis Specialist at CERT PL, currently working on automated vulnerability discovery techniques. Before becoming a security specialist, he's been a software engineer for more than ten years. Teaches offensive security at the University of Warsaw. Formerly a CTF player, playing with the p4 CTF team. Likes cats and bad puns.