Abstract: In the ever-evolving landscape of cybersecurity, understanding your attack surface and adopting an adversarial perspective are critical components for building a robust security program. This talk will delve into the strategic importance of these concepts, emphasizing how they can preemptively identify and mitigate potential security threats. We will explore the methodologies behind attack surface mapping, highlighting the necessity of viewing your infrastructure through the lens of an attacker to uncover vulnerabilities that might otherwise go unnoticed. By embracing this mindset, organizations can proactively defend against sophisticated attacks, ensuring their defenses are as robust and comprehensive as possible.
The talk will shift to a demonstration, centered around the Amass Project, OWASP’s powerful tool designed for in-depth attack surface mapping and asset discovery. Attendees will have the opportunity to gain hands-on experience with Amass, learning how to leverage its capabilities to uncover and visualize the full extent of an organization’s external exposure. The session will cover practical examples, showcasing how Amass can be integrated into security workflows to enhance situational awareness and threat intelligence. By the end of the presentation, participants will have a clear understanding of how to implement these strategies in their security programs, ultimately fortifying their defenses against potential adversaries.
Bio: Jeff Foley is the Vice President of Research at ZeroFox, where his department takes on the hardest challenges of external cybersecurity. The researchers implement advanced OSINT collection to discover deployed assets by leveraging adversarial tactics, techniques, and procedures. Jeff is the Founder and Project Leader for Amass, an OWASP Foundation flagship project that performs in-depth attack surface mapping and asset discovery. He is also an Adjunct Lecturer teaching Attack Surface Management at Utica University. Previously, Jeff was the Global Head of Attack Surface Management at Citigroup. During his time in the public sector, he served as a Director for offensive cyber warfare research & development at Northrop Grumman Corporation.
Links
Github Clone: github.com/owasp-amass/amass-docker-compose
Docker Desktop: www.docker.com/products/docker-desktop/
TablePlus: tableplus.com/
Twitter: owaspamass
Discord: discord.gg/HNePVyX3cp
Slack: Must be a OWASP Member to acces
Be a OWASP Member: owasp.org/membership/
OWASP Atlanta meetup page for future events: www.meetup.com/owasp-atlanta/