Attack Surface Management (ASM) with BBOT by Black Lantern Security
Date: April 13 & 14 2023
On-Site (In Person)
2 Day
Training Abstract
Internet-facing assets are a significant source of risk for organizations of any size. These assets, including on-premise servers, cloud storage, third-party applications, B2B integrations, APIs, and subsidiary-owned assets, collectively make up an organization's attack surface. Effective Attack Surface Management (ASM) and risk reduction requires continuous information gathering, data validation, and analysis. The primary goal for the 2-day training session is to teach students how to implement and execute ASM for their customers and organizations using the Bighuge BLS OSINT Tool (BBOT); a recursive, modular, free, and open source OSINT framework. The training session is designed around HANDS-ON exercises that emphasize practical experience.
Outline
Session objectives include:
- Understanding ASM
- Applying ASM principles to reduce organizational risk
- Learning how to use BBOT and its' 70+ modules to:
- Map the external attack surface: domains, subdomains, applications, services, ASNs, IPS, open ports, emails, technologies
- Identify and verify vulnerable assets
- Prioritize remediation activities
- Create and maintain an external asset inventory
- Create NEW BBOT modules on the fly for specific data gathering requirements
- Understanding graph databases
- Learning how to craft Cypher queries to view, analyze, manage, and update ASM data in NEO4j
Assumptions
1. BBOT will be installed and configured on a fully patched Cloud-Based, AWS EC2 instance for
each student;
2. Each EC2 instance will be isolated in a student-controlled tenant; and
3. AWS Security Groups will control ingress/egress traffic to and from BBOT.
What You Need
1. AWS account (free tier) with administrative access (user)
2. AWS access token ID and AWS secret key
3. A base workstation or virtual machine running Ubuntu 22.04.x LTS and configured with:
• 4 GB RAM
• 2 CPU
• 40 GB Hard Disk
4. Local administrative (root) access to the Ubuntu 22.04.x LTS VM or workstation
5. Web browser
6. SSH utility
Trainer Bios
Joel "TheTechromancer" Moore
Hacker at Black Lantern Security
Speaker Bio:
Joel "TheTechromancer" Moore is a hacker at Black Lantern Security. When he's not pentesting, he enjoys writing hacking tools in Python, and speaking about them at conferences. He is an avid believer in open source software, and by the way he runs Arch Linux. He remains largely absent from the social media scene except on Github and ArtStation. He has some certifications, but asks that you judge him not by the color of his certs, but by the content of his Github profile. When provoked, he is likely to rant about Microsoft. Despite all these things he's actually a pretty friendly person.
Sam Fox
Operations Manager at Black Lantern Security's (BLS) Red Team
Speaker Bio:
Sam Fox is an Operations Manager for one of Black Lantern Security's (BLS) Red Teams. He also develops and leads Black Lantern's ASM service offering. Previous experience includes a variety of cybersecurity and cybersecurity adjacent roles in the Oil & Natural Gas sector. He's served in roles related to incident response, forensic analysis, internal red teaming, and internal audit. Sam earned a bachelor's degree in Information & Telecommunication Systems from Ohio University and maintains OSCP, GCDA, and GWAPT certifications. He also co-hosts "Any Port on the Net," a cybersecurity podcast focused on sharing experiences and knowledge around the information security industry.
Paul Mueller
Principal Operator at Black Lantern Security
Speaker Bio:
Paul Mueller is a Principal Operator at Black Lantern Security (BLS). He specializes in web application testing and application security. He loves finding complex hard-to-find web bugs, especially when they involve cryptography. He is also one of the developers for the BLS tools Writehat and BBOT (Bighuge BLS OSINT Tool). Prior to working with BLS, he spent over a decade as a DoD contractor providing both penetration testing and security analysis/incident handling. He got his start in the field as a systems administrator and later as a Signals Intelligence Analyst with the US Marine Corps.
Philip Hartlieb (PhD.)
Founding Member and Research Scientist for Black Lantern Security LLC
Speaker Bio:
Dr. Philip Hartlieb is a founding member and Research Scientist for Black Lantern Security LLC. He previously served as the Director of an NSA-certified Red Team where he led a team of 18 individuals providing Red Teaming and Penetration Testing services for the Department of Defense (DoD). Prior to that, he was responsible for a team of individuals providing technical expertise and guidance for the development, integration, and testing of IT services and capabilities for the war fighter, business, and intelligence communities. Philip holds a PhD. in Materials Science and Engineering from North Carolina State University and a Bachelor of Arts in Physics from the State University of New York, College at Geneseo. He has presented his research at Security B-Sides Charleston and the Charleston ISSA.
