1. Enumall - The Ultimate Subdomain Tool

    Enumall leverages the Kali Linux distribution and the wildly popular recon-ng framework to find hidden gems in application assessments, asset discovery work, and OSINT engagements. These gems are acquisitions and subdomains. This isn’t just your standard DNS tool. Enumall pulls possible subdomains and acquisitions from Google, Yahoo, Bing, Baidu, Netcraft, Shodan, techcrunch and more! It gives a standard output that inter-operates with several tools (one of which we will be demo’ing is Eyewitness for further detailed discovery!). In addition, Enumall also has the largest and most curated DNS bruteforce list on the internet. Come by and let us show you how you can use Enumall to supercharge your bug hunting and find ripe subdomains and acquisitions! …


  2. Introducing the OWASP API Security Project

    An ever-increasing number of applications have released public and private APIs, enabling awesome programmatic features to be released internally and to the world. Unfortunately, the ubiquity of APIs is a double-edged sword – and security risks are often ignored. This talk introduces the OWASP API Security Project, including the Top Ten API Security Risks, and explains how contributors of many skill levels can get involved. …


  3. State of Bug Bounty

    2015 saw unprecedented participation in crowdsourced bug bounty programs, as big technology vendors like Google, Facebook and even Tesla have embraced the need for bug bounty programs. Across the board, bug bounties saw a sharp rise in both popularity and accessibility. For the first time, companies beyond the enterprise technology space have been able to participate in wide scale public or private bug bounties. …