Heard of the Shodan Computer Search Engine? This young project scans the Internet IPv4 space, collects banners from exposed systems' services, and places them in a searchable database. The impact of Shodan over the past few years is significant, with multiple DHS ICS-CERT advisories on exposed systems, several hacker conference talks, and valuable integration into other tools like Metasploit.
In this talk, we cover Shodan's capabilities, the API and a special focus on some of the scariest and sp00kiest devices discovered on the Internet including: SCADA systems, traffic lights, lawful intercept CALEA (Communications Assistance for Law Enforcement Act), giant mining trucks, TV station antennas, gasoline pumps, crematoriums and more!
Expect an eye-opening talk where you'll learn about a powerful tool to see your own network in a new light which can also be used as for awareness and metrics in your organization.
ABOUT DAN TENTLER
Dan Tentler is the sole proprietor of Aten Labs, a freelance Information Security consultancy firm in San Diego and is routinely parachuted into various clients in southern California. Dan carries a wide breadth of clients and engagements, ranging from threat intelligence, to wireless site surveys and penetration testing, to full blown social engineering campaigns, to lockpicking and threat & vulnerability assessments. Dan has presented at DefCon, BlackHat, various BarCamps, Toorcon San Diego, ToorCon Seattle, regional OWASP meetings Refresh San Diego and SDSU computer security advanced lecture classes. Dan has been interviewed by the BBC, CNN, The San Diego Reader and a variety of information security blogs and publications. If you need a bad guy, call Dan.
ABOUT SHAWN MERDINGER
Shawn Merdinger is a security analyst and researcher at the University of Florida & Shands Academic Health Center. With a decade of experience in information security, he's worked with Cisco Systems, TippingPoint, and as an independent security consultant. Shawn collaborates frequently with organizations like US-CERT, ICS-CERT and CERT/CC, is a technical editor for publishers Cisco Press, Pearson, Wiley and Syngress and has presented original security research at security conferences such as DerbyCon, DefCon, Ph-Neutral, ShmooCon, CONfidence, NoConName, O'Reilly, IT Underground, CarolinaCon and SecurityOpus.
Uploader: Hack In The Box Security Conference