Everyone's making final updates for the initial release of @owasp Amass v5!

Register and join our workshop at @defcon for additional details: https://lu.ma/hf83v61c

#security #infosec #redteam #recon #osint #attacksurface @defconowasp

If you're planning to attend @defcon 33, and would like to quickly get up to speed on the upcoming Amass v5.0 release, then please consider registering for this workshop being hosted in the @owasp Community Room!

#security #infosec #owasp #recon #osint #DEFCON #attacksurface

https://lu.ma/hf83v61c

Given all the recent updates to the #CROWler #gpt I have decided to rename it to "The CROWler Support" as it can now provide support on everything, not just the rulesets creation/debugging. The link has changed, so here is the new link for everyone. Enjoy and happy content discovery development!

#CyberSecurity #ContentDiscovery #crawler #AI #ChatGPT

https://chatgpt.com/g/g-dEfqHkqrW-the-crowler-support

Ever find a bug or security vulnerability and didn't know where to report it? OWASP Bug Logging Tool (BLT) enables users to report bugs from ANYWHERE, and organizations to run bug bounty programs with minimal effort.

Learn more at https://blt.owasp.org/

The @owasp amass project will have a workshop on ‘Learning the New Amass Collection Engine’ in @redteamvillage_ at @defcon 32! We hope to see you there! #security #infosec #redteam #osint #recon #easm

#DEFCON32 #protip: On the desert planet of Las Vegas, door to door AC is worth its weight in water.

When choosing a hotel, don’t overlook our deeply discounted room block in the Rio. All our reserved Rio rooms are fully remodeled suites, and there’s a FREE shuttle right to the #DEFCON main entrance. No wasting your precious moisture on the burning sidewalks.

Also, we have it on good authority the the shuttle moves without rhythm so as not to attract the worm.

Booking info is here: https://defcon.org/html/defcon-32/dc-32-venue.html#roomblock

The @owasp @amass project has released the beta version of its Docker Compose! There are some obvious benefits to using this to run your attack surface mapping infrastructure:

- Having the framework automatically setup for you
- Being able to run Amass within a Windows environment
- Gaining the performance benefits of the PostgreSQL DBMS
- Using the @grafana dashboard to visualize the Open Asset Model data

The compose also allows you to leverage the IP2Location LITE geo information database to investigate and filter assets discovered.

https://github.com/owasp-amass/amass-docker-compose

OWASP is NOT an exclusive club only for cybersecurity pros. We're open to everyone, including #developers, #devops, and leaders! Come learn, network, grow, and help build a more secure world.

Your membership helps sustain our mission. https://owasp.org/membership/

#defcon

@dangoodin ~edit~ - Kevin Jones makes a good point that since Putty is never configured for SSH signatures of git commits, the public code forge attack I suggested doesn't work. Original message was: >The easiest attack path is to find Github users with the affected key type that have used SSH-signed commits in a public repository. Github publishes the public SSH keys for all users. With ~60 signed commits, an adversary could crack the developer's key, which in turn would provide access to their repositories and any other backend that accepts their SSH authentication (personal servers, other code forges like GitLab, etc).

The Amass Project received a glowing testimonial from an organization leveraging the @owasp #attacksurface mapping system:

"For FortifyData, Amass is an invaluable tool in our arsenal for quickly and accurately determining asset footprints for cyber risk assessment. It reliably provides superior results without false positives. Further, the OAM database model provides inherent benefits beyond asset footprinting, such as identifying third parties associated with the target and nth-party detection. Working closely with the Amass team, we've watched Amass steadily enhance its capabilities. Our clients are deeply impressed with the results our platform generates using Amass data. We look forward to continuing to work with Amass and supporting its development!"

J. Eric Smith, VP Technology Services Delivery

Please let us know if your organization has a testimonial to share as well!

Thank you all for your patience as we got some social media and infrastructure stuff untangled. We are now verified here on Mastodon, and have linked back from our main website.

Going to be in #nyc this upcoming Wednesday? Come learn with the @owasp Global Board!

I'll be co-hosting with @redteamblueteam and doing a talk to introduce the new @amass project that builds your attack surface mapping infrastructure!

#infosec #cyber #cybersecurity #security #recon #reconnaissance #attacksurface #attacksurfacemanagement

https://www.meetup.com/owasp-new-york-city-chapter/events/299764785/

Going to be in #nyc this upcoming Wednesday? Come learn with the @owasp Global Board!

I'll be co-hosting with @redteamblueteam and doing a talk to introduce the new @amass project that builds your attack surface mapping infrastructure!

#infosec #cyber #cybersecurity #security #recon #reconnaissance #attacksurface #attacksurfacemanagement

https://www.meetup.com/owasp-new-york-city-chapter/events/299764785/

The @owasp @amass project has released the beta version of its Docker Compose! There are some obvious benefits to using this to run your attack surface mapping infrastructure:

- Having the framework automatically setup for you
- Being able to run Amass within a Windows environment
- Gaining the performance benefits of the PostgreSQL DBMS
- Using the @grafana dashboard to visualize the Open Asset Model data

The compose also allows you to leverage the IP2Location LITE geo information database to investigate and filter assets discovered.

https://github.com/owasp-amass/amass-docker-compose

Cybersecurity accounts in Mastodon:

Developers of OSINT tools
@binarypool
@navlys_
@soxoj
@IntelScott
@webbreacher
@C3n7ral051nt4g3ncy
@SEINT
@gonzo
@tek
@n0kovo
@noneprivacy
@Edent
@irohsint@0sint.social
@pruvisto
@CommanderRoot
OSINT bloggers
@BobGourley
@InfoSecSherpa
@nixintel
@hatless1der
@osint_research
@OSINTtechniques
@osintessentials
@ChristinaLekati
@sin
@OSINTgeek
@defcon
@tradecraft
@cyb_detective
@secou
@osintunleashed
@osinttechnical
@cybersecstu
@fiete
@ActoTiger
@jomo
@myosinttraining
@osint_cyn
OSINT books authors
@febrezo
@jengolbeck
Cybersecurity tools creators
@ivre
@caffix
@zaproxy
@metasploit
@podalirius
@evilsocket
@droe
@schweikert
@autumnalbee
@frozen
@gregcastle
@robertswiecki
@epi
@tomnomnom
@webtonull
@Xnl_h4ck3r
@shipcod3
@Foss
@SteveD3
Cybersecurity bloggers
@vanderaj
@Jhaddix
@adamshostack
@kozmic
@r00t0v3rr1d3
@alobbs
@shellsharks
@dcuthbert
@xabean
@p0lr
@agent0x0
@securestep9
@CurtWilson
@nerdpr0f
@misfir3
@thepacketrat
@spaf
@SashaRomanosky

which one are you?

Exciting news for the project!

https://www.linkedin.com/posts/ademrosic_amass-teamwork-innovation-activity-7118406243282509824-regS

The @owasp #attacksurface #intelligence collection tool v4.2 has been released and recently reached 10k stars on @github! 🙌 🎉

Great job #Amass contributors, corporate supporters, and community! @zerofox @ipinfoio @six2dez @Jhaddix

#asm #easm #osint #osint4good #recon #attacksurfacemanagement

https://github.com/owasp-amass/amass/releases/tag/v4.2.0

A lot of great songs in this years #DEFCON OST, and for the first time ever we also released an second OST. Both are fantastic - congratulations to the artists!

Right now listening to the first track "A Billion Views" by @Skittishandbus