June 16, 2005 - Big Companies, Big Targets

by Jeff Moss

One of the benefits of working at Black Hat is our exposure to the world’s leading technology researchers. The Black Page is our opportunity to share their research with the world. The Black Page will be sporadically updated, exclusively featuring the Black Hat Briefings speakers, their latest research, and new announcements.

As we put together the speaker schedule for the upcoming briefings in Las Vegas, we found some crucial presentations that are sure to stir executive offices at high profile companies. On this Black Page, we are giving you a preview of two major security releases focused on two major corporations: Google and Cisco.

After his popular talk at Black Hat Briefings 2004, j0nny long, penetration tester, is back to reflect on a year of malicious queries and reveal how you can bypass Google's attempts to stop you from running them

  Google Hacking: A Year In Review

by j0nny long posted June 16, 2005

Love it or leave it, Google Hacking is here to stay. It’s not just about trolling for idiots anymore. Whether I’m using Google for zero packet-to-target recon, performing intelligent relationship analysis or just using known malicious queries to find the nimrods I’m continually amazed at the things I can do with Google. Now, I’ll be the first to admit that Google isn’t the “be all end all”. I’m a pen tester by trade, and I know that even the mention of the term “Google Hacking” drives the techies crazy. But lighten up a little. No Google kiddy is going to match your l33t skillz, but if you’ve seen my talk, you know Google hacking is just plain fun. To be honest, I thought about “hanging up” this Google “thing” I’m on many times in the past, for fear of being pigeonholed (and ending up unable to land any more serious television roles), but the more I play with other more heady security stuff, the more I enjoy the “break” of coming back and poking at Google a bit. I can’t tell you how many times a simple, innocent query or two has led me down a rabbit hole, dumping me head-first into some poor fool’s admin interface. So, for now, I’ll keep talking about it and I plan on having more fun with Google. Just do me a favor. Stop calling me the “Google guy”… Sheesh.