No announcement yet.

Dr.ROBOT: Organized Chaos and the Shotgun Approach

  • Filter
  • Time
  • Show
Clear All
new posts

  • Dr.ROBOT: Organized Chaos and the Shotgun Approach

    Saturday from 12:00 – 13:50 in Sunset 5 at Planet Hollywood
    Audience: Defense/Offense Aleksandar Straumann & Jayson Grace

    Companies are large, and the number of subdomains they expose is even larger. There are a number of tools to uncover subdomains an organization is exposing, but individually they do not give you the complete picture. In the event that you use multiple tools, you are given an overwhelming amount of data to piece together into an aggregate view. In this talk we introduce Dr.ROBOT, a domain reconnaissance tool that was developed to run a large variety of subdomain enumeration tools. It was designed to trivially incorporate new tools as they are released by leveraging Docker and Ansible. Dr.ROBOT has three stages: gathering, inspection, and publishing. In the gathering stage, it gathers as much information as it can and aggregates the results. In the inspection phase, it captures screenshots and other information regarding the target. Finally, in the publishing phase it sends the data gathered during the previous two phases to an endpoint for manual review. Dr.ROBOT was created to serve as a comprehensive source on subdomain exposure by gathering information from as many resources as possible. It is a versatile utility for bug bounty hunters, blue teams, red teams, and many others.

    Aleksandar Straumann
    Aleksandar recently received his Masters in Computer Science from the University of Minnesota Duluth. In addition to his studies, he works part time at Sandia National Labs as a graduate intern. He works on various projects involving penetration testing, reverse engineering, and tool development. A security enthusiast, he has also pursued certifications in web penetration testing and offensive security. Aleksandar enjoys practicing his skills with CTFs, developing tools, and working on projects to make the security community better.

    Jayson Grace
    Jayson Grace is a Security Engineer at Splunk. He holds a BS in Computer Science from the University of New Mexico (2016). He has previously worked as a tool developer, penetration tester, systems administrator, and DevOps Engineer. Passionate about empowering engineers to create secure applications, Jayson also enjoys hunting for 0-days, automating offensive security processes, and strongly believes that in-house offensive security researchers are essential to maintaining a secure environment.