 Our next talk will be by Robert Hansen or R Snake about searching the invisible internet. All right, so my name is Robert Hansen. I also go by R Snake. I am a hacker. We do exist. We're real people and I hope all of you feel like after this you are hackers too. So my job is a bit of a weird one. Back when I started the internet there really wasn't a job called security. There was no way to do what we do. It was sort of a side task and it's grown a lot in the last 20 something years that I've been in the industry where there's a lot of people who are putting things on the internet but they really don't know that people like me can find them. So for instance you just saw Shodan with the internet cameras. When I'm looking at the internet I'm looking at it in a different way than you would let's say if you were using Google. If you are looking for something like shoes or whatever you type in shoes in Google and it'll find web pages and sites that are very popular that people want to tell you about. They're heavily marketed. There's this whole thing called search engine optimization where you try to get yourself to the top of Google and you do that by a lot of tricks by getting people to backlink to you effectively. So a guy like me is somewhat interested in what the internet knows about any particular website but I'm actually more interested in what people don't know. As a hacker I'm trying to find the edges. I'm trying to find ways into their environment. So let's take an example and by the way I'm doing this all on my phone just mostly because I find it very interesting to try to kind of help set the chords long enough. So let's say I'm trying to find something like Sears.com. So Sears is a very large company. I'm sure a lot of you have gone there at one point or another by tires or something. But Sears is actually a much more complicated thing than just a singular website. There's lots and lots and lots of different let's say subdomains of their main domain. So any one of these things might be a printer or they might be a camera or they might be a satellite office, a sales office or something like that. So you can see very quickly that if you look at the internet a little bit differently you're going to start finding all kinds of very interesting things like development servers and staging servers and test servers, quality assurance servers, sites that people have put online without really realizing that they're still accessible and people like you and I can go and find them and connect to them. This is all public information but it's public information that they don't necessarily know it's public. They're not really thinking about it as it's being publicly accessible on the internet. So the problem is we know that Sears owns a lot of other things other than Sears.com. They own kmart.com. They own structure.com and a bunch of other things. So how do we find that? Well if we start looking at different subnets that they're within you can find things like huge blocks of IP space like this has 42 records in Illinois in one very small block 256 addresses which is a which is a small amount of space on the internet. So if we pivot and we look inside that network if we start drilling into what's going on there you're going to start seeing that they own a lot of other things. They own shopyourwayshoes.com and a bunch of other things kmart.com which we knew about etc. All of these things are potentially vulnerable and are all sort of on the internet. The other thing you need to sort of think about so let's say one day I build a website and think of a website sort of like a photograph and that photograph is the thing that I'm trying to present to the internet. Now if I let's say there's a camera over here and that camera is then there's a tv attached to it and you can see whatever it's pointing to so it's pointed at my picture. So that's what's called a proxy server and the proxy server is basically showing you whatever I have on this photograph. So a lot of secure a lot of companies will use proxy servers to sort of pretend like they're not located here they're located over there. They do that for security reasons they do it for performance reasons etc. So if you actually hack into what you think they are you're hacking into that thing over there which isn't them and so therefore it's less bad if something bad happens theoretically anyway. So the problem is I had to at one point build that photograph I had I had to build that website somewhere it has to exist on the internet for real somewhere and later on after it's built and it's functioning and someone's had a chance to look at it then I can take a put that on the video and have it proxy through. So if you can rewind the internet and look backwards in time which means basically getting a lot of snapshots of the internet over time you can sort of just look hey where was well now they're there but where were they let's say a year ago well they might be here when they were building the site. So instead of connecting to there and attacking that thing the attacker will attack this thing even though this thing isn't where the website is anymore from a user's perspective it's actually where it is it's really where the photograph actually is it's where the website is. So knowing how the internet is structured and knowing how it evolves can allow you to attack the real place the real place on the internet where the thing really is located and so you think like big companies they should know better they should this should not be something that ever happens. So when I talk to an average company or an average organization or whatever and I say how many sites do you have on the internet or like what do you what do you think. So let's say it was an eBay or something and you go talk to let's say the CEO you're like well so what what what sites are do you care about or are on the internet and they'll say eBay and PayPal let's say before they got acquired or moved off and so that's two websites and then if you go talk to the network admins they'll say oh it's eBay and PayPal and rent.com and a bunch of other stuff and but there's a whole bunch of other marketing websites that they don't know about and you go talk to the marketing team and the marketing team will only know about the marketing sites and they won't even be thinking about all these internal assets or anything else. So it's not that any one of those people are wrong it's that no one of them know all of what's going on all at one time. So that's that's actually the crux of this problem when you have the this massive buildup of websites and entities a company will buy another company they don't necessarily know what they're buying they're just buying you know a bunch of people and a bunch of equipment but really what they're doing is they're buying this gigantic internet asset archive of all the stuff that's accumulated over many years potentially. So if you're trying to protect yourself the very first thing you need to know is what you're trying to protect you need to find everything first and then it's very usually very easy to break in and one of those things as a defender is someone and the security side as opposed to the hacking side you basically need to identify where those places are so that you can put the proper defenses in place. So that's it. Thank you everybody.