05-26, 09:20–10:00 (Europe/Stockholm), Main stage
It doesn't matter if you are a Pentester, Bughunter, Defender, Sysadmin or just plain curious. If you aren't trying to breach the company's systems, someone else on the internet is going to try and do it for you (without approval).
In this presentation, you will learn how to setup an "External Attack Surface Management" (EASM) automation workflow using the latest tools and techniques created by the bug-bounty community. So you can go to sleep at night, wake up rested. Knowing you can start your day with a steaming hot cup of coffee, and a freshly baked todo list of vulnerability notifications in your slack to pwn or secure.
With a ever evolving threat landscape organizations are facing a constant battle to secure their external facing assets. This is both costly, time consuming and tedious work. So when a new CVE is out its both a risk or a opportunity, depending on which side you are on. Facts remains, the teams that gets to it first wins.
Attackers:
Opportunity: The company you want to target has put stuff on the internet. Nice..
Solution: Continuously map out the targets external attack surface, fingerprint, scan, crawl, fuzz, identify a vulnerable systems, pwn, win!
Defenders:
Problem: The company you work for has put stuff on the internet, a new unauth rce cve is out, but are you vulnerable?
Solution: Continuously scan and audit your external attack surface, identify any vulnerable system before someone else does, patch, win!
STÖK is a hacker/creative passionate about learning new things and sharing his experience. For the last 3 decades, he has professionally hacked anything from computers/tech to marketing, fashion, communication and the human mind. HACKERS GONNA HACK. CREATORS GONNA CREATE. GOOD VIBES ONLY.