Bio: Chema Alonso is a Computer Engineer by the Rey Juan Carlos University and System Engineer by the Politecnica University of Madrid. He has been working as security consultant last six years and had been awarded as Microsoft Most Valuable Professional since 2005 to present time. He is a Microsoft frequent speaker in Security Conferences. He writes monthly in several Spanish Technical Magazines. He is currently working on his PhD thesis about Web Security. He had spoken in some of the most important conferences such as BH Europe 2008 and 2009, Defcon 16,17 & 18, DeepSec 2k8m HackCon#4 & #5, SchmooCon 2k9, BlackHat DC 2010, BlackHat USA 2010, CONFidence 2.0 in 2009 and Ekoparty 5th & 6th.
Topic of Presentation: FOCA
Abstract: FOCA is a tool for extracting information in footprinting and fingerprinting phases during a penetration test. It helps auditors to extract and analyze information from metadata, hidden info and lost data in published files. This new release of FOCA, version 2.5, adds automatic tools for scanning internal domains using PTR Scanning, Serach Engines, DNS Cache Snooping, Software recognition through SHODAN, etc… It allows in detecting remotely AV installed, vulnerable sw to evilgrade and to prepare a targeted attack externally. The idea of FOCA is to give as much info as can be discovered automatically starting from a public domain name… and just clicking 1 button.