Abstract:

This course is for practitioners who would like to have accurate visibility and results when mapping an organization's external attack surface. We will use the open source tool, provided by the OWASP Amass Project, to better understand how to hunt down assets exposed on the Internet. Many professionals have leveraged the basic Amass features during their red team exercises and other information security efforts, but not extended the capabilities of the engine to implement new features and data sources. We will use hands-on exercises to have you become familiar with the Amass Engine, comfortable extending it, and aware of future directions for the project. Participants are encouraged to complete the exercises by writing the extensions in the Lua programming language. All the examples will be provided for those unfamiliar with the language.

It would help to have used OWASP Amass previously, but the basics will be covered quickly during the training. The target skill level is someone that understands the basics of OWASP Amass and would like to understand more advanced aspects of the tool and its OSINT capabilities.