“I have not come across anyone with Francis' expertise in web application assessments and penetration testing in over 17 years of doing this type of business. Francis, along with other S&L consultants, are a 10/10 across the board. Several of our global businesses have engaged Francis and S&L over the past 18 months, and we will continue to do so.”
About
Francis Brown, CISA, CISSP, MCSE, is a Board Director & co-founder of Bishop Fox, the…
Experience
-
-
-
-
-
Education
Licenses & Certifications
Publications
-
InformationWeek Reports: Using Google to Find Vulnerabilities In Your IT Environment
Information Week
See publicationGoogle, Bing and other major search engines, have made it easy to find all manner of information—including everything from exposed password files to SQL injection points. This led to the emergence of Google hacking, a technique used to identify and then exploit system and data vulnerabilities.
Google hacking’s popularity waned in the last few years, due in large part to Google shutting down the Google SOAP API. However, with aggressive R&D efforts fueled by innovative thinking, as well…Google, Bing and other major search engines, have made it easy to find all manner of information—including everything from exposed password files to SQL injection points. This led to the emergence of Google hacking, a technique used to identify and then exploit system and data vulnerabilities.
Google hacking’s popularity waned in the last few years, due in large part to Google shutting down the Google SOAP API. However, with aggressive R&D efforts fueled by innovative thinking, as well as significantly more data available on the Web and stored in the cloud, Google hacking is on the rise again. While this gives IT security professionals yet another battle to fight, the good news is that they can leverage the very tools and techniques hackers use to identify and fix any vulnerabilities their companies may have. In other words, they can Google themselves to find security problems before the bad guys do.
In this report we will examine a slew of new tools and techniques that will allow security professionals to
leverage Google, Bing, Baidu and other open search interfaces to proactively track down and eliminate sensitive information disclosures and vulnerabilities in public systems and also take a look at defensive tools designed to pull thousands of real-time RSS updates from search engines to provide users with alerts—a sort of intrusion detection system (IDS) for Google hacking. Malicious hackers have already embraced search engine hacking as an effective way to target and exploit vulnerabilities on a massive scale. It is imperative that security professionals learn to take equal advantage of these techniques to help safeguard their organizations.
Projects
-
ZigDiggity - ZigBee Hacking Toolkit for Pentesters
See projectIntroducing ZigDiggity, an entire suite of new ZigBee penetration testing tools to be released by Francis Brown and Matthew Gleason of Bishop Fox, released exclusively at Black Hat USA – Arsenal 2018.
We've publicly released a FREE set of ZigBee hacking tools designed specifically for use by security professionals. We will showcase the best-of-breed in both hacking hardware and software (ZigDiggity) that you'll need to build a complete ZigBee penetration toolkit. Each of the key…Introducing ZigDiggity, an entire suite of new ZigBee penetration testing tools to be released by Francis Brown and Matthew Gleason of Bishop Fox, released exclusively at Black Hat USA – Arsenal 2018.
We've publicly released a FREE set of ZigBee hacking tools designed specifically for use by security professionals. We will showcase the best-of-breed in both hacking hardware and software (ZigDiggity) that you'll need to build a complete ZigBee penetration toolkit. Each of the key concepts/tools will be accompanied with live hacking demonstrations that will be both exciting as well as educational. -
Drone Hacking for Penetration Testers
Practical guide to Drone hacking for penetration testers. Helping equip security professionals with the tools to test the effectiveness of their drone defenses and eliminate exposed attack vectors.
Drones have emerged as the prevailing weapon of choice in modern warfare, so it’s only logical that we’d also explore the potential applications of this formidable tool in cyber warfare.Other creators -
-
RFID Hacking Project - Bishop Fox
See projectPractical guidance for penetration testers to understand the attack tools and techniques available to them for stealing and using RFID proximity badge information to gain unauthorized access to buildings and other secure areas.
-
SharePoint Hacking Diggity Project
See projectThe SharePoint Hacking Diggity Project is a research and development initiative dedicated to investigating the latest tools and techniques in hacking Microsoft SharePoint technologies. This project page contains downloads and links to our latest SharePoint Hacking research and free security tools. Assessment strategies are designed to help SharePoint administrators and security professionals identify common insecure configurations and exposures introduced by vulnerable SharePoint deployments.
-
Google Hacking Diggity Project
The Google Hacking Diggity Project is a research and development initiative dedicated to investigating the latest techniques that leverage search engines, such as Google and Bing, to quickly identify vulnerable systems and sensitive data in corporate networks. This project page contains downloads and links to our latest Google Hacking research and free security tools. Defensive strategies are also introduced, including innovative solutions that use Google Alerts to monitor your network and…
The Google Hacking Diggity Project is a research and development initiative dedicated to investigating the latest techniques that leverage search engines, such as Google and Bing, to quickly identify vulnerable systems and sensitive data in corporate networks. This project page contains downloads and links to our latest Google Hacking research and free security tools. Defensive strategies are also introduced, including innovative solutions that use Google Alerts to monitor your network and systems.
Other creators -
Recommendations received
-
LinkedIn User
2 people have recommended Francis
Join now to viewOther similar profiles
Explore more posts
-
Kevin Beaver
Check out this podcast interview with me just after my TribalNet keynote in Vegas recently. I was asked a random question at the end about the first concert I attended that you might find interesting (and it's not just what's listed in the podcast description). #infosec #CISO #CIO #businessleaders #cybersecurity #podcast #keynotespeaker #backtobasics #rockconcerts #ISAC
-
David Cowen
Had an insightful forensic lunch today with Wyatt Roersma. We delved into fine-tuning and training open-source AI models for specialized tasks, specifically focusing on Wyatt's passion in creating YARA rules and getting the model to make them more accurately. Catch all the details and watch the session here: https://lnkd.in/gpdVxRzJ #ForensicScience #AI #SpecializedTasks #forensiclunch
-
Alison King
What does FISMA have to do with it? ➡ Many critical infrastructure sectors have interdependencies with drinking water and wastewater services. These include the Chemical, Emergency Services, Energy, Healthcare, and more. “Water, water, everywhere, and not any drop to drink” – “The Rime of the Ancient Mariner,” Samuel Taylor Coleridge 🚧 BL: No water doesn't only mean no coffee! ☕ ➡ In November 2023, the Aliquippa Municipal Water Authority in Pittsburgh experienced a cyberattack after one of its booster stations was hacked by an Iranian-backed cyber group known as ‘Cyber Av3ngers.’ Other major critical infrastructure breaches include the 2022 compromise of the Florida water treatment facility near Tampa days before the Super Bowl. ➡ Critical infrastructure is proving to be an easy target with a high margin of success. While the EPA aspires to follow in the footsteps of the Transportation Security Administration and Food and Drug Administration to provide cybersecurity rules for their sectors, Congress will need to provide the EPA with these new authorities. ➡ Immediate action is needed. The EPA and all federal regulators falling under FISMA must prioritize the security of their networks. This is crucial to ensure they can continue their operations, reducing the threat of malicious cyber actors breaching their networks. By doing so, they protect their own digital enterprise and set an example for their sectors. 💡 At Forescout Technologies Inc., We don't just SEE all IT, IoT IMoT, and OT assets on your network; we PROTECT every connected asset - managed and unmanaged. Read the full article here: https://lnkd.in/ezqUfFcC
11 Comments -
Randall Hettinger
Meet Danielle M. Gagnon and Andrew Kraut from our P0 Labs Team at Booth 35 at Health-ISAC Spring America's Summit! P0 Labs are some of the best out there when it comes to identifying cloud threat actors and their TTPs! Human and machine identities are both your Achilles heel and your canary in the coal mine for cloud threats. Learn how our threat-informed approach seamlessly stitches your identities with your fragmented IaaS, PaaS, SaaS, CI/CD environments, and security controls. Discover how we can immediately improve: - Time to detect and respond (minutes vs hours/ days/ weeks) - Containment completeness (100% vs partial) - Least privilege adherence (Most aren't actually doing this right) - Log alert volume reduction (by 500 to 1 on average) Learn how Permiso can help you evolve your security strategy and architecture towards coveted Just-In-Time (JIT) access, Infrastructure as Code (IaC), Policy as Code (PaC), and more. Stop by our booth to meet Danielle and Andrew. Can't make it to the Summit? DM me to connect virtually!
-
Srinivas Mukkamala
Great news from NIST as they adapt digital identity guidelines for state and local benefits programs. This collaboration with the Digital Benefits Network and the Center for Democracy and Technology to refine digital identity measures is a step in the right direction. It's essential to ensure that as we enhance digital services, we also safeguard privacy and equity, particularly in public benefits administration. Looking forward to seeing how these guidelines will foster more secure and inclusive digital environments. https://bit.ly/3KYuH5J
-
Wade Baker, Ph.D.
Managing #thirdparty #cyberrisk is hard. But it gets even harder when trying to manage 4th...5th...Nth tier #supplychain relationships because visibility, familiarity, and control tend to decline with each degree of removal. This chart, from a joint Cyentia Institute and RiskRecon, A Mastercard Company report, captures this challenge. Your organization (the square in the center) may be able to track breaches of your direct third parties. But what about all those others? Are you even aware that you're indirectly connected to - and thereby potentially exposed to - breaches of those Nth parties? We explore this topic in "Risk to the Nth-Party Degree." Link to download in comments.
35 Comments -
desi .
Unleashing the Investigative Mindset: Uncover the Secrets of Cybersecurity Discover how to tap into your investigative mindset and unlock the hidden secrets in cybersecurity. Gain valuable insights on analyzing information, hypothesizing next moves, and finding crucial data even without advanced tools. Enhance your technical aptitude and understanding of human behavior to become a successful investigator. #InvestigativeMindset #CybersecuritySecrets #InformationAnalysis #TechnicalAptitude #HumanBehavior #CybersecurityInvestigation #DataAnalysis #CybersecuritySkills #DigitalForensics #CybercrimeDetection
-
Steven Cohen
When planning for your strategy and goals for 2025, it is always good to start with an assessment that assists you in identifying and prioritizing your gaps and then building out a roadmap. Infostream is offering this to our customers to help them build out their Cybersecurity Strategies. If you are interested in improving your cybersecurity posture in 2025, please reach out to us. #Infostream #Cybersecurity #Cyberassessment #AI #HPC #NIST #ISO #SecurityBestPractices
1 Comment -
Meg Fronckowiak
VM remains a cornerstone of preventive cybersecurity, but organizations still struggle with vulnerability overload and sophisticated threats. Tenable’s new Exposure Signals gives security teams comprehensive context, so they can shift from VM to exposure management and effectively prioritize high-risk exposures across their complex attack surface. http://ow.ly/oGFk105PbnX
-
Andrew von Ramin Mapp
The National Vulnerability Database (NVD) has faced significant challenges impacting its classification of security concerns, culminating in its current decline. Three key factors have influenced the NVD's capabilities, leading to critical repercussions. The technical intricacies behind the NVD's diminished efficiency highlight the importance of robust classification systems in cybersecurity.
Explore collaborative articles
We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
Explore MoreOthers named Francis Brown in United States
-
Francis Brown
-
Francis Brown
Product & Sales Account Management
-
Francis Brown
-
Francis Brown
Partner | Strategic Advisor
119 others named Francis Brown in United States are on LinkedIn
See others named Francis Brown