Velkommen til april-møtet. Chris Dale fra River Security kommer og snakker om ASM og OSINT. Det blir pizza fra kl. 17.30 og foredraget starter ca 18. Foredraget krever ingen spesielle forkunnskaper innenfor sikkerhet/hacking og vil inneholde flere praktisk demoer.
Join Chris Dale as he reveals how attackers are constantly searching for new online targets, scanning for weaknesses, and exploiting them the moment they appear.
We’ll investigate concepts like Attack Surface Management (ASM) and Open-Source Intelligence (OSINT) as ways for companies (and attackers!) to keep track of what parts of systems are exposed to the internet and might be vulnerable.
With live demos, you’ll see exactly how attackers find and test for weaknesses, using real tools and techniques. This session will give you a practical understanding of how to spot risks before attackers do—helping you protect your systems in an ever-changing digital world.
The talk will be delivered in either Norwegian or English, depending on the audience. It is designed to be accessible to all experience levels.
OSINT refers to the process of gathering publicly available information from various sources to analyze and assess potential security risks. These sources include:
- Websites and public APIs
- Social media and forums
- Domain registration (WHOIS) and DNS records
- Code repositories (GitHub, GitLab, etc.)
- Search engines and indexing services (Google Dorking)
Attack Surface Management (ASM) is the process of continuously identifying, analyzing, and reducing the potential ways an attacker can exploit your applications or infrastructure. This includes:
- External Attack Surface – Public-facing assets like web apps, APIs, cloud services, and exposed servers.
- Internal Attack Surface – Internal applications, employee credentials, or misconfigurations.
- Third-party Risk – Dependencies, SaaS integrations, and open-source libraries.
