Recon as a Graph-Exploring Attribution, Scope, Growth & Querying in OWASP Amass

OWASP Amass is a framework to help Infosec professionals perform network mapping of attack surfaces and external asset discovery using open source intelligence gathering and reconnaissance techniques. Amass is a major evolution in how recon workflows can be explored, repeated, and understood.

In this 45-minute workshop for DEFCON Group DCG518 (Albany), Jeff Foley the Project leader for Amass will guide us through the new capabilities introduced in Amass v5.0 and what’s landing in v5.1, using live demos to show what modern discovery looks like when your results are treated as a connected graph instead of one-off command output.

We’ll start from zero assumptions: what Amass is, what problems it solves, and how to think about discovery as a set of assets and relationships. Then we’ll walk through the Open Asset Model (OAM) and the new Asset Database, how Amass stores what it finds, and why that makes exploring findings easier. From there, you’ll see the Triples query language in action for pivoting through discovered infrastructure (domains, subdomains, IP space, certificates, organizations, and more), plus how Amass expands scope through attribution and related-asset discovery.

This session is designed to be easy to follow even if you’ve never used Amass before and aren’t running it locally. Whether you are a Red team, Blue team or Threat Intel, you’ll leave with a practical understanding of the Amass workflow, and how to turn recon data into durable, operational intelligence. Because recon is not the beginning of the kill chain, recon is the chain.

• For more DEFCON DCG518 Group information and updates, check our site https://dc518.github.io/
• Doors open at 1:00pm for social hang out. The presentation starts sharp at 2pm. The Guilderland Public Library is located at 2228 Western Avenue, Guilderland, New York 12084
• This event is free and open to all the community. No attendee limits.

Everyone is welcome!