Anthony Russell!

Software Engineer

Anthony Russell, is a software engineer with over 11 years of professional experience. He has a focus in information security and has been featured in 2600 magazine, on Hak5 and has spoken at both Defcon and DerbyCon multiple times. Favorite things to discuss are blockchain technology, baking custom IoT devices, and everything infosec. You can see more of Anthony's work at or

Bug Bounty Recon - Bypassing Geographic DNS with Ensemble

Most bug bounty hunters are missing a huge attack surface when conducting their scans. Often large companies have GeoDNS enabled. If a hunter doesn’t actively bypass GeoDNS by toggling multiple different proxies, or VPNs in different regions, then the hunter only sees the services running on the server located closest to them geographically. The issue with this is that companies often have different services running on servers in different regions. All of which the hunter is missing during their recon phase. Ensemble, a free open-source tool being released during Defcon 31, will solve this issue. By creating a load balanced, regionally distributed cluster of nodes and a friendly web portal to control them, Ensemble allows attackers to run identical commands simultaneously across multiple geographic regions. The results of the scans are then aggregated and returned to the hunter in an easy-to-use web platform. These commands can then be scheduled to run regularly so that hunter can get back to focusing on the technical details and not need to focus on manually switching proxy locations, VPNs, and rerunning the same commands over and over again which is highly error prone.

2:15 PM