Defcon 18 Fyodor Fifield Nmap
Defcon 18 Fyodor Fifield Nmap
Org
http://insecure.org/presentations/BHDC10/
Black Hat Briefings Las Vegas Defcon 18
July 28; 4:45 PM; Augustus 5+6 July 30; 5:00 PM; Track One
Insecure.Org
Abstract
Most hackers can use Nmap for simple port scanning and OS
detection, but the Nmap Scripting Engine (NSE) takes scanning to a
whole new level. Nmap's high-speed networking engine can now
spider web sites for SQL injection vulnerabilities, brute-force crack
and query MSRPC services, find open proxies, and more. Nmap
includes more than 125 NSE scripts for network discovery,
vulnerability detection, exploitation, and authentication cracking.
Rather than give a dry overview of NSE, Fyodor and Nmap co-
maintainer David Fifield demonstrate practical solutions to common
problems. They have scanned millions of hosts with NSE and will
discuss vulnerabilities found on enterprise networks and how Nmap
can be used to quickly detect those problems on your own systems.
Then they demonstrate how easy it is to write custom NSE scripts to
meet the needs of your network. Finally they take a quick look at
recent Nmap developments and provide a preview of what is soon to
come. This presentation does not require any NSE experience, but it
wouldn't hurt to read http://nmap.org/book/nse.html.
Insecure.Org
Resources