Nmap Nmap (“Network Mapper”) is an open source tool for network exploration and security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. While Nmap is commonly used for security audits, many systems and network administrators find it useful for routine tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. The output from Nmap is a list of scanned targets, with supplemental information on each depending on the options used. A typical Nmap scan is shown in Example 15.1. Example 15.1. The newest version of Nmap can be obtained from
Wireshark We're having a conference! You're invited! Wireshark Training Wireshark University Co-founded by Laura Chappell, inspirational instructor, consultant, and Wireshark expert, provides training, Network Analyst Certification, and resources for all levels of Wireshark users. Visit www.wiresharktraining.com. Wireshark Network Analysis The Official Wireshark Certified Network Analyst Study Guide is now available. Wireshark Certified Network Analyst: Official Exam Prep Guide Want to become a Wireshark Certified Network Analyst? User Documentation User's Guide The Wireshark User's Guide is available in several formats: Web pages (browseable): One huge page or multiple pages Web pages (ZIP file): One huge page or multiple pages PDF: US or A4 Windows help: CHM file Command-line Manual Pages UNIX-style man pages for Wireshark, TShark, dumpcap, and other utilities Display Filter Reference All of Wireshark's display filters, from version 1.0.0 to present. Release Notes Version 0.99.2 to present. Security Advisories
Netragard’s Hacker Interface Device (HID). | Netragard's SNOsoft Research Team We (Netragard) recently completed an engagement for a client with a rather restricted scope. The scope included a single IP address bound to a firewall that offered no services what so ever. It also excluded the use of social attack vectors based on social networks, telephone, or email and disallowed any physical access to the campus and surrounding areas. With all of these limitations in place, we were tasked with penetrating into the network from the perspective of a remote threat, and succeeded. The first method of attack that people might think of when faced with a challenge like this is the use of the traditional autorun malware on a USB stick. Just mail a bunch of sticks to different people within the target company and wait for someone to plug it in; when they do its game over, they’re infected. Enter PRION, the evil HID. A prion is an infectious agent composed of a protein in a misfolded form. With the mouse and the USB board prepared we began the process of soldering.