Advanced Network Reconnaissance with Nmap
While many security practitioners use Nmap, few understand its full power. Nmap deserves part of the blame for being too helpful. A simple command such as “nmap scanme.insecure.org” leaves Nmap to choose the scan type, timing details, target ports, output format, source ports and addresses, and more. You can even specify -iR (random input) and let Nmap choose the targets! Hiding all of these details makes Nmap easy to use, but also easy to grow complacent with. Many people never explore the hundreds of available options and scan techniques for more powerful scanning.
In this 47 minute presentation, Nmap author Fyodor details advanced Nmap usage—from clever hacks for teaching Nmap new tricks, to new and undocumented features for bypassing firewalls, optimizing scan performance, finding free porn, defeating intrusion detection systems, and more. A special Shmoo version of Nmap was released at the conference, though all the features discussed are now integrated with official Nmap releases (download page, Changelog).
Presentation VideoPresentation video is available in several formats. The most convenient is probably the streaming Flash version:
The video can be downloaded in MPEG4 format: fyodor-nmap-shmoo06.mp4 (400x304 resolution; 87MB)
Slides and Audio
Presentation slides (PDF): shmoo-fyodor-011406.pdf.
Presentation audio (17MB MP3): fyodor-nmap-shmoo06.mp3