Transcript
Well, hello everyone. My name is Brad Reinboldt. I'm a product manager here at NetAlly and welcome to today's webinar, Hands On with Nmap, a guide to network scanning and Vulnerability Assessment. So the webinar we've started and all lines are muted. Please go ahead and put your questions in the chat and I will get to those throughout the whole hour. I'll say right up front, if we get too many questions and I suspect we will because this is a great topic, we will get back to you afterwards if we run out of time. This webinar is being recorded and you will receive a link to an on demand version to watch it later or rewatch it if you so like. Next slide. So our two presenters today are Chris Greer. He's a packet at Nmap Analyst and also Dan Klimke, director of marketing here at NetAlly. Welcome, Chris and Dan. Hey, Brad, it's great to be here. Thanks for having me. Likewise, Chris. Thank you for joining us on today's webinar and sharing your knowledge and understanding of Nmap for our attendees today. Good to be here, guys. Well, as we both know, as everybody knows here, we have a packed agenda. So I think I'm going to pass it over. Excuse me. Let me first go through the agenda. So we're going to talk about CyberScope, Right. So this is a product that was introduced on April 24th. And we'll start with Dan talking a little bit about that. Some of the Nmap fundamentals will follow. Learn how to find answers to what ports are open on which devices on my network, what operating systems and versions are presently installed, etcetera. Then in about quarter to the hour, we're going to do a little Q and A and then very excitingly, at five to the hour, we're going to have a prize drawing for a CyberScope. So lots of good things going on here. And with that, I'm going to pass it over to you. Dan, take it away. Great. Thanks, Brad. So, yeah, I did want to give a brief overview of CyberScope. As Brad mentioned, we introduced the CyberScope at the RSA Show in San Francisco just a few weeks ago and getting a lot of excitement around this product because it is the world's first handheld cyber security analyzer. Our audience probably knows NetAlly for the types of products and solutions that we have for doing network analysis. But now we've entered the world of cyber security with CyberScope that is a comprehensive tool for site cyber security assessments, analysis and reporting in an all in one tool. There's four key use models for CyberScope, that is to conduct endpoint and network discovery to examine and validate wireless security, to do segmentation and provisioning validation, and to assess possible vulnerabilities on your network. CyberScope is a multifunction instrument. It provides fast and actionable insights on premise in your site networks, and it fills the visibility gaps that other tool sets may not address. I might say it was really interesting to have some of the folks from some of the larger cyber security platform and monitoring solutions come over to our booth at the RSA show, and they pretty much acknowledge that, yeah, our solution only goes so far before local visibility is needed to take action to find and analyze questionable devices and security segmentation on site. So that's where we say we work. We fill those visibility gaps that those other toolsets don't address. It's obviously a rugged and purpose built tool that replaces the use of utilities on fragile laptops or tablets. And that brings us to today's topic. Very common tool used by many cyber security professionals is Nmap. So Nmap is a scanning and network discovery tool set software that Chris is going to explain and talk about. But one of the things about Nmap is that it is difficult to use and so Chris is going to explain how to use it and how it is actually been integrated into CyberScope for ease of use and speed of response to cyber security issues and doing proactive analysis of your endpoints on your network. So Chris, I'm going to hand it over to you. Thanks for joining us. And why don't you walk us through what is in mapping? Why should we care? Sure thing. Dan, again, thanks for having me today. I'm excited to be here and talking to everybody about Nmap. Definitely a tool that I enjoy using and no doubt something that is in the toolbox, like you said, for the people that are in attendance. In fact, we'd like to hear a bit more about your experience with Nmap on the Brighttalk platform here. We actually have a poll. You might be able to find it by looking in the little toolbar there. If you look over at the polls and there's a question there about your personal use of Nmap, so who out there is using it? Some of the options there that are there for you to select. Sometimes we get people that use it every day. Sometimes it's something that's that is installed but just not used very often in our tool set. Or you might be here and this is the first time that you're being introduced to Nmap. So go ahead and check out that poll when you just have a brief moment. Let's go and talk about what is Nmap. So let's just talk about the name. The name comes from Network Mapper, so it's an open source scanning tool. It was developed for the purpose of scanning networks and finding out actively what is connected and what types of ports and vulnerabilities could possibly be opened on those devices. It's gone through a lot of maturity over the years. It started back in 1997 and the Nmap that we have today has become a very powerful tool. So it's more than just. Scanning supports. It helps us to, like Dan mentioned at the outset, it helps us to take a look at operating systems that are on different platforms. What types of versions of services are running and much, much more. So that's what Nmap is. Now. Who should be using Nmap? Well, really, everybody in it should. If we're a network engineer, maybe we're we're involved with designing the speeds and feeds in our enterprise and we want to get a better handle on what is actually connected. So a network engineers, SOC analysts, ethical hackers, pen testers, really everyone. It's a great tool to have in our toolbox. But that brings us to the next point. Nmap isn't the most user friendly thing to use, especially when we don't use it often. So like anything, we can get used to the commands we can get used to how to enter things in. However, unless it's something that is frequently something that we're going to. It can be tough to remember. I mean, look at this command right here. This is one of the basic Nmap command. And here we can see a lot of different options. Those are called switches. So it can be hard to remember which which ones do I use, when do I use them and why? Or the output that comes back to me, how do I interpret it? How do I make that useful? So that can be where it can get a bit difficult. Or even when we're collaborating with someone else, we might have these scans down, we might remember them like the back of our hand, but someone that we're collaborating with might be newer to cybersecurity or networking and might take some time to get up to speed on how to do scans with Nmap. So that's one challenge that many people run into. Also, if you take a look at this one as well and improperly entered scan can also take a very long, long, long, long time. If we look at the IP address that's in the command above, you can see that we're set up here to scan the entire ten network space at ten 000, and we're going to do all 16.7 million addresses in that space. And not just that, we're not just going to just ping them, but we're also going to check out of Port 80 open. Well, what if I didn't do that dash P 80 thing? What if I just left that open? Well, by default, Nmap is going to scan the top 1000 ports for each active device. So if I hit enter on that thing and I also made it super verbose, which is the dash V, I'm going to get a lot of output and it's going to take a long time to complete. So this is another thing that can be difficult with Nmap is knowing which switches can make it more efficient. Also, again, why is it hard? Well, there's also something called the Nmap scripting engine, the NSC that what that allows us to do is to create custom scripts that run specific scans. Now Nmap comes built in with several different scripts. In fact, I'm going to be showing you that the list of scripts in just a few moments, but those scripts are written in Lua now. Some people that have been very comfortable with Nmap using it for a long time. They have experience in Lua and you can write your own scripts to have Nmap do some very specific things for your environment. But for someone who's new coming on board, that can be intimidating. We think, okay, great, now I got to learn Lua I got it. What are all these complex scripts? Boy, this thing just got real difficult, so that can be a challenge or a barrier of entry to really getting the most out of Nmap when we're using it on our networks today. And one last thing about oops, I this this slide was accidentally duplicated. So sorry about that. So okay that sets us up as far as nmap what it is, who should use it. But enough talking. We don't want to just show a bunch of slides here. We want to get our hands dirty with Nmap. And so what I'm going to do is just show you some very common scripts or definitely some scripts, but some common scans that you can run with Nmap to get started with it, to get your hands dirty, if you will, or just your hands on it. And then you can begin to build out that Nmap skill set as you go forward. Okay, so if you have an Nmap installed, fantastic. You can follow along with me and what I'm about to show you. If you don't have it yet, then let's go ahead and check out nmap.org and we can download it for any platform. It's also built in to several different distributions. So I'm actually going to be demonstrating on a build of Kali. Linux comes built in with Nmap and it's already there for me to use. So I'm going to go ahead and share my screen. Let me come in here, share screen, going to share and sorry about that, the window and window and window. But now you should be able to see Nmap on my system. This is Kali Linux and we're just going to run a few very basic scans. Okay. So first just want to show everybody one very simple scan that we can do is just nmap scan me.nmap.org. Now the nice thing about Nmap the organization is they put this server out there to be scanned. It's a great way to test or to learn, learn some additional scans and Nmap can run. So if I just do the basic Nmap scan like you see here, what that's going to do is it's first going to check to make sure that that device is out there or that server is out there. And then after that it's going to run a thousand port test toward that device. So here this came back pretty quickly. In fact, on the bottom it says that I was able to complete this scan in just 3.37 seconds. Okay, wonderful. The output here, I can see the ports that are open. So we sprayed it with a thousand TCP ports. I can see Port 22 is open. Port 25 is filtered, 80 is open. Few other filtered ones. So it gives me a good idea of what ports are open on that server. Okay, great. All right. So where do we go from here, though? How do I begin to interpret this? Well, we can see which ones are open, but how can I even go further to find out even more about this, this server that's out there? Let's go ahead and do this. I'm going to just clear this out and I'm going to come back to Nmap and several Nmap scans that we run do require a root privilege or administrative privilege. So I'm just going to do sudo and let's go ahead and do this with Nmap. So first of all, let's think about that scan server. So I did see a few ports that were open there, didn't we? We saw 20 to 25. 80 was open. Now that right there is going to be a nice thing. If you ever see 80, that means there's a web service open and that thing is going to be ripe for attackers. All right. So let's back up a minute about Nmap. One of the reasons why so many different silos within it should know about Nmap and be actively scanning our networks is because it's not just about what is actually connected out there on the network. It's also about what's vulnerable, vulnerable. If an attacker gets access to our system, they're going to be scanning our network because they want to know what are some low hanging fruit out there, what can be laterally moved to what are the type of exploits can be run. And Web hacking is a big one. So a lot of the bug bounties you see out there, a lot of attacks happen through web services because they just tend to have a lot of attacks against them. There at times can be vulnerable. We need to be quick to stay on top of them. So if we have that old printer that's been sitting in the corner with a web service on it and it hasn't been patched or updated in several years for us, we might not even be aware that that web service is still out there. But an attacker would be able to find that quickly. So every time we see Port 80, that's something that we might want to know a little bit more about. Okay. So using scan me, we'll do this. In fact, I'm going to back up just for a second, everybody. I'm just going to do Nmap. And what that does is it gives me the help for Nmap. And what I want to show you here, let me just just widen this out just a little bit for everybody. And I'm going to run that one more time. Okay? I'm going to come up here. This is just the help dump. And there's a lot of different switches, as you can see here, a lot of different things that we can comb through. But what I'm going to come down to is if we look at the scan techniques, there's a few different scan types that we can run. So Syn scans, connect scans, X scans. What I'm interested in is I'm going to come down here to service version detection. This is an interesting scan. What I'm going to do is I'm going to do Dash SV and what that does is it will take a look at any open ports and it will help me to determine the service or version information for that open port. So again, port 80, wonderful, But what type of server or service is running on port 80 on that server? What's the type? What what's it doing? Because then that's going to give me more information to be able to craft an exploit against or to further enumerate. Okay, so let's do that. I'm just going to come back here and I'm going to just clear this out again and I'm just going to do sudo and map. So what was that switch again? It was Dash S, capital V, and what that does is that gives me again service version. Okay, so let's do this. I'm just going to come here and I'm going to just do scan me.map.org and what that's going to do is rip back through that those thousand ports and it's going to this time it's going to show me the version for those services. So I'm just going to let this run for just a second. Okay. Got my output back. And I notice here that Port 22 says it's open. Ssh 6.6.1. Okay, great. So I know that one. Now let's just say I wanted or if I want to know more about my systems and I'm doing some internal red teaming or pen testing, this might be something that I then go to work on and find, maybe do some searches, try to find out, okay, are there any recent vulnerabilities out there? Also, notice here and this is this just happens sometimes when I'm especially when I'm presenting live this time port 80 instead of being open, it says that it's filtered. So the reason why it says it was filtered is because I went ahead and sent a TCP syn to Port 80, but this time instead it came. There was no response. Didn't get a snack back. So if a port is open, I'm going to be sending a sin to it. Sin will come back and then I can either reset or finish the handshake. But here nothing came back, no snack. Now, that can happen from time to time, especially when I'm scanning something frequently like I'm doing here. So what we're going to do is we're just going to try this one more time and see do we get it open this time? So going to go ahead and let this run should just take a few seconds here. And if we get that again. I think what I'm going to do. All right. This time it came back. So that just updated. Hopefully everybody sees that. But I just have a so there's Port 22 open again. But this time check this out. I got TCP 80, it's open and this time it's Apache Httpd 2.4.7. Okay. So now it's not just a service that's open now. Now I know more about that version that's running. And now I can begin to look for either vulnerabilities or exploits that might be able to take advantage of that version of Apache. Now, why does this help me if I'm not a pen tester? Well, if I'm a network engineer, if I'm a SOC analyst, I want to be able to harden my systems. I want to be able to do these types of scans to go, wait a second, I got this Iot device or this printer or whatever it is over here that has this open web service. Is this something that I should harden or disable or get on there and, you know, shut that port down? So unless that port is actively being used as some type of control or an is interacting with it, that's not something that I want to have open. Or how about these other ones? I might come down here and say, what's important? 9929 What's that doing open? So there's there's things that I want to know about that service. Okay, great. So what do we just do? Let's just back up for a minute. We went ahead and just did an, um. We went ahead and just did a basic and map scan. So no switches, just wide open and map scan and map.org. And then we were able to do a service version. So Dash S capital V against that same server to find out those, those versions. Wonderful. But can we do even more with them? What other types of scans can we run that would be useful for us? Well, one big thing that an attacker is going to want to know about us is what is our operating system? So what type of system we got running? Is it a Linux system? Is it a Windows system? Is it a Windows 10, Windows 11 or an old type of Windows server? Any of those? Those are going to be important for us to know. So with Nmap, something that it's able to do is enumerate the TCP stack of a device and figure out when it gets responses, what type of of stack is running. It gives us basically a fingerprint of what that device is because all operating systems have little I call them nerd knobs, little TCP things that they tune for that device. And just based on a sin and synack, we can get a feeling for what that device is or what type of device it is. All right. So let's go and do this then I'm going to go and do sudo again and I'm going to come over here to Nmap and this time to to enumerate an operating system. What I'm going to do is I'm just going to do dash capital O. The operating system enumeration. All right. So let's just do that and we're just going to do scan nmap.org. Let's go ahead and let that cook. So what's happening under the hood right now? And oh, silly me, I should just come over here real quick and just start up a capture while this is running. I'm just starting up a capture with Wireshark because, you know, I mean, I'm a packet head. You can't can't keep me out of the packets. So what happened here? I'm going to start my capture, which, by the way, I think this is a great way to learn Nmap, if you just run a scan and then just actually it just collect those packets with Wireshark, it's a great way to learn these scans, how they work and interpret those results. By the way, side point on my YouTube channel, I do have several short tutorials about Nmap and we're going to be running a scan capturing it with Wireshark and interpreting it on the wire. So go ahead and check that out. If you get a minute or if you want a little bit more detail about any of the scans that I'm showing you today. Okay. Going back to our operating system enumeration, So here we just scan for the ports that are open. We found those same ports that are open 22, 80 and so on. Down here. If you notice, it says no exact operating system matches for host. Well, one reason for that is I'm actually running a I'm running a Kali VM, a Kali Linux VM, and sometimes the proxy that it uses can skew those results a little bit. So what I'm going to do is I'm actually going to run back to my main system, okay? And I'm just going to come here to my terminal and I'm going to run the same thing here while I'm running this. We're going to go ahead and go back and look at those packets. So I'm going to do nmap o scan me.nmap.org. Okay, let's let that run. Okay, while that's. Going, I'm going to come back here. And I just want to show you a few interesting things about this scan and basically what that operating system enumeration does. So in Wireshark, what I see here, and if this is the first time that we're meeting and you're seeing my output for Wireshark, you know that I like to paint the sins in my Wireshark profile bright green so they jump right out at me. I can definitely see that these are new TCP connection attempts. Well, one thing I notice is I can see a bunch of port 20 twos. So what Nmap does is it finds that open port and then after it finds that open port, what it'll do, I'm just going to grab this top one here and I'm going to come down into the TCP options. All right? So I come down here and check this out, everybody. Now, Wireshark is flagging something for me here. Now I can see TCP control protocol and down in the protocol header and I'm just going to draw everyone, everyone's attention to that blue line right here. See, it says acknowledgment number, this long, convoluted, scary looking number. Okay, so that number, that's an acknowledgment number, a TCP ack number. But this is why Wireshark is going. Hey, wait. Mayday, mayday. This is weird. It's because there's no acknowledgment flag that's set. So this is basically an illegal behavior. Nmap is intentionally sending an illegal syn to that server. Why? It wants to know how it will respond. So what do you do with this? Mr. Sky-map.org? Here's a weird looking TCP packet. No flag, but I'm going to give you an act number. So what are you going to do? Are you going to send a synack? Are you going to reset? Are you going to do nothing? Well, scamps is fine with that. It sends back a cynic and says no problem. Here you go. I'm doing a cynic right now. Let's go ahead and connect. And here's my TCP options and here's my window size and so on. So what the what I do is I'm sending all of these basically fabricated TCP port, TCP sins. I'm sorry. And I'm what I do is I wait to see how do you handle this? How do you handle a low miss? What do you do with timestamps? If I put it here, how about a very, very low window size? A window at four byte window. Right. So that sure looks funny. So basically that's what Nmap does. It's just poking at that system to try to see how does it respond? Does it send a synack? Does it give me options? What are those options? And so on that will all form a fingerprint that will help me to identify that operating system. So I'm just going to peek back over here and just see how we did. All right. So much better this time. Everybody sees on this one. So just running this through my base system. Hey, Chris. Yes, sir? I'm sorry. We're looking at a blank screen or it says Learn Wireshark and other tips and packet analysis. I think you need to get your other screen in front. Oh. Do you see it now? I do see I do see your. Your command line. Okay. You see, is it is it green on on a black background. Yeah. Yeah, I do see it. Okay. All right. I guess we're good. We okay? Okay. Well, thanks for jumping in there, and hopefully everybody can see this. So just in case you can't, what I'm looking at is a is an output that looks very similar to the one that you saw on my Kali Linux machine. I see there are several ports that are open. But this time what's different is I see Linux five point x, so using this tool using Nmap, we were able to enumerate that operating system, but now we know the the general range of Linux that is being run on that system. So that's fantastic. So now I have a much better picture of what ports are open, what services are being run on those ports and now the operating system that's actually running on that machine. So think about this. That shows us Nmap is way more than just a basic port scanner, right? It's not just about open ports or pinging devices. We can go a lot further with Nmap. I'm going to back up just a second. Hey, Brad, are you able to see my Kali Linux command line again? Do you see it? Yes. Okay. Just want to make sure that everybody's following along, okay? And everybody can see it. And of course, everybody's having a good time. That's what matters. Okay, now let's go even further. Now, something about Nmap that is tremendously powerful is it's not just about the switches. It's not just about running a stealth scan or a full connect scan or doing these types of things. I mean, these are great, right? If I if I want to set a port and I want to do a set just port 80, port 443 port, whatever, I mean, I can create very interesting customized scans within Nmap. Absolutely. However, let's talk for a moment about Nmap scripts. Now the scripting engine comes built in with Nmap. Nmap can run scripts and there's several that are basically built in. So what I'd like to do is point your attention. I'm just going to change over to another terminal window that I have here. And if I navigate. Sorry everybody. Let me just minimize this. Now, if I navigate to slash user share and map scripts, if you're on Kali, that's going to be where that's located. If you're on Windows, usually it's in program files and map scripts or somewhere. If you don't have to dig around too far to find it. But if you do go to this part of the default and install for Nmap, let's just list this out. You're going to notice there's a lot of different scripts that by default are added. So these already come pre built and I'm just thumbing through some of them right here. So there's a lot of different scripts that I can possibly run. Now. What are all these scripts do you what are the what's the point of them? Well, let's go and dig a little further. You can see down here there's one that's called Banner. Let's go ahead and look at that one for just a minute. Now, if I just cat that out, banner.nc, we can actually take a look at the Lua code that goes into running that script. And if we're code people, then we can just go ahead and dig through here ourselves. But one thing that I like to do is just go to the very top of the the banner script itself, and then I get a description. So it tells me a simple banner grabber which connects to an open TCP port and prints out anything sent by the listening service within five seconds. Okay. So that's just a very simple banner grabber for an open service. That's interesting. So let's do it. Let's go ahead and run that one and just see what we get against our server. Okay? So what we're going to do is I'm going to go ahead and just do sudo again and map this time. I'm going to go ahead and say dash dash script and let's just run banner. Okay, close my my comment there or my quote and scan me nmap.org. Okay so I can run that banner and it's asking me for my little guy. There we go. Let's go and run this. So. So what's happening under the hood here is we're, we're scanning scan me and when we do get an open port number, it's going to put that in a list. After that, it's going to turn around and it's going to send a request to that service to find out what kind of response do we get. Okay. So right here, we saw a couple of them. We do get a banner from SSH 2.0 Openssh. This is a response that comes back from that server when we hit on that port down here. We also have a bit more from this ping echo. We can see we got some shell code here that was responded to. Kind of interesting to capture on the wire with Wireshark as well, just to see what's going on there. So that's just a basic banner script. We knock on the door, we ask the server, Hey, what's going on? And it sends us back a little bit of stuff. Okay, great. So we can see we're digging a little bit deeper into Nmap capabilities using these scripts, but what else can we do? Well, I'm going to go ahead and come back to scripts and what we're going to do is I'm just going to list out how about FTP? Ap and I just give it that wild card. So when I have an FTP service, the FTP Anon script is really nice to run. What that does is it knocks on the door of FTP, establishes an FTP connection to that server and then it tries to log in with an anonymous username because that's a default username on a lot of FTP servers. Right. Instead of having a full complete legitimate username login, I just try to hit it with anonymous. Now if that works. Uh oh. Right. I have an FTP service out there that's not locked down very well. It's allowing anonymous logins. That's the kind of thing that, you know, without our knowledge of it under the hood that could be running on an Iot device, it could be running on that old printer. It could be we have smart ceiling and all these smart LEDs up there that are phoning home to some control system and oh, whoops, We were never even aware that they had an FTP server on there and we weren't aware that it did. An anonymous accepted an anonymous login. So right there, that's going to be an interesting one. How about FTP brute? What this does is allows us to try to brute force a login and password. So several common usernames and passwords that could be open by default or that have low security admin, admin, admin, password, admin administrator, those kinds of things. So that again, that's going to let me further enumerate my system. All right. I've got a few other ones here. Let's, let's see what other interesting ones we can run. By the way, in the background over here, I'm actually going to start another scan and I'm going to let this run while we're speaking. Just going back over to my other root system here and I'm just going to run sudo. End map. There's one type of scan that does several different scans. It's kind of like a super scan, if you will, and it's called an aggressive scan. It's a dash A so I'm going to run this against scan median nmap.org and I'm just going to put that in the oven and let it cook while we're talking about these other scripts. Okay. All right. So I'm going to let that run and I'm going to turn your attention back to Carly. So now we are going back to Carly. We're taking a look at some additional scripts. Okay. So what other ones do we have here? Some interesting ones. How about some Http scripts? So here we got a bunch of different Http scripts. Okay, so let's look at some of these ones. So here are some common ones that I like to to use. So how about Http authorization? So http bruit, do we have any low hanging fruit there that we can use to log into a system that's not locked down very well? Another one that I like, Http enumeration on, so let me actually show you the description for that one. If we do cat http dash enum dot NSC and if we come up here and look at the description for what it does, right, this is part of the thing that's scary about Nmap, right? You think, Oh, I'm not a Lua guy. I don't know a whole lot about Lua. Don't worry about it. It's okay. We can just come up here and we can just take a look at our description. This enumerates directories used by popular web applications and servers, kind of similar to nicto. That's another cybersecurity tool that we can use to enumerate a web server. Find out, for example, if I have a printer out there that's that's running that that web service. What kind of directories does it have? Is there is there slash images? Is there slash admin? Is there slash pictures? Is there slash whatever? So I can find out further what kind of directory structure is there and what kind of files are in those systems. Okay. So say Chris, pardon me, this is Brad. Real quick. I want to let you know we're 25 minutes to the hour. And you know, you've got about ten minutes left. And perhaps given the depth of this, you know, the the subject here, do you want to maybe talk about your Udemy course a little bit and where some of these other resources might be available for those interested to dig a little deeper? Chris 100%. Thanks, Brad. And also I'm about to pivot over and show how this gets a whole lot easier with the CyberScope. Okay. So great. So yeah, so like Brad mentioned, we're we're digging pretty deep in the weeds already with Nmap. And if you want to get more out of Nmap and learn more about it, I do have a course, a full course on it out there in Udemy Udemy.com. Look at Nmap and hopefully you'll find it's one of the top ones. It was released a few months ago and it popped to bestseller, so I'm real happy about that. So hopefully you find it useful if you want to dig a bit further in Nmap. We definitely cover all of these things and more and learn really how to how to use Nmap in a in an efficient way. Going back to my other screen over here and I'm about to pivot over to to CyberScope in just a second. So with my aggressive scan, I was able to actually sorry about that. Just looking at this host seems down if it's up. Oh, I think it might be blocking us for a minute. Sometimes when you over scan scan me, it says, wait a second. Hang on. Who are you? And then a few minutes later you're able to further enumerate it. But tell me what what I'm going to do is I'm going to just go ahead and minimize this for a moment. We're going to come over and I'm going to pivot over to the handy tool CyberScope. So everything that I just threw at you was a little intentional. It was a lot. It was a lot to dig through, a lot to comb through switches. How do we do this operating system thing? How do we find vulnerabilities on systems? That is what CyberScope is designed to make much easier on us. We can carry it around. As Dan mentioned, it's portable, it's rugged, it's handheld. But now while we're out there, we can quickly run ourself or enable someone else to run for us some common Nmap tests. So like the ones that you see here, if I first go back to CyberScope, we can see that Nmap itself is its own app that we can open, but Nmap functions are also hooked into some other features of CyberScope. So the auto test, the discovery. So it's not just a standalone app, it's not like a this is just a different tool and oh, here's Nmap installed. No Nmap has hooks into these other features of the discovery of what CyberScope is designed to do. But let's go ahead and first start with Nmap. So one thing that I've heard from the industry is Nmap can be difficult when we're trying to collaborate, right? If we have a whole team of network engineers that are walking around and doing things, running tests, how do we make that easier? Well, with Nmap, what we can do these tests is we can pre basically pre configure these things. So actually let me go into just top, top 100 ports. So what I can do is I can create a test, create a name, give it the options that I want to run. So in this case, this is going to be a full connect scan, start dash dash, top dash ports 100. So Nmap is going to just do that. That list of ports that it prioritizes. We've been running 1000 port tests. Now let's do the top 100 of those. Okay. Also, I can come down here and I can say results, whatever results specific that I'm looking for, if there's any. For example, if there's a port open, a port close, go ahead and have that pop out in the results. So that's where I can come up and I can just have an individual say test and then start and boom, they don't have to do the configuration. They don't have to remember the command. They don't have to do much else other than just hit that run, right? So it'll go out there, hit that run form for me, and then I can scan that device. Okay, great. So this is wonderful. It makes it a bit more easy. But not only that, CyberScope also has links into the link live service. Now Link Live is basically it's in the cloud and it's in a cloud environment or we can even host it locally. But basically what it allows me to do with the CyberScope is this result can automatically be sent to link live where someone else it can either be saved there or if I'm collaborating with someone else, they can help me to interpret this scan activity so I can link live allows me to access these test results so they're not just physically on the handheld device, it's being exported out to link live so that again, it can either be searched, stored, collaborated with and allows a team to be able to interact with tools like this. So this is just one test. Let me back up again and I'm going to kick back over to Nmap test. There's a few others that are here that are pretty interesting. Let's go ahead and just do Http password auditing. So here I can see that there's a script that's being run and that's called Http brute and results down here if I want to comb through those. But this is where I can just come in and I can just hit test. So backing up to Nmap as a whole. So what this does is it allows me to pre-build tests and put them in the hands of technicians where they can just go tap a button and boom test runs and those, those results can be exported and saved to link live. How does this help me? It makes testing a whole lot easier. We don't have to worry about lugging the laptop around and we don't have to remember those switches. Instead, we can build those all into the Nmap testing. Okay. I'm going to pause for just a moment, Brad, and I think this is when I was supposed to back up a minute and check for any questions. How are we doing so far? You know, we've had, you know, some specific questions dealing with some of the command structure itself, Chris. And there's also been some questions about, as you know, we have a number of handheld tools here at NetAlly about like different just between nxg and and CyberScope, for instance either Etherscope, Nxg and CyberScope. I don't know. I don't want to break your train of thought though, so perhaps we could address those questions in about four minutes. Sure. Yeah, no problem. We can do that. So I'll go ahead and continue with a bit more of a demo and we'll get over to those. All I got to shut down my screen sharing to be able to see them. So yeah, we'll move over to those in just a moment. Okay. So. Nmap. Now, how else does Nmap integrate with the CyberScope? Okay, so let's actually come on over here to auto test. Now, if you've had another net tool, there's another one called the Ether Scope and it's been around for a bit. It does network discovery. We can pre-build auto tests that allow us to move into a connection, wired or wireless. And we can check to see if that connection is active. Can we get out to the Internet, do a basic port scan, do some very simple types of of network tests. But where this goes up a notch with the CyberScope is that we're we're able to include the Nmap feature to it. So just looking at one test here, I've got a few tests that are run down here at the end of my test. Let me just see if I can scroll here. There we go. Okay. So in this case I'm just checking to see if I can get wireless, if I can connect to a wireless AP, we go out the gateway and then at the bottom. Sorry everybody, my navigation isn't. Being super helpful on me. Okay, there we go. Now, we can also additionally run these tests as a part of our one click auto test. So you see down here at the bottom graded ports scan mindmap.org http password auditing top 100 ports. So if I come up here and I just say start, those tests are going to automatically run for me as a part of the auto test. So that's where we can see one of the places that we have links from Nmap into the general discovery capabilities of the CyberScope. So how does this help somebody? Well, this means that as they're walking around or as they're doing testing on physical connections or wireless connections, we can add that additional feature of all the way up to Nmap scripting on a one touch kind of basis on an auto test kind of basis. And again, all of these results can be exported out to link live for storage or collaboration with other team members. Okay, I'm going to back up from there. You know what I'm going to do, Brad. I'm going to go ahead and end my screen share for just a moment. You mentioned a couple of questions had come in. So did we want to take one of those? Yeah, sure. Here's one that just popped in and you kind of alluded to it, but perhaps you and or Dan could dig in a little bit. Can the results of these these scans and tests be put to the cloud or in other words, can they be uploaded to link live? Maybe you could speak to that. And the answer, of course, is yes, but maybe you could speak to the power of doing that. Sure, Absolutely. And maybe I'll start with it. And Dan, if you'd like to to kick in as well after I do a basic overview. So that's that's exactly what the link live service is, is that cloud based area where we can store, search or collaborate on test results. So that means that I don't just have results sitting on one analyzer at one point in time and then, oh, I go to the next connection and I hit test and that former test was is now gone. What this does is it allows me to to do that that analysis and validation of my environment and actually have that stored. So yes, that's that's the cloud integration. Dan, if there's anything you would add to that? No, you've got it. Chris That's exactly right. And the other part about the the cloud connection with the tool, just like with our others, is it does allow remote control or remote access. It's a single session. But if you have a centralized, say, centralized cybersecurity expert who wants to understand or help smart hands out at a remote site, the user can actually connect to that CyberScope in the remote site via the cloud. So it's a way of kind of virtually looking over the shoulder of a tech that you have out at a remote site doing the work for you. Great way to help do collaboration and actually kind of kind of see for yourself what's occurring out at that site. Nice. Very good. Yeah, I agree with everything Dan just mentioned, and I think that collaboration is such a powerful part of it for sure. Hey, Brad, did you have another question or did you want me to start? Let's just see it real quickly. Just also, maybe you could speak, both of you, to the kind of like the specific target market and user that CyberScope. Chris, where do you kind of see that fitting within an organization as opposed to, you know, some of our other great products like Etherscope Nxg where where do you see a typical use case and or users of this product compared to something like the Etherscope? I think that's a great question. So two things. For one, it's the making Nmap more accessible to more people. So a lot of network engineers, I think are realizing these days that just doing network engineering as an isolated silo by itself, that's kind of fading into the background. Now more and more network engineers are realizing, Hey, we got to get into security. So not just building the speeds and feeds, but protecting our systems. So it used to be, oh, that's just the security guys. But now everyone is in cybersecurity or everyone should be have at least a foot in that side of the house. So what I think CyberScope can do is it can help to enable someone like a network engineer that might be used to just walking around and sending a few pings out for them to be much more capable and efficient and helpful to finding vulnerabilities, finding systems that need to be hardened or patched and reducing our our our threat footprint. Right. Is to certainly say, Chris, you're a you're a poster child example of that. You've known Wireshark for a long time, let's just say. And now I remember talking to you the last couple of years, Nmap has come more and more. You know, the whole cyber security has come more and more kind of encroached into your world, so to speak, correct? Oh, 100%. I mean, again, if we're just meeting go, definitely go check out my YouTube channel. You're going to see a lot of information about packets, about Wireshark. I mean, I'm wearing a t shirt that says packet head. So I mean, in the last few years, Brad, my clients who used to just call me and say, Hey, it's slow, Hey Chris, here's a Pcap What's wrong? Now more and more what they're doing is they're coming to me with here's, here's several gigs worth of data on my network. Have I been compromised? Is there any anything that looks funny or weird or is there any threats that we can find in this traffic stream? So for me, I've professionally pivoted much more into that space blue teaming, helping people to to find threats. And that's why Nmap has become such an important tool. So now we can know what ports are out there, what is active, Because what I just showed you, if an attacker got access to your system, which primarily to this day is still primarily done through phishing, and if they don't get physical access, I mean, that's a very common way. That's why we always get so many reminders about our emails and don't click the link and don't open the app and those kinds of things. They do get that access and they can gain access to your system. They're going to want to know what the environment is like. They're going to use Nmap or a similar scanning tool to do so. So we want to do that first. So that's what the CyberScope helps us to do. Great. Thanks, Chris. Dan, maybe you want to add a little bit to that. Just in terms of kind of a NetAlly process, CyberScope the market needs and, you know, your many years experience on net. Maybe you could kind of also speak to to to the market and so forth. Yeah, sure. You know, really, we've designed the CyberScope to be as far as you know, new users to NetAlly would be anyone involved in security operations in organizations where there is more of a segmentation between it and InfoSec. It would be the security operations boots on the ground that would be the users for CyberScope. And they face some of the same challenges that we do in network engineering about having visibility into the sites, the ability to ship a tool, for example, to a remote site for an infosec technician or engineer to be able to then connect to that tool remotely and be able to conduct scans and discovery from that point of view. The other key thing for those who are not familiar with the NetAlly technology is when we look at some of the best practices for site assessments and security audits, the creation of an up to date network topology map is frequently one of the key steps that is mentioned by pretty much anyone you talk to who talks about doing security auditing. And fortunately, in addition to the ability to execute an Nmap scan as part of discovery, the discovery data itself can be pumped into link live where we can automatically generate an up to the minute accurate network topology diagram. So the ability to go into that site, do a discovery from within the site, create a discovery diagram that says here are all the devices that are present as of tremendous value and a tremendous time saver. Additionally, some of the wi fi analysis capabilities are directly applicable to security auditing, and that would be to do a quick walk of a site using the air mapper site survey function. If you're doing a survey for the purpose of security, not necessarily wi fi performance, a quick sampling of a handful of sample sample spots in a site will give you visibility of what Wi-Fi devices are present. We've also created the ability to generate a Wi-Fi client survey. Now, why that's important for cybersecurity audits would be the identification and location of perhaps a hidden device. You know, we all know that Wi-Fi devices, you know, are mobile devices, phones, tablets, whatever. We're our mobile. But the device of concern with respect to security would be the device that someone has planted, like inside of a ceiling tile, inside of a cabinet, under a desk, somewhere plugged into perhaps a power over Ethernet port. So a little Raspberry Pi just sitting on the network, listening, watching, executing scans. That device can be found and located on a heat map using the client survey. So a couple of other key capabilities relative to our core technology in the deployed tool. Great. Thank you both very much. We're kind of approaching the top of the hour. Perhaps we should get to one last important part of this webinar. Chris, we talked about this at the start. We have to announce a winner of a CyberScope. And so we're going to do this through a random process, just a drawing of all the folks who attended today. And again, thanks to all of you. And so, Chris, I'm looking for a number, Chris, between 1 and 700 and No. One can't be 42. I'm just joking. Reference to Hitchhiker's Guide to the Galaxy. I'll pick a number between 1 and 700, please. Two between 1. And 1 and 700. That's correct. Okay. Well, why don't we go with a hello? Well, you know me. I'm a packet guy, so let's go with a common port number. How about. How about good old port 80? Nice reference. Okay, sure. Well, let me just. Let me look this up. I have to go through my little spreadsheet. That would be 80. That would be. Congrats relations to Matthew Haston congratulations. We'll be reaching out to you, Matthew. Congratulations. You are the winner of a CyberScope. And we'll get we'll reach out to you and figure all that out. But thank you, Chris. I love that obscure Port 80. That's a nice, you know, for anybody, not in a networking world, that would be like, huh. But I certainly get it. And I'm sure everybody on this call does. So any closing comments, gentlemen, either one of you? There is a couple other questions. You know, they had to do with, you know, Dan and Chris had to do like the scripts available on CyberScope and, you know, are there any limitations And Dan, maybe you could speak to that. My understanding is, is that this tool is designed to execute nearly any Nmap command, either predefined scripts and or ones that you can create, correct? Yeah, that's correct. And in fact, that's another integration through Link Live is the ability to create scripts on your own and then those can be uploaded to link live and then pushed to the CyberScope by way of link live. So there's a connection to the tool in that manner that if you have a CyberScope out at a remote site, you want to create a specialized script for that particular tool that can be pushed down to the tool through link Live makes it very easy and simple for script distribution and to address directly. There have been a number of questions about the the the relationship between and or similarities between CyberScope and ether scope. As we pointed out, the CyberScope is indeed built on the ether scope platform and shares all of the same apps with the addition of those Nmap integrations and also the what we call the controlled edition features on the previous plat version of the ether scope, which was the ether scope 200 model that we were shipping up until mid last year. We had a version called the Sea, the Controlled edition, and that was for use in highly secure environments where even the analysis tool itself by policy was not allowed to have certain capabilities. For example, in some federal agencies, a deployed tool that's capable of packet capture is simply not allowed. So the CyberScope, in addition to being a tool for doing cyber security investigations, is also a tool for doing network analysis in highly secure environments. So that additionally is one of the key differences between the CyberScope and the ether scope 300. And at this time, the only way to get the CyberScope capabilities is through the CyberScope platform, an upgrade, a software upgrade or other upgrade path right now is not available for ether scope. We'll see if that changes in the future. Great. Thanks. Dan, would you mind sharing your screen? Dan I just wanted to have the contact information so that people can kind of do a look see at that because there were additional questions that were not able to get to. And I just want to let you know that we will, you know, the contact information that Dan will be sharing just now in a minute includes both our emails, both Dan and myself. And so feel free to reach out to us if you have additional questions or more questions. And it's you know, we're just really excited about the product. We had a great turnout at the RSA event in San Francisco. And on behalf of Ned, I want to thank you, Chris. It's always great working with you, Chris. You're such a knowledgeable person. And to bring the packets in together to really show the value of the two in CyberScope is fantastic. Thank you, Dan as well to answering all those difficult questions. And again, Dan and I stand ready to to help and connect with you and determine whether CyberScope is the right tool for each and everybody on this call and beyond. So thank you for attending. And I'll leave the contact information. It should be displaying right now that has Chris's Twitter handle and contact information for Brad and myself. And if you'd like to contact Net sales team, if you're interested in finding out more information about CyberScope sales at net Alaikom, they'd be happy to help you. Thank you, everyone. This concludes today's webcast. Thanks for joining.
