Mastering in (mass)scanning
Presented by: Francisco Candia
Technological advances are a driving force for internet democratization. Everyday millions of devices are connected for a wide variety of purposes. From keeping track of exercise routines, to allowing international forces to receive real-time communication about the launch of an attack on an important target. Right now, petabytes of public data, from every device, can be potentially transformed into exploitable information.
Taking advantage of this scenario, projects like Shodan, ZoomEye or Spyse were created. They collect information about software and hardware connected to the internet, exposing extensive vulnerabilities over open industrial control systems, IoT devices, web servers among other systems. However, all these tools don’t allow custom scans to be performed with unique in-house plugins. How can such massive scans be performed in-house? For example, how can all the devices that are vulnerable to a certain attack in a specific country be listed?
This training will cover how to perform optimized massive scans, process data results and create rich information from it.
Topics:
Internet scanners
Protocols fundamentals
- Network components
- OSI layers
- Ethernet frame
- TCP headers
- UDP headers
- DNS headers
Internet Fundamentals
- ICANN & IANA
- Regional internet registers
- Segmenting IPv4 address space
- Domain lists
Metrics to consider before performing a scan
- Bandwidth
- Packets/seconds
- Open files in system
- DNS queries/seconds
- Connection timeouts
- Randomization
Network Challenges
- Local firewall
- Domestic router
- Neighbour network traffic
- National firewalls
(Mass)scanning benefits & setting goals
- Statistics
- Bug bounty programs
- Detect malicious activity
Tools
- Zmap
- Zgrab2
- Masscan
- Complementary tools
Common scenarios
- One request case
- N:M request case
- N:N request case
- Other cases
Building custom Mass scan tools
- Introduction to Go
- Write Zgrab2 extensions