Posts Tagged ‘Scripting’

Black Hat USA 2010: Mastering the Nmap Scripting Engine 3/5

Speakers: Fyodor, David Fifield Most security practitioners can use Nmap for simple port scanning and OS detection, but the Nmap Scripting Engine (NSE) takes scanning to a whole new level. Nmap’s high-speed networking engine can now spider web sites for SQL injection vulnerabilities, brute-force crack and query MSRPC services, find open proxies, and more. Nmap includes more than 125 NSE scripts for network discovery, vulnerability detection, exploitation, and authentication cracking. Rather than give a dry overview of NSE, Fyodor and Nmap co-maintainer David Fifield demonstrate practical solutions to common problems. They have scanned millions of hosts with NSE and will discuss vulnerabilities found on enterprise networks and how Nmap can be used to quickly detect those problems on your own systems. Then they demonstrate how easy it is to write custom NSE scripts to meet the needs of your network. Finally they take a quick look at recent Nmap developments and provide a preview of what is soon to come. This presentation does not require any NSE experience, but it wouldn’t hurt to read For more information click here (

Speakers: Meredith L. Patterson, Len Sassaman One of the most difficult aspects of securing a protocol implementation is simply bounding the scope of the attack surface: how do you tell where attacks are likely to crop up? Historically, variations between implementations have led to some of the most successful attack techniques — from simple TCP “Christmas tree” packets to last year’s multiple break of the X.509 certificate authority system (by these speakers). But without access to all the relevant source code, how can developers identify potential sources of exploitable variations in behavior? In this presentation, we go beyond the accumulated wisdom of “best practices” and demonstrate a quantitative technique for minimizing inconsistent behavior between implementations. We will also show how this technique can be used from an attacker’s perspective. Last year we showed you how to break X.509; this year, we will show you how we found those vulnerabilities and how the same techniques can be used to discover multiple novel 0-days in any vulnerable protocol implementation. For more information click here (
Video Rating: 5 / 5

    Diamond Dave is the owner and site coordinator of (BHW). Most webmasters and internet marketing experts know and follow all the latest Search Engine Optimization (SEO) techniques on the internet at BHW. In fact, Blackhat World is not only the #1 website on the internet for cutting edge Search Engine Optimization methods it is the No 1 "authority" site. Some of the topics discussed on BHW include but are not restricted to: Outsourcing, Blogging, email marketing, Social Networking, Google Adsense and Google Ad words, hiring freelancers, webmaster tools and many more categories and subjects of interest. In addition, BHW is a great resource for beginners (newbies) and seasoned veterans.