A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Nepenthes: Netpens With Less Pain - Andy Schmitz (Circle City Con 2015 Videose 2015) (Hacking Illustrated Series InfoSec Tutorial Videos)

Nepenthes: Netpens With Less Pain
Andy Schmitz

Circle City Con 2015

Network penetration tests can be difficult, particularly at scale. This talk introduces Nepenthes, an open-source tool for network penetration tests. It has a focus on external tests with many hosts, particularly in web-heavy networks. Nepenthes can manage network based scans in parallel, from grabbing SSL information and taking screenshots to nmap scans. It allows for off-hours scans, from anywhere around the world. Scans can be performed from as many hosts as desired, including public clouds. Nepenthes makes it easy for multiple people to collaborate, with easy access to information. A flexible worker system and easy Rails extensibility make Nepenthes easy to modify, as has been done frequently at [employer name redacted in submission]. These features are usually included in future tests to make the experience even better. This presentation will be a brief tour of the reasons for Nepenthes' existence (the need for a high-capacity scanner that combines data from different tools), its features, a demonstration, and information on how to get, install, and extend Nepenthes. The talk will assume some familiarity with external network penetration tests, but no specific knowledge is strictly necessary. While Nepenthes is the focus, this talk should give additional resources for all netpens, with and without Nepenthes.

Bio: Andy is currently a security consultant with NCC Group. He has years of experience in secure software development, research, protocol design/analysis, and system design/administration. Before NCC Group, Andy has worked with groups from Fortune 100 companies to small startups, developing applications and performing tests.

Back to Circle City Con 2015 Videos list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2016, IronGeek
Louisville / Kentuckiana Information Security Enthusiast