Abstract

Introduction: This is a hands-on session that involves lot of scripting exercises, scanning, automation, challenges, understanding Nmap Script from a developers’ perspective, and building some NSE scripts that helps in real time enterprise assessment. If you were interested about Nmap as a portscanner, you would enjoy Nmap Script Development as well.

Agenda:

-Introduction to Nmap Script
-NSE Architecture
-Setting up Development Environment
-Dealing with Nmap Library
-Basic understanding of LUA
-Lua KungFu
-Customizing Existing NSE
-Building NSE for web scans
-Building NSE for DB scans
-Building NSE for Vulnerability Detection
-Building NSE for Exploitation
-Debugging & Exporting Options

Prerequisites:

-Basic understanding of Programming (any language)
-Willingness to learn new things
-Problem solving skills

Come with following:

-Kali Linux (VM instance preferred)
-Lua5.1 Installed in Kali Linux (apt-get install lua5.1)
-Metasploitable Linux V2 (VM instance)

http://sourceforge.net/projects/metasploitable/

Speaker

Sanoop Thomas

An experienced security consultant, researcher, trainer and enthusiast explore the limitless area of information security. He has been a seasoned trainer on multiple security subjects at Computer Society of India, and also delivered lot of corporate training to IT as well as Information Security professionals. His large interest is in doing more security researches and developments that helps in automating security testing, incident response as well as security intelligence processes. Sanoop closely works with trending malware programs, analyse newly evolving attack vectors, and works towards to detect and remediate such real world threats. He was a speaker at many events and conferences in and out of India including at OWASP India 2013, Nullcon 2015, etc.

Timing

Starts at Saturday July 18 2015, 10:00 AM. The sessions runs for about 8 hours.

Resources