Nmap/Short Course: Difference between revisions

This short course consists of 12 short lectures in 3 modules, with each module building on the last. Lab scenarios will be integrated throughout.

Module 1: Nmap Mastery - Beyond the Basics

Module Theme: Deep dive into Nmap's core scanning methodologies, output interpretation, and performance tuning.

Lab Integration: Students will begin initial reconnaissance on all three lab scenarios using the techniques learned in this module.

• Nmap/Short Course/Lecture 1 - Precision Host Discovery & Initial Sweeps
• Nmap/Short Course/Lecture 2 - Advanced Port Scanning Techniques & Service Probing
• Nmap/Short Course/Lecture 3 - OS Detection, Output Formats, and Scan Comparison
• Nmap/Short Course/Lecture 4 - Optimizing Nmap: Performance Tuning & Firewall Evasion Basics

Module 2: Red Team Nmap - Offensive Recon & Vuln Identification

Module Theme: Leveraging Nmap for offensive security tasks, focusing on deep enumeration, vulnerability discovery using NSE, and mapping attack paths.

Lab Integration: Focus on applying offensive Nmap techniques within the ICS Penetration (Scenario 2) and Web/Cloud Audit (Scenario 3) labs.

• Nmap/Short Course/Lecture 5 - Introduction to the Nmap Scripting Engine (NSE)
• Nmap/Short Course/Lecture 6 - NSE for Vulnerability Discovery and Service Enumeration
• Nmap/Short Course/Lecture 7 - Advanced NSE Usage & Nmap for Exploitation Support
• Nmap/Short Course/Lecture 8 - Nmap in Penetration Testing: Pivoting & Internal Recon

Module 3: Blue Team Nmap - Auditing, Defense & Network Monitoring

Module Theme: Employing Nmap for defensive security, including network auditing, change detection, compliance verification, and informing defensive strategies.

Lab Integration: Focus on applying defensive Nmap techniques within the Corporate Network Audit (Scenario 1) and using data from all scenarios for defensive analysis.

• Nmap/Short Course/Lecture 9 - Network Auditing & Inventory with Nmap
• Nmap/Short Course/Lecture 10 - Compliance, Policy Verification, and Rogue Device Detection
• Nmap/Short Course/Lecture 11 - Integrating Nmap with Defensive Tools (Wireshark, Snort/Suricata, SIEM)
• Nmap/Short Course/Lecture 12 - Detecting Scans, Defensive Strategies & Course Capstone

Lab Scenarios and Labs

There are 3 scenarios that are covered in each lab. There is one lab for each lecture.

Here are the lab scenarios:

• Scenario 1 (Blue Team): Navigating, mapping, and auditing a corporate network with various laptops, desktops, printers, and office equipment connected to a few public and private subnets

• Scenario 2 (Red Team): penetrating an pivoting inside of an industrial control system network

• Scenario 3 (Web and Cloud Audit, Hybrid Red/Blue): Investigate an organization's publicly accessible web services and a small, simulated cloud environment (a few instances representing common services like servers, APIs, and storage). Red team will attempt to use nmap to identify exposed services, pinpoint versions or technology, and find security misconfigurations. Blue team will attempt to use nmap to verify only intended ports and service are exposed, audit for known vulnerabilities, identify services that are out of compliance with security policy, report findings and make recommendations.

And here are the labs:

• Module 1:
  • Nmap/Short Course/Lab 1
  • Nmap/Short Course/Lab 2
  • Nmap/Short Course/Lab 3
  • Nmap/Short Course/Lab 4

• Module 2:
  • Nmap/Short Course/Lab 5
  • Nmap/Short Course/Lab 6
  • Nmap/Short Course/Lab 7
  • Nmap/Short Course/Lab 8

• Module 3:
  • Nmap/Short Course/Lab 9
  • Nmap/Short Course/Lab 10
  • Nmap/Short Course/Lab 11
  • Nmap/Short Course/Lab 12