Nmap/Short Course
From charlesreid1
This is a 12-part short course on advanced nmap topics, intended for cybersecurity professionals. The course consists of 12 short lectures, with associated labs for each lecture (multiple scenarios for each lab). Each module builds on the last.
Contents
Lab Scenarios
There are 3 lab scenarios that map to the 3 modules of the course.
- Scenario 1: Web and Cloud Audit (Hybrid Red/Blue Team): Investigate an organization's publicly accessible web services and a small, simulated cloud environment (a few instances representing common services like servers, APIs, and storage).
- Scenario 2: Industrial Control System Network (Red Team): (TBD)
- Scenario 2 (Alternative): Casino Floor Network (Red Team): Network with a few desktop machines, and many, many small connected devices
- Scenario 3: Corporate Office Environment: Navigating, mapping, auditing corporate network with various laptops, desktops, printers, office equipment, and servers connected to private subnet
Module 1: Nmap Mastery - Beyond the Basics
Module Theme: Deep dive into Nmap's core scanning methodologies, output interpretation, and performance tuning.
Lab Integration: Students will begin initial reconnaissance on all three lab scenarios using the techniques learned in this module.
Lectures:
- Nmap/Short Course/Lecture 1 - Precision Host Discovery & Initial Sweeps
- Nmap/Short Course/Lecture 2 - Advanced Port Scanning Techniques & Service Probing
- Nmap/Short Course/Lecture 3 - OS Detection, Output Formats, and Scan Comparison
- Nmap/Short Course/Lecture 4 - Optimizing Nmap: Performance Tuning & Firewall Evasion Basics
Labs:
Module 2: Red Team Nmap - Offensive Recon & Vuln Identification
Module Theme: Leveraging Nmap for offensive security tasks, focusing on deep enumeration, vulnerability discovery using NSE, and mapping attack paths.
Lab Integration: Focus on applying offensive Nmap techniques within the ICS Penetration (Scenario 2) and Web/Cloud Audit (Scenario 3) labs.
Lectures:
- Nmap/Short Course/Lecture 5 - Introduction to the Nmap Scripting Engine (NSE)
- Nmap/Short Course/Lecture 6 - NSE for Vulnerability Discovery and Service Enumeration
- Nmap/Short Course/Lecture 7 - Advanced NSE Usage & Nmap for Exploitation Support
- Nmap/Short Course/Lecture 8 - Nmap in Penetration Testing: Pivoting & Internal Recon
Labs:
Module 3: Blue Team Nmap - Auditing, Defense & Network Monitoring
Module Theme: Employing Nmap for defensive security, including network auditing, change detection, compliance verification, and informing defensive strategies.
Lab Integration: Focus on applying defensive Nmap techniques within the Corporate Network Audit (Scenario 1) and using data from all scenarios for defensive analysis.
Lectures:
- Nmap/Short Course/Lecture 9 - Network Auditing & Inventory with Nmap
- Nmap/Short Course/Lecture 10 - Compliance, Policy Verification, and Rogue Device Detection
- Nmap/Short Course/Lecture 11 - Integrating Nmap with Defensive Tools (Wireshark, Snort/Suricata, SIEM)
- Nmap/Short Course/Lecture 12 - Detecting Scans, Defensive Strategies & Course Capstone
Labs:
Notes for the Instructor
Nmap/Short Course/Running the Labs
Flags
