Penetration Testing with Nmap: A Comprehensive Tutorial
Covers the rules of engagement, network verification, layer 2, 3 and 4 host discovery, IP list creation, port states, default Nmap scans, and service and version enumeration scans.
This video is an in-depth tutorial on using Nmap in Penetration Testing.
It covers the rules of engagement, network verification, layer 2, 3 and 4 host discovery, IP list creation, port states, default Nmap scans, and service and version enumeration scans.
Additionally, it covers techniques for detection avoidance, including timing of scans, decoy scans, random host scans, spoofing MAC addresses, and fragmented scans.
The video also reviews Nmap script sources and shows how to perform SMB, FTP and other vulnerability scans, along with confirming vulnerabilities existence via Metasploit.
Finally, it provides an overview of defensive tactics and closing thoughts on Nmap use in network security. I hope you enjoy “Penetration Testing with Nmap: A Comprehensive Tutorial”
Agenda
0:00 Intro
1:38 Rules of Engagement
2:26 Network Verification
2:55 Layer 2 Host Discovery
4:27 IP list Creation
4:50 Layer 3 Host Discovery
6:30 Layer 4 Host Discovery
7:45 Port States
8:59 Default Nmap Scans
10:50 Specific Port Scan
12:43 Filtered Port Scan
14:15 UDP Port Scan
15:43 Service and Version Enumeration Scan
18:00 Operating System Discovery Scan
19:40 Detection Avoidance – Timing of Scans
21:34 Detection Avoidance – Decoy Scan
23:06 Detection Avoidance – Random Host Scan
24:17 Detection Avoidance – Spoofing Mac Address
25:31 Detection Avoidance – Fragmented Scan
27:06 Review of Nmap Script Sources
28:50 SMB Vulnerability Scan
30:35 FTP Vulnerability Scan
31:26 VULN Vulnerability Scan
34:40 Metasploit Vulnerability Exploitation
37:15 Defensive Tactics
37:52 Closing Thoughts
