WEBVTT 00:06.980 --> 00:12.320 Now we're scanning and mapping entails the identification of devices, systems, application and segments 00:12.320 --> 00:13.340 within our network. 00:13.370 --> 00:17.810 This goes through and it utilizes different tools to identify different services. 00:17.810 --> 00:21.860 These services can include things like SSH but not just SSH. 00:21.890 --> 00:24.200 What version of SSH are we running? 00:24.200 --> 00:26.300 Are we running windows operating systems? 00:26.300 --> 00:28.580 If so, what operating system version are we running? 00:28.580 --> 00:30.170 Are we running a service pack? 00:30.170 --> 00:35.510 If we can identify the different services and applications utilized within our network, we're better 00:35.510 --> 00:38.720 prepared to protect those different software tools. 00:38.720 --> 00:42.590 I want you to imagine that you're using an entire network, and you're in charge of this network of 00:42.590 --> 00:44.270 over 1000 clients. 00:44.270 --> 00:48.950 There's no way that you can know every single client that's operating on your network. 00:48.980 --> 00:55.400 You can go through and determine, hey, I'm running Windows 10 PCs across the entire network, but 00:55.400 --> 00:56.600 yeah, it's Windows 10. 00:56.630 --> 01:01.790 What version or what software pack are you utilizing Are all of them using Microsoft Office? 01:01.820 --> 01:07.410 Are you using some Adobe Acrobat, maybe a little bit of Firefox over here and Chrome over there. 01:07.410 --> 01:12.840 It's important to understand what applications am I using across my network, across the different PCs 01:12.840 --> 01:14.010 on my platform. 01:14.010 --> 01:19.020 By understanding the different applications, we can better remediate the flaws and vulnerabilities 01:19.020 --> 01:20.370 associated with those. 01:20.370 --> 01:24.630 We don't want to pay attention to different vulnerabilities or flaws that have nothing to do with our 01:24.630 --> 01:25.230 network. 01:25.230 --> 01:30.570 If there's no installed Microsoft Office across any of our machines, there's no reason to patch for 01:30.570 --> 01:31.740 Microsoft Office. 01:31.740 --> 01:36.300 Now, obviously, we're probably going to use Microsoft Office across most of our network, but we need 01:36.300 --> 01:41.820 to understand when it comes down to it, what do I really need to concentrate my efforts on as far as 01:41.820 --> 01:42.870 services go? 01:42.900 --> 01:44.730 How are my networks set up? 01:44.730 --> 01:46.980 Are they segmented in specific ways? 01:46.980 --> 01:51.090 I ran into a network where they had the entire operations department on one Vlan. 01:51.120 --> 01:55.350 The HR department was on a different Vlan, and you get kind of get the point they had. 01:55.380 --> 02:00.540 Each department segmented off into its own Vlan, and within each Vlan, they were able to identify 02:00.540 --> 02:04.590 what operating systems they were utilizing within that, within that Vlan. 02:04.590 --> 02:09.420 Within that Vlan, they identified the subnet, they identified the operating system. 02:09.420 --> 02:13.540 And then they were able to identify what software versions and what applications were running. 02:13.540 --> 02:16.480 This provided a more efficient networking across the board. 02:16.510 --> 02:22.180 Angry IP scanner provides users with a lightweight, fast and straightforward network scanning solution. 02:22.210 --> 02:27.190 This is available across many platforms including windows, Mac and Linux, and it prevents a range 02:27.190 --> 02:29.980 of features designed to streamline the scanning process. 02:30.010 --> 02:36.100 It identifies certain things like what IP address I'm operating on, if there's specific, uh, hostnames 02:36.100 --> 02:36.820 or ports. 02:36.850 --> 02:41.980 It even detects different web applications that may be running on those specific IP addresses that are 02:41.980 --> 02:42.940 associated with it. 02:42.970 --> 02:48.190 It also provides us an output file such as CSV, text, XML, or even HTML. 02:48.220 --> 02:54.850 Overall, angry IP scanner provides us a GUI based scanning solution that's very lightweight, fast, 02:54.850 --> 02:57.250 and appreciative across many different platforms. 02:57.280 --> 03:02.290 Maltego is a versatile tool utilized for information gathering, network scanning, and mapping. 03:02.290 --> 03:08.410 It provides us visualization for the tool from an outside perspective, meaning that it utilizes open 03:08.410 --> 03:11.980 source intelligence to gather data about our network. 03:11.980 --> 03:16.450 If we have something hidden deep inside of our network and it's properly fortified or defended. 03:16.480 --> 03:21.840 Maltego is most likely not going to be able to find it, but it does provide us that outsider viewpoint. 03:21.840 --> 03:23.520 What is the attacker looking at? 03:23.520 --> 03:26.520 How can they see what's going on inside of our network? 03:26.550 --> 03:32.910 It uses data mining and aggregation to provide different patterns and interconnected, uh, versatile 03:32.910 --> 03:35.340 segment to really kind of outline. 03:35.340 --> 03:37.470 Hey, this is what the attacker can see. 03:37.500 --> 03:40.650 Maybe I should protect my features a little bit better. 03:40.680 --> 03:47.070 Now, Maltego goes way beyond just scanning for network segments within our within our enterprise environment. 03:47.100 --> 03:49.020 It goes into social engineering. 03:49.020 --> 03:52.380 It provides us some, uh, open source intelligence gathering. 03:52.380 --> 03:57.060 It provides data enrichment capabilities and collaborative features based on different plugins. 03:57.060 --> 04:02.820 Those plugins can go anything from looking at Facebook and LinkedIn to going through Google. 04:02.850 --> 04:04.950 It just provides a plethora of tools. 04:04.950 --> 04:10.170 We can literally spend an entire day just talking about Maltego and all its features, but what you 04:10.170 --> 04:15.600 really need to understand when it comes to Maltego for Sisa is that it has the ability to look at an 04:15.600 --> 04:21.240 outsider's perspective into our internal network, and it does more than just providing network mapping 04:21.240 --> 04:22.110 and scanning. 04:22.110 --> 04:26.220 It goes beyond that, providing open source intelligence gathering techniques.