Fyodor's Nmap Presentations

I (Fyodor) gave my first formal security presentation at CanSecWest in May of 2000 and have enjoyed speaking ever since. Security conferences are a great way to learn, network, and party with like-minded hackers. I've presented at many events, including Defcon, CanSecWest, Black Hat Briefings, IT Security World, Security Masters' Dojo, ShmooCon, IT-Defense, FOSDEM, SFOBug, Stanford University, George Washington University, and various corporate events.

Many of my presentations are listed on this page. Most of them only have slides available, which often don't provide enough context to follow the talks. Some of my newer talks (where noted) have video and audio recordings posted.

Featured Presentations

These are my favorite presentations with audio and video available.

Black Hat USA / Defcon 2010—Mastering the Nmap Scripting Engine

Most hackers can use Nmap for simple port scanning and OS detection, but the Nmap Scripting Engine (NSE) takes scanning to a whole new level. Nmap's high-speed networking engine can now spider web sites for SQL injection vulnerabilities, brute-force crack and query MSRPC services, find open proxies, and more. Nmap includes more than 130 NSE scripts for network discovery, vulnerability detection, exploitation, and authentication cracking.

Rather than give a dry overview of NSE, Fyodor and Nmap co-maintainer David Fifield demonstrate practical solutions to common problems. They have scanned millions of hosts with NSE and discuss vulnerabilities found on enterprise networks and how Nmap can be used to quickly detect those problems on your own systems. Then they demonstrate how easy it is to write custom NSE scripts by writing one from scratch and using it to hack a webcam. All in 38 minutes, as given live at Defcon 18!

Black Hat USA / Defcon 2008—Nmap: Scanning the Internet

The Nmap Security Scanner was built to efficiently scan large networks, but I took this to a new level by scanning millions of Internet hosts during the Summer of 2008 as part of my Worldscan project. I present the most interesting findings and empirical statistics from these scans, along with practical advice for improving your own scan performance. An overview of new Nmap features is also provided, including the Nmap Scripting Engine, Zenmap UI, new performance options, Ncat, and Ndiff. Most of these features have since been integrated into official Nmap releases.

ShmooCon 2006—Advanced Network Reconnaissance with Nmap

While many security practitioners use Nmap, few understand its full power. Nmap deserves part of the blame for being too helpful. A simple command such as "nmap scanme.insecure.org" leaves Nmap to choose the scan type, timing details, target ports, output format, source ports and addresses, and more. You can even specify -iR (random input) and let Nmap choose the targets! Hiding all of these details makes Nmap easy to use, but also easy to grow complacent with. Many people never explore the hundreds of available options and scan techniques for more powerful scanning.

In this presentation, Nmap author Fyodor details advanced Nmap usage—from clever hacks for teaching Nmap new tricks, to new and undocumented features for bypassing firewalls, optimizing scan performance, finding free porn, defeating intrusion detection systems, and more. A special Shmoo version of Nmap was released at the conference, though all the features discussed are now integrated with official Nmap releases.


Other Presentations

The presentations in this section generally only have slides available (no video), or they are superseeded by newer talks in the Featured Section above.