Closing Plenary Large Scale Network and Application Scanning

Presented at ShmooCon X (2014), Jan. 19, 2014, 1:30 p.m. (60 minutes)

From proff's strobe to modern day distributed network scanners, probing remote systems and applications to assess a system's security posture is a core part of our offensive and defensive tool kits. This panel discussion will examine the state of the art of network and application scanning. During the session, the entire Internet will be scanned at least once by the panelists--maybe even a few times. We will discuss the results of a recent scan of large scale cloud providers and the issues the scan uncovered. The panel will also examine new tools utilizing application scan results to enable real-time defenses against compromised or weak systems. Finally, the panelists will engage in a discussion on the ethics of network scanning, especially as it pertains to the modern capability of large scale, nearly instantaneous scanning of the entire Internet.


  • Robert Graham as Robert David Graham
    Back in 1998, Robert Graham created one of the first popular desktop firewalls (BlackICE Defender) and the first IPS (BlackICE Guard). In 2007, he created the first "sidejacking" tool for hijacking sessions by sniffing cookies. He's been a regular speaker at conferences for the last 13 years.
  • Bruce Potter (moderator)
  • Alejandro Caceres
    Alejandro Caceres is a distributed computing fanatic and security researcher or whatever hackers are supposed to call themselves these days (he lost track of buzzwords when the acronym APT was invented). He's conducted research and presented at the big cons on offensive distributed computing techniques against massive targets (e.g. significant portions of the Internet or the entire Internet when he's feeling frisky). His research is cool and stuff, but he is most proud of getting hit repeatedly with a wooden paddle by a DEF CON goon at DEF CON 21 as well as annoying Bruce Potter on Twitter one time.
  • Dan Tentler / Viss as Dan Tentler
    Dan Tentler is the sole proprietor of Aten Labs, a freelance Information Security consultancy firm in San Diego and is routinely parachuted into various clients in southern California. Dan carries a wide breadth of clients and engagements, ranging from threat intelligence, to wireless site surveys and penetration testing, to full blown social engineering campaigns, to lockpicking and threat & vulnerability assessments. Dan has presented at DefCon, BlackHat, various BarCamps, Toorcon San Diego, ToorCon Seattle, regional OWASP meetings, Refresh San Diego, and SDSU computer security advanced lecture classes. Dan has been interviewed by the BBC, CNN, The San Diego Reader, and a variety of information security blogs and publications. If you need a bad guy, call Dan.
  • Paul McMillan
    Paul McMillan is a security engineer at Nebula. He is also a member of the security teams for Python and Django. When he's not building or breaking clouds, he enjoys cocktails and photography.

Similar Presentations: