HD Moore on Modern Network Discovery - Duo Tech Talk 2019

This was presented at Duo Tech Talks on December 5th, 2019 in Austin, Texas.

HD is CEO of Critical Research Corporation, creator of Rumble Network Discovery, and VP of Research for Atredis Partners, a research-driven security consultancy. Best known for founding the Metasploit project, HD’s work continues to focus on the nexus of security research and technology.

Identifying assets on modern networks is more complicated than ever due to the adoption of BeyondCorp security models, software defined networks, virtual machine environments, container environments, hybrid clouds, and internet-connected smart devices. This presentation dives into original research and lesser-known techniques that can be used to quickly discovery devices across complex environments, without the use of passive traffic analysis or credentials.

0:00 Introduction
1:55 Why Discovery?
3:25 External Asset Discovery
5:12 Internal Network Discovery
7:00 Internal Discovery Challenges
10:51 Passive Discovery
11:14 Active Discovery Research
17:37 NetBIOS Discovery: Example
20:50 Opportunistic SNMP Discovery: ARP Cache Example
23:06 Remote ARP Scan: SNMP + UPnP NOTIFY
23:14 Remote ARP Scan: SNMP SIP INVITE
26:14 SNMP v2: Stacked GETBULK Example
26:21 Unauthenticated Discovery
29:06 SNMP v3: Unauthenticated Fields
30:19 SNMP v3: Decoding the Engineld
34:46 Rogue Egress Detection with UDP: Example
42:59 DNS Resolvers: Client Subnet Example
47:52 MDNS: Remote Examples
50:53 TLS: Data Mining Certificate Fields: Example
52:37 Manufacturer Discovery Protocols: Example
52:47 MAC Addresses Beyond Layer 2