filmov
tv
#HITBGSEC 2016 SG CommSec Track D1- Halcyon - An IDE for Faster NSE Development - Sanoop Thomas
Показать описание
Halcyon is the first IDE specifically focused on Nmap Script (NSE) Development. This research idea was originated while writing custom Nmap Scripts for Enterprise Penetration Testing Scenarios. The existing challenge in developing Nmap Scripts (NSE) was the lack of a development environment that gives easiness in building custom scripts for real world scanning, at the same time fast enough to develop such custom scripts. Halcyon is free to use, java based application that comes with code intelligence, code builder, auto-completion, debugging and error correction options and also a bunch of other features like other development IDE(s) has. This research was started to give better development interface/environment to researchers and thus enhance the number of NSE writers in the information security community.
Halcyon IDE can understand Nmap library as well as traditional LUA syntax. Possible repetitive codes such as web crawling, bruteforcing etc., is pre-built in the IDE and this makes easy for script writers to save their time while developing majority of test scenarios. The talk starts with a quick introduction to how Nmap scripts work and developed, and then showcase different features on Halcyon IDE to build real world scripts faster with various built-in features in the IDE. Halcyon surely provide a rich NSE development environment bundled with features such as improved user interface, code intelligence workspace, easy single click configuration, optimised code generator, scan settings to work with multiple scripts at the same time, pre/post script development actions and lot more.
===
Sanoop Thomas aka s4n7h0 is one of the core team moderator for null Singapore chapter and working as security consultant mainly involving with security assessment of web applications, mobile, networks, and infrastructures. His area of interests lies in threat research and automating pentest/analysis methodologies. He has dealt with many internet threat researches and worked with multiple research groups focusing towards internet safety. He has also authored Xtreme Vulnerable Web Application (XVWA) and Halcyon. He has presented his researches in multiple security conferences such as OWASP India, Nullcon, Black Hat Asia and many others as well.
Halcyon IDE can understand Nmap library as well as traditional LUA syntax. Possible repetitive codes such as web crawling, bruteforcing etc., is pre-built in the IDE and this makes easy for script writers to save their time while developing majority of test scenarios. The talk starts with a quick introduction to how Nmap scripts work and developed, and then showcase different features on Halcyon IDE to build real world scripts faster with various built-in features in the IDE. Halcyon surely provide a rich NSE development environment bundled with features such as improved user interface, code intelligence workspace, easy single click configuration, optimised code generator, scan settings to work with multiple scripts at the same time, pre/post script development actions and lot more.
===
Sanoop Thomas aka s4n7h0 is one of the core team moderator for null Singapore chapter and working as security consultant mainly involving with security assessment of web applications, mobile, networks, and infrastructures. His area of interests lies in threat research and automating pentest/analysis methodologies. He has dealt with many internet threat researches and worked with multiple research groups focusing towards internet safety. He has also authored Xtreme Vulnerable Web Application (XVWA) and Halcyon. He has presented his researches in multiple security conferences such as OWASP India, Nullcon, Black Hat Asia and many others as well.
0:16:56
0:21:20
0:27:41
0:53:08
0:31:22
0:28:17
0:16:56
0:31:22
0:27:41
0:24:38
0:20:08
0:53:09
0:23:59
0:20:08
0:28:17
0:23:59
1:04:51
0:46:46
0:36:46
0:49:07
0:32:08
0:34:12
0:44:08
0:29:02