Internet Scanning - Current State and Lessons Learned

Explore the world of internet-wide scanning and its implications for cybersecurity in this 26-minute Black Hat conference talk. Delve into Project Sonar's raw data sets and community engagement, examining the latest results from implementing databases, search engines, and trending features. Learn about investigative tools for data correlation and a trending database monitoring security improvements by country and industry. Discover new scan types and their potential applications through demonstrations and data processing examples. Uncover recent findings on vulnerabilities and misconfigurations lurking in the internet's deep corners, including statistics on the SSL Heartbleed vulnerability. Gain insights into various topics such as SNMP process listing and credential retrieval, Telnet Linux shells, serial port servers, and ElasticSearch code execution. Understand the scope of Sonar data, including sizes and record counts, and explore practical use cases like asset discovery and NAT-PMP and DNS findings.

Intro
Outline
Internet-wide scanning
Research / Finding history
SNMP - list processes, get credentials
Telnet: Linux Shells
Serial Port Servers
Example Remote Serial Ports
ElasticSearch, code execution is a feature
Sonar - Data overview
Sonar - Data sizes and record counts
Recent findings - NAT-PMP
Recent findings - DNS
Example Use-Case Asset Discovery