Both a WhiteHat Audit and a BlackHat Compromise begin with scoping out the network. Using OS and Application fingerprinting techniques have been staples of Network Reconnaissance for close to a decade. Today’s techniques include passive, active, blind and invasive fingerprinting.
A brief review of current and past strategies explains the strengths and pitfalls of each fingerprinting technique. This leads to the introduction of our new fingerprinting technique and the release of our new fingerprinting tool which will attempt to safely and accurately identify HTTP servers with a single RFC compliant request.