In Depth Network Discovery Made Easy Using RunZero @runZeroInc

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
Tommy here from Orange systems and in July of 2021 I did a video on a tool called Rumble and I was pretty Blown Away with just how well it worked at doing asset discovery of devices on your network pretty amazing product and I just renewed my license so I wanted to throw that out there that this is not a sponsored video I actually pay and integrate this into our stack of tools that we use at my company I wanted to get those things out up front but I do want to mention if you want to use it in your home lab or want to try all the product I do have a link down below if you'd like to click it not a paid link it just is a tracking link if people want to know you know how they uh discovered Rumble it will let you know and it's basically run zero it was the new name slash Tom Lawrence but that's linked down below if you're interested or you just want to go there and say I don't want to tell people I'm associated with watching that Tom Lawrence guy either way I wish I had to be up front very clear about the purpose and any of the driving biases I have towards any of the products I talk about now speaking of driving biases yes I'm biased I like the product which is why I'm doing the updated video originally it was called Rumble in 2021 it was built by HD Moore and I found it on the risky business podcast those are a lot of little interesting tidbits that I'll leave link down below if you want to listen to the risky business podcast or listen to The Dark Knight Diaries episode to learn a little bit more about who HD more is but when certain people create tools it creates a level of interest to me because well having the hacking background means they usually build really focused useful tools fast forward to November of 2022 when we're recording this video now and the tool has matured quite a bit and it's become a lot prettier with a lot of Integrations matter of fact the significant changes are going to be just how much they've expanded what they can discover the protocols they use for Discovery the ability to fingerprint assets much better and the fact that they've added all kinds of more just in-depth Discovery protocols such as landtronics ubiquity protocol Kerberos ldap NFS mounts p t pptp it's always a hard one for me to say and a whole lot more now it's also has Integrations that we'll be talking about with a lot of other commercial products essentially that's the audience that this is going to be targeted at is if you're an internal I.T team trying to get a handle on how many assets uh that you do know about or some you maybe didn't know about and looking for a full RFC 1918 Discovery tool that's this tool for those of you that are home labbers that follow me and just want to test it out by the way you get a full free 21 day trial there's a link down below you can click to kind of get started with that as I said but if you want to just test it out for free they actually have a free tiers they're offering as well so if you want to use this in your home lab for discovery of up to 256 assets and that's the features they're offering as well but let's dive right into the dashboard how it works and actually how it works and then probably the dashboards I want to go over and explain it just in case you haven't watched my previous video which is linked down below so this is what the dashboard looks like here in November of 2022 but let's start with how do you deploy an agent and what is supported for these agents in terms of where you can set it up so if you go to deploy and we're going to see my registered explorer that was running on my laptop which is running Linux so it says pop OS all Sites I was at an event called it Nation they had a Wi-Fi network without host separation therefore I couldn't resist scanning the network to you know do a little insight and discover what was on a network as far as deploying these agents or explorers as they referred to deploy run zero explorers it'll run on Windows Linux distributions Apple Mac and BSD variant so when I see Linux distributions it's more than just Linux x64 it also does 32 several variations of arm and mips power PC and s390x IBM Z so a pretty well supported here in terms of options back over here to the registered explorers it will tell you if the Explorer is out of date so latest version is 3.3 this was only run once and this was set up as a project when you're building out the client or the site that you need to do you start with building it either as an organization or as a project and if we go here and we just create a new project for example the projects are a project that becomes read-only after 30 days on automatically deleted after 90. these are great for doing client discoveries this is something we'll use them for or limited engagements we have with a client where it's a project that they want us to help redo something on a network and the first step of course is figuring out where is everything on the network documenting it and then coming up with a plan to do this and hopefully it takes you know less than 30 days to get this done generally it does but at least starting as that also projects can be converted over to organizations there's a way you can take these and take this project here for example which is the it Nation project and down here which says I wonder what I can find at it Nation 22 Wi-Fi you can put some descriptions in here but if I wanted to I can promote to organization there's a button right here so if that project takes longer you want to promote it there or delete it later that's definitely an option let's go back over here and talk about an organization that I've set up which is called LTS Tom now normally I hit this pull down there's a long long list here they have granular permission so I created this user called YouTube demo and said you only have permission to these two things but this does support multi-tenant Sports multi-user so we have all of our users set up and configured and you can decide what sites you want to give them permission to view so that's all granular and does have permission controls on that but when we switch back over here and we go to this organization the LTS Tom one and we're going to go to the site and we'll click on primary site because for any organization you can have a series of sites underneath of it but for this one I had set up I built out my essentially Studio slash home office Network and Define the subnets uh this subnet's actually across the VPN this is my office lab where a lot of my demos are and I wanted to go across the VPN and scan it's completely capability it has and then we want to go ahead and say you know Define these different networks now you can just tell it to scan everything and obviously if you're doing a client Discovery scan all the things is probably what you want to do because well some people think they only have this many networks and when you run a scan that's in depth you may find they have more devices than even they knew about which is part of the point of this tool all right next thing after this is going to be what does it look like after you scanned and what does a full dashboard of things look like so here are the 58 recent assets active scans running none right now you can build it to be a recurring scan and when you build these recurring scans it will give you differentials between each scan if you ran it once a week once a day might be a bit much but you can then start building trends for what's going on in that Network and it's got these nice dashboards and I like this because it kind of gives you an idea and it also tells you where the asset Source information came from and these are those Integrations I was talking about now for this demo I didn't have any of these Integrations but go ahead and check out their blog check out their resource library of videos they actually have more in-depth talks about all the different Integrations they have and because I don't use all of these different tools I can't really demo them as well as they do so being able to tie this to all those other things to some of the really cool features when you're building out the network because well things are all over the place but this can serve them as a central point of data by pulling in all those other data points with all those other Integrations now I do like some of these like most seen last scene I think the dashboards are just kind of fun uh to play with you can see how many PF senses we might have and so really simple uh quick reports all Sites primary if you had each one broke down uh this is fun when you're looking at clients or large sites to be able to go what's this or how many of these are and sometimes you may want to from the dashboard show me the Oddball devices and find them now let's just jump right over to what it looks like with the inventory and the assets that we have in here and let me clear that I was playing with this last night on my live stream and showing people how you can pivot through things and so we'll go ahead and clear so we want to see all the Assets Now you can filter results 20 50 100 256 512 10 24. it's like the little you know uh on on the amount of results it can show over there just kind of Novel that it does that on that multiplier but for any device you're looking at here you'll see all across all the networks we can scroll through them all we can kind of figure out what they are now let's do something like look at these cameras here's an amcrest camera and we can do things like just find me the word amcrest kind of like a generic search but if you want to get more specific with the searches you can click on any one of the assets that you have in here and then from here we can do these very specific search like Hardware product this is ip8m246e let's go ahead and search for an asset with matching value perfect I've now pivoted that quickly to understand that attribute Hardware product Hardware product equals ip8 uh m-2496e this is great when you're trying to discover what's on a network or in when you have these running continuously and you know there's a problem with a product that you have to figure out is across your networks uh really great to be able to quickly find and drill into any of those type of assets and this goes across really any of them and right next to it is the copy value to clipboard this shouldn't be overlooked I mean yeah I can do this and I do this way too much but being able to just quickly let's just click and copy the clipboard that is um often overlooked I've talked about this in xcpng and the team at xcpng puts this all over the place in there since I I don't know it's those little things that make a big difference on being a Time Saver now another thing that's a big time saver on any of this is any of these how it says console inventory view assets and if we take this out of full screen you can see this URL at the top and this URL at the top is actually really handy because then I can also with my other people that are logged in at my staff throw this right back at them and say hey check out this asset so I don't have to give them any uh pathing to try to figure out where that is you can share links with people that's just really once again A Time Saver when you want to have a discussion about some of the assets and things are on there now as you scroll down through here you're going to see the service protocols that are on here once again there are things we can dig through look up different software sometimes if those are discovered it can be a pivot point HTML input so you get a lot of raw data here and if you're running one of these agents on a device that has Chrome installed they can grab screenshots of all of these things and actually I really like the screenshots they're really handy because sometimes you're like what was that device again and the screenshot really reveals it matter of fact that's that way you can browse through all your devices but it's by clicking the screenshots and it has an inventory of all the screenshots of hey look there's my PS sign in or there's a true Nas and there's all these different things scroll through I don't remember what was this thing oh that's a printer what and great now I know that this is a printer and then from there let's pivot to dig into the printer hey it has SNMP on there we can kind of go through it's a brother uh there's the firmware that it's running it gathers a lot of data about all these and of course if you're a large Network trying to figure out how many of your printers have the most up-to-date firmware uh being able to search for brother and sort them by firmware and create an export list quite handy for getting your job done as we go down here we can actually look through Services ARP Mac vendor ubiquity networks we can get rid of that and filter see what other services it finds once again you can load these across lots of different ways to Pivot the data and boy there's a lot of data in here so we can look at the different protocols or use what IPS are used on which versions of openssh and if you have it set up you can actually tell it to open an application from there and launch SSH or HTTP to go right to the asset it's all these little conveniences because the goal is always having time saving ways to get these things done which is part of the reason I really like a lot of this now it's IBC because I got it zoomed in scrolling quite a bit across but you also have things like how it was detected ping our first scene last seen based on how long you've been running these I actually started to do this demo video a few months ago with this particular demo client then I got sidetracked and renewing my license for the tool reminded me of hey I should probably do an updated video now going down here to software uh it's not doing like a software inventory necessarily of each machine it's not that type of software inventory it's a discovery software inventory for things like Hey we're running airtunes on this particular device or we see openssl in Gen X ntp so it gives you a lot and can give you things like let's dig through what PHP version it thinks is over here so you're like all right here's where we found PHP running it's obviously on this PF sense here and they can start pulling together all the data around it and the device once again different ways to Pivot through there vulnerabilities it's not a vulnerability scanner so November entities have been ingested Enterprise plans can connect with third-party sources to support performability scanning and this is back to this almost Integrations of your actual vulnerability scanners of pulling that data in here to make it more useful I don't have it tied to any of the wireless devices but it does that special Wireless Discovery users and groups once again because you can tie this to your active directory which will allow you to correlate data such as the users that are attached to any particular device hence the more you ingest data this can become a very large Discovery tool just to give you all those different pivot Points when you're going through here now let's talk about the reporting now this is going to depend on the type of asset it finds whether or not things like their switch inventory Works uh this one actually doesn't work for the ubiquity switches even though they have some unique Discovery protocol um it doesn't seem to actually be able to do any type of Discovery for switch topology but look back over reports subnet utilization reports do work quite well and it'll tell you how much of the space you're using for each of these subnets this can actually be really handy because it's a common question of you know do we need to build another subnet do we need to expand the subnet please don't make them too big but getting some asset utilization by subnet hey that's pretty cool network bridge reports they have some good Demos in there YouTube I'll leave a link down below to that but those are going to be the ability to see where your network bridges are and for example the 192.168 60.10 is also uh across these other networks there's different ways to see how things were bridged there's not much on my network but for some networks and sometimes this is a interesting Discovery by companies uh seeing what's on different things and has perhaps routing that they didn't expect that allowed these networks to be bridged in well as asset route planning you can take any two assets and figure out how they get to each other or how they talk to each other or if they can talk to each other so you can do the trace between here and this is potentially a living room Nest which it's not actually a nest that's weird that it discovers that it's actually just a Google um one of the Google Talking boxes are called I forgot the name of them right now uh but it's interesting that it may be called Nest by the way um because of other reasons and silliness but it'll tell you the different ways the different ways it thinks that can get there now I found some interesting things about how these traces uh aren't always accurate and let me explain the reason you may get a device and it's because the perception from where the agent was run is that it would be able to get to there but because it's not running from there it makes the Assumption of how these two things can talk to each other but I already know I have a firewall rule that doesn't allow it another analysis that you can do are the service attributes really clever that they have this if you wanted to build TCP IP window sizes HTTP codes HTTP messages servers they're all different ways to kind of build reports or ciphers because you want to know what TLS cyphers run your network they give you just a lot of great information to be able to Pivot from SMB dialects SMB native LMS or mongodb versions maybe you have some type of vulnerability that requires you to try to discover across your network you know what version you're running of these particular things and want to find them all so you have even things like virtual machines ILO attributes AWS image IDs domain membership all protocols only SCP RDP network switch report assets by switch once again the switches I'm using I didn't have any Discovery available just some unify switches but it does work with different switch manufacturers quite a few different ones just unified doesn't have any particular well I didn't configure I should say any particular SNMP features of the unify 4 to give back any information that's something you can do maybe I'll do some testing later but you kind of get an idea of once you tie all these together all the different things you can do on that so hopefully this gives you a good overview of the Run zero product but honestly if you want to understand something better or at least what works for me is I try out the product that's what got me started I got excited when I seen all the things you could find and uh there's that link down below to start a free trial get going with it and see what might be on your network or what you thought was on your network versus what's really how you network those things are sometimes going huh that's interesting I like having those Discovery moments like that I've certainly had it a couple times with this nonetheless as always if you want to have a more in this depth discussion about this topic or any other topic I talk about on my channel head over to my forums and I'll see you next time thanks and thank you for making it all the way to the end of this video if you've enjoyed the content please give us a thumbs up if you would like to see more content from this channel hit the Subscribe button and the bell icon if you'd like to hire a sure project head over to lawrencesystems.com and click the hires button right at the top to help this channel out in other ways there's a join button here for YouTube and a patreon page where your support is greatly appreciated for deals discounts and offers check out our affiliate links in the description of all of our videos including a link to our shirt store where we have a wide variety of shirts that we sell and Designs come out well randomly so check back frequently and finally our forums forums.lorentsystems.com is where you can have a more in-depth discussion about this video and other Tech topics covered on this channel thanks again for watching and look forward to hearing from you
Info
Channel: Lawrence Systems
Views: 46,992
Rating: undefined out of 5
Keywords: LawrenceSystems
Id: 9xnV2KeyQjY
Channel Id: undefined
Length: 18min 41sec (1121 seconds)
Published: Sat Nov 19 2022
Related Videos
runZero Platform - A CAASM Solution
runZero, Inc
664
Tailscale VS Zerotier
Lawrence Systems
118K
Comparing Top Overlay VPN Networks: Tailscale, Netbird, Netmaker, Zerotier
Lawrence Systems
53K
20 Food's You'll Never Buy Again After Knowing How They Are Made
Discoverize
3.3M
Getting Started With MSP & IT Documentation, Best Practices, Tips & Tools
Lawrence Systems
41K
Using Cloudflare Tunnels For Hosting & Certificates Without Exposing Ports On Your Firewall
Lawrence Systems
174K
Wall Fishing Tools & How To Use Them When Dealing With Fire Stops and Insulation
Lawrence Systems
1.1M
How to Configure Traffic Monitoring with ntopng on pfsense
Lawrence Systems
111K
2023 Firewall Features Compared: pfsense | Arista | UniFi | Sophos | Fortinet | Meraki & What We Use
Lawrence Systems
122K
runZero Product Demo
runZero, Inc
5.7K
Quick and Easy Local SSL Certificates for Your Homelab!
Wolfgang's Channel
659K
The Virtualization Debate: XCP-NG vs Proxmox for Businesses Leaving VMware
Lawrence Systems
74K
pfsense: Blocking Threats With pfblockerNG Lists
Lawrence Systems
92K
How To Setup VLANs With pfsense & UniFi 2023
Lawrence Systems
182K
Meet netboot.xyz - Network Boot Any Operating System
Techno Tim
708K
ChatGPT Can Now Talk Like a Human [Latest Updates]
ColdFusion
441K
Security Incident Using Huntress & SentinelOne: What Was Found & What Was Missed 🚨
Lawrence Systems
24K
Rumble:In Depth Network Discovery Made Easy
Lawrence Systems
46K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.