NeXpose is an incredibly useful tool for Vulnerability Management as well as Network Assessments but what happens when you use the features of the credentialed scanning module to check for common signs of compromise? You end up with an extremely powerful network scanning engine which reports back a slew of information to help check for the usual suspects in a server or workstation compromise. This talk will discuss various ways to transform NeXpose into such as tool as well as release custom scanning definitions to help automate the process of compromise analysis.