Vulnerability management Lab | Nessus Essentials



What is it?

Vulnerability assessment or vulnerability management is a process of analyzing an organization's systems for possible security flaws. It runs a vulnerability analysis to see if the organization is vulnerable to known vulnerabilities, provides a severity level to those vulnerabilities, and suggests if the danger should be mitigated or remediated.

Vulnerability testing aids organizations in determining whether their systems and software have insecure default settings, such as admin passwords that are easily guessable. It also checks for a potential escalation of user rights or faulty authentication procedures, as well as vulnerability to code injection attacks such as SQL injection (SQLi) and cross-site scripting (XSS). fortinet.com/resources

Types of Vulnerability Assessments

The following are the most prevalent types of vulnerability assessments used by businesses:

  • Network scan: Identifies susceptible systems on an organization's wired and wireless networks that could be leveraged to launch security attacks.

  • Host assessment: The assessment of critical servers, which may be vulnerable to attacks if not adequately tested or not generated from a tested machine image. imperva.com
  • Wireless scan: Typically checks an organization’s Wi-Fi connections to seek for any rogue access points (APs) and validate whether the network is configured securely.
  • Application scan: Examines a company's websites for known software flaws and insecure setups in web apps or networks.
  • Database scan: Detects flaws in databases and large data systems, such as misconfigurations, rogue databases, or unsafe development environments, in order to safeguard businesses from harmful assaults. 


The Lab

Downloads links:

Nessus Essentials:

go to  https://www.tenable.com/products/nessus/nessus-essentials and register to get an activation link, download the version for Windows x64 if you're working on a Windows machine


if you're using Kali Linux you can download the .deb version

or you can install it directly from the Linux terminal 

sudo apt install nessus

then you should start the Nessus service (not needed on Windows)

sudo systemctl start nessusd.service  

then open the browser and go to https://localhost:8834/

Select Nessus Essentials


skip if you have already an activation code 


paste it and continue


next, you need to create a Nessus account


wait for Nessus to download and compile all necessary plugins, it will take a while to finish

you can see now your Nessus dashboard


VMWare Workstation & Windows :

after you download VMWare and Windows ISO, install VMWare and run it 


continue until you find "Customize Hardware", get enter and change the network adapter from NAT to Bridged.  


next, start the VM and install Windows; You can use the instructions used in this lab here

if you have any problems, feel free to ask in the comments section below

give a name for the account and a relatively easy password to test it later 


when the Windows config is completed, try to find out its IP address (mine is 192.168.1.9)


as you can see, the ping is not reaching the VM, so we must disable the Windows Firewall for now



Start menu > search for wf.msc 




Properties > Private Profile > turn it off > Ok





Basic Network Scan

now, go back to Nessus Essentials and start a new scan >  Basic Network Scan


Name it, copy the VM's IP address in the targets box > Save or Launch directly


after the scan is finished, click on it for more details 


Credentialed scan:

Pre-requisites:

we need to enable remote registry service on Windows

Start menu > search for services > Remote Registry > double click > manual > apply > Start > Ok



turn on printer and file sharing and network discovery
Start menu > Manage advanced sharing settings


Disable User Account Control, based on this article from tenable:  tenable.com/Scanning-with-non-default-Windows-Administrator

Start menu > User Account Control Settings > never notify > Ok


next, locate the following registry subkey: 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\LocalAccountTokenFilterPolicy

If the LocalAccountTokenFilterPolicy registry entry does not exist, please follow the steps below to create it:

  • On the Edit menu next to the registry keys, perform a "Right-Click" and click on "New".
  • Click on "DWORD (32-bit value)"
  • Either the name of the new DWORD to LocalAccountTokenFilterPolicy .
  • "Right-click" on LocalAccountTokenFilterPolicy and then click "modify".
  • In the Value data box, type 1, and then click OK.
  • Exit Registry Editor.
  • Restart the Virtual Machine


Start the scan

go back to Nessus > click on New Scan > same Settings as before > Credentials > add the VM's username and password > Save then launch


this could take a bit, so just take a little pause or grab a coffee while it's still scanning 

here it is, Nessus found 35 vulnerabilities, three of them are remote code execution vulnerabilities


Nessus also provides a high-level remediation advice


Install a deprecated software and re-scan:

open Edge and search for old software, Ex: ftp index vlc old or firefox




go to the scans page and launch the previous scan again  



as you can see VLC and Firefox older versions added more vulnerabilities to our VM 



if we go to the remediation window we can see the recommended action against these problems


  • Firefox contains 36 vulnerabilities; remediation >> upgrade to a newer version
  • VLC contains 29 vulnerabilities; remediation >> upgrade to a newer version
  •  The system contains some vulnerabilities; remediation >> Apply Cumulative Update KB5010342.
  • Microsoft Windows Defender; remediation >> Enable automatic updates

we're done here 
if you have any questions, don't hesitate to ask, and I'll be happy to answer them

to the next one ...














Comments

Post a Comment

Popular posts from this blog

OpenVas: Vulnerability Scanning | Installation Guide

Image
  Introduction: OpenVAS is a vulnerability scanner that analyzes endpoints and web apps to uncover and detect flaws. Corporations frequently employ it as part of their mitigation strategies to initially identify any weaknesses in their operational or testing servers and apps. This isn't an ultimate solution, but it can assist in the elimination of any common weaknesses that may have sneaked through the gaps. Installation: There are three methods to install GreenBone openVas: 1- Install from Kali/OpenVas repositories:  This way varies in difficulty because of the needed configurations, you can simply install it with apt. sudo apt-get update -y &&  sudo apt-get upgrade -y &&  sudo apt-get dist-upgrade -y sudo apt-get install openvas sudo gvm-setup sudo gvm-check-setup 2- Install from source (Manually): This way is not the best for beginners due to prerequisite installations and error handling can be challenging. github.com/greenbone/openvas-scanner 3- Run from docker:
Read more

Nmap | TryHackMe Walkthrough

Image
  An in-depth look at scanning with Nmap, a powerful network scanning tool. This room was created by DarkStar  and  MuirlandOracle , as it provides a great way to learn and start practicing nmap. I encourage you to give it a try by yourself since the hands-on practice will give you more understanding of the topic (take advantage of the manual page man nmap ). Task2: What networking constructs are used to direct traffic to the right application on a server? Ports How many of these are available on any network-enabled computer? 65535 [Research] How many of these are considered "well-known"? (These are the "standard" numbers mentioned in the task) 1024 Task3: What is the first switch listed in the help menu for a 'Syn Scan' (more on this later!)? -sS Which switch would you use for a "UDP scan"? -sU If you wanted to detect which operating system the target is running on, which switch would you use? -O Nmap provides a switch to detect the version of the
Read more

Azure Sentinel: Use Microsoft's SIEM to map global attacks

Image
 in this tutorial, we will display attacks from all over the globe on a world map using Microsoft cloud SIEM (Security Information and Event Management) this is a step-by-step guided lab so it will be a long tutorial. Project steps this project needs multiple stages to be completed, when you finish this guide you will be able to: create and configure a Virtual Machine using Azure configure a cloud network security group and create firewall rules create and configure a Logs Analytics Workspace collect data from Virtual Machines into Azure get familiar with PowerShell scripting and APIs use (KQL) Kusto Query Language (the Azure data exporter language)  Let's get started First of all, go ahead and create a free Azure account at  https://azure.microsoft.com/en-us/free/   When you're done with that go to your dashboard at  https://portal.azure.com/ Ps: Just a quick note before we begin, you will notice in Azure as in GCP or AWS that the search bar is your b
Read more