1 00:00:00,000 --> 00:00:01,599 Hey everybody, Josh here. Welcome back to 2 00:00:01,599 --> 00:00:03,520 my channel. I do a lot of videos on IT 3 00:00:03,520 --> 00:00:05,600 cyber security education and career 4 00:00:05,600 --> 00:00:07,520 things, and today's video is going to be 5 00:00:07,520 --> 00:00:09,280 on vulnerability management. We're 6 00:00:09,280 --> 00:00:10,160 actually going to be doing a 7 00:00:10,160 --> 00:00:12,000 vulnerability management lab where we 8 00:00:12,000 --> 00:00:13,840 install Nessus Essentials and we install 9 00:00:13,840 --> 00:00:15,679 VMware Workstation Player, and set up 10 00:00:15,679 --> 00:00:18,000 Windows 10 inside of a VM, install some 11 00:00:18,000 --> 00:00:19,920 old deprecated software on it, and then 12 00:00:19,920 --> 00:00:21,119 we're going to be doing some 13 00:00:21,119 --> 00:00:23,199 vulnerability scans against that virtual 14 00:00:23,199 --> 00:00:24,720 machine to kind of discover any 15 00:00:24,720 --> 00:00:26,400 vulnerabilities that might be on there, 16 00:00:26,400 --> 00:00:27,439 and then we're going to go ahead and 17 00:00:27,439 --> 00:00:29,359 remediate one or two of those just so we 18 00:00:29,359 --> 00:00:31,119 can kind of observe what's happening. I 19 00:00:31,119 --> 00:00:32,640 figured this would be a good video to do 20 00:00:32,640 --> 00:00:33,840 because there's like quite a few 21 00:00:33,840 --> 00:00:36,000 vulnerability management jobs on 22 00:00:36,000 --> 00:00:37,760 LinkedIn and I've gotten a 23 00:00:37,760 --> 00:00:39,600 lot of spam from recruiters for these 24 00:00:39,600 --> 00:00:41,600 type of positions, and actually the last 25 00:00:41,600 --> 00:00:43,360 real job I had I was a vulnerability 26 00:00:43,360 --> 00:00:45,360 management program manager for King 27 00:00:45,360 --> 00:00:47,120 County here in Washington State so I 28 00:00:47,120 --> 00:00:49,680 kind of did this on an ongoing basis for 29 00:00:49,680 --> 00:00:51,199 a while. Basically what vulnerability 30 00:00:51,199 --> 00:00:53,360 management is continuously assessing 31 00:00:53,360 --> 00:00:55,120 your assets, discovering vulnerabilities, 32 00:00:55,120 --> 00:00:57,520 remediating them to an acceptable risk, 33 00:00:57,520 --> 00:00:59,199 and then kind of starting the process 34 00:00:59,199 --> 00:01:00,640 over and over again to kind of make sure 35 00:01:00,640 --> 00:01:02,879 the risk in the whole organization is 36 00:01:02,879 --> 00:01:05,360 low or at least an acceptable level. So I 37 00:01:05,360 --> 00:01:07,280 think if you kind of watch this video 38 00:01:07,280 --> 00:01:09,200 and practice it a few times, you can get 39 00:01:09,200 --> 00:01:11,439 pretty good at it and get an idea of how 40 00:01:11,439 --> 00:01:13,200 vulnerability management might work in 41 00:01:13,200 --> 00:01:15,119 like a larger corporation. This is 42 00:01:15,119 --> 00:01:16,400 definitely something you can put on your 43 00:01:16,400 --> 00:01:20,159 resume. It might look something like this. 44 00:01:22,000 --> 00:01:23,680 So it will definitely help you out. So 45 00:01:23,680 --> 00:01:25,040 yeah, if you're excited to learn 46 00:01:25,040 --> 00:01:26,400 vulnerability management, consider 47 00:01:26,400 --> 00:01:28,080 smashing that like button and let's get 48 00:01:28,080 --> 00:01:29,520 started. So the first thing we're going 49 00:01:29,520 --> 00:01:31,360 to do is go ahead and 50 00:01:31,360 --> 00:01:33,840 download and install VMware Player. Now 51 00:01:33,840 --> 00:01:35,439 you probably want to have like a 52 00:01:35,439 --> 00:01:37,680 semi-decent computer to be able 53 00:01:37,680 --> 00:01:39,280 to do this, maybe like at least eight 54 00:01:39,280 --> 00:01:41,360 gigabytes of ram and maybe dual core 55 00:01:41,360 --> 00:01:42,640 or something. But if you don't know about 56 00:01:42,640 --> 00:01:44,560 any of that, just try to go ahead and do 57 00:01:44,560 --> 00:01:46,560 it, and if something fails, then it fails.= 58 00:01:46,560 --> 00:01:47,840 I suppose. But go ahead and download 59 00:01:47,840 --> 00:01:49,759 VMware Player. I'll put a link to this in 60 00:01:49,759 --> 00:01:51,920 the description. Just download 61 00:01:51,920 --> 00:01:53,520 for Windows. I'm not gonna do it again 62 00:01:53,520 --> 00:01:54,799 because I already have it, but just go 63 00:01:54,799 --> 00:01:56,479 ahead and like click this, download it, 64 00:01:56,479 --> 00:01:58,079 and install it. You can see mine started 65 00:01:58,079 --> 00:01:59,360 downloading, I'm just going to go ahead 66 00:01:59,360 --> 00:02:00,640 and cancel this. And then while you're 67 00:02:00,640 --> 00:02:02,240 waiting for VMware Player to download, 68 00:02:02,240 --> 00:02:03,759 we'll go ahead and download the Windows 69 00:02:03,759 --> 00:02:06,000 10 ISO. That's basically a file that'll 70 00:02:06,000 --> 00:02:08,479 let us install windows 10 onto our 71 00:02:08,479 --> 00:02:10,399 virtual machine. So again, I'll put a link 72 00:02:10,399 --> 00:02:11,920 to this in the description as well, but 73 00:02:11,920 --> 00:02:14,480 just go ahead and go to it, and then 74 00:02:14,480 --> 00:02:15,920 you'll go to where it says create 75 00:02:15,920 --> 00:02:17,760 Windows 10 installation media and you'll 76 00:02:17,760 --> 00:02:19,760 say download tool, and when 77 00:02:19,760 --> 00:02:21,280 this downloads, just go ahead and open it. 78 00:02:21,280 --> 00:02:22,879 Don't be surprised if this takes a while 79 00:02:22,879 --> 00:02:24,480 to like start up and download. So we'll 80 00:02:24,480 --> 00:02:26,959 just say accept. And then we're going to 81 00:02:26,959 --> 00:02:27,760 click 82 00:02:27,760 --> 00:02:29,760 create installation media. We want to get 83 00:02:29,760 --> 00:02:32,319 an iso file so we'll say next. This looks 84 00:02:32,319 --> 00:02:34,879 good. and we're going to say iso file be 85 00:02:34,879 --> 00:02:36,720 sure to select this and then we'll just 86 00:02:36,720 --> 00:02:38,879 choose where it goes like this nice xp 87 00:02:38,879 --> 00:02:40,879 pro iso that i have go ahead and put it 88 00:02:40,879 --> 00:02:42,560 in a folder just remember what folder 89 00:02:42,560 --> 00:02:45,120 you put in so i'll just save it to my c 90 00:02:45,120 --> 00:02:47,360 underscore isos folder and then we'll 91 00:02:47,360 --> 00:02:49,120 wait for this to finish and while this 92 00:02:49,120 --> 00:02:50,400 is going we can actually 93 00:02:50,400 --> 00:02:52,800 download and install uh nessus 94 00:02:52,800 --> 00:02:54,319 essentials which is going to be going to 95 00:02:54,319 --> 00:02:56,400 be the vulnerability scanner that we use 96 00:02:56,400 --> 00:02:58,319 to actually conduct our scans so i'll 97 00:02:58,319 --> 00:03:00,080 put a link to this in the description as 98 00:03:00,080 --> 00:03:01,920 well but you can probably find on google 99 00:03:01,920 --> 00:03:04,400 and just basically like fill this thing 100 00:03:04,400 --> 00:03:05,840 out after you fill this out you'll be 101 00:03:05,840 --> 00:03:07,200 able to download it and it will send 102 00:03:07,200 --> 00:03:09,200 like a key to your email so just go 103 00:03:09,200 --> 00:03:11,120 ahead and actually i'll just do it just 104 00:03:11,120 --> 00:03:13,599 fill this thing out cool so it will send 105 00:03:13,599 --> 00:03:16,319 an email um inside of your email i can't 106 00:03:16,319 --> 00:03:17,920 show it because it has a key and like i 107 00:03:17,920 --> 00:03:19,599 don't know so inside of your email 108 00:03:19,599 --> 00:03:21,440 there'll be like a button that says uh 109 00:03:21,440 --> 00:03:23,440 download nessus and then there will be a 110 00:03:23,440 --> 00:03:24,879 key go ahead and click the button to 111 00:03:24,879 --> 00:03:26,560 download nessus and it will take you to 112 00:03:26,560 --> 00:03:28,319 a page that looks like this and just 113 00:03:28,319 --> 00:03:30,319 click on nessus and we already have an 114 00:03:30,319 --> 00:03:32,239 activation code it should be in your 115 00:03:32,239 --> 00:03:35,200 email so we'll pick the one for this one 116 00:03:35,200 --> 00:03:37,120 it says windows server 2008 blah blah 117 00:03:37,120 --> 00:03:39,120 blah and then it says 10 in here so 118 00:03:39,120 --> 00:03:40,959 we'll download this just say agree and 119 00:03:40,959 --> 00:03:42,720 then you know download it anywhere and 120 00:03:42,720 --> 00:03:43,920 then meanwhile remember in the 121 00:03:43,920 --> 00:03:45,840 background windows 10 should be still 122 00:03:45,840 --> 00:03:48,000 downloading virtual vmware player might 123 00:03:48,000 --> 00:03:49,519 be downloading still too so we just have 124 00:03:49,519 --> 00:03:51,120 to install that on your own i'm not 125 00:03:51,120 --> 00:03:52,239 going to show it on the screen because i 126 00:03:52,239 --> 00:03:53,840 already have it installed here we are at 127 00:03:53,840 --> 00:03:56,560 the tenable setup so we just say next 128 00:03:56,560 --> 00:03:59,599 accept and just accept this location and 129 00:03:59,599 --> 00:04:01,760 then go ahead and install it and then 130 00:04:01,760 --> 00:04:03,599 say finish 131 00:04:03,599 --> 00:04:05,439 and then it's going to kind of um show 132 00:04:05,439 --> 00:04:07,519 this like socket up here like localhost 133 00:04:07,519 --> 00:04:09,280 in the port um i would recommend saving 134 00:04:09,280 --> 00:04:10,879 this url because it's it's kind of 135 00:04:10,879 --> 00:04:13,040 annoying if you lose it so just save it 136 00:04:13,040 --> 00:04:14,640 in like a notepad somewhere or something 137 00:04:14,640 --> 00:04:16,798 like this and then we'll say connect via 138 00:04:16,798 --> 00:04:19,120 ssl and just say advanced and then say 139 00:04:19,120 --> 00:04:21,440 proceed and this takes a while to set up 140 00:04:21,440 --> 00:04:23,040 the very first time it has to like 141 00:04:23,040 --> 00:04:24,800 initialize and install things and i 142 00:04:24,800 --> 00:04:26,400 assume download a whole bunch of 143 00:04:26,400 --> 00:04:28,000 definitions or something like this so 144 00:04:28,000 --> 00:04:29,680 just go get like some coffee or 145 00:04:29,680 --> 00:04:31,120 something while you while you wait for 146 00:04:31,120 --> 00:04:32,560 this to happen because it will take a 147 00:04:32,560 --> 00:04:34,320 while to do and we're going to say 148 00:04:34,320 --> 00:04:36,720 nessus essentials it's essentially free 149 00:04:36,720 --> 00:04:38,560 you can read the i guess license 150 00:04:38,560 --> 00:04:40,160 agreement if you want but we're going to 151 00:04:40,160 --> 00:04:41,919 install essentials and then just fill 152 00:04:41,919 --> 00:04:43,360 this thing out and we'll get an 153 00:04:43,360 --> 00:04:45,840 activation code i believe i have one 154 00:04:45,840 --> 00:04:47,840 already um it should have emailed it to 155 00:04:47,840 --> 00:04:49,360 you actually it should have emailed the 156 00:04:49,360 --> 00:04:51,680 activation code to you so maybe skip 157 00:04:51,680 --> 00:04:53,759 this and then just paste the activation 158 00:04:53,759 --> 00:04:55,840 code that was that was in your email 159 00:04:55,840 --> 00:04:57,600 that you already received and just 160 00:04:57,600 --> 00:04:59,199 continue and then this is where you're 161 00:04:59,199 --> 00:05:00,720 going to set up a username and password 162 00:05:00,720 --> 00:05:02,000 just make sure you don't forget this it 163 00:05:02,000 --> 00:05:03,600 might be troublesome you know if you 164 00:05:03,600 --> 00:05:04,960 forget it you'll have to reset it or 165 00:05:04,960 --> 00:05:07,600 something like this so just uh set up a 166 00:05:07,600 --> 00:05:09,520 password i guess and this this is a part 167 00:05:09,520 --> 00:05:11,440 that takes a while so just you know go 168 00:05:11,440 --> 00:05:13,759 get coffee or sandwich or something and 169 00:05:13,759 --> 00:05:16,639 we will meet back here okay so while 170 00:05:16,639 --> 00:05:17,919 this is still installing and 171 00:05:17,919 --> 00:05:19,840 initializing and doing everything it 172 00:05:19,840 --> 00:05:21,520 needs to do let's go ahead and set up 173 00:05:21,520 --> 00:05:23,199 our virtual machine since this is going 174 00:05:23,199 --> 00:05:25,199 to take some time anyway so by now you 175 00:05:25,199 --> 00:05:27,440 should have downloaded and installed um 176 00:05:27,440 --> 00:05:29,440 vmware workstation player so we'll just 177 00:05:29,440 --> 00:05:31,759 go ahead and open this up and check on 178 00:05:31,759 --> 00:05:34,880 your windows 10 iso download it should 179 00:05:34,880 --> 00:05:36,800 be finished by now as well maybe it 180 00:05:36,800 --> 00:05:38,560 looks something like this and then it 181 00:05:38,560 --> 00:05:40,479 shows you like where it's at the ci so 182 00:05:40,479 --> 00:05:42,720 it's windows or yeah wherever you put 183 00:05:42,720 --> 00:05:44,400 yours so just take note of this and 184 00:05:44,400 --> 00:05:46,400 we'll say finish cool and then we're 185 00:05:46,400 --> 00:05:48,560 going to create a new virtual machine 186 00:05:48,560 --> 00:05:50,560 inside of vmware workstation player 187 00:05:50,560 --> 00:05:52,639 we'll go to player and then file and 188 00:05:52,639 --> 00:05:55,280 then new virtual machine and then 189 00:05:55,280 --> 00:05:57,360 for the installer we're going to say 190 00:05:57,360 --> 00:05:59,520 browse and then we'll just browse to 191 00:05:59,520 --> 00:06:01,120 wherever you downloaded the windows 10 192 00:06:01,120 --> 00:06:03,120 iso so this could probably be named 193 00:06:03,120 --> 00:06:05,280 something better but that's okay so 194 00:06:05,280 --> 00:06:06,960 we'll say next and just name this 195 00:06:06,960 --> 00:06:09,039 something appropriate this is fine this 196 00:06:09,039 --> 00:06:11,039 location's fine i guess you can change 197 00:06:11,039 --> 00:06:13,039 it if you want so we'll say next maximum 198 00:06:13,039 --> 00:06:15,919 disk size um this is fine we're not 199 00:06:15,919 --> 00:06:17,440 gonna really put anything on it i'm just 200 00:06:17,440 --> 00:06:19,520 gonna put set mine at 50 and then we'll 201 00:06:19,520 --> 00:06:21,600 go to customize hardware and for memory 202 00:06:21,600 --> 00:06:24,080 like if you don't know how much ram you 203 00:06:24,080 --> 00:06:26,880 have maybe just like leave this as it is 204 00:06:26,880 --> 00:06:28,479 i'm going to increase mine a little bit 205 00:06:28,479 --> 00:06:30,080 i'll increase this a little bit if you 206 00:06:30,080 --> 00:06:32,479 don't know about your cpu just leave it 207 00:06:32,479 --> 00:06:34,479 as is but we do have to change the 208 00:06:34,479 --> 00:06:36,400 network adapter we should change it to 209 00:06:36,400 --> 00:06:38,319 bridged without explaining too deeply 210 00:06:38,319 --> 00:06:40,400 bridge kind of puts this virtual machine 211 00:06:40,400 --> 00:06:42,240 on the same network as your actual 212 00:06:42,240 --> 00:06:45,120 physical computer so your nessus 213 00:06:45,120 --> 00:06:47,280 implement implementation can talk to the 214 00:06:47,280 --> 00:06:48,400 virtual machine 215 00:06:48,400 --> 00:06:51,520 more easily this looks good we'll close 216 00:06:51,520 --> 00:06:53,599 this and this is good power on after 217 00:06:53,599 --> 00:06:55,759 creation we'll say finish kind of move 218 00:06:55,759 --> 00:06:57,039 tenable 219 00:06:57,039 --> 00:06:58,479 to the side 220 00:06:58,479 --> 00:07:01,039 and then after the vm finishes getting 221 00:07:01,039 --> 00:07:03,360 kind of created it's going to launch and 222 00:07:03,360 --> 00:07:04,880 then we're going to have a chance to 223 00:07:04,880 --> 00:07:06,720 install windows be sure to press any key 224 00:07:06,720 --> 00:07:08,960 to boot into the iso when it asks and if 225 00:07:08,960 --> 00:07:11,039 your cursor is gone you can see 226 00:07:11,039 --> 00:07:12,639 in the lower left it says like press 227 00:07:12,639 --> 00:07:14,560 control alt to release your cursor and 228 00:07:14,560 --> 00:07:16,080 then you can get your cursor back so 229 00:07:16,080 --> 00:07:18,800 we're just going to install windows 10. 230 00:07:18,800 --> 00:07:21,360 so we'll just say next install and say i 231 00:07:21,360 --> 00:07:23,199 don't have a product key you can close 232 00:07:23,199 --> 00:07:24,960 this message down here and just pick 233 00:07:24,960 --> 00:07:27,440 windows 10 pro and say next and we'll 234 00:07:27,440 --> 00:07:30,319 say accept say next and say custom and 235 00:07:30,319 --> 00:07:32,560 then this is our blank hard drive so 236 00:07:32,560 --> 00:07:34,160 click on that the only one you can click 237 00:07:34,160 --> 00:07:35,599 and just say next and then this will 238 00:07:35,599 --> 00:07:37,280 take some time to install too so i'll 239 00:07:37,280 --> 00:07:38,639 kind of come back when one of these 240 00:07:38,639 --> 00:07:40,240 finishes cool so it looks like both 241 00:07:40,240 --> 00:07:42,160 finished now i'll just finish setting up 242 00:07:42,160 --> 00:07:46,160 the vm i will say yes and us and skip 243 00:07:46,160 --> 00:07:47,919 and for nessus we'll just kind of uh 244 00:07:47,919 --> 00:07:49,440 we'll close this thing here and then 245 00:07:49,440 --> 00:07:50,960 we'll we'll just kind of wait on this 246 00:07:50,960 --> 00:07:53,120 until we finish setting up the virtual 247 00:07:53,120 --> 00:07:54,160 machine 248 00:07:54,160 --> 00:07:56,960 and we'll say set up for personal use 249 00:07:56,960 --> 00:07:59,599 next and then we'll say offline account 250 00:07:59,599 --> 00:08:02,639 limited experience and then just name 251 00:08:02,639 --> 00:08:05,520 i don't know just name it like admin and 252 00:08:05,520 --> 00:08:07,520 put make a password but just remember 253 00:08:07,520 --> 00:08:09,520 what it is make it like something simple 254 00:08:09,520 --> 00:08:10,720 because we're going to use this later 255 00:08:10,720 --> 00:08:12,240 for the credentialed scans so just 256 00:08:12,240 --> 00:08:14,160 remember what it is it's troublesome you 257 00:08:14,160 --> 00:08:15,759 know if you forget it 258 00:08:15,759 --> 00:08:17,599 just make up make up something for these 259 00:08:17,599 --> 00:08:19,520 if it asks you this is just like you 260 00:08:19,520 --> 00:08:22,639 know a junk vm no one cares say no for 261 00:08:22,639 --> 00:08:25,280 all of these things not now cool okay 262 00:08:25,280 --> 00:08:27,199 now everything is totally set up we have 263 00:08:27,199 --> 00:08:29,759 our vm here and then we have our nessus 264 00:08:29,759 --> 00:08:33,039 essentials set up and ready to go so for 265 00:08:33,039 --> 00:08:34,799 now we're just going to do a kind of 266 00:08:34,799 --> 00:08:37,039 basic scan against the virtual machine 267 00:08:37,039 --> 00:08:38,880 there's we're going to do a credentialed 268 00:08:38,880 --> 00:08:40,719 scan later which i'll kind of explain 269 00:08:40,719 --> 00:08:42,320 but i just want to make sure we can scan 270 00:08:42,320 --> 00:08:44,240 it and make sure we can kind of get some 271 00:08:44,240 --> 00:08:46,240 kind of result back so before we do that 272 00:08:46,240 --> 00:08:48,480 i'm going to go to the vm and like get 273 00:08:48,480 --> 00:08:50,560 the ip address from it so go make sure 274 00:08:50,560 --> 00:08:52,640 to go to the vm not your actual computer 275 00:08:52,640 --> 00:08:54,720 but go to the vm click start open up 276 00:08:54,720 --> 00:08:56,720 command line and then we will type 277 00:08:56,720 --> 00:09:00,080 ipconfig just to get the ipv4 ip address 278 00:09:00,080 --> 00:09:02,000 and we're going to ping this from our 279 00:09:02,000 --> 00:09:03,839 local machine just to make sure that we 280 00:09:03,839 --> 00:09:06,399 can reach it i guess essentially so open 281 00:09:06,399 --> 00:09:08,240 up the command like command line on your 282 00:09:08,240 --> 00:09:10,720 pc and we will just say we'll just ping 283 00:09:10,720 --> 00:09:14,519 this ip address so we'll just say ping 284 00:09:14,519 --> 00:09:16,880 10.0.0.189 and then we'll do dash t 285 00:09:16,880 --> 00:09:18,640 which means like perpetual ping like 286 00:09:18,640 --> 00:09:20,800 keep going forever until we cancel it 287 00:09:20,800 --> 00:09:23,200 and we see like it's it's timing out so 288 00:09:23,200 --> 00:09:25,839 we just have to disable the firewall on 289 00:09:25,839 --> 00:09:27,600 our virtual machine here you might not 290 00:09:27,600 --> 00:09:28,800 want to do this in production it just 291 00:09:28,800 --> 00:09:30,320 depends on like what other controls you 292 00:09:30,320 --> 00:09:32,560 have in place so we will minimize this 293 00:09:32,560 --> 00:09:35,279 we'll go to our vm here and then we will 294 00:09:35,279 --> 00:09:36,200 type 295 00:09:36,200 --> 00:09:38,720 wf.msc it's this windows firewall 296 00:09:38,720 --> 00:09:40,320 microsoft something console can't 297 00:09:40,320 --> 00:09:42,000 remember so we'll open the firewall and 298 00:09:42,000 --> 00:09:43,200 we're just going to do a lot of this 299 00:09:43,200 --> 00:09:44,880 stuff for our lab so we'll go to 300 00:09:44,880 --> 00:09:47,120 defender firewall properties and just on 301 00:09:47,120 --> 00:09:48,640 these first three tabs we'll just turn 302 00:09:48,640 --> 00:09:50,160 all three of them off like domain 303 00:09:50,160 --> 00:09:52,080 profile off private profile off public 304 00:09:52,080 --> 00:09:54,080 profile off and we'll just say okay here 305 00:09:54,080 --> 00:09:55,600 the firewall is off and then we notice 306 00:09:55,600 --> 00:09:57,680 that the ping is kind of going through 307 00:09:57,680 --> 00:09:59,760 on our our local computer here so we can 308 00:09:59,760 --> 00:10:01,920 press control c to cancel this and we'll 309 00:10:01,920 --> 00:10:03,680 just copy this ip address this is the ip 310 00:10:03,680 --> 00:10:05,839 address of our vm we will close this and 311 00:10:05,839 --> 00:10:09,200 then this is um our nessus essentials 312 00:10:09,200 --> 00:10:11,040 essentially it's it's like a web app 313 00:10:11,040 --> 00:10:12,720 essentially so we'll go back to this and 314 00:10:12,720 --> 00:10:14,720 then we're going to create a new scan so 315 00:10:14,720 --> 00:10:17,360 we'll just do a basic network scan here 316 00:10:17,360 --> 00:10:19,040 and so we'll just name it like i don't 317 00:10:19,040 --> 00:10:21,680 know windows 10 single host something 318 00:10:21,680 --> 00:10:23,360 like this and then for targets we'll 319 00:10:23,360 --> 00:10:25,440 just paste this is our our virtual 320 00:10:25,440 --> 00:10:26,880 machine's ip address so we'll just kind 321 00:10:26,880 --> 00:10:28,320 of paste it in here we don't really need 322 00:10:28,320 --> 00:10:30,160 to change anything else on here we're 323 00:10:30,160 --> 00:10:31,680 just going to do like a manual scan but 324 00:10:31,680 --> 00:10:33,200 you you know take note that you can do 325 00:10:33,200 --> 00:10:34,720 like a scheduled scan if you're working 326 00:10:34,720 --> 00:10:36,320 in an organization you want to scan like 327 00:10:36,320 --> 00:10:38,320 every x days or like every tuesday or 328 00:10:38,320 --> 00:10:40,160 something like this or scan common ports 329 00:10:40,160 --> 00:10:41,920 support scan all ports obviously all 330 00:10:41,920 --> 00:10:43,279 ports going to take longer you can 331 00:10:43,279 --> 00:10:44,800 customize it there's a bunch of settings 332 00:10:44,800 --> 00:10:46,399 that you can kind of explore in here on 333 00:10:46,399 --> 00:10:48,640 your own and there is um there's also 334 00:10:48,640 --> 00:10:51,120 this credentials page which we'll get 335 00:10:51,120 --> 00:10:52,959 into in a little bit but basically you 336 00:10:52,959 --> 00:10:54,480 can we won't do this yet but you can 337 00:10:54,480 --> 00:10:56,480 enter credentials in here like the 338 00:10:56,480 --> 00:10:58,160 username and password that we made when 339 00:10:58,160 --> 00:10:59,680 we created the virtual machine and then 340 00:10:59,680 --> 00:11:02,240 the scanner will kind of go into the 341 00:11:02,240 --> 00:11:03,920 machine more deeply and like look 342 00:11:03,920 --> 00:11:05,440 through the registry and the file system 343 00:11:05,440 --> 00:11:07,440 and like more things and the reason for 344 00:11:07,440 --> 00:11:09,440 this is you can kind of discover more 345 00:11:09,440 --> 00:11:10,720 vulnerabilities if you have like 346 00:11:10,720 --> 00:11:12,959 deprecated software or insecure services 347 00:11:12,959 --> 00:11:14,480 or something like this running 348 00:11:14,480 --> 00:11:17,040 this is what this kind of credential the 349 00:11:17,040 --> 00:11:19,120 credentials page is for but right now 350 00:11:19,120 --> 00:11:20,560 we're just going to do like a basic 351 00:11:20,560 --> 00:11:22,320 network kind of port scan it's not going 352 00:11:22,320 --> 00:11:23,920 to be too deep just want to make sure we 353 00:11:23,920 --> 00:11:25,440 can scan it and get some kind of 354 00:11:25,440 --> 00:11:27,360 information back so we have our ip 355 00:11:27,360 --> 00:11:31,040 address and we will just say save we'll 356 00:11:31,040 --> 00:11:33,279 remove this credentials oops and then 357 00:11:33,279 --> 00:11:35,519 just say save and then this is our this 358 00:11:35,519 --> 00:11:37,600 is our scan um it's not running it's 359 00:11:37,600 --> 00:11:38,800 just kind of like a scan that's 360 00:11:38,800 --> 00:11:40,560 configured that we can run in the future 361 00:11:40,560 --> 00:11:42,480 so we'll just go ahead and click launch 362 00:11:42,480 --> 00:11:44,480 now and launch the scan and i believe 363 00:11:44,480 --> 00:11:46,480 you can you can kind of sometimes see 364 00:11:46,480 --> 00:11:48,240 the progress of it like if you click it 365 00:11:48,240 --> 00:11:50,959 you can see you know what it has done so 366 00:11:50,959 --> 00:11:53,360 far it makes like little logs and then 367 00:11:53,360 --> 00:11:54,800 the findings will kind of be on this 368 00:11:54,800 --> 00:11:56,399 page but we can just go back click back 369 00:11:56,399 --> 00:11:58,160 to my host and then back to my scans and 370 00:11:58,160 --> 00:11:59,839 we'll just kind of wait for this to 371 00:11:59,839 --> 00:12:01,760 finish cool so we can now see that our 372 00:12:01,760 --> 00:12:04,480 scan has finished over here um says like 373 00:12:04,480 --> 00:12:05,839 today and there's like a check mark so 374 00:12:05,839 --> 00:12:07,600 we can just kind of click this to look 375 00:12:07,600 --> 00:12:10,079 at the individual results for it and you 376 00:12:10,079 --> 00:12:12,480 can see like down here like blue is info 377 00:12:12,480 --> 00:12:14,800 green is low medium it's yellow etc and 378 00:12:14,800 --> 00:12:16,399 depending on the organization you work 379 00:12:16,399 --> 00:12:18,320 for like a lot of people a lot of orgs 380 00:12:18,320 --> 00:12:20,160 like won't even depending on what they 381 00:12:20,160 --> 00:12:21,920 are a lot of orgs won't even like really 382 00:12:21,920 --> 00:12:23,600 touch medium or lows because they have 383 00:12:23,600 --> 00:12:25,120 like so many criticals and highs that 384 00:12:25,120 --> 00:12:26,880 kind of take precedence and because we 385 00:12:26,880 --> 00:12:28,959 didn't use any credentials for our scan 386 00:12:28,959 --> 00:12:31,600 we don't really see that much of what 387 00:12:31,600 --> 00:12:33,519 might be actually vulnerable inside the 388 00:12:33,519 --> 00:12:35,360 vm but we do see like some things here 389 00:12:35,360 --> 00:12:36,480 so we can click we can click 390 00:12:36,480 --> 00:12:38,320 vulnerabilities up here and just kind of 391 00:12:38,320 --> 00:12:40,320 look through these a tiny bit we can see 392 00:12:40,320 --> 00:12:42,240 like smb signing is not required if 393 00:12:42,240 --> 00:12:44,079 that's something that your org cares 394 00:12:44,079 --> 00:12:45,680 about you can kind of read about it here 395 00:12:45,680 --> 00:12:48,000 more and consider like implementing 396 00:12:48,000 --> 00:12:49,839 implement implementing the solution to 397 00:12:49,839 --> 00:12:52,079 kind of remediate this vulnerability 398 00:12:52,079 --> 00:12:54,079 there's other kind of interesting things 399 00:12:54,079 --> 00:12:56,399 in here trace route information it's 400 00:12:56,399 --> 00:12:58,399 listed as info means it means it's not 401 00:12:58,399 --> 00:13:00,320 could not necessarily be a vulnerability 402 00:13:00,320 --> 00:13:02,079 but just something you should be aware 403 00:13:02,079 --> 00:13:04,079 of that you can see tracer information 404 00:13:04,079 --> 00:13:06,480 which means like icmp is 405 00:13:06,480 --> 00:13:08,959 accepted on this on this particular host 406 00:13:08,959 --> 00:13:10,639 and down here we can see 407 00:13:10,639 --> 00:13:12,560 target credential status by 408 00:13:12,560 --> 00:13:14,720 authentication protocol and it says like 409 00:13:14,720 --> 00:13:16,399 nessus was not able to successfully 410 00:13:16,399 --> 00:13:17,839 authenticate to the remote target 411 00:13:17,839 --> 00:13:19,279 because we didn't actually provide any 412 00:13:19,279 --> 00:13:20,720 credentials and we can see that down 413 00:13:20,720 --> 00:13:23,680 here um smb was detected on port 445 414 00:13:23,680 --> 00:13:26,240 means it's listening on 445 but we 415 00:13:26,240 --> 00:13:28,000 didn't provide any credentials that's a 416 00:13:28,000 --> 00:13:29,360 kind of vulnerability that's a 417 00:13:29,360 --> 00:13:31,440 vulnerability scan some basic results so 418 00:13:31,440 --> 00:13:32,639 the next thing we're going to do is 419 00:13:32,639 --> 00:13:34,720 we're going to we're going to set up the 420 00:13:34,720 --> 00:13:36,720 virtual machine to be able to accept 421 00:13:36,720 --> 00:13:38,560 authenticated scans and then we're going 422 00:13:38,560 --> 00:13:40,480 to provide some credentials to nessus 423 00:13:40,480 --> 00:13:41,920 and then we're going to try to rescan 424 00:13:41,920 --> 00:13:43,680 the virtual machine with credentials and 425 00:13:43,680 --> 00:13:45,839 then kind of compare the results of the 426 00:13:45,839 --> 00:13:47,440 new scan which with these ones that 427 00:13:47,440 --> 00:13:49,360 we're looking at here so we'll go back 428 00:13:49,360 --> 00:13:51,680 to my scans actually we'll go back to 429 00:13:51,680 --> 00:13:53,760 the virtual machine here and then we'll 430 00:13:53,760 --> 00:13:54,680 open up 431 00:13:54,680 --> 00:13:56,720 services.msc and there may be better 432 00:13:56,720 --> 00:13:57,920 ways to do what i'm doing like 433 00:13:57,920 --> 00:13:59,519 especially if you're in like a corporate 434 00:13:59,519 --> 00:14:01,839 environment um i got these steps from 435 00:14:01,839 --> 00:14:04,320 nessus the things that they recommend to 436 00:14:04,320 --> 00:14:06,320 actually do credentialed scans against 437 00:14:06,320 --> 00:14:08,560 windows hosts that are not on the domain 438 00:14:08,560 --> 00:14:09,839 so that's that's kind of what we're 439 00:14:09,839 --> 00:14:11,600 using here so i'm just going to first 440 00:14:11,600 --> 00:14:13,760 i'm going to enable the remote registry 441 00:14:13,760 --> 00:14:16,480 remote registry which will allow the 442 00:14:16,480 --> 00:14:17,920 scanner to connect to this computer's 443 00:14:17,920 --> 00:14:19,440 registry and like kind of crawl through 444 00:14:19,440 --> 00:14:20,959 the registry and look for insecure 445 00:14:20,959 --> 00:14:23,199 configurations like maybe deprecated 446 00:14:23,199 --> 00:14:24,959 cypher suites that might be enabled you 447 00:14:24,959 --> 00:14:26,480 kind of enable and disable those in the 448 00:14:26,480 --> 00:14:28,160 registry so i'm just going to enable 449 00:14:28,160 --> 00:14:30,639 remote registry so our scanner can 450 00:14:30,639 --> 00:14:32,720 connect to the registry so i enabled it 451 00:14:32,720 --> 00:14:34,560 and i turned it on and then next we're 452 00:14:34,560 --> 00:14:36,480 going to be careful when you close this 453 00:14:36,480 --> 00:14:38,240 you don't close the actual vm i'm just 454 00:14:38,240 --> 00:14:40,000 closing like the window inside i'll 455 00:14:40,000 --> 00:14:41,600 close the firewall and next thing i'll 456 00:14:41,600 --> 00:14:44,880 enable file and printer sharing so oh it 457 00:14:44,880 --> 00:14:47,279 looks like it's possibly already on turn 458 00:14:47,279 --> 00:14:49,120 on sharing so anyone with network uh i 459 00:14:49,120 --> 00:14:50,880 don't think public folder sharing needs 460 00:14:50,880 --> 00:14:52,639 to be on i was going to turn this on but 461 00:14:52,639 --> 00:14:54,160 it looks like it's on already turn on 462 00:14:54,160 --> 00:14:55,839 network discovery file and printer 463 00:14:55,839 --> 00:14:57,360 sharing oh looks like it's already on if 464 00:14:57,360 --> 00:14:58,959 yours are not on just make sure to turn 465 00:14:58,959 --> 00:15:00,880 the file and printer printer sharing on 466 00:15:00,880 --> 00:15:03,199 and then we will go to user account 467 00:15:03,199 --> 00:15:05,839 control and this is not good to do um 468 00:15:05,839 --> 00:15:07,839 but our computer is not on the domain so 469 00:15:07,839 --> 00:15:09,760 we have to do these kind of hack things 470 00:15:09,760 --> 00:15:11,760 to be able to scan it so i'll disable 471 00:15:11,760 --> 00:15:13,920 this say okay so yes and then we're 472 00:15:13,920 --> 00:15:16,240 going to open the registry and then 473 00:15:16,240 --> 00:15:18,480 add a key that's supposed to allow the 474 00:15:18,480 --> 00:15:20,560 remote account to like connect in and 475 00:15:20,560 --> 00:15:21,600 next we're going to connect to the 476 00:15:21,600 --> 00:15:23,279 registry and add a key that's supposed 477 00:15:23,279 --> 00:15:25,839 to i guess further disable user account 478 00:15:25,839 --> 00:15:27,600 control for the remote account we're 479 00:15:27,600 --> 00:15:29,279 going to use it to connect to this 480 00:15:29,279 --> 00:15:31,519 computer during our scan so just go to 481 00:15:31,519 --> 00:15:33,440 start and type reg edit again i got this 482 00:15:33,440 --> 00:15:35,519 documentation from nessus i'll put a 483 00:15:35,519 --> 00:15:37,120 link to in the description so we will 484 00:15:37,120 --> 00:15:40,560 browse to a local machine here so we'll 485 00:15:40,560 --> 00:15:44,399 go to local machine software microsoft 486 00:15:44,399 --> 00:15:48,240 windows current version policies system 487 00:15:48,240 --> 00:15:50,959 and then inside here we'll create a 488 00:15:50,959 --> 00:15:53,920 d word called local account token filter 489 00:15:53,920 --> 00:15:55,519 policy so 490 00:15:55,519 --> 00:15:59,600 local account token filter policy local 491 00:15:59,600 --> 00:16:02,480 account token filter policy say enter 492 00:16:02,480 --> 00:16:04,880 and then we'll set this value to 1 and 493 00:16:04,880 --> 00:16:06,079 we'll close this and we'll go ahead and 494 00:16:06,079 --> 00:16:07,680 restart our virtual machine at this 495 00:16:07,680 --> 00:16:09,199 point cool and then we'll log in 496 00:16:09,199 --> 00:16:11,440 remember our username i made mine admin 497 00:16:11,440 --> 00:16:13,120 and then whatever your password is just 498 00:16:13,120 --> 00:16:14,720 make sure you don't forget it and we 499 00:16:14,720 --> 00:16:18,160 should be ready to scan our computer now 500 00:16:18,160 --> 00:16:19,440 we're going to edit the scan that we 501 00:16:19,440 --> 00:16:22,000 made so go back to nessus essentials and 502 00:16:22,000 --> 00:16:24,959 then we will oh so check this box next 503 00:16:24,959 --> 00:16:27,040 to the scan and go to more and then go 504 00:16:27,040 --> 00:16:28,560 to configure and then we're going to add 505 00:16:28,560 --> 00:16:30,079 a set of credentials to this and we're 506 00:16:30,079 --> 00:16:32,079 going to add a windows credentials so 507 00:16:32,079 --> 00:16:33,680 we're going to use password and remember 508 00:16:33,680 --> 00:16:35,680 our username is admin so if you go to 509 00:16:35,680 --> 00:16:38,880 the vm and go to cm cmd and type like 510 00:16:38,880 --> 00:16:41,360 who am i um the name is the name is 511 00:16:41,360 --> 00:16:43,680 admin right so we'll say admin and then 512 00:16:43,680 --> 00:16:45,600 whatever you made the password and i 513 00:16:45,600 --> 00:16:46,639 believe 514 00:16:46,639 --> 00:16:48,160 i believe we can like leave all these 515 00:16:48,160 --> 00:16:50,079 things as default if it breaks i mean 516 00:16:50,079 --> 00:16:51,759 maybe we can come back and configure or 517 00:16:51,759 --> 00:16:53,279 if it doesn't work we can check it so 518 00:16:53,279 --> 00:16:56,240 we'll save this as it is so saved and 519 00:16:56,240 --> 00:16:58,639 we'll go back and back to scans and then 520 00:16:58,639 --> 00:17:00,880 we'll we'll run this scan one more time 521 00:17:00,880 --> 00:17:02,639 when this finishes we'll compare the 522 00:17:02,639 --> 00:17:04,559 results with the first scan and 523 00:17:04,559 --> 00:17:06,240 technically we should see more results 524 00:17:06,240 --> 00:17:07,760 with this one because we enabled 525 00:17:07,760 --> 00:17:09,359 credentialed scanning and we kind of 526 00:17:09,359 --> 00:17:12,079 configured the vm to accept remote scan 527 00:17:12,079 --> 00:17:13,760 so we'll see what happens so i'll just 528 00:17:13,760 --> 00:17:15,520 pause this and i'll come back i'll pause 529 00:17:15,520 --> 00:17:17,119 the video and come back when it finishes 530 00:17:17,119 --> 00:17:18,880 okay it's been a few minutes and it 531 00:17:18,880 --> 00:17:20,799 looks like our scan is finished here so 532 00:17:20,799 --> 00:17:23,280 we will click on this and we can see 533 00:17:23,280 --> 00:17:25,280 like immediately remember last time we 534 00:17:25,280 --> 00:17:27,119 we had like one medium and a bunch of 535 00:17:27,119 --> 00:17:29,039 infos now we have like seven criticals 536 00:17:29,039 --> 00:17:31,919 38 highs and you know four mediums and a 537 00:17:31,919 --> 00:17:33,840 whole bunch more infos it's pretty 538 00:17:33,840 --> 00:17:35,520 interesting so before we like really 539 00:17:35,520 --> 00:17:37,039 dive into the vulnerabilities and all 540 00:17:37,039 --> 00:17:39,200 this i'll just click on history over 541 00:17:39,200 --> 00:17:40,559 here really quick and this is the 542 00:17:40,559 --> 00:17:41,760 current one and you can see the 543 00:17:41,760 --> 00:17:43,760 vulnerabilities down here um you can see 544 00:17:43,760 --> 00:17:45,600 you know five percent criticals etc and 545 00:17:45,600 --> 00:17:47,360 then if we click on our first scan we 546 00:17:47,360 --> 00:17:49,280 can see like we didn't use credentials 547 00:17:49,280 --> 00:17:50,880 for this so we couldn't look at the file 548 00:17:50,880 --> 00:17:52,559 system or the registry or any other 549 00:17:52,559 --> 00:17:54,960 running services or or any of that so 550 00:17:54,960 --> 00:17:56,480 you can see this there's like a big 551 00:17:56,480 --> 00:17:58,160 difference in doing credentialed scan 552 00:17:58,160 --> 00:18:00,240 versus like uncredentialed scans so this 553 00:18:00,240 --> 00:18:02,320 kind of like solidifies the importance 554 00:18:02,320 --> 00:18:04,240 of running credential scans whether or 555 00:18:04,240 --> 00:18:06,000 not you're like scanning cisco devices 556 00:18:06,000 --> 00:18:07,919 or like linux machines or like windows 557 00:18:07,919 --> 00:18:10,480 machines or macs or whatever if you can 558 00:18:10,480 --> 00:18:12,559 use credentials um you can really like 559 00:18:12,559 --> 00:18:14,720 discover more vulnerabilities so i'll 560 00:18:14,720 --> 00:18:16,400 just click on the vulnerabilities tab 561 00:18:16,400 --> 00:18:17,919 here first and we'll just kind of like 562 00:18:17,919 --> 00:18:19,520 look at these a little bit we can see 563 00:18:19,520 --> 00:18:21,600 like um this this is essentially the 564 00:18:21,600 --> 00:18:23,919 list of findings and some of the these 565 00:18:23,919 --> 00:18:25,600 are mixed so if we click on this for 566 00:18:25,600 --> 00:18:27,520 example we can see it's like a 567 00:18:27,520 --> 00:18:29,520 combination of like mostly criticals and 568 00:18:29,520 --> 00:18:31,280 highs and you can see it's like mostly 569 00:18:31,280 --> 00:18:33,919 edge mostly edge which can probably be 570 00:18:33,919 --> 00:18:35,679 remediated from like updating running 571 00:18:35,679 --> 00:18:37,280 windows updates essentially and you can 572 00:18:37,280 --> 00:18:38,960 kind of look at these individual ones 573 00:18:38,960 --> 00:18:41,600 and and dive uh more deep into them to 574 00:18:41,600 --> 00:18:43,440 see like what the actual thing is and 575 00:18:43,440 --> 00:18:45,039 like how to fix it 576 00:18:45,039 --> 00:18:46,720 uh so we can go back a little bit we'll 577 00:18:46,720 --> 00:18:48,000 back up a little bit more so 578 00:18:48,000 --> 00:18:49,760 vulnerabilities around edge around 579 00:18:49,760 --> 00:18:52,160 windows around a bunch of other stuff um 580 00:18:52,160 --> 00:18:54,000 if we click on remediations this tab 581 00:18:54,000 --> 00:18:56,080 kind of gives us like a high level like 582 00:18:56,080 --> 00:18:58,400 instructions on how to like remediate 583 00:18:58,400 --> 00:18:59,679 most of the findings from like a really 584 00:18:59,679 --> 00:19:01,520 high level basically just like run 585 00:19:01,520 --> 00:19:03,200 windows updates is what i'm is what i'm 586 00:19:03,200 --> 00:19:05,120 seeing here um so security updates 587 00:19:05,120 --> 00:19:07,039 install this kb to fix a bunch of other 588 00:19:07,039 --> 00:19:09,039 ones and then all this is pretty much 589 00:19:09,039 --> 00:19:11,360 windows updates and this vpr top threats 590 00:19:11,360 --> 00:19:14,320 these vpr vpr top threats is essentially 591 00:19:14,320 --> 00:19:16,080 what tenable is like recommending we 592 00:19:16,080 --> 00:19:18,080 prioritize to remediate probably based 593 00:19:18,080 --> 00:19:21,360 on um cvss score and like whatever other 594 00:19:21,360 --> 00:19:24,559 metrics they use so like i would say um 595 00:19:24,559 --> 00:19:26,400 before like if i were 596 00:19:26,400 --> 00:19:28,240 doing this in like a an organization 597 00:19:28,240 --> 00:19:29,520 like the first thing you want to do is 598 00:19:29,520 --> 00:19:31,120 like make sure you have third-party 599 00:19:31,120 --> 00:19:33,760 patching and like windows os patching 600 00:19:33,760 --> 00:19:35,760 like set up properly and like properly 601 00:19:35,760 --> 00:19:37,440 being like tested and deployed on 602 00:19:37,440 --> 00:19:38,799 regular intervals so you don't have to 603 00:19:38,799 --> 00:19:40,880 like kind of go through and deal with 604 00:19:40,880 --> 00:19:43,200 these like individual vulnerabilities 605 00:19:43,200 --> 00:19:44,960 the related that are related to things 606 00:19:44,960 --> 00:19:46,960 that can be easily fixed by like augment 607 00:19:46,960 --> 00:19:48,799 automated patching and stuff like this 608 00:19:48,799 --> 00:19:51,520 so before um i start like 609 00:19:51,520 --> 00:19:53,840 remediating these and fixing them i'm 610 00:19:53,840 --> 00:19:55,600 gonna install some like deprecated 611 00:19:55,600 --> 00:19:57,919 software on this computer like a really 612 00:19:57,919 --> 00:19:59,600 old version of firefox and then we're 613 00:19:59,600 --> 00:20:01,760 gonna kind of run another scan and then 614 00:20:01,760 --> 00:20:03,919 observe the results from that as well so 615 00:20:03,919 --> 00:20:05,200 i'm gonna get this old version of 616 00:20:05,200 --> 00:20:07,360 firefox i'll put a i'll put a link to it 617 00:20:07,360 --> 00:20:09,200 in the description i was gonna say i'm 618 00:20:09,200 --> 00:20:10,799 worried about doing that but i'll put a 619 00:20:10,799 --> 00:20:12,080 link to it in the description it's 620 00:20:12,080 --> 00:20:14,400 really old from six years ago apparently 621 00:20:14,400 --> 00:20:16,720 so we'll just download this uh firefox 622 00:20:16,720 --> 00:20:18,960 3612. and make sure to do this make sure 623 00:20:18,960 --> 00:20:20,400 you're doing this in the virtual machine 624 00:20:20,400 --> 00:20:22,159 don't accidentally do it on your on your 625 00:20:22,159 --> 00:20:24,799 computer and that's 626 00:20:24,799 --> 00:20:26,880 what i'm actually doing so make sure to 627 00:20:26,880 --> 00:20:29,120 go to the virtual machine so we'll open 628 00:20:29,120 --> 00:20:31,280 up edge in our virtual machine and then 629 00:20:31,280 --> 00:20:33,520 we'll paste oh no i can't paste it i'm 630 00:20:33,520 --> 00:20:34,960 just gonna search like download 631 00:20:34,960 --> 00:20:36,960 deprecated firefox i shouldn't i 632 00:20:36,960 --> 00:20:38,559 shouldn't use the word deprecated i'll 633 00:20:38,559 --> 00:20:42,240 say download old firefox and 634 00:20:42,240 --> 00:20:44,159 i think i can click here and do it if 635 00:20:44,159 --> 00:20:46,080 you want to downgrade directory i'll go 636 00:20:46,080 --> 00:20:48,080 to directory of all old ones and then 637 00:20:48,080 --> 00:20:50,480 i'll get 3612. this is random by the way 638 00:20:50,480 --> 00:20:51,840 you can get any old version that you 639 00:20:51,840 --> 00:20:53,520 want i'm just using this one because i i 640 00:20:53,520 --> 00:20:58,080 did it already um win32 uh en us and 641 00:20:58,080 --> 00:20:59,919 i'll get this so we'll open this and 642 00:20:59,919 --> 00:21:02,400 then install this super old version of 643 00:21:02,400 --> 00:21:05,600 firefox we'll say next standard sure and 644 00:21:05,600 --> 00:21:07,840 then sure we can launch it i guess uh 645 00:21:07,840 --> 00:21:10,559 yeah why not cool so this is old old 646 00:21:10,559 --> 00:21:13,520 firefox so now we have an old firefox on 647 00:21:13,520 --> 00:21:15,120 our computer so we'll close this this is 648 00:21:15,120 --> 00:21:16,559 our virtual machine remember here's 649 00:21:16,559 --> 00:21:18,720 firefox and then so we will go back to 650 00:21:18,720 --> 00:21:21,039 our scans here this is on our host 651 00:21:21,039 --> 00:21:22,720 machine and this is nessus so we'll go 652 00:21:22,720 --> 00:21:24,240 back to our scans and we don't need to 653 00:21:24,240 --> 00:21:26,400 change our scan anymore we'll just click 654 00:21:26,400 --> 00:21:28,559 launch and it will just run another scan 655 00:21:28,559 --> 00:21:30,640 it will do the same thing scan all scan 656 00:21:30,640 --> 00:21:32,320 the common open ports inspect the 657 00:21:32,320 --> 00:21:35,360 registry inspect the services and then 658 00:21:35,360 --> 00:21:36,960 inspect the file system it's going to 659 00:21:36,960 --> 00:21:39,360 discover this old deprecated version of 660 00:21:39,360 --> 00:21:40,880 firefox there's like a million 661 00:21:40,880 --> 00:21:42,559 vulnerabilities in it probably so 662 00:21:42,559 --> 00:21:44,480 hopefully we'll we'll see that reflected 663 00:21:44,480 --> 00:21:46,159 in the scan results when this finishes 664 00:21:46,159 --> 00:21:47,760 here in a couple of minutes okay it's 665 00:21:47,760 --> 00:21:49,520 been a couple more minutes and our scan 666 00:21:49,520 --> 00:21:51,200 is finished so we can click on this 667 00:21:51,200 --> 00:21:53,039 again and we'll see like our our 668 00:21:53,039 --> 00:21:55,520 vulnerabilities like went up to 68 669 00:21:55,520 --> 00:21:57,039 critical now so before we kind of dive 670 00:21:57,039 --> 00:21:58,480 into these again we'll check out the 671 00:21:58,480 --> 00:22:00,159 history just so we can see like a trend 672 00:22:00,159 --> 00:22:02,159 in these so this is the first one in the 673 00:22:02,159 --> 00:22:04,400 bottom here we can see only info no 674 00:22:04,400 --> 00:22:06,320 credentials provided second one is our 675 00:22:06,320 --> 00:22:08,400 credentials provided and we you know we 676 00:22:08,400 --> 00:22:10,000 have a little bit more we have some 677 00:22:10,000 --> 00:22:12,000 criticals discovered in some highs and 678 00:22:12,000 --> 00:22:14,480 then we installed firefox like a really 679 00:22:14,480 --> 00:22:16,320 old one and then this is our current 680 00:22:16,320 --> 00:22:18,640 scan there's like a bunch more criticals 681 00:22:18,640 --> 00:22:21,039 whole bunch of criticals so we'll go to 682 00:22:21,039 --> 00:22:23,919 the um rem the vulnerabilities tab here 683 00:22:23,919 --> 00:22:26,159 and then we can kind of see this one at 684 00:22:26,159 --> 00:22:28,240 the very top mixed with firefox and 685 00:22:28,240 --> 00:22:30,880 total count of like 141 so if we click 686 00:22:30,880 --> 00:22:33,440 on this it's just absolutely chuck full 687 00:22:33,440 --> 00:22:35,039 of criticals just because that version 688 00:22:35,039 --> 00:22:37,039 of firefox is like so old it has so many 689 00:22:37,039 --> 00:22:38,480 vulnerabilities and it's not like you 690 00:22:38,480 --> 00:22:39,919 have to like go through like fix each 691 00:22:39,919 --> 00:22:41,280 one of these one at a time you can 692 00:22:41,280 --> 00:22:43,120 either just like upgrade firefox to the 693 00:22:43,120 --> 00:22:44,799 latest one or just like completely 694 00:22:44,799 --> 00:22:46,400 uninstall it and it will remediate the 695 00:22:46,400 --> 00:22:47,600 vulnerabilities so we can click 696 00:22:47,600 --> 00:22:49,440 remediations we pretty much see the same 697 00:22:49,440 --> 00:22:51,600 thing as last time except for um at the 698 00:22:51,600 --> 00:22:54,080 very top now we have a recommendation to 699 00:22:54,080 --> 00:22:56,640 upgrade firefox and then again this vpr 700 00:22:56,640 --> 00:22:59,039 top threats we have this uh kind of 701 00:22:59,039 --> 00:23:01,840 firefox in here again history first scan 702 00:23:01,840 --> 00:23:03,760 no credentials second credentials 703 00:23:03,760 --> 00:23:05,679 default windows install third scan 704 00:23:05,679 --> 00:23:08,480 firefox old firefox whole bunch of whole 705 00:23:08,480 --> 00:23:10,080 bunch of vulnerabilities that need to be 706 00:23:10,080 --> 00:23:12,240 remediated so the next step we're going 707 00:23:12,240 --> 00:23:14,400 to we're just going to try to remediate 708 00:23:14,400 --> 00:23:16,000 as many of these vulnerabilities as we 709 00:23:16,000 --> 00:23:17,840 can by doing like really simple things 710 00:23:17,840 --> 00:23:19,200 like we're just going to uninstall 711 00:23:19,200 --> 00:23:21,120 firefox totally and then we're going to 712 00:23:21,120 --> 00:23:22,799 just essentially like run windows 713 00:23:22,799 --> 00:23:25,280 updates until there's no more updates to 714 00:23:25,280 --> 00:23:27,360 that need to happen essentially so we'll 715 00:23:27,360 --> 00:23:29,360 go to our virtual machine here and then 716 00:23:29,360 --> 00:23:32,000 we can go to appwiz.cpl that's like a 717 00:23:32,000 --> 00:23:34,159 kind of shortcut to go to the this thing 718 00:23:34,159 --> 00:23:36,080 so we can go to firefox i'm just going 719 00:23:36,080 --> 00:23:38,000 to uninstall it to be honest uninstall 720 00:23:38,000 --> 00:23:40,320 firefox and then i'll go to windows 721 00:23:40,320 --> 00:23:42,480 update and let's see 722 00:23:42,480 --> 00:23:44,240 i guess i'll just manually check for 723 00:23:44,240 --> 00:23:45,679 updates i'll leave the settings to like 724 00:23:45,679 --> 00:23:47,039 whatever they are and then you can do 725 00:23:47,039 --> 00:23:48,720 this too just keep like running windows 726 00:23:48,720 --> 00:23:50,080 updates and res you might have to like 727 00:23:50,080 --> 00:23:51,440 restart and then run it again then 728 00:23:51,440 --> 00:23:53,679 restart and run it again i'll pause this 729 00:23:53,679 --> 00:23:55,200 and i'll i'll just kind of like let the 730 00:23:55,200 --> 00:23:57,039 updates happen then i'll come back to it 731 00:23:57,039 --> 00:23:59,039 again okay it updated for a while and 732 00:23:59,039 --> 00:24:00,480 it's asking for a restart so just go 733 00:24:00,480 --> 00:24:03,440 ahead and restart and repeat the process 734 00:24:03,440 --> 00:24:05,520 okay when it comes back up just go ahead 735 00:24:05,520 --> 00:24:08,000 and log in again and go to up windows 736 00:24:08,000 --> 00:24:10,159 updates again and just click check for 737 00:24:10,159 --> 00:24:12,799 updates one more time just to make sure 738 00:24:12,799 --> 00:24:14,400 okay it looks like it's installing some 739 00:24:14,400 --> 00:24:15,679 more so i'll go ahead and pause this and 740 00:24:15,679 --> 00:24:18,159 kind of let this continue so it actually 741 00:24:18,159 --> 00:24:19,840 looks like the updates are done so we'll 742 00:24:19,840 --> 00:24:22,400 go back to nessus go back to my scans 743 00:24:22,400 --> 00:24:24,880 and we'll run our scan one more time so 744 00:24:24,880 --> 00:24:26,720 we should expect to see a lot of the 745 00:24:26,720 --> 00:24:28,559 remediations done there should be a lot 746 00:24:28,559 --> 00:24:30,480 less highs and criticals like firefox 747 00:24:30,480 --> 00:24:32,000 should be gone like all the windows 748 00:24:32,000 --> 00:24:34,080 updates should be no longer required but 749 00:24:34,080 --> 00:24:36,080 we will let this finish and then check 750 00:24:36,080 --> 00:24:37,760 it out in a couple of minutes or for you 751 00:24:37,760 --> 00:24:39,200 it will be instantly because i'll edit 752 00:24:39,200 --> 00:24:40,960 this out so our last scan has finally 753 00:24:40,960 --> 00:24:43,600 finished so let's check this out so 754 00:24:43,600 --> 00:24:45,279 we'll click on this and before we like 755 00:24:45,279 --> 00:24:46,720 really dive in deep we can kind of see 756 00:24:46,720 --> 00:24:48,320 there's some some highs and some 757 00:24:48,320 --> 00:24:49,520 criticals and highs but we'll go to 758 00:24:49,520 --> 00:24:51,840 history over here and this is our 759 00:24:51,840 --> 00:24:53,760 current scan and this is the last scan 760 00:24:53,760 --> 00:24:56,480 right here before we uninstalled firefox 761 00:24:56,480 --> 00:24:58,640 and before we updated windows so we can 762 00:24:58,640 --> 00:25:00,159 see there's quite a bit more mediums 763 00:25:00,159 --> 00:25:01,840 quite a bit more sorry there's quite a 764 00:25:01,840 --> 00:25:03,279 bit more criticals quite a bit more 765 00:25:03,279 --> 00:25:05,840 highs so current after after removing 766 00:25:05,840 --> 00:25:07,440 firefox and running windows updates and 767 00:25:07,440 --> 00:25:09,840 then b4 so there's quite a bit less and 768 00:25:09,840 --> 00:25:12,720 this this scan right here this is the 769 00:25:12,720 --> 00:25:14,799 default install of windows and then this 770 00:25:14,799 --> 00:25:16,960 is the current one after updating 771 00:25:16,960 --> 00:25:19,120 windows so current or default and then 772 00:25:19,120 --> 00:25:20,400 current so we can kind of dive into 773 00:25:20,400 --> 00:25:22,000 these like a little bit it looks like 774 00:25:22,000 --> 00:25:24,559 the remaining vulnerabilities um most of 775 00:25:24,559 --> 00:25:26,640 them are around microsoft edge it looks 776 00:25:26,640 --> 00:25:28,720 like maybe windows update didn't update 777 00:25:28,720 --> 00:25:30,799 edge for some reason uh we can check 778 00:25:30,799 --> 00:25:33,520 this one a bunch of highs um i can't 779 00:25:33,520 --> 00:25:36,320 read these microsoft 3d viewer base 3d 780 00:25:36,320 --> 00:25:38,400 code something maybe this is some like 781 00:25:38,400 --> 00:25:40,480 native app that's installed oh yeah it 782 00:25:40,480 --> 00:25:42,080 is so it looks like there's some like 783 00:25:42,080 --> 00:25:44,159 random stuff that's still on this 784 00:25:44,159 --> 00:25:45,679 virtual machine that maybe it's like out 785 00:25:45,679 --> 00:25:47,760 of date or or something like this and 786 00:25:47,760 --> 00:25:49,440 you can just kind of look through this i 787 00:25:49,440 --> 00:25:51,440 won't like do any further remediations 788 00:25:51,440 --> 00:25:52,559 because this video is getting kind of 789 00:25:52,559 --> 00:25:54,960 long so but maybe you could consider 790 00:25:54,960 --> 00:25:57,440 you know figuring out exactly like how 791 00:25:57,440 --> 00:25:59,120 to update microsoft edge or like 792 00:25:59,120 --> 00:26:00,559 uninstall it if you're allowed to do 793 00:26:00,559 --> 00:26:02,000 that like i don't know but yeah it's 794 00:26:02,000 --> 00:26:03,520 pretty interesting um to kind of 795 00:26:03,520 --> 00:26:05,279 experiment with this and like install 796 00:26:05,279 --> 00:26:07,120 like really old stuff or me maybe even 797 00:26:07,120 --> 00:26:09,360 like get a hold of like a windows xp iso 798 00:26:09,360 --> 00:26:11,760 and install windows xp right and scan 799 00:26:11,760 --> 00:26:13,760 that and see what kind of like swiss 800 00:26:13,760 --> 00:26:16,159 cheese scan results like come back it's 801 00:26:16,159 --> 00:26:17,760 like going to be absolutely full of 802 00:26:17,760 --> 00:26:19,679 holes but yeah that is vulnerability 803 00:26:19,679 --> 00:26:21,120 management those are kind of like the 804 00:26:21,120 --> 00:26:22,960 really kind of the core components of 805 00:26:22,960 --> 00:26:24,400 vulnerability management just like 806 00:26:24,400 --> 00:26:26,080 scanning and remediating scanning and 807 00:26:26,080 --> 00:26:27,919 remediating but you know a lot more goes 808 00:26:27,919 --> 00:26:29,200 into it because you have to have like 809 00:26:29,200 --> 00:26:30,320 you know when you work at a big 810 00:26:30,320 --> 00:26:32,080 organization you usually will make some 811 00:26:32,080 --> 00:26:34,159 kind of standard and like policies and 812 00:26:34,159 --> 00:26:36,000 procedures and you have to kind of bring 813 00:26:36,000 --> 00:26:37,520 all the departments in and work with the 814 00:26:37,520 --> 00:26:38,960 individual groups to like get 815 00:26:38,960 --> 00:26:41,039 credentials for all their individual 816 00:26:41,039 --> 00:26:42,960 resources or maybe you use like a domain 817 00:26:42,960 --> 00:26:44,799 account to scan everything and it it 818 00:26:44,799 --> 00:26:46,320 gets a little bit more complicated when 819 00:26:46,320 --> 00:26:48,080 you're in a large organization but this 820 00:26:48,080 --> 00:26:50,000 is this is pretty much the guts of it 821 00:26:50,000 --> 00:26:51,360 just like scanning stuff finding 822 00:26:51,360 --> 00:26:53,279 vulnerabilities and then essentially 823 00:26:53,279 --> 00:26:55,200 remediating them you want to automate it 824 00:26:55,200 --> 00:26:57,120 as much of it as you can as possible 825 00:26:57,120 --> 00:26:58,960 like like updating like the third-party 826 00:26:58,960 --> 00:27:00,960 apps like windows update and in this 827 00:27:00,960 --> 00:27:02,559 kind of thing and you want to have like 828 00:27:02,559 --> 00:27:04,480 a secure build standard so like make 829 00:27:04,480 --> 00:27:06,159 sure the build is like already like 830 00:27:06,159 --> 00:27:08,720 remediated and like secure enough before 831 00:27:08,720 --> 00:27:10,080 it goes into production to kind of 832 00:27:10,080 --> 00:27:11,520 reduce the amount of vulnerabilities 833 00:27:11,520 --> 00:27:13,039 that get introduced but now that you've 834 00:27:13,039 --> 00:27:14,080 kind of like watched this you have a 835 00:27:14,080 --> 00:27:15,760 pretty good idea i would say of how 836 00:27:15,760 --> 00:27:17,679 vulnerability management works so you 837 00:27:17,679 --> 00:27:19,840 can you know practice this a bunch and 838 00:27:19,840 --> 00:27:21,279 consider like reading up on how to 839 00:27:21,279 --> 00:27:22,720 implement vulnerability management on 840 00:27:22,720 --> 00:27:24,240 like a large organization then you can 841 00:27:24,240 --> 00:27:26,159 like put something on your resume that 842 00:27:26,159 --> 00:27:27,600 might look something like this and then 843 00:27:27,600 --> 00:27:29,919 go ahead and start applying to jobs that 844 00:27:29,919 --> 00:27:31,279 are looking for like vulnerability 845 00:27:31,279 --> 00:27:33,039 management engineers or vulnerability 846 00:27:33,039 --> 00:27:34,640 management analysts or like whatever 847 00:27:34,640 --> 00:27:35,679 they're calling him because it's a 848 00:27:35,679 --> 00:27:37,360 relatively like straightforward process 849 00:27:37,360 --> 00:27:39,039 it's pretty easy technically speaking 850 00:27:39,039 --> 00:27:40,799 like the hard part about vulnerability 851 00:27:40,799 --> 00:27:42,559 vulnerability management usually comes 852 00:27:42,559 --> 00:27:44,000 from like dealing with the humans and 853 00:27:44,000 --> 00:27:45,600 like getting everyone to like coordinate 854 00:27:45,600 --> 00:27:47,600 that's like really difficult yeah i hope 855 00:27:47,600 --> 00:27:49,120 you enjoyed this um you thought if you 856 00:27:49,120 --> 00:27:50,720 thought it was interesting you know i'd 857 00:27:50,720 --> 00:27:52,640 appreciate if you liked and consider 858 00:27:52,640 --> 00:27:54,080 subscribing and if you have any 859 00:27:54,080 --> 00:27:55,760 questions or comments criticism please 860 00:27:55,760 --> 00:27:57,120 like let me know in the comment section 861 00:27:57,120 --> 00:27:59,440 i 100 read all the comments every time i 862 00:27:59,440 --> 00:28:00,880 respond to everybody's comment if you 863 00:28:00,880 --> 00:28:01,919 feel like supporting me i do have a 864 00:28:01,919 --> 00:28:03,840 patreon but other than that thank you so 865 00:28:03,840 --> 00:28:05,520 much for watching and we will see you in 866 00:28:05,520 --> 00:28:09,480 the next video bye 867 00:28:10,030 --> 00:28:20,480 [Music] 868 00:28:20,480 --> 00:28:22,559 you