Hey everybody, Josh here. Welcome back to
my channel. I do a lot of videos on IT
cyber security education and career
things, and today's video is going to be
on vulnerability management. We're
actually going to be doing a
vulnerability management lab where we
install Nessus Essentials and we install
VMware Workstation Player, and set up
Windows 10 inside of a VM, install some
old deprecated software on it, and then
we're going to be doing some
vulnerability scans against that virtual
machine to kind of discover any
vulnerabilities that might be on there,
and then we're going to go ahead and
remediate one or two of those just so we
can kind of observe what's happening. I
figured this would be a good video to do
because there's like quite a few
vulnerability management jobs on
LinkedIn and I've gotten a
lot of spam from recruiters for these
type of positions, and actually the last
real job I had I was a vulnerability
management program manager for King
County here in Washington State so I
kind of did this on an ongoing basis for
a while. Basically what vulnerability
management is continuously assessing
your assets, discovering vulnerabilities,
remediating them to an acceptable risk,
and then kind of starting the process
over and over again to kind of make sure
the risk in the whole organization is
low or at least an acceptable level. So I
think if you kind of watch this video
and practice it a few times, you can get
pretty good at it and get an idea of how
vulnerability management might work in
like a larger corporation. This is
definitely something you can put on your
resume. It might look something like this.
So it will definitely help you out. So
yeah, if you're excited to learn
vulnerability management, consider
smashing that like button and let's get
started. So the first thing we're going
to do is go ahead and
download and install VMware Player. Now
you probably want to have like a
semi-decent computer to be able
to do this, maybe like at least eight
gigabytes of ram and maybe dual core
or something. But if you don't know about
any of that, just try to go ahead and do
it, and if something fails, then it fails.=
I suppose. But go ahead and download
VMware Player. I'll put a link to this in
the description. Just download
for Windows. I'm not gonna do it again
because I already have it, but just go
ahead and like click this, download it,
and install it. You can see mine started
downloading, I'm just going to go ahead
and cancel this. And then while you're
waiting for VMware Player to download,
we'll go ahead and download the Windows
10 ISO. That's basically a file that'll
let us install windows 10 onto our
virtual machine. So again, I'll put a link
to this in the description as well, but
just go ahead and go to it, and then
you'll go to where it says create
Windows 10 installation media and you'll
say download tool, and when
this downloads, just go ahead and open it.
Don't be surprised if this takes a while
to like start up and download. So we'll
just say accept. And then we're going to
click
create installation media. We want to get
an ISO file so we'll say next. This looks
good. And we're going to say ISO file, be
sure to select this. And then we'll just
choose where it goes. I like this nice xp
pro ISO that I have. Go ahead and put it
in a folder, just remember what folder
you put in. So I'll just save it to my C:
_ISOs folder and then we'll
wait for this to finish. And while this
is going, we can actually
download and install Nessus
Essentials which is going to
be the vulnerability scanner that we use
to actually conduct our scans. So I'll
put a link to this in the description as
well, but you can probably find it on google.
And just basically like fill this thing
out. After you fill this out, you'll be
able to download it and it will send
like a key to your email, so just go
ahead and- actually I'll just do it. just
fill this thing out cool so it will send
an email um inside of your email i can't
show it because it has a key and like i
don't know so inside of your email
there'll be like a button that says uh
download nessus and then there will be a
key go ahead and click the button to
download nessus and it will take you to
a page that looks like this and just
click on nessus and we already have an
activation code it should be in your
email so we'll pick the one for this one
it says windows server 2008 blah blah
blah and then it says 10 in here so
we'll download this just say agree and
then you know download it anywhere and
then meanwhile remember in the
background windows 10 should be still
downloading virtual vmware player might
be downloading still too so we just have
to install that on your own i'm not
going to show it on the screen because i
already have it installed here we are at
the tenable setup so we just say next
accept and just accept this location and
then go ahead and install it and then
say finish
and then it's going to kind of um show
this like socket up here like localhost
in the port um i would recommend saving
this url because it's it's kind of
annoying if you lose it so just save it
in like a notepad somewhere or something
like this and then we'll say connect via
ssl and just say advanced and then say
proceed and this takes a while to set up
the very first time it has to like
initialize and install things and i
assume download a whole bunch of
definitions or something like this so
just go get like some coffee or
something while you while you wait for
this to happen because it will take a
while to do and we're going to say
nessus essentials it's essentially free
you can read the i guess license
agreement if you want but we're going to
install essentials and then just fill
this thing out and we'll get an
activation code i believe i have one
already um it should have emailed it to
you actually it should have emailed the
activation code to you so maybe skip
this and then just paste the activation
code that was that was in your email
that you already received and just
continue and then this is where you're
going to set up a username and password
just make sure you don't forget this it
might be troublesome you know if you
forget it you'll have to reset it or
something like this so just uh set up a
password i guess and this this is a part
that takes a while so just you know go
get coffee or sandwich or something and
we will meet back here okay so while
this is still installing and
initializing and doing everything it
needs to do let's go ahead and set up
our virtual machine since this is going
to take some time anyway so by now you
should have downloaded and installed um
vmware workstation player so we'll just
go ahead and open this up and check on
your windows 10 iso download it should
be finished by now as well maybe it
looks something like this and then it
shows you like where it's at the ci so
it's windows or yeah wherever you put
yours so just take note of this and
we'll say finish cool and then we're
going to create a new virtual machine
inside of vmware workstation player
we'll go to player and then file and
then new virtual machine and then
for the installer we're going to say
browse and then we'll just browse to
wherever you downloaded the windows 10
iso so this could probably be named
something better but that's okay so
we'll say next and just name this
something appropriate this is fine this
location's fine i guess you can change
it if you want so we'll say next maximum
disk size um this is fine we're not
gonna really put anything on it i'm just
gonna put set mine at 50 and then we'll
go to customize hardware and for memory
like if you don't know how much ram you
have maybe just like leave this as it is
i'm going to increase mine a little bit
i'll increase this a little bit if you
don't know about your cpu just leave it
as is but we do have to change the
network adapter we should change it to
bridged without explaining too deeply
bridge kind of puts this virtual machine
on the same network as your actual
physical computer so your nessus
implement implementation can talk to the
virtual machine
more easily this looks good we'll close
this and this is good power on after
creation we'll say finish kind of move
tenable
to the side
and then after the vm finishes getting
kind of created it's going to launch and
then we're going to have a chance to
install windows be sure to press any key
to boot into the iso when it asks and if
your cursor is gone you can see
in the lower left it says like press
control alt to release your cursor and
then you can get your cursor back so
we're just going to install windows 10.
so we'll just say next install and say i
don't have a product key you can close
this message down here and just pick
windows 10 pro and say next and we'll
say accept say next and say custom and
then this is our blank hard drive so
click on that the only one you can click
and just say next and then this will
take some time to install too so i'll
kind of come back when one of these
finishes cool so it looks like both
finished now i'll just finish setting up
the vm i will say yes and us and skip
and for nessus we'll just kind of uh
we'll close this thing here and then
we'll we'll just kind of wait on this
until we finish setting up the virtual
machine
and we'll say set up for personal use
next and then we'll say offline account
limited experience and then just name
i don't know just name it like admin and
put make a password but just remember
what it is make it like something simple
because we're going to use this later
for the credentialed scans so just
remember what it is it's troublesome you
know if you forget it
just make up make up something for these
if it asks you this is just like you
know a junk vm no one cares say no for
all of these things not now cool okay
now everything is totally set up we have
our vm here and then we have our nessus
essentials set up and ready to go so for
now we're just going to do a kind of
basic scan against the virtual machine
there's we're going to do a credentialed
scan later which i'll kind of explain
but i just want to make sure we can scan
it and make sure we can kind of get some
kind of result back so before we do that
i'm going to go to the vm and like get
the ip address from it so go make sure
to go to the vm not your actual computer
but go to the vm click start open up
command line and then we will type
ipconfig just to get the ipv4 ip address
and we're going to ping this from our
local machine just to make sure that we
can reach it i guess essentially so open
up the command like command line on your
pc and we will just say we'll just ping
this ip address so we'll just say ping
10.0.0.189 and then we'll do dash t
which means like perpetual ping like
keep going forever until we cancel it
and we see like it's it's timing out so
we just have to disable the firewall on
our virtual machine here you might not
want to do this in production it just
depends on like what other controls you
have in place so we will minimize this
we'll go to our vm here and then we will
type
wf.msc it's this windows firewall
microsoft something console can't
remember so we'll open the firewall and
we're just going to do a lot of this
stuff for our lab so we'll go to
defender firewall properties and just on
these first three tabs we'll just turn
all three of them off like domain
profile off private profile off public
profile off and we'll just say okay here
the firewall is off and then we notice
that the ping is kind of going through
on our our local computer here so we can
press control c to cancel this and we'll
just copy this ip address this is the ip
address of our vm we will close this and
then this is um our nessus essentials
essentially it's it's like a web app
essentially so we'll go back to this and
then we're going to create a new scan so
we'll just do a basic network scan here
and so we'll just name it like i don't
know windows 10 single host something
like this and then for targets we'll
just paste this is our our virtual
machine's ip address so we'll just kind
of paste it in here we don't really need
to change anything else on here we're
just going to do like a manual scan but
you you know take note that you can do
like a scheduled scan if you're working
in an organization you want to scan like
every x days or like every tuesday or
something like this or scan common ports
support scan all ports obviously all
ports going to take longer you can
customize it there's a bunch of settings
that you can kind of explore in here on
your own and there is um there's also
this credentials page which we'll get
into in a little bit but basically you
can we won't do this yet but you can
enter credentials in here like the
username and password that we made when
we created the virtual machine and then
the scanner will kind of go into the
machine more deeply and like look
through the registry and the file system
and like more things and the reason for
this is you can kind of discover more
vulnerabilities if you have like
deprecated software or insecure services
or something like this running
this is what this kind of credential the
credentials page is for but right now
we're just going to do like a basic
network kind of port scan it's not going
to be too deep just want to make sure we
can scan it and get some kind of
information back so we have our ip
address and we will just say save we'll
remove this credentials oops and then
just say save and then this is our this
is our scan um it's not running it's
just kind of like a scan that's
configured that we can run in the future
so we'll just go ahead and click launch
now and launch the scan and i believe
you can you can kind of sometimes see
the progress of it like if you click it
you can see you know what it has done so
far it makes like little logs and then
the findings will kind of be on this
page but we can just go back click back
to my host and then back to my scans and
we'll just kind of wait for this to
finish cool so we can now see that our
scan has finished over here um says like
today and there's like a check mark so
we can just kind of click this to look
at the individual results for it and you
can see like down here like blue is info
green is low medium it's yellow etc and
depending on the organization you work
for like a lot of people a lot of orgs
like won't even depending on what they
are a lot of orgs won't even like really
touch medium or lows because they have
like so many criticals and highs that
kind of take precedence and because we
didn't use any credentials for our scan
we don't really see that much of what
might be actually vulnerable inside the
vm but we do see like some things here
so we can click we can click
vulnerabilities up here and just kind of
look through these a tiny bit we can see
like smb signing is not required if
that's something that your org cares
about you can kind of read about it here
more and consider like implementing
implement implementing the solution to
kind of remediate this vulnerability
there's other kind of interesting things
in here trace route information it's
listed as info means it means it's not
could not necessarily be a vulnerability
but just something you should be aware
of that you can see tracer information
which means like icmp is
accepted on this on this particular host
and down here we can see
target credential status by
authentication protocol and it says like
nessus was not able to successfully
authenticate to the remote target
because we didn't actually provide any
credentials and we can see that down
here um smb was detected on port 445
means it's listening on 445 but we
didn't provide any credentials that's a
kind of vulnerability that's a
vulnerability scan some basic results so
the next thing we're going to do is
we're going to we're going to set up the
virtual machine to be able to accept
authenticated scans and then we're going
to provide some credentials to nessus
and then we're going to try to rescan
the virtual machine with credentials and
then kind of compare the results of the
new scan which with these ones that
we're looking at here so we'll go back
to my scans actually we'll go back to
the virtual machine here and then we'll
open up
services.msc and there may be better
ways to do what i'm doing like
especially if you're in like a corporate
environment um i got these steps from
nessus the things that they recommend to
actually do credentialed scans against
windows hosts that are not on the domain
so that's that's kind of what we're
using here so i'm just going to first
i'm going to enable the remote registry
remote registry which will allow the
scanner to connect to this computer's
registry and like kind of crawl through
the registry and look for insecure
configurations like maybe deprecated
cypher suites that might be enabled you
kind of enable and disable those in the
registry so i'm just going to enable
remote registry so our scanner can
connect to the registry so i enabled it
and i turned it on and then next we're
going to be careful when you close this
you don't close the actual vm i'm just
closing like the window inside i'll
close the firewall and next thing i'll
enable file and printer sharing so oh it
looks like it's possibly already on turn
on sharing so anyone with network uh i
don't think public folder sharing needs
to be on i was going to turn this on but
it looks like it's on already turn on
network discovery file and printer
sharing oh looks like it's already on if
yours are not on just make sure to turn
the file and printer printer sharing on
and then we will go to user account
control and this is not good to do um
but our computer is not on the domain so
we have to do these kind of hack things
to be able to scan it so i'll disable
this say okay so yes and then we're
going to open the registry and then
add a key that's supposed to allow the
remote account to like connect in and
next we're going to connect to the
registry and add a key that's supposed
to i guess further disable user account
control for the remote account we're
going to use it to connect to this
computer during our scan so just go to
start and type reg edit again i got this
documentation from nessus i'll put a
link to in the description so we will
browse to a local machine here so we'll
go to local machine software microsoft
windows current version policies system
and then inside here we'll create a
d word called local account token filter
policy so
local account token filter policy local
account token filter policy say enter
and then we'll set this value to 1 and
we'll close this and we'll go ahead and
restart our virtual machine at this
point cool and then we'll log in
remember our username i made mine admin
and then whatever your password is just
make sure you don't forget it and we
should be ready to scan our computer now
we're going to edit the scan that we
made so go back to nessus essentials and
then we will oh so check this box next
to the scan and go to more and then go
to configure and then we're going to add
a set of credentials to this and we're
going to add a windows credentials so
we're going to use password and remember
our username is admin so if you go to
the vm and go to cm cmd and type like
who am i um the name is the name is
admin right so we'll say admin and then
whatever you made the password and i
believe
i believe we can like leave all these
things as default if it breaks i mean
maybe we can come back and configure or
if it doesn't work we can check it so
we'll save this as it is so saved and
we'll go back and back to scans and then
we'll we'll run this scan one more time
when this finishes we'll compare the
results with the first scan and
technically we should see more results
with this one because we enabled
credentialed scanning and we kind of
configured the vm to accept remote scan
so we'll see what happens so i'll just
pause this and i'll come back i'll pause
the video and come back when it finishes
okay it's been a few minutes and it
looks like our scan is finished here so
we will click on this and we can see
like immediately remember last time we
we had like one medium and a bunch of
infos now we have like seven criticals
38 highs and you know four mediums and a
whole bunch more infos it's pretty
interesting so before we like really
dive into the vulnerabilities and all
this i'll just click on history over
here really quick and this is the
current one and you can see the
vulnerabilities down here um you can see
you know five percent criticals etc and
then if we click on our first scan we
can see like we didn't use credentials
for this so we couldn't look at the file
system or the registry or any other
running services or or any of that so
you can see this there's like a big
difference in doing credentialed scan
versus like uncredentialed scans so this
kind of like solidifies the importance
of running credential scans whether or
not you're like scanning cisco devices
or like linux machines or like windows
machines or macs or whatever if you can
use credentials um you can really like
discover more vulnerabilities so i'll
just click on the vulnerabilities tab
here first and we'll just kind of like
look at these a little bit we can see
like um this this is essentially the
list of findings and some of the these
are mixed so if we click on this for
example we can see it's like a
combination of like mostly criticals and
highs and you can see it's like mostly
edge mostly edge which can probably be
remediated from like updating running
windows updates essentially and you can
kind of look at these individual ones
and and dive uh more deep into them to
see like what the actual thing is and
like how to fix it
uh so we can go back a little bit we'll
back up a little bit more so
vulnerabilities around edge around
windows around a bunch of other stuff um
if we click on remediations this tab
kind of gives us like a high level like
instructions on how to like remediate
most of the findings from like a really
high level basically just like run
windows updates is what i'm is what i'm
seeing here um so security updates
install this kb to fix a bunch of other
ones and then all this is pretty much
windows updates and this vpr top threats
these vpr vpr top threats is essentially
what tenable is like recommending we
prioritize to remediate probably based
on um cvss score and like whatever other
metrics they use so like i would say um
before like if i were
doing this in like a an organization
like the first thing you want to do is
like make sure you have third-party
patching and like windows os patching
like set up properly and like properly
being like tested and deployed on
regular intervals so you don't have to
like kind of go through and deal with
these like individual vulnerabilities
the related that are related to things
that can be easily fixed by like augment
automated patching and stuff like this
so before um i start like
remediating these and fixing them i'm
gonna install some like deprecated
software on this computer like a really
old version of firefox and then we're
gonna kind of run another scan and then
observe the results from that as well so
i'm gonna get this old version of
firefox i'll put a i'll put a link to it
in the description i was gonna say i'm
worried about doing that but i'll put a
link to it in the description it's
really old from six years ago apparently
so we'll just download this uh firefox
3612. and make sure to do this make sure
you're doing this in the virtual machine
don't accidentally do it on your on your
computer and that's
what i'm actually doing so make sure to
go to the virtual machine so we'll open
up edge in our virtual machine and then
we'll paste oh no i can't paste it i'm
just gonna search like download
deprecated firefox i shouldn't i
shouldn't use the word deprecated i'll
say download old firefox and
i think i can click here and do it if
you want to downgrade directory i'll go
to directory of all old ones and then
i'll get 3612. this is random by the way
you can get any old version that you
want i'm just using this one because i i
did it already um win32 uh en us and
i'll get this so we'll open this and
then install this super old version of
firefox we'll say next standard sure and
then sure we can launch it i guess uh
yeah why not cool so this is old old
firefox so now we have an old firefox on
our computer so we'll close this this is
our virtual machine remember here's
firefox and then so we will go back to
our scans here this is on our host
machine and this is nessus so we'll go
back to our scans and we don't need to
change our scan anymore we'll just click
launch and it will just run another scan
it will do the same thing scan all scan
the common open ports inspect the
registry inspect the services and then
inspect the file system it's going to
discover this old deprecated version of
firefox there's like a million
vulnerabilities in it probably so
hopefully we'll we'll see that reflected
in the scan results when this finishes
here in a couple of minutes okay it's
been a couple more minutes and our scan
is finished so we can click on this
again and we'll see like our our
vulnerabilities like went up to 68
critical now so before we kind of dive
into these again we'll check out the
history just so we can see like a trend
in these so this is the first one in the
bottom here we can see only info no
credentials provided second one is our
credentials provided and we you know we
have a little bit more we have some
criticals discovered in some highs and
then we installed firefox like a really
old one and then this is our current
scan there's like a bunch more criticals
whole bunch of criticals so we'll go to
the um rem the vulnerabilities tab here
and then we can kind of see this one at
the very top mixed with firefox and
total count of like 141 so if we click
on this it's just absolutely chuck full
of criticals just because that version
of firefox is like so old it has so many
vulnerabilities and it's not like you
have to like go through like fix each
one of these one at a time you can
either just like upgrade firefox to the
latest one or just like completely
uninstall it and it will remediate the
vulnerabilities so we can click
remediations we pretty much see the same
thing as last time except for um at the
very top now we have a recommendation to
upgrade firefox and then again this vpr
top threats we have this uh kind of
firefox in here again history first scan
no credentials second credentials
default windows install third scan
firefox old firefox whole bunch of whole
bunch of vulnerabilities that need to be
remediated so the next step we're going
to we're just going to try to remediate
as many of these vulnerabilities as we
can by doing like really simple things
like we're just going to uninstall
firefox totally and then we're going to
just essentially like run windows
updates until there's no more updates to
that need to happen essentially so we'll
go to our virtual machine here and then
we can go to appwiz.cpl that's like a
kind of shortcut to go to the this thing
so we can go to firefox i'm just going
to uninstall it to be honest uninstall
firefox and then i'll go to windows
update and let's see
i guess i'll just manually check for
updates i'll leave the settings to like
whatever they are and then you can do
this too just keep like running windows
updates and res you might have to like
restart and then run it again then
restart and run it again i'll pause this
and i'll i'll just kind of like let the
updates happen then i'll come back to it
again okay it updated for a while and
it's asking for a restart so just go
ahead and restart and repeat the process
okay when it comes back up just go ahead
and log in again and go to up windows
updates again and just click check for
updates one more time just to make sure
okay it looks like it's installing some
more so i'll go ahead and pause this and
kind of let this continue so it actually
looks like the updates are done so we'll
go back to nessus go back to my scans
and we'll run our scan one more time so
we should expect to see a lot of the
remediations done there should be a lot
less highs and criticals like firefox
should be gone like all the windows
updates should be no longer required but
we will let this finish and then check
it out in a couple of minutes or for you
it will be instantly because i'll edit
this out so our last scan has finally
finished so let's check this out so
we'll click on this and before we like
really dive in deep we can kind of see
there's some some highs and some
criticals and highs but we'll go to
history over here and this is our
current scan and this is the last scan
right here before we uninstalled firefox
and before we updated windows so we can
see there's quite a bit more mediums
quite a bit more sorry there's quite a
bit more criticals quite a bit more
highs so current after after removing
firefox and running windows updates and
then b4 so there's quite a bit less and
this this scan right here this is the
default install of windows and then this
is the current one after updating
windows so current or default and then
current so we can kind of dive into
these like a little bit it looks like
the remaining vulnerabilities um most of
them are around microsoft edge it looks
like maybe windows update didn't update
edge for some reason uh we can check
this one a bunch of highs um i can't
read these microsoft 3d viewer base 3d
code something maybe this is some like
native app that's installed oh yeah it
is so it looks like there's some like
random stuff that's still on this
virtual machine that maybe it's like out
of date or or something like this and
you can just kind of look through this i
won't like do any further remediations
because this video is getting kind of
long so but maybe you could consider
you know figuring out exactly like how
to update microsoft edge or like
uninstall it if you're allowed to do
that like i don't know but yeah it's
pretty interesting um to kind of
experiment with this and like install
like really old stuff or me maybe even
like get a hold of like a windows xp iso
and install windows xp right and scan
that and see what kind of like swiss
cheese scan results like come back it's
like going to be absolutely full of
holes but yeah that is vulnerability
management those are kind of like the
really kind of the core components of
vulnerability management just like
scanning and remediating scanning and
remediating but you know a lot more goes
into it because you have to have like
you know when you work at a big
organization you usually will make some
kind of standard and like policies and
procedures and you have to kind of bring
all the departments in and work with the
individual groups to like get
credentials for all their individual
resources or maybe you use like a domain
account to scan everything and it it
gets a little bit more complicated when
you're in a large organization but this
is this is pretty much the guts of it
just like scanning stuff finding
vulnerabilities and then essentially
remediating them you want to automate it
as much of it as you can as possible
like like updating like the third-party
apps like windows update and in this
kind of thing and you want to have like
a secure build standard so like make
sure the build is like already like
remediated and like secure enough before
it goes into production to kind of
reduce the amount of vulnerabilities
that get introduced but now that you've
kind of like watched this you have a
pretty good idea i would say of how
vulnerability management works so you
can you know practice this a bunch and
consider like reading up on how to
implement vulnerability management on
like a large organization then you can
like put something on your resume that
might look something like this and then
go ahead and start applying to jobs that
are looking for like vulnerability
management engineers or vulnerability
management analysts or like whatever
they're calling him because it's a
relatively like straightforward process
it's pretty easy technically speaking
like the hard part about vulnerability
vulnerability management usually comes
from like dealing with the humans and
like getting everyone to like coordinate
that's like really difficult yeah i hope
you enjoyed this um you thought if you
thought it was interesting you know i'd
appreciate if you liked and consider
subscribing and if you have any
questions or comments criticism please
like let me know in the comment section
i 100 read all the comments every time i
respond to everybody's comment if you
feel like supporting me i do have a
patreon but other than that thank you so
much for watching and we will see you in
the next video bye
[Music]
you