WEBVTT 00:00:00.000 --> 00:00:01.599 Hey everybody, Josh here. Welcome back to 00:00:01.599 --> 00:00:03.520 my channel. I do a lot of videos on IT 00:00:03.520 --> 00:00:05.600 cyber security education and career 00:00:05.600 --> 00:00:07.520 things, and today's video is going to be 00:00:07.520 --> 00:00:09.280 on vulnerability management. We're 00:00:09.280 --> 00:00:10.160 actually going to be doing a 00:00:10.160 --> 00:00:12.000 vulnerability management lab where we 00:00:12.000 --> 00:00:13.840 install Nessus Essentials and we install 00:00:13.840 --> 00:00:15.679 VMware Workstation Player, and set up 00:00:15.679 --> 00:00:18.000 Windows 10 inside of a VM, install some 00:00:18.000 --> 00:00:19.920 old deprecated software on it, and then 00:00:19.920 --> 00:00:21.119 we're going to be doing some 00:00:21.119 --> 00:00:23.199 vulnerability scans against that virtual 00:00:23.199 --> 00:00:24.720 machine to kind of discover any 00:00:24.720 --> 00:00:26.400 vulnerabilities that might be on there, 00:00:26.400 --> 00:00:27.439 and then we're going to go ahead and 00:00:27.439 --> 00:00:29.359 remediate one or two of those just so we 00:00:29.359 --> 00:00:31.119 can kind of observe what's happening. I 00:00:31.119 --> 00:00:32.640 figured this would be a good video to do 00:00:32.640 --> 00:00:33.840 because there's like quite a few 00:00:33.840 --> 00:00:36.000 vulnerability management jobs on 00:00:36.000 --> 00:00:37.760 LinkedIn and I've gotten a 00:00:37.760 --> 00:00:39.600 lot of spam from recruiters for these 00:00:39.600 --> 00:00:41.600 type of positions, and actually the last 00:00:41.600 --> 00:00:43.360 real job I had I was a vulnerability 00:00:43.360 --> 00:00:45.360 management program manager for King 00:00:45.360 --> 00:00:47.120 County here in Washington State so I 00:00:47.120 --> 00:00:49.680 kind of did this on an ongoing basis for 00:00:49.680 --> 00:00:51.199 a while. Basically what vulnerability 00:00:51.199 --> 00:00:53.360 management is continuously assessing 00:00:53.360 --> 00:00:55.120 your assets, discovering vulnerabilities, 00:00:55.120 --> 00:00:57.520 remediating them to an acceptable risk, 00:00:57.520 --> 00:00:59.199 and then kind of starting the process 00:00:59.199 --> 00:01:00.640 over and over again to kind of make sure 00:01:00.640 --> 00:01:02.879 the risk in the whole organization is 00:01:02.879 --> 00:01:05.360 low or at least an acceptable level. So I 00:01:05.360 --> 00:01:07.280 think if you kind of watch this video 00:01:07.280 --> 00:01:09.200 and practice it a few times, you can get 00:01:09.200 --> 00:01:11.439 pretty good at it and get an idea of how 00:01:11.439 --> 00:01:13.200 vulnerability management might work in 00:01:13.200 --> 00:01:15.119 like a larger corporation. This is 00:01:15.119 --> 00:01:16.400 definitely something you can put on your 00:01:16.400 --> 00:01:20.159 resume. It might look something like this. 00:01:22.000 --> 00:01:23.680 So it will definitely help you out. So 00:01:23.680 --> 00:01:25.040 yeah, if you're excited to learn 00:01:25.040 --> 00:01:26.400 vulnerability management, consider 00:01:26.400 --> 00:01:28.080 smashing that like button and let's get 00:01:28.080 --> 00:01:29.520 started. So the first thing we're going 00:01:29.520 --> 00:01:31.360 to do is go ahead and 00:01:31.360 --> 00:01:33.840 download and install VMware Player. Now 00:01:33.840 --> 00:01:35.439 you probably want to have like a 00:01:35.439 --> 00:01:37.680 semi-decent computer to be able 00:01:37.680 --> 00:01:39.280 to do this, maybe like at least eight 00:01:39.280 --> 00:01:41.360 gigabytes of ram and maybe dual core 00:01:41.360 --> 00:01:42.640 or something. But if you don't know about 00:01:42.640 --> 00:01:44.560 any of that, just try to go ahead and do 00:01:44.560 --> 00:01:46.560 it, and if something fails, then it fails.= 00:01:46.560 --> 00:01:47.840 I suppose. But go ahead and download 00:01:47.840 --> 00:01:49.759 VMware Player. I'll put a link to this in 00:01:49.759 --> 00:01:51.920 the description. Just download 00:01:51.920 --> 00:01:53.520 for Windows. I'm not gonna do it again 00:01:53.520 --> 00:01:54.799 because I already have it, but just go 00:01:54.799 --> 00:01:56.479 ahead and like click this, download it, 00:01:56.479 --> 00:01:58.079 and install it. You can see mine started 00:01:58.079 --> 00:01:59.360 downloading, I'm just going to go ahead 00:01:59.360 --> 00:02:00.640 and cancel this. And then while you're 00:02:00.640 --> 00:02:02.240 waiting for VMware Player to download, 00:02:02.240 --> 00:02:03.759 we'll go ahead and download the Windows 00:02:03.759 --> 00:02:06.000 10 ISO. That's basically a file that'll 00:02:06.000 --> 00:02:08.479 let us install windows 10 onto our 00:02:08.479 --> 00:02:10.399 virtual machine. So again, I'll put a link 00:02:10.399 --> 00:02:11.920 to this in the description as well, but 00:02:11.920 --> 00:02:14.480 just go ahead and go to it, and then 00:02:14.480 --> 00:02:15.920 you'll go to where it says create 00:02:15.920 --> 00:02:17.760 Windows 10 installation media and you'll 00:02:17.760 --> 00:02:19.760 say download tool, and when 00:02:19.760 --> 00:02:21.280 this downloads, just go ahead and open it. 00:02:21.280 --> 00:02:22.879 Don't be surprised if this takes a while 00:02:22.879 --> 00:02:24.480 to like start up and download. So we'll 00:02:24.480 --> 00:02:26.959 just say accept. And then we're going to 00:02:26.959 --> 00:02:27.760 click 00:02:27.760 --> 00:02:29.760 create installation media. We want to get 00:02:29.760 --> 00:02:32.319 an ISO file so we'll say next. This looks 00:02:32.319 --> 00:02:34.879 good. And we're going to say ISO file, be 00:02:34.879 --> 00:02:36.720 sure to select this. And then we'll just 00:02:36.720 --> 00:02:38.879 choose where it goes. I like this nice xp 00:02:38.879 --> 00:02:40.879 pro ISO that I have. Go ahead and put it 00:02:40.879 --> 00:02:42.560 in a folder, just remember what folder 00:02:42.560 --> 00:02:45.120 you put in. So I'll just save it to my C: 00:02:45.120 --> 00:02:47.360 _ISOs folder and then we'll 00:02:47.360 --> 00:02:49.120 wait for this to finish. And while this 00:02:49.120 --> 00:02:50.400 is going, we can actually 00:02:50.400 --> 00:02:52.800 download and install Nessus 00:02:52.800 --> 00:02:54.319 Essentials which is going to 00:02:54.319 --> 00:02:56.400 be the vulnerability scanner that we use 00:02:56.400 --> 00:02:58.319 to actually conduct our scans. So I'll 00:02:58.319 --> 00:03:00.080 put a link to this in the description as 00:03:00.080 --> 00:03:01.920 well, but you can probably find it on google. 00:03:01.920 --> 00:03:04.400 And just basically like fill this thing 00:03:04.400 --> 00:03:05.840 out. After you fill this out, you'll be 00:03:05.840 --> 00:03:07.200 able to download it and it will send 00:03:07.200 --> 00:03:09.200 like a key to your email, so just go 00:03:09.200 --> 00:03:11.120 ahead and- actually I'll just do it. Just 00:03:11.120 --> 00:03:13.599 fill this thing out, cool. So it will send 00:03:13.599 --> 00:03:16.319 an email inside of your email, I can't 00:03:16.319 --> 00:03:17.920 show it because it has a key and like, I 00:03:17.920 --> 00:03:19.599 don't know, so inside of your email 00:03:19.599 --> 00:03:21.440 there'll be like a button that says 00:03:21.440 --> 00:03:23.440 download Nessus and then there will be a 00:03:23.440 --> 00:03:24.879 key. Go ahead and click the button to 00:03:24.879 --> 00:03:26.560 download Nessus and it will take you to 00:03:26.560 --> 00:03:28.319 a page that looks like this, and just 00:03:28.319 --> 00:03:30.319 click on Nessus. And we already have an 00:03:30.319 --> 00:03:32.239 activation code, it should be in your 00:03:32.239 --> 00:03:35.200 email, so we'll pick the one for, this one, 00:03:35.200 --> 00:03:37.120 it says Windows Server 2008 blah blah 00:03:37.120 --> 00:03:39.120 blah, and then it says 10 in here. So 00:03:39.120 --> 00:03:40.959 we'll download this. Just say agree and 00:03:40.959 --> 00:03:42.720 then, you know, download it anywhere and 00:03:42.720 --> 00:03:43.920 then meanwhile remember in the 00:03:43.920 --> 00:03:45.840 background windows 10 should be still 00:03:45.840 --> 00:03:48.000 downloading virtual vmware player might 00:03:48.000 --> 00:03:49.519 be downloading still too so we just have 00:03:49.519 --> 00:03:51.120 to install that on your own i'm not 00:03:51.120 --> 00:03:52.239 going to show it on the screen because i 00:03:52.239 --> 00:03:53.840 already have it installed here we are at 00:03:53.840 --> 00:03:56.560 the tenable setup so we just say next 00:03:56.560 --> 00:03:59.599 accept and just accept this location and 00:03:59.599 --> 00:04:01.760 then go ahead and install it and then 00:04:01.760 --> 00:04:03.599 say finish 00:04:03.599 --> 00:04:05.439 and then it's going to kind of um show 00:04:05.439 --> 00:04:07.519 this like socket up here like localhost 00:04:07.519 --> 00:04:09.280 in the port um i would recommend saving 00:04:09.280 --> 00:04:10.879 this url because it's it's kind of 00:04:10.879 --> 00:04:13.040 annoying if you lose it so just save it 00:04:13.040 --> 00:04:14.640 in like a notepad somewhere or something 00:04:14.640 --> 00:04:16.798 like this and then we'll say connect via 00:04:16.798 --> 00:04:19.120 ssl and just say advanced and then say 00:04:19.120 --> 00:04:21.440 proceed and this takes a while to set up 00:04:21.440 --> 00:04:23.040 the very first time it has to like 00:04:23.040 --> 00:04:24.800 initialize and install things and i 00:04:24.800 --> 00:04:26.400 assume download a whole bunch of 00:04:26.400 --> 00:04:28.000 definitions or something like this so 00:04:28.000 --> 00:04:29.680 just go get like some coffee or 00:04:29.680 --> 00:04:31.120 something while you while you wait for 00:04:31.120 --> 00:04:32.560 this to happen because it will take a 00:04:32.560 --> 00:04:34.320 while to do and we're going to say 00:04:34.320 --> 00:04:36.720 nessus essentials it's essentially free 00:04:36.720 --> 00:04:38.560 you can read the i guess license 00:04:38.560 --> 00:04:40.160 agreement if you want but we're going to 00:04:40.160 --> 00:04:41.919 install essentials and then just fill 00:04:41.919 --> 00:04:43.360 this thing out and we'll get an 00:04:43.360 --> 00:04:45.840 activation code i believe i have one 00:04:45.840 --> 00:04:47.840 already um it should have emailed it to 00:04:47.840 --> 00:04:49.360 you actually it should have emailed the 00:04:49.360 --> 00:04:51.680 activation code to you so maybe skip 00:04:51.680 --> 00:04:53.759 this and then just paste the activation 00:04:53.759 --> 00:04:55.840 code that was that was in your email 00:04:55.840 --> 00:04:57.600 that you already received and just 00:04:57.600 --> 00:04:59.199 continue and then this is where you're 00:04:59.199 --> 00:05:00.720 going to set up a username and password 00:05:00.720 --> 00:05:02.000 just make sure you don't forget this it 00:05:02.000 --> 00:05:03.600 might be troublesome you know if you 00:05:03.600 --> 00:05:04.960 forget it you'll have to reset it or 00:05:04.960 --> 00:05:07.600 something like this so just uh set up a 00:05:07.600 --> 00:05:09.520 password i guess and this this is a part 00:05:09.520 --> 00:05:11.440 that takes a while so just you know go 00:05:11.440 --> 00:05:13.759 get coffee or sandwich or something and 00:05:13.759 --> 00:05:16.639 we will meet back here okay so while 00:05:16.639 --> 00:05:17.919 this is still installing and 00:05:17.919 --> 00:05:19.840 initializing and doing everything it 00:05:19.840 --> 00:05:21.520 needs to do let's go ahead and set up 00:05:21.520 --> 00:05:23.199 our virtual machine since this is going 00:05:23.199 --> 00:05:25.199 to take some time anyway so by now you 00:05:25.199 --> 00:05:27.440 should have downloaded and installed um 00:05:27.440 --> 00:05:29.440 vmware workstation player so we'll just 00:05:29.440 --> 00:05:31.759 go ahead and open this up and check on 00:05:31.759 --> 00:05:34.880 your windows 10 iso download it should 00:05:34.880 --> 00:05:36.800 be finished by now as well maybe it 00:05:36.800 --> 00:05:38.560 looks something like this and then it 00:05:38.560 --> 00:05:40.479 shows you like where it's at the ci so 00:05:40.479 --> 00:05:42.720 it's windows or yeah wherever you put 00:05:42.720 --> 00:05:44.400 yours so just take note of this and 00:05:44.400 --> 00:05:46.400 we'll say finish cool and then we're 00:05:46.400 --> 00:05:48.560 going to create a new virtual machine 00:05:48.560 --> 00:05:50.560 inside of vmware workstation player 00:05:50.560 --> 00:05:52.639 we'll go to player and then file and 00:05:52.639 --> 00:05:55.280 then new virtual machine and then 00:05:55.280 --> 00:05:57.360 for the installer we're going to say 00:05:57.360 --> 00:05:59.520 browse and then we'll just browse to 00:05:59.520 --> 00:06:01.120 wherever you downloaded the windows 10 00:06:01.120 --> 00:06:03.120 iso so this could probably be named 00:06:03.120 --> 00:06:05.280 something better but that's okay so 00:06:05.280 --> 00:06:06.960 we'll say next and just name this 00:06:06.960 --> 00:06:09.039 something appropriate this is fine this 00:06:09.039 --> 00:06:11.039 location's fine i guess you can change 00:06:11.039 --> 00:06:13.039 it if you want so we'll say next maximum 00:06:13.039 --> 00:06:15.919 disk size um this is fine we're not 00:06:15.919 --> 00:06:17.440 gonna really put anything on it i'm just 00:06:17.440 --> 00:06:19.520 gonna put set mine at 50 and then we'll 00:06:19.520 --> 00:06:21.600 go to customize hardware and for memory 00:06:21.600 --> 00:06:24.080 like if you don't know how much ram you 00:06:24.080 --> 00:06:26.880 have maybe just like leave this as it is 00:06:26.880 --> 00:06:28.479 i'm going to increase mine a little bit 00:06:28.479 --> 00:06:30.080 i'll increase this a little bit if you 00:06:30.080 --> 00:06:32.479 don't know about your cpu just leave it 00:06:32.479 --> 00:06:34.479 as is but we do have to change the 00:06:34.479 --> 00:06:36.400 network adapter we should change it to 00:06:36.400 --> 00:06:38.319 bridged without explaining too deeply 00:06:38.319 --> 00:06:40.400 bridge kind of puts this virtual machine 00:06:40.400 --> 00:06:42.240 on the same network as your actual 00:06:42.240 --> 00:06:45.120 physical computer so your nessus 00:06:45.120 --> 00:06:47.280 implement implementation can talk to the 00:06:47.280 --> 00:06:48.400 virtual machine 00:06:48.400 --> 00:06:51.520 more easily this looks good we'll close 00:06:51.520 --> 00:06:53.599 this and this is good power on after 00:06:53.599 --> 00:06:55.759 creation we'll say finish kind of move 00:06:55.759 --> 00:06:57.039 tenable 00:06:57.039 --> 00:06:58.479 to the side 00:06:58.479 --> 00:07:01.039 and then after the vm finishes getting 00:07:01.039 --> 00:07:03.360 kind of created it's going to launch and 00:07:03.360 --> 00:07:04.880 then we're going to have a chance to 00:07:04.880 --> 00:07:06.720 install windows be sure to press any key 00:07:06.720 --> 00:07:08.960 to boot into the iso when it asks and if 00:07:08.960 --> 00:07:11.039 your cursor is gone you can see 00:07:11.039 --> 00:07:12.639 in the lower left it says like press 00:07:12.639 --> 00:07:14.560 control alt to release your cursor and 00:07:14.560 --> 00:07:16.080 then you can get your cursor back so 00:07:16.080 --> 00:07:18.800 we're just going to install windows 10. 00:07:18.800 --> 00:07:21.360 so we'll just say next install and say i 00:07:21.360 --> 00:07:23.199 don't have a product key you can close 00:07:23.199 --> 00:07:24.960 this message down here and just pick 00:07:24.960 --> 00:07:27.440 windows 10 pro and say next and we'll 00:07:27.440 --> 00:07:30.319 say accept say next and say custom and 00:07:30.319 --> 00:07:32.560 then this is our blank hard drive so 00:07:32.560 --> 00:07:34.160 click on that the only one you can click 00:07:34.160 --> 00:07:35.599 and just say next and then this will 00:07:35.599 --> 00:07:37.280 take some time to install too so i'll 00:07:37.280 --> 00:07:38.639 kind of come back when one of these 00:07:38.639 --> 00:07:40.240 finishes cool so it looks like both 00:07:40.240 --> 00:07:42.160 finished now i'll just finish setting up 00:07:42.160 --> 00:07:46.160 the vm i will say yes and us and skip 00:07:46.160 --> 00:07:47.919 and for nessus we'll just kind of uh 00:07:47.919 --> 00:07:49.440 we'll close this thing here and then 00:07:49.440 --> 00:07:50.960 we'll we'll just kind of wait on this 00:07:50.960 --> 00:07:53.120 until we finish setting up the virtual 00:07:53.120 --> 00:07:54.160 machine 00:07:54.160 --> 00:07:56.960 and we'll say set up for personal use 00:07:56.960 --> 00:07:59.599 next and then we'll say offline account 00:07:59.599 --> 00:08:02.639 limited experience and then just name 00:08:02.639 --> 00:08:05.520 i don't know just name it like admin and 00:08:05.520 --> 00:08:07.520 put make a password but just remember 00:08:07.520 --> 00:08:09.520 what it is make it like something simple 00:08:09.520 --> 00:08:10.720 because we're going to use this later 00:08:10.720 --> 00:08:12.240 for the credentialed scans so just 00:08:12.240 --> 00:08:14.160 remember what it is it's troublesome you 00:08:14.160 --> 00:08:15.759 know if you forget it 00:08:15.759 --> 00:08:17.599 just make up make up something for these 00:08:17.599 --> 00:08:19.520 if it asks you this is just like you 00:08:19.520 --> 00:08:22.639 know a junk vm no one cares say no for 00:08:22.639 --> 00:08:25.280 all of these things not now cool okay 00:08:25.280 --> 00:08:27.199 now everything is totally set up we have 00:08:27.199 --> 00:08:29.759 our vm here and then we have our nessus 00:08:29.759 --> 00:08:33.039 essentials set up and ready to go so for 00:08:33.039 --> 00:08:34.799 now we're just going to do a kind of 00:08:34.799 --> 00:08:37.039 basic scan against the virtual machine 00:08:37.039 --> 00:08:38.880 there's we're going to do a credentialed 00:08:38.880 --> 00:08:40.719 scan later which i'll kind of explain 00:08:40.719 --> 00:08:42.320 but i just want to make sure we can scan 00:08:42.320 --> 00:08:44.240 it and make sure we can kind of get some 00:08:44.240 --> 00:08:46.240 kind of result back so before we do that 00:08:46.240 --> 00:08:48.480 i'm going to go to the vm and like get 00:08:48.480 --> 00:08:50.560 the ip address from it so go make sure 00:08:50.560 --> 00:08:52.640 to go to the vm not your actual computer 00:08:52.640 --> 00:08:54.720 but go to the vm click start open up 00:08:54.720 --> 00:08:56.720 command line and then we will type 00:08:56.720 --> 00:09:00.080 ipconfig just to get the ipv4 ip address 00:09:00.080 --> 00:09:02.000 and we're going to ping this from our 00:09:02.000 --> 00:09:03.839 local machine just to make sure that we 00:09:03.839 --> 00:09:06.399 can reach it i guess essentially so open 00:09:06.399 --> 00:09:08.240 up the command like command line on your 00:09:08.240 --> 00:09:10.720 pc and we will just say we'll just ping 00:09:10.720 --> 00:09:14.519 this ip address so we'll just say ping 00:09:14.519 --> 00:09:16.880 10.0.0.189 and then we'll do dash t 00:09:16.880 --> 00:09:18.640 which means like perpetual ping like 00:09:18.640 --> 00:09:20.800 keep going forever until we cancel it 00:09:20.800 --> 00:09:23.200 and we see like it's it's timing out so 00:09:23.200 --> 00:09:25.839 we just have to disable the firewall on 00:09:25.839 --> 00:09:27.600 our virtual machine here you might not 00:09:27.600 --> 00:09:28.800 want to do this in production it just 00:09:28.800 --> 00:09:30.320 depends on like what other controls you 00:09:30.320 --> 00:09:32.560 have in place so we will minimize this 00:09:32.560 --> 00:09:35.279 we'll go to our vm here and then we will 00:09:35.279 --> 00:09:36.200 type 00:09:36.200 --> 00:09:38.720 wf.msc it's this windows firewall 00:09:38.720 --> 00:09:40.320 microsoft something console can't 00:09:40.320 --> 00:09:42.000 remember so we'll open the firewall and 00:09:42.000 --> 00:09:43.200 we're just going to do a lot of this 00:09:43.200 --> 00:09:44.880 stuff for our lab so we'll go to 00:09:44.880 --> 00:09:47.120 defender firewall properties and just on 00:09:47.120 --> 00:09:48.640 these first three tabs we'll just turn 00:09:48.640 --> 00:09:50.160 all three of them off like domain 00:09:50.160 --> 00:09:52.080 profile off private profile off public 00:09:52.080 --> 00:09:54.080 profile off and we'll just say okay here 00:09:54.080 --> 00:09:55.600 the firewall is off and then we notice 00:09:55.600 --> 00:09:57.680 that the ping is kind of going through 00:09:57.680 --> 00:09:59.760 on our our local computer here so we can 00:09:59.760 --> 00:10:01.920 press control c to cancel this and we'll 00:10:01.920 --> 00:10:03.680 just copy this ip address this is the ip 00:10:03.680 --> 00:10:05.839 address of our vm we will close this and 00:10:05.839 --> 00:10:09.200 then this is um our nessus essentials 00:10:09.200 --> 00:10:11.040 essentially it's it's like a web app 00:10:11.040 --> 00:10:12.720 essentially so we'll go back to this and 00:10:12.720 --> 00:10:14.720 then we're going to create a new scan so 00:10:14.720 --> 00:10:17.360 we'll just do a basic network scan here 00:10:17.360 --> 00:10:19.040 and so we'll just name it like i don't 00:10:19.040 --> 00:10:21.680 know windows 10 single host something 00:10:21.680 --> 00:10:23.360 like this and then for targets we'll 00:10:23.360 --> 00:10:25.440 just paste this is our our virtual 00:10:25.440 --> 00:10:26.880 machine's ip address so we'll just kind 00:10:26.880 --> 00:10:28.320 of paste it in here we don't really need 00:10:28.320 --> 00:10:30.160 to change anything else on here we're 00:10:30.160 --> 00:10:31.680 just going to do like a manual scan but 00:10:31.680 --> 00:10:33.200 you you know take note that you can do 00:10:33.200 --> 00:10:34.720 like a scheduled scan if you're working 00:10:34.720 --> 00:10:36.320 in an organization you want to scan like 00:10:36.320 --> 00:10:38.320 every x days or like every tuesday or 00:10:38.320 --> 00:10:40.160 something like this or scan common ports 00:10:40.160 --> 00:10:41.920 support scan all ports obviously all 00:10:41.920 --> 00:10:43.279 ports going to take longer you can 00:10:43.279 --> 00:10:44.800 customize it there's a bunch of settings 00:10:44.800 --> 00:10:46.399 that you can kind of explore in here on 00:10:46.399 --> 00:10:48.640 your own and there is um there's also 00:10:48.640 --> 00:10:51.120 this credentials page which we'll get 00:10:51.120 --> 00:10:52.959 into in a little bit but basically you 00:10:52.959 --> 00:10:54.480 can we won't do this yet but you can 00:10:54.480 --> 00:10:56.480 enter credentials in here like the 00:10:56.480 --> 00:10:58.160 username and password that we made when 00:10:58.160 --> 00:10:59.680 we created the virtual machine and then 00:10:59.680 --> 00:11:02.240 the scanner will kind of go into the 00:11:02.240 --> 00:11:03.920 machine more deeply and like look 00:11:03.920 --> 00:11:05.440 through the registry and the file system 00:11:05.440 --> 00:11:07.440 and like more things and the reason for 00:11:07.440 --> 00:11:09.440 this is you can kind of discover more 00:11:09.440 --> 00:11:10.720 vulnerabilities if you have like 00:11:10.720 --> 00:11:12.959 deprecated software or insecure services 00:11:12.959 --> 00:11:14.480 or something like this running 00:11:14.480 --> 00:11:17.040 this is what this kind of credential the 00:11:17.040 --> 00:11:19.120 credentials page is for but right now 00:11:19.120 --> 00:11:20.560 we're just going to do like a basic 00:11:20.560 --> 00:11:22.320 network kind of port scan it's not going 00:11:22.320 --> 00:11:23.920 to be too deep just want to make sure we 00:11:23.920 --> 00:11:25.440 can scan it and get some kind of 00:11:25.440 --> 00:11:27.360 information back so we have our ip 00:11:27.360 --> 00:11:31.040 address and we will just say save we'll 00:11:31.040 --> 00:11:33.279 remove this credentials oops and then 00:11:33.279 --> 00:11:35.519 just say save and then this is our this 00:11:35.519 --> 00:11:37.600 is our scan um it's not running it's 00:11:37.600 --> 00:11:38.800 just kind of like a scan that's 00:11:38.800 --> 00:11:40.560 configured that we can run in the future 00:11:40.560 --> 00:11:42.480 so we'll just go ahead and click launch 00:11:42.480 --> 00:11:44.480 now and launch the scan and i believe 00:11:44.480 --> 00:11:46.480 you can you can kind of sometimes see 00:11:46.480 --> 00:11:48.240 the progress of it like if you click it 00:11:48.240 --> 00:11:50.959 you can see you know what it has done so 00:11:50.959 --> 00:11:53.360 far it makes like little logs and then 00:11:53.360 --> 00:11:54.800 the findings will kind of be on this 00:11:54.800 --> 00:11:56.399 page but we can just go back click back 00:11:56.399 --> 00:11:58.160 to my host and then back to my scans and 00:11:58.160 --> 00:11:59.839 we'll just kind of wait for this to 00:11:59.839 --> 00:12:01.760 finish cool so we can now see that our 00:12:01.760 --> 00:12:04.480 scan has finished over here um says like 00:12:04.480 --> 00:12:05.839 today and there's like a check mark so 00:12:05.839 --> 00:12:07.600 we can just kind of click this to look 00:12:07.600 --> 00:12:10.079 at the individual results for it and you 00:12:10.079 --> 00:12:12.480 can see like down here like blue is info 00:12:12.480 --> 00:12:14.800 green is low medium it's yellow etc and 00:12:14.800 --> 00:12:16.399 depending on the organization you work 00:12:16.399 --> 00:12:18.320 for like a lot of people a lot of orgs 00:12:18.320 --> 00:12:20.160 like won't even depending on what they 00:12:20.160 --> 00:12:21.920 are a lot of orgs won't even like really 00:12:21.920 --> 00:12:23.600 touch medium or lows because they have 00:12:23.600 --> 00:12:25.120 like so many criticals and highs that 00:12:25.120 --> 00:12:26.880 kind of take precedence and because we 00:12:26.880 --> 00:12:28.959 didn't use any credentials for our scan 00:12:28.959 --> 00:12:31.600 we don't really see that much of what 00:12:31.600 --> 00:12:33.519 might be actually vulnerable inside the 00:12:33.519 --> 00:12:35.360 vm but we do see like some things here 00:12:35.360 --> 00:12:36.480 so we can click we can click 00:12:36.480 --> 00:12:38.320 vulnerabilities up here and just kind of 00:12:38.320 --> 00:12:40.320 look through these a tiny bit we can see 00:12:40.320 --> 00:12:42.240 like smb signing is not required if 00:12:42.240 --> 00:12:44.079 that's something that your org cares 00:12:44.079 --> 00:12:45.680 about you can kind of read about it here 00:12:45.680 --> 00:12:48.000 more and consider like implementing 00:12:48.000 --> 00:12:49.839 implement implementing the solution to 00:12:49.839 --> 00:12:52.079 kind of remediate this vulnerability 00:12:52.079 --> 00:12:54.079 there's other kind of interesting things 00:12:54.079 --> 00:12:56.399 in here trace route information it's 00:12:56.399 --> 00:12:58.399 listed as info means it means it's not 00:12:58.399 --> 00:13:00.320 could not necessarily be a vulnerability 00:13:00.320 --> 00:13:02.079 but just something you should be aware 00:13:02.079 --> 00:13:04.079 of that you can see tracer information 00:13:04.079 --> 00:13:06.480 which means like icmp is 00:13:06.480 --> 00:13:08.959 accepted on this on this particular host 00:13:08.959 --> 00:13:10.639 and down here we can see 00:13:10.639 --> 00:13:12.560 target credential status by 00:13:12.560 --> 00:13:14.720 authentication protocol and it says like 00:13:14.720 --> 00:13:16.399 nessus was not able to successfully 00:13:16.399 --> 00:13:17.839 authenticate to the remote target 00:13:17.839 --> 00:13:19.279 because we didn't actually provide any 00:13:19.279 --> 00:13:20.720 credentials and we can see that down 00:13:20.720 --> 00:13:23.680 here um smb was detected on port 445 00:13:23.680 --> 00:13:26.240 means it's listening on 445 but we 00:13:26.240 --> 00:13:28.000 didn't provide any credentials that's a 00:13:28.000 --> 00:13:29.360 kind of vulnerability that's a 00:13:29.360 --> 00:13:31.440 vulnerability scan some basic results so 00:13:31.440 --> 00:13:32.639 the next thing we're going to do is 00:13:32.639 --> 00:13:34.720 we're going to we're going to set up the 00:13:34.720 --> 00:13:36.720 virtual machine to be able to accept 00:13:36.720 --> 00:13:38.560 authenticated scans and then we're going 00:13:38.560 --> 00:13:40.480 to provide some credentials to nessus 00:13:40.480 --> 00:13:41.920 and then we're going to try to rescan 00:13:41.920 --> 00:13:43.680 the virtual machine with credentials and 00:13:43.680 --> 00:13:45.839 then kind of compare the results of the 00:13:45.839 --> 00:13:47.440 new scan which with these ones that 00:13:47.440 --> 00:13:49.360 we're looking at here so we'll go back 00:13:49.360 --> 00:13:51.680 to my scans actually we'll go back to 00:13:51.680 --> 00:13:53.760 the virtual machine here and then we'll 00:13:53.760 --> 00:13:54.680 open up 00:13:54.680 --> 00:13:56.720 services.msc and there may be better 00:13:56.720 --> 00:13:57.920 ways to do what i'm doing like 00:13:57.920 --> 00:13:59.519 especially if you're in like a corporate 00:13:59.519 --> 00:14:01.839 environment um i got these steps from 00:14:01.839 --> 00:14:04.320 nessus the things that they recommend to 00:14:04.320 --> 00:14:06.320 actually do credentialed scans against 00:14:06.320 --> 00:14:08.560 windows hosts that are not on the domain 00:14:08.560 --> 00:14:09.839 so that's that's kind of what we're 00:14:09.839 --> 00:14:11.600 using here so i'm just going to first 00:14:11.600 --> 00:14:13.760 i'm going to enable the remote registry 00:14:13.760 --> 00:14:16.480 remote registry which will allow the 00:14:16.480 --> 00:14:17.920 scanner to connect to this computer's 00:14:17.920 --> 00:14:19.440 registry and like kind of crawl through 00:14:19.440 --> 00:14:20.959 the registry and look for insecure 00:14:20.959 --> 00:14:23.199 configurations like maybe deprecated 00:14:23.199 --> 00:14:24.959 cypher suites that might be enabled you 00:14:24.959 --> 00:14:26.480 kind of enable and disable those in the 00:14:26.480 --> 00:14:28.160 registry so i'm just going to enable 00:14:28.160 --> 00:14:30.639 remote registry so our scanner can 00:14:30.639 --> 00:14:32.720 connect to the registry so i enabled it 00:14:32.720 --> 00:14:34.560 and i turned it on and then next we're 00:14:34.560 --> 00:14:36.480 going to be careful when you close this 00:14:36.480 --> 00:14:38.240 you don't close the actual vm i'm just 00:14:38.240 --> 00:14:40.000 closing like the window inside i'll 00:14:40.000 --> 00:14:41.600 close the firewall and next thing i'll 00:14:41.600 --> 00:14:44.880 enable file and printer sharing so oh it 00:14:44.880 --> 00:14:47.279 looks like it's possibly already on turn 00:14:47.279 --> 00:14:49.120 on sharing so anyone with network uh i 00:14:49.120 --> 00:14:50.880 don't think public folder sharing needs 00:14:50.880 --> 00:14:52.639 to be on i was going to turn this on but 00:14:52.639 --> 00:14:54.160 it looks like it's on already turn on 00:14:54.160 --> 00:14:55.839 network discovery file and printer 00:14:55.839 --> 00:14:57.360 sharing oh looks like it's already on if 00:14:57.360 --> 00:14:58.959 yours are not on just make sure to turn 00:14:58.959 --> 00:15:00.880 the file and printer printer sharing on 00:15:00.880 --> 00:15:03.199 and then we will go to user account 00:15:03.199 --> 00:15:05.839 control and this is not good to do um 00:15:05.839 --> 00:15:07.839 but our computer is not on the domain so 00:15:07.839 --> 00:15:09.760 we have to do these kind of hack things 00:15:09.760 --> 00:15:11.760 to be able to scan it so i'll disable 00:15:11.760 --> 00:15:13.920 this say okay so yes and then we're 00:15:13.920 --> 00:15:16.240 going to open the registry and then 00:15:16.240 --> 00:15:18.480 add a key that's supposed to allow the 00:15:18.480 --> 00:15:20.560 remote account to like connect in and 00:15:20.560 --> 00:15:21.600 next we're going to connect to the 00:15:21.600 --> 00:15:23.279 registry and add a key that's supposed 00:15:23.279 --> 00:15:25.839 to i guess further disable user account 00:15:25.839 --> 00:15:27.600 control for the remote account we're 00:15:27.600 --> 00:15:29.279 going to use it to connect to this 00:15:29.279 --> 00:15:31.519 computer during our scan so just go to 00:15:31.519 --> 00:15:33.440 start and type reg edit again i got this 00:15:33.440 --> 00:15:35.519 documentation from nessus i'll put a 00:15:35.519 --> 00:15:37.120 link to in the description so we will 00:15:37.120 --> 00:15:40.560 browse to a local machine here so we'll 00:15:40.560 --> 00:15:44.399 go to local machine software microsoft 00:15:44.399 --> 00:15:48.240 windows current version policies system 00:15:48.240 --> 00:15:50.959 and then inside here we'll create a 00:15:50.959 --> 00:15:53.920 d word called local account token filter 00:15:53.920 --> 00:15:55.519 policy so 00:15:55.519 --> 00:15:59.600 local account token filter policy local 00:15:59.600 --> 00:16:02.480 account token filter policy say enter 00:16:02.480 --> 00:16:04.880 and then we'll set this value to 1 and 00:16:04.880 --> 00:16:06.079 we'll close this and we'll go ahead and 00:16:06.079 --> 00:16:07.680 restart our virtual machine at this 00:16:07.680 --> 00:16:09.199 point cool and then we'll log in 00:16:09.199 --> 00:16:11.440 remember our username i made mine admin 00:16:11.440 --> 00:16:13.120 and then whatever your password is just 00:16:13.120 --> 00:16:14.720 make sure you don't forget it and we 00:16:14.720 --> 00:16:18.160 should be ready to scan our computer now 00:16:18.160 --> 00:16:19.440 we're going to edit the scan that we 00:16:19.440 --> 00:16:22.000 made so go back to nessus essentials and 00:16:22.000 --> 00:16:24.959 then we will oh so check this box next 00:16:24.959 --> 00:16:27.040 to the scan and go to more and then go 00:16:27.040 --> 00:16:28.560 to configure and then we're going to add 00:16:28.560 --> 00:16:30.079 a set of credentials to this and we're 00:16:30.079 --> 00:16:32.079 going to add a windows credentials so 00:16:32.079 --> 00:16:33.680 we're going to use password and remember 00:16:33.680 --> 00:16:35.680 our username is admin so if you go to 00:16:35.680 --> 00:16:38.880 the vm and go to cm cmd and type like 00:16:38.880 --> 00:16:41.360 who am i um the name is the name is 00:16:41.360 --> 00:16:43.680 admin right so we'll say admin and then 00:16:43.680 --> 00:16:45.600 whatever you made the password and i 00:16:45.600 --> 00:16:46.639 believe 00:16:46.639 --> 00:16:48.160 i believe we can like leave all these 00:16:48.160 --> 00:16:50.079 things as default if it breaks i mean 00:16:50.079 --> 00:16:51.759 maybe we can come back and configure or 00:16:51.759 --> 00:16:53.279 if it doesn't work we can check it so 00:16:53.279 --> 00:16:56.240 we'll save this as it is so saved and 00:16:56.240 --> 00:16:58.639 we'll go back and back to scans and then 00:16:58.639 --> 00:17:00.880 we'll we'll run this scan one more time 00:17:00.880 --> 00:17:02.639 when this finishes we'll compare the 00:17:02.639 --> 00:17:04.559 results with the first scan and 00:17:04.559 --> 00:17:06.240 technically we should see more results 00:17:06.240 --> 00:17:07.760 with this one because we enabled 00:17:07.760 --> 00:17:09.359 credentialed scanning and we kind of 00:17:09.359 --> 00:17:12.079 configured the vm to accept remote scan 00:17:12.079 --> 00:17:13.760 so we'll see what happens so i'll just 00:17:13.760 --> 00:17:15.520 pause this and i'll come back i'll pause 00:17:15.520 --> 00:17:17.119 the video and come back when it finishes 00:17:17.119 --> 00:17:18.880 okay it's been a few minutes and it 00:17:18.880 --> 00:17:20.799 looks like our scan is finished here so 00:17:20.799 --> 00:17:23.280 we will click on this and we can see 00:17:23.280 --> 00:17:25.280 like immediately remember last time we 00:17:25.280 --> 00:17:27.119 we had like one medium and a bunch of 00:17:27.119 --> 00:17:29.039 infos now we have like seven criticals 00:17:29.039 --> 00:17:31.919 38 highs and you know four mediums and a 00:17:31.919 --> 00:17:33.840 whole bunch more infos it's pretty 00:17:33.840 --> 00:17:35.520 interesting so before we like really 00:17:35.520 --> 00:17:37.039 dive into the vulnerabilities and all 00:17:37.039 --> 00:17:39.200 this i'll just click on history over 00:17:39.200 --> 00:17:40.559 here really quick and this is the 00:17:40.559 --> 00:17:41.760 current one and you can see the 00:17:41.760 --> 00:17:43.760 vulnerabilities down here um you can see 00:17:43.760 --> 00:17:45.600 you know five percent criticals etc and 00:17:45.600 --> 00:17:47.360 then if we click on our first scan we 00:17:47.360 --> 00:17:49.280 can see like we didn't use credentials 00:17:49.280 --> 00:17:50.880 for this so we couldn't look at the file 00:17:50.880 --> 00:17:52.559 system or the registry or any other 00:17:52.559 --> 00:17:54.960 running services or or any of that so 00:17:54.960 --> 00:17:56.480 you can see this there's like a big 00:17:56.480 --> 00:17:58.160 difference in doing credentialed scan 00:17:58.160 --> 00:18:00.240 versus like uncredentialed scans so this 00:18:00.240 --> 00:18:02.320 kind of like solidifies the importance 00:18:02.320 --> 00:18:04.240 of running credential scans whether or 00:18:04.240 --> 00:18:06.000 not you're like scanning cisco devices 00:18:06.000 --> 00:18:07.919 or like linux machines or like windows 00:18:07.919 --> 00:18:10.480 machines or macs or whatever if you can 00:18:10.480 --> 00:18:12.559 use credentials um you can really like 00:18:12.559 --> 00:18:14.720 discover more vulnerabilities so i'll 00:18:14.720 --> 00:18:16.400 just click on the vulnerabilities tab 00:18:16.400 --> 00:18:17.919 here first and we'll just kind of like 00:18:17.919 --> 00:18:19.520 look at these a little bit we can see 00:18:19.520 --> 00:18:21.600 like um this this is essentially the 00:18:21.600 --> 00:18:23.919 list of findings and some of the these 00:18:23.919 --> 00:18:25.600 are mixed so if we click on this for 00:18:25.600 --> 00:18:27.520 example we can see it's like a 00:18:27.520 --> 00:18:29.520 combination of like mostly criticals and 00:18:29.520 --> 00:18:31.280 highs and you can see it's like mostly 00:18:31.280 --> 00:18:33.919 edge mostly edge which can probably be 00:18:33.919 --> 00:18:35.679 remediated from like updating running 00:18:35.679 --> 00:18:37.280 windows updates essentially and you can 00:18:37.280 --> 00:18:38.960 kind of look at these individual ones 00:18:38.960 --> 00:18:41.600 and and dive uh more deep into them to 00:18:41.600 --> 00:18:43.440 see like what the actual thing is and 00:18:43.440 --> 00:18:45.039 like how to fix it 00:18:45.039 --> 00:18:46.720 uh so we can go back a little bit we'll 00:18:46.720 --> 00:18:48.000 back up a little bit more so 00:18:48.000 --> 00:18:49.760 vulnerabilities around edge around 00:18:49.760 --> 00:18:52.160 windows around a bunch of other stuff um 00:18:52.160 --> 00:18:54.000 if we click on remediations this tab 00:18:54.000 --> 00:18:56.080 kind of gives us like a high level like 00:18:56.080 --> 00:18:58.400 instructions on how to like remediate 00:18:58.400 --> 00:18:59.679 most of the findings from like a really 00:18:59.679 --> 00:19:01.520 high level basically just like run 00:19:01.520 --> 00:19:03.200 windows updates is what i'm is what i'm 00:19:03.200 --> 00:19:05.120 seeing here um so security updates 00:19:05.120 --> 00:19:07.039 install this kb to fix a bunch of other 00:19:07.039 --> 00:19:09.039 ones and then all this is pretty much 00:19:09.039 --> 00:19:11.360 windows updates and this vpr top threats 00:19:11.360 --> 00:19:14.320 these vpr vpr top threats is essentially 00:19:14.320 --> 00:19:16.080 what tenable is like recommending we 00:19:16.080 --> 00:19:18.080 prioritize to remediate probably based 00:19:18.080 --> 00:19:21.360 on um cvss score and like whatever other 00:19:21.360 --> 00:19:24.559 metrics they use so like i would say um 00:19:24.559 --> 00:19:26.400 before like if i were 00:19:26.400 --> 00:19:28.240 doing this in like a an organization 00:19:28.240 --> 00:19:29.520 like the first thing you want to do is 00:19:29.520 --> 00:19:31.120 like make sure you have third-party 00:19:31.120 --> 00:19:33.760 patching and like windows os patching 00:19:33.760 --> 00:19:35.760 like set up properly and like properly 00:19:35.760 --> 00:19:37.440 being like tested and deployed on 00:19:37.440 --> 00:19:38.799 regular intervals so you don't have to 00:19:38.799 --> 00:19:40.880 like kind of go through and deal with 00:19:40.880 --> 00:19:43.200 these like individual vulnerabilities 00:19:43.200 --> 00:19:44.960 the related that are related to things 00:19:44.960 --> 00:19:46.960 that can be easily fixed by like augment 00:19:46.960 --> 00:19:48.799 automated patching and stuff like this 00:19:48.799 --> 00:19:51.520 so before um i start like 00:19:51.520 --> 00:19:53.840 remediating these and fixing them i'm 00:19:53.840 --> 00:19:55.600 gonna install some like deprecated 00:19:55.600 --> 00:19:57.919 software on this computer like a really 00:19:57.919 --> 00:19:59.600 old version of firefox and then we're 00:19:59.600 --> 00:20:01.760 gonna kind of run another scan and then 00:20:01.760 --> 00:20:03.919 observe the results from that as well so 00:20:03.919 --> 00:20:05.200 i'm gonna get this old version of 00:20:05.200 --> 00:20:07.360 firefox i'll put a i'll put a link to it 00:20:07.360 --> 00:20:09.200 in the description i was gonna say i'm 00:20:09.200 --> 00:20:10.799 worried about doing that but i'll put a 00:20:10.799 --> 00:20:12.080 link to it in the description it's 00:20:12.080 --> 00:20:14.400 really old from six years ago apparently 00:20:14.400 --> 00:20:16.720 so we'll just download this uh firefox 00:20:16.720 --> 00:20:18.960 3612. and make sure to do this make sure 00:20:18.960 --> 00:20:20.400 you're doing this in the virtual machine 00:20:20.400 --> 00:20:22.159 don't accidentally do it on your on your 00:20:22.159 --> 00:20:24.799 computer and that's 00:20:24.799 --> 00:20:26.880 what i'm actually doing so make sure to 00:20:26.880 --> 00:20:29.120 go to the virtual machine so we'll open 00:20:29.120 --> 00:20:31.280 up edge in our virtual machine and then 00:20:31.280 --> 00:20:33.520 we'll paste oh no i can't paste it i'm 00:20:33.520 --> 00:20:34.960 just gonna search like download 00:20:34.960 --> 00:20:36.960 deprecated firefox i shouldn't i 00:20:36.960 --> 00:20:38.559 shouldn't use the word deprecated i'll 00:20:38.559 --> 00:20:42.240 say download old firefox and 00:20:42.240 --> 00:20:44.159 i think i can click here and do it if 00:20:44.159 --> 00:20:46.080 you want to downgrade directory i'll go 00:20:46.080 --> 00:20:48.080 to directory of all old ones and then 00:20:48.080 --> 00:20:50.480 i'll get 3612. this is random by the way 00:20:50.480 --> 00:20:51.840 you can get any old version that you 00:20:51.840 --> 00:20:53.520 want i'm just using this one because i i 00:20:53.520 --> 00:20:58.080 did it already um win32 uh en us and 00:20:58.080 --> 00:20:59.919 i'll get this so we'll open this and 00:20:59.919 --> 00:21:02.400 then install this super old version of 00:21:02.400 --> 00:21:05.600 firefox we'll say next standard sure and 00:21:05.600 --> 00:21:07.840 then sure we can launch it i guess uh 00:21:07.840 --> 00:21:10.559 yeah why not cool so this is old old 00:21:10.559 --> 00:21:13.520 firefox so now we have an old firefox on 00:21:13.520 --> 00:21:15.120 our computer so we'll close this this is 00:21:15.120 --> 00:21:16.559 our virtual machine remember here's 00:21:16.559 --> 00:21:18.720 firefox and then so we will go back to 00:21:18.720 --> 00:21:21.039 our scans here this is on our host 00:21:21.039 --> 00:21:22.720 machine and this is nessus so we'll go 00:21:22.720 --> 00:21:24.240 back to our scans and we don't need to 00:21:24.240 --> 00:21:26.400 change our scan anymore we'll just click 00:21:26.400 --> 00:21:28.559 launch and it will just run another scan 00:21:28.559 --> 00:21:30.640 it will do the same thing scan all scan 00:21:30.640 --> 00:21:32.320 the common open ports inspect the 00:21:32.320 --> 00:21:35.360 registry inspect the services and then 00:21:35.360 --> 00:21:36.960 inspect the file system it's going to 00:21:36.960 --> 00:21:39.360 discover this old deprecated version of 00:21:39.360 --> 00:21:40.880 firefox there's like a million 00:21:40.880 --> 00:21:42.559 vulnerabilities in it probably so 00:21:42.559 --> 00:21:44.480 hopefully we'll we'll see that reflected 00:21:44.480 --> 00:21:46.159 in the scan results when this finishes 00:21:46.159 --> 00:21:47.760 here in a couple of minutes okay it's 00:21:47.760 --> 00:21:49.520 been a couple more minutes and our scan 00:21:49.520 --> 00:21:51.200 is finished so we can click on this 00:21:51.200 --> 00:21:53.039 again and we'll see like our our 00:21:53.039 --> 00:21:55.520 vulnerabilities like went up to 68 00:21:55.520 --> 00:21:57.039 critical now so before we kind of dive 00:21:57.039 --> 00:21:58.480 into these again we'll check out the 00:21:58.480 --> 00:22:00.159 history just so we can see like a trend 00:22:00.159 --> 00:22:02.159 in these so this is the first one in the 00:22:02.159 --> 00:22:04.400 bottom here we can see only info no 00:22:04.400 --> 00:22:06.320 credentials provided second one is our 00:22:06.320 --> 00:22:08.400 credentials provided and we you know we 00:22:08.400 --> 00:22:10.000 have a little bit more we have some 00:22:10.000 --> 00:22:12.000 criticals discovered in some highs and 00:22:12.000 --> 00:22:14.480 then we installed firefox like a really 00:22:14.480 --> 00:22:16.320 old one and then this is our current 00:22:16.320 --> 00:22:18.640 scan there's like a bunch more criticals 00:22:18.640 --> 00:22:21.039 whole bunch of criticals so we'll go to 00:22:21.039 --> 00:22:23.919 the um rem the vulnerabilities tab here 00:22:23.919 --> 00:22:26.159 and then we can kind of see this one at 00:22:26.159 --> 00:22:28.240 the very top mixed with firefox and 00:22:28.240 --> 00:22:30.880 total count of like 141 so if we click 00:22:30.880 --> 00:22:33.440 on this it's just absolutely chuck full 00:22:33.440 --> 00:22:35.039 of criticals just because that version 00:22:35.039 --> 00:22:37.039 of firefox is like so old it has so many 00:22:37.039 --> 00:22:38.480 vulnerabilities and it's not like you 00:22:38.480 --> 00:22:39.919 have to like go through like fix each 00:22:39.919 --> 00:22:41.280 one of these one at a time you can 00:22:41.280 --> 00:22:43.120 either just like upgrade firefox to the 00:22:43.120 --> 00:22:44.799 latest one or just like completely 00:22:44.799 --> 00:22:46.400 uninstall it and it will remediate the 00:22:46.400 --> 00:22:47.600 vulnerabilities so we can click 00:22:47.600 --> 00:22:49.440 remediations we pretty much see the same 00:22:49.440 --> 00:22:51.600 thing as last time except for um at the 00:22:51.600 --> 00:22:54.080 very top now we have a recommendation to 00:22:54.080 --> 00:22:56.640 upgrade firefox and then again this vpr 00:22:56.640 --> 00:22:59.039 top threats we have this uh kind of 00:22:59.039 --> 00:23:01.840 firefox in here again history first scan 00:23:01.840 --> 00:23:03.760 no credentials second credentials 00:23:03.760 --> 00:23:05.679 default windows install third scan 00:23:05.679 --> 00:23:08.480 firefox old firefox whole bunch of whole 00:23:08.480 --> 00:23:10.080 bunch of vulnerabilities that need to be 00:23:10.080 --> 00:23:12.240 remediated so the next step we're going 00:23:12.240 --> 00:23:14.400 to we're just going to try to remediate 00:23:14.400 --> 00:23:16.000 as many of these vulnerabilities as we 00:23:16.000 --> 00:23:17.840 can by doing like really simple things 00:23:17.840 --> 00:23:19.200 like we're just going to uninstall 00:23:19.200 --> 00:23:21.120 firefox totally and then we're going to 00:23:21.120 --> 00:23:22.799 just essentially like run windows 00:23:22.799 --> 00:23:25.280 updates until there's no more updates to 00:23:25.280 --> 00:23:27.360 that need to happen essentially so we'll 00:23:27.360 --> 00:23:29.360 go to our virtual machine here and then 00:23:29.360 --> 00:23:32.000 we can go to appwiz.cpl that's like a 00:23:32.000 --> 00:23:34.159 kind of shortcut to go to the this thing 00:23:34.159 --> 00:23:36.080 so we can go to firefox i'm just going 00:23:36.080 --> 00:23:38.000 to uninstall it to be honest uninstall 00:23:38.000 --> 00:23:40.320 firefox and then i'll go to windows 00:23:40.320 --> 00:23:42.480 update and let's see 00:23:42.480 --> 00:23:44.240 i guess i'll just manually check for 00:23:44.240 --> 00:23:45.679 updates i'll leave the settings to like 00:23:45.679 --> 00:23:47.039 whatever they are and then you can do 00:23:47.039 --> 00:23:48.720 this too just keep like running windows 00:23:48.720 --> 00:23:50.080 updates and res you might have to like 00:23:50.080 --> 00:23:51.440 restart and then run it again then 00:23:51.440 --> 00:23:53.679 restart and run it again i'll pause this 00:23:53.679 --> 00:23:55.200 and i'll i'll just kind of like let the 00:23:55.200 --> 00:23:57.039 updates happen then i'll come back to it 00:23:57.039 --> 00:23:59.039 again okay it updated for a while and 00:23:59.039 --> 00:24:00.480 it's asking for a restart so just go 00:24:00.480 --> 00:24:03.440 ahead and restart and repeat the process 00:24:03.440 --> 00:24:05.520 okay when it comes back up just go ahead 00:24:05.520 --> 00:24:08.000 and log in again and go to up windows 00:24:08.000 --> 00:24:10.159 updates again and just click check for 00:24:10.159 --> 00:24:12.799 updates one more time just to make sure 00:24:12.799 --> 00:24:14.400 okay it looks like it's installing some 00:24:14.400 --> 00:24:15.679 more so i'll go ahead and pause this and 00:24:15.679 --> 00:24:18.159 kind of let this continue so it actually 00:24:18.159 --> 00:24:19.840 looks like the updates are done so we'll 00:24:19.840 --> 00:24:22.400 go back to nessus go back to my scans 00:24:22.400 --> 00:24:24.880 and we'll run our scan one more time so 00:24:24.880 --> 00:24:26.720 we should expect to see a lot of the 00:24:26.720 --> 00:24:28.559 remediations done there should be a lot 00:24:28.559 --> 00:24:30.480 less highs and criticals like firefox 00:24:30.480 --> 00:24:32.000 should be gone like all the windows 00:24:32.000 --> 00:24:34.080 updates should be no longer required but 00:24:34.080 --> 00:24:36.080 we will let this finish and then check 00:24:36.080 --> 00:24:37.760 it out in a couple of minutes or for you 00:24:37.760 --> 00:24:39.200 it will be instantly because i'll edit 00:24:39.200 --> 00:24:40.960 this out so our last scan has finally 00:24:40.960 --> 00:24:43.600 finished so let's check this out so 00:24:43.600 --> 00:24:45.279 we'll click on this and before we like 00:24:45.279 --> 00:24:46.720 really dive in deep we can kind of see 00:24:46.720 --> 00:24:48.320 there's some some highs and some 00:24:48.320 --> 00:24:49.520 criticals and highs but we'll go to 00:24:49.520 --> 00:24:51.840 history over here and this is our 00:24:51.840 --> 00:24:53.760 current scan and this is the last scan 00:24:53.760 --> 00:24:56.480 right here before we uninstalled firefox 00:24:56.480 --> 00:24:58.640 and before we updated windows so we can 00:24:58.640 --> 00:25:00.159 see there's quite a bit more mediums 00:25:00.159 --> 00:25:01.840 quite a bit more sorry there's quite a 00:25:01.840 --> 00:25:03.279 bit more criticals quite a bit more 00:25:03.279 --> 00:25:05.840 highs so current after after removing 00:25:05.840 --> 00:25:07.440 firefox and running windows updates and 00:25:07.440 --> 00:25:09.840 then b4 so there's quite a bit less and 00:25:09.840 --> 00:25:12.720 this this scan right here this is the 00:25:12.720 --> 00:25:14.799 default install of windows and then this 00:25:14.799 --> 00:25:16.960 is the current one after updating 00:25:16.960 --> 00:25:19.120 windows so current or default and then 00:25:19.120 --> 00:25:20.400 current so we can kind of dive into 00:25:20.400 --> 00:25:22.000 these like a little bit it looks like 00:25:22.000 --> 00:25:24.559 the remaining vulnerabilities um most of 00:25:24.559 --> 00:25:26.640 them are around microsoft edge it looks 00:25:26.640 --> 00:25:28.720 like maybe windows update didn't update 00:25:28.720 --> 00:25:30.799 edge for some reason uh we can check 00:25:30.799 --> 00:25:33.520 this one a bunch of highs um i can't 00:25:33.520 --> 00:25:36.320 read these microsoft 3d viewer base 3d 00:25:36.320 --> 00:25:38.400 code something maybe this is some like 00:25:38.400 --> 00:25:40.480 native app that's installed oh yeah it 00:25:40.480 --> 00:25:42.080 is so it looks like there's some like 00:25:42.080 --> 00:25:44.159 random stuff that's still on this 00:25:44.159 --> 00:25:45.679 virtual machine that maybe it's like out 00:25:45.679 --> 00:25:47.760 of date or or something like this and 00:25:47.760 --> 00:25:49.440 you can just kind of look through this i 00:25:49.440 --> 00:25:51.440 won't like do any further remediations 00:25:51.440 --> 00:25:52.559 because this video is getting kind of 00:25:52.559 --> 00:25:54.960 long so but maybe you could consider 00:25:54.960 --> 00:25:57.440 you know figuring out exactly like how 00:25:57.440 --> 00:25:59.120 to update microsoft edge or like 00:25:59.120 --> 00:26:00.559 uninstall it if you're allowed to do 00:26:00.559 --> 00:26:02.000 that like i don't know but yeah it's 00:26:02.000 --> 00:26:03.520 pretty interesting um to kind of 00:26:03.520 --> 00:26:05.279 experiment with this and like install 00:26:05.279 --> 00:26:07.120 like really old stuff or me maybe even 00:26:07.120 --> 00:26:09.360 like get a hold of like a windows xp iso 00:26:09.360 --> 00:26:11.760 and install windows xp right and scan 00:26:11.760 --> 00:26:13.760 that and see what kind of like swiss 00:26:13.760 --> 00:26:16.159 cheese scan results like come back it's 00:26:16.159 --> 00:26:17.760 like going to be absolutely full of 00:26:17.760 --> 00:26:19.679 holes but yeah that is vulnerability 00:26:19.679 --> 00:26:21.120 management those are kind of like the 00:26:21.120 --> 00:26:22.960 really kind of the core components of 00:26:22.960 --> 00:26:24.400 vulnerability management just like 00:26:24.400 --> 00:26:26.080 scanning and remediating scanning and 00:26:26.080 --> 00:26:27.919 remediating but you know a lot more goes 00:26:27.919 --> 00:26:29.200 into it because you have to have like 00:26:29.200 --> 00:26:30.320 you know when you work at a big 00:26:30.320 --> 00:26:32.080 organization you usually will make some 00:26:32.080 --> 00:26:34.159 kind of standard and like policies and 00:26:34.159 --> 00:26:36.000 procedures and you have to kind of bring 00:26:36.000 --> 00:26:37.520 all the departments in and work with the 00:26:37.520 --> 00:26:38.960 individual groups to like get 00:26:38.960 --> 00:26:41.039 credentials for all their individual 00:26:41.039 --> 00:26:42.960 resources or maybe you use like a domain 00:26:42.960 --> 00:26:44.799 account to scan everything and it it 00:26:44.799 --> 00:26:46.320 gets a little bit more complicated when 00:26:46.320 --> 00:26:48.080 you're in a large organization but this 00:26:48.080 --> 00:26:50.000 is this is pretty much the guts of it 00:26:50.000 --> 00:26:51.360 just like scanning stuff finding 00:26:51.360 --> 00:26:53.279 vulnerabilities and then essentially 00:26:53.279 --> 00:26:55.200 remediating them you want to automate it 00:26:55.200 --> 00:26:57.120 as much of it as you can as possible 00:26:57.120 --> 00:26:58.960 like like updating like the third-party 00:26:58.960 --> 00:27:00.960 apps like windows update and in this 00:27:00.960 --> 00:27:02.559 kind of thing and you want to have like 00:27:02.559 --> 00:27:04.480 a secure build standard so like make 00:27:04.480 --> 00:27:06.159 sure the build is like already like 00:27:06.159 --> 00:27:08.720 remediated and like secure enough before 00:27:08.720 --> 00:27:10.080 it goes into production to kind of 00:27:10.080 --> 00:27:11.520 reduce the amount of vulnerabilities 00:27:11.520 --> 00:27:13.039 that get introduced but now that you've 00:27:13.039 --> 00:27:14.080 kind of like watched this you have a 00:27:14.080 --> 00:27:15.760 pretty good idea i would say of how 00:27:15.760 --> 00:27:17.679 vulnerability management works so you 00:27:17.679 --> 00:27:19.840 can you know practice this a bunch and 00:27:19.840 --> 00:27:21.279 consider like reading up on how to 00:27:21.279 --> 00:27:22.720 implement vulnerability management on 00:27:22.720 --> 00:27:24.240 like a large organization then you can 00:27:24.240 --> 00:27:26.159 like put something on your resume that 00:27:26.159 --> 00:27:27.600 might look something like this and then 00:27:27.600 --> 00:27:29.919 go ahead and start applying to jobs that 00:27:29.919 --> 00:27:31.279 are looking for like vulnerability 00:27:31.279 --> 00:27:33.039 management engineers or vulnerability 00:27:33.039 --> 00:27:34.640 management analysts or like whatever 00:27:34.640 --> 00:27:35.679 they're calling him because it's a 00:27:35.679 --> 00:27:37.360 relatively like straightforward process 00:27:37.360 --> 00:27:39.039 it's pretty easy technically speaking 00:27:39.039 --> 00:27:40.799 like the hard part about vulnerability 00:27:40.799 --> 00:27:42.559 vulnerability management usually comes 00:27:42.559 --> 00:27:44.000 from like dealing with the humans and 00:27:44.000 --> 00:27:45.600 like getting everyone to like coordinate 00:27:45.600 --> 00:27:47.600 that's like really difficult yeah i hope 00:27:47.600 --> 00:27:49.120 you enjoyed this um you thought if you 00:27:49.120 --> 00:27:50.720 thought it was interesting you know i'd 00:27:50.720 --> 00:27:52.640 appreciate if you liked and consider 00:27:52.640 --> 00:27:54.080 subscribing and if you have any 00:27:54.080 --> 00:27:55.760 questions or comments criticism please 00:27:55.760 --> 00:27:57.120 like let me know in the comment section 00:27:57.120 --> 00:27:59.440 i 100 read all the comments every time i 00:27:59.440 --> 00:28:00.880 respond to everybody's comment if you 00:28:00.880 --> 00:28:01.919 feel like supporting me i do have a 00:28:01.919 --> 00:28:03.840 patreon but other than that thank you so 00:28:03.840 --> 00:28:05.520 much for watching and we will see you in 00:28:05.520 --> 00:28:09.480 the next video bye 00:28:10.030 --> 00:28:20.480 [Music] 00:28:20.480 --> 00:28:22.559 you