WEBVTT 00:00:00.000 --> 00:00:01.599 Hey everybody, Josh here. Welcome back to 00:00:01.599 --> 00:00:03.520 my channel. I do a lot of videos on IT 00:00:03.520 --> 00:00:05.600 cyber security education and career 00:00:05.600 --> 00:00:07.520 things, and today's video is going to be 00:00:07.520 --> 00:00:09.280 on vulnerability management. We're 00:00:09.280 --> 00:00:10.160 actually going to be doing a 00:00:10.160 --> 00:00:12.000 vulnerability management lab where we 00:00:12.000 --> 00:00:13.840 install Nessus Essentials and we install 00:00:13.840 --> 00:00:15.679 VMware Workstation Player, and set up 00:00:15.679 --> 00:00:18.000 Windows 10 inside of a VM, install some 00:00:18.000 --> 00:00:19.920 old deprecated software on it, and then 00:00:19.920 --> 00:00:21.119 we're going to be doing some 00:00:21.119 --> 00:00:23.199 vulnerability scans against that virtual 00:00:23.199 --> 00:00:24.720 machine to kind of discover any 00:00:24.720 --> 00:00:26.400 vulnerabilities that might be on there, 00:00:26.400 --> 00:00:27.439 and then we're going to go ahead and 00:00:27.439 --> 00:00:29.359 remediate one or two of those just so we 00:00:29.359 --> 00:00:31.119 can kind of observe what's happening. I 00:00:31.119 --> 00:00:32.640 figured this would be a good video to do 00:00:32.640 --> 00:00:33.840 because there's like quite a few 00:00:33.840 --> 00:00:36.000 vulnerability management jobs on 00:00:36.000 --> 00:00:37.760 LinkedIn and I've gotten a 00:00:37.760 --> 00:00:39.600 lot of spam from recruiters for these 00:00:39.600 --> 00:00:41.600 type of positions, and actually the last 00:00:41.600 --> 00:00:43.360 real job I had I was a vulnerability 00:00:43.360 --> 00:00:45.360 management program manager for King 00:00:45.360 --> 00:00:47.120 County here in Washington State so I 00:00:47.120 --> 00:00:49.680 kind of did this on an ongoing basis for 00:00:49.680 --> 00:00:51.199 a while. Basically what vulnerability 00:00:51.199 --> 00:00:53.360 management is continuously assessing 00:00:53.360 --> 00:00:55.120 your assets, discovering vulnerabilities, 00:00:55.120 --> 00:00:57.520 remediating them to an acceptable risk, 00:00:57.520 --> 00:00:59.199 and then kind of starting the process 00:00:59.199 --> 00:01:00.640 over and over again to kind of make sure 00:01:00.640 --> 00:01:02.879 the risk in the whole organization is 00:01:02.879 --> 00:01:05.360 low or at least an acceptable level. So I 00:01:05.360 --> 00:01:07.280 think if you kind of watch this video 00:01:07.280 --> 00:01:09.200 and practice it a few times, you can get 00:01:09.200 --> 00:01:11.439 pretty good at it and get an idea of how 00:01:11.439 --> 00:01:13.200 vulnerability management might work in 00:01:13.200 --> 00:01:15.119 like a larger corporation. This is 00:01:15.119 --> 00:01:16.400 definitely something you can put on your 00:01:16.400 --> 00:01:20.159 resume. It might look something like this. 00:01:22.000 --> 00:01:23.680 So it will definitely help you out. So 00:01:23.680 --> 00:01:25.040 yeah, if you're excited to learn 00:01:25.040 --> 00:01:26.400 vulnerability management, consider 00:01:26.400 --> 00:01:28.080 smashing that like button and let's get 00:01:28.080 --> 00:01:29.520 started. So the first thing we're going 00:01:29.520 --> 00:01:31.360 to do is go ahead and 00:01:31.360 --> 00:01:33.840 download and install VMware Player. Now 00:01:33.840 --> 00:01:35.439 you probably want to have like a 00:01:35.439 --> 00:01:37.680 semi-decent computer to be able 00:01:37.680 --> 00:01:39.280 to do this, maybe like at least eight 00:01:39.280 --> 00:01:41.360 gigabytes of ram and maybe dual core 00:01:41.360 --> 00:01:42.640 or something. But if you don't know about 00:01:42.640 --> 00:01:44.560 any of that, just try to go ahead and do 00:01:44.560 --> 00:01:46.560 it, and if something fails, then it fails.= 00:01:46.560 --> 00:01:47.840 I suppose. But go ahead and download 00:01:47.840 --> 00:01:49.759 VMware Player. I'll put a link to this in 00:01:49.759 --> 00:01:51.920 the description. Just download 00:01:51.920 --> 00:01:53.520 for Windows. I'm not gonna do it again 00:01:53.520 --> 00:01:54.799 because I already have it, but just go 00:01:54.799 --> 00:01:56.479 ahead and like click this, download it, 00:01:56.479 --> 00:01:58.079 and install it. You can see mine started 00:01:58.079 --> 00:01:59.360 downloading, I'm just going to go ahead 00:01:59.360 --> 00:02:00.640 and cancel this. And then while you're 00:02:00.640 --> 00:02:02.240 waiting for VMware Player to download, 00:02:02.240 --> 00:02:03.759 we'll go ahead and download the Windows 00:02:03.759 --> 00:02:06.000 10 ISO. That's basically a file that'll 00:02:06.000 --> 00:02:08.479 let us install windows 10 onto our 00:02:08.479 --> 00:02:10.399 virtual machine. So again, I'll put a link 00:02:10.399 --> 00:02:11.920 to this in the description as well, but 00:02:11.920 --> 00:02:14.480 just go ahead and go to it, and then 00:02:14.480 --> 00:02:15.920 you'll go to where it says create 00:02:15.920 --> 00:02:17.760 Windows 10 installation media and you'll 00:02:17.760 --> 00:02:19.760 say download tool, and when 00:02:19.760 --> 00:02:21.280 this downloads, just go ahead and open it. 00:02:21.280 --> 00:02:22.879 Don't be surprised if this takes a while 00:02:22.879 --> 00:02:24.480 to like start up and download. So we'll 00:02:24.480 --> 00:02:26.959 just say accept. And then we're going to 00:02:26.959 --> 00:02:27.760 click 00:02:27.760 --> 00:02:29.760 create installation media. We want to get 00:02:29.760 --> 00:02:32.319 an ISO file so we'll say next. This looks 00:02:32.319 --> 00:02:34.879 good. And we're going to say ISO file, be 00:02:34.879 --> 00:02:36.720 sure to select this. And then we'll just 00:02:36.720 --> 00:02:38.879 choose where it goes. I like this nice xp 00:02:38.879 --> 00:02:40.879 pro ISO that I have. Go ahead and put it 00:02:40.879 --> 00:02:42.560 in a folder, just remember what folder 00:02:42.560 --> 00:02:45.120 you put in. So I'll just save it to my C: 00:02:45.120 --> 00:02:47.360 _ISOs folder and then we'll 00:02:47.360 --> 00:02:49.120 wait for this to finish. And while this 00:02:49.120 --> 00:02:50.400 is going, we can actually 00:02:50.400 --> 00:02:52.800 download and install Nessus 00:02:52.800 --> 00:02:54.319 Essentials which is going to 00:02:54.319 --> 00:02:56.400 be the vulnerability scanner that we use 00:02:56.400 --> 00:02:58.319 to actually conduct our scans. So I'll 00:02:58.319 --> 00:03:00.080 put a link to this in the description as 00:03:00.080 --> 00:03:01.920 well, but you can probably find it on google. 00:03:01.920 --> 00:03:04.400 And just basically like fill this thing 00:03:04.400 --> 00:03:05.840 out. After you fill this out, you'll be 00:03:05.840 --> 00:03:07.200 able to download it and it will send 00:03:07.200 --> 00:03:09.200 like a key to your email, so just go 00:03:09.200 --> 00:03:11.120 ahead and- actually I'll just do it. Just 00:03:11.120 --> 00:03:13.599 fill this thing out, cool. So it will send 00:03:13.599 --> 00:03:16.319 an email inside of your email, I can't 00:03:16.319 --> 00:03:17.920 show it because it has a key and like, I 00:03:17.920 --> 00:03:19.599 don't know, so inside of your email 00:03:19.599 --> 00:03:21.440 there'll be like a button that says 00:03:21.440 --> 00:03:23.440 download Nessus and then there will be a 00:03:23.440 --> 00:03:24.879 key. Go ahead and click the button to 00:03:24.879 --> 00:03:26.560 download Nessus and it will take you to 00:03:26.560 --> 00:03:28.319 a page that looks like this, and just 00:03:28.319 --> 00:03:30.319 click on Nessus. And we already have an 00:03:30.319 --> 00:03:32.239 activation code, it should be in your 00:03:32.239 --> 00:03:35.200 email, so we'll pick the one for, this one, 00:03:35.200 --> 00:03:37.120 it says Windows Server 2008 blah blah 00:03:37.120 --> 00:03:39.120 blah, and then it says 10 in here. So 00:03:39.120 --> 00:03:40.959 we'll download this. Just say agree and 00:03:40.959 --> 00:03:42.720 then, you know, download it anywhere. And 00:03:42.720 --> 00:03:43.920 then meanwhile, remember in the 00:03:43.920 --> 00:03:45.840 background, Windows 10 should be still 00:03:45.840 --> 00:03:48.000 downloading. Virtual VMware Player might 00:03:48.000 --> 00:03:49.519 be downloading still too, so we just have 00:03:49.519 --> 00:03:51.120 to install that on your own. I'm not 00:03:51.120 --> 00:03:52.239 going to show it on the screen because I 00:03:52.239 --> 00:03:53.840 already have it installed. Here we are at 00:03:53.840 --> 00:03:56.560 the Tenable setup, so we just say next, 00:03:56.560 --> 00:03:59.599 accept, and just accept this location, and 00:03:59.599 --> 00:04:01.760 then go ahead and install it, and then 00:04:01.760 --> 00:04:03.599 say finish. 00:04:03.599 --> 00:04:05.439 And then it's going to kind of show 00:04:05.439 --> 00:04:07.519 this like socket up here like localhost 00:04:07.519 --> 00:04:09.280 in the port. I would recommend saving 00:04:09.280 --> 00:04:10.879 this URL because it's kind of 00:04:10.879 --> 00:04:13.040 annoying if you lose it, so just save it 00:04:13.040 --> 00:04:14.640 in like a notepad somewhere or something 00:04:14.640 --> 00:04:16.798 like this. And then we'll say connect via 00:04:16.798 --> 00:04:19.120 SSL, and just say advanced, and then say 00:04:19.120 --> 00:04:21.440 proceed. And this takes a while to set up 00:04:21.440 --> 00:04:23.040 the very first time. It has to like 00:04:23.040 --> 00:04:24.800 initialize and install things, and I 00:04:24.800 --> 00:04:26.400 assume, download a whole bunch of 00:04:26.400 --> 00:04:28.000 definitions or something like this, so 00:04:28.000 --> 00:04:29.680 just go get like some coffee or 00:04:29.680 --> 00:04:31.120 something while you wait for 00:04:31.120 --> 00:04:32.560 this to happen because it will take a 00:04:32.560 --> 00:04:34.320 while to do. And we're going to say 00:04:34.320 --> 00:04:36.720 Nessus Essentials. It's essentially free. 00:04:36.720 --> 00:04:38.560 You can read the, I guess, license 00:04:38.560 --> 00:04:40.160 agreement if you want, but we're going to 00:04:40.160 --> 00:04:41.919 install Essentials. And then just fill 00:04:41.919 --> 00:04:43.360 this thing out and we'll get an 00:04:43.360 --> 00:04:45.840 activation code. I believe I have one 00:04:45.840 --> 00:04:47.840 already. It should have emailed it to 00:04:47.840 --> 00:04:49.360 you actually. It should have emailed the 00:04:49.360 --> 00:04:51.680 activation code to you so maybe skip 00:04:51.680 --> 00:04:53.759 this, and then just paste the activation 00:04:53.759 --> 00:04:55.840 code that was in your email 00:04:55.840 --> 00:04:57.600 that you already received, and just 00:04:57.600 --> 00:04:59.199 continue. And then this is where you're 00:04:59.199 --> 00:05:00.720 going to set up a username and password. 00:05:00.720 --> 00:05:02.000 Just make sure you don't forget this. It 00:05:02.000 --> 00:05:03.600 might be troublesome, you know, if you 00:05:03.600 --> 00:05:04.960 forget it, you'll have to reset it or 00:05:04.960 --> 00:05:07.600 something like this. So just set up a 00:05:07.600 --> 00:05:09.520 password, I guess. And this is the part 00:05:09.520 --> 00:05:11.440 that takes a while, so just, you know, go 00:05:11.440 --> 00:05:13.759 get coffee or sandwich or something, and 00:05:13.759 --> 00:05:16.639 we will meet back here. Okay so while 00:05:16.639 --> 00:05:17.919 this is still installing and 00:05:17.919 --> 00:05:19.840 initializing and doing everything that it 00:05:19.840 --> 00:05:21.520 needs to do, let's go ahead and set up 00:05:21.520 --> 00:05:23.199 our virtual machine since this is going 00:05:23.199 --> 00:05:25.199 to take some time anyway. So by now you 00:05:25.199 --> 00:05:27.440 should have downloaded and installed 00:05:27.440 --> 00:05:29.440 VMware Workstation Player. So we'll just 00:05:29.440 --> 00:05:31.759 go ahead and open this up and check on 00:05:31.759 --> 00:05:34.880 your Windows 10 ISO download. It should 00:05:34.880 --> 00:05:36.800 be finished by now as well, maybe it 00:05:36.800 --> 00:05:38.560 looks something like this, and then it 00:05:38.560 --> 00:05:40.479 shows you like where it's at the C: ISO 00:05:40.479 --> 00:05:42.720 Windows dot or yeah, wherever you put 00:05:42.720 --> 00:05:44.400 yours. So just take note of this and 00:05:44.400 --> 00:05:46.400 we'll say finish, cool. And then we're 00:05:46.400 --> 00:05:48.560 going to create a new virtual machine 00:05:48.560 --> 00:05:50.560 inside of VMware Workstation Player. 00:05:50.560 --> 00:05:52.639 We'll go to player and then file and 00:05:52.639 --> 00:05:55.280 then new virtual machine. And then 00:05:55.280 --> 00:05:57.360 for the installer we're going to say 00:05:57.360 --> 00:05:59.520 browse, and then we'll just browse to 00:05:59.520 --> 00:06:01.120 wherever you downloaded the Windows 10 00:06:01.120 --> 00:06:03.120 ISO. So this could probably be named 00:06:03.120 --> 00:06:05.280 something better, but that's okay. So 00:06:05.280 --> 00:06:06.960 we'll say next, and just name this 00:06:06.960 --> 00:06:09.039 something appropriate. This is fine. This 00:06:09.039 --> 00:06:11.039 location's fine. I guess you can change 00:06:11.039 --> 00:06:13.039 it if you want. So we'll say next. Maximum 00:06:13.039 --> 00:06:15.919 disk size, this is fine. We're not 00:06:15.919 --> 00:06:17.440 gonna really put anything on it, I'm just 00:06:17.440 --> 00:06:19.520 gonna set mine at 50. And then we'll 00:06:19.520 --> 00:06:21.600 go to customize hardware, and for memory 00:06:21.600 --> 00:06:24.080 like if you don't know how much RAM you 00:06:24.080 --> 00:06:26.880 have, maybe just like leave this as it is. 00:06:26.880 --> 00:06:28.479 I'm going to increase mine a little bit. 00:06:28.479 --> 00:06:30.080 I'll increase this a little bit. If you 00:06:30.080 --> 00:06:32.479 don't know about your CPU, just leave it 00:06:32.479 --> 00:06:34.479 as is. But we do have to change the 00:06:34.479 --> 00:06:36.400 network adapter. We should change it to 00:06:36.400 --> 00:06:38.319 bridged. Without explaining too deeply, 00:06:38.319 --> 00:06:40.400 bridged kind of puts this virtual machine 00:06:40.400 --> 00:06:42.240 on the same network as your actual 00:06:42.240 --> 00:06:45.120 physical computer, so your nessus 00:06:45.120 --> 00:06:47.280 implementation can talk to the 00:06:47.280 --> 00:06:48.400 virtual machine 00:06:48.400 --> 00:06:51.520 more easily. This looks good. We'll close 00:06:51.520 --> 00:06:53.599 this. And this is good, power on after 00:06:53.599 --> 00:06:55.759 creation, we'll just say finish. Kind of move 00:06:55.759 --> 00:06:57.039 Tenable 00:06:57.039 --> 00:06:58.479 to the side. 00:06:58.479 --> 00:07:01.039 And then after the VM finishes getting 00:07:01.039 --> 00:07:03.360 kind of created, it's going to launch and 00:07:03.360 --> 00:07:04.880 then we're going to have a chance to 00:07:04.880 --> 00:07:06.720 install Windows. Be sure to press any key 00:07:06.720 --> 00:07:08.960 to boot into the ISO when it asks. And if 00:07:08.960 --> 00:07:11.039 your cursor is gone, you can see 00:07:11.039 --> 00:07:12.639 in the lower left it says like press 00:07:12.639 --> 00:07:14.560 control alt to release your cursor, and 00:07:14.560 --> 00:07:16.080 then you can get your cursor back. So 00:07:16.080 --> 00:07:18.800 we're just going to install windows 10. 00:07:18.800 --> 00:07:21.360 So we'll just say next, install, and say I 00:07:21.360 --> 00:07:23.199 don't have a product key. You can close 00:07:23.199 --> 00:07:24.960 this message down here. And just pick 00:07:24.960 --> 00:07:27.440 Windows 10 Pro and say next, and we'll 00:07:27.440 --> 00:07:30.319 say accept, say next, and say custom, and 00:07:30.319 --> 00:07:32.560 then this is our blank hard drive, so 00:07:32.560 --> 00:07:34.160 click on that. It's the only one you can click 00:07:34.160 --> 00:07:35.599 and just say next. And then this will 00:07:35.599 --> 00:07:37.280 take some time to install too, so I'll 00:07:37.280 --> 00:07:38.639 kind of come back when one of these 00:07:38.639 --> 00:07:40.240 finishes. Cool, so it looks like both 00:07:40.240 --> 00:07:42.160 finished now. I'll just finish setting up 00:07:42.160 --> 00:07:46.160 the VM. I will say yes and US and skip. 00:07:46.160 --> 00:07:47.919 And for Nessus we'll just kind of, 00:07:47.919 --> 00:07:49.440 we'll close this thing here, and then 00:07:49.440 --> 00:07:50.960 we'll just kind of wait on this 00:07:50.960 --> 00:07:53.120 until we finish setting up the virtual 00:07:53.120 --> 00:07:54.160 machine. 00:07:54.160 --> 00:07:56.960 And we'll say set up for personal use, 00:07:56.960 --> 00:07:59.599 and next, and then we'll say offline account, 00:07:59.599 --> 00:08:02.639 limited experience, and then just name, 00:08:02.639 --> 00:08:05.520 I don't know, just name it like admin, and 00:08:05.520 --> 00:08:07.520 make a password, but just remember 00:08:07.520 --> 00:08:09.520 what it is. Make it like something simple 00:08:09.520 --> 00:08:10.720 because we're going to use this later 00:08:10.720 --> 00:08:12.240 for the credentialed scans, so just 00:08:12.240 --> 00:08:14.160 remember what it is. It's troublesome, you 00:08:14.160 --> 00:08:15.759 know, if you forget it. 00:08:15.759 --> 00:08:17.599 Just make up something for these 00:08:17.599 --> 00:08:19.520 if it asks you. This is just like, you 00:08:19.520 --> 00:08:22.639 know, a junk VM, no one cares. Say no for 00:08:22.639 --> 00:08:25.280 all of these things. Not now. Cool, okay. 00:08:25.280 --> 00:08:27.199 Now everything is totally set up. We have 00:08:27.199 --> 00:08:29.759 our VM here and then we have our Nessus 00:08:29.759 --> 00:08:33.039 Essentials set up and ready to go. So for 00:08:33.039 --> 00:08:34.799 now we're just going to do a kind of 00:08:34.799 --> 00:08:37.039 basic scan against the virtual machine. 00:08:37.039 --> 00:08:38.880 There's, we're going to do a credentialed 00:08:38.880 --> 00:08:40.719 scan later which I'll kind of explain, 00:08:40.719 --> 00:08:42.320 but I just want to make sure we can scan 00:08:42.320 --> 00:08:44.240 it and make sure we can kind of get some 00:08:44.240 --> 00:08:46.240 kind of result back. So before we do that, 00:08:46.240 --> 00:08:48.480 I'm going to go to the VM and like get 00:08:48.480 --> 00:08:50.560 the IP address from it. So go, make sure 00:08:50.560 --> 00:08:52.640 to go to the VM, not your actual computer, 00:08:52.640 --> 00:08:54.720 but go to the VM. Click start, open up 00:08:54.720 --> 00:08:56.720 command line, and then we will type 00:08:56.720 --> 00:09:00.080 ipconfig just to get the IPv4 IP address. 00:09:00.080 --> 00:09:02.000 And we're going to ping this from our 00:09:02.000 --> 00:09:03.839 local machine just to make sure that we 00:09:03.839 --> 00:09:06.399 can reach it, I guess, essentially. So open 00:09:06.399 --> 00:09:08.240 up the command line on your 00:09:08.240 --> 00:09:10.720 PC, and we will just say, we'll just ping 00:09:10.720 --> 00:09:14.519 this IP address. So we'll just say ping 00:09:14.519 --> 00:09:16.880 10.0.0.189 and then we'll do -t 00:09:16.880 --> 00:09:18.640 which means like perpetual ping, like 00:09:18.640 --> 00:09:20.800 keep going forever until we cancel it. 00:09:20.800 --> 00:09:23.200 And we see like it's timing out, so 00:09:23.200 --> 00:09:25.839 we just have to disable the firewall on 00:09:25.839 --> 00:09:27.600 our virtual machine here. You might not 00:09:27.600 --> 00:09:28.800 want to do this in production, it just 00:09:28.800 --> 00:09:30.320 depends on like what other controls you 00:09:30.320 --> 00:09:32.560 have in place. So we will minimize this, 00:09:32.560 --> 00:09:35.279 we'll go to our VM here, and then we will 00:09:35.279 --> 00:09:36.200 type 00:09:36.200 --> 00:09:38.720 wf.msc, it's this windows firewall 00:09:38.720 --> 00:09:40.320 microsoft something console, can't 00:09:40.320 --> 00:09:42.000 remember. So we'll open the firewall and 00:09:42.000 --> 00:09:43.200 we're just going to do a lot of this 00:09:43.200 --> 00:09:44.880 stuff for our lab. So we'll go to 00:09:44.880 --> 00:09:47.120 defender firewall properties, and just on 00:09:47.120 --> 00:09:48.640 these first three tabs, we'll just turn 00:09:48.640 --> 00:09:50.160 all three of them off. Like domain 00:09:50.160 --> 00:09:52.080 profile off, private profile off, public 00:09:52.080 --> 00:09:54.080 profile off, and we'll just say okay here. 00:09:54.080 --> 00:09:55.600 The firewall is off. And then we notice 00:09:55.600 --> 00:09:57.680 that the ping is kind of going through 00:09:57.680 --> 00:09:59.760 on our local computer here. So we can 00:09:59.760 --> 00:10:01.920 press ctrl c to cancel this. And we'll 00:10:01.920 --> 00:10:03.680 just copy this IP address. This is the IP 00:10:03.680 --> 00:10:05.839 address of our VM. We will close this. And 00:10:05.839 --> 00:10:09.200 then this is our Nessus Essentials. 00:10:09.200 --> 00:10:11.040 Essentially it's like a web app 00:10:11.040 --> 00:10:12.720 essentially, so we'll go back to this and 00:10:12.720 --> 00:10:14.720 then we're going to create a new scan. So 00:10:14.720 --> 00:10:17.360 we'll just do a basic network scan here. 00:10:17.360 --> 00:10:19.040 And so we'll just name it like, I don't 00:10:19.040 --> 00:10:21.680 know, Windows 10 single host, something 00:10:21.680 --> 00:10:23.360 like this. And then for targets we'll 00:10:23.360 --> 00:10:25.440 just paste, this is our virtual 00:10:25.440 --> 00:10:26.880 machine's IP address, so we'll just kind 00:10:26.880 --> 00:10:28.320 of paste it in here. We don't really need 00:10:28.320 --> 00:10:30.160 to change anything else on here. We're 00:10:30.160 --> 00:10:31.680 just going to do like a manual scan, but 00:10:31.680 --> 00:10:33.200 you know, take note that you can do 00:10:33.200 --> 00:10:34.720 like a scheduled scan if you're working 00:10:34.720 --> 00:10:36.320 in an organization, you want to scan like 00:10:36.320 --> 00:10:38.320 every x days or like every Tuesday or 00:10:38.320 --> 00:10:40.160 something like this. Port scan common ports, 00:10:40.160 --> 00:10:41.920 port scan all ports, obviously all 00:10:41.920 --> 00:10:43.279 ports going to take longer, you can 00:10:43.279 --> 00:10:44.800 customize it. There's a bunch of settings 00:10:44.800 --> 00:10:46.399 that you can kind of explore in here on 00:10:46.399 --> 00:10:48.640 your own. And there is, there's also 00:10:48.640 --> 00:10:51.120 this credentials page which we'll get 00:10:51.120 --> 00:10:52.959 into in a little bit, but basically you 00:10:52.959 --> 00:10:54.480 can, we won't do this yet, but you can 00:10:54.480 --> 00:10:56.480 enter credentials in here like the 00:10:56.480 --> 00:10:58.160 username and password that we made when 00:10:58.160 --> 00:10:59.680 we created the virtual machine, and then 00:10:59.680 --> 00:11:02.240 the scanner will kind of go into the 00:11:02.240 --> 00:11:03.920 machine more deeply and like look 00:11:03.920 --> 00:11:05.440 through the registry and the file system 00:11:05.440 --> 00:11:07.440 and like more things. And the reason for 00:11:07.440 --> 00:11:09.440 this is you can kind of discover more 00:11:09.440 --> 00:11:10.720 vulnerabilities if you have like 00:11:10.720 --> 00:11:12.959 deprecated software or insecure services 00:11:12.959 --> 00:11:14.480 or something like this running. 00:11:14.480 --> 00:11:17.040 This is what this kind of credentialed, the 00:11:17.040 --> 00:11:19.120 credentials page, is for. But right now 00:11:19.120 --> 00:11:20.560 we're just going to do like a basic 00:11:20.560 --> 00:11:22.320 network kind of port scan. It's not going 00:11:22.320 --> 00:11:23.920 to be too deep. Just want to make sure we 00:11:23.920 --> 00:11:25.440 can scan it and get some kind of 00:11:25.440 --> 00:11:27.360 information back. So we have our IP 00:11:27.360 --> 00:11:31.040 address and we will just say save. We'll, oh, 00:11:31.040 --> 00:11:33.279 remove this credentials, oops. And then 00:11:33.279 --> 00:11:35.519 just say save. And then this is our, this 00:11:35.519 --> 00:11:37.600 is our scan. It's not running, it's 00:11:37.600 --> 00:11:38.800 just kind of like a scan that's 00:11:38.800 --> 00:11:40.560 configured that we can run in the future, 00:11:40.560 --> 00:11:42.480 so we'll just go ahead and click launch 00:11:42.480 --> 00:11:44.480 now and launch the scan. And I believe 00:11:44.480 --> 00:11:46.480 you can kind of sometimes see 00:11:46.480 --> 00:11:48.240 the progress of it like if you click it, 00:11:48.240 --> 00:11:50.959 you can see, you know, what it has done so 00:11:50.959 --> 00:11:53.360 far. It makes like little logs and then 00:11:53.360 --> 00:11:54.800 the findings will kind of be on this 00:11:54.800 --> 00:11:56.399 page, but we can just go back. Click back 00:11:56.399 --> 00:11:58.160 to my host and then back to my scans, and 00:11:58.160 --> 00:11:59.839 we'll just kind of wait for this to 00:11:59.839 --> 00:12:01.760 finish. Cool, so we can now see that our 00:12:01.760 --> 00:12:04.480 scan has finished over here. It says like 00:12:04.480 --> 00:12:05.839 today and there's like a check mark. So 00:12:05.839 --> 00:12:07.600 we can just kind of click this to look 00:12:07.600 --> 00:12:10.079 at the individual results for it, and you 00:12:10.079 --> 00:12:12.480 can see like down here like blue is info, 00:12:12.480 --> 00:12:14.800 green is low, medium it's yellow, etc. And 00:12:14.800 --> 00:12:16.399 depending on the organization you work 00:12:16.399 --> 00:12:18.320 for, like a lot of people, a lot of orgs 00:12:18.320 --> 00:12:20.160 like won't even, depending on what they 00:12:20.160 --> 00:12:21.920 are, a lot of orgs won't even like really 00:12:21.920 --> 00:12:23.600 touch medium or lows because they have 00:12:23.600 --> 00:12:25.120 like so many criticals and highs that 00:12:25.120 --> 00:12:26.880 kind of take precedence. And because we 00:12:26.880 --> 00:12:28.959 didn't use any credentials for our scan, 00:12:28.959 --> 00:12:31.600 we don't really see that much of what 00:12:31.600 --> 00:12:33.519 might be actually vulnerable inside the 00:12:33.519 --> 00:12:35.360 VM, but we do see like some things here. 00:12:35.360 --> 00:12:36.480 So we can click 00:12:36.480 --> 00:12:38.320 vulnerabilities up here and just kind of 00:12:38.320 --> 00:12:40.320 look through these a tiny bit. We can see 00:12:40.320 --> 00:12:42.240 like SMB signing is not required. If 00:12:42.240 --> 00:12:44.079 that's something that your org cares 00:12:44.079 --> 00:12:45.680 about, you can kind of read about it here 00:12:45.680 --> 00:12:48.000 more, and consider like implementing 00:12:48.000 --> 00:12:49.839 implementing the solution to 00:12:49.839 --> 00:12:52.079 kind of remediate this vulnerability. 00:12:52.079 --> 00:12:54.079 There's other kind of interesting things 00:12:54.079 --> 00:12:56.399 in here. Traceroute information, it's 00:12:56.399 --> 00:12:58.399 listed as info, means it's not 00:12:58.399 --> 00:13:00.320 could not necessarily be a vulnerability, 00:13:00.320 --> 00:13:02.079 but just something you should be aware 00:13:02.079 --> 00:13:04.079 of, that you can see traceroute information 00:13:04.079 --> 00:13:06.480 which means like ICMP is 00:13:06.480 --> 00:13:08.959 accepted on this particular host. 00:13:08.959 --> 00:13:10.639 And down here we can see 00:13:10.639 --> 00:13:12.560 target credential status by 00:13:12.560 --> 00:13:14.720 authentication protocol, and it says like 00:13:14.720 --> 00:13:16.399 Nessus was not able to successfully 00:13:16.399 --> 00:13:17.839 authenticate to the remote target 00:13:17.839 --> 00:13:19.279 because we didn't actually provide any 00:13:19.279 --> 00:13:20.720 credentials, and we can see that down 00:13:20.720 --> 00:13:23.680 here. SMB was detected on port 445, 00:13:23.680 --> 00:13:26.240 means it's listening on 445, but we 00:13:26.240 --> 00:13:28.000 didn't provide any credentials. That's a 00:13:28.000 --> 00:13:29.360 kind of vulnerability, that's a 00:13:29.360 --> 00:13:31.440 vulnerability scan, some basic results. So 00:13:31.440 --> 00:13:32.639 the next thing we're going to do is 00:13:32.639 --> 00:13:34.720 we're going to, we're going to set up the 00:13:34.720 --> 00:13:36.720 virtual machine to be able to accept 00:13:36.720 --> 00:13:38.560 authenticated scans, and then we're going 00:13:38.560 --> 00:13:40.480 to provide some credentials to Nessus, 00:13:40.480 --> 00:13:41.920 and then we're going to try to rescan 00:13:41.920 --> 00:13:43.680 the virtual machine with credentials, and 00:13:43.680 --> 00:13:45.839 then kind of compare the results of the 00:13:45.839 --> 00:13:47.440 new scan which with these ones that 00:13:47.440 --> 00:13:49.360 we're looking at here. So we'll go back 00:13:49.360 --> 00:13:51.680 to my scans. Actually we'll go back to 00:13:51.680 --> 00:13:53.760 the virtual machine here, and then we'll 00:13:53.760 --> 00:13:54.680 open up 00:13:54.680 --> 00:13:56.720 services.msc. And there may be better 00:13:56.720 --> 00:13:57.920 ways to do what I'm doing like 00:13:57.920 --> 00:13:59.519 especially if you're in like a corporate 00:13:59.519 --> 00:14:01.839 environment. I got these steps from 00:14:01.839 --> 00:14:04.320 Nessus, the things that they recommend to 00:14:04.320 --> 00:14:06.320 actually do credentialed scans against 00:14:06.320 --> 00:14:08.560 windows hosts that are not on the domain. 00:14:08.560 --> 00:14:09.839 So that's kind of what we're 00:14:09.839 --> 00:14:11.600 using here, so I'm just going to first 00:14:11.600 --> 00:14:13.760 I'm going to enable the remote registry. 00:14:13.760 --> 00:14:16.480 The remote registry which will allow the 00:14:16.480 --> 00:14:17.920 scanner to connect to this computer's 00:14:17.920 --> 00:14:19.440 registry, and like kind of crawl through 00:14:19.440 --> 00:14:20.959 the registry and look for insecure 00:14:20.959 --> 00:14:23.199 configurations like maybe deprecated 00:14:23.199 --> 00:14:24.959 cypher suites that might be enabled. You 00:14:24.959 --> 00:14:26.480 can enable and disable those in the 00:14:26.480 --> 00:14:28.160 registry, so I'm just going to enable 00:14:28.160 --> 00:14:30.639 remote registry so our scanner can 00:14:30.639 --> 00:14:32.720 connect to the registry. So I enabled it 00:14:32.720 --> 00:14:34.560 and I turned it on, and then next we're 00:14:34.560 --> 00:14:36.480 going to, be careful when you close this so 00:14:36.480 --> 00:14:38.240 you don't close the actual VM. I'm just 00:14:38.240 --> 00:14:40.000 closing like the window inside. I'll 00:14:40.000 --> 00:14:41.600 close the firewall. And the next thing, I'll 00:14:41.600 --> 00:14:44.880 enable file and printer sharing so, oh it 00:14:44.880 --> 00:14:47.279 looks like it's possibly already on. Turn 00:14:47.279 --> 00:14:49.120 on sharing so anyone with network, I 00:14:49.120 --> 00:14:50.880 don't think public folder sharing needs 00:14:50.880 --> 00:14:52.639 to be on. I was going to turn this on but 00:14:52.639 --> 00:14:54.160 it looks like it's on already. Turn on 00:14:54.160 --> 00:14:55.839 network discovery, file, and printer 00:14:55.839 --> 00:14:57.360 sharing, oh, looks like it's already on. If 00:14:57.360 --> 00:14:58.959 yours are not on, just make sure to turn 00:14:58.959 --> 00:15:00.880 the file and printer sharing on. 00:15:00.880 --> 00:15:03.199 And then we will go to user account 00:15:03.199 --> 00:15:05.839 control, and this is not good to do, 00:15:05.839 --> 00:15:07.839 but our computer is not on the domain so 00:15:07.839 --> 00:15:09.760 we have to do these kind of hack things 00:15:09.760 --> 00:15:11.760 to be able to scan it. So I'll disable 00:15:11.760 --> 00:15:13.920 this, say okay, say yes. And then we're 00:15:13.920 --> 00:15:16.240 going to open the registry and then 00:15:16.240 --> 00:15:18.480 add a key that's supposed to allow the 00:15:18.480 --> 00:15:20.560 remote account to like connect in. And 00:15:20.560 --> 00:15:21.600 next we're going to connect to the 00:15:21.600 --> 00:15:23.279 registry and add a key that's supposed 00:15:23.279 --> 00:15:25.839 to I guess further disable user account 00:15:25.839 --> 00:15:27.600 control for the remote account we're 00:15:27.600 --> 00:15:29.279 going to use to connect to this 00:15:29.279 --> 00:15:31.519 computer during our scan. So just go to 00:15:31.519 --> 00:15:33.440 start and type regedit. Again, I got this 00:15:33.440 --> 00:15:35.519 documentation from Nessus, I'll put a 00:15:35.519 --> 00:15:37.120 link to it in the description. So we will 00:15:37.120 --> 00:15:40.560 browse to a local machine here, so we'll 00:15:40.560 --> 00:15:44.399 go to local machine, software, Microsoft, 00:15:44.399 --> 00:15:48.240 Windows, current version, policies, system, 00:15:48.240 --> 00:15:50.959 and then inside here we'll create a 00:15:50.959 --> 00:15:53.920 DWORD called local account token filter 00:15:53.920 --> 00:15:55.519 policy, so 00:15:55.519 --> 00:15:59.600 local account token filter policy, local 00:15:59.600 --> 00:16:02.480 account token filter policy. We'll say enter 00:16:02.480 --> 00:16:04.880 and then we'll set this value to 1, and 00:16:04.880 --> 00:16:06.079 we'll close this. And we'll go ahead and 00:16:06.079 --> 00:16:07.680 restart our virtual machine at this 00:16:07.680 --> 00:16:09.199 point. Cool, and then we'll log in, 00:16:09.199 --> 00:16:11.440 remember our username, I made mine admin, 00:16:11.440 --> 00:16:13.120 and then whatever your password is, just 00:16:13.120 --> 00:16:14.720 make sure you don't forget it. And we 00:16:14.720 --> 00:16:18.160 should be ready to scan our computer now. 00:16:18.160 --> 00:16:19.440 We're going to edit this scan that we 00:16:19.440 --> 00:16:22.000 made, so go back to Nessus Essentials, and 00:16:22.000 --> 00:16:24.959 then we will, oh, so check this box next 00:16:24.959 --> 00:16:27.040 to the scan, and then go to more, and then go 00:16:27.040 --> 00:16:28.560 to configure, and then we're going to add 00:16:28.560 --> 00:16:30.079 a set of credentials to this, and we're 00:16:30.079 --> 00:16:32.079 going to add Windows credentials. So 00:16:32.079 --> 00:16:33.680 we're going to use password, and remember, 00:16:33.680 --> 00:16:35.680 our username is admin, so if you go to 00:16:35.680 --> 00:16:38.880 the VM and go to cmd and type like 00:16:38.880 --> 00:16:41.360 whoami, the name is 00:16:41.360 --> 00:16:43.680 admin right, so we'll say admin, and then 00:16:43.680 --> 00:16:45.600 whatever you made the password. And I 00:16:45.600 --> 00:16:46.639 believe, 00:16:46.639 --> 00:16:48.160 I believe we can like leave all these 00:16:48.160 --> 00:16:50.079 things as default, if it breaks, I mean 00:16:50.079 --> 00:16:51.759 maybe we can come back and configure it, or 00:16:51.759 --> 00:16:53.279 if it doesn't work, we can check it. So 00:16:53.279 --> 00:16:56.240 we'll save this as it is. So it saved, and then 00:16:56.240 --> 00:16:58.639 we'll go back, and back to scans, and then 00:16:58.639 --> 00:17:00.880 we'll run this scan one more time. 00:17:00.880 --> 00:17:02.639 When this finishes, we'll compare the 00:17:02.639 --> 00:17:04.559 results with the first scan and 00:17:04.559 --> 00:17:06.240 technically we should see more results 00:17:06.240 --> 00:17:07.760 with this one because we enabled 00:17:07.760 --> 00:17:09.359 credentialed scanning and we kind of 00:17:09.359 --> 00:17:12.079 configured the vm to accept remote scan 00:17:12.079 --> 00:17:13.760 so we'll see what happens so i'll just 00:17:13.760 --> 00:17:15.520 pause this and i'll come back i'll pause 00:17:15.520 --> 00:17:17.119 the video and come back when it finishes 00:17:17.119 --> 00:17:18.880 okay it's been a few minutes and it 00:17:18.880 --> 00:17:20.799 looks like our scan is finished here so 00:17:20.799 --> 00:17:23.280 we will click on this and we can see 00:17:23.280 --> 00:17:25.280 like immediately remember last time we 00:17:25.280 --> 00:17:27.119 we had like one medium and a bunch of 00:17:27.119 --> 00:17:29.039 infos now we have like seven criticals 00:17:29.039 --> 00:17:31.919 38 highs and you know four mediums and a 00:17:31.919 --> 00:17:33.840 whole bunch more infos it's pretty 00:17:33.840 --> 00:17:35.520 interesting so before we like really 00:17:35.520 --> 00:17:37.039 dive into the vulnerabilities and all 00:17:37.039 --> 00:17:39.200 this i'll just click on history over 00:17:39.200 --> 00:17:40.559 here really quick and this is the 00:17:40.559 --> 00:17:41.760 current one and you can see the 00:17:41.760 --> 00:17:43.760 vulnerabilities down here um you can see 00:17:43.760 --> 00:17:45.600 you know five percent criticals etc and 00:17:45.600 --> 00:17:47.360 then if we click on our first scan we 00:17:47.360 --> 00:17:49.280 can see like we didn't use credentials 00:17:49.280 --> 00:17:50.880 for this so we couldn't look at the file 00:17:50.880 --> 00:17:52.559 system or the registry or any other 00:17:52.559 --> 00:17:54.960 running services or or any of that so 00:17:54.960 --> 00:17:56.480 you can see this there's like a big 00:17:56.480 --> 00:17:58.160 difference in doing credentialed scan 00:17:58.160 --> 00:18:00.240 versus like uncredentialed scans so this 00:18:00.240 --> 00:18:02.320 kind of like solidifies the importance 00:18:02.320 --> 00:18:04.240 of running credential scans whether or 00:18:04.240 --> 00:18:06.000 not you're like scanning cisco devices 00:18:06.000 --> 00:18:07.919 or like linux machines or like windows 00:18:07.919 --> 00:18:10.480 machines or macs or whatever if you can 00:18:10.480 --> 00:18:12.559 use credentials um you can really like 00:18:12.559 --> 00:18:14.720 discover more vulnerabilities so i'll 00:18:14.720 --> 00:18:16.400 just click on the vulnerabilities tab 00:18:16.400 --> 00:18:17.919 here first and we'll just kind of like 00:18:17.919 --> 00:18:19.520 look at these a little bit we can see 00:18:19.520 --> 00:18:21.600 like um this this is essentially the 00:18:21.600 --> 00:18:23.919 list of findings and some of the these 00:18:23.919 --> 00:18:25.600 are mixed so if we click on this for 00:18:25.600 --> 00:18:27.520 example we can see it's like a 00:18:27.520 --> 00:18:29.520 combination of like mostly criticals and 00:18:29.520 --> 00:18:31.280 highs and you can see it's like mostly 00:18:31.280 --> 00:18:33.919 edge mostly edge which can probably be 00:18:33.919 --> 00:18:35.679 remediated from like updating running 00:18:35.679 --> 00:18:37.280 windows updates essentially and you can 00:18:37.280 --> 00:18:38.960 kind of look at these individual ones 00:18:38.960 --> 00:18:41.600 and and dive uh more deep into them to 00:18:41.600 --> 00:18:43.440 see like what the actual thing is and 00:18:43.440 --> 00:18:45.039 like how to fix it 00:18:45.039 --> 00:18:46.720 uh so we can go back a little bit we'll 00:18:46.720 --> 00:18:48.000 back up a little bit more so 00:18:48.000 --> 00:18:49.760 vulnerabilities around edge around 00:18:49.760 --> 00:18:52.160 windows around a bunch of other stuff um 00:18:52.160 --> 00:18:54.000 if we click on remediations this tab 00:18:54.000 --> 00:18:56.080 kind of gives us like a high level like 00:18:56.080 --> 00:18:58.400 instructions on how to like remediate 00:18:58.400 --> 00:18:59.679 most of the findings from like a really 00:18:59.679 --> 00:19:01.520 high level basically just like run 00:19:01.520 --> 00:19:03.200 windows updates is what i'm is what i'm 00:19:03.200 --> 00:19:05.120 seeing here um so security updates 00:19:05.120 --> 00:19:07.039 install this kb to fix a bunch of other 00:19:07.039 --> 00:19:09.039 ones and then all this is pretty much 00:19:09.039 --> 00:19:11.360 windows updates and this vpr top threats 00:19:11.360 --> 00:19:14.320 these vpr vpr top threats is essentially 00:19:14.320 --> 00:19:16.080 what tenable is like recommending we 00:19:16.080 --> 00:19:18.080 prioritize to remediate probably based 00:19:18.080 --> 00:19:21.360 on um cvss score and like whatever other 00:19:21.360 --> 00:19:24.559 metrics they use so like i would say um 00:19:24.559 --> 00:19:26.400 before like if i were 00:19:26.400 --> 00:19:28.240 doing this in like a an organization 00:19:28.240 --> 00:19:29.520 like the first thing you want to do is 00:19:29.520 --> 00:19:31.120 like make sure you have third-party 00:19:31.120 --> 00:19:33.760 patching and like windows os patching 00:19:33.760 --> 00:19:35.760 like set up properly and like properly 00:19:35.760 --> 00:19:37.440 being like tested and deployed on 00:19:37.440 --> 00:19:38.799 regular intervals so you don't have to 00:19:38.799 --> 00:19:40.880 like kind of go through and deal with 00:19:40.880 --> 00:19:43.200 these like individual vulnerabilities 00:19:43.200 --> 00:19:44.960 the related that are related to things 00:19:44.960 --> 00:19:46.960 that can be easily fixed by like augment 00:19:46.960 --> 00:19:48.799 automated patching and stuff like this 00:19:48.799 --> 00:19:51.520 so before um i start like 00:19:51.520 --> 00:19:53.840 remediating these and fixing them i'm 00:19:53.840 --> 00:19:55.600 gonna install some like deprecated 00:19:55.600 --> 00:19:57.919 software on this computer like a really 00:19:57.919 --> 00:19:59.600 old version of firefox and then we're 00:19:59.600 --> 00:20:01.760 gonna kind of run another scan and then 00:20:01.760 --> 00:20:03.919 observe the results from that as well so 00:20:03.919 --> 00:20:05.200 i'm gonna get this old version of 00:20:05.200 --> 00:20:07.360 firefox i'll put a i'll put a link to it 00:20:07.360 --> 00:20:09.200 in the description i was gonna say i'm 00:20:09.200 --> 00:20:10.799 worried about doing that but i'll put a 00:20:10.799 --> 00:20:12.080 link to it in the description it's 00:20:12.080 --> 00:20:14.400 really old from six years ago apparently 00:20:14.400 --> 00:20:16.720 so we'll just download this uh firefox 00:20:16.720 --> 00:20:18.960 3612. and make sure to do this make sure 00:20:18.960 --> 00:20:20.400 you're doing this in the virtual machine 00:20:20.400 --> 00:20:22.159 don't accidentally do it on your on your 00:20:22.159 --> 00:20:24.799 computer and that's 00:20:24.799 --> 00:20:26.880 what i'm actually doing so make sure to 00:20:26.880 --> 00:20:29.120 go to the virtual machine so we'll open 00:20:29.120 --> 00:20:31.280 up edge in our virtual machine and then 00:20:31.280 --> 00:20:33.520 we'll paste oh no i can't paste it i'm 00:20:33.520 --> 00:20:34.960 just gonna search like download 00:20:34.960 --> 00:20:36.960 deprecated firefox i shouldn't i 00:20:36.960 --> 00:20:38.559 shouldn't use the word deprecated i'll 00:20:38.559 --> 00:20:42.240 say download old firefox and 00:20:42.240 --> 00:20:44.159 i think i can click here and do it if 00:20:44.159 --> 00:20:46.080 you want to downgrade directory i'll go 00:20:46.080 --> 00:20:48.080 to directory of all old ones and then 00:20:48.080 --> 00:20:50.480 i'll get 3612. this is random by the way 00:20:50.480 --> 00:20:51.840 you can get any old version that you 00:20:51.840 --> 00:20:53.520 want i'm just using this one because i i 00:20:53.520 --> 00:20:58.080 did it already um win32 uh en us and 00:20:58.080 --> 00:20:59.919 i'll get this so we'll open this and 00:20:59.919 --> 00:21:02.400 then install this super old version of 00:21:02.400 --> 00:21:05.600 firefox we'll say next standard sure and 00:21:05.600 --> 00:21:07.840 then sure we can launch it i guess uh 00:21:07.840 --> 00:21:10.559 yeah why not cool so this is old old 00:21:10.559 --> 00:21:13.520 firefox so now we have an old firefox on 00:21:13.520 --> 00:21:15.120 our computer so we'll close this this is 00:21:15.120 --> 00:21:16.559 our virtual machine remember here's 00:21:16.559 --> 00:21:18.720 firefox and then so we will go back to 00:21:18.720 --> 00:21:21.039 our scans here this is on our host 00:21:21.039 --> 00:21:22.720 machine and this is nessus so we'll go 00:21:22.720 --> 00:21:24.240 back to our scans and we don't need to 00:21:24.240 --> 00:21:26.400 change our scan anymore we'll just click 00:21:26.400 --> 00:21:28.559 launch and it will just run another scan 00:21:28.559 --> 00:21:30.640 it will do the same thing scan all scan 00:21:30.640 --> 00:21:32.320 the common open ports inspect the 00:21:32.320 --> 00:21:35.360 registry inspect the services and then 00:21:35.360 --> 00:21:36.960 inspect the file system it's going to 00:21:36.960 --> 00:21:39.360 discover this old deprecated version of 00:21:39.360 --> 00:21:40.880 firefox there's like a million 00:21:40.880 --> 00:21:42.559 vulnerabilities in it probably so 00:21:42.559 --> 00:21:44.480 hopefully we'll we'll see that reflected 00:21:44.480 --> 00:21:46.159 in the scan results when this finishes 00:21:46.159 --> 00:21:47.760 here in a couple of minutes okay it's 00:21:47.760 --> 00:21:49.520 been a couple more minutes and our scan 00:21:49.520 --> 00:21:51.200 is finished so we can click on this 00:21:51.200 --> 00:21:53.039 again and we'll see like our our 00:21:53.039 --> 00:21:55.520 vulnerabilities like went up to 68 00:21:55.520 --> 00:21:57.039 critical now so before we kind of dive 00:21:57.039 --> 00:21:58.480 into these again we'll check out the 00:21:58.480 --> 00:22:00.159 history just so we can see like a trend 00:22:00.159 --> 00:22:02.159 in these so this is the first one in the 00:22:02.159 --> 00:22:04.400 bottom here we can see only info no 00:22:04.400 --> 00:22:06.320 credentials provided second one is our 00:22:06.320 --> 00:22:08.400 credentials provided and we you know we 00:22:08.400 --> 00:22:10.000 have a little bit more we have some 00:22:10.000 --> 00:22:12.000 criticals discovered in some highs and 00:22:12.000 --> 00:22:14.480 then we installed firefox like a really 00:22:14.480 --> 00:22:16.320 old one and then this is our current 00:22:16.320 --> 00:22:18.640 scan there's like a bunch more criticals 00:22:18.640 --> 00:22:21.039 whole bunch of criticals so we'll go to 00:22:21.039 --> 00:22:23.919 the um rem the vulnerabilities tab here 00:22:23.919 --> 00:22:26.159 and then we can kind of see this one at 00:22:26.159 --> 00:22:28.240 the very top mixed with firefox and 00:22:28.240 --> 00:22:30.880 total count of like 141 so if we click 00:22:30.880 --> 00:22:33.440 on this it's just absolutely chuck full 00:22:33.440 --> 00:22:35.039 of criticals just because that version 00:22:35.039 --> 00:22:37.039 of firefox is like so old it has so many 00:22:37.039 --> 00:22:38.480 vulnerabilities and it's not like you 00:22:38.480 --> 00:22:39.919 have to like go through like fix each 00:22:39.919 --> 00:22:41.280 one of these one at a time you can 00:22:41.280 --> 00:22:43.120 either just like upgrade firefox to the 00:22:43.120 --> 00:22:44.799 latest one or just like completely 00:22:44.799 --> 00:22:46.400 uninstall it and it will remediate the 00:22:46.400 --> 00:22:47.600 vulnerabilities so we can click 00:22:47.600 --> 00:22:49.440 remediations we pretty much see the same 00:22:49.440 --> 00:22:51.600 thing as last time except for um at the 00:22:51.600 --> 00:22:54.080 very top now we have a recommendation to 00:22:54.080 --> 00:22:56.640 upgrade firefox and then again this vpr 00:22:56.640 --> 00:22:59.039 top threats we have this uh kind of 00:22:59.039 --> 00:23:01.840 firefox in here again history first scan 00:23:01.840 --> 00:23:03.760 no credentials second credentials 00:23:03.760 --> 00:23:05.679 default windows install third scan 00:23:05.679 --> 00:23:08.480 firefox old firefox whole bunch of whole 00:23:08.480 --> 00:23:10.080 bunch of vulnerabilities that need to be 00:23:10.080 --> 00:23:12.240 remediated so the next step we're going 00:23:12.240 --> 00:23:14.400 to we're just going to try to remediate 00:23:14.400 --> 00:23:16.000 as many of these vulnerabilities as we 00:23:16.000 --> 00:23:17.840 can by doing like really simple things 00:23:17.840 --> 00:23:19.200 like we're just going to uninstall 00:23:19.200 --> 00:23:21.120 firefox totally and then we're going to 00:23:21.120 --> 00:23:22.799 just essentially like run windows 00:23:22.799 --> 00:23:25.280 updates until there's no more updates to 00:23:25.280 --> 00:23:27.360 that need to happen essentially so we'll 00:23:27.360 --> 00:23:29.360 go to our virtual machine here and then 00:23:29.360 --> 00:23:32.000 we can go to appwiz.cpl that's like a 00:23:32.000 --> 00:23:34.159 kind of shortcut to go to the this thing 00:23:34.159 --> 00:23:36.080 so we can go to firefox i'm just going 00:23:36.080 --> 00:23:38.000 to uninstall it to be honest uninstall 00:23:38.000 --> 00:23:40.320 firefox and then i'll go to windows 00:23:40.320 --> 00:23:42.480 update and let's see 00:23:42.480 --> 00:23:44.240 i guess i'll just manually check for 00:23:44.240 --> 00:23:45.679 updates i'll leave the settings to like 00:23:45.679 --> 00:23:47.039 whatever they are and then you can do 00:23:47.039 --> 00:23:48.720 this too just keep like running windows 00:23:48.720 --> 00:23:50.080 updates and res you might have to like 00:23:50.080 --> 00:23:51.440 restart and then run it again then 00:23:51.440 --> 00:23:53.679 restart and run it again i'll pause this 00:23:53.679 --> 00:23:55.200 and i'll i'll just kind of like let the 00:23:55.200 --> 00:23:57.039 updates happen then i'll come back to it 00:23:57.039 --> 00:23:59.039 again okay it updated for a while and 00:23:59.039 --> 00:24:00.480 it's asking for a restart so just go 00:24:00.480 --> 00:24:03.440 ahead and restart and repeat the process 00:24:03.440 --> 00:24:05.520 okay when it comes back up just go ahead 00:24:05.520 --> 00:24:08.000 and log in again and go to up windows 00:24:08.000 --> 00:24:10.159 updates again and just click check for 00:24:10.159 --> 00:24:12.799 updates one more time just to make sure 00:24:12.799 --> 00:24:14.400 okay it looks like it's installing some 00:24:14.400 --> 00:24:15.679 more so i'll go ahead and pause this and 00:24:15.679 --> 00:24:18.159 kind of let this continue so it actually 00:24:18.159 --> 00:24:19.840 looks like the updates are done so we'll 00:24:19.840 --> 00:24:22.400 go back to nessus go back to my scans 00:24:22.400 --> 00:24:24.880 and we'll run our scan one more time so 00:24:24.880 --> 00:24:26.720 we should expect to see a lot of the 00:24:26.720 --> 00:24:28.559 remediations done there should be a lot 00:24:28.559 --> 00:24:30.480 less highs and criticals like firefox 00:24:30.480 --> 00:24:32.000 should be gone like all the windows 00:24:32.000 --> 00:24:34.080 updates should be no longer required but 00:24:34.080 --> 00:24:36.080 we will let this finish and then check 00:24:36.080 --> 00:24:37.760 it out in a couple of minutes or for you 00:24:37.760 --> 00:24:39.200 it will be instantly because i'll edit 00:24:39.200 --> 00:24:40.960 this out so our last scan has finally 00:24:40.960 --> 00:24:43.600 finished so let's check this out so 00:24:43.600 --> 00:24:45.279 we'll click on this and before we like 00:24:45.279 --> 00:24:46.720 really dive in deep we can kind of see 00:24:46.720 --> 00:24:48.320 there's some some highs and some 00:24:48.320 --> 00:24:49.520 criticals and highs but we'll go to 00:24:49.520 --> 00:24:51.840 history over here and this is our 00:24:51.840 --> 00:24:53.760 current scan and this is the last scan 00:24:53.760 --> 00:24:56.480 right here before we uninstalled firefox 00:24:56.480 --> 00:24:58.640 and before we updated windows so we can 00:24:58.640 --> 00:25:00.159 see there's quite a bit more mediums 00:25:00.159 --> 00:25:01.840 quite a bit more sorry there's quite a 00:25:01.840 --> 00:25:03.279 bit more criticals quite a bit more 00:25:03.279 --> 00:25:05.840 highs so current after after removing 00:25:05.840 --> 00:25:07.440 firefox and running windows updates and 00:25:07.440 --> 00:25:09.840 then b4 so there's quite a bit less and 00:25:09.840 --> 00:25:12.720 this this scan right here this is the 00:25:12.720 --> 00:25:14.799 default install of windows and then this 00:25:14.799 --> 00:25:16.960 is the current one after updating 00:25:16.960 --> 00:25:19.120 windows so current or default and then 00:25:19.120 --> 00:25:20.400 current so we can kind of dive into 00:25:20.400 --> 00:25:22.000 these like a little bit it looks like 00:25:22.000 --> 00:25:24.559 the remaining vulnerabilities um most of 00:25:24.559 --> 00:25:26.640 them are around microsoft edge it looks 00:25:26.640 --> 00:25:28.720 like maybe windows update didn't update 00:25:28.720 --> 00:25:30.799 edge for some reason uh we can check 00:25:30.799 --> 00:25:33.520 this one a bunch of highs um i can't 00:25:33.520 --> 00:25:36.320 read these microsoft 3d viewer base 3d 00:25:36.320 --> 00:25:38.400 code something maybe this is some like 00:25:38.400 --> 00:25:40.480 native app that's installed oh yeah it 00:25:40.480 --> 00:25:42.080 is so it looks like there's some like 00:25:42.080 --> 00:25:44.159 random stuff that's still on this 00:25:44.159 --> 00:25:45.679 virtual machine that maybe it's like out 00:25:45.679 --> 00:25:47.760 of date or or something like this and 00:25:47.760 --> 00:25:49.440 you can just kind of look through this i 00:25:49.440 --> 00:25:51.440 won't like do any further remediations 00:25:51.440 --> 00:25:52.559 because this video is getting kind of 00:25:52.559 --> 00:25:54.960 long so but maybe you could consider 00:25:54.960 --> 00:25:57.440 you know figuring out exactly like how 00:25:57.440 --> 00:25:59.120 to update microsoft edge or like 00:25:59.120 --> 00:26:00.559 uninstall it if you're allowed to do 00:26:00.559 --> 00:26:02.000 that like i don't know but yeah it's 00:26:02.000 --> 00:26:03.520 pretty interesting um to kind of 00:26:03.520 --> 00:26:05.279 experiment with this and like install 00:26:05.279 --> 00:26:07.120 like really old stuff or me maybe even 00:26:07.120 --> 00:26:09.360 like get a hold of like a windows xp iso 00:26:09.360 --> 00:26:11.760 and install windows xp right and scan 00:26:11.760 --> 00:26:13.760 that and see what kind of like swiss 00:26:13.760 --> 00:26:16.159 cheese scan results like come back it's 00:26:16.159 --> 00:26:17.760 like going to be absolutely full of 00:26:17.760 --> 00:26:19.679 holes but yeah that is vulnerability 00:26:19.679 --> 00:26:21.120 management those are kind of like the 00:26:21.120 --> 00:26:22.960 really kind of the core components of 00:26:22.960 --> 00:26:24.400 vulnerability management just like 00:26:24.400 --> 00:26:26.080 scanning and remediating scanning and 00:26:26.080 --> 00:26:27.919 remediating but you know a lot more goes 00:26:27.919 --> 00:26:29.200 into it because you have to have like 00:26:29.200 --> 00:26:30.320 you know when you work at a big 00:26:30.320 --> 00:26:32.080 organization you usually will make some 00:26:32.080 --> 00:26:34.159 kind of standard and like policies and 00:26:34.159 --> 00:26:36.000 procedures and you have to kind of bring 00:26:36.000 --> 00:26:37.520 all the departments in and work with the 00:26:37.520 --> 00:26:38.960 individual groups to like get 00:26:38.960 --> 00:26:41.039 credentials for all their individual 00:26:41.039 --> 00:26:42.960 resources or maybe you use like a domain 00:26:42.960 --> 00:26:44.799 account to scan everything and it it 00:26:44.799 --> 00:26:46.320 gets a little bit more complicated when 00:26:46.320 --> 00:26:48.080 you're in a large organization but this 00:26:48.080 --> 00:26:50.000 is this is pretty much the guts of it 00:26:50.000 --> 00:26:51.360 just like scanning stuff finding 00:26:51.360 --> 00:26:53.279 vulnerabilities and then essentially 00:26:53.279 --> 00:26:55.200 remediating them you want to automate it 00:26:55.200 --> 00:26:57.120 as much of it as you can as possible 00:26:57.120 --> 00:26:58.960 like like updating like the third-party 00:26:58.960 --> 00:27:00.960 apps like windows update and in this 00:27:00.960 --> 00:27:02.559 kind of thing and you want to have like 00:27:02.559 --> 00:27:04.480 a secure build standard so like make 00:27:04.480 --> 00:27:06.159 sure the build is like already like 00:27:06.159 --> 00:27:08.720 remediated and like secure enough before 00:27:08.720 --> 00:27:10.080 it goes into production to kind of 00:27:10.080 --> 00:27:11.520 reduce the amount of vulnerabilities 00:27:11.520 --> 00:27:13.039 that get introduced but now that you've 00:27:13.039 --> 00:27:14.080 kind of like watched this you have a 00:27:14.080 --> 00:27:15.760 pretty good idea i would say of how 00:27:15.760 --> 00:27:17.679 vulnerability management works so you 00:27:17.679 --> 00:27:19.840 can you know practice this a bunch and 00:27:19.840 --> 00:27:21.279 consider like reading up on how to 00:27:21.279 --> 00:27:22.720 implement vulnerability management on 00:27:22.720 --> 00:27:24.240 like a large organization then you can 00:27:24.240 --> 00:27:26.159 like put something on your resume that 00:27:26.159 --> 00:27:27.600 might look something like this and then 00:27:27.600 --> 00:27:29.919 go ahead and start applying to jobs that 00:27:29.919 --> 00:27:31.279 are looking for like vulnerability 00:27:31.279 --> 00:27:33.039 management engineers or vulnerability 00:27:33.039 --> 00:27:34.640 management analysts or like whatever 00:27:34.640 --> 00:27:35.679 they're calling him because it's a 00:27:35.679 --> 00:27:37.360 relatively like straightforward process 00:27:37.360 --> 00:27:39.039 it's pretty easy technically speaking 00:27:39.039 --> 00:27:40.799 like the hard part about vulnerability 00:27:40.799 --> 00:27:42.559 vulnerability management usually comes 00:27:42.559 --> 00:27:44.000 from like dealing with the humans and 00:27:44.000 --> 00:27:45.600 like getting everyone to like coordinate 00:27:45.600 --> 00:27:47.600 that's like really difficult yeah i hope 00:27:47.600 --> 00:27:49.120 you enjoyed this um you thought if you 00:27:49.120 --> 00:27:50.720 thought it was interesting you know i'd 00:27:50.720 --> 00:27:52.640 appreciate if you liked and consider 00:27:52.640 --> 00:27:54.080 subscribing and if you have any 00:27:54.080 --> 00:27:55.760 questions or comments criticism please 00:27:55.760 --> 00:27:57.120 like let me know in the comment section 00:27:57.120 --> 00:27:59.440 i 100 read all the comments every time i 00:27:59.440 --> 00:28:00.880 respond to everybody's comment if you 00:28:00.880 --> 00:28:01.919 feel like supporting me i do have a 00:28:01.919 --> 00:28:03.840 patreon but other than that thank you so 00:28:03.840 --> 00:28:05.520 much for watching and we will see you in 00:28:05.520 --> 00:28:09.480 the next video bye 00:28:10.030 --> 00:28:20.480 [Music] 00:28:20.480 --> 00:28:22.559 you