Hey everybody, Josh here. Welcome back to my channel. I do a lot of videos on IT cyber security education and career things, and today's video is going to be on vulnerability management. We're actually going to be doing a vulnerability management lab where we install Nessus Essentials and we install VMware Workstation Player, and set up Windows 10 inside of a VM, install some old deprecated software on it, and then we're going to be doing some vulnerability scans against that virtual machine to kind of discover any vulnerabilities that might be on there, and then we're going to go ahead and remediate one or two of those just so we can kind of observe what's happening. I figured this would be a good video to do because there's like quite a few vulnerability management jobs on LinkedIn and I've gotten a lot of spam from recruiters for these type of positions, and actually the last real job I had I was a vulnerability management program manager for King County here in Washington State so I kind of did this on an ongoing basis for a while. Basically what vulnerability management is continuously assessing your assets, discovering vulnerabilities, remediating them to an acceptable risk, and then kind of starting the process over and over again to kind of make sure the risk in the whole organization is low or at least an acceptable level. So I think if you kind of watch this video and practice it a few times, you can get pretty good at it and get an idea of how vulnerability management might work in like a larger corporation. This is definitely something you can put on your resume. It might look something like this. So it will definitely help you out. So yeah, if you're excited to learn vulnerability management, consider smashing that like button and let's get started. So the first thing we're going to do is go ahead and download and install VMware Player. Now you probably want to have like a semi-decent computer to be able to do this, maybe like at least eight gigabytes of ram and maybe dual core or something. But if you don't know about any of that, just try to go ahead and do it, and if something fails, then it fails.= I suppose. But go ahead and download VMware Player. I'll put a link to this in the description. Just download for Windows. I'm not gonna do it again because I already have it, but just go ahead and like click this, download it, and install it. You can see mine started downloading, I'm just going to go ahead and cancel this. And then while you're waiting for VMware Player to download, we'll go ahead and download the Windows 10 ISO. That's basically a file that'll let us install windows 10 onto our virtual machine. So again, I'll put a link to this in the description as well, but just go ahead and go to it, and then you'll go to where it says create Windows 10 installation media and you'll say download tool, and when this downloads, just go ahead and open it. Don't be surprised if this takes a while to like start up and download. So we'll just say accept. And then we're going to click create installation media. We want to get an ISO file so we'll say next. This looks good. And we're going to say ISO file, be sure to select this. And then we'll just choose where it goes. I like this nice xp pro ISO that I have. Go ahead and put it in a folder, just remember what folder you put in. So I'll just save it to my C: _ISOs folder and then we'll wait for this to finish. And while this is going, we can actually download and install Nessus Essentials which is going to be the vulnerability scanner that we use to actually conduct our scans. So I'll put a link to this in the description as well, but you can probably find it on google. And just basically like fill this thing out. After you fill this out, you'll be able to download it and it will send like a key to your email, so just go ahead and- actually I'll just do it. Just fill this thing out, cool. So it will send an email inside of your email, I can't show it because it has a key and like, I don't know, so inside of your email there'll be like a button that says download Nessus and then there will be a key. Go ahead and click the button to download Nessus and it will take you to a page that looks like this, and just click on Nessus. And we already have an activation code, it should be in your email, so we'll pick the one for, this one, it says Windows Server 2008 blah blah blah, and then it says 10 in here. So we'll download this. Just say agree and then, you know, download it anywhere. And then meanwhile, remember in the background, Windows 10 should be still downloading. Virtual VMware Player might be downloading still too, so we just have to install that on your own. I'm not going to show it on the screen because I already have it installed. Here we are at the Tenable setup, so we just say next, accept, and just accept this location, and then go ahead and install it, and then say finish. And then it's going to kind of show this like socket up here like localhost in the port. I would recommend saving this URL because it's kind of annoying if you lose it, so just save it in like a notepad somewhere or something like this. And then we'll say connect via SSL, and just say advanced, and then say proceed. And this takes a while to set up the very first time. It has to like initialize and install things, and I assume, download a whole bunch of definitions or something like this, so just go get like some coffee or something while you wait for this to happen because it will take a while to do. And we're going to say Nessus Essentials. It's essentially free. You can read the, I guess, license agreement if you want, but we're going to install Essentials. And then just fill this thing out and we'll get an activation code. I believe I have one already. It should have emailed it to you actually. It should have emailed the activation code to you so maybe skip this, and then just paste the activation code that was in your email that you already received, and just continue. And then this is where you're going to set up a username and password. Just make sure you don't forget this. It might be troublesome, you know, if you forget it, you'll have to reset it or something like this. So just set up a password, I guess. And this is the part that takes a while, so just, you know, go get coffee or sandwich or something, and we will meet back here. Okay so while this is still installing and initializing and doing everything that it needs to do, let's go ahead and set up our virtual machine since this is going to take some time anyway. So by now you should have downloaded and installed VMware Workstation Player. So we'll just go ahead and open this up and check on your Windows 10 ISO download. It should be finished by now as well, maybe it looks something like this, and then it shows you like where it's at the C: ISO Windows dot or yeah, wherever you put yours. So just take note of this and we'll say finish, cool. And then we're going to create a new virtual machine inside of VMware Workstation Player. We'll go to player and then file and then new virtual machine. And then for the installer we're going to say browse, and then we'll just browse to wherever you downloaded the Windows 10 ISO. So this could probably be named something better, but that's okay. So we'll say next, and just name this something appropriate. This is fine. This location's fine. I guess you can change it if you want. So we'll say next. Maximum disk size, this is fine. We're not gonna really put anything on it, I'm just gonna set mine at 50. And then we'll go to customize hardware, and for memory like if you don't know how much RAM you have, maybe just like leave this as it is. I'm going to increase mine a little bit. I'll increase this a little bit. If you don't know about your CPU, just leave it as is. But we do have to change the network adapter. We should change it to bridged. Without explaining too deeply, bridged kind of puts this virtual machine on the same network as your actual physical computer, so your nessus implementation can talk to the virtual machine more easily. This looks good. We'll close this. And this is good, power on after creation, we'll just say finish. Kind of move Tenable to the side. And then after the VM finishes getting kind of created, it's going to launch and then we're going to have a chance to install Windows. Be sure to press any key to boot into the ISO when it asks. And if your cursor is gone, you can see in the lower left it says like press control alt to release your cursor, and then you can get your cursor back. So we're just going to install windows 10. So we'll just say next, install, and say I don't have a product key. You can close this message down here. And just pick Windows 10 Pro and say next, and we'll say accept, say next, and say custom, and then this is our blank hard drive, so click on that. It's the only one you can click and just say next. And then this will take some time to install too, so I'll kind of come back when one of these finishes. Cool, so it looks like both finished now. I'll just finish setting up the VM. I will say yes and US and skip. And for Nessus we'll just kind of, we'll close this thing here, and then we'll just kind of wait on this until we finish setting up the virtual machine. And we'll say set up for personal use, and next, and then we'll say offline account, limited experience, and then just name, I don't know, just name it like admin, and make a password, but just remember what it is. Make it like something simple because we're going to use this later for the credentialed scans, so just remember what it is. It's troublesome, you know, if you forget it. Just make up something for these if it asks you. This is just like, you know, a junk VM, no one cares. Say no for all of these things. Not now. Cool, okay. Now everything is totally set up. We have our VM here and then we have our Nessus Essentials set up and ready to go. So for now we're just going to do a kind of basic scan against the virtual machine. There's, we're going to do a credentialed scan later which I'll kind of explain, but I just want to make sure we can scan it and make sure we can kind of get some kind of result back. So before we do that, I'm going to go to the VM and like get the IP address from it. So go, make sure to go to the VM, not your actual computer, but go to the VM. Click start, open up command line, and then we will type ipconfig just to get the IPv4 IP address. And we're going to ping this from our local machine just to make sure that we can reach it, I guess, essentially. So open up the command line on your PC, and we will just say, we'll just ping this IP address. So we'll just say ping 10.0.0.189 and then we'll do -t which means like perpetual ping, like keep going forever until we cancel it. And we see like it's timing out, so we just have to disable the firewall on our virtual machine here. You might not want to do this in production, it just depends on like what other controls you have in place. So we will minimize this, we'll go to our VM here, and then we will type wf.msc, it's this windows firewall microsoft something console, can't remember. So we'll open the firewall and we're just going to do a lot of this stuff for our lab. So we'll go to defender firewall properties, and just on these first three tabs, we'll just turn all three of them off. Like domain profile off, private profile off, public profile off, and we'll just say okay here. The firewall is off. And then we notice that the ping is kind of going through on our local computer here. So we can press ctrl c to cancel this. And we'll just copy this IP address. This is the IP address of our VM. We will close this. And then this is our Nessus Essentials. Essentially it's like a web app essentially, so we'll go back to this and then we're going to create a new scan. So we'll just do a basic network scan here. And so we'll just name it like, I don't know, Windows 10 single host, something like this. And then for targets we'll just paste, this is our virtual machine's IP address, so we'll just kind of paste it in here. We don't really need to change anything else on here. We're just going to do like a manual scan, but you know, take note that you can do like a scheduled scan if you're working in an organization, you want to scan like every x days or like every Tuesday or something like this. Port scan common ports, port scan all ports, obviously all ports going to take longer, you can customize it. There's a bunch of settings that you can kind of explore in here on your own. And there is, there's also this credentials page which we'll get into in a little bit, but basically you can, we won't do this yet, but you can enter credentials in here like the username and password that we made when we created the virtual machine, and then the scanner will kind of go into the machine more deeply and like look through the registry and the file system and like more things. And the reason for this is you can kind of discover more vulnerabilities if you have like deprecated software or insecure services or something like this running. This is what this kind of credentialed, the credentials page, is for. But right now we're just going to do like a basic network kind of port scan. It's not going to be too deep. Just want to make sure we can scan it and get some kind of information back. So we have our IP address and we will just say save. We'll, oh, remove this credentials, oops. And then just say save. And then this is our, this is our scan. It's not running, it's just kind of like a scan that's configured that we can run in the future, so we'll just go ahead and click launch now and launch the scan. And I believe you can kind of sometimes see the progress of it like if you click it, you can see, you know, what it has done so far. It makes like little logs and then the findings will kind of be on this page, but we can just go back. Click back to my host and then back to my scans, and we'll just kind of wait for this to finish. Cool, so we can now see that our scan has finished over here. It says like today and there's like a check mark. So we can just kind of click this to look at the individual results for it, and you can see like down here like blue is info, green is low, medium it's yellow, etc. And depending on the organization you work for, like a lot of people, a lot of orgs like won't even, depending on what they are, a lot of orgs won't even like really touch medium or lows because they have like so many criticals and highs that kind of take precedence. And because we didn't use any credentials for our scan, we don't really see that much of what might be actually vulnerable inside the VM, but we do see like some things here. So we can click vulnerabilities up here and just kind of look through these a tiny bit. We can see like SMB signing is not required. If that's something that your org cares about, you can kind of read about it here more, and consider like implementing implementing the solution to kind of remediate this vulnerability. There's other kind of interesting things in here. Traceroute information, it's listed as info, means it's not could not necessarily be a vulnerability, but just something you should be aware of, that you can see traceroute information which means like ICMP is accepted on this particular host. And down here we can see target credential status by authentication protocol, and it says like Nessus was not able to successfully authenticate to the remote target because we didn't actually provide any credentials, and we can see that down here. SMB was detected on port 445, means it's listening on 445, but we didn't provide any credentials. That's a kind of vulnerability, that's a vulnerability scan, some basic results. So the next thing we're going to do is we're going to, we're going to set up the virtual machine to be able to accept authenticated scans, and then we're going to provide some credentials to Nessus, and then we're going to try to rescan the virtual machine with credentials, and then kind of compare the results of the new scan which with these ones that we're looking at here. So we'll go back to my scans. Actually we'll go back to the virtual machine here, and then we'll open up services.msc. And there may be better ways to do what I'm doing like especially if you're in like a corporate environment. I got these steps from Nessus, the things that they recommend to actually do credentialed scans against windows hosts that are not on the domain. So that's kind of what we're using here, so I'm just going to first I'm going to enable the remote registry. The remote registry which will allow the scanner to connect to this computer's registry, and like kind of crawl through the registry and look for insecure configurations like maybe deprecated cypher suites that might be enabled. You can enable and disable those in the registry, so I'm just going to enable remote registry so our scanner can connect to the registry. So I enabled it and I turned it on, and then next we're going to, be careful when you close this so you don't close the actual VM. I'm just closing like the window inside. I'll close the firewall. And the next thing, I'll enable file and printer sharing so, oh it looks like it's possibly already on. Turn on sharing so anyone with network, I don't think public folder sharing needs to be on. I was going to turn this on but it looks like it's on already. Turn on network discovery, file, and printer sharing, oh, looks like it's already on. If yours are not on, just make sure to turn the file and printer sharing on. And then we will go to user account control, and this is not good to do, but our computer is not on the domain so we have to do these kind of hack things to be able to scan it. So I'll disable this, say okay, say yes. And then we're going to open the registry and then add a key that's supposed to allow the remote account to like connect in. And next we're going to connect to the registry and add a key that's supposed to I guess further disable user account control for the remote account we're going to use to connect to this computer during our scan. So just go to start and type regedit. Again, I got this documentation from Nessus, I'll put a link to it in the description. So we will browse to a local machine here, so we'll go to local machine, software, Microsoft, Windows, current version, policies, system, and then inside here we'll create a DWORD called local account token filter policy, so local account token filter policy, local account token filter policy. We'll say enter and then we'll set this value to 1, and we'll close this. And we'll go ahead and restart our virtual machine at this point. Cool, and then we'll log in, remember our username, I made mine admin, and then whatever your password is, just make sure you don't forget it. And we should be ready to scan our computer now. We're going to edit this scan that we made, so go back to Nessus Essentials, and then we will, oh, so check this box next to the scan, and then go to more, and then go to configure, and then we're going to add a set of credentials to this, and we're going to add Windows credentials. So we're going to use password, and remember, our username is admin, so if you go to the VM and go to cmd and type like whoami, the name is admin right, so we'll say admin, and then whatever you made the password. And I believe, I believe we can like leave all these things as default, if it breaks, I mean maybe we can come back and configure it, or if it doesn't work, we can check it. So we'll save this as it is. So it saved, and then we'll go back, and back to scans, and then we'll run this scan one more time. When this finishes, we'll compare the results with the first scan, and technically we should see more results with this one because we enabled credentialed scanning and we kind of configured the VM to accept remote scans. So we'll see what happens, so I'll just pause this and I'll come back, I'll pause the video and come back when it finishes. Okay, it's been a few minutes and it looks like our scan is finished here. So we will click on this, and we can see like immediately, remember last time we we had like one medium and a bunch of infos. Now we have like seven criticals, 38 highs, and, you know, four mediums, and a whole bunch more infos. It's pretty interesting, so before we like really dive into the vulnerabilities and all this. I'll just click on history over here really quick. And this is the current one and you can see the vulnerabilities down here. You can see, you know, five percent criticals, etc. And then if we click on our first scan, we can see like we didn't use credentials for this, so we couldn't look at the file system or the registry or any other running services or any of that, so you can see there's like a big difference in doing credentialed scan versus like uncredentialed scans. So this kind of like solidifies the importance of running credentialed scans whether or not you're like scanning Cisco devices or like Linux machines or like Windows machines or Macs or whatever. If you can use credentials, you can really like discover more vulnerabilities. So I'll just click on the vulnerabilities tab here first, and we'll just kind of like look at these a little bit. We can see like this is essentially the list of findings, and some of these are mixed, so if we click on this, for example, we can see it's like a combination of like mostly criticals and highs, and you can see it's like mostly edge, mostly edge which can probably be remediated from like updating, running windows updates essentially. And you can kind of look at these individual ones and dive more deep into them to see like what the actual thing is and like how to fix it. So we can go back a little bit. We'll back up a little bit more. So vulnerabilities around edge, around windows, around a bunch of other stuff. If we click on remediations, this tab kind of gives us like a high level like instructions on how to like remediate most of the findings from like a really high level, basically just like run windows updates is what I'm seeing here. So security updates, install this KB to fix a bunch of other ones, and then all this is pretty much Windows updates. And this VPR top threats, these VPR top threats is essentially what Tenable is like recommending we prioritize to remediate probably based on CVSS score and like whatever other metrics they use. So like I would say before like, if I were doing this in like an organization, like the first thing you want to do is like make sure you have third-party patching and like Windows OS patching like set up properly and like properly being like tested and deployed on regular intervals, so you don't have to like kind of go through and deal with these like individual vulnerabilities that are related to things that can be easily fixed by like automated patching and stuff like this. So before I start like remediating these and fixing them, I'm gonna install some like deprecated software on this computer like a really old version of Firefox, and then we're gonna kind of run another scan, and then observe the results from that as well. So I'm gonna get this old version of Firefox. I'll put a link to it in the description, I was gonna say I'm worried about doing that, but I'll put a link to it in the description. It's really old, from six years ago apparently. So we'll just download this Firefox 3612. And make sure to do this, make sure you're doing this in the virtual machine. Don't accidentally do it on your computer, and that's what I'm actually doing, so make sure go to the virtual machine. So we'll open up Edge in our virtual machine, and then we'll paste, oh no, I can't paste it? I'm just gonna search like download deprecated Firefox. I shouldn't use the word deprecated. I'll say download old Firefox, and I think I can click here and do it. Still want to downgrade directory, I'll go to directory of all old ones and then I'll get 3612. This is random by the way, you can get any old version that you want. I'm just using this one because I did it already. win32, en-US, and I'll get this. So we'll open this, and then install this super old version of Firefox. We'll say next, standard, sure, and then sure, we can launch it, I guess, yeah why not. Cool, so this is old, old Firefox, so now we have an old Firefox on our computer, so we'll close this. This is our virtual machine remember. Here's Firefox. And then so we will go back to our scans here. This is on our host machine, and this is Nessus so we'll go back to our scans, and we don't need to change our scan anymore. We'll just click launch and it will just run another scan. It will do the same thing scan all, scan the common open ports, inspect the registry, inspect the services, and then inspect the file system. It's going to discover this old deprecated version of Firefox. There's like a million vulnerabilities in it probably, so hopefully we'll see that reflected in the scan results when this finishes here in a couple of minutes. Okay, it's been a couple more minutes and our scan is finished, so we can click on this again, and we'll see like our vulnerabilities like went up to 68 critical now. So before we kind of dive into these, again, we'll check out the history just so we can see like a trend in these. So this is the first one in the bottom here we can see only info, no credentials provided. Second one is our credentials provided, and we, you know, we have a little bit more, we have some criticals discovered and some highs. And then we installed Firefox, like a really old one, and then this is our current scan. There's like a bunch more criticals, whole bunch of criticals, so we'll go to the vulnerabilities tab here. And then we can kind of see this one at the very top mixed with Firefox and total count of like 141, so if we click on this, it's just absolute chuck full of criticals just because that version of Firefox is like so old, it has so many vulnerabilities. And it's not like you have to like go through like fix each one of these one at a time, you can either just like upgrade firefox to the latest one or just like completely uninstall it and it will remediate the vulnerabilities. So we can click remediations, we pretty much see the same thing as last time except for at the very top now we have a recommendation to upgrade Firefox. And then again this VPR top threats, we have this kind of Firefox in here. Again, history, first scan, no credentials. Second, credentials, default Windows install. Third scan, Firefox, old Firefox, whole bunch of vulnerabilities that need to be remediated. So the next step we're going to, we're just going to try to remediate as many of these vulnerabilities as we can by doing like really simple things, like we're just going to uninstall Firefox totally, and then we're going to just essentially like run Windows updates until there's no more updates that need to happen essentially. So we'll go to our virtual machine here, and then we can go to appwiz.cpl, that's like a kind of shortcut to go to this thing. So we can go to Firefox, I'm just going to uninstall it to be honest. So uninstall Firefox, and then I'll go to Windows update, and let's see I guess I'll just manually check for updates, I'll leave the settings to like whatever they are. And then you can do this too just keep like running Windows updates, and you might have to like restart and then run it again then restart and run it again. I'll pause this and I'll just kind of like let the updates happen, then I'll come back to it again. Okay, it updated for a while and it's asking for a restart, so I'll just go ahead and restart and repeat the process. Okay when it comes back up, just go ahead and log in again, and go to Windows updates again, and just click check for updates one more time just to make sure. Okay, it looks like it's installing some more, so I'll go ahead and pause this and kind of let this continue. So it actually looks like the updates are done, so we'll go back to Nessus, go back to my scans, and we'll run our scan one more time. So we should expect to see a lot of the remediations done, there should be a lot less highs and criticals like Firefox should be gone, like all the windows updates should be no longer required, but we will let this finish, and then check it out in a couple of minutes, or for you it will be instantly because I'll edit this out. So our last scan has finally finished, so let's check this out. So we'll click on this and before we like really dive in deep, we can kind of see there's some highs and some criticals and highs, but we'll go to history over here, and this is our current scan, and this is the last scan right here before we uninstalled Firefox and before we updated windows, so we can see there's quite a bit more mediums, quite a bit more, sorry, there's quite a bit more criticals, quite a bit more highs. So current, after removing Firefox and running Windows updates, and then before. So there's quite a bit less, and this scan right here, this is the default install of Windows and then this is the current one after updating Windows. So current or default and then current. So we can kind of dive into these like a little bit, it looks like the remaining vulnerabilities, most of them are around Microsoft Edge. It looks like maybe Windows update didn't update Edge for some reason. We can check this one, a bunch of highs, I can't read these. Microsoft 3D Viewer Base 3D Code something. Maybe this is some like native app that's installed, oh yeah, it is. So it looks like there's some like random stuff that's still on this virtual machine that maybe it's like out of date or something like this, and you can just kind of look through this. I won't like do any further remediations because this video is getting kind of long so, but maybe you could consider, you know, figuring out exactly like how to update Microsoft Edge or like uninstall it if you're allowed to do that like, I don't know. But yeah, it's pretty interesting to kind of experiment with this and like install like really old stuff, or maybe even like get a hold of like a Windows XP ISO and install Windows XP, right, and scan that and see what kind of like swiss cheese scan results like come back. It's like going to be absolutely full of holes, but yeah that is vulnerability management. And those are kind of like the really kind of the core components of vulnerability management just like scanning and remediating, scanning and remediating, but, you know, a lot more goes into it because you have to have like, you know, when you work at a big organization, you usually will make some kind of standard and like policies and procedures, and you have to kind of bring all the departments in and work with the individual groups to like get credentials for all their individual resources, or maybe you use like a domain account to scan everything, and it gets a little bit more complicated when you're in a large organization, but this is pretty much the guts of it, just like scanning stuff, finding vulnerabilities, and then essentially remediating them. You want to automate it, as much of it as you can as possible like updating like the third-party apps and like Windows update and this kind of thing. And you want to have like a secure build standard, so like make sure the build is like already like remediated and like secure enough before it goes into production to kind of reduce the amount of vulnerabilities that get introduced, but now that you've kind of like watched this you have a pretty good idea, I would say, of how vulnerability management works, so you can, you know, practice this a bunch, and consider like reading up on how to implement vulnerability management on like a large organization, and then you can like put something on your resume that might look something like this, and then go ahead and start applying to jobs that are looking for like vulnerability management engineers or vulnerability management analysts or like whatever they're calling them because it's a relatively like straightforward process. It's pretty easy technically speaking. Like the hard part about vulnerability management usually comes from like dealing with the humans and like getting everyone to like coordinate, that's like really difficult. But yeah, I hope you enjoyed this. If you thought I was interesting, you know I'd appreciate if you liked and consider subscribing, and if you have any questions or comments, criticism, please like let me know in the comment section. I 100% read all the comments every time. I respond to everybody's comment. If you feel like supporting me, I do have a Patreon, but other than that, thank you so much for watching and we will see you in the next video, bye bye. [Music]