0:00:00.000,0:00:01.599
Hey everybody, Josh here. Welcome back to

0:00:01.599,0:00:03.520
my channel. I do a lot of videos on IT

0:00:03.520,0:00:05.600
cyber security education and career

0:00:05.600,0:00:07.520
things, and today's video is going to be

0:00:07.520,0:00:09.280
on vulnerability management. We're

0:00:09.280,0:00:10.160
actually going to be doing a

0:00:10.160,0:00:12.000
vulnerability management lab where we

0:00:12.000,0:00:13.840
install Nessus Essentials and we install

0:00:13.840,0:00:15.679
VMware Workstation Player, and set up

0:00:15.679,0:00:18.000
Windows 10 inside of a VM, install some

0:00:18.000,0:00:19.920
old deprecated software on it, and then

0:00:19.920,0:00:21.119
we're going to be doing some

0:00:21.119,0:00:23.199
vulnerability scans against that virtual

0:00:23.199,0:00:24.720
machine to kind of discover any

0:00:24.720,0:00:26.400
vulnerabilities that might be on there,

0:00:26.400,0:00:27.439
and then we're going to go ahead and

0:00:27.439,0:00:29.359
remediate one or two of those just so we

0:00:29.359,0:00:31.119
can kind of observe what's happening. I

0:00:31.119,0:00:32.640
figured this would be a good video to do

0:00:32.640,0:00:33.840
because there's like quite a few

0:00:33.840,0:00:36.000
vulnerability management jobs on

0:00:36.000,0:00:37.760
LinkedIn and I've gotten a

0:00:37.760,0:00:39.600
lot of spam from recruiters for these

0:00:39.600,0:00:41.600
type of positions, and actually the last

0:00:41.600,0:00:43.360
real job I had I was a vulnerability

0:00:43.360,0:00:45.360
management program manager for King

0:00:45.360,0:00:47.120
County here in Washington State so I

0:00:47.120,0:00:49.680
kind of did this on an ongoing basis for

0:00:49.680,0:00:51.199
a while. Basically what vulnerability

0:00:51.199,0:00:53.360
management is continuously assessing

0:00:53.360,0:00:55.120
your assets, discovering vulnerabilities,

0:00:55.120,0:00:57.520
remediating them to an acceptable risk,

0:00:57.520,0:00:59.199
and then kind of starting the process

0:00:59.199,0:01:00.640
over and over again to kind of make sure

0:01:00.640,0:01:02.879
the risk in the whole organization is

0:01:02.879,0:01:05.360
low or at least an acceptable level. So I

0:01:05.360,0:01:07.280
think if you kind of watch this video

0:01:07.280,0:01:09.200
and practice it a few times, you can get

0:01:09.200,0:01:11.439
pretty good at it and get an idea of how

0:01:11.439,0:01:13.200
vulnerability management might work in

0:01:13.200,0:01:15.119
like a larger corporation. This is

0:01:15.119,0:01:16.400
definitely something you can put on your

0:01:16.400,0:01:20.159
resume. It might look something like this.

0:01:22.000,0:01:23.680
So it will definitely help you out. So

0:01:23.680,0:01:25.040
yeah, if you're excited to learn

0:01:25.040,0:01:26.400
vulnerability management, consider

0:01:26.400,0:01:28.080
smashing that like button and let's get

0:01:28.080,0:01:29.520
started. So the first thing we're going

0:01:29.520,0:01:31.360
to do is go ahead and

0:01:31.360,0:01:33.840
download and install VMware Player. Now

0:01:33.840,0:01:35.439
you probably want to have like a

0:01:35.439,0:01:37.680
semi-decent computer to be able

0:01:37.680,0:01:39.280
to do this, maybe like at least eight

0:01:39.280,0:01:41.360
gigabytes of ram and maybe dual core

0:01:41.360,0:01:42.640
or something. But if you don't know about

0:01:42.640,0:01:44.560
any of that, just try to go ahead and do

0:01:44.560,0:01:46.560
it, and if something fails, then it fails.=

0:01:46.560,0:01:47.840
I suppose. But go ahead and download

0:01:47.840,0:01:49.759
VMware Player. I'll put a link to this in

0:01:49.759,0:01:51.920
the description. Just download

0:01:51.920,0:01:53.520
for Windows. I'm not gonna do it again

0:01:53.520,0:01:54.799
because I already have it, but just go

0:01:54.799,0:01:56.479
ahead and like click this, download it,

0:01:56.479,0:01:58.079
and install it. You can see mine started

0:01:58.079,0:01:59.360
downloading, I'm just going to go ahead

0:01:59.360,0:02:00.640
and cancel this. And then while you're

0:02:00.640,0:02:02.240
waiting for VMware Player to download,

0:02:02.240,0:02:03.759
we'll go ahead and download the Windows

0:02:03.759,0:02:06.000
10 ISO. That's basically a file that'll

0:02:06.000,0:02:08.479
let us install Windows 10 onto our

0:02:08.479,0:02:10.399
virtual machine. So again, I'll put a link

0:02:10.399,0:02:11.920
to this in the description as well, but

0:02:11.920,0:02:14.480
just go ahead and go to it, and then

0:02:14.480,0:02:15.920
you'll go to where it says create

0:02:15.920,0:02:17.760
Windows 10 installation media and you'll

0:02:17.760,0:02:19.760
say download tool, and when

0:02:19.760,0:02:21.280
this downloads, just go ahead and open it.

0:02:21.280,0:02:22.879
Don't be surprised if this takes a while

0:02:22.879,0:02:24.480
to like start up and download. So we'll

0:02:24.480,0:02:26.959
just say accept. And then we're going to

0:02:26.959,0:02:27.760
click

0:02:27.760,0:02:29.760
create installation media. We want to get

0:02:29.760,0:02:32.319
an ISO file so we'll say next. This looks

0:02:32.319,0:02:34.879
good. And we're going to say ISO file, be

0:02:34.879,0:02:36.720
sure to select this. And then we'll just

0:02:36.720,0:02:38.879
choose where it goes. I like this nice xp

0:02:38.879,0:02:40.879
pro ISO that I have. Go ahead and put it

0:02:40.879,0:02:42.560
in a folder, just remember what folder

0:02:42.560,0:02:45.120
you put in. So I'll just save it to my C:

0:02:45.120,0:02:47.360
_ISOs folder and then we'll

0:02:47.360,0:02:49.120
wait for this to finish. And while this

0:02:49.120,0:02:50.400
is going, we can actually

0:02:50.400,0:02:52.800
download and install Nessus

0:02:52.800,0:02:54.319
Essentials which is going to

0:02:54.319,0:02:56.400
be the vulnerability scanner that we use

0:02:56.400,0:02:58.319
to actually conduct our scans. So I'll

0:02:58.319,0:03:00.080
put a link to this in the description as

0:03:00.080,0:03:01.920
well, but you can probably find it on google.

0:03:01.920,0:03:04.400
And just basically like fill this thing

0:03:04.400,0:03:05.840
out. After you fill this out, you'll be

0:03:05.840,0:03:07.200
able to download it and it will send

0:03:07.200,0:03:09.200
like a key to your email, so just go

0:03:09.200,0:03:11.120
ahead and- actually I'll just do it. Just

0:03:11.120,0:03:13.599
fill this thing out, cool. So it will send

0:03:13.599,0:03:16.319
an email inside of your email, I can't

0:03:16.319,0:03:17.920
show it because it has a key and like, I

0:03:17.920,0:03:19.599
don't know, so inside of your email

0:03:19.599,0:03:21.440
there'll be like a button that says

0:03:21.440,0:03:23.440
download Nessus and then there will be a

0:03:23.440,0:03:24.879
key. Go ahead and click the button to

0:03:24.879,0:03:26.560
download Nessus and it will take you to

0:03:26.560,0:03:28.319
a page that looks like this, and just

0:03:28.319,0:03:30.319
click on Nessus. And we already have an

0:03:30.319,0:03:32.239
activation code, it should be in your

0:03:32.239,0:03:35.200
email, so we'll pick the one for, this one,

0:03:35.200,0:03:37.120
it says Windows Server 2008 blah blah

0:03:37.120,0:03:39.120
blah, and then it says 10 in here. So

0:03:39.120,0:03:40.959
we'll download this. Just say agree and

0:03:40.959,0:03:42.720
then, you know, download it anywhere. And

0:03:42.720,0:03:43.920
then meanwhile, remember in the

0:03:43.920,0:03:45.840
background, Windows 10 should be still

0:03:45.840,0:03:48.000
downloading. Virtual VMware Player might

0:03:48.000,0:03:49.519
be downloading still too, so we just have

0:03:49.519,0:03:51.120
to install that on your own. I'm not

0:03:51.120,0:03:52.239
going to show it on the screen because I

0:03:52.239,0:03:53.840
already have it installed. Here we are at

0:03:53.840,0:03:56.560
the Tenable setup, so we just say next,

0:03:56.560,0:03:59.599
accept, and just accept this location, and

0:03:59.599,0:04:01.760
then go ahead and install it, and then

0:04:01.760,0:04:03.599
say finish.

0:04:03.599,0:04:05.439
And then it's going to kind of show

0:04:05.439,0:04:07.519
this like socket up here like localhost

0:04:07.519,0:04:09.280
in the port. I would recommend saving

0:04:09.280,0:04:10.879
this URL because it's kind of

0:04:10.879,0:04:13.040
annoying if you lose it, so just save it

0:04:13.040,0:04:14.640
in like a notepad somewhere or something

0:04:14.640,0:04:16.798
like this. And then we'll say connect via

0:04:16.798,0:04:19.120
SSL, and just say advanced, and then say

0:04:19.120,0:04:21.440
proceed. And this takes a while to set up

0:04:21.440,0:04:23.040
the very first time. It has to like

0:04:23.040,0:04:24.800
initialize and install things, and I

0:04:24.800,0:04:26.400
assume, download a whole bunch of

0:04:26.400,0:04:28.000
definitions or something like this, so

0:04:28.000,0:04:29.680
just go get like some coffee or

0:04:29.680,0:04:31.120
something while you wait for

0:04:31.120,0:04:32.560
this to happen because it will take a

0:04:32.560,0:04:34.320
while to do. And we're going to say

0:04:34.320,0:04:36.720
Nessus Essentials. It's essentially free.

0:04:36.720,0:04:38.560
You can read the, I guess, license

0:04:38.560,0:04:40.160
agreement if you want, but we're going to

0:04:40.160,0:04:41.919
install Essentials. And then just fill

0:04:41.919,0:04:43.360
this thing out and we'll get an

0:04:43.360,0:04:45.840
activation code. I believe I have one

0:04:45.840,0:04:47.840
already. It should have emailed it to

0:04:47.840,0:04:49.360
you actually. It should have emailed the

0:04:49.360,0:04:51.680
activation code to you so maybe skip

0:04:51.680,0:04:53.759
this, and then just paste the activation

0:04:53.759,0:04:55.840
code that was in your email

0:04:55.840,0:04:57.600
that you already received, and just

0:04:57.600,0:04:59.199
continue. And then this is where you're

0:04:59.199,0:05:00.720
going to set up a username and password.

0:05:00.720,0:05:02.000
Just make sure you don't forget this. It

0:05:02.000,0:05:03.600
might be troublesome, you know, if you

0:05:03.600,0:05:04.960
forget it, you'll have to reset it or

0:05:04.960,0:05:07.600
something like this. So just set up a

0:05:07.600,0:05:09.520
password, I guess. And this is the part

0:05:09.520,0:05:11.440
that takes a while, so just, you know, go

0:05:11.440,0:05:13.759
get coffee or sandwich or something, and

0:05:13.759,0:05:16.639
we will meet back here. Okay so while

0:05:16.639,0:05:17.919
this is still installing and

0:05:17.919,0:05:19.840
initializing and doing everything that it

0:05:19.840,0:05:21.520
needs to do, let's go ahead and set up

0:05:21.520,0:05:23.199
our virtual machine since this is going

0:05:23.199,0:05:25.199
to take some time anyway. So by now you

0:05:25.199,0:05:27.440
should have downloaded and installed

0:05:27.440,0:05:29.440
VMware Workstation Player. So we'll just

0:05:29.440,0:05:31.759
go ahead and open this up and check on

0:05:31.759,0:05:34.880
your Windows 10 ISO download. It should

0:05:34.880,0:05:36.800
be finished by now as well, maybe it

0:05:36.800,0:05:38.560
looks something like this, and then it

0:05:38.560,0:05:40.479
shows you like where it's at the C: ISO

0:05:40.479,0:05:42.720
Windows dot or yeah, wherever you put

0:05:42.720,0:05:44.400
yours. So just take note of this and

0:05:44.400,0:05:46.400
we'll say finish, cool. And then we're

0:05:46.400,0:05:48.560
going to create a new virtual machine

0:05:48.560,0:05:50.560
inside of VMware Workstation Player.

0:05:50.560,0:05:52.639
We'll go to player and then file and

0:05:52.639,0:05:55.280
then new virtual machine. And then

0:05:55.280,0:05:57.360
for the installer we're going to say

0:05:57.360,0:05:59.520
browse, and then we'll just browse to

0:05:59.520,0:06:01.120
wherever you downloaded the Windows 10

0:06:01.120,0:06:03.120
ISO. So this could probably be named

0:06:03.120,0:06:05.280
something better, but that's okay. So

0:06:05.280,0:06:06.960
we'll say next, and just name this

0:06:06.960,0:06:09.039
something appropriate. This is fine. This

0:06:09.039,0:06:11.039
location's fine. I guess you can change

0:06:11.039,0:06:13.039
it if you want. So we'll say next. Maximum

0:06:13.039,0:06:15.919
disk size, this is fine. We're not

0:06:15.919,0:06:17.440
gonna really put anything on it, I'm just

0:06:17.440,0:06:19.520
gonna set mine at 50. And then we'll

0:06:19.520,0:06:21.600
go to customize hardware, and for memory

0:06:21.600,0:06:24.080
like if you don't know how much RAM you

0:06:24.080,0:06:26.880
have, maybe just like leave this as it is.

0:06:26.880,0:06:28.479
I'm going to increase mine a little bit.

0:06:28.479,0:06:30.080
I'll increase this a little bit. If you

0:06:30.080,0:06:32.479
don't know about your CPU, just leave it

0:06:32.479,0:06:34.479
as is. But we do have to change the

0:06:34.479,0:06:36.400
network adapter. We should change it to

0:06:36.400,0:06:38.319
bridged. Without explaining too deeply,

0:06:38.319,0:06:40.400
bridged kind of puts this virtual machine

0:06:40.400,0:06:42.240
on the same network as your actual

0:06:42.240,0:06:45.120
physical computer, so your nessus

0:06:45.120,0:06:47.280
implementation can talk to the

0:06:47.280,0:06:48.400
virtual machine

0:06:48.400,0:06:51.520
more easily. This looks good. We'll close

0:06:51.520,0:06:53.599
this. And this is good, power on after

0:06:53.599,0:06:55.759
creation, we'll just say finish. Kind of move

0:06:55.759,0:06:57.039
Tenable

0:06:57.039,0:06:58.479
to the side.

0:06:58.479,0:07:01.039
And then after the VM finishes getting

0:07:01.039,0:07:03.360
kind of created, it's going to launch and

0:07:03.360,0:07:04.880
then we're going to have a chance to

0:07:04.880,0:07:06.720
install Windows. Be sure to press any key

0:07:06.720,0:07:08.960
to boot into the ISO when it asks. And if

0:07:08.960,0:07:11.039
your cursor is gone, you can see

0:07:11.039,0:07:12.639
in the lower left it says like press

0:07:12.639,0:07:14.560
control alt to release your cursor, and

0:07:14.560,0:07:16.080
then you can get your cursor back. So

0:07:16.080,0:07:18.800
we're just going to install Windows 10.

0:07:18.800,0:07:21.360
So we'll just say next, install, and say I

0:07:21.360,0:07:23.199
don't have a product key. You can close

0:07:23.199,0:07:24.960
this message down here. And just pick

0:07:24.960,0:07:27.440
Windows 10 Pro and say next, and we'll

0:07:27.440,0:07:30.319
say accept, say next, and say custom, and

0:07:30.319,0:07:32.560
then this is our blank hard drive, so

0:07:32.560,0:07:34.160
click on that. It's the only one you can click

0:07:34.160,0:07:35.599
and just say next. And then this will

0:07:35.599,0:07:37.280
take some time to install too, so I'll

0:07:37.280,0:07:38.639
kind of come back when one of these

0:07:38.639,0:07:40.240
finishes. Cool, so it looks like both

0:07:40.240,0:07:42.160
finished now. I'll just finish setting up

0:07:42.160,0:07:46.160
the VM. I will say yes and US and skip.

0:07:46.160,0:07:47.919
And for Nessus we'll just kind of,

0:07:47.919,0:07:49.440
we'll close this thing here, and then

0:07:49.440,0:07:50.960
we'll just kind of wait on this

0:07:50.960,0:07:53.120
until we finish setting up the virtual

0:07:53.120,0:07:54.160
machine.

0:07:54.160,0:07:56.960
And we'll say set up for personal use,

0:07:56.960,0:07:59.599
and next, and then we'll say offline account,

0:07:59.599,0:08:02.639
limited experience, and then just name,

0:08:02.639,0:08:05.520
I don't know, just name it like admin, and

0:08:05.520,0:08:07.520
make a password, but just remember

0:08:07.520,0:08:09.520
what it is. Make it like something simple

0:08:09.520,0:08:10.720
because we're going to use this later

0:08:10.720,0:08:12.240
for the credentialed scans, so just

0:08:12.240,0:08:14.160
remember what it is. It's troublesome, you

0:08:14.160,0:08:15.759
know, if you forget it.

0:08:15.759,0:08:17.599
Just make up something for these

0:08:17.599,0:08:19.520
if it asks you. This is just like, you

0:08:19.520,0:08:22.639
know, a junk VM, no one cares. Say no for

0:08:22.639,0:08:25.280
all of these things. Not now. Cool, okay.

0:08:25.280,0:08:27.199
Now everything is totally set up. We have

0:08:27.199,0:08:29.759
our VM here and then we have our Nessus

0:08:29.759,0:08:33.039
Essentials set up and ready to go. So for

0:08:33.039,0:08:34.799
now we're just going to do a kind of

0:08:34.799,0:08:37.039
basic scan against the virtual machine.

0:08:37.039,0:08:38.880
There's, we're going to do a credentialed

0:08:38.880,0:08:40.719
scan later which I'll kind of explain,

0:08:40.719,0:08:42.320
but I just want to make sure we can scan

0:08:42.320,0:08:44.240
it and make sure we can kind of get some

0:08:44.240,0:08:46.240
kind of result back. So before we do that,

0:08:46.240,0:08:48.480
I'm going to go to the VM and like get

0:08:48.480,0:08:50.560
the IP address from it. So go, make sure

0:08:50.560,0:08:52.640
to go to the VM, not your actual computer,

0:08:52.640,0:08:54.720
but go to the VM. Click start, open up

0:08:54.720,0:08:56.720
command line, and then we will type

0:08:56.720,0:09:00.080
ipconfig just to get the IPv4 IP address.

0:09:00.080,0:09:02.000
And we're going to ping this from our

0:09:02.000,0:09:03.839
local machine just to make sure that we

0:09:03.839,0:09:06.399
can reach it, I guess, essentially. So open

0:09:06.399,0:09:08.240
up the command line on your

0:09:08.240,0:09:10.720
PC, and we will just say, we'll just ping

0:09:10.720,0:09:14.519
this IP address. So we'll just say ping

0:09:14.519,0:09:16.880
10.0.0.189 and then we'll do -t

0:09:16.880,0:09:18.640
which means like perpetual ping, like

0:09:18.640,0:09:20.800
keep going forever until we cancel it.

0:09:20.800,0:09:23.200
And we see like it's timing out, so

0:09:23.200,0:09:25.839
we just have to disable the firewall on

0:09:25.839,0:09:27.600
our virtual machine here. You might not

0:09:27.600,0:09:28.800
want to do this in production, it just

0:09:28.800,0:09:30.320
depends on like what other controls you

0:09:30.320,0:09:32.560
have in place. So we will minimize this,

0:09:32.560,0:09:35.279
we'll go to our VM here, and then we will

0:09:35.279,0:09:36.200
type

0:09:36.200,0:09:38.720
wf.msc, it's this Windows firewall

0:09:38.720,0:09:40.320
microsoft something console, can't

0:09:40.320,0:09:42.000
remember. So we'll open the firewall and

0:09:42.000,0:09:43.200
we're just going to do a lot of this

0:09:43.200,0:09:44.880
stuff for our lab. So we'll go to

0:09:44.880,0:09:47.120
defender firewall properties, and just on

0:09:47.120,0:09:48.640
these first three tabs, we'll just turn

0:09:48.640,0:09:50.160
all three of them off. Like domain

0:09:50.160,0:09:52.080
profile off, private profile off, public

0:09:52.080,0:09:54.080
profile off, and we'll just say okay here.

0:09:54.080,0:09:55.600
The firewall is off. And then we notice

0:09:55.600,0:09:57.680
that the ping is kind of going through

0:09:57.680,0:09:59.760
on our local computer here. So we can

0:09:59.760,0:10:01.920
press ctrl c to cancel this. And we'll

0:10:01.920,0:10:03.680
just copy this IP address. This is the IP

0:10:03.680,0:10:05.839
address of our VM. We will close this. And

0:10:05.839,0:10:09.200
then this is our Nessus Essentials.

0:10:09.200,0:10:11.040
Essentially it's like a web app

0:10:11.040,0:10:12.720
essentially, so we'll go back to this and

0:10:12.720,0:10:14.720
then we're going to create a new scan. So

0:10:14.720,0:10:17.360
we'll just do a basic network scan here.

0:10:17.360,0:10:19.040
And so we'll just name it like, I don't

0:10:19.040,0:10:21.680
know, Windows 10 single host, something

0:10:21.680,0:10:23.360
like this. And then for targets we'll

0:10:23.360,0:10:25.440
just paste, this is our virtual

0:10:25.440,0:10:26.880
machine's IP address, so we'll just kind

0:10:26.880,0:10:28.320
of paste it in here. We don't really need

0:10:28.320,0:10:30.160
to change anything else on here. We're

0:10:30.160,0:10:31.680
just going to do like a manual scan, but

0:10:31.680,0:10:33.200
you know, take note that you can do

0:10:33.200,0:10:34.720
like a scheduled scan if you're working

0:10:34.720,0:10:36.320
in an organization, you want to scan like

0:10:36.320,0:10:38.320
every x days or like every Tuesday or

0:10:38.320,0:10:40.160
something like this. Port scan common ports,

0:10:40.160,0:10:41.920
port scan all ports, obviously all

0:10:41.920,0:10:43.279
ports going to take longer, you can

0:10:43.279,0:10:44.800
customize it. There's a bunch of settings

0:10:44.800,0:10:46.399
that you can kind of explore in here on

0:10:46.399,0:10:48.640
your own. And there is, there's also

0:10:48.640,0:10:51.120
this credentials page which we'll get

0:10:51.120,0:10:52.959
into in a little bit, but basically you

0:10:52.959,0:10:54.480
can, we won't do this yet, but you can

0:10:54.480,0:10:56.480
enter credentials in here like the

0:10:56.480,0:10:58.160
username and password that we made when

0:10:58.160,0:10:59.680
we created the virtual machine, and then

0:10:59.680,0:11:02.240
the scanner will kind of go into the

0:11:02.240,0:11:03.920
machine more deeply and like look

0:11:03.920,0:11:05.440
through the registry and the file system

0:11:05.440,0:11:07.440
and like more things. And the reason for

0:11:07.440,0:11:09.440
this is you can kind of discover more

0:11:09.440,0:11:10.720
vulnerabilities if you have like

0:11:10.720,0:11:12.959
deprecated software or insecure services

0:11:12.959,0:11:14.480
or something like this running.

0:11:14.480,0:11:17.040
This is what this kind of credentialed, the

0:11:17.040,0:11:19.120
credentials page, is for. But right now

0:11:19.120,0:11:20.560
we're just going to do like a basic

0:11:20.560,0:11:22.320
network kind of port scan. It's not going

0:11:22.320,0:11:23.920
to be too deep. Just want to make sure we

0:11:23.920,0:11:25.440
can scan it and get some kind of

0:11:25.440,0:11:27.360
information back. So we have our IP

0:11:27.360,0:11:31.040
address and we will just say save. We'll, oh,

0:11:31.040,0:11:33.279
remove this credentials, oops. And then

0:11:33.279,0:11:35.519
just say save. And then this is our, this

0:11:35.519,0:11:37.600
is our scan. It's not running, it's

0:11:37.600,0:11:38.800
just kind of like a scan that's

0:11:38.800,0:11:40.560
configured that we can run in the future,

0:11:40.560,0:11:42.480
so we'll just go ahead and click launch

0:11:42.480,0:11:44.480
now and launch the scan. And I believe

0:11:44.480,0:11:46.480
you can kind of sometimes see

0:11:46.480,0:11:48.240
the progress of it like if you click it,

0:11:48.240,0:11:50.959
you can see, you know, what it has done so

0:11:50.959,0:11:53.360
far. It makes like little logs and then

0:11:53.360,0:11:54.800
the findings will kind of be on this

0:11:54.800,0:11:56.399
page, but we can just go back. Click back

0:11:56.399,0:11:58.160
to my host and then back to my scans, and

0:11:58.160,0:11:59.839
we'll just kind of wait for this to

0:11:59.839,0:12:01.760
finish. Cool, so we can now see that our

0:12:01.760,0:12:04.480
scan has finished over here. It says like

0:12:04.480,0:12:05.839
today and there's like a check mark. So

0:12:05.839,0:12:07.600
we can just kind of click this to look

0:12:07.600,0:12:10.079
at the individual results for it, and you

0:12:10.079,0:12:12.480
can see like down here like blue is info,

0:12:12.480,0:12:14.800
green is low, medium it's yellow, etc. And

0:12:14.800,0:12:16.399
depending on the organization you work

0:12:16.399,0:12:18.320
for, like a lot of people, a lot of orgs

0:12:18.320,0:12:20.160
like won't even, depending on what they

0:12:20.160,0:12:21.920
are, a lot of orgs won't even like really

0:12:21.920,0:12:23.600
touch medium or lows because they have

0:12:23.600,0:12:25.120
like so many criticals and highs that

0:12:25.120,0:12:26.880
kind of take precedence. And because we

0:12:26.880,0:12:28.959
didn't use any credentials for our scan,

0:12:28.959,0:12:31.600
we don't really see that much of what

0:12:31.600,0:12:33.519
might be actually vulnerable inside the

0:12:33.519,0:12:35.360
VM, but we do see like some things here.

0:12:35.360,0:12:36.480
So we can click

0:12:36.480,0:12:38.320
vulnerabilities up here and just kind of

0:12:38.320,0:12:40.320
look through these a tiny bit. We can see

0:12:40.320,0:12:42.240
like SMB signing is not required. If

0:12:42.240,0:12:44.079
that's something that your org cares

0:12:44.079,0:12:45.680
about, you can kind of read about it here

0:12:45.680,0:12:48.000
more, and consider like implementing

0:12:48.000,0:12:49.839
implementing the solution to

0:12:49.839,0:12:52.079
kind of remediate this vulnerability.

0:12:52.079,0:12:54.079
There's other kind of interesting things

0:12:54.079,0:12:56.399
in here. Traceroute information, it's

0:12:56.399,0:12:58.399
listed as info, means it's not

0:12:58.399,0:13:00.320
could not necessarily be a vulnerability,

0:13:00.320,0:13:02.079
but just something you should be aware

0:13:02.079,0:13:04.079
of, that you can see traceroute information

0:13:04.079,0:13:06.480
which means like ICMP is

0:13:06.480,0:13:08.959
accepted on this particular host.

0:13:08.959,0:13:10.639
And down here we can see

0:13:10.639,0:13:12.560
target credential status by

0:13:12.560,0:13:14.720
authentication protocol, and it says like

0:13:14.720,0:13:16.399
Nessus was not able to successfully

0:13:16.399,0:13:17.839
authenticate to the remote target

0:13:17.839,0:13:19.279
because we didn't actually provide any

0:13:19.279,0:13:20.720
credentials, and we can see that down

0:13:20.720,0:13:23.680
here. SMB was detected on port 445,

0:13:23.680,0:13:26.240
means it's listening on 445, but we

0:13:26.240,0:13:28.000
didn't provide any credentials. That's a

0:13:28.000,0:13:29.360
kind of vulnerability, that's a

0:13:29.360,0:13:31.440
vulnerability scan, some basic results. So

0:13:31.440,0:13:32.639
the next thing we're going to do is

0:13:32.639,0:13:34.720
we're going to, we're going to set up the

0:13:34.720,0:13:36.720
virtual machine to be able to accept

0:13:36.720,0:13:38.560
authenticated scans, and then we're going

0:13:38.560,0:13:40.480
to provide some credentials to Nessus,

0:13:40.480,0:13:41.920
and then we're going to try to rescan

0:13:41.920,0:13:43.680
the virtual machine with credentials, and

0:13:43.680,0:13:45.839
then kind of compare the results of the

0:13:45.839,0:13:47.440
new scan which with these ones that

0:13:47.440,0:13:49.360
we're looking at here. So we'll go back

0:13:49.360,0:13:51.680
to my scans. Actually we'll go back to

0:13:51.680,0:13:53.760
the virtual machine here, and then we'll

0:13:53.760,0:13:54.680
open up

0:13:54.680,0:13:56.720
services.msc. And there may be better

0:13:56.720,0:13:57.920
ways to do what I'm doing like

0:13:57.920,0:13:59.519
especially if you're in like a corporate

0:13:59.519,0:14:01.839
environment. I got these steps from

0:14:01.839,0:14:04.320
Nessus, the things that they recommend to

0:14:04.320,0:14:06.320
actually do credentialed scans against

0:14:06.320,0:14:08.560
Windows hosts that are not on the domain.

0:14:08.560,0:14:09.839
So that's kind of what we're

0:14:09.839,0:14:11.600
using here, so I'm just going to first

0:14:11.600,0:14:13.760
I'm going to enable the remote registry.

0:14:13.760,0:14:16.480
The remote registry which will allow the

0:14:16.480,0:14:17.920
scanner to connect to this computer's

0:14:17.920,0:14:19.440
registry, and like kind of crawl through

0:14:19.440,0:14:20.959
the registry and look for insecure

0:14:20.959,0:14:23.199
configurations like maybe deprecated

0:14:23.199,0:14:24.959
cypher suites that might be enabled. You

0:14:24.959,0:14:26.480
can enable and disable those in the

0:14:26.480,0:14:28.160
registry, so I'm just going to enable

0:14:28.160,0:14:30.639
remote registry so our scanner can

0:14:30.639,0:14:32.720
connect to the registry. So I enabled it

0:14:32.720,0:14:34.560
and I turned it on, and then next we're

0:14:34.560,0:14:36.480
going to, be careful when you close this so

0:14:36.480,0:14:38.240
you don't close the actual VM. I'm just

0:14:38.240,0:14:40.000
closing like the window inside. I'll

0:14:40.000,0:14:41.600
close the firewall. And the next thing, I'll

0:14:41.600,0:14:44.880
enable file and printer sharing so, oh it

0:14:44.880,0:14:47.279
looks like it's possibly already on. Turn

0:14:47.279,0:14:49.120
on sharing so anyone with network, I

0:14:49.120,0:14:50.880
don't think public folder sharing needs

0:14:50.880,0:14:52.639
to be on. I was going to turn this on but

0:14:52.639,0:14:54.160
it looks like it's on already. Turn on

0:14:54.160,0:14:55.839
network discovery, file, and printer

0:14:55.839,0:14:57.360
sharing, oh, looks like it's already on. If

0:14:57.360,0:14:58.959
yours are not on, just make sure to turn

0:14:58.959,0:15:00.880
the file and printer sharing on.

0:15:00.880,0:15:03.199
And then we will go to user account

0:15:03.199,0:15:05.839
control, and this is not good to do,

0:15:05.839,0:15:07.839
but our computer is not on the domain so

0:15:07.839,0:15:09.760
we have to do these kind of hack things

0:15:09.760,0:15:11.760
to be able to scan it. So I'll disable

0:15:11.760,0:15:13.920
this, say okay, say yes. And then we're

0:15:13.920,0:15:16.240
going to open the registry and then

0:15:16.240,0:15:18.480
add a key that's supposed to allow the

0:15:18.480,0:15:20.560
remote account to like connect in. And

0:15:20.560,0:15:21.600
next we're going to connect to the

0:15:21.600,0:15:23.279
registry and add a key that's supposed

0:15:23.279,0:15:25.839
to I guess further disable user account

0:15:25.839,0:15:27.600
control for the remote account we're

0:15:27.600,0:15:29.279
going to use to connect to this

0:15:29.279,0:15:31.519
computer during our scan. So just go to

0:15:31.519,0:15:33.440
start and type regedit. Again, I got this

0:15:33.440,0:15:35.519
documentation from Nessus, I'll put a

0:15:35.519,0:15:37.120
link to it in the description. So we will

0:15:37.120,0:15:40.560
browse to a local machine here, so we'll

0:15:40.560,0:15:44.399
go to local machine, software, Microsoft,

0:15:44.399,0:15:48.240
Windows, current version, policies, system,

0:15:48.240,0:15:50.959
and then inside here we'll create a

0:15:50.959,0:15:53.920
DWORD called local account token filter

0:15:53.920,0:15:55.519
policy, so

0:15:55.519,0:15:59.600
local account token filter policy, local

0:15:59.600,0:16:02.480
account token filter policy. We'll say enter

0:16:02.480,0:16:04.880
and then we'll set this value to 1, and

0:16:04.880,0:16:06.079
we'll close this. And we'll go ahead and

0:16:06.079,0:16:07.680
restart our virtual machine at this

0:16:07.680,0:16:09.199
point. Cool, and then we'll log in,

0:16:09.199,0:16:11.440
remember our username, I made mine admin,

0:16:11.440,0:16:13.120
and then whatever your password is, just

0:16:13.120,0:16:14.720
make sure you don't forget it. And we

0:16:14.720,0:16:18.160
should be ready to scan our computer now.

0:16:18.160,0:16:19.440
We're going to edit this scan that we

0:16:19.440,0:16:22.000
made, so go back to Nessus Essentials, and

0:16:22.000,0:16:24.959
then we will, oh, so check this box next

0:16:24.959,0:16:27.040
to the scan, and then go to more, and then go

0:16:27.040,0:16:28.560
to configure, and then we're going to add

0:16:28.560,0:16:30.079
a set of credentials to this, and we're

0:16:30.079,0:16:32.079
going to add Windows credentials. So

0:16:32.079,0:16:33.680
we're going to use password, and remember,

0:16:33.680,0:16:35.680
our username is admin, so if you go to

0:16:35.680,0:16:38.880
the VM and go to cmd and type like

0:16:38.880,0:16:41.360
whoami, the name is

0:16:41.360,0:16:43.680
admin right, so we'll say admin, and then

0:16:43.680,0:16:45.600
whatever you made the password. And I

0:16:45.600,0:16:46.639
believe,

0:16:46.639,0:16:48.160
I believe we can like leave all these

0:16:48.160,0:16:50.079
things as default, if it breaks, I mean

0:16:50.079,0:16:51.759
maybe we can come back and configure it, or

0:16:51.759,0:16:53.279
if it doesn't work, we can check it. So

0:16:53.279,0:16:56.240
we'll save this as it is. So it saved, and then

0:16:56.240,0:16:58.639
we'll go back, and back to scans, and then

0:16:58.639,0:17:00.880
we'll run this scan one more time.

0:17:00.880,0:17:02.639
When this finishes, we'll compare the

0:17:02.639,0:17:04.559
results with the first scan, and

0:17:04.559,0:17:06.240
technically we should see more results

0:17:06.240,0:17:07.760
with this one because we enabled

0:17:07.760,0:17:09.359
credentialed scanning and we kind of

0:17:09.359,0:17:12.079
configured the VM to accept remote scans.

0:17:12.079,0:17:13.760
So we'll see what happens, so I'll just

0:17:13.760,0:17:15.520
pause this and I'll come back, I'll pause

0:17:15.520,0:17:17.119
the video and come back when it finishes.

0:17:17.119,0:17:18.880
Okay, it's been a few minutes and it

0:17:18.880,0:17:20.799
looks like our scan is finished here. So

0:17:20.799,0:17:23.280
we will click on this, and we can see

0:17:23.280,0:17:25.280
like immediately, remember last time we

0:17:25.280,0:17:27.119
we had like one medium and a bunch of

0:17:27.119,0:17:29.039
infos. Now we have like seven criticals,

0:17:29.039,0:17:31.919
38 highs, and, you know, four mediums, and a

0:17:31.919,0:17:33.840
whole bunch more infos. It's pretty

0:17:33.840,0:17:35.520
interesting, so before we like really

0:17:35.520,0:17:37.039
dive into the vulnerabilities and all

0:17:37.039,0:17:39.200
this. I'll just click on history over

0:17:39.200,0:17:40.559
here really quick. And this is the

0:17:40.559,0:17:41.760
current one and you can see the

0:17:41.760,0:17:43.760
vulnerabilities down here. You can see,

0:17:43.760,0:17:45.600
you know, five percent criticals, etc. And

0:17:45.600,0:17:47.360
then if we click on our first scan, we

0:17:47.360,0:17:49.280
can see like we didn't use credentials

0:17:49.280,0:17:50.880
for this, so we couldn't look at the file

0:17:50.880,0:17:52.559
system or the registry or any other

0:17:52.559,0:17:54.960
running services or any of that, so

0:17:54.960,0:17:56.480
you can see there's like a big

0:17:56.480,0:17:58.160
difference in doing credentialed scan

0:17:58.160,0:18:00.240
versus like uncredentialed scans. So this

0:18:00.240,0:18:02.320
kind of like solidifies the importance

0:18:02.320,0:18:04.240
of running credentialed scans whether or

0:18:04.240,0:18:06.000
not you're like scanning Cisco devices

0:18:06.000,0:18:07.919
or like Linux machines or like Windows

0:18:07.919,0:18:10.480
machines or Macs or whatever. If you can

0:18:10.480,0:18:12.559
use credentials, you can really like

0:18:12.559,0:18:14.720
discover more vulnerabilities. So I'll

0:18:14.720,0:18:16.400
just click on the vulnerabilities tab

0:18:16.400,0:18:17.919
here first, and we'll just kind of like

0:18:17.919,0:18:19.520
look at these a little bit. We can see

0:18:19.520,0:18:21.600
like this is essentially the

0:18:21.600,0:18:23.919
list of findings, and some of these

0:18:23.919,0:18:25.600
are mixed, so if we click on this, for

0:18:25.600,0:18:27.520
example, we can see it's like a

0:18:27.520,0:18:29.520
combination of like mostly criticals and

0:18:29.520,0:18:31.280
highs, and you can see it's like mostly

0:18:31.280,0:18:33.919
Edge, mostly Edge which can probably be

0:18:33.919,0:18:35.679
remediated from like updating, running

0:18:35.679,0:18:37.280
Windows updates essentially. And you can

0:18:37.280,0:18:38.960
kind of look at these individual ones

0:18:38.960,0:18:41.600
and dive more deep into them to

0:18:41.600,0:18:43.440
see like what the actual thing is and

0:18:43.440,0:18:45.039
like how to fix it.

0:18:45.039,0:18:46.720
So we can go back a little bit. We'll

0:18:46.720,0:18:48.000
back up a little bit more. So

0:18:48.000,0:18:49.760
vulnerabilities around Edge, around

0:18:49.760,0:18:52.160
Windows, around a bunch of other stuff.

0:18:52.160,0:18:54.000
If we click on remediations, this tab

0:18:54.000,0:18:56.080
kind of gives us like a high level like

0:18:56.080,0:18:58.400
instructions on how to like remediate

0:18:58.400,0:18:59.679
most of the findings from like a really

0:18:59.679,0:19:01.520
high level, basically just like run

0:19:01.520,0:19:03.200
Windows updates is what I'm

0:19:03.200,0:19:05.120
seeing here. So security updates,

0:19:05.120,0:19:07.039
install this KB to fix a bunch of other

0:19:07.039,0:19:09.039
ones, and then all this is pretty much

0:19:09.039,0:19:11.360
Windows updates. And this VPR top threats,

0:19:11.360,0:19:14.320
these VPR top threats is essentially

0:19:14.320,0:19:16.080
what Tenable is like recommending we

0:19:16.080,0:19:18.080
prioritize to remediate probably based

0:19:18.080,0:19:21.360
on CVSS score and like whatever other

0:19:21.360,0:19:24.559
metrics they use. So like I would say

0:19:24.559,0:19:26.400
before like, if I were

0:19:26.400,0:19:28.240
doing this in like an organization,

0:19:28.240,0:19:29.520
like the first thing you want to do is

0:19:29.520,0:19:31.120
like make sure you have third-party

0:19:31.120,0:19:33.760
patching and like Windows OS patching

0:19:33.760,0:19:35.760
like set up properly and like properly

0:19:35.760,0:19:37.440
being like tested and deployed on

0:19:37.440,0:19:38.799
regular intervals, so you don't have to

0:19:38.799,0:19:40.880
like kind of go through and deal with

0:19:40.880,0:19:43.200
these like individual vulnerabilities

0:19:43.200,0:19:44.960
that are related to things

0:19:44.960,0:19:46.960
that can be easily fixed by like

0:19:46.960,0:19:48.799
automated patching and stuff like this.

0:19:48.799,0:19:51.520
So before I start like

0:19:51.520,0:19:53.840
remediating these and fixing them, I'm

0:19:53.840,0:19:55.600
gonna install some like deprecated

0:19:55.600,0:19:57.919
software on this computer like a really

0:19:57.919,0:19:59.600
old version of Firefox, and then we're

0:19:59.600,0:20:01.760
gonna kind of run another scan, and then

0:20:01.760,0:20:03.919
observe the results from that as well. So

0:20:03.919,0:20:05.200
I'm gonna get this old version of

0:20:05.200,0:20:07.360
Firefox. I'll put a link to it

0:20:07.360,0:20:09.200
in the description, I was gonna say I'm

0:20:09.200,0:20:10.799
worried about doing that, but I'll put a

0:20:10.799,0:20:12.080
link to it in the description. It's

0:20:12.080,0:20:14.400
really old, from six years ago apparently.

0:20:14.400,0:20:16.720
So we'll just download this Firefox

0:20:16.720,0:20:18.960
3612. And make sure to do this, make sure

0:20:18.960,0:20:20.400
you're doing this in the virtual machine.

0:20:20.400,0:20:22.159
Don't accidentally do it on your

0:20:22.159,0:20:24.799
computer, and that's

0:20:24.799,0:20:26.880
what I'm actually doing, so make sure

0:20:26.880,0:20:29.120
go to the virtual machine. So we'll open

0:20:29.120,0:20:31.280
up Edge in our virtual machine, and then

0:20:31.280,0:20:33.520
we'll paste, oh no, I can't paste it? I'm

0:20:33.520,0:20:34.960
just gonna search like download

0:20:34.960,0:20:36.960
deprecated Firefox. I shouldn't

0:20:36.960,0:20:38.559
use the word deprecated. I'll

0:20:38.559,0:20:42.240
say download old Firefox, and

0:20:42.240,0:20:44.159
I think I can click here and do it.

0:20:44.159,0:20:46.080
Still want to downgrade directory, I'll go

0:20:46.080,0:20:48.080
to directory of all old ones and then

0:20:48.080,0:20:50.480
I'll get 3612. This is random by the way,

0:20:50.480,0:20:51.840
you can get any old version that you

0:20:51.840,0:20:53.520
want. I'm just using this one because I

0:20:53.520,0:20:58.080
did it already. win32, en-US, and

0:20:58.080,0:20:59.919
I'll get this. So we'll open this, and

0:20:59.919,0:21:02.400
then install this super old version of

0:21:02.400,0:21:05.600
Firefox. We'll say next, standard, sure, and

0:21:05.600,0:21:07.840
then sure, we can launch it, I guess,

0:21:07.840,0:21:10.559
yeah why not. Cool, so this is old, old

0:21:10.559,0:21:13.520
Firefox, so now we have an old Firefox on

0:21:13.520,0:21:15.120
our computer, so we'll close this. This is

0:21:15.120,0:21:16.559
our virtual machine remember. Here's

0:21:16.559,0:21:18.720
Firefox. And then so we will go back to

0:21:18.720,0:21:21.039
our scans here. This is on our host

0:21:21.039,0:21:22.720
machine, and this is Nessus so we'll go

0:21:22.720,0:21:24.240
back to our scans, and we don't need to

0:21:24.240,0:21:26.400
change our scan anymore. We'll just click

0:21:26.400,0:21:28.559
launch and it will just run another scan.

0:21:28.559,0:21:30.640
It will do the same thing scan all, scan

0:21:30.640,0:21:32.320
the common open ports, inspect the

0:21:32.320,0:21:35.360
registry, inspect the services, and then

0:21:35.360,0:21:36.960
inspect the file system. It's going to

0:21:36.960,0:21:39.360
discover this old deprecated version of

0:21:39.360,0:21:40.880
Firefox. There's like a million

0:21:40.880,0:21:42.559
vulnerabilities in it probably, so

0:21:42.559,0:21:44.480
hopefully we'll see that reflected

0:21:44.480,0:21:46.159
in the scan results when this finishes

0:21:46.159,0:21:47.760
here in a couple of minutes. Okay, it's

0:21:47.760,0:21:49.520
been a couple more minutes and our scan

0:21:49.520,0:21:51.200
is finished, so we can click on this

0:21:51.200,0:21:53.039
again, and we'll see like our

0:21:53.039,0:21:55.520
vulnerabilities like went up to 68

0:21:55.520,0:21:57.039
critical now. So before we kind of dive

0:21:57.039,0:21:58.480
into these, again, we'll check out the

0:21:58.480,0:22:00.159
history just so we can see like a trend

0:22:00.159,0:22:02.159
in these. So this is the first one in the

0:22:02.159,0:22:04.400
bottom here we can see only info, no

0:22:04.400,0:22:06.320
credentials provided. Second one is our

0:22:06.320,0:22:08.400
credentials provided, and we, you know, we

0:22:08.400,0:22:10.000
have a little bit more, we have some

0:22:10.000,0:22:12.000
criticals discovered and some highs. And

0:22:12.000,0:22:14.480
then we installed Firefox, like a really

0:22:14.480,0:22:16.320
old one, and then this is our current

0:22:16.320,0:22:18.640
scan. There's like a bunch more criticals,

0:22:18.640,0:22:21.039
whole bunch of criticals, so we'll go to

0:22:21.039,0:22:23.919
the vulnerabilities tab here.

0:22:23.919,0:22:26.159
And then we can kind of see this one at

0:22:26.159,0:22:28.240
the very top mixed with Firefox and

0:22:28.240,0:22:30.880
total count of like 141, so if we click

0:22:30.880,0:22:33.440
on this, it's just absolute chuck full

0:22:33.440,0:22:35.039
of criticals just because that version

0:22:35.039,0:22:37.039
of Firefox is like so old, it has so many

0:22:37.039,0:22:38.480
vulnerabilities. And it's not like you

0:22:38.480,0:22:39.919
have to like go through like fix each

0:22:39.919,0:22:41.280
one of these one at a time, you can

0:22:41.280,0:22:43.120
either just like upgrade Firefox to the

0:22:43.120,0:22:44.799
latest one or just like completely

0:22:44.799,0:22:46.400
uninstall it and it will remediate the

0:22:46.400,0:22:47.600
vulnerabilities. So we can click

0:22:47.600,0:22:49.440
remediations, we pretty much see the same

0:22:49.440,0:22:51.600
thing as last time except for at the

0:22:51.600,0:22:54.080
very top now we have a recommendation to

0:22:54.080,0:22:56.640
upgrade Firefox. And then again this VPR

0:22:56.640,0:22:59.039
top threats, we have this kind of

0:22:59.039,0:23:01.840
Firefox in here. Again, history, first scan,

0:23:01.840,0:23:03.760
no credentials. Second, credentials,

0:23:03.760,0:23:05.679
default Windows install. Third scan,

0:23:05.679,0:23:08.480
Firefox, old Firefox, whole

0:23:08.480,0:23:10.080
bunch of vulnerabilities that need to be

0:23:10.080,0:23:12.240
remediated. So the next step we're going

0:23:12.240,0:23:14.400
to, we're just going to try to remediate

0:23:14.400,0:23:16.000
as many of these vulnerabilities as we

0:23:16.000,0:23:17.840
can by doing like really simple things,

0:23:17.840,0:23:19.200
like we're just going to uninstall

0:23:19.200,0:23:21.120
Firefox totally, and then we're going to

0:23:21.120,0:23:22.799
just essentially like run Windows

0:23:22.799,0:23:25.280
updates until there's no more updates

0:23:25.280,0:23:27.360
that need to happen essentially. So we'll

0:23:27.360,0:23:29.360
go to our virtual machine here, and then

0:23:29.360,0:23:32.000
we can go to appwiz.cpl, that's like a

0:23:32.000,0:23:34.159
kind of shortcut to go to this thing.

0:23:34.159,0:23:36.080
So we can go to Firefox, I'm just going

0:23:36.080,0:23:38.000
to uninstall it to be honest. So uninstall

0:23:38.000,0:23:40.320
Firefox, and then I'll go to Windows

0:23:40.320,0:23:42.480
update, and let's see

0:23:42.480,0:23:44.240
I guess I'll just manually check for

0:23:44.240,0:23:45.679
updates, I'll leave the settings to like

0:23:45.679,0:23:47.039
whatever they are. And then you can do

0:23:47.039,0:23:48.720
this too just keep like running Windows

0:23:48.720,0:23:50.080
updates, and you might have to like

0:23:50.080,0:23:51.440
restart and then run it again then

0:23:51.440,0:23:53.679
restart and run it again. I'll pause this

0:23:53.679,0:23:55.200
and I'll just kind of like let the

0:23:55.200,0:23:57.039
updates happen, then I'll come back to it

0:23:57.039,0:23:59.039
again. Okay, it updated for a while and

0:23:59.039,0:24:00.480
it's asking for a restart, so I'll just go

0:24:00.480,0:24:03.440
ahead and restart and repeat the process.

0:24:03.440,0:24:05.520
Okay when it comes back up, just go ahead

0:24:05.520,0:24:08.000
and log in again, and go to Windows

0:24:08.000,0:24:10.159
updates again, and just click check for

0:24:10.159,0:24:12.799
updates one more time just to make sure.

0:24:12.799,0:24:14.400
Okay, it looks like it's installing some

0:24:14.400,0:24:15.679
more, so I'll go ahead and pause this and

0:24:15.679,0:24:18.159
kind of let this continue. So it actually

0:24:18.159,0:24:19.840
looks like the updates are done, so we'll

0:24:19.840,0:24:22.400
go back to Nessus, go back to my scans,

0:24:22.400,0:24:24.880
and we'll run our scan one more time. So

0:24:24.880,0:24:26.720
we should expect to see a lot of the

0:24:26.720,0:24:28.559
remediations done, there should be a lot

0:24:28.559,0:24:30.480
less highs and criticals like Firefox

0:24:30.480,0:24:32.000
should be gone, like all the Windows

0:24:32.000,0:24:34.080
updates should be no longer required, but

0:24:34.080,0:24:36.080
we will let this finish, and then check

0:24:36.080,0:24:37.760
it out in a couple of minutes, or for you

0:24:37.760,0:24:39.200
it will be instantly because I'll edit

0:24:39.200,0:24:40.960
this out. So our last scan has finally

0:24:40.960,0:24:43.600
finished, so let's check this out. So

0:24:43.600,0:24:45.279
we'll click on this and before we like

0:24:45.279,0:24:46.720
really dive in deep, we can kind of see

0:24:46.720,0:24:48.320
there's some highs and some

0:24:48.320,0:24:49.520
criticals and highs, but we'll go to

0:24:49.520,0:24:51.840
history over here, and this is our

0:24:51.840,0:24:53.760
current scan, and this is the last scan

0:24:53.760,0:24:56.480
right here before we uninstalled Firefox

0:24:56.480,0:24:58.640
and before we updated Windows, so we can

0:24:58.640,0:25:00.159
see there's quite a bit more mediums,

0:25:00.159,0:25:01.840
quite a bit more, sorry, there's quite a

0:25:01.840,0:25:03.279
bit more criticals, quite a bit more

0:25:03.279,0:25:05.840
highs. So current, after removing

0:25:05.840,0:25:07.440
Firefox and running Windows updates, and

0:25:07.440,0:25:09.840
then before. So there's quite a bit less, and

0:25:09.840,0:25:12.720
this scan right here, this is the

0:25:12.720,0:25:14.799
default install of Windows and then this

0:25:14.799,0:25:16.960
is the current one after updating

0:25:16.960,0:25:19.120
Windows. So current or default and then

0:25:19.120,0:25:20.400
current. So we can kind of dive into

0:25:20.400,0:25:22.000
these like a little bit, it looks like

0:25:22.000,0:25:24.559
the remaining vulnerabilities, most of

0:25:24.559,0:25:26.640
them are around Microsoft Edge. It looks

0:25:26.640,0:25:28.720
like maybe Windows update didn't update

0:25:28.720,0:25:30.799
Edge for some reason. We can check

0:25:30.799,0:25:33.520
this one, a bunch of highs, I can't

0:25:33.520,0:25:36.320
read these. Microsoft 3D Viewer Base 3D

0:25:36.320,0:25:38.400
Code something. Maybe this is some like

0:25:38.400,0:25:40.480
native app that's installed, oh yeah, it

0:25:40.480,0:25:42.080
is. So it looks like there's some like

0:25:42.080,0:25:44.159
random stuff that's still on this

0:25:44.159,0:25:45.679
virtual machine that maybe it's like out

0:25:45.679,0:25:47.760
of date or something like this, and

0:25:47.760,0:25:49.440
you can just kind of look through this. I

0:25:49.440,0:25:51.440
won't like do any further remediations

0:25:51.440,0:25:52.559
because this video is getting kind of

0:25:52.559,0:25:54.960
long so, but maybe you could consider,

0:25:54.960,0:25:57.440
you know, figuring out exactly like how

0:25:57.440,0:25:59.120
to update Microsoft Edge or like

0:25:59.120,0:26:00.559
uninstall it if you're allowed to do

0:26:00.559,0:26:02.000
that like, I don't know. But yeah, it's

0:26:02.000,0:26:03.520
pretty interesting to kind of

0:26:03.520,0:26:05.279
experiment with this and like install

0:26:05.279,0:26:07.120
like really old stuff, or maybe even

0:26:07.120,0:26:09.360
like get a hold of like a Windows XP ISO

0:26:09.360,0:26:11.760
and install Windows XP, right, and scan

0:26:11.760,0:26:13.760
that and see what kind of like swiss

0:26:13.760,0:26:16.159
cheese scan results like come back. It's

0:26:16.159,0:26:17.760
like going to be absolutely full of

0:26:17.760,0:26:19.679
holes, but yeah that is vulnerability

0:26:19.679,0:26:21.120
management. And those are kind of like the

0:26:21.120,0:26:22.960
really kind of the core components of

0:26:22.960,0:26:24.400
vulnerability management just like

0:26:24.400,0:26:26.080
scanning and remediating, scanning and

0:26:26.080,0:26:27.919
remediating, but, you know, a lot more goes

0:26:27.919,0:26:29.200
into it because you have to have like,

0:26:29.200,0:26:30.320
you know, when you work at a big

0:26:30.320,0:26:32.080
organization, you usually will make some

0:26:32.080,0:26:34.159
kind of standard and like policies and

0:26:34.159,0:26:36.000
procedures, and you have to kind of bring

0:26:36.000,0:26:37.520
all the departments in and work with the

0:26:37.520,0:26:38.960
individual groups to like get

0:26:38.960,0:26:41.039
credentials for all their individual

0:26:41.039,0:26:42.960
resources, or maybe you use like a domain

0:26:42.960,0:26:44.799
account to scan everything, and it

0:26:44.799,0:26:46.320
gets a little bit more complicated when

0:26:46.320,0:26:48.080
you're in a large organization, but this

0:26:48.080,0:26:50.000
is pretty much the guts of it,

0:26:50.000,0:26:51.360
just like scanning stuff, finding

0:26:51.360,0:26:53.279
vulnerabilities, and then essentially

0:26:53.279,0:26:55.200
remediating them. You want to automate it,

0:26:55.200,0:26:57.120
as much of it as you can as possible

0:26:57.120,0:26:58.960
like updating like the third-party

0:26:58.960,0:27:00.960
apps and like Windows update and this

0:27:00.960,0:27:02.559
kind of thing. And you want to have like

0:27:02.559,0:27:04.480
a secure build standard, so like make

0:27:04.480,0:27:06.159
sure the build is like already like

0:27:06.159,0:27:08.720
remediated and like secure enough before

0:27:08.720,0:27:10.080
it goes into production to kind of

0:27:10.080,0:27:11.520
reduce the amount of vulnerabilities

0:27:11.520,0:27:13.039
that get introduced, but now that you've

0:27:13.039,0:27:14.080
kind of like watched this you have a

0:27:14.080,0:27:15.760
pretty good idea, I would say, of how

0:27:15.760,0:27:17.679
vulnerability management works, so you

0:27:17.679,0:27:19.840
can, you know, practice this a bunch, and

0:27:19.840,0:27:21.279
consider like reading up on how to

0:27:21.279,0:27:22.720
implement vulnerability management on

0:27:22.720,0:27:24.240
like a large organization, and then you can

0:27:24.240,0:27:26.159
like put something on your resume that

0:27:26.159,0:27:27.600
might look something like this, and then

0:27:27.600,0:27:29.919
go ahead and start applying to jobs that

0:27:29.919,0:27:31.279
are looking for like vulnerability

0:27:31.279,0:27:33.039
management engineers or vulnerability

0:27:33.039,0:27:34.640
management analysts or like whatever

0:27:34.640,0:27:35.679
they're calling them because it's a

0:27:35.679,0:27:37.360
relatively like straightforward process.

0:27:37.360,0:27:39.039
It's pretty easy technically speaking.

0:27:39.039,0:27:40.799
Like the hard part about

0:27:40.799,0:27:42.559
vulnerability management usually comes

0:27:42.559,0:27:44.000
from like dealing with the humans and

0:27:44.000,0:27:45.600
like getting everyone to like coordinate,

0:27:45.600,0:27:47.600
that's like really difficult. But yeah, I hope

0:27:47.600,0:27:49.120
you enjoyed this. If you

0:27:49.120,0:27:50.720
thought I was interesting, you know I'd

0:27:50.720,0:27:52.640
appreciate if you liked and consider

0:27:52.640,0:27:54.080
subscribing, and if you have any

0:27:54.080,0:27:55.760
questions or comments, criticism, please

0:27:55.760,0:27:57.120
like let me know in the comment section.

0:27:57.120,0:27:59.440
I 100% read all the comments every time. I

0:27:59.440,0:28:00.880
respond to everybody's comment. If you

0:28:00.880,0:28:01.919
feel like supporting me, I do have a

0:28:01.919,0:28:03.840
Patreon, but other than that, thank you so

0:28:03.840,0:28:05.520
much for watching and we will see you in

0:28:05.520,0:28:08.003
the next video, bye bye.

0:28:08.003,0:28:20.480
[Music]