Nessus Tutorial for Beginners: Vulnerability Management (PUT THIS ON YOUR RESUME!)

Rollback to version 5

0:00 - 0:02

Hey everybody, Josh here. Welcome back to
0:02 - 0:04

my channel. I do a lot of videos on IT
0:04 - 0:06

cyber security education and career
0:06 - 0:08

things, and today's video is going to be
0:08 - 0:09

on vulnerability management. We're
0:09 - 0:10

actually going to be doing a
0:10 - 0:12

vulnerability management lab where we
0:12 - 0:14

install Nessus Essentials and we install
0:14 - 0:16

VMware Workstation Player, and set up
0:16 - 0:18

Windows 10 inside of a VM, install some
0:18 - 0:20

old deprecated software on it, and then
0:20 - 0:21

we're going to be doing some
0:21 - 0:23

vulnerability scans against that virtual
0:23 - 0:25

machine to kind of discover any
0:25 - 0:26

vulnerabilities that might be on there,
0:26 - 0:27

and then we're going to go ahead and
0:27 - 0:29

remediate one or two of those just so we
0:29 - 0:31

can kind of observe what's happening. I
0:31 - 0:33

figured this would be a good video to do
0:33 - 0:34

because there's like quite a few
0:34 - 0:36

vulnerability management jobs on
0:36 - 0:38

LinkedIn and I've gotten a
0:38 - 0:40

lot of spam from recruiters for these
0:40 - 0:42

type of positions, and actually the last
0:42 - 0:43

real job I had I was a vulnerability
0:43 - 0:45

management program manager for King
0:45 - 0:47

County here in Washington State so I
0:47 - 0:50

kind of did this on an ongoing basis for
0:50 - 0:51

a while. Basically what vulnerability
0:51 - 0:53

management is continuously assessing
0:53 - 0:55

your assets, discovering vulnerabilities,
0:55 - 0:58

remediating them to an acceptable risk,
0:58 - 0:59

and then kind of starting the process
0:59 - 1:01

over and over again to kind of make sure
1:01 - 1:03

the risk in the whole organization is
1:03 - 1:05

low or at least an acceptable level. So I
1:05 - 1:07

think if you kind of watch this video
1:07 - 1:09

and practice it a few times, you can get
1:09 - 1:11

pretty good at it and get an idea of how
1:11 - 1:13

vulnerability management might work in
1:13 - 1:15

like a larger corporation. This is
1:15 - 1:16

definitely something you can put on your
1:16 - 1:20

resume. It might look something like this.
1:22 - 1:24

So it will definitely help you out. So
1:24 - 1:25

yeah, if you're excited to learn
1:25 - 1:26

vulnerability management, consider
1:26 - 1:28

smashing that like button and let's get
1:28 - 1:30

started. So the first thing we're going
1:30 - 1:31

to do is go ahead and
1:31 - 1:34

download and install VMware Player. Now
1:34 - 1:35

you probably want to have like a
1:35 - 1:38

semi-decent computer to be able
1:38 - 1:39

to do this, maybe like at least eight
1:39 - 1:41

gigabytes of ram and maybe dual core
1:41 - 1:43

or something. But if you don't know about
1:43 - 1:45

any of that, just try to go ahead and do
1:45 - 1:47

it, and if something fails, then it fails.=
1:47 - 1:48

I suppose. But go ahead and download
1:48 - 1:50

VMware Player. I'll put a link to this in
1:50 - 1:52

the description. Just download
1:52 - 1:54

for Windows. I'm not gonna do it again
1:54 - 1:55

because I already have it, but just go
1:55 - 1:56

ahead and like click this, download it,
1:56 - 1:58

and install it. You can see mine started
1:58 - 1:59

downloading, I'm just going to go ahead
1:59 - 2:01

and cancel this. And then while you're
2:01 - 2:02

waiting for VMware Player to download,
2:02 - 2:04

we'll go ahead and download the Windows
2:04 - 2:06

10 ISO. That's basically a file that'll
2:06 - 2:08

let us install windows 10 onto our
2:08 - 2:10

virtual machine. So again, I'll put a link
2:10 - 2:12

to this in the description as well, but
2:12 - 2:14

just go ahead and go to it, and then
2:14 - 2:16

you'll go to where it says create
2:16 - 2:18

Windows 10 installation media and you'll
2:18 - 2:20

say download tool, and when
2:20 - 2:21

this downloads, just go ahead and open it.
2:21 - 2:23

Don't be surprised if this takes a while
2:23 - 2:24

to like start up and download. So we'll
2:24 - 2:27

just say accept. And then we're going to
2:27 - 2:28

click
2:28 - 2:30

create installation media. We want to get
2:30 - 2:32

an ISO file so we'll say next. This looks
2:32 - 2:35

good. And we're going to say ISO file, be
2:35 - 2:37

sure to select this. And then we'll just
2:37 - 2:39

choose where it goes. I like this nice xp
2:39 - 2:41

pro ISO that I have. Go ahead and put it
2:41 - 2:43

in a folder, just remember what folder
2:43 - 2:45

you put in. So I'll just save it to my C:
2:45 - 2:47

_ISOs folder and then we'll
2:47 - 2:49

wait for this to finish. And while this
2:49 - 2:50

is going, we can actually
2:50 - 2:53

download and install Nessus
2:53 - 2:54

Essentials which is going to
2:54 - 2:56

be the vulnerability scanner that we use
2:56 - 2:58

to actually conduct our scans. So I'll
2:58 - 3:00

put a link to this in the description as
3:00 - 3:02

well, but you can probably find it on google.
3:02 - 3:04

And just basically like fill this thing
3:04 - 3:06

out. After you fill this out, you'll be
3:06 - 3:07

able to download it and it will send
3:07 - 3:09

like a key to your email, so just go
3:09 - 3:11

ahead and- actually I'll just do it. Just
3:11 - 3:14

fill this thing out, cool. So it will send
3:14 - 3:16

an email inside of your email, I can't
3:16 - 3:18

show it because it has a key and like, I
3:18 - 3:20

don't know, so inside of your email
3:20 - 3:21

there'll be like a button that says
3:21 - 3:23

download Nessus and then there will be a
3:23 - 3:25

key. Go ahead and click the button to
3:25 - 3:27

download Nessus and it will take you to
3:27 - 3:28

a page that looks like this, and just
3:28 - 3:30

click on Nessus. And we already have an
3:30 - 3:32

activation code, it should be in your
3:32 - 3:35

email, so we'll pick the one for, this one,
3:35 - 3:37

it says Windows Server 2008 blah blah
3:37 - 3:39

blah, and then it says 10 in here. So
3:39 - 3:41

we'll download this. Just say agree and
3:41 - 3:43

then, you know, download it anywhere and
3:43 - 3:44

then meanwhile remember in the
3:44 - 3:46

background windows 10 should be still
3:46 - 3:48

downloading virtual vmware player might
3:48 - 3:50

be downloading still too so we just have
3:50 - 3:51

to install that on your own i'm not
3:51 - 3:52

going to show it on the screen because i
3:52 - 3:54

already have it installed here we are at
3:54 - 3:57

the tenable setup so we just say next
3:57 - 4:00

accept and just accept this location and
4:00 - 4:02

then go ahead and install it and then
4:02 - 4:04

say finish
4:04 - 4:05

and then it's going to kind of um show
4:05 - 4:08

this like socket up here like localhost
4:08 - 4:09

in the port um i would recommend saving
4:09 - 4:11

this url because it's it's kind of
4:11 - 4:13

annoying if you lose it so just save it
4:13 - 4:15

in like a notepad somewhere or something
4:15 - 4:17

like this and then we'll say connect via
4:17 - 4:19

ssl and just say advanced and then say
4:19 - 4:21

proceed and this takes a while to set up
4:21 - 4:23

the very first time it has to like
4:23 - 4:25

initialize and install things and i
4:25 - 4:26

assume download a whole bunch of
4:26 - 4:28

definitions or something like this so
4:28 - 4:30

just go get like some coffee or
4:30 - 4:31

something while you while you wait for
4:31 - 4:33

this to happen because it will take a
4:33 - 4:34

while to do and we're going to say
4:34 - 4:37

nessus essentials it's essentially free
4:37 - 4:39

you can read the i guess license
4:39 - 4:40

agreement if you want but we're going to
4:40 - 4:42

install essentials and then just fill
4:42 - 4:43

this thing out and we'll get an
4:43 - 4:46

activation code i believe i have one
4:46 - 4:48

already um it should have emailed it to
4:48 - 4:49

you actually it should have emailed the
4:49 - 4:52

activation code to you so maybe skip
4:52 - 4:54

this and then just paste the activation
4:54 - 4:56

code that was that was in your email
4:56 - 4:58

that you already received and just
4:58 - 4:59

continue and then this is where you're
4:59 - 5:01

going to set up a username and password
5:01 - 5:02

just make sure you don't forget this it
5:02 - 5:04

might be troublesome you know if you
5:04 - 5:05

forget it you'll have to reset it or
5:05 - 5:08

something like this so just uh set up a
5:08 - 5:10

password i guess and this this is a part
5:10 - 5:11

that takes a while so just you know go
5:11 - 5:14

get coffee or sandwich or something and
5:14 - 5:17

we will meet back here okay so while
5:17 - 5:18

this is still installing and
5:18 - 5:20

initializing and doing everything it
5:20 - 5:22

needs to do let's go ahead and set up
5:22 - 5:23

our virtual machine since this is going
5:23 - 5:25

to take some time anyway so by now you
5:25 - 5:27

should have downloaded and installed um
5:27 - 5:29

vmware workstation player so we'll just
5:29 - 5:32

go ahead and open this up and check on
5:32 - 5:35

your windows 10 iso download it should
5:35 - 5:37

be finished by now as well maybe it
5:37 - 5:39

looks something like this and then it
5:39 - 5:40

shows you like where it's at the ci so
5:40 - 5:43

it's windows or yeah wherever you put
5:43 - 5:44

yours so just take note of this and
5:44 - 5:46

we'll say finish cool and then we're
5:46 - 5:49

going to create a new virtual machine
5:49 - 5:51

inside of vmware workstation player
5:51 - 5:53

we'll go to player and then file and
5:53 - 5:55

then new virtual machine and then
5:55 - 5:57

for the installer we're going to say
5:57 - 6:00

browse and then we'll just browse to
6:00 - 6:01

wherever you downloaded the windows 10
6:01 - 6:03

iso so this could probably be named
6:03 - 6:05

something better but that's okay so
6:05 - 6:07

we'll say next and just name this
6:07 - 6:09

something appropriate this is fine this
6:09 - 6:11

location's fine i guess you can change
6:11 - 6:13

it if you want so we'll say next maximum
6:13 - 6:16

disk size um this is fine we're not
6:16 - 6:17

gonna really put anything on it i'm just
6:17 - 6:20

gonna put set mine at 50 and then we'll
6:20 - 6:22

go to customize hardware and for memory
6:22 - 6:24

like if you don't know how much ram you
6:24 - 6:27

have maybe just like leave this as it is
6:27 - 6:28

i'm going to increase mine a little bit
6:28 - 6:30

i'll increase this a little bit if you
6:30 - 6:32

don't know about your cpu just leave it
6:32 - 6:34

as is but we do have to change the
6:34 - 6:36

network adapter we should change it to
6:36 - 6:38

bridged without explaining too deeply
6:38 - 6:40

bridge kind of puts this virtual machine
6:40 - 6:42

on the same network as your actual
6:42 - 6:45

physical computer so your nessus
6:45 - 6:47

implement implementation can talk to the
6:47 - 6:48

virtual machine
6:48 - 6:52

more easily this looks good we'll close
6:52 - 6:54

this and this is good power on after
6:54 - 6:56

creation we'll say finish kind of move
6:56 - 6:57

tenable
6:57 - 6:58

to the side
6:58 - 7:01

and then after the vm finishes getting
7:01 - 7:03

kind of created it's going to launch and
7:03 - 7:05

then we're going to have a chance to
7:05 - 7:07

install windows be sure to press any key
7:07 - 7:09

to boot into the iso when it asks and if
7:09 - 7:11

your cursor is gone you can see
7:11 - 7:13

in the lower left it says like press
7:13 - 7:15

control alt to release your cursor and
7:15 - 7:16

then you can get your cursor back so
7:16 - 7:19

we're just going to install windows 10.
7:19 - 7:21

so we'll just say next install and say i
7:21 - 7:23

don't have a product key you can close
7:23 - 7:25

this message down here and just pick
7:25 - 7:27

windows 10 pro and say next and we'll
7:27 - 7:30

say accept say next and say custom and
7:30 - 7:33

then this is our blank hard drive so
7:33 - 7:34

click on that the only one you can click
7:34 - 7:36

and just say next and then this will
7:36 - 7:37

take some time to install too so i'll
7:37 - 7:39

kind of come back when one of these
7:39 - 7:40

finishes cool so it looks like both
7:40 - 7:42

finished now i'll just finish setting up
7:42 - 7:46

the vm i will say yes and us and skip
7:46 - 7:48

and for nessus we'll just kind of uh
7:48 - 7:49

we'll close this thing here and then
7:49 - 7:51

we'll we'll just kind of wait on this
7:51 - 7:53

until we finish setting up the virtual
7:53 - 7:54

machine
7:54 - 7:57

and we'll say set up for personal use
7:57 - 8:00

next and then we'll say offline account
8:00 - 8:03

limited experience and then just name
8:03 - 8:06

i don't know just name it like admin and
8:06 - 8:08

put make a password but just remember
8:08 - 8:10

what it is make it like something simple
8:10 - 8:11

because we're going to use this later
8:11 - 8:12

for the credentialed scans so just
8:12 - 8:14

remember what it is it's troublesome you
8:14 - 8:16

know if you forget it
8:16 - 8:18

just make up make up something for these
8:18 - 8:20

if it asks you this is just like you
8:20 - 8:23

know a junk vm no one cares say no for
8:23 - 8:25

all of these things not now cool okay
8:25 - 8:27

now everything is totally set up we have
8:27 - 8:30

our vm here and then we have our nessus
8:30 - 8:33

essentials set up and ready to go so for
8:33 - 8:35

now we're just going to do a kind of
8:35 - 8:37

basic scan against the virtual machine
8:37 - 8:39

there's we're going to do a credentialed
8:39 - 8:41

scan later which i'll kind of explain
8:41 - 8:42

but i just want to make sure we can scan
8:42 - 8:44

it and make sure we can kind of get some
8:44 - 8:46

kind of result back so before we do that
8:46 - 8:48

i'm going to go to the vm and like get
8:48 - 8:51

the ip address from it so go make sure
8:51 - 8:53

to go to the vm not your actual computer
8:53 - 8:55

but go to the vm click start open up
8:55 - 8:57

command line and then we will type
8:57 - 9:00

ipconfig just to get the ipv4 ip address
9:00 - 9:02

and we're going to ping this from our
9:02 - 9:04

local machine just to make sure that we
9:04 - 9:06

can reach it i guess essentially so open
9:06 - 9:08

up the command like command line on your
9:08 - 9:11

pc and we will just say we'll just ping
9:11 - 9:15

this ip address so we'll just say ping
9:15 - 9:17

10.0.0.189 and then we'll do dash t
9:17 - 9:19

which means like perpetual ping like
9:19 - 9:21

keep going forever until we cancel it
9:21 - 9:23

and we see like it's it's timing out so
9:23 - 9:26

we just have to disable the firewall on
9:26 - 9:28

our virtual machine here you might not
9:28 - 9:29

want to do this in production it just
9:29 - 9:30

depends on like what other controls you
9:30 - 9:33

have in place so we will minimize this
9:33 - 9:35

we'll go to our vm here and then we will
9:35 - 9:36

type
9:36 - 9:39

wf.msc it's this windows firewall
9:39 - 9:40

microsoft something console can't
9:40 - 9:42

remember so we'll open the firewall and
9:42 - 9:43

we're just going to do a lot of this
9:43 - 9:45

stuff for our lab so we'll go to
9:45 - 9:47

defender firewall properties and just on
9:47 - 9:49

these first three tabs we'll just turn
9:49 - 9:50

all three of them off like domain
9:50 - 9:52

profile off private profile off public
9:52 - 9:54

profile off and we'll just say okay here
9:54 - 9:56

the firewall is off and then we notice
9:56 - 9:58

that the ping is kind of going through
9:58 - 10:00

on our our local computer here so we can
10:00 - 10:02

press control c to cancel this and we'll
10:02 - 10:04

just copy this ip address this is the ip
10:04 - 10:06

address of our vm we will close this and
10:06 - 10:09

then this is um our nessus essentials
10:09 - 10:11

essentially it's it's like a web app
10:11 - 10:13

essentially so we'll go back to this and
10:13 - 10:15

then we're going to create a new scan so
10:15 - 10:17

we'll just do a basic network scan here
10:17 - 10:19

and so we'll just name it like i don't
10:19 - 10:22

know windows 10 single host something
10:22 - 10:23

like this and then for targets we'll
10:23 - 10:25

just paste this is our our virtual
10:25 - 10:27

machine's ip address so we'll just kind
10:27 - 10:28

of paste it in here we don't really need
10:28 - 10:30

to change anything else on here we're
10:30 - 10:32

just going to do like a manual scan but
10:32 - 10:33

you you know take note that you can do
10:33 - 10:35

like a scheduled scan if you're working
10:35 - 10:36

in an organization you want to scan like
10:36 - 10:38

every x days or like every tuesday or
10:38 - 10:40

something like this or scan common ports
10:40 - 10:42

support scan all ports obviously all
10:42 - 10:43

ports going to take longer you can
10:43 - 10:45

customize it there's a bunch of settings
10:45 - 10:46

that you can kind of explore in here on
10:46 - 10:49

your own and there is um there's also
10:49 - 10:51

this credentials page which we'll get
10:51 - 10:53

into in a little bit but basically you
10:53 - 10:54

can we won't do this yet but you can
10:54 - 10:56

enter credentials in here like the
10:56 - 10:58

username and password that we made when
10:58 - 11:00

we created the virtual machine and then
11:00 - 11:02

the scanner will kind of go into the
11:02 - 11:04

machine more deeply and like look
11:04 - 11:05

through the registry and the file system
11:05 - 11:07

and like more things and the reason for
11:07 - 11:09

this is you can kind of discover more
11:09 - 11:11

vulnerabilities if you have like
11:11 - 11:13

deprecated software or insecure services
11:13 - 11:14

or something like this running
11:14 - 11:17

this is what this kind of credential the
11:17 - 11:19

credentials page is for but right now
11:19 - 11:21

we're just going to do like a basic
11:21 - 11:22

network kind of port scan it's not going
11:22 - 11:24

to be too deep just want to make sure we
11:24 - 11:25

can scan it and get some kind of
11:25 - 11:27

information back so we have our ip
11:27 - 11:31

address and we will just say save we'll
11:31 - 11:33

remove this credentials oops and then
11:33 - 11:36

just say save and then this is our this
11:36 - 11:38

is our scan um it's not running it's
11:38 - 11:39

just kind of like a scan that's
11:39 - 11:41

configured that we can run in the future
11:41 - 11:42

so we'll just go ahead and click launch
11:42 - 11:44

now and launch the scan and i believe
11:44 - 11:46

you can you can kind of sometimes see
11:46 - 11:48

the progress of it like if you click it
11:48 - 11:51

you can see you know what it has done so
11:51 - 11:53

far it makes like little logs and then
11:53 - 11:55

the findings will kind of be on this
11:55 - 11:56

page but we can just go back click back
11:56 - 11:58

to my host and then back to my scans and
11:58 - 12:00

we'll just kind of wait for this to
12:00 - 12:02

finish cool so we can now see that our
12:02 - 12:04

scan has finished over here um says like
12:04 - 12:06

today and there's like a check mark so
12:06 - 12:08

we can just kind of click this to look
12:08 - 12:10

at the individual results for it and you
12:10 - 12:12

can see like down here like blue is info
12:12 - 12:15

green is low medium it's yellow etc and
12:15 - 12:16

depending on the organization you work
12:16 - 12:18

for like a lot of people a lot of orgs
12:18 - 12:20

like won't even depending on what they
12:20 - 12:22

are a lot of orgs won't even like really
12:22 - 12:24

touch medium or lows because they have
12:24 - 12:25

like so many criticals and highs that
12:25 - 12:27

kind of take precedence and because we
12:27 - 12:29

didn't use any credentials for our scan
12:29 - 12:32

we don't really see that much of what
12:32 - 12:34

might be actually vulnerable inside the
12:34 - 12:35

vm but we do see like some things here
12:35 - 12:36

so we can click we can click
12:36 - 12:38

vulnerabilities up here and just kind of
12:38 - 12:40

look through these a tiny bit we can see
12:40 - 12:42

like smb signing is not required if
12:42 - 12:44

that's something that your org cares
12:44 - 12:46

about you can kind of read about it here
12:46 - 12:48

more and consider like implementing
12:48 - 12:50

implement implementing the solution to
12:50 - 12:52

kind of remediate this vulnerability
12:52 - 12:54

there's other kind of interesting things
12:54 - 12:56

in here trace route information it's
12:56 - 12:58

listed as info means it means it's not
12:58 - 13:00

could not necessarily be a vulnerability
13:00 - 13:02

but just something you should be aware
13:02 - 13:04

of that you can see tracer information
13:04 - 13:06

which means like icmp is
13:06 - 13:09

accepted on this on this particular host
13:09 - 13:11

and down here we can see
13:11 - 13:13

target credential status by
13:13 - 13:15

authentication protocol and it says like
13:15 - 13:16

nessus was not able to successfully
13:16 - 13:18

authenticate to the remote target
13:18 - 13:19

because we didn't actually provide any
13:19 - 13:21

credentials and we can see that down
13:21 - 13:24

here um smb was detected on port 445
13:24 - 13:26

means it's listening on 445 but we
13:26 - 13:28

didn't provide any credentials that's a
13:28 - 13:29

kind of vulnerability that's a
13:29 - 13:31

vulnerability scan some basic results so
13:31 - 13:33

the next thing we're going to do is
13:33 - 13:35

we're going to we're going to set up the
13:35 - 13:37

virtual machine to be able to accept
13:37 - 13:39

authenticated scans and then we're going
13:39 - 13:40

to provide some credentials to nessus
13:40 - 13:42

and then we're going to try to rescan
13:42 - 13:44

the virtual machine with credentials and
13:44 - 13:46

then kind of compare the results of the
13:46 - 13:47

new scan which with these ones that
13:47 - 13:49

we're looking at here so we'll go back
13:49 - 13:52

to my scans actually we'll go back to
13:52 - 13:54

the virtual machine here and then we'll
13:54 - 13:55

open up
13:55 - 13:57

services.msc and there may be better
13:57 - 13:58

ways to do what i'm doing like
13:58 - 14:00

especially if you're in like a corporate
14:00 - 14:02

environment um i got these steps from
14:02 - 14:04

nessus the things that they recommend to
14:04 - 14:06

actually do credentialed scans against
14:06 - 14:09

windows hosts that are not on the domain
14:09 - 14:10

so that's that's kind of what we're
14:10 - 14:12

using here so i'm just going to first
14:12 - 14:14

i'm going to enable the remote registry
14:14 - 14:16

remote registry which will allow the
14:16 - 14:18

scanner to connect to this computer's
14:18 - 14:19

registry and like kind of crawl through
14:19 - 14:21

the registry and look for insecure
14:21 - 14:23

configurations like maybe deprecated
14:23 - 14:25

cypher suites that might be enabled you
14:25 - 14:26

kind of enable and disable those in the
14:26 - 14:28

registry so i'm just going to enable
14:28 - 14:31

remote registry so our scanner can
14:31 - 14:33

connect to the registry so i enabled it
14:33 - 14:35

and i turned it on and then next we're
14:35 - 14:36

going to be careful when you close this
14:36 - 14:38

you don't close the actual vm i'm just
14:38 - 14:40

closing like the window inside i'll
14:40 - 14:42

close the firewall and next thing i'll
14:42 - 14:45

enable file and printer sharing so oh it
14:45 - 14:47

looks like it's possibly already on turn
14:47 - 14:49

on sharing so anyone with network uh i
14:49 - 14:51

don't think public folder sharing needs
14:51 - 14:53

to be on i was going to turn this on but
14:53 - 14:54

it looks like it's on already turn on
14:54 - 14:56

network discovery file and printer
14:56 - 14:57

sharing oh looks like it's already on if
14:57 - 14:59

yours are not on just make sure to turn
14:59 - 15:01

the file and printer printer sharing on
15:01 - 15:03

and then we will go to user account
15:03 - 15:06

control and this is not good to do um
15:06 - 15:08

but our computer is not on the domain so
15:08 - 15:10

we have to do these kind of hack things
15:10 - 15:12

to be able to scan it so i'll disable
15:12 - 15:14

this say okay so yes and then we're
15:14 - 15:16

going to open the registry and then
15:16 - 15:18

add a key that's supposed to allow the
15:18 - 15:21

remote account to like connect in and
15:21 - 15:22

next we're going to connect to the
15:22 - 15:23

registry and add a key that's supposed
15:23 - 15:26

to i guess further disable user account
15:26 - 15:28

control for the remote account we're
15:28 - 15:29

going to use it to connect to this
15:29 - 15:32

computer during our scan so just go to
15:32 - 15:33

start and type reg edit again i got this
15:33 - 15:36

documentation from nessus i'll put a
15:36 - 15:37

link to in the description so we will
15:37 - 15:41

browse to a local machine here so we'll
15:41 - 15:44

go to local machine software microsoft
15:44 - 15:48

windows current version policies system
15:48 - 15:51

and then inside here we'll create a
15:51 - 15:54

d word called local account token filter
15:54 - 15:56

policy so
15:56 - 16:00

local account token filter policy local
16:00 - 16:02

account token filter policy say enter
16:02 - 16:05

and then we'll set this value to 1 and
16:05 - 16:06

we'll close this and we'll go ahead and
16:06 - 16:08

restart our virtual machine at this
16:08 - 16:09

point cool and then we'll log in
16:09 - 16:11

remember our username i made mine admin
16:11 - 16:13

and then whatever your password is just
16:13 - 16:15

make sure you don't forget it and we
16:15 - 16:18

should be ready to scan our computer now
16:18 - 16:19

we're going to edit the scan that we
16:19 - 16:22

made so go back to nessus essentials and
16:22 - 16:25

then we will oh so check this box next
16:25 - 16:27

to the scan and go to more and then go
16:27 - 16:29

to configure and then we're going to add
16:29 - 16:30

a set of credentials to this and we're
16:30 - 16:32

going to add a windows credentials so
16:32 - 16:34

we're going to use password and remember
16:34 - 16:36

our username is admin so if you go to
16:36 - 16:39

the vm and go to cm cmd and type like
16:39 - 16:41

who am i um the name is the name is
16:41 - 16:44

admin right so we'll say admin and then
16:44 - 16:46

whatever you made the password and i
16:46 - 16:47

believe
16:47 - 16:48

i believe we can like leave all these
16:48 - 16:50

things as default if it breaks i mean
16:50 - 16:52

maybe we can come back and configure or
16:52 - 16:53

if it doesn't work we can check it so
16:53 - 16:56

we'll save this as it is so saved and
16:56 - 16:59

we'll go back and back to scans and then
16:59 - 17:01

we'll we'll run this scan one more time
17:01 - 17:03

when this finishes we'll compare the
17:03 - 17:05

results with the first scan and
17:05 - 17:06

technically we should see more results
17:06 - 17:08

with this one because we enabled
17:08 - 17:09

credentialed scanning and we kind of
17:09 - 17:12

configured the vm to accept remote scan
17:12 - 17:14

so we'll see what happens so i'll just
17:14 - 17:16

pause this and i'll come back i'll pause
17:16 - 17:17

the video and come back when it finishes
17:17 - 17:19

okay it's been a few minutes and it
17:19 - 17:21

looks like our scan is finished here so
17:21 - 17:23

we will click on this and we can see
17:23 - 17:25

like immediately remember last time we
17:25 - 17:27

we had like one medium and a bunch of
17:27 - 17:29

infos now we have like seven criticals
17:29 - 17:32

38 highs and you know four mediums and a
17:32 - 17:34

whole bunch more infos it's pretty
17:34 - 17:36

interesting so before we like really
17:36 - 17:37

dive into the vulnerabilities and all
17:37 - 17:39

this i'll just click on history over
17:39 - 17:41

here really quick and this is the
17:41 - 17:42

current one and you can see the
17:42 - 17:44

vulnerabilities down here um you can see
17:44 - 17:46

you know five percent criticals etc and
17:46 - 17:47

then if we click on our first scan we
17:47 - 17:49

can see like we didn't use credentials
17:49 - 17:51

for this so we couldn't look at the file
17:51 - 17:53

system or the registry or any other
17:53 - 17:55

running services or or any of that so
17:55 - 17:56

you can see this there's like a big
17:56 - 17:58

difference in doing credentialed scan
17:58 - 18:00

versus like uncredentialed scans so this
18:00 - 18:02

kind of like solidifies the importance
18:02 - 18:04

of running credential scans whether or
18:04 - 18:06

not you're like scanning cisco devices
18:06 - 18:08

or like linux machines or like windows
18:08 - 18:10

machines or macs or whatever if you can
18:10 - 18:13

use credentials um you can really like
18:13 - 18:15

discover more vulnerabilities so i'll
18:15 - 18:16

just click on the vulnerabilities tab
18:16 - 18:18

here first and we'll just kind of like
18:18 - 18:20

look at these a little bit we can see
18:20 - 18:22

like um this this is essentially the
18:22 - 18:24

list of findings and some of the these
18:24 - 18:26

are mixed so if we click on this for
18:26 - 18:28

example we can see it's like a
18:28 - 18:30

combination of like mostly criticals and
18:30 - 18:31

highs and you can see it's like mostly
18:31 - 18:34

edge mostly edge which can probably be
18:34 - 18:36

remediated from like updating running
18:36 - 18:37

windows updates essentially and you can
18:37 - 18:39

kind of look at these individual ones
18:39 - 18:42

and and dive uh more deep into them to
18:42 - 18:43

see like what the actual thing is and
18:43 - 18:45

like how to fix it
18:45 - 18:47

uh so we can go back a little bit we'll
18:47 - 18:48

back up a little bit more so
18:48 - 18:50

vulnerabilities around edge around
18:50 - 18:52

windows around a bunch of other stuff um
18:52 - 18:54

if we click on remediations this tab
18:54 - 18:56

kind of gives us like a high level like
18:56 - 18:58

instructions on how to like remediate
18:58 - 19:00

most of the findings from like a really
19:00 - 19:02

high level basically just like run
19:02 - 19:03

windows updates is what i'm is what i'm
19:03 - 19:05

seeing here um so security updates
19:05 - 19:07

install this kb to fix a bunch of other
19:07 - 19:09

ones and then all this is pretty much
19:09 - 19:11

windows updates and this vpr top threats
19:11 - 19:14

these vpr vpr top threats is essentially
19:14 - 19:16

what tenable is like recommending we
19:16 - 19:18

prioritize to remediate probably based
19:18 - 19:21

on um cvss score and like whatever other
19:21 - 19:25

metrics they use so like i would say um
19:25 - 19:26

before like if i were
19:26 - 19:28

doing this in like a an organization
19:28 - 19:30

like the first thing you want to do is
19:30 - 19:31

like make sure you have third-party
19:31 - 19:34

patching and like windows os patching
19:34 - 19:36

like set up properly and like properly
19:36 - 19:37

being like tested and deployed on
19:37 - 19:39

regular intervals so you don't have to
19:39 - 19:41

like kind of go through and deal with
19:41 - 19:43

these like individual vulnerabilities
19:43 - 19:45

the related that are related to things
19:45 - 19:47

that can be easily fixed by like augment
19:47 - 19:49

automated patching and stuff like this
19:49 - 19:52

so before um i start like
19:52 - 19:54

remediating these and fixing them i'm
19:54 - 19:56

gonna install some like deprecated
19:56 - 19:58

software on this computer like a really
19:58 - 20:00

old version of firefox and then we're
20:00 - 20:02

gonna kind of run another scan and then
20:02 - 20:04

observe the results from that as well so
20:04 - 20:05

i'm gonna get this old version of
20:05 - 20:07

firefox i'll put a i'll put a link to it
20:07 - 20:09

in the description i was gonna say i'm
20:09 - 20:11

worried about doing that but i'll put a
20:11 - 20:12

link to it in the description it's
20:12 - 20:14

really old from six years ago apparently
20:14 - 20:17

so we'll just download this uh firefox
20:17 - 20:19

3612. and make sure to do this make sure
20:19 - 20:20

you're doing this in the virtual machine
20:20 - 20:22

don't accidentally do it on your on your
20:22 - 20:25

computer and that's
20:25 - 20:27

what i'm actually doing so make sure to
20:27 - 20:29

go to the virtual machine so we'll open
20:29 - 20:31

up edge in our virtual machine and then
20:31 - 20:34

we'll paste oh no i can't paste it i'm
20:34 - 20:35

just gonna search like download
20:35 - 20:37

deprecated firefox i shouldn't i
20:37 - 20:39

shouldn't use the word deprecated i'll
20:39 - 20:42

say download old firefox and
20:42 - 20:44

i think i can click here and do it if
20:44 - 20:46

you want to downgrade directory i'll go
20:46 - 20:48

to directory of all old ones and then
20:48 - 20:50

i'll get 3612. this is random by the way
20:50 - 20:52

you can get any old version that you
20:52 - 20:54

want i'm just using this one because i i
20:54 - 20:58

did it already um win32 uh en us and
20:58 - 21:00

i'll get this so we'll open this and
21:00 - 21:02

then install this super old version of
21:02 - 21:06

firefox we'll say next standard sure and
21:06 - 21:08

then sure we can launch it i guess uh
21:08 - 21:11

yeah why not cool so this is old old
21:11 - 21:14

firefox so now we have an old firefox on
21:14 - 21:15

our computer so we'll close this this is
21:15 - 21:17

our virtual machine remember here's
21:17 - 21:19

firefox and then so we will go back to
21:19 - 21:21

our scans here this is on our host
21:21 - 21:23

machine and this is nessus so we'll go
21:23 - 21:24

back to our scans and we don't need to
21:24 - 21:26

change our scan anymore we'll just click
21:26 - 21:29

launch and it will just run another scan
21:29 - 21:31

it will do the same thing scan all scan
21:31 - 21:32

the common open ports inspect the
21:32 - 21:35

registry inspect the services and then
21:35 - 21:37

inspect the file system it's going to
21:37 - 21:39

discover this old deprecated version of
21:39 - 21:41

firefox there's like a million
21:41 - 21:43

vulnerabilities in it probably so
21:43 - 21:44

hopefully we'll we'll see that reflected
21:44 - 21:46

in the scan results when this finishes
21:46 - 21:48

here in a couple of minutes okay it's
21:48 - 21:50

been a couple more minutes and our scan
21:50 - 21:51

is finished so we can click on this
21:51 - 21:53

again and we'll see like our our
21:53 - 21:56

vulnerabilities like went up to 68
21:56 - 21:57

critical now so before we kind of dive
21:57 - 21:58

into these again we'll check out the
21:58 - 22:00

history just so we can see like a trend
22:00 - 22:02

in these so this is the first one in the
22:02 - 22:04

bottom here we can see only info no
22:04 - 22:06

credentials provided second one is our
22:06 - 22:08

credentials provided and we you know we
22:08 - 22:10

have a little bit more we have some
22:10 - 22:12

criticals discovered in some highs and
22:12 - 22:14

then we installed firefox like a really
22:14 - 22:16

old one and then this is our current
22:16 - 22:19

scan there's like a bunch more criticals
22:19 - 22:21

whole bunch of criticals so we'll go to
22:21 - 22:24

the um rem the vulnerabilities tab here
22:24 - 22:26

and then we can kind of see this one at
22:26 - 22:28

the very top mixed with firefox and
22:28 - 22:31

total count of like 141 so if we click
22:31 - 22:33

on this it's just absolutely chuck full
22:33 - 22:35

of criticals just because that version
22:35 - 22:37

of firefox is like so old it has so many
22:37 - 22:38

vulnerabilities and it's not like you
22:38 - 22:40

have to like go through like fix each
22:40 - 22:41

one of these one at a time you can
22:41 - 22:43

either just like upgrade firefox to the
22:43 - 22:45

latest one or just like completely
22:45 - 22:46

uninstall it and it will remediate the
22:46 - 22:48

vulnerabilities so we can click
22:48 - 22:49

remediations we pretty much see the same
22:49 - 22:52

thing as last time except for um at the
22:52 - 22:54

very top now we have a recommendation to
22:54 - 22:57

upgrade firefox and then again this vpr
22:57 - 22:59

top threats we have this uh kind of
22:59 - 23:02

firefox in here again history first scan
23:02 - 23:04

no credentials second credentials
23:04 - 23:06

default windows install third scan
23:06 - 23:08

firefox old firefox whole bunch of whole
23:08 - 23:10

bunch of vulnerabilities that need to be
23:10 - 23:12

remediated so the next step we're going
23:12 - 23:14

to we're just going to try to remediate
23:14 - 23:16

as many of these vulnerabilities as we
23:16 - 23:18

can by doing like really simple things
23:18 - 23:19

like we're just going to uninstall
23:19 - 23:21

firefox totally and then we're going to
23:21 - 23:23

just essentially like run windows
23:23 - 23:25

updates until there's no more updates to
23:25 - 23:27

that need to happen essentially so we'll
23:27 - 23:29

go to our virtual machine here and then
23:29 - 23:32

we can go to appwiz.cpl that's like a
23:32 - 23:34

kind of shortcut to go to the this thing
23:34 - 23:36

so we can go to firefox i'm just going
23:36 - 23:38

to uninstall it to be honest uninstall
23:38 - 23:40

firefox and then i'll go to windows
23:40 - 23:42

update and let's see
23:42 - 23:44

i guess i'll just manually check for
23:44 - 23:46

updates i'll leave the settings to like
23:46 - 23:47

whatever they are and then you can do
23:47 - 23:49

this too just keep like running windows
23:49 - 23:50

updates and res you might have to like
23:50 - 23:51

restart and then run it again then
23:51 - 23:54

restart and run it again i'll pause this
23:54 - 23:55

and i'll i'll just kind of like let the
23:55 - 23:57

updates happen then i'll come back to it
23:57 - 23:59

again okay it updated for a while and
23:59 - 24:00

it's asking for a restart so just go
24:00 - 24:03

ahead and restart and repeat the process
24:03 - 24:06

okay when it comes back up just go ahead
24:06 - 24:08

and log in again and go to up windows
24:08 - 24:10

updates again and just click check for
24:10 - 24:13

updates one more time just to make sure
24:13 - 24:14

okay it looks like it's installing some
24:14 - 24:16

more so i'll go ahead and pause this and
24:16 - 24:18

kind of let this continue so it actually
24:18 - 24:20

looks like the updates are done so we'll
24:20 - 24:22

go back to nessus go back to my scans
24:22 - 24:25

and we'll run our scan one more time so
24:25 - 24:27

we should expect to see a lot of the
24:27 - 24:29

remediations done there should be a lot
24:29 - 24:30

less highs and criticals like firefox
24:30 - 24:32

should be gone like all the windows
24:32 - 24:34

updates should be no longer required but
24:34 - 24:36

we will let this finish and then check
24:36 - 24:38

it out in a couple of minutes or for you
24:38 - 24:39

it will be instantly because i'll edit
24:39 - 24:41

this out so our last scan has finally
24:41 - 24:44

finished so let's check this out so
24:44 - 24:45

we'll click on this and before we like
24:45 - 24:47

really dive in deep we can kind of see
24:47 - 24:48

there's some some highs and some
24:48 - 24:50

criticals and highs but we'll go to
24:50 - 24:52

history over here and this is our
24:52 - 24:54

current scan and this is the last scan
24:54 - 24:56

right here before we uninstalled firefox
24:56 - 24:59

and before we updated windows so we can
24:59 - 25:00

see there's quite a bit more mediums
25:00 - 25:02

quite a bit more sorry there's quite a
25:02 - 25:03

bit more criticals quite a bit more
25:03 - 25:06

highs so current after after removing
25:06 - 25:07

firefox and running windows updates and
25:07 - 25:10

then b4 so there's quite a bit less and
25:10 - 25:13

this this scan right here this is the
25:13 - 25:15

default install of windows and then this
25:15 - 25:17

is the current one after updating
25:17 - 25:19

windows so current or default and then
25:19 - 25:20

current so we can kind of dive into
25:20 - 25:22

these like a little bit it looks like
25:22 - 25:25

the remaining vulnerabilities um most of
25:25 - 25:27

them are around microsoft edge it looks
25:27 - 25:29

like maybe windows update didn't update
25:29 - 25:31

edge for some reason uh we can check
25:31 - 25:34

this one a bunch of highs um i can't
25:34 - 25:36

read these microsoft 3d viewer base 3d
25:36 - 25:38

code something maybe this is some like
25:38 - 25:40

native app that's installed oh yeah it
25:40 - 25:42

is so it looks like there's some like
25:42 - 25:44

random stuff that's still on this
25:44 - 25:46

virtual machine that maybe it's like out
25:46 - 25:48

of date or or something like this and
25:48 - 25:49

you can just kind of look through this i
25:49 - 25:51

won't like do any further remediations
25:51 - 25:53

because this video is getting kind of
25:53 - 25:55

long so but maybe you could consider
25:55 - 25:57

you know figuring out exactly like how
25:57 - 25:59

to update microsoft edge or like
25:59 - 26:01

uninstall it if you're allowed to do
26:01 - 26:02

that like i don't know but yeah it's
26:02 - 26:04

pretty interesting um to kind of
26:04 - 26:05

experiment with this and like install
26:05 - 26:07

like really old stuff or me maybe even
26:07 - 26:09

like get a hold of like a windows xp iso
26:09 - 26:12

and install windows xp right and scan
26:12 - 26:14

that and see what kind of like swiss
26:14 - 26:16

cheese scan results like come back it's
26:16 - 26:18

like going to be absolutely full of
26:18 - 26:20

holes but yeah that is vulnerability
26:20 - 26:21

management those are kind of like the
26:21 - 26:23

really kind of the core components of
26:23 - 26:24

vulnerability management just like
26:24 - 26:26

scanning and remediating scanning and
26:26 - 26:28

remediating but you know a lot more goes
26:28 - 26:29

into it because you have to have like
26:29 - 26:30

you know when you work at a big
26:30 - 26:32

organization you usually will make some
26:32 - 26:34

kind of standard and like policies and
26:34 - 26:36

procedures and you have to kind of bring
26:36 - 26:38

all the departments in and work with the
26:38 - 26:39

individual groups to like get
26:39 - 26:41

credentials for all their individual
26:41 - 26:43

resources or maybe you use like a domain
26:43 - 26:45

account to scan everything and it it
26:45 - 26:46

gets a little bit more complicated when
26:46 - 26:48

you're in a large organization but this
26:48 - 26:50

is this is pretty much the guts of it
26:50 - 26:51

just like scanning stuff finding
26:51 - 26:53

vulnerabilities and then essentially
26:53 - 26:55

remediating them you want to automate it
26:55 - 26:57

as much of it as you can as possible
26:57 - 26:59

like like updating like the third-party
26:59 - 27:01

apps like windows update and in this
27:01 - 27:03

kind of thing and you want to have like
27:03 - 27:04

a secure build standard so like make
27:04 - 27:06

sure the build is like already like
27:06 - 27:09

remediated and like secure enough before
27:09 - 27:10

it goes into production to kind of
27:10 - 27:12

reduce the amount of vulnerabilities
27:12 - 27:13

that get introduced but now that you've
27:13 - 27:14

kind of like watched this you have a
27:14 - 27:16

pretty good idea i would say of how
27:16 - 27:18

vulnerability management works so you
27:18 - 27:20

can you know practice this a bunch and
27:20 - 27:21

consider like reading up on how to
27:21 - 27:23

implement vulnerability management on
27:23 - 27:24

like a large organization then you can
27:24 - 27:26

like put something on your resume that
27:26 - 27:28

might look something like this and then
27:28 - 27:30

go ahead and start applying to jobs that
27:30 - 27:31

are looking for like vulnerability
27:31 - 27:33

management engineers or vulnerability
27:33 - 27:35

management analysts or like whatever
27:35 - 27:36

they're calling him because it's a
27:36 - 27:37

relatively like straightforward process
27:37 - 27:39

it's pretty easy technically speaking
27:39 - 27:41

like the hard part about vulnerability
27:41 - 27:43

vulnerability management usually comes
27:43 - 27:44

from like dealing with the humans and
27:44 - 27:46

like getting everyone to like coordinate
27:46 - 27:48

that's like really difficult yeah i hope
27:48 - 27:49

you enjoyed this um you thought if you
27:49 - 27:51

thought it was interesting you know i'd
27:51 - 27:53

appreciate if you liked and consider
27:53 - 27:54

subscribing and if you have any
27:54 - 27:56

questions or comments criticism please
27:56 - 27:57

like let me know in the comment section
27:57 - 27:59

i 100 read all the comments every time i
27:59 - 28:01

respond to everybody's comment if you
28:01 - 28:02

feel like supporting me i do have a
28:02 - 28:04

patreon but other than that thank you so
28:04 - 28:06

much for watching and we will see you in
28:06 - 28:09

the next video bye
28:10 - 28:20

[Music]
28:20 - 28:23

you

Title:: Nessus Tutorial for Beginners: Vulnerability Management (PUT THIS ON YOUR RESUME!)
Description:: more » « less
Video Language:: English
Duration:: 28:21

	OEVIDEOS edited English subtitles for Nessus Tutorial for Beginners: Vulnerability Management (PUT THIS ON YOUR RESUME!)
	OEVIDEOS edited English subtitles for Nessus Tutorial for Beginners: Vulnerability Management (PUT THIS ON YOUR RESUME!)
	OEVIDEOS edited English subtitles for Nessus Tutorial for Beginners: Vulnerability Management (PUT THIS ON YOUR RESUME!)
	OEVIDEOS edited English subtitles for Nessus Tutorial for Beginners: Vulnerability Management (PUT THIS ON YOUR RESUME!)
	OEVIDEOS edited English subtitles for Nessus Tutorial for Beginners: Vulnerability Management (PUT THIS ON YOUR RESUME!)
	OEVIDEOS edited English subtitles for Nessus Tutorial for Beginners: Vulnerability Management (PUT THIS ON YOUR RESUME!)
	OEVIDEOS edited English subtitles for Nessus Tutorial for Beginners: Vulnerability Management (PUT THIS ON YOUR RESUME!)
	OEVIDEOS edited English subtitles for Nessus Tutorial for Beginners: Vulnerability Management (PUT THIS ON YOUR RESUME!)

English subtitles

Revisions Compare revisions

Revision 8 Edited

OEVIDEOS
Revision 7 Edited

OEVIDEOS
Revision 6 Edited

OEVIDEOS
Revision 5 Edited

OEVIDEOS
Revision 4 Edited

OEVIDEOS
Revision 3 Edited

OEVIDEOS
Revision 2 Edited

OEVIDEOS
Revision 1 Uploaded

OEVIDEOS

	Revision Number	Author	Created
	8	OEVIDEOS
	7	OEVIDEOS
	6	OEVIDEOS
	5	OEVIDEOS
	4	OEVIDEOS
	3	OEVIDEOS
	2	OEVIDEOS
	1	OEVIDEOS

Nessus Tutorial for Beginners: Vulnerability Management (PUT THIS ON YOUR RESUME!)

Revisions Compare revisions

Our website uses cookies

Operating cookies (Required)