Nessus Tutorial for Beginners: Vulnerability Management (PUT THIS ON YOUR RESUME!)

Edit subtitles

0:00 - 0:02

Hey everybody, Josh here. Welcome back to
0:02 - 0:04

my channel. I do a lot of videos on IT
0:04 - 0:06

cyber security education and career
0:06 - 0:08

things, and today's video is going to be
0:08 - 0:09

on vulnerability management. We're
0:09 - 0:10

actually going to be doing a
0:10 - 0:12

vulnerability management lab where we
0:12 - 0:14

install Nessus Essentials and we install
0:14 - 0:16

VMware Workstation Player, and set up
0:16 - 0:18

Windows 10 inside of a VM, install some
0:18 - 0:20

old deprecated software on it, and then
0:20 - 0:21

we're going to be doing some
0:21 - 0:23

vulnerability scans against that virtual
0:23 - 0:25

machine to kind of discover any
0:25 - 0:26

vulnerabilities that might be on there,
0:26 - 0:27

and then we're going to go ahead and
0:27 - 0:29

remediate one or two of those just so we
0:29 - 0:31

can kind of observe what's happening. I
0:31 - 0:33

figured this would be a good video to do
0:33 - 0:34

because there's like quite a few
0:34 - 0:36

vulnerability management jobs on
0:36 - 0:38

LinkedIn and I've gotten a
0:38 - 0:40

lot of spam from recruiters for these
0:40 - 0:42

type of positions, and actually the last
0:42 - 0:43

real job I had I was a vulnerability
0:43 - 0:45

management program manager for King
0:45 - 0:47

County here in Washington State so I
0:47 - 0:50

kind of did this on an ongoing basis for
0:50 - 0:51

a while. Basically what vulnerability
0:51 - 0:53

management is continuously assessing
0:53 - 0:55

your assets, discovering vulnerabilities,
0:55 - 0:58

remediating them to an acceptable risk,
0:58 - 0:59

and then kind of starting the process
0:59 - 1:01

over and over again to kind of make sure
1:01 - 1:03

the risk in the whole organization is
1:03 - 1:05

low or at least an acceptable level. So I
1:05 - 1:07

think if you kind of watch this video
1:07 - 1:09

and practice it a few times, you can get
1:09 - 1:11

pretty good at it and get an idea of how
1:11 - 1:13

vulnerability management might work in
1:13 - 1:15

like a larger corporation. This is
1:15 - 1:16

definitely something you can put on your
1:16 - 1:20

resume. It might look something like this.
1:22 - 1:24

So it will definitely help you out. So
1:24 - 1:25

yeah, if you're excited to learn
1:25 - 1:26

vulnerability management, consider
1:26 - 1:28

smashing that like button and let's get
1:28 - 1:30

started. So the first thing we're going
1:30 - 1:31

to do is go ahead and
1:31 - 1:34

download and install VMware Player. Now
1:34 - 1:35

you probably want to have like a
1:35 - 1:38

semi-decent computer to be able
1:38 - 1:39

to do this, maybe like at least eight
1:39 - 1:41

gigabytes of ram and maybe dual core
1:41 - 1:43

or something. But if you don't know about
1:43 - 1:45

any of that, just try to go ahead and do
1:45 - 1:47

it, and if something fails, then it fails.=
1:47 - 1:48

I suppose. But go ahead and download
1:48 - 1:50

VMware Player. I'll put a link to this in
1:50 - 1:52

the description. Just download
1:52 - 1:54

for Windows. I'm not gonna do it again
1:54 - 1:55

because I already have it, but just go
1:55 - 1:56

ahead and like click this, download it,
1:56 - 1:58

and install it. You can see mine started
1:58 - 1:59

downloading, I'm just going to go ahead
1:59 - 2:01

and cancel this. And then while you're
2:01 - 2:02

waiting for VMware Player to download,
2:02 - 2:04

we'll go ahead and download the Windows
2:04 - 2:06

10 ISO. That's basically a file that'll
2:06 - 2:08

let us install Windows 10 onto our
2:08 - 2:10

virtual machine. So again, I'll put a link
2:10 - 2:12

to this in the description as well, but
2:12 - 2:14

just go ahead and go to it, and then
2:14 - 2:16

you'll go to where it says create
2:16 - 2:18

Windows 10 installation media and you'll
2:18 - 2:20

say download tool, and when
2:20 - 2:21

this downloads, just go ahead and open it.
2:21 - 2:23

Don't be surprised if this takes a while
2:23 - 2:24

to like start up and download. So we'll
2:24 - 2:27

just say accept. And then we're going to
2:27 - 2:28

click
2:28 - 2:30

create installation media. We want to get
2:30 - 2:32

an ISO file so we'll say next. This looks
2:32 - 2:35

good. And we're going to say ISO file, be
2:35 - 2:37

sure to select this. And then we'll just
2:37 - 2:39

choose where it goes. I like this nice xp
2:39 - 2:41

pro ISO that I have. Go ahead and put it
2:41 - 2:43

in a folder, just remember what folder
2:43 - 2:45

you put in. So I'll just save it to my C:
2:45 - 2:47

_ISOs folder and then we'll
2:47 - 2:49

wait for this to finish. And while this
2:49 - 2:50

is going, we can actually
2:50 - 2:53

download and install Nessus
2:53 - 2:54

Essentials which is going to
2:54 - 2:56

be the vulnerability scanner that we use
2:56 - 2:58

to actually conduct our scans. So I'll
2:58 - 3:00

put a link to this in the description as
3:00 - 3:02

well, but you can probably find it on google.
3:02 - 3:04

And just basically like fill this thing
3:04 - 3:06

out. After you fill this out, you'll be
3:06 - 3:07

able to download it and it will send
3:07 - 3:09

like a key to your email, so just go
3:09 - 3:11

ahead and- actually I'll just do it. Just
3:11 - 3:14

fill this thing out, cool. So it will send
3:14 - 3:16

an email inside of your email, I can't
3:16 - 3:18

show it because it has a key and like, I
3:18 - 3:20

don't know, so inside of your email
3:20 - 3:21

there'll be like a button that says
3:21 - 3:23

download Nessus and then there will be a
3:23 - 3:25

key. Go ahead and click the button to
3:25 - 3:27

download Nessus and it will take you to
3:27 - 3:28

a page that looks like this, and just
3:28 - 3:30

click on Nessus. And we already have an
3:30 - 3:32

activation code, it should be in your
3:32 - 3:35

email, so we'll pick the one for, this one,
3:35 - 3:37

it says Windows Server 2008 blah blah
3:37 - 3:39

blah, and then it says 10 in here. So
3:39 - 3:41

we'll download this. Just say agree and
3:41 - 3:43

then, you know, download it anywhere. And
3:43 - 3:44

then meanwhile, remember in the
3:44 - 3:46

background, Windows 10 should be still
3:46 - 3:48

downloading. Virtual VMware Player might
3:48 - 3:50

be downloading still too, so we just have
3:50 - 3:51

to install that on your own. I'm not
3:51 - 3:52

going to show it on the screen because I
3:52 - 3:54

already have it installed. Here we are at
3:54 - 3:57

the Tenable setup, so we just say next,
3:57 - 4:00

accept, and just accept this location, and
4:00 - 4:02

then go ahead and install it, and then
4:02 - 4:04

say finish.
4:04 - 4:05

And then it's going to kind of show
4:05 - 4:08

this like socket up here like localhost
4:08 - 4:09

in the port. I would recommend saving
4:09 - 4:11

this URL because it's kind of
4:11 - 4:13

annoying if you lose it, so just save it
4:13 - 4:15

in like a notepad somewhere or something
4:15 - 4:17

like this. And then we'll say connect via
4:17 - 4:19

SSL, and just say advanced, and then say
4:19 - 4:21

proceed. And this takes a while to set up
4:21 - 4:23

the very first time. It has to like
4:23 - 4:25

initialize and install things, and I
4:25 - 4:26

assume, download a whole bunch of
4:26 - 4:28

definitions or something like this, so
4:28 - 4:30

just go get like some coffee or
4:30 - 4:31

something while you wait for
4:31 - 4:33

this to happen because it will take a
4:33 - 4:34

while to do. And we're going to say
4:34 - 4:37

Nessus Essentials. It's essentially free.
4:37 - 4:39

You can read the, I guess, license
4:39 - 4:40

agreement if you want, but we're going to
4:40 - 4:42

install Essentials. And then just fill
4:42 - 4:43

this thing out and we'll get an
4:43 - 4:46

activation code. I believe I have one
4:46 - 4:48

already. It should have emailed it to
4:48 - 4:49

you actually. It should have emailed the
4:49 - 4:52

activation code to you so maybe skip
4:52 - 4:54

this, and then just paste the activation
4:54 - 4:56

code that was in your email
4:56 - 4:58

that you already received, and just
4:58 - 4:59

continue. And then this is where you're
4:59 - 5:01

going to set up a username and password.
5:01 - 5:02

Just make sure you don't forget this. It
5:02 - 5:04

might be troublesome, you know, if you
5:04 - 5:05

forget it, you'll have to reset it or
5:05 - 5:08

something like this. So just set up a
5:08 - 5:10

password, I guess. And this is the part
5:10 - 5:11

that takes a while, so just, you know, go
5:11 - 5:14

get coffee or sandwich or something, and
5:14 - 5:17

we will meet back here. Okay so while
5:17 - 5:18

this is still installing and
5:18 - 5:20

initializing and doing everything that it
5:20 - 5:22

needs to do, let's go ahead and set up
5:22 - 5:23

our virtual machine since this is going
5:23 - 5:25

to take some time anyway. So by now you
5:25 - 5:27

should have downloaded and installed
5:27 - 5:29

VMware Workstation Player. So we'll just
5:29 - 5:32

go ahead and open this up and check on
5:32 - 5:35

your Windows 10 ISO download. It should
5:35 - 5:37

be finished by now as well, maybe it
5:37 - 5:39

looks something like this, and then it
5:39 - 5:40

shows you like where it's at the C: ISO
5:40 - 5:43

Windows dot or yeah, wherever you put
5:43 - 5:44

yours. So just take note of this and
5:44 - 5:46

we'll say finish, cool. And then we're
5:46 - 5:49

going to create a new virtual machine
5:49 - 5:51

inside of VMware Workstation Player.
5:51 - 5:53

We'll go to player and then file and
5:53 - 5:55

then new virtual machine. And then
5:55 - 5:57

for the installer we're going to say
5:57 - 6:00

browse, and then we'll just browse to
6:00 - 6:01

wherever you downloaded the Windows 10
6:01 - 6:03

ISO. So this could probably be named
6:03 - 6:05

something better, but that's okay. So
6:05 - 6:07

we'll say next, and just name this
6:07 - 6:09

something appropriate. This is fine. This
6:09 - 6:11

location's fine. I guess you can change
6:11 - 6:13

it if you want. So we'll say next. Maximum
6:13 - 6:16

disk size, this is fine. We're not
6:16 - 6:17

gonna really put anything on it, I'm just
6:17 - 6:20

gonna set mine at 50. And then we'll
6:20 - 6:22

go to customize hardware, and for memory
6:22 - 6:24

like if you don't know how much RAM you
6:24 - 6:27

have, maybe just like leave this as it is.
6:27 - 6:28

I'm going to increase mine a little bit.
6:28 - 6:30

I'll increase this a little bit. If you
6:30 - 6:32

don't know about your CPU, just leave it
6:32 - 6:34

as is. But we do have to change the
6:34 - 6:36

network adapter. We should change it to
6:36 - 6:38

bridged. Without explaining too deeply,
6:38 - 6:40

bridged kind of puts this virtual machine
6:40 - 6:42

on the same network as your actual
6:42 - 6:45

physical computer, so your nessus
6:45 - 6:47

implementation can talk to the
6:47 - 6:48

virtual machine
6:48 - 6:52

more easily. This looks good. We'll close
6:52 - 6:54

this. And this is good, power on after
6:54 - 6:56

creation, we'll just say finish. Kind of move
6:56 - 6:57

Tenable
6:57 - 6:58

to the side.
6:58 - 7:01

And then after the VM finishes getting
7:01 - 7:03

kind of created, it's going to launch and
7:03 - 7:05

then we're going to have a chance to
7:05 - 7:07

install Windows. Be sure to press any key
7:07 - 7:09

to boot into the ISO when it asks. And if
7:09 - 7:11

your cursor is gone, you can see
7:11 - 7:13

in the lower left it says like press
7:13 - 7:15

control alt to release your cursor, and
7:15 - 7:16

then you can get your cursor back. So
7:16 - 7:19

we're just going to install Windows 10.
7:19 - 7:21

So we'll just say next, install, and say I
7:21 - 7:23

don't have a product key. You can close
7:23 - 7:25

this message down here. And just pick
7:25 - 7:27

Windows 10 Pro and say next, and we'll
7:27 - 7:30

say accept, say next, and say custom, and
7:30 - 7:33

then this is our blank hard drive, so
7:33 - 7:34

click on that. It's the only one you can click
7:34 - 7:36

and just say next. And then this will
7:36 - 7:37

take some time to install too, so I'll
7:37 - 7:39

kind of come back when one of these
7:39 - 7:40

finishes. Cool, so it looks like both
7:40 - 7:42

finished now. I'll just finish setting up
7:42 - 7:46

the VM. I will say yes and US and skip.
7:46 - 7:48

And for Nessus we'll just kind of,
7:48 - 7:49

we'll close this thing here, and then
7:49 - 7:51

we'll just kind of wait on this
7:51 - 7:53

until we finish setting up the virtual
7:53 - 7:54

machine.
7:54 - 7:57

And we'll say set up for personal use,
7:57 - 8:00

and next, and then we'll say offline account,
8:00 - 8:03

limited experience, and then just name,
8:03 - 8:06

I don't know, just name it like admin, and
8:06 - 8:08

make a password, but just remember
8:08 - 8:10

what it is. Make it like something simple
8:10 - 8:11

because we're going to use this later
8:11 - 8:12

for the credentialed scans, so just
8:12 - 8:14

remember what it is. It's troublesome, you
8:14 - 8:16

know, if you forget it.
8:16 - 8:18

Just make up something for these
8:18 - 8:20

if it asks you. This is just like, you
8:20 - 8:23

know, a junk VM, no one cares. Say no for
8:23 - 8:25

all of these things. Not now. Cool, okay.
8:25 - 8:27

Now everything is totally set up. We have
8:27 - 8:30

our VM here and then we have our Nessus
8:30 - 8:33

Essentials set up and ready to go. So for
8:33 - 8:35

now we're just going to do a kind of
8:35 - 8:37

basic scan against the virtual machine.
8:37 - 8:39

There's, we're going to do a credentialed
8:39 - 8:41

scan later which I'll kind of explain,
8:41 - 8:42

but I just want to make sure we can scan
8:42 - 8:44

it and make sure we can kind of get some
8:44 - 8:46

kind of result back. So before we do that,
8:46 - 8:48

I'm going to go to the VM and like get
8:48 - 8:51

the IP address from it. So go, make sure
8:51 - 8:53

to go to the VM, not your actual computer,
8:53 - 8:55

but go to the VM. Click start, open up
8:55 - 8:57

command line, and then we will type
8:57 - 9:00

ipconfig just to get the IPv4 IP address.
9:00 - 9:02

And we're going to ping this from our
9:02 - 9:04

local machine just to make sure that we
9:04 - 9:06

can reach it, I guess, essentially. So open
9:06 - 9:08

up the command line on your
9:08 - 9:11

PC, and we will just say, we'll just ping
9:11 - 9:15

this IP address. So we'll just say ping
9:15 - 9:17

10.0.0.189 and then we'll do -t
9:17 - 9:19

which means like perpetual ping, like
9:19 - 9:21

keep going forever until we cancel it.
9:21 - 9:23

And we see like it's timing out, so
9:23 - 9:26

we just have to disable the firewall on
9:26 - 9:28

our virtual machine here. You might not
9:28 - 9:29

want to do this in production, it just
9:29 - 9:30

depends on like what other controls you
9:30 - 9:33

have in place. So we will minimize this,
9:33 - 9:35

we'll go to our VM here, and then we will
9:35 - 9:36

type
9:36 - 9:39

wf.msc, it's this Windows firewall
9:39 - 9:40

microsoft something console, can't
9:40 - 9:42

remember. So we'll open the firewall and
9:42 - 9:43

we're just going to do a lot of this
9:43 - 9:45

stuff for our lab. So we'll go to
9:45 - 9:47

defender firewall properties, and just on
9:47 - 9:49

these first three tabs, we'll just turn
9:49 - 9:50

all three of them off. Like domain
9:50 - 9:52

profile off, private profile off, public
9:52 - 9:54

profile off, and we'll just say okay here.
9:54 - 9:56

The firewall is off. And then we notice
9:56 - 9:58

that the ping is kind of going through
9:58 - 10:00

on our local computer here. So we can
10:00 - 10:02

press ctrl c to cancel this. And we'll
10:02 - 10:04

just copy this IP address. This is the IP
10:04 - 10:06

address of our VM. We will close this. And
10:06 - 10:09

then this is our Nessus Essentials.
10:09 - 10:11

Essentially it's like a web app
10:11 - 10:13

essentially, so we'll go back to this and
10:13 - 10:15

then we're going to create a new scan. So
10:15 - 10:17

we'll just do a basic network scan here.
10:17 - 10:19

And so we'll just name it like, I don't
10:19 - 10:22

know, Windows 10 single host, something
10:22 - 10:23

like this. And then for targets we'll
10:23 - 10:25

just paste, this is our virtual
10:25 - 10:27

machine's IP address, so we'll just kind
10:27 - 10:28

of paste it in here. We don't really need
10:28 - 10:30

to change anything else on here. We're
10:30 - 10:32

just going to do like a manual scan, but
10:32 - 10:33

you know, take note that you can do
10:33 - 10:35

like a scheduled scan if you're working
10:35 - 10:36

in an organization, you want to scan like
10:36 - 10:38

every x days or like every Tuesday or
10:38 - 10:40

something like this. Port scan common ports,
10:40 - 10:42

port scan all ports, obviously all
10:42 - 10:43

ports going to take longer, you can
10:43 - 10:45

customize it. There's a bunch of settings
10:45 - 10:46

that you can kind of explore in here on
10:46 - 10:49

your own. And there is, there's also
10:49 - 10:51

this credentials page which we'll get
10:51 - 10:53

into in a little bit, but basically you
10:53 - 10:54

can, we won't do this yet, but you can
10:54 - 10:56

enter credentials in here like the
10:56 - 10:58

username and password that we made when
10:58 - 11:00

we created the virtual machine, and then
11:00 - 11:02

the scanner will kind of go into the
11:02 - 11:04

machine more deeply and like look
11:04 - 11:05

through the registry and the file system
11:05 - 11:07

and like more things. And the reason for
11:07 - 11:09

this is you can kind of discover more
11:09 - 11:11

vulnerabilities if you have like
11:11 - 11:13

deprecated software or insecure services
11:13 - 11:14

or something like this running.
11:14 - 11:17

This is what this kind of credentialed, the
11:17 - 11:19

credentials page, is for. But right now
11:19 - 11:21

we're just going to do like a basic
11:21 - 11:22

network kind of port scan. It's not going
11:22 - 11:24

to be too deep. Just want to make sure we
11:24 - 11:25

can scan it and get some kind of
11:25 - 11:27

information back. So we have our IP
11:27 - 11:31

address and we will just say save. We'll, oh,
11:31 - 11:33

remove this credentials, oops. And then
11:33 - 11:36

just say save. And then this is our, this
11:36 - 11:38

is our scan. It's not running, it's
11:38 - 11:39

just kind of like a scan that's
11:39 - 11:41

configured that we can run in the future,
11:41 - 11:42

so we'll just go ahead and click launch
11:42 - 11:44

now and launch the scan. And I believe
11:44 - 11:46

you can kind of sometimes see
11:46 - 11:48

the progress of it like if you click it,
11:48 - 11:51

you can see, you know, what it has done so
11:51 - 11:53

far. It makes like little logs and then
11:53 - 11:55

the findings will kind of be on this
11:55 - 11:56

page, but we can just go back. Click back
11:56 - 11:58

to my host and then back to my scans, and
11:58 - 12:00

we'll just kind of wait for this to
12:00 - 12:02

finish. Cool, so we can now see that our
12:02 - 12:04

scan has finished over here. It says like
12:04 - 12:06

today and there's like a check mark. So
12:06 - 12:08

we can just kind of click this to look
12:08 - 12:10

at the individual results for it, and you
12:10 - 12:12

can see like down here like blue is info,
12:12 - 12:15

green is low, medium it's yellow, etc. And
12:15 - 12:16

depending on the organization you work
12:16 - 12:18

for, like a lot of people, a lot of orgs
12:18 - 12:20

like won't even, depending on what they
12:20 - 12:22

are, a lot of orgs won't even like really
12:22 - 12:24

touch medium or lows because they have
12:24 - 12:25

like so many criticals and highs that
12:25 - 12:27

kind of take precedence. And because we
12:27 - 12:29

didn't use any credentials for our scan,
12:29 - 12:32

we don't really see that much of what
12:32 - 12:34

might be actually vulnerable inside the
12:34 - 12:35

VM, but we do see like some things here.
12:35 - 12:36

So we can click
12:36 - 12:38

vulnerabilities up here and just kind of
12:38 - 12:40

look through these a tiny bit. We can see
12:40 - 12:42

like SMB signing is not required. If
12:42 - 12:44

that's something that your org cares
12:44 - 12:46

about, you can kind of read about it here
12:46 - 12:48

more, and consider like implementing
12:48 - 12:50

implementing the solution to
12:50 - 12:52

kind of remediate this vulnerability.
12:52 - 12:54

There's other kind of interesting things
12:54 - 12:56

in here. Traceroute information, it's
12:56 - 12:58

listed as info, means it's not
12:58 - 13:00

could not necessarily be a vulnerability,
13:00 - 13:02

but just something you should be aware
13:02 - 13:04

of, that you can see traceroute information
13:04 - 13:06

which means like ICMP is
13:06 - 13:09

accepted on this particular host.
13:09 - 13:11

And down here we can see
13:11 - 13:13

target credential status by
13:13 - 13:15

authentication protocol, and it says like
13:15 - 13:16

Nessus was not able to successfully
13:16 - 13:18

authenticate to the remote target
13:18 - 13:19

because we didn't actually provide any
13:19 - 13:21

credentials, and we can see that down
13:21 - 13:24

here. SMB was detected on port 445,
13:24 - 13:26

means it's listening on 445, but we
13:26 - 13:28

didn't provide any credentials. That's a
13:28 - 13:29

kind of vulnerability, that's a
13:29 - 13:31

vulnerability scan, some basic results. So
13:31 - 13:33

the next thing we're going to do is
13:33 - 13:35

we're going to, we're going to set up the
13:35 - 13:37

virtual machine to be able to accept
13:37 - 13:39

authenticated scans, and then we're going
13:39 - 13:40

to provide some credentials to Nessus,
13:40 - 13:42

and then we're going to try to rescan
13:42 - 13:44

the virtual machine with credentials, and
13:44 - 13:46

then kind of compare the results of the
13:46 - 13:47

new scan which with these ones that
13:47 - 13:49

we're looking at here. So we'll go back
13:49 - 13:52

to my scans. Actually we'll go back to
13:52 - 13:54

the virtual machine here, and then we'll
13:54 - 13:55

open up
13:55 - 13:57

services.msc. And there may be better
13:57 - 13:58

ways to do what I'm doing like
13:58 - 14:00

especially if you're in like a corporate
14:00 - 14:02

environment. I got these steps from
14:02 - 14:04

Nessus, the things that they recommend to
14:04 - 14:06

actually do credentialed scans against
14:06 - 14:09

Windows hosts that are not on the domain.
14:09 - 14:10

So that's kind of what we're
14:10 - 14:12

using here, so I'm just going to first
14:12 - 14:14

I'm going to enable the remote registry.
14:14 - 14:16

The remote registry which will allow the
14:16 - 14:18

scanner to connect to this computer's
14:18 - 14:19

registry, and like kind of crawl through
14:19 - 14:21

the registry and look for insecure
14:21 - 14:23

configurations like maybe deprecated
14:23 - 14:25

cypher suites that might be enabled. You
14:25 - 14:26

can enable and disable those in the
14:26 - 14:28

registry, so I'm just going to enable
14:28 - 14:31

remote registry so our scanner can
14:31 - 14:33

connect to the registry. So I enabled it
14:33 - 14:35

and I turned it on, and then next we're
14:35 - 14:36

going to, be careful when you close this so
14:36 - 14:38

you don't close the actual VM. I'm just
14:38 - 14:40

closing like the window inside. I'll
14:40 - 14:42

close the firewall. And the next thing, I'll
14:42 - 14:45

enable file and printer sharing so, oh it
14:45 - 14:47

looks like it's possibly already on. Turn
14:47 - 14:49

on sharing so anyone with network, I
14:49 - 14:51

don't think public folder sharing needs
14:51 - 14:53

to be on. I was going to turn this on but
14:53 - 14:54

it looks like it's on already. Turn on
14:54 - 14:56

network discovery, file, and printer
14:56 - 14:57

sharing, oh, looks like it's already on. If
14:57 - 14:59

yours are not on, just make sure to turn
14:59 - 15:01

the file and printer sharing on.
15:01 - 15:03

And then we will go to user account
15:03 - 15:06

control, and this is not good to do,
15:06 - 15:08

but our computer is not on the domain so
15:08 - 15:10

we have to do these kind of hack things
15:10 - 15:12

to be able to scan it. So I'll disable
15:12 - 15:14

this, say okay, say yes. And then we're
15:14 - 15:16

going to open the registry and then
15:16 - 15:18

add a key that's supposed to allow the
15:18 - 15:21

remote account to like connect in. And
15:21 - 15:22

next we're going to connect to the
15:22 - 15:23

registry and add a key that's supposed
15:23 - 15:26

to I guess further disable user account
15:26 - 15:28

control for the remote account we're
15:28 - 15:29

going to use to connect to this
15:29 - 15:32

computer during our scan. So just go to
15:32 - 15:33

start and type regedit. Again, I got this
15:33 - 15:36

documentation from Nessus, I'll put a
15:36 - 15:37

link to it in the description. So we will
15:37 - 15:41

browse to a local machine here, so we'll
15:41 - 15:44

go to local machine, software, Microsoft,
15:44 - 15:48

Windows, current version, policies, system,
15:48 - 15:51

and then inside here we'll create a
15:51 - 15:54

DWORD called local account token filter
15:54 - 15:56

policy, so
15:56 - 16:00

local account token filter policy, local
16:00 - 16:02

account token filter policy. We'll say enter
16:02 - 16:05

and then we'll set this value to 1, and
16:05 - 16:06

we'll close this. And we'll go ahead and
16:06 - 16:08

restart our virtual machine at this
16:08 - 16:09

point. Cool, and then we'll log in,
16:09 - 16:11

remember our username, I made mine admin,
16:11 - 16:13

and then whatever your password is, just
16:13 - 16:15

make sure you don't forget it. And we
16:15 - 16:18

should be ready to scan our computer now.
16:18 - 16:19

We're going to edit this scan that we
16:19 - 16:22

made, so go back to Nessus Essentials, and
16:22 - 16:25

then we will, oh, so check this box next
16:25 - 16:27

to the scan, and then go to more, and then go
16:27 - 16:29

to configure, and then we're going to add
16:29 - 16:30

a set of credentials to this, and we're
16:30 - 16:32

going to add Windows credentials. So
16:32 - 16:34

we're going to use password, and remember,
16:34 - 16:36

our username is admin, so if you go to
16:36 - 16:39

the VM and go to cmd and type like
16:39 - 16:41

whoami, the name is
16:41 - 16:44

admin right, so we'll say admin, and then
16:44 - 16:46

whatever you made the password. And I
16:46 - 16:47

believe,
16:47 - 16:48

I believe we can like leave all these
16:48 - 16:50

things as default, if it breaks, I mean
16:50 - 16:52

maybe we can come back and configure it, or
16:52 - 16:53

if it doesn't work, we can check it. So
16:53 - 16:56

we'll save this as it is. So it saved, and then
16:56 - 16:59

we'll go back, and back to scans, and then
16:59 - 17:01

we'll run this scan one more time.
17:01 - 17:03

When this finishes, we'll compare the
17:03 - 17:05

results with the first scan, and
17:05 - 17:06

technically we should see more results
17:06 - 17:08

with this one because we enabled
17:08 - 17:09

credentialed scanning and we kind of
17:09 - 17:12

configured the VM to accept remote scans.
17:12 - 17:14

So we'll see what happens, so I'll just
17:14 - 17:16

pause this and I'll come back, I'll pause
17:16 - 17:17

the video and come back when it finishes.
17:17 - 17:19

Okay, it's been a few minutes and it
17:19 - 17:21

looks like our scan is finished here. So
17:21 - 17:23

we will click on this, and we can see
17:23 - 17:25

like immediately, remember last time we
17:25 - 17:27

we had like one medium and a bunch of
17:27 - 17:29

infos. Now we have like seven criticals,
17:29 - 17:32

38 highs, and, you know, four mediums, and a
17:32 - 17:34

whole bunch more infos. It's pretty
17:34 - 17:36

interesting, so before we like really
17:36 - 17:37

dive into the vulnerabilities and all
17:37 - 17:39

this. I'll just click on history over
17:39 - 17:41

here really quick. And this is the
17:41 - 17:42

current one and you can see the
17:42 - 17:44

vulnerabilities down here. You can see,
17:44 - 17:46

you know, five percent criticals, etc. And
17:46 - 17:47

then if we click on our first scan, we
17:47 - 17:49

can see like we didn't use credentials
17:49 - 17:51

for this, so we couldn't look at the file
17:51 - 17:53

system or the registry or any other
17:53 - 17:55

running services or any of that, so
17:55 - 17:56

you can see there's like a big
17:56 - 17:58

difference in doing credentialed scan
17:58 - 18:00

versus like uncredentialed scans. So this
18:00 - 18:02

kind of like solidifies the importance
18:02 - 18:04

of running credentialed scans whether or
18:04 - 18:06

not you're like scanning Cisco devices
18:06 - 18:08

or like Linux machines or like Windows
18:08 - 18:10

machines or Macs or whatever. If you can
18:10 - 18:13

use credentials, you can really like
18:13 - 18:15

discover more vulnerabilities. So I'll
18:15 - 18:16

just click on the vulnerabilities tab
18:16 - 18:18

here first, and we'll just kind of like
18:18 - 18:20

look at these a little bit. We can see
18:20 - 18:22

like this is essentially the
18:22 - 18:24

list of findings, and some of these
18:24 - 18:26

are mixed, so if we click on this, for
18:26 - 18:28

example, we can see it's like a
18:28 - 18:30

combination of like mostly criticals and
18:30 - 18:31

highs, and you can see it's like mostly
18:31 - 18:34

Edge, mostly Edge which can probably be
18:34 - 18:36

remediated from like updating, running
18:36 - 18:37

Windows updates essentially. And you can
18:37 - 18:39

kind of look at these individual ones
18:39 - 18:42

and dive more deep into them to
18:42 - 18:43

see like what the actual thing is and
18:43 - 18:45

like how to fix it.
18:45 - 18:47

So we can go back a little bit. We'll
18:47 - 18:48

back up a little bit more. So
18:48 - 18:50

vulnerabilities around Edge, around
18:50 - 18:52

Windows, around a bunch of other stuff.
18:52 - 18:54

If we click on remediations, this tab
18:54 - 18:56

kind of gives us like a high level like
18:56 - 18:58

instructions on how to like remediate
18:58 - 19:00

most of the findings from like a really
19:00 - 19:02

high level, basically just like run
19:02 - 19:03

Windows updates is what I'm
19:03 - 19:05

seeing here. So security updates,
19:05 - 19:07

install this KB to fix a bunch of other
19:07 - 19:09

ones, and then all this is pretty much
19:09 - 19:11

Windows updates. And this VPR top threats,
19:11 - 19:14

these VPR top threats is essentially
19:14 - 19:16

what Tenable is like recommending we
19:16 - 19:18

prioritize to remediate probably based
19:18 - 19:21

on CVSS score and like whatever other
19:21 - 19:25

metrics they use. So like I would say
19:25 - 19:26

before like, if I were
19:26 - 19:28

doing this in like an organization,
19:28 - 19:30

like the first thing you want to do is
19:30 - 19:31

like make sure you have third-party
19:31 - 19:34

patching and like Windows OS patching
19:34 - 19:36

like set up properly and like properly
19:36 - 19:37

being like tested and deployed on
19:37 - 19:39

regular intervals, so you don't have to
19:39 - 19:41

like kind of go through and deal with
19:41 - 19:43

these like individual vulnerabilities
19:43 - 19:45

that are related to things
19:45 - 19:47

that can be easily fixed by like
19:47 - 19:49

automated patching and stuff like this.
19:49 - 19:52

So before I start like
19:52 - 19:54

remediating these and fixing them, I'm
19:54 - 19:56

gonna install some like deprecated
19:56 - 19:58

software on this computer like a really
19:58 - 20:00

old version of Firefox, and then we're
20:00 - 20:02

gonna kind of run another scan, and then
20:02 - 20:04

observe the results from that as well. So
20:04 - 20:05

I'm gonna get this old version of
20:05 - 20:07

Firefox. I'll put a link to it
20:07 - 20:09

in the description, I was gonna say I'm
20:09 - 20:11

worried about doing that, but I'll put a
20:11 - 20:12

link to it in the description. It's
20:12 - 20:14

really old, from six years ago apparently.
20:14 - 20:17

So we'll just download this Firefox
20:17 - 20:19

3612. And make sure to do this, make sure
20:19 - 20:20

you're doing this in the virtual machine.
20:20 - 20:22

Don't accidentally do it on your
20:22 - 20:25

computer, and that's
20:25 - 20:27

what I'm actually doing, so make sure
20:27 - 20:29

go to the virtual machine. So we'll open
20:29 - 20:31

up Edge in our virtual machine, and then
20:31 - 20:34

we'll paste, oh no, I can't paste it? I'm
20:34 - 20:35

just gonna search like download
20:35 - 20:37

deprecated Firefox. I shouldn't
20:37 - 20:39

use the word deprecated. I'll
20:39 - 20:42

say download old Firefox, and
20:42 - 20:44

I think I can click here and do it.
20:44 - 20:46

Still want to downgrade directory, I'll go
20:46 - 20:48

to directory of all old ones and then
20:48 - 20:50

I'll get 3612. This is random by the way,
20:50 - 20:52

you can get any old version that you
20:52 - 20:54

want. I'm just using this one because I
20:54 - 20:58

did it already. win32, en-US, and
20:58 - 21:00

I'll get this. So we'll open this, and
21:00 - 21:02

then install this super old version of
21:02 - 21:06

Firefox. We'll say next, standard, sure, and
21:06 - 21:08

then sure, we can launch it, I guess,
21:08 - 21:11

yeah why not. Cool, so this is old, old
21:11 - 21:14

Firefox, so now we have an old Firefox on
21:14 - 21:15

our computer, so we'll close this. This is
21:15 - 21:17

our virtual machine remember. Here's
21:17 - 21:19

Firefox. And then so we will go back to
21:19 - 21:21

our scans here. This is on our host
21:21 - 21:23

machine, and this is Nessus so we'll go
21:23 - 21:24

back to our scans, and we don't need to
21:24 - 21:26

change our scan anymore. We'll just click
21:26 - 21:29

launch and it will just run another scan.
21:29 - 21:31

It will do the same thing scan all, scan
21:31 - 21:32

the common open ports, inspect the
21:32 - 21:35

registry, inspect the services, and then
21:35 - 21:37

inspect the file system. It's going to
21:37 - 21:39

discover this old deprecated version of
21:39 - 21:41

Firefox. There's like a million
21:41 - 21:43

vulnerabilities in it probably, so
21:43 - 21:44

hopefully we'll see that reflected
21:44 - 21:46

in the scan results when this finishes
21:46 - 21:48

here in a couple of minutes. Okay, it's
21:48 - 21:50

been a couple more minutes and our scan
21:50 - 21:51

is finished, so we can click on this
21:51 - 21:53

again, and we'll see like our
21:53 - 21:56

vulnerabilities like went up to 68
21:56 - 21:57

critical now. So before we kind of dive
21:57 - 21:58

into these, again, we'll check out the
21:58 - 22:00

history just so we can see like a trend
22:00 - 22:02

in these. So this is the first one in the
22:02 - 22:04

bottom here we can see only info, no
22:04 - 22:06

credentials provided. Second one is our
22:06 - 22:08

credentials provided, and we, you know, we
22:08 - 22:10

have a little bit more, we have some
22:10 - 22:12

criticals discovered and some highs. And
22:12 - 22:14

then we installed Firefox, like a really
22:14 - 22:16

old one, and then this is our current
22:16 - 22:19

scan. There's like a bunch more criticals,
22:19 - 22:21

whole bunch of criticals, so we'll go to
22:21 - 22:24

the vulnerabilities tab here.
22:24 - 22:26

And then we can kind of see this one at
22:26 - 22:28

the very top mixed with Firefox and
22:28 - 22:31

total count of like 141, so if we click
22:31 - 22:33

on this, it's just absolute chuck full
22:33 - 22:35

of criticals just because that version
22:35 - 22:37

of Firefox is like so old, it has so many
22:37 - 22:38

vulnerabilities. And it's not like you
22:38 - 22:40

have to like go through like fix each
22:40 - 22:41

one of these one at a time, you can
22:41 - 22:43

either just like upgrade Firefox to the
22:43 - 22:45

latest one or just like completely
22:45 - 22:46

uninstall it and it will remediate the
22:46 - 22:48

vulnerabilities. So we can click
22:48 - 22:49

remediations, we pretty much see the same
22:49 - 22:52

thing as last time except for at the
22:52 - 22:54

very top now we have a recommendation to
22:54 - 22:57

upgrade Firefox. And then again this VPR
22:57 - 22:59

top threats, we have this kind of
22:59 - 23:02

Firefox in here. Again, history, first scan,
23:02 - 23:04

no credentials. Second, credentials,
23:04 - 23:06

default Windows install. Third scan,
23:06 - 23:08

Firefox, old Firefox, whole
23:08 - 23:10

bunch of vulnerabilities that need to be
23:10 - 23:12

remediated. So the next step we're going
23:12 - 23:14

to, we're just going to try to remediate
23:14 - 23:16

as many of these vulnerabilities as we
23:16 - 23:18

can by doing like really simple things,
23:18 - 23:19

like we're just going to uninstall
23:19 - 23:21

Firefox totally, and then we're going to
23:21 - 23:23

just essentially like run Windows
23:23 - 23:25

updates until there's no more updates
23:25 - 23:27

that need to happen essentially. So we'll
23:27 - 23:29

go to our virtual machine here, and then
23:29 - 23:32

we can go to appwiz.cpl, that's like a
23:32 - 23:34

kind of shortcut to go to this thing.
23:34 - 23:36

So we can go to Firefox, I'm just going
23:36 - 23:38

to uninstall it to be honest. So uninstall
23:38 - 23:40

Firefox, and then I'll go to Windows
23:40 - 23:42

update, and let's see
23:42 - 23:44

I guess I'll just manually check for
23:44 - 23:46

updates, I'll leave the settings to like
23:46 - 23:47

whatever they are. And then you can do
23:47 - 23:49

this too just keep like running Windows
23:49 - 23:50

updates, and you might have to like
23:50 - 23:51

restart and then run it again then
23:51 - 23:54

restart and run it again. I'll pause this
23:54 - 23:55

and I'll just kind of like let the
23:55 - 23:57

updates happen, then I'll come back to it
23:57 - 23:59

again. Okay, it updated for a while and
23:59 - 24:00

it's asking for a restart, so I'll just go
24:00 - 24:03

ahead and restart and repeat the process.
24:03 - 24:06

Okay when it comes back up, just go ahead
24:06 - 24:08

and log in again, and go to Windows
24:08 - 24:10

updates again, and just click check for
24:10 - 24:13

updates one more time just to make sure.
24:13 - 24:14

Okay, it looks like it's installing some
24:14 - 24:16

more, so I'll go ahead and pause this and
24:16 - 24:18

kind of let this continue. So it actually
24:18 - 24:20

looks like the updates are done, so we'll
24:20 - 24:22

go back to Nessus, go back to my scans,
24:22 - 24:25

and we'll run our scan one more time. So
24:25 - 24:27

we should expect to see a lot of the
24:27 - 24:29

remediations done, there should be a lot
24:29 - 24:30

less highs and criticals like Firefox
24:30 - 24:32

should be gone, like all the Windows
24:32 - 24:34

updates should be no longer required, but
24:34 - 24:36

we will let this finish, and then check
24:36 - 24:38

it out in a couple of minutes, or for you
24:38 - 24:39

it will be instantly because I'll edit
24:39 - 24:41

this out. So our last scan has finally
24:41 - 24:44

finished, so let's check this out. So
24:44 - 24:45

we'll click on this and before we like
24:45 - 24:47

really dive in deep, we can kind of see
24:47 - 24:48

there's some highs and some
24:48 - 24:50

criticals and highs, but we'll go to
24:50 - 24:52

history over here, and this is our
24:52 - 24:54

current scan, and this is the last scan
24:54 - 24:56

right here before we uninstalled Firefox
24:56 - 24:59

and before we updated Windows, so we can
24:59 - 25:00

see there's quite a bit more mediums,
25:00 - 25:02

quite a bit more, sorry, there's quite a
25:02 - 25:03

bit more criticals, quite a bit more
25:03 - 25:06

highs. So current, after removing
25:06 - 25:07

Firefox and running Windows updates, and
25:07 - 25:10

then before. So there's quite a bit less, and
25:10 - 25:13

this scan right here, this is the
25:13 - 25:15

default install of Windows and then this
25:15 - 25:17

is the current one after updating
25:17 - 25:19

Windows. So current or default and then
25:19 - 25:20

current. So we can kind of dive into
25:20 - 25:22

these like a little bit, it looks like
25:22 - 25:25

the remaining vulnerabilities, most of
25:25 - 25:27

them are around Microsoft Edge. It looks
25:27 - 25:29

like maybe Windows update didn't update
25:29 - 25:31

Edge for some reason. We can check
25:31 - 25:34

this one, a bunch of highs, I can't
25:34 - 25:36

read these. Microsoft 3D Viewer Base 3D
25:36 - 25:38

Code something. Maybe this is some like
25:38 - 25:40

native app that's installed, oh yeah, it
25:40 - 25:42

is. So it looks like there's some like
25:42 - 25:44

random stuff that's still on this
25:44 - 25:46

virtual machine that maybe it's like out
25:46 - 25:48

of date or something like this, and
25:48 - 25:49

you can just kind of look through this. I
25:49 - 25:51

won't like do any further remediations
25:51 - 25:53

because this video is getting kind of
25:53 - 25:55

long so, but maybe you could consider,
25:55 - 25:57

you know, figuring out exactly like how
25:57 - 25:59

to update Microsoft Edge or like
25:59 - 26:01

uninstall it if you're allowed to do
26:01 - 26:02

that like, I don't know. But yeah, it's
26:02 - 26:04

pretty interesting to kind of
26:04 - 26:05

experiment with this and like install
26:05 - 26:07

like really old stuff, or maybe even
26:07 - 26:09

like get a hold of like a Windows XP ISO
26:09 - 26:12

and install Windows XP, right, and scan
26:12 - 26:14

that and see what kind of like swiss
26:14 - 26:16

cheese scan results like come back. It's
26:16 - 26:18

like going to be absolutely full of
26:18 - 26:20

holes, but yeah that is vulnerability
26:20 - 26:21

management. And those are kind of like the
26:21 - 26:23

really kind of the core components of
26:23 - 26:24

vulnerability management just like
26:24 - 26:26

scanning and remediating, scanning and
26:26 - 26:28

remediating, but, you know, a lot more goes
26:28 - 26:29

into it because you have to have like,
26:29 - 26:30

you know, when you work at a big
26:30 - 26:32

organization, you usually will make some
26:32 - 26:34

kind of standard and like policies and
26:34 - 26:36

procedures, and you have to kind of bring
26:36 - 26:38

all the departments in and work with the
26:38 - 26:39

individual groups to like get
26:39 - 26:41

credentials for all their individual
26:41 - 26:43

resources, or maybe you use like a domain
26:43 - 26:45

account to scan everything, and it
26:45 - 26:46

gets a little bit more complicated when
26:46 - 26:48

you're in a large organization, but this
26:48 - 26:50

is pretty much the guts of it,
26:50 - 26:51

just like scanning stuff, finding
26:51 - 26:53

vulnerabilities, and then essentially
26:53 - 26:55

remediating them. You want to automate it,
26:55 - 26:57

as much of it as you can as possible
26:57 - 26:59

like updating like the third-party
26:59 - 27:01

apps and like Windows update and this
27:01 - 27:03

kind of thing. And you want to have like
27:03 - 27:04

a secure build standard, so like make
27:04 - 27:06

sure the build is like already like
27:06 - 27:09

remediated and like secure enough before
27:09 - 27:10

it goes into production to kind of
27:10 - 27:12

reduce the amount of vulnerabilities
27:12 - 27:13

that get introduced, but now that you've
27:13 - 27:14

kind of like watched this you have a
27:14 - 27:16

pretty good idea, I would say, of how
27:16 - 27:18

vulnerability management works, so you
27:18 - 27:20

can, you know, practice this a bunch, and
27:20 - 27:21

consider like reading up on how to
27:21 - 27:23

implement vulnerability management on
27:23 - 27:24

like a large organization, and then you can
27:24 - 27:26

like put something on your resume that
27:26 - 27:28

might look something like this, and then
27:28 - 27:30

go ahead and start applying to jobs that
27:30 - 27:31

are looking for like vulnerability
27:31 - 27:33

management engineers or vulnerability
27:33 - 27:35

management analysts or like whatever
27:35 - 27:36

they're calling them because it's a
27:36 - 27:37

relatively like straightforward process.
27:37 - 27:39

It's pretty easy technically speaking.
27:39 - 27:41

Like the hard part about
27:41 - 27:43

vulnerability management usually comes
27:43 - 27:44

from like dealing with the humans and
27:44 - 27:46

like getting everyone to like coordinate,
27:46 - 27:48

that's like really difficult. But yeah, I hope
27:48 - 27:49

you enjoyed this. If you
27:49 - 27:51

thought I was interesting, you know I'd
27:51 - 27:53

appreciate if you liked and consider
27:53 - 27:54

subscribing, and if you have any
27:54 - 27:56

questions or comments, criticism, please
27:56 - 27:57

like let me know in the comment section.
27:57 - 27:59

I 100% read all the comments every time. I
27:59 - 28:01

respond to everybody's comment. If you
28:01 - 28:02

feel like supporting me, I do have a
28:02 - 28:04

Patreon, but other than that, thank you so
28:04 - 28:06

much for watching and we will see you in
28:06 - 28:08

the next video, bye bye.
28:08 - 28:20

[Music]

Title:: Nessus Tutorial for Beginners: Vulnerability Management (PUT THIS ON YOUR RESUME!)
Description:: more » « less
Video Language:: English
Duration:: 28:21

	OEVIDEOS edited English subtitles for Nessus Tutorial for Beginners: Vulnerability Management (PUT THIS ON YOUR RESUME!)
	OEVIDEOS edited English subtitles for Nessus Tutorial for Beginners: Vulnerability Management (PUT THIS ON YOUR RESUME!)
	OEVIDEOS edited English subtitles for Nessus Tutorial for Beginners: Vulnerability Management (PUT THIS ON YOUR RESUME!)
	OEVIDEOS edited English subtitles for Nessus Tutorial for Beginners: Vulnerability Management (PUT THIS ON YOUR RESUME!)
	OEVIDEOS edited English subtitles for Nessus Tutorial for Beginners: Vulnerability Management (PUT THIS ON YOUR RESUME!)
	OEVIDEOS edited English subtitles for Nessus Tutorial for Beginners: Vulnerability Management (PUT THIS ON YOUR RESUME!)
	OEVIDEOS edited English subtitles for Nessus Tutorial for Beginners: Vulnerability Management (PUT THIS ON YOUR RESUME!)
	OEVIDEOS edited English subtitles for Nessus Tutorial for Beginners: Vulnerability Management (PUT THIS ON YOUR RESUME!)

English subtitles

Revisions Compare revisions

Revision 8 Edited

OEVIDEOS
Revision 7 Edited

OEVIDEOS
Revision 6 Edited

OEVIDEOS
Revision 5 Edited

OEVIDEOS
Revision 4 Edited

OEVIDEOS
Revision 3 Edited

OEVIDEOS
Revision 2 Edited

OEVIDEOS
Revision 1 Uploaded

OEVIDEOS

	Revision Number	Author	Created
	8	OEVIDEOS
	7	OEVIDEOS
	6	OEVIDEOS
	5	OEVIDEOS
	4	OEVIDEOS
	3	OEVIDEOS
	2	OEVIDEOS
	1	OEVIDEOS

Nessus Tutorial for Beginners: Vulnerability Management (PUT THIS ON YOUR RESUME!)

Revisions Compare revisions

Our website uses cookies

Operating cookies (Required)