This was a simulated vulnerability scan on a windows VM using NESSUS.
This project demonstrates a simulated vulnerability scan to understand the operation of modern vulnerability scanning systems. The primary objective was to install and use Nessus vulnerability scanning software in conjunction with VMware Fusion's virtual Windows environment. By simulating a poorly hardened device, I was able to create a controlled, vulnerable environment, analyze the vulnerability scan results, and implement remediation strategies to harden the system.
- Advanced proficiency in configuring and executing scans using vulnerability assessment tools to identify security weaknesses.
- Expertise in recommending and implementing effective remediation strategies for identified vulnerabilities.
- Experience in applying robust security controls and hardening measures on Windows OS.
- Virtualization System (VMWare Fusion Pro) for setting up a lab testing environment.
- Vulnerability Scanning Software (Nessus) for scanning a known-bad environment for system and network vulnerabilities.
- Known-Bad software for creating an intentionally weak OS.
- Use VMWare to initialize a Windows VM and ensure connectivity through ipconfig
- Install and configure Nessus to properly be able to scan for vulnerabilities.
- Conduct the first Vscan to establish a baseline prior to adding Known-Bad software
- After uninstalling default security updates, conduct the SECOND Vscan to see which V's are discovered
- Open one of the discovered V's to analyze the reason and a possible solution
- Purposley install Known-Bad software to simulate a weak system. (Here I used an outdated version of Google Chrome, Minecraft, and 7-Zip)
- Rescan with the new KB software added and analyze the vulnerabilities discovered
- Remedy the machine by removing KB software and installing proper security updates
- Export the previous VScan and send it over to the development team for fixing.
- Finally, rescan and notice there are no V's left on the system. (The system is now properly hardened)