Skip to content
/ Vulnerability-Scan-With-Nessus Public

This was a simulated vulnerability scan on a windows VM using NESSUS.

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

UJosephUdoh/Vulnerability-Scan-With-Nessus

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
README.md
README.md
 
 

Repository files navigation

Vulnerability-Scan-With-Nessus

This was a simulated vulnerability scan on a windows VM using NESSUS.

Objective

This project demonstrates a simulated vulnerability scan to understand the operation of modern vulnerability scanning systems. The primary objective was to install and use Nessus vulnerability scanning software in conjunction with VMware Fusion's virtual Windows environment. By simulating a poorly hardened device, I was able to create a controlled, vulnerable environment, analyze the vulnerability scan results, and implement remediation strategies to harden the system.

Skills Learned

  • Advanced proficiency in configuring and executing scans using vulnerability assessment tools to identify security weaknesses.
  • Expertise in recommending and implementing effective remediation strategies for identified vulnerabilities.
  • Experience in applying robust security controls and hardening measures on Windows OS.

Tools Used

  • Virtualization System (VMWare Fusion Pro) for setting up a lab testing environment.
  • Vulnerability Scanning Software (Nessus) for scanning a known-bad environment for system and network vulnerabilities.
  • Known-Bad software for creating an intentionally weak OS.

Steps

  1. Use VMWare to initialize a Windows VM and ensure connectivity through ipconfig
Screenshot 2024-07-03 at 10 54 07 PM
  1. Install and configure Nessus to properly be able to scan for vulnerabilities.
Screenshot 2024-07-03 at 11 02 14 PM
  1. Conduct the first Vscan to establish a baseline prior to adding Known-Bad software
Screenshot 2024-07-03 at 11 20 10 PM
  1. After uninstalling default security updates, conduct the SECOND Vscan to see which V's are discovered
Screenshot 2024-07-03 at 11 32 50 PM
  1. Open one of the discovered V's to analyze the reason and a possible solution
Screenshot 2024-07-03 at 11 51 52 PM
  1. Purposley install Known-Bad software to simulate a weak system. (Here I used an outdated version of Google Chrome, Minecraft, and 7-Zip)
Screenshot 2024-07-04 at 9 16 01 AM Screenshot 2024-07-04 at 9 16 06 AM
  1. Rescan with the new KB software added and analyze the vulnerabilities discovered
Screenshot 2024-07-04 at 9 16 19 AM
  1. Remedy the machine by removing KB software and installing proper security updates
Screenshot 2024-07-04 at 9 30 47 AM
  1. Export the previous VScan and send it over to the development team for fixing.
Screenshot 2024-07-04 at 10 14 53 AM
  1. Finally, rescan and notice there are no V's left on the system. (The system is now properly hardened)
Screenshot 2024-07-04 at 9 46 12 AM

About

This was a simulated vulnerability scan on a windows VM using NESSUS.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published