1
00:00:00,120 --> 00:00:03,330
All right, welcome back, everyone, disassociation this session is about.

2
00:00:04,530 --> 00:00:08,600
We are going to get started with our very first scan and that's scanner.

3
00:00:09,670 --> 00:00:16,920
OK, so before we do the scan, we the target range and to make our station more effective will be making

4
00:00:16,920 --> 00:00:25,200
use of already infected machine, which is made portable to I'll give you a link to download this machine

5
00:00:25,560 --> 00:00:30,840
so you can download it and upload on your watch and box what you can do.

6
00:00:30,840 --> 00:00:35,160
Just just download the file, extract it and just double click on it.

7
00:00:35,160 --> 00:00:40,980
If you already having what you machine in virtual box on your system, it will open up so you don't

8
00:00:40,980 --> 00:00:42,140
really have to worry about it.

9
00:00:42,570 --> 00:00:44,490
So what's the IP address of the system then.

10
00:00:44,490 --> 00:00:46,020
Not ziggurat one, not 40.

11
00:00:46,470 --> 00:00:46,880
All right.

12
00:00:47,220 --> 00:00:50,720
So let's get to our Nessa's scanner.

13
00:00:51,450 --> 00:00:54,540
And on here we can perform the new scan.

14
00:00:55,200 --> 00:01:02,130
And what you can do is you can actually make use of the hosken pretty Burack.

15
00:01:02,490 --> 00:01:10,380
And this is where you can simply go to the network, scan the network and what you can what you can

16
00:01:10,380 --> 00:01:13,940
do is you just specify the system itself.

17
00:01:15,510 --> 00:01:17,250
Let's say we are performing the whole scan.

18
00:01:18,840 --> 00:01:25,710
And let's specify the IP address of it, so the IP address below zero one dot 14.

19
00:01:26,070 --> 00:01:29,670
OK, so that's where you define the target IP address.

20
00:01:29,850 --> 00:01:30,720
And there are two things.

21
00:01:30,760 --> 00:01:35,720
Remember, there's a credentialed scan or there's not credentialed scan.

22
00:01:35,970 --> 00:01:43,380
If you have credentials of the system, the scanner can log into the system and then perform this Candice's.

23
00:01:44,100 --> 00:01:50,190
This is very much a kind of active scan where you get more vulnerability and more, you know, more

24
00:01:50,190 --> 00:01:51,320
data about the system.

25
00:01:51,600 --> 00:01:56,460
If you don't really provide any credentials, that would be it would try to gather information, which

26
00:01:56,460 --> 00:02:01,490
is, you know, which is available from the external world, external posture, in fact.

27
00:02:01,950 --> 00:02:04,310
So we can we can make use of it.

28
00:02:04,310 --> 00:02:10,950
It depends on how you want to specify if if you just if you want to make sure that you specify the details,

29
00:02:10,950 --> 00:02:12,510
you can even make use of this.

30
00:02:13,710 --> 00:02:16,860
You can simply provide the username and password for our condition.

31
00:02:16,970 --> 00:02:20,670
It is a massive, massive and meaningful.

32
00:02:21,060 --> 00:02:27,870
If you don't provide, it will still be OK, because any which way we are trying to understand how how

33
00:02:27,870 --> 00:02:33,750
the problem, how the vulnerabilities are looking like from the external point of view without even

34
00:02:33,750 --> 00:02:35,160
getting access to the system.

35
00:02:35,400 --> 00:02:40,980
If somebody have the access to the machine, he don't really he don't need to perform any one of the

36
00:02:41,090 --> 00:02:41,340
right.

37
00:02:41,640 --> 00:02:43,710
He can straight away get access to the system.

38
00:02:43,710 --> 00:02:43,940
Right.

39
00:02:44,250 --> 00:02:50,590
So we can even if we do, if we even if we remove the credential, it still be OK.

40
00:02:51,180 --> 00:02:56,850
So let me do more and let's see if we get the desired information about it.

41
00:02:56,890 --> 00:02:59,520
OK, you still have an option of scheduling it.

42
00:02:59,520 --> 00:03:04,590
You can schedule when you want to initiate this scan, you can have notification.

43
00:03:04,590 --> 00:03:11,430
But notification only works when you have a same type configuration so that you get the email notification

44
00:03:11,430 --> 00:03:11,850
as well.

45
00:03:12,630 --> 00:03:16,560
So this is all in terms of basic board scan.

46
00:03:16,560 --> 00:03:22,560
So once it is done, then on the target you see a plug ins in the normal network scan.

47
00:03:22,560 --> 00:03:23,220
It is fixed.

48
00:03:23,220 --> 00:03:25,500
You can't really modify what are plug ins.

49
00:03:25,500 --> 00:03:32,490
Plug ins are basically a set of parameters against which all the all the vulnerabilities are matched.

50
00:03:32,730 --> 00:03:37,010
So what happened is the way we have learned about the CBS database.

51
00:03:37,020 --> 00:03:37,300
Right.

52
00:03:37,740 --> 00:03:43,350
So in the plug ins for all of these KVI databases are basically updated with witnesses.

53
00:03:43,740 --> 00:03:51,030
So Nessa's maintain all the weaknesses of all kind of host, maybe to Windows, maybe Linux machine,

54
00:03:51,480 --> 00:03:57,740
you know, all the application, maybe Cisco routers such as Juniper, everything for every devices

55
00:03:57,870 --> 00:04:00,690
maintains a kind of a plugin database.

56
00:04:01,290 --> 00:04:08,520
And this these are all these plug ins are all compared against our target post.

57
00:04:08,640 --> 00:04:16,740
And if any weakness of our target pulls matches with the plugins, the CB database, then it generates

58
00:04:16,740 --> 00:04:17,240
in Halep.

59
00:04:17,310 --> 00:04:23,280
So it's pretty, pretty, pretty clear what exactly it is going to come of.

60
00:04:24,000 --> 00:04:26,460
So once that is done, you can straight away save it.

61
00:04:26,790 --> 00:04:29,810
And so we have selective degradation.

62
00:04:29,820 --> 00:04:32,360
So in that case we'll have to mention the password.

63
00:04:32,790 --> 00:04:41,010
So let's say we will specify, OK, we can either ignore it, but let's say for this scan we keep the

64
00:04:41,010 --> 00:04:41,550
password.

65
00:04:41,550 --> 00:04:44,280
We mentioned the password and we then go ahead with this, OK?

66
00:04:44,640 --> 00:04:46,560
Because we have already selected it.

67
00:04:47,460 --> 00:04:48,390
So let's save it.

68
00:04:48,840 --> 00:04:52,920
And once at the same, you get to see, OK, this you can log on to this.

69
00:04:53,550 --> 00:04:53,850
OK.

70
00:04:55,270 --> 00:05:01,570
One, if not, the scan will be will be started and it's already started.

71
00:05:01,600 --> 00:05:03,670
So that's how you can perform it.

72
00:05:04,330 --> 00:05:05,860
This is a credential B scan.

73
00:05:05,870 --> 00:05:15,340
You can even make use of non-trading to scan where you can quickly mention, you know, scan, let's

74
00:05:15,350 --> 00:05:17,650
extend or zero to 114.

75
00:05:18,040 --> 00:05:22,630
And that's a you just have to do that and it's done.

76
00:05:22,630 --> 00:05:25,280
And you can even initiate this scan is right.

77
00:05:25,780 --> 00:05:29,650
So for now, I can just I can just pass this scan.

78
00:05:29,680 --> 00:05:32,440
Let's wait for the scan to be completed.

79
00:05:32,800 --> 00:05:34,900
Now, it might take some time.

80
00:05:34,910 --> 00:05:37,360
Forget all the details about the scanning.

81
00:05:37,360 --> 00:05:41,920
But meanwhile, we can see that we go to the system and the go and get a look at the one.

82
00:05:42,670 --> 00:05:45,760
You see this, you get the most information.

83
00:05:45,780 --> 00:05:51,190
So currently we have just one IP address because we have intentionally mentioned just one IP address.

84
00:05:51,200 --> 00:05:51,420
Right.

85
00:05:51,730 --> 00:05:57,540
If we if we mention all the database of the IP address, we can even imported as well.

86
00:05:57,940 --> 00:06:01,450
Then you get to see all the system IP address in that situation.

87
00:06:01,840 --> 00:06:02,210
Right.

88
00:06:02,230 --> 00:06:04,810
And then you get the list of vulnerabilities.

89
00:06:04,810 --> 00:06:06,790
So you see what is doing the red.

90
00:06:06,790 --> 00:06:08,230
That's the most critical one.

91
00:06:09,170 --> 00:06:10,120
What do you see in the mix?

92
00:06:10,130 --> 00:06:13,570
This is the mediocre you can see over here.

93
00:06:13,570 --> 00:06:13,860
Right.

94
00:06:14,110 --> 00:06:19,380
And this is the high vulnerability, which is no bad one, really.

95
00:06:19,390 --> 00:06:23,380
And it's a history which gives you an idea about what all that is happening.

96
00:06:23,680 --> 00:06:28,120
You also for everyone, you you don't get the problem.

97
00:06:28,120 --> 00:06:31,810
You even get the recommendation as well by Nessus.

98
00:06:31,810 --> 00:06:34,250
So let's say this is the most critical one.

99
00:06:34,540 --> 00:06:38,000
As of now, the scanning is not yet completed.

100
00:06:38,350 --> 00:06:39,070
It's still going on.

101
00:06:39,070 --> 00:06:42,280
But in meanwhile, we can look at some of the recommendations as well.

102
00:06:42,760 --> 00:06:49,390
So you can see this is a description which says at least one of the NAFS chair exported by the remote

103
00:06:49,390 --> 00:06:53,130
server could be mounted on the body scan host.

104
00:06:53,360 --> 00:06:58,820
An attacker may be able to leverage this to read files on the remote post.

105
00:06:58,840 --> 00:07:03,490
So this is something which can leverage the attacker to read the remote machine.

106
00:07:03,620 --> 00:07:04,000
Right.

107
00:07:04,600 --> 00:07:07,510
And the solution is configure.

108
00:07:07,510 --> 00:07:14,710
And if it's on the remote post so that only authorized hosts can monitor what each remote shares.

109
00:07:15,020 --> 00:07:16,480
So that's the recommendation.

110
00:07:16,480 --> 00:07:23,390
And in order for two to know more about this one, you can even go and read more about it.

111
00:07:23,410 --> 00:07:27,260
So this is where the Wallabadah Information Stream.

112
00:07:29,150 --> 00:07:40,910
Let me maximize it so you can see the CB information, which curves are our match with this system weaknesses,

113
00:07:40,910 --> 00:07:41,150
right?

114
00:07:41,180 --> 00:07:42,290
So this is DCB.

115
00:07:42,500 --> 00:07:50,500
Once you click on it, you get to the database or you can even manually go to the CB as well and can

116
00:07:51,090 --> 00:07:52,340
know about all that exists.

117
00:07:52,550 --> 00:07:56,990
As of now, we have made we have been making use of CVD.

118
00:07:57,170 --> 00:08:05,510
If you remember correctly, we can make use of KVI details as well, and we can even go there and copy

119
00:08:06,500 --> 00:08:08,090
any one of CB.

120
00:08:09,520 --> 00:08:15,940
And we get into this and you know what, you get the exact same information, right?

121
00:08:16,420 --> 00:08:20,770
This is seven point five when it was discovered and all this information you.

122
00:08:21,370 --> 00:08:23,160
Sorry, I think it is correct.

123
00:08:23,380 --> 00:08:23,760
Oh, yeah.

124
00:08:23,860 --> 00:08:25,300
This is the absolutely correct.

125
00:08:25,720 --> 00:08:29,300
That point five and this is the information about the celebrity.

126
00:08:29,320 --> 00:08:36,370
And this is this is considerably information and disclosure, but potentially a data breach kind of

127
00:08:36,370 --> 00:08:37,150
system as well.

128
00:08:37,510 --> 00:08:45,190
So everyone them really you can copy it and get to our our you know, our favorite CVT is dot com as

129
00:08:45,190 --> 00:08:45,410
well.

130
00:08:46,060 --> 00:08:48,520
So through that, you can get more information.

131
00:08:48,830 --> 00:08:52,930
Meanwhile, you can see the one body scan is still going on.

132
00:08:52,930 --> 00:08:56,680
But at this moment, we have got around thirty seven weaknesses.

133
00:08:56,680 --> 00:08:58,390
So 37 vulnerabilities.

134
00:08:58,750 --> 00:09:04,240
If you look at the first one bandshell back detection, this is seems to be very critical.

135
00:09:05,020 --> 00:09:12,310
And in this situation, you can still get to know as well as listening to on VAP on a remote boat without

136
00:09:12,310 --> 00:09:13,260
any authentication.

137
00:09:13,270 --> 00:09:18,100
So that seems like the shell on the system, which is listening to a boat.

138
00:09:18,110 --> 00:09:26,110
That means the system is already infected with malware and it is listening for a session, listening

139
00:09:26,110 --> 00:09:28,740
for a connection coming in from the attacker site.

140
00:09:29,260 --> 00:09:36,760
So this seems to be very risky and this is not a sign of weakness, but this is something where I mean,

141
00:09:36,760 --> 00:09:40,420
weaknesses in this is not seems to be a kind of KVI.

142
00:09:40,420 --> 00:09:44,950
This is an already infected machine because we have we have chosen it.

143
00:09:44,950 --> 00:09:45,250
Right.

144
00:09:45,850 --> 00:09:51,490
So this is something where we have to find which file it is, which is listening for the system.

145
00:09:51,490 --> 00:09:58,300
And then we get we have to either delete that system and stop that process ideas on the remote machine.

146
00:09:58,600 --> 00:10:05,140
So this is the following output which has been observed based on the process itself and.

147
00:10:07,550 --> 00:10:14,510
Yeah, there are many stuff which is our organ service detection, our service detection, sandack,

148
00:10:15,350 --> 00:10:16,750
these are all application.

149
00:10:17,090 --> 00:10:23,010
There are some weaknesses related to SSL, DNS service related challenges as well.

150
00:10:23,540 --> 00:10:28,780
There are, of course, there are some issues related to SSL, which you can see it this way.

151
00:10:30,320 --> 00:10:34,700
It says that openness is a package, random number, generator weaknesses.

152
00:10:34,940 --> 00:10:41,560
And this seems to be, of course, as it was expected, this was found to be related to some 100.

153
00:10:42,080 --> 00:10:48,530
You can again, go on to KVI and you can search for it and you probably get more information.

154
00:10:49,490 --> 00:10:53,270
So you can see this is, again, one liberty on the system.

155
00:10:53,660 --> 00:10:55,130
So now this is really helpful.

156
00:10:55,140 --> 00:11:01,160
We have started with just one initially and we have reached 69 one already on the system.

157
00:11:01,580 --> 00:11:09,410
And for when you start walking in for the real project or real involvement in a company, you get to

158
00:11:09,410 --> 00:11:10,070
see this.

159
00:11:10,070 --> 00:11:16,550
This is something which is this is something which, you know, in the organization there are security

160
00:11:16,550 --> 00:11:22,020
analyst who runs this scanning for all the hosts, either monthly or weekly basis.

161
00:11:22,020 --> 00:11:29,690
So it runs for all the system, all the routers such as firewalls and and for you have even the devices

162
00:11:29,690 --> 00:11:33,110
which are responsible for security and securing the network.

163
00:11:33,380 --> 00:11:35,480
They could also have vulnerability.

164
00:11:35,810 --> 00:11:42,010
And this kind of scanner also perform scanning against those platform as well.

165
00:11:42,740 --> 00:11:46,220
So the scan scanner performed the scan.

166
00:11:46,340 --> 00:11:52,250
This network scanner performs the vulnerability scanning against the routers, switches, servers and

167
00:11:52,250 --> 00:11:54,320
hosts of application everything.

168
00:11:54,320 --> 00:12:01,790
And the once the report comes and that comes to their e-mail box, they comes, they download a spreadsheet

169
00:12:01,790 --> 00:12:04,980
and then share across multiple department.

170
00:12:05,240 --> 00:12:09,880
So let's say there are a set of weaknesses that have vulnerabilities for router.

171
00:12:10,130 --> 00:12:11,880
It would be shared for the network team.

172
00:12:12,080 --> 00:12:18,200
If there are a set of vulnerabilities on the firewalls, it would be shared to the firewall team.

173
00:12:18,200 --> 00:12:23,510
If it is set up for what is on the application, it would be shared with the application.

174
00:12:23,900 --> 00:12:24,560
Why?

175
00:12:25,280 --> 00:12:29,210
The reason is there could be some time false positive.

176
00:12:29,220 --> 00:12:30,900
I mean, that could be something.

177
00:12:30,920 --> 00:12:37,730
This is these are all something which is very much accurate that and we have a specific comparison about

178
00:12:37,730 --> 00:12:42,250
a specific CBE, but there are some recommendations coming in as well.

179
00:12:42,270 --> 00:12:42,550
Right.

180
00:12:42,770 --> 00:12:44,950
Informational details as well.

181
00:12:44,960 --> 00:12:48,250
What do you see in this informational barometer as well?

182
00:12:48,260 --> 00:12:48,490
Right.

183
00:12:48,800 --> 00:12:53,140
So these are informational detection in that situation.

184
00:12:53,150 --> 00:12:54,860
It would be shared with the concern team.

185
00:12:54,870 --> 00:13:01,760
And they they inform you back or they mentioned in the report saying that, OK, this is something which

186
00:13:01,760 --> 00:13:03,230
we can avoid at this moment.

187
00:13:03,230 --> 00:13:05,420
And this is this could be a false positive.

188
00:13:05,720 --> 00:13:06,050
Right.

189
00:13:06,090 --> 00:13:07,340
Which is detected.

190
00:13:07,610 --> 00:13:09,150
But this is false, OK?

191
00:13:09,500 --> 00:13:15,890
And if they find that this is really the critical one, of course, the one which is matching the DCB,

192
00:13:16,250 --> 00:13:21,770
they have to fix it and they will get it fixed as soon as possible and they will give us the report.

193
00:13:21,770 --> 00:13:29,180
And this will be going to the risk management team as well, or the security management as a part of

194
00:13:29,180 --> 00:13:33,710
their ROOPI, see a risk management planning as well.

195
00:13:33,860 --> 00:13:34,200
All right.

196
00:13:34,400 --> 00:13:36,110
So this is all about just getting in.

197
00:13:36,110 --> 00:13:41,540
The next session will look at you for, you know, further replication scan that would scan and advance

198
00:13:41,540 --> 00:13:42,260
scan as well.

199
00:13:42,380 --> 00:13:42,830
Thank you.