1

00:00:00,130 --> 00:00:01,500

All right, so welcome back, everyone.



2

00:00:01,530 --> 00:00:07,320

This is Rajneesh, and the situation is about to start when we need to do this.



3

00:00:07,770 --> 00:00:09,060

It's a regular practice.



4

00:00:09,090 --> 00:00:15,420

In fact, if you remember, I told you about this every week, every month.



5

00:00:15,870 --> 00:00:22,440

What happened is, even in my organization, whenever we take care of any clients, we do the monthly



6

00:00:22,440 --> 00:00:24,630

scan for their entire network.



7

00:00:24,640 --> 00:00:28,280

We perform this scan for all their all their assets.



8

00:00:29,340 --> 00:00:33,790

So in that situation, we identify all the assets based on the IP address.



9

00:00:34,740 --> 00:00:41,190

And once that is done, we get the report on the spreadsheet and then we share across to the specific



10

00:00:41,190 --> 00:00:44,640

person, usually the team manager.



11

00:00:44,790 --> 00:00:50,310

And then they each day they make apply a filter on the spreadsheet and didn't share to the respective



12

00:00:50,310 --> 00:00:50,600

team.



13

00:00:51,000 --> 00:00:55,110

Maybe if we got, you know, hundreds of vulnerabilities on the firewall.



14

00:00:55,120 --> 00:00:56,970

So it would be shared with the firewall team.



15

00:00:57,510 --> 00:01:04,830

If we have 131 liabilities on on a Cisco router, it could be shared with the network team to fix that



16

00:01:04,830 --> 00:01:05,310

problem.



17

00:01:05,610 --> 00:01:13,650

If we got maybe, you know, 20, 21 already is on the servers, which is comparatively pretty low in



18

00:01:13,650 --> 00:01:14,040

number.



19

00:01:14,040 --> 00:01:17,940

But still, for example, it would be shared, shared to the server team.



20

00:01:18,270 --> 00:01:24,570

Now, all of those teams then responded back to the team to, you know, update them about this is what



21

00:01:24,570 --> 00:01:26,300

happened and this is the part about it.



22

00:01:27,000 --> 00:01:27,270

Right.



23

00:01:27,300 --> 00:01:30,620

So this is how the dart structure really works.



24

00:01:30,630 --> 00:01:37,710

And usually it would be shared, shared infosec manager shared to the, you know, the managers of those



25

00:01:37,710 --> 00:01:45,510

department and then the manager of maybe network team then shared through the network analysis manager



26

00:01:45,510 --> 00:01:51,870

of firewall team, shared to the firewall analyst and manager of sys admin.



27

00:01:51,870 --> 00:01:58,140

Our system team basically shared the system and to fix the vulnerabilities on the server side.



28

00:01:58,560 --> 00:02:01,020

So let's start over again.



29

00:02:01,020 --> 00:02:05,880

In this situation, what happiness will be straight away going to our scanner?



30

00:02:06,130 --> 00:02:08,880

OK, this is our scan.



31

00:02:09,370 --> 00:02:11,450

Let me close it.



32

00:02:11,460 --> 00:02:11,840

Yeah.



33

00:02:12,330 --> 00:02:14,190

And let me launch a new scan.



34

00:02:14,340 --> 00:02:24,900

At this moment, what we can do is in spite of network scan, in spite of just specifying a single IP



35

00:02:24,900 --> 00:02:28,340

address, will be making use of the entire network.



36

00:02:28,350 --> 00:02:31,590

So standard zeroed out one dot seal.



37

00:02:31,860 --> 00:02:33,210

So zero.



38

00:02:34,530 --> 00:02:41,840

So this covers the entire network because let's say I know that my Internet workspace is of Ten Network,



39

00:02:41,880 --> 00:02:43,860

so I can consider all the IP address.



40

00:02:44,250 --> 00:02:52,920

But if I know I just have to fit the system to scan maybe two in that situation, it would start scanning



41

00:02:52,920 --> 00:03:02,360

all the IP addresses ranging from 10, not zero to one, not one to 10 to zero one dot to fifty four.



42

00:03:03,210 --> 00:03:12,210

OK, and that way it would scan all those system and this subnet and I can even and then nodes go door



43

00:03:12,210 --> 00:03:17,560

to door zero four five twenty four as well.



44

00:03:17,880 --> 00:03:21,270

This would again cover another 255 host.



45

00:03:21,570 --> 00:03:28,200

I can keep adding all the network if let's say I just want to scan all of my network so I can simply



46

00:03:28,200 --> 00:03:29,940

scan all the network.



47

00:03:29,940 --> 00:03:37,500

Maybe I have ten slash eight network so I can specify the zero eight.



48

00:03:37,860 --> 00:03:45,710

So this we're going to scan all of my network system irrespective of their subnets they belong to.



49

00:03:45,840 --> 00:03:51,500

In my situation, we have a limited host and slash twenty four.



50

00:03:51,930 --> 00:03:53,490

So we have some servers.



51

00:03:53,850 --> 00:03:55,170

As I have shown you.



52

00:03:55,320 --> 00:03:58,980

We have got so we have got.



53

00:03:59,190 --> 00:03:59,550

All right.



54

00:03:59,550 --> 00:04:01,590

So we have Windows servers running.



55

00:04:01,590 --> 00:04:03,300

So I will be scanning that.



56

00:04:03,300 --> 00:04:06,120

We have Windows Ten machine that has been running.



57

00:04:06,510 --> 00:04:10,300

We have been as DSP servers, we have got databases.



58

00:04:10,320 --> 00:04:11,670

Well let me turn it up.



59

00:04:11,730 --> 00:04:17,400

The difference in DCB services is so works as well and this would be started as well.



60

00:04:17,730 --> 00:04:22,430

And we have got database MySQL database servers as well.



61

00:04:22,770 --> 00:04:25,800

And of course we do have many desperate people running.



62

00:04:25,800 --> 00:04:34,930

Do we have got OS bwl which need to be started to because this is a game that we've made us to, is



63

00:04:35,210 --> 00:04:41,160

host having the ability or SBW, where the Broken Web application is a set of.



64

00:04:41,160 --> 00:04:49,800

It's a group of all the infected web applications, so it more often includes more of it, including



65

00:04:50,190 --> 00:04:53,610

all the Web application in a single host.



66

00:04:54,250 --> 00:04:59,790

OK, and so once we specify that, we can specify the.



67

00:04:59,860 --> 00:05:06,870

Great interest as well, but for now, let's keep it as it is we can in case of basic network scan,



68

00:05:06,880 --> 00:05:13,170

we can't really modify any plugins to be we just have to be hazardous and let's start over again.



69

00:05:14,260 --> 00:05:18,350

OK, so usually what happens is it has to discover all the cost.



70

00:05:18,670 --> 00:05:23,200

So for Discovery itself, the scan is now ready for now.



71

00:05:23,200 --> 00:05:26,560

Let's pause it and let me show you there's a discovery scan.



72

00:05:26,560 --> 00:05:30,250

Is this especially to discover how many holes we have in the network?



73

00:05:30,700 --> 00:05:38,240

So when you ran this disk scan, this will only give you an idea about what almost you or you are having



74

00:05:38,510 --> 00:05:42,280

in a specific network and then you get the idea.



75

00:05:42,310 --> 00:05:44,260

OK, these are the most available.



76

00:05:44,550 --> 00:05:50,650

What are the operating system they are on and what application, what version of the operating system



77

00:05:50,650 --> 00:05:51,490

they are running with them?



78

00:05:52,230 --> 00:05:55,220

OK, that's something you can start with, OK?



79

00:05:55,540 --> 00:06:01,060

So usually before doing the network scan, you can make use of discovery to discover all the hosts in



80

00:06:01,060 --> 00:06:01,610

a network.



81

00:06:02,020 --> 00:06:03,310

That's something you can start with.



82

00:06:03,320 --> 00:06:10,300

But usually when we when we perform the network scan, start with the discovery and then start finding



83

00:06:10,300 --> 00:06:12,570

the vulnerabilities of each and every host.



84

00:06:12,850 --> 00:06:18,460

OK, so let me start to launch this scan and let's see what stopped happening.



85

00:06:19,510 --> 00:06:22,750

You will see a list of all the hosts one by one.



86

00:06:22,750 --> 00:06:31,630

And if we become lucky, we could we could see some interesting vulnerabilities as well.



87

00:06:32,860 --> 00:06:33,250

All right.



88

00:06:33,260 --> 00:06:39,430

So let's pause this video for now and we will wait for some time to get the report, to get the detail



89

00:06:39,430 --> 00:06:41,590

about it, because that's a huge scan.



90

00:06:42,220 --> 00:06:49,690

So we have reset to time, but we have got a significant amount of vulnerabilities.



91

00:06:50,020 --> 00:06:51,270

Let's start with the host.



92

00:06:51,640 --> 00:06:54,870

So the first thing that you see is the discovery of all this.



93

00:06:54,870 --> 00:06:57,580

Who was from then on out one, not 14?



94

00:06:57,970 --> 00:06:59,520

That's our that's portable.



95

00:06:59,530 --> 00:07:03,730

And we have got many other hosts who still have the one liberty as well.



96

00:07:04,270 --> 00:07:07,110

So then not zero on one or two.



97

00:07:07,120 --> 00:07:08,680

That's the host information.



98

00:07:08,680 --> 00:07:15,090

That's the Linux kernel with running the Windows system and everything that seems to be on Broadway.



99

00:07:15,610 --> 00:07:21,190

And we have got one or two and we do have some more system one.



100

00:07:21,190 --> 00:07:24,280

But 15 is the host name is not yet clear.



101

00:07:24,580 --> 00:07:26,220

It seems to be a Windows machine.



102

00:07:27,520 --> 00:07:29,920

And let's talk about one to three.



103

00:07:30,430 --> 00:07:36,610

And it's majorly our server for sure, because that's our that's where the servers are running.



104

00:07:37,270 --> 00:07:41,040

And this is what the vulnerabilities reports will look like.



105

00:07:41,050 --> 00:07:47,850

So most vulnerable system seems to be then large zeroed out one but 14 and then not zeroed out, wonder,



106

00:07:47,910 --> 00:07:55,330

well, why we don't have one of these on our any of our systems to see if we can find any vulnerabilities



107

00:07:55,330 --> 00:07:59,650

for, you know, for any of us, because that's a brand new server.



108

00:07:59,650 --> 00:08:03,390

There's no servers, active service running on it or any.



109

00:08:04,600 --> 00:08:06,880

Well, yeah, we do have a service running, but.



110

00:08:07,600 --> 00:08:13,870

But there's no additional application, no Third-Party application running, which could probably be



111

00:08:13,870 --> 00:08:17,310

a weakness or could create a vulnerability on the system.



112

00:08:18,100 --> 00:08:24,850

What we have a problem is with the postal system where we where we have maximum vulnerability and you



113

00:08:24,850 --> 00:08:28,070

can see Eighty-three vulnerability out of that maximum.



114

00:08:28,280 --> 00:08:30,820

There are 77 percent of them are critical.



115

00:08:31,480 --> 00:08:40,010

Seven percent of a highly critical high would be high reach, and then 16 percent are a medium than



116

00:08:40,360 --> 00:08:45,210

a four percent low and then 66 percent are of information.



117

00:08:45,970 --> 00:08:48,130

So this is pretty great information.



118

00:08:48,130 --> 00:08:53,740

Even if you look at the first Apache Tomcat, which is for a Web application.



119

00:08:54,670 --> 00:09:00,010

So even if you look at any of this one liberty, you get the information about what those vulnerabilities



120

00:09:00,010 --> 00:09:00,430

are.



121

00:09:00,760 --> 00:09:03,100

And this is more likely for injections.



122

00:09:03,100 --> 00:09:08,500

And this this seems to be a very risky as well if you want to get more information about any one of



123

00:09:08,500 --> 00:09:08,920

them.



124

00:09:09,820 --> 00:09:13,750

So what you can do is you can actually copy the.



125

00:09:16,670 --> 00:09:17,780

CV, no.



126

00:09:17,990 --> 00:09:28,490

And then again, you can reach out to the CBD or see the CBD and then on the CBD, you can piece the



127

00:09:28,510 --> 00:09:32,890

detail and you can get to know about is it really the one?



128

00:09:32,900 --> 00:09:34,110

Is it really the correct one?



129

00:09:34,130 --> 00:09:34,460

Yeah.



130

00:09:34,880 --> 00:09:35,840

So absolutely.



131

00:09:35,840 --> 00:09:36,800

This is the right one.



132

00:09:36,810 --> 00:09:38,590

It is for Apache Tomcat.



133

00:09:39,110 --> 00:09:42,410

And yes, you can see this is for I don't get it.



134

00:09:43,100 --> 00:09:47,450

This is how you can go deep into it and get the output about it as well.



135

00:09:47,480 --> 00:09:53,060

So this is how this scam was launched and the output was available here as well.



136

00:09:53,720 --> 00:09:59,720

What is the solution when when this report is downloaded by the vulnerability or security is infosec



137

00:09:59,720 --> 00:10:03,370

team, it will be given to the one, you know, web developer.



138

00:10:03,590 --> 00:10:04,870

Why, you may ask?



139

00:10:04,880 --> 00:10:07,160

It's a security issue nationwide.



140

00:10:07,420 --> 00:10:09,490

Why would you give it to the developer team?



141

00:10:10,190 --> 00:10:16,580

Because while fixing it, it is all the software related problem, because this is this platform is



142

00:10:16,580 --> 00:10:22,820

owned by the owner of the platform is the developer, because this is the application.



143

00:10:22,820 --> 00:10:23,060

Right.



144

00:10:23,630 --> 00:10:29,450

So if you see the solution, even solution can give you the better idea of doing the AJP configuration



145

00:10:29,450 --> 00:10:37,700

to require authorisation or upgrade the Tomcat server two seven one zero point 100 or dissuasion or



146

00:10:37,700 --> 00:10:38,360

maybe Linko.



147

00:10:38,840 --> 00:10:42,620

So when you want to upgrade the server Tomcat, it's a Web application.



148

00:10:42,620 --> 00:10:50,450

So if you want to upgrade the Apache servers, you need the Web team, the application team to perform



149

00:10:50,450 --> 00:10:51,140

that activity.



150

00:10:51,770 --> 00:10:58,070

This has nothing to do with the security right in order to upgrade any software or downgrade any application,



151

00:10:58,070 --> 00:11:00,680

adding a new application or removing any application.



152

00:11:00,710 --> 00:11:07,150

This is all has to be done by the application owner, the stakeholder of the application.



153

00:11:07,460 --> 00:11:11,920

So this will be given to the right person, right team as well to perform the activity.



154

00:11:12,350 --> 00:11:19,280

The purpose of the scanning is are the responsible person of the scanning is the security team whose



155

00:11:19,280 --> 00:11:26,030

task is to detect the vulnerability and get it fixed by the concern being.



156

00:11:26,330 --> 00:11:28,160

So that's the responsibility of it.



157

00:11:28,570 --> 00:11:36,740

Usually it's not the it's not the way, you know, it is getting the the they just they can just simply



158

00:11:36,740 --> 00:11:43,940

hand it over or give the report to the consultant manager and then it's a job of that concern manager



159

00:11:43,940 --> 00:11:45,940

to get it fixed from the analysis.



160

00:11:46,010 --> 00:11:46,400

All right.



161

00:11:46,850 --> 00:11:49,130

So that's all about the network scanning.



162

00:11:49,130 --> 00:11:53,060

I hope you've got a pretty clear sense about how this scanning really works.



163

00:11:53,480 --> 00:11:57,980

We can take you in the next session where we'll start scanning the application as well.



164

00:11:58,490 --> 00:11:59,000

Thank you.