1
00:00:00,120 --> 00:00:06,060
This is yet another high level overview because I think we've covered this quite a bit in this course.

2
00:00:06,060 --> 00:00:11,670
So using opponents with known vulnerabilities you're gonna see this when it comes to network pen testing

3
00:00:11,760 --> 00:00:14,650
for example like Eternal Blue right.

4
00:00:14,670 --> 00:00:17,280
Or any of the things that we cover in the midcourse Capstone.

5
00:00:17,280 --> 00:00:21,180
A lot of those were just kind of run and gun really easy vulnerabilities.

6
00:00:21,270 --> 00:00:23,500
You're gonna see this in web applications as well.

7
00:00:23,610 --> 00:00:31,600
And there are different tools that we can utilize and go after searching for these known vulnerabilities.

8
00:00:31,740 --> 00:00:39,540
And you kind of saw it originally when we were talking in burps we and let's go back into burps we hear

9
00:00:39,920 --> 00:00:43,240
and there's some tools in here especially with the scanner tool right.

10
00:00:43,260 --> 00:00:49,070
So the scanner tool is going to check for these out of date kind of applications.

11
00:00:49,320 --> 00:00:54,960
If you go into extender and you have actually have the pro prohibition there's some more in here that

12
00:00:54,960 --> 00:00:59,190
will allow you active scan plus plus will check for it.

13
00:00:59,190 --> 00:01:06,380
Retired J.S. over here will also check for potential vulnerable javascript libraries.

14
00:01:06,510 --> 00:01:13,680
And this software vulnerability scanner all also Java D serialization scanner we just talked about that

15
00:01:13,680 --> 00:01:14,290
right.

16
00:01:14,310 --> 00:01:18,720
So there's a bunch of different ones additional scanner check software version reporter.

17
00:01:18,990 --> 00:01:23,020
These are all part of the BRB pro edition and that's OK.

18
00:01:23,040 --> 00:01:29,160
Again if you don't have Bert probe but know that these exist over here in the extenders store and you

19
00:01:29,160 --> 00:01:35,480
know if you're if you're kind of you know doing it on the cheap you can come no appetizer look at it

20
00:01:35,490 --> 00:01:36,570
say oh it's running J.

21
00:01:36,570 --> 00:01:38,490
Query three point three point one.

22
00:01:38,490 --> 00:01:40,350
Let me go check out what that is.

23
00:01:40,530 --> 00:01:46,260
Or if you go to a Web site and you're running a scan and you see like OK this is running this version

24
00:01:46,260 --> 00:01:52,290
of this tool or this version of this back end you know you're going to want to research that and see

25
00:01:52,350 --> 00:01:55,800
what if there's anything vulnerable for that web application.

26
00:01:55,800 --> 00:02:01,320
Another thing that you can do and probably will do is run nexus against your web application.

27
00:02:01,320 --> 00:02:03,500
You're gonna run it against it.

28
00:02:03,510 --> 00:02:08,190
Not only to do vulnerability scanning against the web app you're going to use more brb sweet for that

29
00:02:08,220 --> 00:02:14,070
but also to run it against the ports on that machine to see if there's any open ports that might be

30
00:02:14,070 --> 00:02:16,670
there that have vulnerable our vulnerabilities.

31
00:02:16,680 --> 00:02:21,920
But it will identify some of these software that's running on the Web site as well.

32
00:02:21,930 --> 00:02:25,800
And it will tell you if it's vulnerable if it finds out that it has the plug in for it.

33
00:02:26,430 --> 00:02:28,150
So just keep that in mind.

34
00:02:28,170 --> 00:02:30,240
Really that's that's the high level overview.

35
00:02:30,240 --> 00:02:34,890
This is something that should be familiar to all of us is that we should always be patching right.

36
00:02:34,890 --> 00:02:38,810
We shouldn't we should not be using components with no motor abilities.

37
00:02:38,900 --> 00:02:42,030
And if we can prevent it by all means necessary.

38
00:02:42,030 --> 00:02:47,010
So when you see it mentions I retired at J.S. here it's got dependency check.

39
00:02:47,020 --> 00:02:52,890
There's there's other things in these resources that we're providing that talks about it here it talks

40
00:02:52,890 --> 00:02:59,040
about Apache struts to guess what Apache struts to us by the way that was a d civilization attack.

41
00:02:59,610 --> 00:03:07,650
OK so this is a very very famous attack here and it just talks about it and you can go and it's talking

42
00:03:07,650 --> 00:03:12,990
about a showdown here you can go and show Dan and if you urban on showdown it's a great Web site where

43
00:03:12,990 --> 00:03:20,580
you can go out there and look up different vulnerabilities that might exist like you might be able to

44
00:03:20,580 --> 00:03:24,990
search for this specifically by a string and see.

45
00:03:24,990 --> 00:03:25,300
OK.

46
00:03:25,320 --> 00:03:30,120
Well wow there's all these out there these machines up there that are still vulnerable to this Apache

47
00:03:30,120 --> 00:03:33,580
struts 2 or 2 x y z type exploit.

48
00:03:33,600 --> 00:03:39,960
You know and it's it's honestly a very scary thing when you do that because just the other day I was

49
00:03:39,960 --> 00:03:45,150
looking at a bug bounty program and I said well there's this there's this vulnerability that just came

50
00:03:45,150 --> 00:03:48,990
out and there's an easy way to search for it something to go search for it and see what's there and

51
00:03:49,390 --> 00:03:52,680
if any of these machines belong to a bug bounty program.

52
00:03:52,680 --> 00:03:58,010
So I did the research just looking through it and all these places where they were vulnerable was.

53
00:03:58,020 --> 00:04:04,770
It was sad almost like hospitals schools government entities all these things that were out there that

54
00:04:04,770 --> 00:04:06,680
were just wide open and vulnerable.

55
00:04:06,750 --> 00:04:11,820
And it's because patching is not kept up to date if you're not patching if you don't have an active

56
00:04:11,820 --> 00:04:15,810
patch schedule you're going to be using these these components with known vulnerabilities and you're

57
00:04:15,810 --> 00:04:16,860
going to run into issues.

58
00:04:16,860 --> 00:04:23,910
So you know patching is very very very important and it's going to show up on this list pretty much

59
00:04:24,060 --> 00:04:27,110
all the time every time because it just doesn't get done enough.

60
00:04:27,120 --> 00:04:29,940
And that's where we come in and we take advantage of it.

61
00:04:30,000 --> 00:04:31,530
So that's really it.

62
00:04:31,530 --> 00:04:36,290
We're gonna go ahead move on into insufficient logging in monitoring and then we are done with this

63
00:04:36,290 --> 00:04:36,750
section.