What is vulnerability discovery?
Vulnerability discovery is an integral part of any security assessment.
What most automated scanners are doing?
- Detect if a target is up and running.
- Conduct a full or partial port scan, depending on the configuration.
- Identify the operating system using common fingerprinting techniques.
- Attempt to identify running services with common techniques such as banner grabbing,
service behavior identification, or file discovery. - Execute a signature-matching process to discover vulnerabilities.
What is WMI?
Windows Management Instrumentation
What is UAC?
User Account Control
What is Nessus?
Vulnerability scanner.
Nessus Basic Network Scan
Basic Network Scan: Generic scan with various checks that are suitable to be used against various target types.
Nessus Credentialed Patch Audit
Credentialed Patch Audit: Authenticated scan that enumerates missing patches.
Nessus Web Application Tests
Web Application Tests: Specialized scan for discovering published vulnerabilities in Web Applications.
Nessus Spectre and Meltdown
Spectre and Meltdown: Targeted scan for the Spectre and Meltdown vulnerabilities.
How to check the nmap script database?
kali@kali:~$ cd /usr/share/nmap/scripts/
kali@kali:/usr/share/nmap/scripts$ head -n 5 script.db
kali@kali:/usr/share/nmap/scripts$ cat script.db | grep ‘“vuln”|“exploit”’
-
Kali47
-
CLI190
-
HTTP Statuses79
-
Practical Tools197
-
Real Practice13
-
Bash Scripting79
-
Passive Information Gathering51
-
Active Information Gathering126
-
Vulnerability Scanning10
-
Web Application Attacks14
-
Introduction to Buffer Overflows0
-
Windows Buffer Overflows0
-
Linux Buffer Overflows0
-
Client-side Attacks0
-
Locating Public Exploits0
-
Fixing Exploits0
-
File Transfers0
-
Antivirus Evasion0
-
Privilege Escalation0
-
Password Attacks0
-
Port Redirection and Tunneling0
-
Active Directory Attacks0
-
The Metasploit Framework0
-
PowerShell Empire0
-
Assembling the Pieces: Penetration Test Breakdown0
