1
00:00:00,780 --> 00:00:08,400
A vulnerability as a weakness in a network system some of the most common vulnerabilities that we face

2
00:00:08,430 --> 00:00:14,070
in the cyber security world are software Barner abilities.

3
00:00:14,220 --> 00:00:23,390
If you go to Cisco's Security advisories and alerts web page you can see a list of recent vulnerabilities.

4
00:00:23,510 --> 00:00:32,370
For example let's look at this Microsoft vulnerability the summary documentation says that this vulnerability

5
00:00:32,900 --> 00:00:39,990
in Microsoft ads could allow an unauthenticated remote attacker to access sensitive information on a

6
00:00:39,990 --> 00:00:41,810
targeted system.

7
00:00:41,820 --> 00:00:48,360
So obviously this would be a major concern and this is why it is critical to make sure that our network

8
00:00:48,360 --> 00:00:54,690
devices have uptodate software to eliminate as many vulnerabilities as we can.

9
00:00:57,370 --> 00:01:05,260
To find vulnerabilities on endpoints you can use vulnerability scanning software to demonstrate what

10
00:01:05,260 --> 00:01:07,420
a vulnerability scan looks like.

11
00:01:07,480 --> 00:01:12,480
I will use a tool included with Caylee called Golla shmear up.

12
00:01:12,530 --> 00:01:21,240
I think that is how you say it anyway but I'm not positive so I log back into my Kelly virtual machine

13
00:01:22,050 --> 00:01:26,310
is you're logging back into it for the first time and you don't remember the default password it's T

14
00:01:26,460 --> 00:01:27,200
O R

15
00:01:30,190 --> 00:01:37,390
if you go up to this applications drop down from your Kelly desktop it gives a list of the different

16
00:01:37,390 --> 00:01:40,840
categories of applications that you can run.

17
00:01:40,840 --> 00:01:47,350
So since I want to show you how to check for vulnerabilities I'm going to go in to this vulnerability

18
00:01:47,350 --> 00:01:54,820
analysis option and then I'm going to run this top on here with the spider icon.

19
00:01:54,910 --> 00:01:56,140
So I left click on that.

20
00:01:56,260 --> 00:02:03,190
It's going to pull up a terminal and then it gives you some basic information for how to run this application

21
00:02:03,520 --> 00:02:06,370
as well as what commands you could run.

22
00:02:06,730 --> 00:02:10,330
There's Python scripts you can use to run this application

23
00:02:13,140 --> 00:02:13,400
OK.

24
00:02:13,410 --> 00:02:18,830
And I'm going to show you the stream that I use for using this application for scans.

25
00:02:21,100 --> 00:02:28,570
Start out with sudo to run this string as a super user to make sure that there's no limitations for

26
00:02:29,020 --> 00:02:33,340
any type of permissions that it's trying to use for the scanner.

27
00:02:35,160 --> 00:02:44,010
And then to actually call out the application will type in Gaulish mirro and then I'm going to say the

28
00:02:44,010 --> 00:02:50,370
command I want to run for the application is scan and then my target host this could be an IP address

29
00:02:50,940 --> 00:02:52,810
or a hostname.

30
00:02:52,890 --> 00:03:04,490
I use the path to my web server HTP and then the name of my web server and I could just enter now and

31
00:03:04,480 --> 00:03:09,560
it would scan that target and you would see the output in the terminal all uses so many plug ins by

32
00:03:09,560 --> 00:03:14,840
default that that could take a really long time and since this is for demonstration purposes I'm going

33
00:03:14,840 --> 00:03:21,500
to disable some of the plug ins that it uses with the minus the option and then the name of the plug

34
00:03:21,500 --> 00:03:27,660
in that saying disable any plug ins with DNS in the plug in name.

35
00:03:28,360 --> 00:03:36,320
And then I'll disable anything with Brewton it because there is some brute force against and map

36
00:03:41,710 --> 00:03:42,550
harvester

37
00:03:46,080 --> 00:03:50,910
and finally I want to output the results to a HDMI file.

38
00:03:51,050 --> 00:03:59,740
So I'll say minus 0 to output the result name of the file.

39
00:03:59,920 --> 00:04:02,020
I want it to be called scan results.

40
00:04:02,040 --> 00:04:02,800
H t.

41
00:04:17,450 --> 00:04:24,560
OK so the scan completed you can see the results of each of the scans right in the terminal like for

42
00:04:24,560 --> 00:04:29,070
example it did show it found a SSL vulnerability.

43
00:04:29,390 --> 00:04:35,810
But what's really cool about this application is it'll actually give you a web page summary of the the

44
00:04:35,810 --> 00:04:37,140
scan.

45
00:04:37,150 --> 00:04:44,730
So I'm going to minimize this then I'm going to just search for the name of the file that I want to

46
00:04:44,730 --> 00:04:46,430
output the results to.

47
00:04:46,620 --> 00:04:48,520
Or go to other locations.

48
00:04:48,990 --> 00:04:57,510
Click on computer and then I'll search for the name of the file I sent the results to.

49
00:04:57,540 --> 00:05:01,090
Now I've found my HMO page.

50
00:05:01,560 --> 00:05:08,460
I'm going to double click it and then it's going to open up this web page and in my browser.

51
00:05:08,510 --> 00:05:15,710
So here's our nice little vulnerability report that the goal this mirro or whatever it's called application

52
00:05:15,710 --> 00:05:16,990
created for us.

53
00:05:17,600 --> 00:05:25,180
It shows my target host and then which vulnerabilities were discovered we have vulnerabilities by criticality

54
00:05:26,230 --> 00:05:30,250
vulnerabilities by type.

55
00:05:30,290 --> 00:05:34,430
So here it did find an invalid SSL certificate vulnerability

56
00:05:39,370 --> 00:05:42,140
and then down at the bottom and gives you a detailed report.

57
00:05:42,310 --> 00:05:49,690
So is the plug in that discovered the Boehner ability as well as a nice description of the vulnerability.