Secure Digital Life #62
Recorded on May 1, 2018 at G-Unit Studios in Rhode Island!
- Check out our On-Demand material! Some of our previously recorded webcasts are now available On-Demand at: securityweekly.com/ondemand.
- Check out SOURCE Boston 2018 from May 9th - 10th! Go to sourceconference.com and register using the code SW75WMKW to get a $75 discount!
- Ticket Sales are open for Social Engineering RI Conference. Saturday, June 16th at Salve Regina University in Newport RI. Go to - http://se-ri.org/ to register! Patrick Laverty will be joining us for an interview next week. Stay tuned to hear more about this conference!
- HACKNYC The two-day Ethical Hacking Workshop runs $1499 and you're welcome to have your viewers use this code: TZ10 for a 10% discount. Here's a link for further info: https://bit.ly/2Jg3yZXSource Boston and other cons coming up. 9-May 10-May
Topic: Vulnerability Scanning, Andy Pete pt.3
So, the world didn't end.
On the Third Day there was Vulnerability Scanning...
- I do "apologize" for the daymon prank. Daemon is a derivative of an ancient Greek word and was correctly pronounced DIE-mon (per the head of the languages department at RWU). Daemon referred to a benevolant spirit and demon was a malevolent spirit. In the modern age, both words are pronounced DEE-mon. Just sayin'.
- So, let's talk about what a VS tool actually is:
- Probably the most common are network scanners that examine Servers and Web Daemons for vulnerabilities. These tools use scripts or code to run well known exploits against servers in an attempt to identify vulnerabilities.
- For instance, a common exploit is XSS (cross site scripting). This means that somehow someone embeds references (that are actually shown) to other sites in your site. A java script exploit may push tags onto a page so a vulnerability scanner would look for that capability and report the exploit.
- Another example would be something like a remote code execution in BIND. A vulnerablity scanner might check that you are running the extremely old version 9.4.2 which contains a vulnerability in libbind which allows exploits. The VS might scan for the version (pretty simple) or even the library that contains the vulnerability and generate a report.
- Sophisticated reports should contain not just vulnerabilities but should also be interpreted by the analyst to determine the risk and severity in localised terms for that enterprise.
- I hate to see automated reports where they just pushed the print button but even an automated report is better than nothing so if that's all you can afford, well. This means you can remediate the exploits or you can "accept the risk". Remediation means that it was addressed. It can be
- Corrected (prevention, updates and patches)
- Mitigated (reduced through prevention or other means)
- Accepted (oh well)
- Transferred (underwritten)
You need to establish your baselines in terms of what risks you can afford and what they will cost when they happen.
Here are some notes for my section. I've attached some PDFs I created too.
- Rapid7 insightVM introduction
- Scan engine
- Cloud scanner
- Overview of ideal scanning setup. Refer to Vulnerability Scanning Ideal Setup.pdf
- Diagram of vulnerability scanning lab - Refer to Vulnerability Scanning Lab Diagram.pdf
- Vulnerability scanning configuration
- Assets/IP Addresses
- Scan template
- Vulnerability Scanning Walkthrough
- Start a vulnerability scan
- Go over vulnerabilities/assets already in system