Learn Qualys Vulnerability Management (Home Lab)
Vložit
- čas přidán 27. 06. 2024
- Hello everyone! In this video, I will teach you how to use Qualys Community Edition!!! You will be able to scan your home network or virtual machines for vulnerabilities and learn how to remediate them. Qualys is a powerful tool that organizations use to scan their networks for vulnerabilities or misconfigurations in order to strengthen their network security. Learning this tool can vastly improve your chances of landing an information security role. You can also add this to your resume in the projects section.
Quick disclaimer. PLEASE do NOT scan a network you do not have explicit permission to scan. Unauthorized activity like this can result in serious legal consequences. So ONLY scan your home network. Thank you :)
Qualys Community Edition:
www.qualys.com/community-edit...
Qualys Training:
www.qualys.com/training/
Oracle VirtualBox:
www.virtualbox.org/wiki/Downl...
Windows 10 Installation Media:
www.microsoft.com/en-us/softw...
Old Firefox Versions:
ftp.mozilla.org/pub/firefox/r...
VLC Media Player:
www.videolan.org/vlc/releases/
Intro: 0:00
Resume: 1:25
What is Qualys?: 1:30
Downloading Software: 2:03
Creating Qualys Account: 4:15
Setting up Qualys VA: 5:14
Installing Win10 VM: 8:30
Setting up a Scan: 11:23
Changing Win10 Settings: 14:39
Authenticated Scan: 16:18
Remediating Vulnerabilities: 19:40
Verifying Remediations: 19:59
Qualys Certification: 20:51
Outro: 21:27
The music played in this video is not my own creation. Please support the original creator.
Morning Routine by Ghostrifter Official | / ghostrifter-official
Music promoted by www.chosic.com/free-music/all/
Creative Commons CC BY-SA 3.0
creativecommons.org/licenses/...
#vulnerability #vulnerabilitymanagement #cybersecurity #portfolio #project #informationtechnology #qualys #education #cve #career #jobs
Very underrated content. As junior QA I'm assisting in Vulns management and videos like Yours are very helpful with getting know-how.
Thanks for the video, Kevin. Waiting on more videos from your side, your knowledge is to the point and informative.
Thank you so much for this Video. It helped me. Cheers mate.
Thanks for sharing.. looks a bit complicated but I’m eager to learn.. thanks again
Thank you so much this is the most helpful and practical video I have seen on CZcams please don’t stop posting
Thank you!! This means a lot to me :')
This is really Helpful, I want to get into this new industry and currently trading to learn Qualys. This really helps
Great info and I like how you kept your errors in the video.
Thank you, it’s clear and clear, precise.
Kevin this was amazing. I figure alot of new things out and it really made me think!
Thank you!! I'm glad this was helpful 🥹
Awesome Kevin, my diving into the cybersec, thanks for the video, im the 182 Subscriber officially ;)
Aye thanks! I appreciate the sub!
Great video, thank you!
Thanks for sharing this Kevin
👏🏼👏🏼👏🏼 Very Nice sir. Thank you 👊🏼
Hi Kevin, thanks for your lesson. It is simple and straigh forward to follow, happy learning.
Thank you! 🥹 It means a lot
Great video! Been doing the Qualys training on their website.
Hopefully its going well for you!
Such a great video my friend! - please if you can would be good to see vulnerability management in action whilst in production. so we can see how it goes!
Qualys i wasn't aware of so ive done some research on that too!
Keep making the good stuff it is much appreciated and especially hands on where noobs like myself can add stuff to my CV and understand cyber more !
very chill vibe will be subscribing
Thank you!
great video. thanks!
New to Qualys VM and came accros your video & I must say I’m really impressed, also , I would like to ask, can Qualys have the capability to conduct an external Pentest to my environment?
Would be nice to see full tutorial with best practices for AWS scanning
I like the way you laid out this intro and you do a great job explaining. Please make more videos. I'm managing qualys vmdr at my company and we are a smaller shop. I don't have a formal security background, more administration. Trying to tackle 9000 vulnerabilities at my org.
Thanks for the comment! Yea I'm working on making a Nessus video atm. Just trying to get it to run a credentialed scan on linux but no luck yet :p Once I get that up and running I'll start recording.
You should 100% put that vuln management stuff down in your resume and also mention the amount of vulns you remediate. Hiring managers love to see numbers and statistics in a resume. Good luck remediating those! 9000 is a crazy number but you can definitely bring that number down. Good luck!
@@kevingaray_cyberguy yea alot of it is going to be remediated indirectly with steps we are taking to secure everything. It is indeed a lot, unfortunately my company still relies heavily on legacy software.
@@mikezeigler1 yea sounds about right. Most vulns on 3rd party devices you just gotta let them know and ask if it will be fixed in a future patch. I feel your pain with legacy software lol time to build those rafs! lol
You should not disable the firewall and UAC globally. Those settings should even be flagged after the scan as critical security issues. If it doesn't, it is not doing a good job.
Hey thanks for the valuable information.
I’m currently an IT service desk analyst looking to transits into cybersecurity.
This is really helpful.
Already signed up to for the Qualys online training.
Thank you
Great to hear! Good luck on your journey. If a schmuck like me can do it, you definitely can :)
Cheers man
How’s the training been so far? I’m new too and looking to learn more about VM.
@@udohudoh6793 it’s been amazing. Very interesting 🙌🏿
What is the importance of Qualys certification???
very informative..
Very helpful video. Thanks for sharing. I have a question on what all a company would need to do a proof of concept test run.
Bro you did so many steps!
Yea the set up can be tedious lol but once it's running then it's a breeze after.
great video!
Thanks!
Just completed my VDMR Certification this weekend, I'm excited to to snag the PCI next.
Do you mean the certification that Qualys offers?
@@tonye.8023 yup
Correct! And congrats on getting the cert. PCI is becoming a pretty lucrative career, too. Good luck!
Hey You did great video , so well explained . I’m beginner and want to get into cyber security , I am already IT guy . Please make more videos like these including other tools . Also need your advise how to get into cyber security job.
Thanks for the comment! I'm planning on showcasing Nessus which is another vulnerability scan tool. Work is just keeping me pretty tied up but hoping to record it in the next week or so.
Thanks for the video.
Pls I have a question, while installing window 10 on the virtual machine, you kind of tweaked the initial ip address you imputed on the qualys platform earlier, subnet mask and default gateway. Pls I'm kinda stuck at this point.
Kindly help with this.
Thanks you!
hi good explaion ❤❤❤
Hello Kevin - does this use Ivanti's patch management for MacOS as well? I have a mixed environment with a few Mac's and was wondering if I could use it for home needs. Thank you in advance!
Nice video
Hi Kevin, Thank you for the video Please I am having problem with downloading the scanner to my virtual machine......... It wont download and does it take long to download?
Thank you so much for the tutorial, while trying to install the Win10 VM this error popped-up "windows cannot read the from the unattend answer file". Please do you know how I can fix it?
Hi Kevin, can you do a video scanning IaC w Snyk?
Great. Now how do you set up a physical Machine?
Can you make more videos using this scanner?
Hello Kevin. Trust you're doing well.
Please i am a subscriber and enjoying your class.
I am actually stocked in the place of router IP
I am using my Phone as my Internet provider. How do I manage this aspect. I have a month trial subscription on Qualys VMDR. Please sir.
Your content is lovely.
Good,
I’m running into issues my qualys authenticated scan is not returning any vulnerabilities related to vlc not Firefox. I’ve been trying to troubleshoot that for 2 days now. I’ve performed all the steps in’this viedo.
Thank you for the video, I'm trying to setup the VirtualBox, but I keep getting an error message requesting that I need to install Microsoft Visual C++ 2019 Redistributable Package first before Installing the Oracle VM VirtualBox. I have already installed the Window Creation Tool. Please how to sort this out for me to proceed. Thanks for the great contents.
Hey Kev! Lovely video. Was wondering if you could help me. I am getting this error The LAN interface is unable to obtain a valid IPV4 address. WHat woud be the soution here? Cheers.
had the same issue, worked when i went into the virtual machine settings and changed the network adapter settings from bridged to NAT
I don't get why you have to install the Qualys scanner on a VM. Why can't it be installed on a local machine on the network?
SLENDYMAYNE!!!!!💯💯💯💯💪💪💪
Did everything following the video, get an error at 7:16 , it says
Qualys. Scanner Console
Error: The LAN interface is unable to obtain a valid IPv4 address.
My network is behind a router, is there anyway to do this?
I do not understand why you needed to turn off the win 10 firewall, can you please explain it to me?
Is there a way for you to demonstrate how to deploy qualys virtual scanner in a Microsoft Azure virtual machine?
It's the same way using Azure Virtual Machine
Do you offer trainings
I've heard about Qualys and I'm transitioning into the CyberSecurity field & I wanted to know how thorough the course is & how long did the certification take?
Thank you in advance for any help/guidance you may provide.
Hi! Thanks for the comment :) The course for the VMDR certificate is pretty easy, it took me about 6 hours from start to finish along with maybe an extra hour to complete the final exam. It's pretty straightforward but it's all just basic knowledge. You don't really get to use the tool :/ That's kinda why I showcased this lab. To give people some hands-on experience with the tool so they can say "Yea I got the certificate and also know how to use the scanner" lol There's more to it too like building your dashboard to track remediated vulnerabilities, organizing vulns from critical to informational, etc.
Thanks@@kevingaray_cyberguy great video. Seems you've not posted in a while. If you could do more of this, it will be great. Love your work. Thanks. Just stepping into Cybersecurity myself as well. Will keep checking your page for more
Hi Kevin, I really appreciate the video. I also tried everything step by step but could not find any vulnerabilities.
Hey! Like none at all? Could be a credentials issue. Make sure you're giving Nessus the right credentials. If you're installing Nessus on your own machine to perform the scans, try changing the VM's network adapter from bridged to host-only and check the IP address and use the changed one. I believe someone ran into this issue before. Good luck!
Hi Kevin, I appreciate the reply. I installed qualys on my VM. But will try again. Thanks.
Please kevin, it keeps saying that it cant be verified while trying to download please help me what can i do
Hey Kevin
I am stuck with the authentication
I am not able to authenticate my Virtual box to Qualys
It says unabale to complete windows login for host = , domain= , ntstatus=
Can you please help me with this
I am cybersec student, I used college email, but I did not receive confirmation email.
Hello Kevin,
I need your help.its related to my job, Actually I want to scan an Internal Ip of the Cisco firewall (located in Norway) through A virtual scanner appliance which is setup in Madrid location. I try to scan the Internal Ip of Cisco firewall Ip which(Norway) through my virtual Madrid scanner. After many trials I can still see the Host as not Alive, my scanner Ip has been whitelisted and Standard ports like 443,22,23 are open for Host discovery. What is the reason if host is not alive?
Hey! Unfortunately I cannot give advice regarding anything work related. I would suggest looking into forums for posts relating to your situation. That's usually what I do when I run into issues :)
Hi, when following you to install Qualys, I had a problem along the way which is I don't know or how to go about it. I could not find qualys virtual scanner license key. So please can you help. So that I can get it done, thanks.
The activation code or the email code to create your qualys account?
you need to be conected with internet cable or can i do this with wifi?
Doesn't matter. As long as you can connect to the Internet and are on your own home network you should be fine.
hey this video has been really helpful but im stuck on the part where i drag and drop firefox and vlc... i did everything correct up until this point any idea what i should do. my windows 10 wallpaper is also black does that mean anything?
Hey! Did you run Guest Additions on the VM? Enabled bi-directional drag n drop? Once you do, try restarting the VM. Hopefully this helps!
@@kevingaray_cyberguy I just went and downloaded the files from the browser within my VM… yo do you do zooms because I’m actually having trouble doing this. My IP addresses aren’t working properly in qualys… something about no active scanners. I followed all the steps in your video 🥲 any way I could contact you for some assistance
@@kevingaray_cyberguy 10:42 what do you mean an ip address that is not in use
Nice video . Thanks for sharing this wonderful lesson .
Would you mind removing that background music next time ?It's disturbing?
No, the music is not. You know what WAS disturbing? *The Holocaust.*
This went from 0-100 really quick...
Hi Kevin , i need a help with nessus, im doing a lab where im scanning Metasploitable machine,im adding the IP of it in nessus ,i initiate the scan ,scan finishes in 5 seconds and no results, firewall disabled ,also im getting ping ftom Metasploitable to my local system and vice versa
Change the network adapter of the VM from bridged to host-only
If I take the qualys vulnerabilities certificate can I get a job as Vulnerabilities scanner operator or management or I need more certificates.
Great question! But to be completely honest and forward, no certificate(s) will guarantee you a job. However, it can increase your chances of getting one :) Usually getting a job in vuln management requires a solid grasp of the IT fundamentals, networking, and knowing how to research solutions. Having certificates will prove you have the knowledge but hiring managers do look at experience too so keep that in mind. That being said, I still recommend getting the qualys certificates so in the case you start applying at companies that use this tool, you'd have an advantage since you're comfortable using it and training will be easier.
@@kevingaray_cyberguy thanks I'm gonna get the vulurablity management certificate, what other qualys certificates besides Vulurablity management you recommend. I also don't have alot of IT experience will the Vulnerability management certificate be sufficient like the CompTIA A+ plus to help with the Fundamentals because I can't afford the CompTIA A+ cert but the qualys VM is free.
I would always try to get into something like a Help Desk position 1st. Employers want to know that you are comfortable in the computer environment and able to follow processes. Regardless of your certification(s), you'll be trained in the way the employer does things, as ALL processes are different from employer to employer. Good luck!
@@soulsimplistic Excellent advice and I couldn't agree more! It's vital to understand an IT infrastructure from a lvl 1 perspective before you try to jump into a more complex role.
My ips are all over the place hard to pick a range under 19 addresses csn you put individual ips
Yes you can definitely individually add the IPs manually!
Whenever I assign my own IP address I lose internet access. Also
do I not put my actual default gateway and use a made up one?
Make sure you're using your actual default gateway. Are you doing this on a virtual machine?
Yes I’m assigning it on the VM, I did ipconfig all on my physical pc to see my actual default, is this correct?
So I can get a response from the regular vm address (before changing) if this helps
@@savagesatchell correct, the default gateway should be the same on all of your devices connected to the same network. So say if your ips are all 192.168.0.X, your default gateway should be 192.168.0. 1
@@kevingaray_cyberguy Okay I have done everything but still didn’t work for me, may I email or teamviewer you?
Your linkedin profile name?
Free account expires after 1 year, how to extend it?
When I imported the VM. After the penguins was doing there downloading, I receive an error message ( The LAN interface is unable to obtain a valid IPv4 address) what do I need to do to correct this issue. Thank you in advance!!
Make sure the IP address you assign to the VM matches to the subnet of your home network. So say your have your network at "192.168.0.1-, then it should be anywhere around 192.168.0.2-255.
@@kevingaray_cyberguy can we chat offline? I am not sure if it didn't go thru because I am in hotel or if I had my VPN turned on. Clearly without that step I can not move forward.
Kevin, when doing the authentication scan, I'm getting the same results as the non authentication scan and I don't understand why.
Make sure that the scan you're doing is not the same as before, gotta check the box that says authenticated scan in the settings. Sometimes I can be a bit tricky to get it working lol
Yes, I made sure to do that. I’m just start from the beginning so see if I overlooked a step.
I changed the static ip address and got it to work. I’m super excited!
@@gfdbdfbrfvbdfvb Excellent work! Troubleshooting and finding the root cause always feels so good lol
I noticed some others were getting the same results between a non-authenticated scan and an authenticated one. What other steps did you take to fix this issue?
qualys scanner isnt even loading up on vbox just says aborted...
Sir plz guild me
Can you show this on a Unix environment?
@kevingaray_cyberguy Hi, do you know any websites where people can do projects to get experience to put on their resume. If they have completed the Qualys vulnerability Management Courses. Like a Gamification website from a company or a simulation (fake) company. Or where someone can volunteer, to get experience to put on a resume.
My plan is to try the courses to see if I pass them. But, I would like to know what to do afterwards
(I just started to watch your video).
Honestly there's tons of projects on CZcams that you can do depending on what you want to focus on. I'm working on a SEIM tutorial using QRadar that I will be releasing soon. Would be aimed towards someone who wants to work as a SOC Analyst. But there's also CZcamsrs like Josh Madakor, KevTechIT, etc that showcase other labs you can work on to learn more about the industry and beef up your resume. Professor Messer teaches the CompTIA Trifecta which is crucial knowledge if you really want to excel in IT. Start off with free resources then gradually move up to paid ones :) good luck and I hope you enjoyed my video!
@@kevingaray_cyberguy Thanks for listing those 2 people. I'll look them up. I'm only really looking for Qualys Vulnerability Stuff. I started the 2nd course in the Vulnerability Track. I saw when they were looking up devices, they added NetBios or DNS ids. I thought it was automatically, but then a searched a long time on CZcams and found a video of someone manually adding IP addresses. So that's what I would like real world practice in at the moment. Then I'll focus on all the other stuff. Hopefully the test , tests that part really hard, and makes us manually add the IDs. Thank you very much for replying.