Cyber Security Project: Vulnerability Management
Vložit
- čas přidán 27. 06. 2024
- #cybersecurity #cyber #technology
In this video "Cyber Security Project: Vulnerability Management" I showcase the process of completing a vulnerability management project using tools like Qualys and Nessus. This can be a good way to get some experience without actually having a job in Cyber Security as it replicates day-to-day operations in the real world.
Project Write-Up: cybersalih.notion.site/Vulner...
👋 Sign up to notion 👀 👉 affiliate.notion.so/b2hwzb8ra4un
👀 FREE CyberSecurity Notion Resources - cybersalih.notion.site/Cyber-...
👋 Subscribe to my channel 👉 @cyber_salih
👨💻 My Linktree👨💼 👉 linktr.ee/cybersalih
📖 👀 Amazon Kit and Resources: kit.co/CyberSalih
🍿 WATCH NEXT:
How I got into tech: • How I got into Tech
How I passed CISA: • CISA Exam: How I passe...
How I passed CISSP: • How I passed CISSP - W...
⌚️Timestamps:
00:00 - Introduction
01:03 - Disclaimers
01:45 - Project Overview
02:32 - Getting Started
03:09 - Scoping and Agents
04:19 - Launching a scan
05:22 - Fixing the vulnerabilities
07:53 - Running another scan
08:40 - Running into problems
11:48 - Microsoft Vulnerabilities
13:26 - Nessus
14:40 - My big blunder
15:27 - Key Information
Some links are affiliate links, all opinions expressed in videos on this channel are solely my own 😜 - Věda a technologie
You spoke the truth about the need to have your family as your backup or backbone in relation to your partner. The need not to bad mouth your family before your partner. My wife's younger sister was a victim, before her wedding she had issues with my wife,they stopped talking, she also cut off from other family members. When the husband realized she was all alone he took advantage and was maltreating and emotionally abusing her. She endured everything bcos she had nobody to speak to. It was when a friend when to visit that information came that she was suffering and dying slowly. my wife and her parents had to step in and rescued her, today now the marriage is over, she learnt her lesson in a hard way.
Sorry to hear that, sounds like a rough situation.
Thank you 🙏🏽
Jazak Allah Khair, This is very good one!
Very informative
Thanks for sharing sir
straight to the point
Thanks for the share bruuu.
You know what’s awesome about this video in my opinion. The way you go through your troubleshooting steps and explaining your methodology. It was nice to hear your thought process where you realized you made obvious mistakes and how you learned from that and then what you finally did at the end to resolve the issue. I think to many people edit these steps out so their thought process seems “flawless” and you don’t really hear the true struggling of what can go wrong. Revisiting the notes you states you missed for remediation was a perfect example of how you used this that could really help someone in the future. Great video! I wish you could take the best of those to scanners and merge them and have the perfect scanner. I do exactly what you did. I don’t feel comfortable until I use both.
Thank you, really appreciate the comment.
Yeah I agree, no point editing it out. It is like this day-to-day in IT/Security roles... Constantly running into issues and tryna fix them and sometimes to realise it was something that was overlooked.
Yeah the Tenable.io Cloud Agent Scanner is actually quite good too. Unfortunately the license is like £3k+ a year so couldn't feature it in the video. I have used it a lot, it's a lot simpler to use than Qualys (in my opinion).
@@cyber_salihNo problem buddy, I mean it great job! I like the web version of Tenable too; however, you had Nessus in there which is pretty much the same thing for what you were doing just for that machine. It’s not like you were going in depth and putting multiple machines credentials in. I think this was the perfect video for what you were demonstrating. I would agree that Tenable is much easier to use than Qualays, I just like the reports of Qualays better so I wish I could merge the two.
INTERESTING!😃👍
Really good information for cybersecurity aspirant.
Temporary emails (10minutemail, etc) work as business emails
Thanks for this mate! Helped alot !
Awesome, awesome, thank you. I enjoyed this video. Very helpful and very informative. Please keep making excellent content. I'm a new subscriber 😊
I liked th idea and the way you explained things, thanks
Seems interesting, I might try some of these projects, thanks.
Well, I’m a complete newbie to all of this so naturally don’t know what’s going really 😂 however your clear, concise and honest delivery just confirms to me how much I want to learn and eventually get a GRC role. I take my hat off to you 👌🏼
Thank you man, really appreciate that. Good luck on your journey. Hopefully, you get there soon!
@@cyber_salih 👍🏼
You can also do CVE scans with N-map / zenmap.
Both comments are good points, I should have used Grep/CVE scans. I know there is a search functionality for Linux (I have used it before) - the 'find' command. But, had no idea Grep and Nmap can be used. I thought Grep was just for files/data.
I am Linux/Unix noob too as you can probably tell.
Great thanks, can you do more of this type of videos? Practical projects we can do
Yes, got a “day in the life” video coming out in a few days then my next 5-10 videos will all be projects (bigger and better projects too)!
Interesting!
I have actually been looking to create a marlware hunting labs projects..........
Sounds good, good luck with that - I might do something similar in the future when I learn more about that area.
Im a Unix noob, but I think the Grep command would have helped you find the file. Maybe even the OS's search tool wouldve found it?
I was wondering, while i gain more experience in cybersecurity ( i currently have some experience in networking and I.T. but new(er) to cyber security), do you think it's possible to to add this a service i can sell to small businesses in my area to help protect them online? If so, do you have any advice for me in doing this? Thanks!
Yes, this service already exists in many companies. Typically it’s called VAPT and includes penetration testing - Vulnerability assessments and penetration testing services.
I don’t own a business so not sure how useful my advice would be, but I guess just research similar service offerings and try and improve on them.
Qualy's certificate is not valuable as security +, only security + can help us get a job.
That’s not true, I don’t have security + and I know many other people without it who got jobs.
Many different paths/certification routes.
You completely glossed over downloading the agent and connecting it to do the host scan. Those are super important steps. Ironically the agent for Mac doesn’t work. Yet another half ass cyber project in the books.
The MAC agent does work - I literally showed the results of the agents and it being connected to my cloud instance. So you’re wrong 😂
I could have shown the step by step but instead chose to recommend completing the free training and figure certain parts out.
If you want a “hand holding” video showing every step, and a dummy as a comforter then create one yourself instead of hating on other peoples effort to add some value to the industry.
Yes, the video could have been better btw like anything.
You’re not going to believe this…
For some reason the Mac Agent absolutely does not work on my machine…
So I went home and used my Linux box and Voila it worked!
Next when I said “another half assed project” I was talking about FOR ME, not you.
Thanks for all your help. Now because of you I have some sort of “experience” to add to my portfolio. Thanks again. ✌️
@@crypto_que I apologise I took that the wrong way.
The MAC agent was really fiddly and I couldn’t figure it out at first and it was really frustrating. I had to do the training and after completing the training and trying 2 different agents I got it to download and automatically scan and update periodically.
It’s not another half assed project - that’s the real world things don’t work and are fiddly… having issues like that in your projects and errors and mistakes is more valuable because it is more realistic. More experienced people than me struggle with similar issues daily - trust me.
Not every project has to be perfect - I will upload more projects in the future and will take your advice on board. More detailed instructions probably would have been more useful to people. You are right the video would have been better showing how I got the agent to work.
Bro got 99 cyber security.
Just need 200mil xp 😂😂