Vulnerability Scanning

Question 1

What is vulnerability discovery?

Answer 1

Vulnerability discovery is an integral part of any security assessment.

Question 2

What most automated scanners are doing?

Answer 2

1. Detect if a target is up and running.
2. Conduct a full or partial port scan, depending on the configuration.
3. Identify the operating system using common fingerprinting techniques.
4. Attempt to identify running services with common techniques such as banner grabbing,
   service behavior identification, or file discovery.
5. Execute a signature-matching process to discover vulnerabilities.

Question 3

What is WMI?

Answer 3

Windows Management Instrumentation

Question 4

What is UAC?

Answer 4

User Account Control

Question 5

What is Nessus?

Answer 5

Vulnerability scanner.

Question 6

Nessus Basic Network Scan

Answer 6

Basic Network Scan: Generic scan with various checks that are suitable to be used against various target types.

Question 7

Nessus Credentialed Patch Audit

Answer 7

Credentialed Patch Audit: Authenticated scan that enumerates missing patches.

Question 8

Nessus Web Application Tests

Answer 8

Web Application Tests: Specialized scan for discovering published vulnerabilities in Web Applications.

Question 9

Nessus Spectre and Meltdown

Answer 9

Spectre and Meltdown: Targeted scan for the Spectre and Meltdown vulnerabilities.

Question 10

How to check the nmap script database?

Answer 10

kali@kali:~$ cd /usr/share/nmap/scripts/
kali@kali:/usr/share/nmap/scripts$ head -n 5 script.db
kali@kali:/usr/share/nmap/scripts$ cat script.db | grep ‘“vuln”|“exploit”’