Cyber Security Project: Vulnerability Management

Подписаться 3,5 тыс.

Просмотров 11 тыс.

50% 1

#cybersecurity #cyber #technology
In this video "Cyber Security Project: Vulnerability Management" I showcase the process of completing a vulnerability management project using tools like Qualys and Nessus. This can be a good way to get some experience without actually having a job in Cyber Security as it replicates day-to-day operations in the real world.
Project Write-Up: cybersalih.notion.site/Vulner...
👋 Sign up to notion 👀 👉 affiliate.notion.so/b2hwzb8ra4un
👀 FREE CyberSecurity Notion Resources - cybersalih.notion.site/Cyber-...
👋 Subscribe to my channel 👉 @cyber_salih
👨‍💻 My Linktree👨‍💼 👉 linktr.ee/cybersalih
📖 👀 Amazon Kit and Resources: kit.co/CyberSalih
🍿 WATCH NEXT:
How I got into tech: • How I got into Tech
How I passed CISA: • CISA Exam: How I passe...
How I passed CISSP: • How I passed CISSP - W...
⌚️Timestamps:
00:00 - Introduction
01:03 - Disclaimers
01:45 - Project Overview
02:32 - Getting Started
03:09 - Scoping and Agents
04:19 - Launching a scan
05:22 - Fixing the vulnerabilities
07:53 - Running another scan
08:40 - Running into problems
11:48 - Microsoft Vulnerabilities
13:26 - Nessus
14:40 - My big blunder
15:27 - Key Information
Some links are affiliate links, all opinions expressed in videos on this channel are solely my own 😜

Наука

Опубликовано:

5 июн 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 35

@thetechguy3362 2 месяца назад

You know what’s awesome about this video in my opinion. The way you go through your troubleshooting steps and explaining your methodology. It was nice to hear your thought process where you realized you made obvious mistakes and how you learned from that and then what you finally did at the end to resolve the issue. I think to many people edit these steps out so their thought process seems “flawless” and you don’t really hear the true struggling of what can go wrong. Revisiting the notes you states you missed for remediation was a perfect example of how you used this that could really help someone in the future. Great video! I wish you could take the best of those to scanners and merge them and have the perfect scanner. I do exactly what you did. I don’t feel comfortable until I use both.

@cyber_salih 2 месяца назад

Thank you, really appreciate the comment. Yeah I agree, no point editing it out. It is like this day-to-day in IT/Security roles... Constantly running into issues and tryna fix them and sometimes to realise it was something that was overlooked. Yeah the Tenable.io Cloud Agent Scanner is actually quite good too. Unfortunately the license is like £3k+ a year so couldn't feature it in the video. I have used it a lot, it's a lot simpler to use than Qualys (in my opinion).

@thetechguy3362 Месяц назад

@@cyber_salihNo problem buddy, I mean it great job! I like the web version of Tenable too; however, you had Nessus in there which is pretty much the same thing for what you were doing just for that machine. It’s not like you were going in depth and putting multiple machines credentials in. I think this was the perfect video for what you were demonstrating. I would agree that Tenable is much easier to use than Qualays, I just like the reports of Qualays better so I wish I could merge the two.

@daniel_uba 2 месяца назад

Very informative Thanks for sharing sir

@carsonjamesiv2512 2 месяца назад

INTERESTING!😃👍

@mapitsamapitsa6627 2 месяца назад

Thanks for the share bruuu.

@kingsleyandang4739 Месяц назад

straight to the point

@karimel-gamil6817 2 месяца назад

Jazak Allah Khair, This is very good one!

@devgoswami3158 2 месяца назад

Really good information for cybersecurity aspirant.

@setasonte6392 2 месяца назад

Thanks for this mate! Helped alot !

@lightswitch6854 2 месяца назад

Seems interesting, I might try some of these projects, thanks.

@genetech109 2 месяца назад

Awesome, awesome, thank you. I enjoyed this video. Very helpful and very informative. Please keep making excellent content. I'm a new subscriber 😊

@boh70326 Месяц назад

I liked th idea and the way you explained things, thanks

@zadekeys2194 2 месяца назад

You can also do CVE scans with N-map / zenmap.

@cyber_salih 2 месяца назад

Both comments are good points, I should have used Grep/CVE scans. I know there is a search functionality for Linux (I have used it before) - the 'find' command. But, had no idea Grep and Nmap can be used. I thought Grep was just for files/data. I am Linux/Unix noob too as you can probably tell.

@sideck02 Месяц назад

Well, I’m a complete newbie to all of this so naturally don’t know what’s going really 😂 however your clear, concise and honest delivery just confirms to me how much I want to learn and eventually get a GRC role. I take my hat off to you 👌🏼

@cyber_salih Месяц назад

Thank you man, really appreciate that. Good luck on your journey. Hopefully, you get there soon!

@sideck02 Месяц назад

@@cyber_salih 👍🏼

@skandergharbi2598 2 месяца назад

Great thanks, can you do more of this type of videos? Practical projects we can do

@cyber_salih 2 месяца назад

Yes, got a “day in the life” video coming out in a few days then my next 5-10 videos will all be projects (bigger and better projects too)!

@ao4514 2 месяца назад

Interesting! I have actually been looking to create a marlware hunting labs projects..........

@cyber_salih 2 месяца назад

Sounds good, good luck with that - I might do something similar in the future when I learn more about that area.

@zadekeys2194 2 месяца назад

Im a Unix noob, but I think the Grep command would have helped you find the file. Maybe even the OS's search tool wouldve found it?

@aka1Khalid Месяц назад

I was wondering, while i gain more experience in cybersecurity ( i currently have some experience in networking and I.T. but new(er) to cyber security), do you think it's possible to to add this a service i can sell to small businesses in my area to help protect them online? If so, do you have any advice for me in doing this? Thanks!

@cyber_salih Месяц назад

Yes, this service already exists in many companies. Typically it’s called VAPT and includes penetration testing - Vulnerability assessments and penetration testing services. I don’t own a business so not sure how useful my advice would be, but I guess just research similar service offerings and try and improve on them.

@crypto_que 2 месяца назад

You completely glossed over downloading the agent and connecting it to do the host scan. Those are super important steps. Ironically the agent for Mac doesn’t work. Yet another half ass cyber project in the books.

@cyber_salih 2 месяца назад

The MAC agent does work - I literally showed the results of the agents and it being connected to my cloud instance. So you’re wrong 😂 I could have shown the step by step but instead chose to recommend completing the free training and figure certain parts out. If you want a “hand holding” video showing every step, and a dummy as a comforter then create one yourself instead of hating on other peoples effort to add some value to the industry. Yes, the video could have been better btw like anything.

@crypto_que 2 месяца назад

You’re not going to believe this… For some reason the Mac Agent absolutely does not work on my machine… So I went home and used my Linux box and Voila it worked! Next when I said “another half assed project” I was talking about FOR ME, not you. Thanks for all your help. Now because of you I have some sort of “experience” to add to my portfolio. Thanks again. ✌️

@cyber_salih 2 месяца назад

@@crypto_que I apologise I took that the wrong way. The MAC agent was really fiddly and I couldn’t figure it out at first and it was really frustrating. I had to do the training and after completing the training and trying 2 different agents I got it to download and automatically scan and update periodically. It’s not another half assed project - that’s the real world things don’t work and are fiddly… having issues like that in your projects and errors and mistakes is more valuable because it is more realistic. More experienced people than me struggle with similar issues daily - trust me. Not every project has to be perfect - I will upload more projects in the future and will take your advice on board. More detailed instructions probably would have been more useful to people. You are right the video would have been better showing how I got the agent to work.