Hey thanks for the valuable information. I’m currently an IT service desk analyst looking to transits into cybersecurity. This is really helpful. Already signed up to for the Qualys online training. Thank you
You should not disable the firewall and UAC globally. Those settings should even be flagged after the scan as critical security issues. If it doesn't, it is not doing a good job.
I like the way you laid out this intro and you do a great job explaining. Please make more videos. I'm managing qualys vmdr at my company and we are a smaller shop. I don't have a formal security background, more administration. Trying to tackle 9000 vulnerabilities at my org.
Thanks for the comment! Yea I'm working on making a Nessus video atm. Just trying to get it to run a credentialed scan on linux but no luck yet :p Once I get that up and running I'll start recording. You should 100% put that vuln management stuff down in your resume and also mention the amount of vulns you remediate. Hiring managers love to see numbers and statistics in a resume. Good luck remediating those! 9000 is a crazy number but you can definitely bring that number down. Good luck!
@@kevingaray_cyberguy yea alot of it is going to be remediated indirectly with steps we are taking to secure everything. It is indeed a lot, unfortunately my company still relies heavily on legacy software.
@@mikezeigler1 yea sounds about right. Most vulns on 3rd party devices you just gotta let them know and ask if it will be fixed in a future patch. I feel your pain with legacy software lol time to build those rafs! lol
Thanks for the video. Pls I have a question, while installing window 10 on the virtual machine, you kind of tweaked the initial ip address you imputed on the qualys platform earlier, subnet mask and default gateway. Pls I'm kinda stuck at this point. Kindly help with this. Thanks you!
Hey You did great video , so well explained . I’m beginner and want to get into cyber security , I am already IT guy . Please make more videos like these including other tools . Also need your advise how to get into cyber security job.
Thanks for the comment! I'm planning on showcasing Nessus which is another vulnerability scan tool. Work is just keeping me pretty tied up but hoping to record it in the next week or so.
New to Qualys VM and came accros your video & I must say I’m really impressed, also , I would like to ask, can Qualys have the capability to conduct an external Pentest to my environment?
Such a great video my friend! - please if you can would be good to see vulnerability management in action whilst in production. so we can see how it goes! Qualys i wasn't aware of so ive done some research on that too! Keep making the good stuff it is much appreciated and especially hands on where noobs like myself can add stuff to my CV and understand cyber more !
Hey Kev! Lovely video. Was wondering if you could help me. I am getting this error The LAN interface is unable to obtain a valid IPV4 address. WHat woud be the soution here? Cheers.
Thank you so much for the tutorial, while trying to install the Win10 VM this error popped-up "windows cannot read the from the unattend answer file". Please do you know how I can fix it?
Hello Kevin. Trust you're doing well. Please i am a subscriber and enjoying your class. I am actually stocked in the place of router IP I am using my Phone as my Internet provider. How do I manage this aspect. I have a month trial subscription on Qualys VMDR. Please sir. Your content is lovely.
I've heard about Qualys and I'm transitioning into the CyberSecurity field & I wanted to know how thorough the course is & how long did the certification take? Thank you in advance for any help/guidance you may provide.
Hi! Thanks for the comment :) The course for the VMDR certificate is pretty easy, it took me about 6 hours from start to finish along with maybe an extra hour to complete the final exam. It's pretty straightforward but it's all just basic knowledge. You don't really get to use the tool :/ That's kinda why I showcased this lab. To give people some hands-on experience with the tool so they can say "Yea I got the certificate and also know how to use the scanner" lol There's more to it too like building your dashboard to track remediated vulnerabilities, organizing vulns from critical to informational, etc.
Thanks@@kevingaray_cyberguy great video. Seems you've not posted in a while. If you could do more of this, it will be great. Love your work. Thanks. Just stepping into Cybersecurity myself as well. Will keep checking your page for more
Hi Kevin, Thank you for the video Please I am having problem with downloading the scanner to my virtual machine......... It wont download and does it take long to download?
I’m running into issues my qualys authenticated scan is not returning any vulnerabilities related to vlc not Firefox. I’ve been trying to troubleshoot that for 2 days now. I’ve performed all the steps in’this viedo.
Hello Kevin - does this use Ivanti's patch management for MacOS as well? I have a mixed environment with a few Mac's and was wondering if I could use it for home needs. Thank you in advance!
Hey! Like none at all? Could be a credentials issue. Make sure you're giving Nessus the right credentials. If you're installing Nessus on your own machine to perform the scans, try changing the VM's network adapter from bridged to host-only and check the IP address and use the changed one. I believe someone ran into this issue before. Good luck!
Thank you for the video, I'm trying to setup the VirtualBox, but I keep getting an error message requesting that I need to install Microsoft Visual C++ 2019 Redistributable Package first before Installing the Oracle VM VirtualBox. I have already installed the Window Creation Tool. Please how to sort this out for me to proceed. Thanks for the great contents.
Hey Kevin I am stuck with the authentication I am not able to authenticate my Virtual box to Qualys It says unabale to complete windows login for host = , domain= , ntstatus= Can you please help me with this
Did everything following the video, get an error at 7:16 , it says Qualys. Scanner Console Error: The LAN interface is unable to obtain a valid IPv4 address.
@@savagesatchell correct, the default gateway should be the same on all of your devices connected to the same network. So say if your ips are all 192.168.0.X, your default gateway should be 192.168.0. 1
Great question! But to be completely honest and forward, no certificate(s) will guarantee you a job. However, it can increase your chances of getting one :) Usually getting a job in vuln management requires a solid grasp of the IT fundamentals, networking, and knowing how to research solutions. Having certificates will prove you have the knowledge but hiring managers do look at experience too so keep that in mind. That being said, I still recommend getting the qualys certificates so in the case you start applying at companies that use this tool, you'd have an advantage since you're comfortable using it and training will be easier.
@@kevingaray_cyberguy thanks I'm gonna get the vulurablity management certificate, what other qualys certificates besides Vulurablity management you recommend. I also don't have alot of IT experience will the Vulnerability management certificate be sufficient like the CompTIA A+ plus to help with the Fundamentals because I can't afford the CompTIA A+ cert but the qualys VM is free.
I would always try to get into something like a Help Desk position 1st. Employers want to know that you are comfortable in the computer environment and able to follow processes. Regardless of your certification(s), you'll be trained in the way the employer does things, as ALL processes are different from employer to employer. Good luck!
@@soulsimplistic Excellent advice and I couldn't agree more! It's vital to understand an IT infrastructure from a lvl 1 perspective before you try to jump into a more complex role.
Hi, when following you to install Qualys, I had a problem along the way which is I don't know or how to go about it. I could not find qualys virtual scanner license key. So please can you help. So that I can get it done, thanks.
Hello Kevin, I need your help.its related to my job, Actually I want to scan an Internal Ip of the Cisco firewall (located in Norway) through A virtual scanner appliance which is setup in Madrid location. I try to scan the Internal Ip of Cisco firewall Ip which(Norway) through my virtual Madrid scanner. After many trials I can still see the Host as not Alive, my scanner Ip has been whitelisted and Standard ports like 443,22,23 are open for Host discovery. What is the reason if host is not alive?
Hey! Unfortunately I cannot give advice regarding anything work related. I would suggest looking into forums for posts relating to your situation. That's usually what I do when I run into issues :)
hey this video has been really helpful but im stuck on the part where i drag and drop firefox and vlc... i did everything correct up until this point any idea what i should do. my windows 10 wallpaper is also black does that mean anything?
@@kevingaray_cyberguy I just went and downloaded the files from the browser within my VM… yo do you do zooms because I’m actually having trouble doing this. My IP addresses aren’t working properly in qualys… something about no active scanners. I followed all the steps in your video 🥲 any way I could contact you for some assistance
Hi Kevin , i need a help with nessus, im doing a lab where im scanning Metasploitable machine,im adding the IP of it in nessus ,i initiate the scan ,scan finishes in 5 seconds and no results, firewall disabled ,also im getting ping ftom Metasploitable to my local system and vice versa
When I imported the VM. After the penguins was doing there downloading, I receive an error message ( The LAN interface is unable to obtain a valid IPv4 address) what do I need to do to correct this issue. Thank you in advance!!
Make sure the IP address you assign to the VM matches to the subnet of your home network. So say your have your network at "192.168.0.1-, then it should be anywhere around 192.168.0.2-255.
@@kevingaray_cyberguy can we chat offline? I am not sure if it didn't go thru because I am in hotel or if I had my VPN turned on. Clearly without that step I can not move forward.
Make sure that the scan you're doing is not the same as before, gotta check the box that says authenticated scan in the settings. Sometimes I can be a bit tricky to get it working lol
I noticed some others were getting the same results between a non-authenticated scan and an authenticated one. What other steps did you take to fix this issue?
Overall very good and adding the Win 10 test VM with vulnerable software is a good idea for learning/testing. One thing to be aware of is that in the real world do NOT make the changes mentioned in ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-l5At5WDj7v0.html. That lowers security to give the authenticated scan more access. An agent (not discussed and I'm not sure if it's even included with the Community Edition) should be installed and run as local admin to gain that level of access.
You're right! I should have mentioned that. Agents are normally used to perform authenticated scans but free editions don't come with it unfortunately. Nessus included. Thanks for pointing that out!
@@Kevin-hu1izI started playing around with the community edition yesterday and it does allow up to 16 assets with the Qaulys cloud agent but I have not used that yet.
@kevingaray_cyberguy Hi, do you know any websites where people can do projects to get experience to put on their resume. If they have completed the Qualys vulnerability Management Courses. Like a Gamification website from a company or a simulation (fake) company. Or where someone can volunteer, to get experience to put on a resume. My plan is to try the courses to see if I pass them. But, I would like to know what to do afterwards (I just started to watch your video).
Honestly there's tons of projects on RU-vid that you can do depending on what you want to focus on. I'm working on a SEIM tutorial using QRadar that I will be releasing soon. Would be aimed towards someone who wants to work as a SOC Analyst. But there's also RU-vidrs like Josh Madakor, KevTechIT, etc that showcase other labs you can work on to learn more about the industry and beef up your resume. Professor Messer teaches the CompTIA Trifecta which is crucial knowledge if you really want to excel in IT. Start off with free resources then gradually move up to paid ones :) good luck and I hope you enjoyed my video!
@@kevingaray_cyberguy Thanks for listing those 2 people. I'll look them up. I'm only really looking for Qualys Vulnerability Stuff. I started the 2nd course in the Vulnerability Track. I saw when they were looking up devices, they added NetBios or DNS ids. I thought it was automatically, but then a searched a long time on RU-vid and found a video of someone manually adding IP addresses. So that's what I would like real world practice in at the moment. Then I'll focus on all the other stuff. Hopefully the test , tests that part really hard, and makes us manually add the IDs. Thank you very much for replying.