SEC602 Labs

Lab 3 | Using Vulnerability Assessment Tools This labs theme was around utilizing OpenVAS and MBSA vulnerability scanners to allow us to view where our system is weak to attacks.  We started up scans in both OpenVAS & MBSA, both provided to offer a rather simple process that resulted in the desired scan for our environment. The first result back was from MBSA showing that our WIN10-WS carried a severe risk whilst also showing that WIN2016-DC & WIN2016-MS could not complete their scan which also alludes to a problem. Shown below are the results for WIN10-WS, comparatively to the tutorial I did not get the same issues that were described although I had a couple others that reared their head due to previous activity in the last lab, firstly automatic updates are disabled, having this disables is a poor decision especially in a network environment where users who are not aware and do not have automatic updates enabled will simply never get updat...

Malware Types In this lab, we performed an exercise that deploys a trojan virus that we then exploited & then consequently prevented using Microsoft defender and by setting an inbound firewall rule to patch up the vulnerability. Our machines came with the virus inside a folder ready for us to install, after installing said virus we reviewed the firewall inbound rules(pictured below) as well as the task managers currently running processes, at this stage I could not spot the problem although I had my suspicions about 'nc.exe' which later was confirmed to be the culprit exe file that our virus installer had installed without our knowledge, as for the anomaly in the inbound firewall rule, I did not spot this until later on in the tutorial when we were instructed to delete the rule "Service Firewall" which was being implemented by the virus as a rule that allowed our WIN07 virtual machine to connect using PuTTy. Below is us on the other machine that is a...