Updated CheckNessusAuthScan (https://github.com/dietersar/CheckNessusAuthScan) to prepare for Authenticated scans with @TenableSecurity
#Nessus for standalone systems

Created a small #powershell script to check the requirements to allow @TenableSecurity #Nessus authenticated scans on standalone hosts - find it on https://github.com/dietersar/CheckNessusAuthScan #systemanalysis #hardening #fat #sat - Still work in progress, all feedback welcome

Sculptuur van #Nessus en Deianira in de #JardindesTuileries, #Parijs, #EdvanderElsken, 1950 - 1954

#fotografie #photography #EdVanDerElsken

http://www.rijksmuseum.nl/en/collection/RP-F-2019-298-26-86

It took way too long to get this Nessus export script working. However it'll more than make up for it in the future with time savings.

#python #tenable #nessus #scripting

#Tenable #Nessus Plugin ID 171859 triggers on current up to date Windows installs, and requires #curl to be updated to version 7.88.0 or later. Microsoft is only offering 7.83.1. The issue here is that this appears to be triggering to orgs implementing #IAVA policy (this likely includes many defense and other critical sectors orgs). So currently it seems that many systems are flagged non-compliant without clear recourse.

https://www.tenable.com/plugins/nessus/171859 https://en.wikipedia.org/wiki/Information_assurance_vulnerability_alert

There's nothing like building the wrong servers for the SOC 🤌.

I'm going to spend some time rebuilding some Linux servers for a new scanning tool our SOC uses. We've decided to move away from Nessus (not my decision, but I'm open-minded). I still utilize OpenVAS for all of my narrowed subnets and specific endpoint stuff though. I'll post more about the tool as I familiarize myself with it.

#security #SOC #vulnerabilityscanner #Nessus #OpenVAS #vulnerabilitymanagement

Webinar Gratuito: "#Nessus #Essentials". Jueves 5 de Enero del 2023. De 5:00pm a 5:45pm (UTC -05:00). #cybersecurity #hacking #readteam #bugbounty #forensics #osint Registro Libre en: https://www.reydes.com/d/?q=eventos

Webinar #Gratuito: "#Nessus #Essentials". Jueves 5 de Enero del 2023. De 5:00pm a 5:45pm (UTC -05:00). #cybersecurity #hacking #readteam #bugbounty #forensics #osint Registro Libre en: https://www.reydes.com/d/?q=eventos

#Webinar #Gratuito: "#Nessus #Essentials". Jueves 5 de Enero del 2023. De 5:00pm a 5:45pm (UTC -05:00). #cybersecurity #hacking #readteam #bugbounty #forensics #osint Registro Libre en: https://www.reydes.com/d/?q=eventos

#Webinar #Gratuito: "#Nessus Essentials". Jueves 5 de Enero del 2023. De 5:00pm a 5:45pm (UTC -05:00). #cybersecurity #hacking #readteam #bugbounty #forensics #osint Registro Libre en: https://www.reydes.com/d/?q=eventos

#Webinar #Gratuito: "#Nessus #Essentials". Jueves 5 de Enero del 2023. De 5:00pm a 5:45pm (UTC -05:00). Registro Libre en: https://www.reydes.com/d/?q=eventos

#Webinar #Gratuito: "#Nessus Essentials". Jueves 5 de Enero del 2023. De 5:00pm a 5:45pm (UTC -05:00). Registro Libre en: https://www.reydes.com/d/?q=eventos

New server installed - No #vulnerabilities *phew
thank you #tenable #nessus essentials for your #free service

https://www.tenable.com/products/nessus/nessus-essentials

Awesome! I think I got past the stumbling block for automating the Nessus config when building our standard image via packer. Now to script it and test it...

#nessus #packer #automation

A client of mine hired Ernest & Young 🤑 to run a vulnerability scan (with tenable #Nessus) against a site I built and it seems to not like the Let’s Encrypt X.509 certificate. Now, I was asked to fix it within two weeks. Does anyone know if there’s another option than buying a certificate from a “trusted” authority? #SSL #certificates #infosec

Argh Tenable why is your licensing and plugin service so finicky.
---
[debug] Error fetching feed information: [502] <html>
<head><title>502 Bad Gateway</title></head>
<body>
<center><h1>502 Bad Gateway</h1></center>
<hr><center>nginx</center>
</body>
</html>
[error] Nessus Plugins: Did not get a 200 OK response from the server: HTTP/1.1 502 Bad Gateway
---

It's hard to do my job when I can't activate my core tools.

#tenable #nessus #linux #pentesting

To me, it's surprising that #Tenable continued to underinvest into their SaaS portfolio, including #Nessus. About 10 years ago, people used to add "Nessus" to their #CV as #experience, but today it's a cheap half-dead product with no real support.

In the InfoSec industry, regress-testing security scanners is uncommon: to set up knowingly vulnerable systems and to check what each scanner does not find (False Negatives). There is an over-emphasis on False Positives, but these are easier to handle. The real cost of Nessus today is handling its False Negatives.

140 days later i have new features and updates for EGO #python #django #nessus alternative of the future. #infosec #pentesting #bugbounty

https://www.youtube.com/watch?v=5pr6shflXkc

#BlackFriday #BlackWeek #CyberMonday deals, mostly #tech, #infosec, #books and #tools.

I started making a birdsite style thread of short posts earlier but realised 11000 characters should be enough for a single post. To be updated further.

#VMware has 30% off on certain products, Workstation Pro 17 is $139 instead of $199 - https://store-us.vmware.com/

#NoStarchPress has a 35% discount on books with the code HOLIDEALS, ends Nov 28 (Monday) - https://nostarch.com/

#Hak5 gives 2% discount for every $100 up to 10%, $200 off WiFi Pineapple Enterprise, 15% off bundles - https://hak5.org/

#KSECLabs has discounts on various gear and bundles, code BLACKFRIDAY15 gives 15% off across the site - https://labs.ksec.co.uk/black-friday-sale/

#Phoronix gives $10 off annual subscriptions and $50 off limetime subscriptions - https://www.phoronix.com/phoronix-premium

#CovertInstruments has various discounts on tools for #locksports - https://covertinstruments.com/collections/black-friday-sale

25% off #LastPass - https://www.lastpass.com/pricing

#Microsoft Press Store has discounts of 40% to 55% with the code BOOKSGIVING - https://www.microsoftpressstore.com/promotions/happy-booksgiving-buy-2-save-55-on-books-and-ebooks-142354

#iFixit 25% off seasonal bundles and 20% off toolkits - https://www.ifixit.com/promotions/black-friday-holiday

#HexRays 25% off #IDA Home and 10% off #IDAPro - https://hex-rays.com/terms-and-conditions-black-friday-sale-2022/

#Multipick deals for lockpicks and -tools - https://shop.multipick.com/en/black-friday

#Tenable #Nessus 50% off with code TakeHalf - https://store.tenable.com/1479/purl-takehalf?x-promotion=TakeHalf

#TryHackMe 20% off annual personal subscriptions with code AOC22 - https://tryhackme.com/why-subscribe

#GrayHatWarfare €20 off triannual and €140 off annual premium subscriptions, €25 off monthly, €110 off triannual and €510 off annual subscriptions - https://grayhatwarfare.com/packages

#ProtonMail 33% off plus and 40% off unlimited - https://proton.me/mail/black-friday

#Maltronics 15% off with code BF2022 - https://maltronics.com/discount/BF2022

still doing my colleagues #sysadmin tasks... has anyone seen such huge #nessus logs before?