home.social

#nessus — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #nessus, aggregated by home.social.

  1. Heyyyyy #Tenable #Nessus? Can we maybe not run sketchy-looking #PowerShell on my computer? I just happened to catch this in the logs. Kay, thanks.

  2. Heyyyyy #Tenable #Nessus? Can we maybe not run sketchy-looking #PowerShell on my computer? I just happened to catch this in the logs. Kay, thanks.

  3. Heyyyyy #Tenable #Nessus? Can we maybe not run sketchy-looking #PowerShell on my computer? I just happened to catch this in the logs. Kay, thanks.

  4. Что такое структура оценки уязвимости

    ​Система оценки уязвимостей — это способ, позволяющий организациям проверить свои системы, сети и приложения на наличие уязвимостей, которыми могут воспользоваться хакеры. Подобно тому, как мы проверяем свои дома на наличие сломанных замков или уязвимых мест, оценка...

    #DST #DSTGlobal #ДСТ #ДСТГлобал #уязвимости #безопасность #OpenVAS #NMap #Nessus #QualysGuard #BurpSuite #киберугрозы #FTP #SSH #Telnet

    Источник: dstglobal.ru/club/1116-chto-ta

  5. Is there anyone who is proficient with Tenable.sc and managed #Nessus scanners? I'm having a hellova time trying to figure out a glitch with plugins. No matter what I do, my scanner gets only the plugins from 12 May 2025. I've been laser-focused on troubleshooting this and I've run out of ideas. I've even rebuilt the scanner server with no change, leading me to believe it's something with Tenable.sc, and Tenable.sc has the latest plugin set. Help me Obi-won, you're my only hope. #Tenable

  6. That's a bold statement.

    In my experience, #Nessus has at least one false positive in every single scan. There are many plugins that haven't seen a true positive for years.

  7. "Note that Nessus has not attempted to exploit the issue but has instead only checked if OpenSSH is running on the remote host."

    But how about—as the bare minimum—you check the version or don't fucking report vulnerabilities that have been fixed for 17 years! 🤬

    #nessus

  8. Also if you think about it, the majority of #tenable #nessus functionality is based on its ability to log into a remote machine, use the tools on that host (windows: regsitry calls, execute cmd.exe scripts or posh, unix: ssh in run commands built into the host to retrive whatever info it has), and then generate a report. #nmap has the modules libssh2-utility to log you in (check out ssh-run.nse) and smb capabilities (smb-psexec.nse) that allow you to run services commands and the like on Windows.

    Why are people paying thousands in subscription fees ???!

    #infosec c

  9. You know I never really took a close look at all the capabilities of #NMAP 's scripting ability til recently and there's enough here to do all the functions of #tenable #nessus core. Some creative modules and one could easily duplicate the cli functionality.

    #infosec

  10. There's no way that this will help ANYONE, but..

    I'm doing an eval of #Nessus (a cybersecurity scanning tool) on our product (#Aarch64 running #Linux (#Debian, to be specific).

    And one of the tests would cause my system to kernel panic and reboot.

    After a lot of trial and error, I found that some of the tests are trying to use `dmidecode`, which, evidently, is super spicy for us.

    I `chmod 000 /usr/sbin/dmidecode` and now everything is happy.

    (Again, I know that no one wants to know this)

  11. Another #Nessus gem: plugin 58601

    This plugin checks for two vulnerabilities from 2008. It's triggered by the header "X-Powered-By : ASP.NET". 🤦

    Nessus: "It is not possible to determine the version from the header, so this may be a false positive."

    O RLY? In fact, I would say it is almost certainly a false positive. Every single time.

  12. One of the most widely used scanners is #Nessus, and many of its plugins have terrible specificity (they are prone to false positives).

    One plugin I had to deal with today is plugin 137702. It finds systems vulnerable to #Ripple20, a set of 19 vulnerabilities in the Treck TCP/IP stack discovered in 2020. These vulnerabilities are a serious security risk if present, but should have been fixed in most systems by now.

    2/ 🧵

  13. One of the most widely used scanners is #Nessus, and many of its plugins have terrible specificity (they are prone to false positives).

    One plugin I had to deal with today is plugin 137702. It finds systems vulnerable to #Ripple20, a set of 19 vulnerabilities in the Treck TCP/IP stack discovered in 2020. These vulnerabilities are a serious security risk if present, but should have been fixed in most systems by now.

    2/ 🧵

  14. One of the most widely used scanners is #Nessus, and many of its plugins have terrible specificity (they are prone to false positives).

    One plugin I had to deal with today is plugin 137702. It finds systems vulnerable to #Ripple20, a set of 19 vulnerabilities in the Treck TCP/IP stack discovered in 2020. These vulnerabilities are a serious security risk if present, but should have been fixed in most systems by now.

    2/ 🧵

  15. One of the most widely used scanners is #Nessus, and many of its plugins have terrible specificity (they are prone to false positives).

    One plugin I had to deal with today is plugin 137702. It finds systems vulnerable to #Ripple20, a set of 19 vulnerabilities in the Treck TCP/IP stack discovered in 2020. These vulnerabilities are a serious security risk if present, but should have been fixed in most systems by now.

    2/ 🧵

  16. One of the most widely used scanners is #Nessus, and many of its plugins have terrible specificity (they are prone to false positives).

    One plugin I had to deal with today is plugin 137702. It finds systems vulnerable to #Ripple20, a set of 19 vulnerabilities in the Treck TCP/IP stack discovered in 2020. These vulnerabilities are a serious security risk if present, but should have been fixed in most systems by now.

    2/ 🧵

  17. Hatte ich schon mal erwähnt dass ich #Nessus für ganz großen Ranz halte?
    Weder sind ICMP Timestamp Pakete böse noch ist mein mit Kerberos gesicherter NFS-Server Welt-lesbar und auch ssh 9.2 in Debian stable muss nicht auf 9.3 aktualisiert werden. Die sind doch vollkommen irre.

  18. #Tenable #Nessus Plugin ID 171859 triggers on current up to date Windows installs, and requires #curl to be updated to version 7.88.0 or later. Microsoft is only offering 7.83.1. The issue here is that this appears to be triggering to orgs implementing #IAVA policy (this likely includes many defense and other critical sectors orgs). So currently it seems that many systems are flagged non-compliant without clear recourse.

    tenable.com/plugins/nessus/171 en.wikipedia.org/wiki/Informat

  19. Abenteuer IT Selbständigkeit
    #Wochenbericht (KW45):

    - Mo: Laptop einrichten, #3CX installieren, #OPNsense Support
    - Di: Bürotag und #Tickets erledigen, #Nessus Scan, #Stadtrat am Abend
    - Mi: #OPNsense installieren und Netzwerk umbauen. Alten Server abschalten, #TrueNAS übernimmt
    - Do: #3CX Besprechung Neukundenaquise
    - Fr: #OPNsense Schulung und #3CX installieren, Update von 3 #GroupOffice Instanzen
    - Sa: Umzug von #pfSense auf #OPNsense

    @feinste_netzwerke
    #ComputingCompetence

  20. There's nothing like building the wrong servers for the SOC 🤌.

    I'm going to spend some time rebuilding some Linux servers for a new scanning tool our SOC uses. We've decided to move away from Nessus (not my decision, but I'm open-minded). I still utilize OpenVAS for all of my narrowed subnets and specific endpoint stuff though. I'll post more about the tool as I familiarize myself with it.

    #security #SOC #vulnerabilityscanner #Nessus #OpenVAS #vulnerabilitymanagement

  21. Habe ich schon mal erwähnt, dass #Nessus ein Dreck ist?
    "Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number."
    Das ist doch broken by Design, denn das wirft reproduzierbar false positives bei #Debian stable.

  22. 2024 und #nessus ist immer noch nicht klüger geworden.

    Ist ja schon gut, dass es sich CVEs/DSAs anschaut und schaut ob die installierten Pakete das Update auch eingespielt haben.

    Aber wenn er dann die Source-Paket Version im Binär-Paket erwartet und wenn das nicht stimmt rummotzt, dann hat er halt #Debian nicht verstanden.

  23. I don't want to talk about how #Tenable raised the price of #Nessus Professional from 3k to 4k. Depending on who you ask, it was already too much, or it might still be worth it.

    But delivering the news with a (not so subtle) threat is everything that is wrong with the #infosec industry.

    Our job is to protect businesses, not scare them into giving up their money. That's the job of the ransomware gangs.

  24. Der Netzwerk-Schwachstellenscanner Nessus behebt mit neuen Versionen mehrere Schwachstellen in Drittherstellerkomponenten. Admins sollten sie installieren.
    Schwachstellenscanner Nessus: Updates schließen mehrere Sicherheitslücken
  25. Der Netzwerk-Schwachstellenscanner Nessus behebt mit neuen Versionen mehrere Schwachstellen in Drittherstellerkomponenten. Admins sollten sie installieren.
    Schwachstellenscanner Nessus: Updates schließen mehrere Sicherheitslücken
  26. #BlackFriday #BlackWeek #CyberMonday deals, mostly #tech, #infosec, #books and #tools.

    I started making a birdsite style thread of short posts earlier but realised 11000 characters should be enough for a single post. To be updated further.

    #VMware has 30% off on certain products, Workstation Pro 17 is $139 instead of $199 - store-us.vmware.com/

    #NoStarchPress has a 35% discount on books with the code HOLIDEALS, ends Nov 28 (Monday) - nostarch.com/

    #Hak5 gives 2% discount for every $100 up to 10%, $200 off WiFi Pineapple Enterprise, 15% off bundles - hak5.org/

    #KSECLabs has discounts on various gear and bundles, code BLACKFRIDAY15 gives 15% off across the site - labs.ksec.co.uk/black-friday-s

    #Phoronix gives $10 off annual subscriptions and $50 off limetime subscriptions - phoronix.com/phoronix-premium

    #CovertInstruments has various discounts on tools for #locksports - covertinstruments.com/collecti

    25% off #LastPass - lastpass.com/pricing

    #Microsoft Press Store has discounts of 40% to 55% with the code BOOKSGIVING - microsoftpressstore.com/promot

    #iFixit 25% off seasonal bundles and 20% off toolkits - ifixit.com/promotions/black-fr

    #HexRays 25% off #IDA Home and 10% off #IDAPro - hex-rays.com/terms-and-conditi

    #Multipick deals for lockpicks and -tools - shop.multipick.com/en/black-fr

    #Tenable #Nessus 50% off with code TakeHalf - store.tenable.com/1479/purl-ta

    #TryHackMe 20% off annual personal subscriptions with code AOC22 - tryhackme.com/why-subscribe

    #GrayHatWarfare €20 off triannual and €140 off annual premium subscriptions, €25 off monthly, €110 off triannual and €510 off annual subscriptions - grayhatwarfare.com/packages

    #ProtonMail 33% off plus and 40% off unlimited - proton.me/mail/black-friday

    #Maltronics 15% off with code BF2022 - maltronics.com/discount/BF2022