Metasploitable

201402NIST-Cybersecurity-Framework-its-future-and-what-it-means-to-you

I will reflect upon the differences observed between three different vulnerability scanners and management tools, Nessus, Nexpose, and OpenVAS. Areas to be reviewed include, ease of use, accuracy of findings, depth of information in the tool and reports, actionability of the information provided and any other relevant criteria believed to be relevant. This report will also compare the results, remediation advice, and reliability as observed by the three different software programs. The test used for this report will be performed on a virtual network constructed entirely inside of a virtual machine on a 2009 Mac Pro using Parallels 10. The free versions of Nessus and Nexpose vulnerability scanners will run against the Metasploitable 2 virtual machine inside of Parallels and OpenVAS, which is a free open source vulnerability scanner, will be referenced from a YouTube video. Each test will be performed under identical network conditions.

Continue reading →

nextgov-medium

The purpose of this document is to perform a penetration test using two different methodologies to exploit and gain unauthorized access to vulnerable computer systems using a set of penetration testing tools including, Nexpose, Kali Linux, and Metasploitable. These tools are designed to demonstrate common vulnerabilities and subsequently exploit them, which allows security administrators to formulate a plan in regards to remediation and prevention of an actual attack. The purpose of penetration testing is to attempt to access resources without knowing usernames, passwords, and/or any other means of authorized security authentication procedures that may exist for a particular organization or individual. An important thing to consider is the only thing differentiating a penetration tester (White Hat Hacker) from an attacker (Black Hat Hacker) is permission from the attacked to allow it to happen.

Continue reading →