OpenVAS & Metasploit Integration – How to Use OpenVAS in Metasploit

/
Recently during an engagement, I was able to use OpenVAS in Metasploit to scan a host and conduct a test to see if the system was indeed exploitable. Here is how it was done below:

OpenVAS Terms to Know

/
OpenVAS Terms to Know Host A Host is a single system that…

OpenVAS Authenticated Scan using Local Security Checks

/
An authenticated scan may provide more vulnerability details…

How to Reset or Create a Password for OpenVas

/
The password to access OpenVas vulnerability scanner with username…

A World of Vulnerabilities – InfoSec Institute

/
Every day, we read about cyber-attacks and data breaches, incidents that represent in many cases a disaster for private companies and governments. Technology plays a significant role in our lives; every component that surrounds us runs a piece of software that could be affected by flaws and exploited by those with ill intentions.

‘NetTraveler’ Cyberespionage Campaign Uncovered

/
An intrstuing  article from Dark Reading: A less sophisticated…

3 Lessons From Layered Defense’s Missed Attacks

/
a posting from Dark Reading in there  Vulnerability Management…

How To Stop Making Excuses For Poor Application Security Testing

/
An posting from Dark reading about How To Stop Making Excuses…

Twitter testing a two-step security solution: report

/
An posting from NBC News in there technology  section:  On…

The Federal System’s Need for a Security Assessment Process, Part 2: Categories of Security Assessments

/
Security assessments can fall into many categories and an organization’s core competency often dictates which ones management is more interested in conducting. For example, an organization that has an external presence may be very interested in how they appear to the outside world and how well they are protecting their internal resources from external entities trying to harm them. Whereas, another governmental institution maybe more concerned with their internal security posture and controls as compared to how they appear to the outside world. They may have a pressing need to verify internal access control, password compliance and proper network segmentation as opposed to what protocols are accessible from the public network. The actual type of assessment performed usually depends on the organization’s mission as well as their overall security need.