Successful Vulnerability Assessment using Nessus: how to discover the weakness points in your system

Through these live classes you will learn how to carry out a successful vulnerabilities assessment and discover your system weakness points before the attackers do.
When it comes to your system security you should have a hacker mind and a security professional actions.
We will test our skills through virtual labs which contain different operating systems, different softwares and different configuration to make sure that we gained the skills required to carry out a professional assessment

Live Class Duration: 12/08/2015 -14/08/2015

Mohamed Magdy, Instructor:

Certified Information Systems Security Professional (CISSP)

EC-Council Certified Security Analyst (ECSA) 
Certified Penetration Testing Engineer (CPTE)
Cisco certified network associate (CCNA)
Offensive Security Certified Professional (OSCP)
Certified Ethical Hacker V8 (C|EH V8)
Licensed Penetration Tester V8 (LPTV8)
Advanced Network Defense (EC-Council CAST 614)
Offensive Security Wireless Professional (OSWP)
GIAC Security Essentials Certified (GSEC)
Certified White Hat Hacker (CWHH)
Symantec Endpoint Protection 12.1 Technical Specialist (STS) 
Red Hat Certified System Administrator (RHCSA)
Information technology infrastructure library (ITIL)
Open Source Intelligence (OSINT)

Day #1: Windows, Windows XP and Linux advanced scanning using Nessus
3 hours:
Windows XP advanced scanning using Nessus
Hack into windows XP using the discovered vulnerabilities
Escalate the privilege to domain administrator
Showing the recommendations to fix the vulnerabilities
Windows 7 advanced scanning using Nessus
Escalate the privilege to local administrator
Showing the recommendations to fix the vulnerabilities
Windows 8 advanced scanning using Nessus
3 hours:
Linux advanced scanning using Nessus
Hack into Linux using the discovered vulnerabilities
Escalate the privilege to Root
Showing the recommendations to fix the vulnerabilities
Vulnerability Assessment for SQL Database
Hack into Database using the discovered vulnerabilities
Adding local administrator to the SQL server and fully compromise it
  • Download a vulnerable machine
  • Run advanced scan against this machine
  • Exploit the machine
  • Escalate the privilege to root


Day #2: PCI DSS vulnerability scan and Network devices configuration auditing using Nessus
3 hours:
Internal PCI DSS vulnerability scan
Customizing the scan to check if the internal servers comply with PCI DSS standard
Scan the servers against different security standard and discover the flaws
Network devices configuration auditing using Nessus
Pull the devices configuration files and upload them to Nessus to show the
misconfiguration that may lead to exploiting the devices
3 hours:
Missing updates and patches scan using Nessus (we will discover the missing patches that may put or system into high risk)
Installing Web application on one of our servers
Showing the recommendations to fix the discovered vulnerabilities
Vulnerability Assessment for the web applications using Acunetix
Exploit the discovered vulnerabilities
Showing the recommendations to fix the discovered vulnerabilities
  • Run web application vulnerabilities scan using Nessus
  • Run web application vulnerabilities scan using Acunetix
  • Exploit the web flaws and get access to the database

DAY #3: OpenVAS and Nmap
2 hours:
Generating Professional Vulnerabilities Assessment Report using Nessus
Uploading Reports to Nessus scanner
Import Nessus report into metasploit to make it easy for exploiting the discovered
- // - 
2 hours:
Windows XP vulnerability assessment using OpenVAS
Windows 7 vulnerability assessment using OpenVAS
Linux vulnerability assessment using OpenVAS
- // -
2 hours:
Nmap for port scanning and services enumeration
Nmap Script for automatic vulnerabilities discovery
Hack into the system using the discovered vulnerabilities
  • Exploit the vulnerable machine
  • Escalate the privilege to root
  • Professional Vulnerabilities Assessment Report 
  • Windows XP, Windows 7 and Linux vulnerability assessment using OpenVAS

You can attend live classes online, in real-time. The number of seats is limited. This LCs are not available with the current subscription.
More info:

Successful Vulnerability Assessment using Nessus: how to discover the weakness points in your system

– You will master using Nessus which is one of the most popular automatic vulnerability scanner tools.
– You will learn how you can customize the scan according your target environment and how you can use the scan results to find the way to your target.
– You will learn how we can integrate between Nessus and metasploit to import the scan result into metasploit and finally.
– You will know how we can create different scan reports.
– You will apply what you learnt on a virtual lab environment. You will facing vulnerable software and operating system.

How to discover the weakness points in your system?

We will know the meaning of automatic vulnerability scanners.
We will learn how we can install Nessus for Windows and Linux operating systems.
We will know what it the meaning of Nessus plugins and how we can update the plugins online and offline.
1. Nessus Vulnearinbility Scanner
2. Installing Nessus for Windows and Linux
3. Updating Nessus Plugins online and offline

1. Installing Nessus for Windows
2. Installing Nessus for Linux
2. Updating Nessus Plugins online and offline

+ Video

In this module we will discover the different scans policies and how we can create a police that suite our targets and choose the correct plugins to avoid false positive results and Denial of service.
We will run a scan against target machine and show how we can use the results to exploit our target and extracting scan reports.

1. Creating Scan Policy
2. Choosing Plugins for our scan
3. Analysing Scan results
4. Using the results to exploit the target
5. Extracting Nessus report
6. Import Report in metasploit for furthur usage



1. Creating different scan policies
2. Customize the scan plugings
3. Scan Windows7 and windows XP using Nessus
4. Analyse the scan results and find exploit to the findings
5. Exploit the target
6. Import the Scan into Metasploit

Through this module we will discover how we can use Nessus to Audit Databases.
We will learn what is the meaning by PCI-DSS “Payment Card Industry” and how we can use Nessus make sure that we are following this standard.
1. Create policy for database auditing
2. Run scan against installed database
3. Use the scan result to find a way to login to our databse
4. Create PCI-DSS scan policy and run a scan against a real target

1. Create database auditing policy and run scan against installed database
2. Analyse the scan result and use some finding s to login to database
3. Create PCI-DSS policy and run a scan a against target machine

In this module we will face another interesting part in Nessus which is web application vulnerability assessment.
We will see how we can use Nessus to discover the flaws on our web application to secure them.
1. Host web applications on our website
2. Create web application scan Policy
3. Run scan against our web application
4. Analyse the scan results and find the flaws on our application

1. Install Web application on a web server
2. Create scan policy and run scan against the previously installed web application
3. Analyse the scan result and discover the flaws

In this module we will show another software for automatic vulnerability scanners (OpenVas) which can be found on Kali linux distro.
We will show how we can install this software and use it for running a scan against our target and analysing the report.
1. Configuring OpenVas on Kali linux
2. Running Scan against targets
3. Analysing the scan reports
4. Use the scan result for exploiting the machine


1. Installing OpenVas on Kali
2. Scan Some targets with  different operating System (Linux and Windows)
>3. Analyse the scan result and find some exploit to these findings

Hacking modern web technologies Live Class

HTML5, AJAX, Node.JS, Websockets, RESTful service, Apache ModSecurity, PHP page, XSS, PHP website

Live Class Duration: 03/08/2015 -05/08/2015

During this live classes you will learn how to use modern web development technologies in your applications and minimize security impact. You will be guided through practical exercises where you can test your knowledge and learn new things. All exercises will be viewed from both developer and hacker points of view. In every exercise you will be asked to find a security flaw and then we will discuss how to mitigate it and what is the best solution.

Every module in workshop contains a practice part. It is usually a task for testing yourself on how well you understood material or to check your applications for errors and flaws. For completing practical part you need a basic programming knowledge. A clear installation of Apache with PHP5 and Python would be enough to do all exercises in workshop.

Vladimir Korennoy
Software development.
Penetration testing.
Information security researching, developing intrusion prevention systems.
SIEM systems.
Digital Forensics/Anti-forensics tools and methods.
Head of Security Systems Development


Day#1: HTML5, AJAX, Node.JS, Websockets, RESTful services

On this class we will focus on new trending technologies including HTML5, AJAX in general, Node.JS, WebSockets and RESTful services.
Students will have to solve several tasks on that topic.
On each technology I will provide a little web application using it, and they have to identify vulnerability in it and try to exploit (for proof of concept). Typically it will be a single page application.

3 hours:

Exercise 1 - HTML5. Find vulnerability in given HTML5 simple application. Given page contains several vulnerabilities which lead to information disclosure, XSS and may be something else interesting. Try to exploit any. What can we do to protect it? Offer a way to patch this application.

Exercise 2 - AJAX. Understand how the page and backend are communicating. Try to find flaw in their communications. This flaw can lead to one of the most common type of injection. Can you gain administrator password hash? What you'll offer to avoid such scenarios?

3 hours:

Exercise 3 - Node.JS. Look at given Express.JS application. It contain a flaw which allow you to get in private zone.
Next, try to look closer at communicating with MongoDB.

Exercise 4 - Websockets. Try to understand communication in this application and bypass authentication page. How to mitigate this type of vulnerabilities?

Exercise 5 - RESTful services. You have a simple RESTful service. Let test its security? What can attackers do with it? How? Try to make a little pentest of this service to find weak entry points. There are at least 2 there. Vulnerabilities there are listed in OWASP TOP-10 and lead to sensitive information disclosure.. Suggest measures to mitigate it.


Day#2: Web Application Firewall - Apache ModSecurity

On this class we will try to move from validating to control web application security globally.
For that I will offer students to use Web Application Firewall - Apache ModSecurity.
Exercises will show flaws in validations (client-side, server-side).

3 hours:

Exercise 1 - Try to find flaw in client-side validation on PHP page.
Exercise 2 - After that, check server-side validation - is it safe? if not - why? how to avoid validation?

3 hours:

Exercise 3 - ModSecurity. Try to write filter for basic XSS attacks on basic PHP website.
Exercise 4 - ModSecurity. How to avoid Path Traversal vulnerabilities with modsecurity filters?


Day#3: Web application with some security flaws in HTTP headers

Students will have a web application with some security flaws in HTTP headers.
Some of headers will be missing.
Their goal will be to identify what headers are missing? what can attacker do in this situation?

6 hours:


Hacking modern web technologies Online Course

HTML5, AJAX, Node.JS, Websockets, RESTful service, Apache ModSecurity, PHP page, XSS, PHP website

In this course you will learn:

  • How to comprehensively remediate common web application vulnerabilities.
  • How to apply defensive application design and coding practices to avoid security vulnerabilities.
  • How to customize, implement, and maintain a baseline security standard for the web applications development lifecycle.
  • How to design stronger security architecture.
  • How to understand cutting-edge web technologies and their security implications, avoiding security issues when utilizing these newer technologies.
  • How to move away from basic web application security principles of “validating more” and implement effective security controls against vulnerabilities that input validation simply does not fix.
  • How to leverage HTTP header-level protection to apply strong defense systems on the client side by building another layer of defense on top of secure coding on the server side.

Every module will guide through a particular type of vulnerability. You will understand not only how to check vulnerable application is or not, but also how do these flaws occur on a development phase, and why do developers forget such things. In every module there's a mitigations measures described on how not to do errors and decisions which can lead to vulnerabilties.

After this course you will be able to see possible security troubles in web applications on a phase of architecting and then in coding. Also, course contains typical attack vectors used by hackers. Studying the hacker's point of view to your application will help to understand where problems could be before it gets exploited. Exercises present in every module. They can be in form of testing your existing environment and discussing result with intructor. In some module exercises you have to secure vulnerable application, correct improper validation procedures, find a vulnerability in given application code. During whole course you are free to communicate with intructor, ask questions and share your result to gain a higher level of understanding.

Module 1 - Web Application Security: Authentication, Authorization, and Impersonation

Try to make a list of your web resources. Map all which you want to check in next modules. If you have none - download and setup special distribution of linux with preinstalled software (like Damn Vulnerable Linux)

Module 2 - Broken Authentication and Session Management

Identify places in your web applications where injection could take place (or in DVL intstance). Try to exploit it. Try bypassing authentication and gaining access.

Module 3 - Cross-site Scripting (XSS) and Insecure Direct Object Referenced

Complete Google XSS game. Next - apply your skills on your resources to check them (or DVL). Check it for IDOR and try bypassing it.

Module 4 - Security Misconfiguration and Sensitive Data Exposure

Apply all described in module to your environment (or DVL) - check it. Try to re-configure if something wrong there. If you can't, or have any problems - ask questions in forum and we will solve them.

Module 5 - Missing Function Level Access Control and Cross Site Request Forgery (CSRF)

Find and exploit critical vulnerability in provided example application. It is there for sure. If you have any questions - ask them on forum or in private messages.

Module 6 - Using Components with Known Vulnerabilities and Unvalidated Redirects and Forwards

Identify vulnerable components in given example application. Can you exploit this vulnerability?


Latest Workshops

Popular Issues

Recent Posts

Apply for Instructor


Partners with


© HAKIN9 MEDIA SP. Z O.O. SP. K. 2013
Paste your AdWords Remarketing code here