Blog

Prerequisites There are prerequisites to this lab as listed below: Step-by-Step Guide on Installing Nessus Essentials Launch A Credentialed Scan in Nessus: Step-by-Step Guide How to Create and Launch a Basic Network Scan in Nessus How to Create and Launch a Host Discovery Scan in Nessus Understanding Nessus Vulnerability Assessment Nessus is a widely used vulnerability assessment tool designed to help organizations identify and address security vulnerabilities in their systems and networks. Developed by Tenable, Nessus scans systems for known vulnerabilities, misconfigurations, and other security issues. In vulnerability assessment, Nessus supports two main types of scans: credentialed and non-credentialed. Each has its own advantages and limitations, depending on the level of detail required and the environment being assessed. Here’s a concise guide to understanding the differences between these two scanning approaches: 1. Credentialed Scans Credentialed Scans use valid credentials (such as usernames and passwords) to access systems during the scan. This approach provides deeper insights into the system’s configuration and potential vulnerabilities. For example, A credentialed scan would be ideal for identifying vulnerabilities in an internal network or assessing detailed configuration settings on a web server where deeper insights are necessary for security assessment. Advantages of Credentialed Scans Disadvantages of credentialed scans 2. Non-Credentialed Scans Non-Credentialed Scans do not use any credentials. Instead, they assess vulnerabilities based on what is accessible from an external perspective. For example, A non-credentialed scan is useful for testing the security of publicly accessible web applications or network services to determine what vulnerabilities an external attacker could exploit. Advantages of Non-Credentialed Scans Disadvantages of Non-Credentialed Scans Choosing Between Credentialed and Non-Credentialed Scans Use Credentialed Scans When: Use Non-Credentialed Scans When: Combining Both Approaches For a comprehensive security assessment, it is often beneficial to use both credentialed and non-credentialed scans. This dual approach allows for a thorough examination of both external vulnerabilities and internal weaknesses, providing a complete view of your security posture. For example, A company might run non-credentialed scans to identify vulnerabilities accessible from the internet and credentialed scans to evaluate internal configurations and vulnerabilities that could be exploited once an attacker gains internal access. By understanding and effectively utilizing both credentialed and non-credentialed scans, organizations can better protect their systems and address vulnerabilities from multiple angles Vulnerability Result Analysis For this example, I performed both a credentialed scan and a non-credentialed scan on the same machines to compare the results, as shown in the screenshots below. Click here to learn how to launch a credentialed Scan in Nessus and here to learn how to launch a non-credentialed (Basic Network Scan) in Nessus. Your scan result dashboard should look similar to the screenshots below. Notice that the credentialed scan identified more vulnerabilities than the non-credentialed scan result. Credentialed scan result Non-credentialed scan result Understanding Vulnerability, Threat, And Risk In cybersecurity, the terms vulnerability, threat, and risk are often used interchangeably, but they have distinct meanings. Understanding these differences is crucial for effective risk management and security strategy development. Here’s a clear breakdown of each term: 1. Vulnerability: A vulnerability is a weakness or flaw in a system, application, or network that a threat actor could exploit to gain unauthorized access or cause harm. It is a specific issue within a system, such as a software bug, misconfiguration, or missing patch. For example, a software application with a buffer overflow vulnerability or an unpatched operating system that is vulnerable to known exploits. Weak passwords or default credentials. Identifying and addressing vulnerabilities is critical because they represent potential entry points for attackers. Regular vulnerability assessments help in discovering and mitigating these weaknesses before they can be exploited. 2. Threat: A threat is a potential cause of an unwanted incident that can result in harm to a system or organization. Threats exploit vulnerabilities to cause damage. A threat can be a person, group, or event that has the potential to exploit vulnerabilities. It is essentially an actor or event that has the capability and intention to cause harm. For example, cybercriminals or hackers aim to exploit vulnerabilities for financial gain, or malware like ransomware designed to exploit software flaws, natural disasters, or insider threats (e.g., employees with malicious intent). Understanding threats helps organizations anticipate potential attacks and develop strategies to protect against them. Threat intelligence and threat modeling are key to preparing for and defending against various types of threats. Click here to understand MITRE ATT&CK. 3. Risk: Risk is the potential for loss or damage when a threat exploits a vulnerability. It is the combination of the likelihood of a threat occurring and the impact it would have if it did. Risk is a measure of how vulnerabilities and threats interact to affect the organization’s assets and operations. It considers both the probability of an exploit and the potential consequences. For example, the risk of data loss from a ransomware attack exploiting an unpatched vulnerability and the risk of a data breach from an insider threat exploiting weak access controls. Managing risk involves assessing the likelihood and impact of threats exploiting vulnerabilities and implementing measures to mitigate or reduce this risk. Risk management strategies include applying patches, enhancing security controls, and developing incident response plans. Risk is often assessed using the formula: Risk = Threat x Vulnerability x Impact False Positives, False Negatives, True Positives, and True Negatives Understanding the concepts of false positives, false negatives, true positives, and true negatives is essential for evaluating the effectiveness of detection systems, such as vulnerability scanners, intrusion detection systems, and other diagnostic tools. Managing these outcomes helps improve the effectiveness of security tools and ensures a more accurate and efficient security posture. Here’s a breakdown of each term: 1. True Positive: A true positive occurs when a test or detection system correctly identifies a vulnerability or threat that is genuinely present. The system correctly detects a real issue. For example, a vulnerability scanner identifies a known security flaw in software that has indeed been found and confirmed to exist. True positives are crucial because they represent effective

Splunk Enterprise Splunk Enterprise is a Security Information & Event Management SIEM solution that allows you to manage your data in one place. By providing a user-friendly dashboard to collect, analyze, visualize, and manage your data. Click here to learn how to install Splunk Enterprise on Windows. Click here to learn How to Install a Windows Universal Forwarder. The Splunk Search App The Search app is the Search & Reporting app. This application allows you to search, analyze, and create reports on your data. Let’s open the Search App. To do this, click the Search & Reporting in the Apps panel from Splunk Home. The Data Summary Click on Data Summary. Here, you will see three tabs: Hosts, Sources, and Sourcetypes. These tabs are the searchable fields in your data. The Hosts Click on Hosts. The Host of an event identifies the network machine from which the event is generated. It represents the IP address, hostname, or fully qualified domain name. The host field enables you to search data from specific machines. The Sources Click on Sources. The source of an event refers to the directory path or file, network port, or script from which the event was created. The Source type Click on Sourcetype. The source type of an event shows the kind of data it is. This is usually based on how the data is structured. This data organization allows you to search across multiple hosts and sources for the same type of data. Click the Search & Reporting in the Apps panel from Splunk Home. Click the Search tab. In the search box, start by typing host. Select the machine from which you want to view logs and press enter. For this example, I am choosing “WIN10 ENT“ We will analyze the logs from Source = WinEventLog: System and Sourcetype = WinEventLog: System. Left-click Source = WinEventLog: System and click Add to Search. Next, Left-click Sourcetype = WinEventLog: System and click Add to Search. You can click Exclude from Serch if you want it to be excluded from the search (Optional). The Search Assistant has generated the search language for easy search, as shown below. Understanding the Search view The Search view appears when you click the Search tab for a new search or after you run a search. It has many components such as the Search bar, Save As, App bar, Time range picker, search mode selector, search action buttons, counts of events, Visualizations, job status bar, Patterns, Statistics, and tabs for Events, as shown below. Search bar: This is where you define your search criteria Save As: Allows you to save your search results as a Report, Alert, Existing Dashboard, New Dashboard, or Event Type. Time range picker: Allows you to specify the search period, For example, last 24 hours. The Search mode selector: The search mode selector allows you to choose a search experience based on your needs. There are 3 search modes: Smart (default), Fast, and Verbose. Events: Allows you to view the events that match your search criteria. Search by category You can search by category using the asterisk ( * ). In the search box, type “*category” and press enter. Now, left-click the Logon and click Add to search. As shown below. Notice that the Search Assistant has generated the search language for easy search, as shown below. This will generate all the event logs related to Logon within the specified time. Next, let’s search using the hostname and category. In the search box, start by typing host. Select the machine you want to view logs from and press enter. For this example, I am choosing “WIN10 ENT“. Then type “*category” and press enter. Click on Logon and click on Add to search. Notice that the Search Assistant has generated the search language for us to make the search easy. As shown below. This will generate all the event logs related to Logon for the “WIN10 ENT” machine. Best Practices for Searching Data in Splunk Here are some best practices to keep in mind while searching data in Splunk using the Splunk Search App: Conclusion The Splunk Search App is a valuable tool for searching and analyzing data in Splunk. By following the steps outlined in this blog post and implementing best practices, you can effectively search and retrieve relevant data from your Splunk indexes. Remember to refine your search queries, leverage search modifiers and filters, and explore the various features provided by Splunk to gain valuable insights from your data. References Splunk Documentation Splunk Documentation Start Searching

Effective Incident Response: A Guide Based on NIST Framework In today’s digital landscape, the threat of cybersecurity incidents is ever-present. Organizations must make preparations and get ready to respond promptly and effectively, whether it’s a data breach, phishing attack, or malware infection. One of the most reliable resources for developing an incident response strategy is the NIST Special Publication 800-61 Revision 2, titled “Computer Security Incident Handling Guide.” This comprehensive framework offers essential guidance for establishing a robust incident response program. Understanding the Importance of Incident Response Incident response (IR) refers to the systematic approach organizations take to manage and mitigate cybersecurity incidents. A well-defined incident response plan helps minimize loss or damage, reduce recovery time, and help preserve the organization’s reputation. Key Phases of Incident Response According to the NIST framework, the incident response process consists of four key phases: Leveraging the NIST Framework Implementing the NIST 800-61 can significantly enhance an organization’s incident response efforts. Here are some of the ways to utilize this guide: Guide for Developing an Incident Response Plan 1. Introduction 2. Incident Response Team (IRT) 2.1 Roles and responsibilities of team members 2.2   Contact information and escalation procedures 3. Incident Classification 4. Incident Detection and Reporting 5. Incident Response Phases 6. Communication Plan 7. Documentation and Reporting 8. Review and Improvement Conclusion A robust incident response strategy is vital for protecting your organization from cybersecurity threats. By following the guidelines set forth in the NIST SP 800-61, organizations can enhance their preparedness and response capabilities. Implementing these best practices not only minimizes damage during an incident but also fosters a culture of security awareness that can significantly reduce the risk of future incidents. Click here to view an Incident Response Plan sample.

Incident Response Plan Sample for Malware Infection Click here to download the editable version of this plan and modify it as needed to suit your organization’s needs. 1. Introduction Purpose This plan outlines the procedures to follow in the event of malware infection to minimize damage, recover systems, and prevent future incidents. Scope Applicable to all employees, IT staff, and incident response team members. 2. Incident Response Team (IRT) Roles and Responsibilities 3. Definition What is Malware? Malware (short for “malicious software”) refers to any malicious software designed with the aim of causing damage to a server, computer, client, or computer network. Malware can disrupt operations, steal sensitive information, or gain unauthorized access to systems. It can take various forms and can be delivered through different vectors, such as email attachments, malicious websites, or compromised software downloads. Types of Malware Virus A type of malware that attaches itself to a legitimate program or file document and spreads to other files when executed. It can corrupt or delete files, slow down system performance, and cause other harmful effects. Worm Similar to viruses, worms can replicate themselves and spread independently over networks. They do not require a host program to propagate and can exploit vulnerabilities in software or operating systems. Trojan Horse A deceptive software that appears legitimate but performs harmful actions once installed. Trojans often create backdoors for other malware or attackers to gain access to the system. Ransomware Ransomware encrypts files on a victim’s system and demands payment (ransom) to restore access. Ransomware attacks can be hurtful to individuals and organizations. Spyware Software that secretly monitors user activity and collects personal information, such as browsing habits, login credentials, and financial data. It often operates without the user’s knowledge. Adware Software that automatically downloads or displays advertisements when the user is online. While not always harmful, it can degrade system performance and may track user behavior. Rootkit A collection of tools that enables an attacker to maintain privileged access to a system while hiding their presence. Rootkits can be used to control compromised systems and evade detection. Botnet A network of infected computers (bots) that can be controlled remotely by an attacker. Botnets are mostly used to perform distributed denial-of-service (DDoS) attacks or to distribute spam emails. Keylogger Software that records keystrokes made by the user. It captures sensitive information such as user credentials (usernames and passwords) and credit card numbers. Keyloggers can be part of other malware or stand-alone tools. Scareware Software that uses deception to convince users that their system is infected with malware, prompting them to purchase unnecessary software or services. Severity Levels: 4. Incident Detection and Reporting 4.1   Detection Methods: 4.2   Reporting Procedure: Employees should immediately report suspected malware to the IT Help Desk using the established incident reporting form. 5. Incident Response Phases 5.1. Preparation 5.2. Detection and Analysis 5.3. Containment 5.4. Eradication and Recovery 5.5. Post-Incident Activity 6. Communication Plan 6.1   Internal Communication: 6.2   External Communication: 7. Documentation and Reporting 8. Review and Improvement

What is TLS 1.3? TLS 1.3, or Transport Layer Security version 1.3, is a cryptographic protocol created to provide secure communication over a network. It’s the latest version of TLS, which is the successor to SSL (Secure Sockets Layer). TLS Key Features include: Transport Layer Security (TLS) VS Secure Sockets Layer (SSL) TLS or Transport Layer Security and SSL or Secure Sockets Layer are cryptographic protocols created to secure communication over a network. While they serve similar purposes, TLS is the modern and more secure successor to SSL. Organizations should use the latest version of TLS to ensure the highest level of security for their communications. SSL (Secure Sockets Layer) SSL has three main versions: SSL 1.0 (never publicly released), SSL 2.0 (released in 1995), and SSL 3.0 (released in 1996). SSL 3.0 was a significant improvement over SSL 2.0 but is now considered outdated. SSL 2.0 and SSL 3.0 are no longer considered secure due to various vulnerabilities. They have been deprecated and replaced by TLS. SSL should no longer be used to secure communications due to vulnerabilities. TLS (Transport Layer Security) TLS evolved from SSL, with TLS 1.0 being the first version released in 1999. Subsequent versions include TLS 1.1 (2006), TLS 1.2 (2008), and TLS 1.3 (2018). Each version brought enhancements and improvements over its predecessors. TLS continues to be developed and refined to address emerging security threats and improve performance. Now that you understand what TLS is let’s proceed with enabling TLS using IIS Crypto. Click here to download IIS Crypto. Download based on your preference. For this example, I will download the GUI version, as shown below. Locate the application downloaded and double-click it to run the IIS Crypto application. Click the accept button to accept the License Agreement. In IIS Crypto, navigate to the Schannel tab. Here, you will see a list of available TLS versions for server and client protocols. Uncheck other protocols and check TLS 1.3 only for Server and Client to enable only TLS 1.3 and disable the older protocols. Check the Reboot box and click apply to apply and reboot. The system will reboot. To confirm that the changes have taken effect, launch IIS Crypto and click on Schannel. See the screenshot below.

Here’s a comprehensive SOP template for the installation of antivirus software. Feel free to customize it to fit your organization’s specific requirements. Click here to download the editable template. Notes: Standard Operating Procedure (SOP) for Installation of Antivirus Software SOP Title: Installation of Antivirus Software SOP Number: [SOP-001] Effective Date: [Insert Date] Revision Number: [Revision Number] Prepared By: [Your Name/Title] Approved By: [Approver Name/Title] 1. Purpose This SOP outlines the procedures for the installation of antivirus software on organizational endpoints to ensure the security and protection of systems against malware and other security threats. 2. Scope This procedure applies to all IT personnel responsible for installing antivirus software on desktops, laptops, and servers within the organization. 3. Definitions 4. Responsibilities 5. Prerequisites 6. Procedure Steps 6.1 Preparation 6.2 Installation 6.3 Configuration After installation, configure the antivirus settings by enabling real-time protection, schedule regular scans (daily or weekly), and update virus definitions immediately. Save changes and exit the settings menu. 6.4 Post-Installation 7. References 8. Revision History Revision number date description of changes approved by in this format: [Insert Date] Initial release [Approver Name]

Configure Receiving in Splunk Server Login to your Splunk Server. See how to install Splunk Enterprise here. Click on the Settings tab > Forwarding and receiving > Receive Data. Configure receiving, and click  Add new “Set up this Splunk instance to receive data from forwarder(s).” The spunk instance listens on port 9997 to receive data from forwarder(s). Enter 9997 and click the Save button. How to create a new index in the Splunk server Next, create a new index. Click on the Settings > Indexes > New Index. Click on the New Index button. In the Index Name, Name your index. Leave everything else as default and click the Save button. How to Download Splunk Universal Forwarder Now, log in to your Splunk.com account, where you downloaded Splunk Enterprise. See how to install Splunk Enterprise here. Download the latest Splunk Universal Forwarder based on your Operating System. For this example, I downloaded Windows 10, 64-bit. Click on the Download Now button. Check the box to agree to the Agreement, and click the Access Program button. Install a Window Universal Forwarder on a Windows Machine Copy the Universal forwarder to the intended machine if this is not the machine from which you intend to forward logs. Double-click the installer to start the installation process. Click on the View the License Agreement (Optional). Check the box next to “Check this box to accept the License Agreement“, Select “An on-premises Splunk Enterprise instance” and click the Next button. Create a Username and Password. You can check the box next to Generate a random password to generate a random password (optional). Enter the host IP of your Deployment Server. Enter the port number. The default is 8089 and click the Next button. Enter the host IP of your Receiving indexer (same as your Deployment Server). Enter the port number; the default is 9997, and click the Next button. Click the Install button and wait for the installation to complete. The installation was completed successfully. Click the Finish button. How to Input Data to Splunk Next, we need to input data to the Splunk Server. Splunk has 3 methods of adding data. By uploading, Monitor, and forwarder. For this lab, we will configure Local Input and Forwarded Input. Click on Settings > Data inputs Click on Edit to edit the Local Event log collection. Select which logs you want to receive. For this example, I selected Add all. Click the Save button. Let’s configure the Forwarded Input. Click on Add New to add new Window Event Logs, as shown below. Here is the list of forwarders (the machines you installed the Universal Forwarder on). Click on the hostname to add to the selected host(s). Or click add all to add all the available hosts. Enter a name in the “New Server Class Name.” Click the Next button on the upper right side. Select which logs you want to receive. For this example, I selected add all. Click the Next button. Leave the Index as default and click the Review button. Here is the Review page. Review your choices and click the Submit button. The data input was successful, and the event log input was created successfully. Here, you can add more data by clicking the Add More Data button. Let’s check if data is coming in using the Splunk search app. Under Apps, click on Search & Reporting > Data Summary. Data has started coming in. Click on Hosts to see the Host/Forwarder(s) here. Click on Sources to see the sources of the events generated. In our Next lab, we will learn how to search data in Splunk using the Splunk Search App. Click here to learn. Reference Splunk® Universal Forwarder Splunk Universal ForwarderForwarder Manual

I was asked this question on Linkedin and decided to share my approach. “What would be your advice for people studying for Sec+?” Preparing For Your Exam Understand the exam objectives: Start by familiarizing yourself with the exam objectives. A company like CompTIA provides a detailed list of what will be covered, and knowing these will help you focus your study efforts on the important topics and manage your time well. Understand your learning style: Use the most preferred or both, depending on your situation. Whether you’re a visual learner or prefer reading, you can find resources that work for you. I use both! Create a study plan: Break down the material into manageable sections and set a timeline for studying each. Study consistently, and don’t procrastinate. Whenever I prepare for an exam, I study daily and consistently listen to the learning material/video when busy with other things. Remember, consistency is key, and focused study sessions are often more effective than cramming. Hands-on experience: Try to get practical experience with security tools and technologies. Setting up a lab environment to practice configurations and troubleshooting can be invaluable in retaining the information. Join study groups: Study groups can provide support, answer questions, and offer different perspectives on challenging topics. Engaging with others can also keep you motivated. Take practice exams: Be exposed to as many practice questions as possible. Practice exams are crucial for understanding the format and types of questions you’ll encounter. They also help you identify areas where you need more review. Review and revise regularly: Review what you’ve learned to reinforce your knowledge. Make use of flashcards or summary notes to help with revision. Make sure to review your objectives again before your exam. Ensure you understand core topics and are confident in answering any questions. Choose the best time to take your exam: This is a big one; schedule your exam for a time when you feel most alert and focused. This is usually when you are well-rested and relaxed. Avoid times when you are stressed or very tired. I failed my CYSA+ exam by a few points on my first try because I was very stressed and tired and could barely keep my eyes open. So, I was reading the questions but couldn’t understand them. You need to understand the questions before you can answer them. On the Test Day Stay calm during the test: Try to remain calm throughout the exam. If you feel anxious, take a few deep breaths to help you relax. Handle Performance-Based Questions (PBQs): Handling Performance-Based Questions (PBQs) later in the exam can be an effective strategy. If you encounter PBQs early, mark them and move on to complete the multiple-choice questions first. Set aside specific time for PBQs towards the end of the exam.  Multiple-choice questions are generally quicker and can help you build confidence and momentum. Handle difficult questions: If you encounter a question you don’t understand, flag/mark it to return to later and move on. This will ensure you cover all questions and maximize your score on easier questions. After answering the easier questions, revisit the flagged ones. When you return to the flagged questions, read them carefully multiple times to try and understand them. If you still can’t determine the answer, make an educated guess.

Login to your Nesus account. If you don’t have an account, Click here for a Step-by-Step Guide on Installing Nessus Essentials. It’s free! What is a Nessus Credentialed Scan? Nessus credential scan is a trusted scan. It enables us to scan internally by providing authorized user credentials (username and password) to perform the scan. Nessus credentialed scan provides a reliable scan result with details that can help prioritize vulnerability remediation. Click on the New Scan button by the top right. Choose the Advanced Scan Click on the General on the left. Name your scan, type a description (optional), choose My Scan folder for your scan, and enter your target IP address(s) or IP range. Click on Discovery > Port Scanning on the left. Change it from the default to 1-65535. You can schedule your scan as shown below. But for this scan, I am keeping the schedule off. You can enter an email address to receive notification as shown below. But for this scan, I am keeping it as default. Click Credentials, Categories > Host. In the filter Credential, type Windows and select Windows. Enter an Administrator’s credential. Note: I created an admin user account in the AD Domain controller for this project. I will include the guide below if you need to create a new account; otherwise, skip it. Click the save button, and click on My Scans on the left under the Folders. Click the play icon by the top right. The Credentialed Scan was completed successfully. Click the Vulnerability tab and click on each Vulnerability to learn about them. How to create an Active Directory Domain user account in Domain Controller We need to create a new AD Domain user account to be used for Nessus credentialed scan. And add the user to the Global administrator group. To create a new AD Domain user account, type Control Panel in the search box Click Control Panel as shown below. Change your “view by” on the top right to small icons. To easily locate Administrative Tools. Click Administrative Tools. Double-click Active Directory Users and Computers. Right Click Users > New > User. Name the New user. For this project, type Nessus as the first name and Admin as the last name in the Full name box. Enter “NessusAdmin” in the User logon name and click the Next button. Create and confirm a password for the new user. Check the box next to User must change password at the next login if you want to change the password. For this example, I do not want to change the password, so I checked Password never expires. Click the Finish button. Next, let’s add the user to the Domain Admins group. User > Right-click the “NessusAdmin” > Add to a group. Type Domain Admins, and click the Check Names button to make sure it’s a valid group. Click the OK button. We have successfully added the user to a group. Right-click the “NessusAdmin” user, and click properties. Click the Member Of tab to see what groups the user belongs to. Next, we are going to learn how to analyze, verify, and mitigate the true positives. Click here to learn.

Note: This is the continuation of our previous lab. Where we set up a basic ethical hacking/Penetration lab using Metasploitable3 and Kali Linux. You can find the lab here: Setting Up an Ethical Hacking Lab. Also, I created an Nmap cheat sheet as a guide to help us in this lab. Click here: An Ultimate Nmap Cheat Sheet. Have it handy; you will find it useful. Important! Please do not scan systems that do not belong to you or have legal permission to scan. It is illegal to scan any network, system, or site without prior authorization from the owner. Alternatively, you can scan this site, scanme.nmap.org, if you haven’t set up your ethical hacking lab yet. Scanme.nmap.org by Nmap, was developed for the purpose of network scanning. See example below Nmap is pre-installed in Kali Linux. Let’s perform a basic scan on the target. Open your terminal, type nmap scanme.nmap.org, and hit enter as shown below Next, type sudo nmap -A scanme.nmap.org and hit enter. -A flag enables aggressive scanning. Provides information about the OS, version, and other useful details. -A flag will scan the target using -sS, -sV, and -O flags. See the screenshot below Now, we are going to start scanning Metasploitable3 as a target. Kali Linux is our attacking machine. Metasploitable3 is our target machine. Find out what your Metasploitable3 IP address is. Open the command prompt, type ipconfig and hit enter. Take note of the IP address, as this is what you will need for this project. Perform a basic scan on the target using the command below. Replacing <target> with the IP address of your target host. Perform an aggressive scan on the target using the command below. Replacing <target> with the IP address of your target host. Using -A flag provides us with information about the service version, Os version, and operating system. Similar to when we used -A flag for an aggressive scanning above. Notice we got the service version, Os version, and operating system details. Perform a stealth scan probing a specific port 21. Use the -sS syntax for a stealth scan and -p to probe a specific port. Perform a UDP scan on the target by using -sU flag. This command allows us to perform a UDP port scan on the target. This is a very useful command for identifying services that use UDP. Performs a scan on the target without sending an ICMP Echo Request (ping request) message. Using -Pn flag, this command allows us to scan systems with disabled ICMP responses. Let’s perform a traceroute. We will also perform an advanced scan to determine the target’s service version, operating system, and script scanning. -A flag for an aggressive scan, which provides details about OS, Service Version, and other useful information. -T flag specifies the scan timing. -p- enables us to scan for all 65,535 open ports on a target. Use this cheat sheet to practice more. Click here: An Ultimate Nmap Cheat Sheet. References Nmap