Initial commit - 611 cybersecurity skills across all subdomains

This commit is contained in:
mukul975
2026-02-25 10:47:44 +01:00
commit 22a7ab1462
1765 changed files with 280648 additions and 0 deletions
@@ -0,0 +1,39 @@
# Standards and References - Authenticated Vulnerability Scanning
## Industry Standards
- **NIST SP 800-115**: Technical Guide to Information Security Testing and Assessment
- **NIST SP 800-53 RA-5**: Vulnerability Scanning (requires credentialed scanning for compliance)
- **CIS Controls v8 Control 7.5**: Perform automated vulnerability scans of internal assets on a quarterly basis using authenticated scanning
- **PCI DSS v4.0 Req 11.3.1**: Internal vulnerability scans must use authenticated scanning
- **DISA STIG**: Requires credentialed scanning for compliance validation
## Credential Management Standards
- **NIST SP 800-63B**: Digital Identity Guidelines - Authentication and Lifecycle Management
- **CIS Controls v8 Control 5**: Account Management
- **OWASP Credential Storage Cheat Sheet**: Secure credential handling best practices
## Scanner Documentation
- Nessus Credentialed Checks: https://docs.tenable.com/nessus/Content/CredentialedChecks.htm
- Qualys Authenticated Scanning: https://www.qualys.com/docs/qualys-scanning-best-practices.pdf
- OpenVAS Credential Management: https://docs.greenbone.net/
- Rapid7 InsightVM Credentials: https://docs.rapid7.com/insightvm/managing-shared-credentials/
## Verification Plugins (Nessus)
| Plugin ID | Name | Purpose |
|-----------|------|---------|
| 19506 | Nessus Scan Information | Shows scan metadata and credential status |
| 21745 | OS Security Patch Assessment | Confirms local security checks enabled |
| 117887 | Local Security Checks Enabled | Per-host credential verification |
| 110385 | Nessus Credentialed Check | Detailed credential success/failure |
| 10394 | Microsoft Windows SMB Log In Possible | Windows SMB auth verification |
| 10180 | Ping the Remote Host | Host reachability confirmation |
## Minimum Privileges Required
| Platform | Minimum Privilege | Notes |
|----------|------------------|-------|
| Linux | Root or sudo user | Sudo with NOPASSWD for specific commands |
| Windows | Local Administrator | Or domain account with local admin GPO |
| Cisco IOS | Privilege 15 | Enable mode access required |
| SNMP | Read-only (v3 authPriv) | SNMPv3 with encryption |
| Oracle DB | SELECT ANY DICTIONARY | Minimum for audit queries |
| PostgreSQL | pg_read_all_settings | Read-only role sufficient |
@@ -0,0 +1,61 @@
# Workflows - Authenticated Vulnerability Scanning
## Workflow 1: Credential Preparation and Validation
```
┌──────────────────┐ ┌──────────────────┐ ┌──────────────────┐
│ Create Service │────>│ Configure Least │────>│ Test Credentials │
│ Accounts │ │ Privilege Access │ │ on Sample Hosts │
└──────────────────┘ └──────────────────┘ └──────────────────┘
┌────────────────────────────────────────────────┘
v
┌──────────────────┐ ┌──────────────────┐ ┌──────────────────┐
│ Store in Secrets │────>│ Configure Scanner│────>│ Validate Auth │
│ Vault │ │ Credentials │ │ Success Rate │
└──────────────────┘ └──────────────────┘ └──────────────────┘
```
## Workflow 2: Authenticated Scan Execution
1. **Pre-scan**: Verify credentials, check network connectivity, confirm scan window
2. **Discovery**: Host enumeration to identify live targets
3. **Authentication**: Scanner authenticates to each target host
4. **Local Enumeration**: Query installed packages, patches, configurations
5. **Vulnerability Assessment**: Match local data against vulnerability database
6. **Report Generation**: Compile findings with credential success metrics
7. **Post-scan**: Verify no service disruption, archive results
## Workflow 3: Credential Success Monitoring
```
Scan Completion
├──> Check Plugin 117887 (Local Security Checks)
│ │
│ ├──> SUCCESS: Proceed to analyze findings
│ └──> FAILURE: Investigate cause
│ │
│ ├──> Network connectivity issue
│ ├──> Credential expired or changed
│ ├──> Firewall blocking management ports
│ ├──> Account locked out
│ └──> Insufficient privileges
└──> Calculate Credential Success Rate
├──> Target: >95% authenticated hosts
├──> Alert if <90% success rate
└──> Document exceptions for failed hosts
```
## Workflow 4: Credential Lifecycle Management
| Phase | Action | Frequency |
|-------|--------|-----------|
| Provisioning | Create accounts with least privilege | One-time |
| Distribution | Deploy keys/passwords to scanner | One-time |
| Validation | Test connectivity before scans | Per scan |
| Rotation | Change passwords, rotate keys | 90 days |
| Monitoring | Audit login events in SIEM | Continuous |
| Deprovisioning | Remove accounts when scanner retired | As needed |