🧠 Technologies & Skills Used

• Microsoft Azure Virtual Machine
• Tenable Nessus Professional
• MySQL Community Server
• Microsoft PowerShell

📑 Table of Contents

🖥️ Creating the Microsoft Azure Virtual Machine

⚙️ Configuring the Windows 10 Environment

1️⃣ Run Scan 1 — Initial Scan

🦠 Making the System Insecure

2️⃣ Run Scan 2 — Vulnerable State

💉 Remediating the System

3️⃣ Run Scan 3 — Post-Remediation

📊 Scan Data Visualization

🖥️ Creating the Microsoft Azure Virtual Machine

Basics Tab:

1. Resource group: Create new > Enter VulnerabilityManagement
2. Virtual machine name: Enter vulnerability-management-lab
3. Region: US East 2
4. Image: Windows 10 Pro, version 22H2 - x64 Gen2
5. Size: Standard D2s v3 (2 vcpus, 8 GiB memory)
6. Administrator account: Enter secure credentials

Disks Tab: OS disk type: Standard HDD (locally-redundant storage)

Networking Tab: Tick ✅Delete public IP and NIC when VM is deleted

Monitoring Tab: Boot diagnostics: Tick ✅Disable

Review + Create Tab: Click the blue Create button

⚙️ Configure the Windows 10 Environment

1. Use Remote Desktop Connection to connect to the vulnerability-management-lab virtual machine with the corresponding admin credentials and choose desired privacy settings

2. Install Tenable Nessus Professional on the virtual machine

3. Open wf.msc by searching for it in the search bar. When the Windows Defender Firewall with Advanced Security window appears, click Windows Defender Firewall Properties

4. On the Domain Profile tab, press the 'O' key and the desired settings will change. Repeat this process for the Private Profile and Public Profile tabs. Click Apply and OK

5. Open Windows PowerShell as administrator by searching for it in the search bar and enter:

   Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" -Name "LocalAccountTokenFilterPolicy" -Value 1 -Type DWord -Force`

6. Restart the vulnerability-management-lab virtual machine

1️⃣ Run Scan 1 — Initial Scan 🔎

1. In Tenable Nessus Professional, click Create new scan. Select Advanced Scan (Configure a scan without using any recommendations)

2. Enter the appropriate information in the Settings > BASIC > General tab:

   Name: Vulnerability_Management_Demo

   Targets: Enter the vulnerability-management-lab virtual machine's private IP address (ex. 10.1.0.4)

3. Tick ✅Use fast network discovery in the Settings > DISCOVERY > Host Discovery tab

4. To allow a credentialed scan, navigate to the Credentials tab and click on Windows. Enter the secure previously set admin credentials for the vulnerability-management-lab virtual machine

5. Tick the following under Global Credential Settings:

   • ✅Start the Remote Registry service during the scan
   • ✅Enable administrative shares during the scan
   • ✅Start the Server service during the scan

6. Launch the Vulnerability_Management_Demo scan by clicking the ▶ button

🦠 Make vulnerability-management-lab Virtual Machine Insecure

Install Vulnerable Database Server (MySQL 5.6.21)

1. Download mysql-5.6.21-winx64.zip from the MySQL Community Server archive and extract to C:\mysql-5.6.21-winx64

2. Initialize MySQL service

   • Open Command Prompt as administrator
   • Run commands:

     cd C:\mysql-5.6.21-winx64
     mysqld --initialize-insecure
     mysqld --install
     net start mysql

3. Create Vulnerable Users
   • In the same Command Prompt, connect to MySQL:

     mysql -u root

   • Create insecure users with full privileges:

     CREATE USER 'admin'@'%' IDENTIFIED BY 'password123'; GRANT ALL PRIVILEGES ON *.* TO 'admin'@'%' WITH GRANT OPTION; CREATE USER 'test'@'%' IDENTIFIED BY 'test'; GRANT ALL PRIVILEGES ON *.* TO 'test'@'%' WITH GRANT OPTION; FLUSH PRIVILEGES;

4. Configure Remote Access
   • Create .txt file anywhere, open it with Notepad and paste the following:

     [mysqld]
        basedir=C:/mysql-5.6.21-winx64
        datadir=C:/mysql-5.6.21-winx64/data
        port=3306
        bind-address=0.0.0.0

   • Navigate to File > Save As and change Save as type to All Files
   • In File name:, enter my.ini and save it in the C:\mysql-5.6.21-winx64 directory

Enable Legacy SMBv1

1. Open Microsoft PowerShell as administrator
2. Run command:

   Enable-WindowsOptionalFeature -Online -FeatureName "SMB1Protocol"

3. Restart the vulnerability-management-lab virtual machine when prompted

Install outdated version of Firefox (ex. v110)

Install Vulnerable Web Stack (XAMPP) & Disable User Account Control (UAC)

1. Download XAMPP v8.0.11
2. Press WIN key and type "UAC"
3. Click Change User Account Control settings
4. Move slider to Never notify
5. Click OK

6. Run xampp-windows-x64-8.0.11-2-VS16-installer and keep all default components selected

7. Restart the system after the installation completes
8. Open the xampp-control.exe (located in C:\xampp)
9. In the XAMPP Control Panel click on Start next to Apache and FileZilla

2️⃣ Run Scan 2 — Vulnerable State 🔎

1. In the My Scans section of Tenable Nessus Professional, launch the Vulnerability_Management_Demo scan by clicking the ▶ button and then observe the results after the scan finishes

💉 Remediate the System

✂️ Remove Vulnerable Components

Uninstall MySQL 5.6.21

1. Stop and Remove MySQL Service

   net stop mysql
   sc delete mysql

2. Delete MySQL Directory

Uninstall XAMPP

1. Stop all XAMPP services from the XAMPP Control Panel

2. Kill the xampp-control process in Task Manager

3. Delete the XAMPP directory

Uninstall Insecure Firefox

🛡️ Harden the System

Disabling TLS 1.0 and TLS 1.1 via Registry Editor

1. Open the Registry Editor:

   • Press Win + R, type regedit, and press Enter.

2. Navigate to the TLS Protocol Settings:

   • Go to:

     HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\
     

3. Disable TLS 1.0 and 1.1:

   • Inside the Protocols key, create the following subkeys if they don’t exist:

     TLS 1.0\Client
     TLS 1.0\Server
     TLS 1.1\Client
     TLS 1.1\Server
     

   • In each of these subkeys, create a DWORD (32-bit) value named Enabled and set it to 0.

Enable User Access Control (UAC)

Disable Legacy SMBv1

1. Open Microsoft PowerShell as administrator
2. Run command:

   Disable-WindowsOptionalFeature -Online -FeatureName "SMB1Protocol"

3. Restart the vulnerability-management-lab virtual machine when prompted

Delete the contents of the Downloads folder & empty the Recycle Bin

Run Windows Update

🔐 Install Secure Versions of MySQL Community Server, XAMPP, & Firefox

Install Latest MySQL Community Server Version

1. Download latest MySQL Installer from official website
2. Run installer and select:
   • Server only
   • Configure root with a secure password

Install Latest XAMPP Version

1. Download latest XAMPP from Apache Friends
2. During installation:
   • Select only necessary components

Install Latest Firefox Version

1. Download and install latest Firefox version from official Mozilla website
2. Configure Firefox to automatically update

3️⃣ Run Scan 3 — Post-Remediation 🔎

📊 Data Visualization of All 3 Scans