This project simulates real-world vulnerability scanning using Tenable Nessus Essentials, with multiple scan stages and misconfigurations to show increasing security risk.
- VirtualBox + 2 Windows VMs
- Nessus scanner (with credentials)
- Target system with old Chrome, 7-Zip, Minecraft Server
| Stage | Description |
|---|---|
| 🔹 Scan 1 | Default settings – Remote Registry off, UAC on |
| 🔹 Scan 2 | System configured – Remote Registry on, UAC off |
| 🔹 Scan 3 | Vulnerable apps installed – real CVEs detected |
-vulnerable-software-results(chrome).png)
README.md– Main descriptionnessus-project-summary.md– Detailed explanation of stepsregistry-config.txt– Manual changes donescreenshots/– Visual proof
Skills Demonstrated: Nessus scanning, system hardening, CVE detection
** NOTE:** All scans were done in a safe, isolated virtual environment.
Below are the suggested remediation actions for the vulnerabilities discovered during the scans:
- Apply all missing Windows updates and patches
- Enable Windows Defender or another endpoint protection
- Update all software to the latest stable versions
- Google Chrome (outdated) → Update to the latest version from official website
- 7-Zip (CVE-2022-29072) → Uninstall or upgrade to patched version (v22.00+)
- Minecraft Server (Java-based) → Limit external access, update Java and Minecraft server, apply firewall rules
- Re-enable UAC (User Account Control) to prevent privilege escalation
- Turn off Remote Registry service if not needed
- Remove LocalAccountTokenFilterPolicy key from registry to restore security defaults
- Create non-admin accounts for regular usage
- Limit Nessus credentials to least privilege where possible
✅ By applying these remediations, we significantly reduce the attack surface and bring the system closer to industry-recommended security baselines.