Avi's blog

Today we going to learn how to download nessus offline plugins. Before we proceed, we need to activate nessus with pro license key.  I am assuming that the nessus is activated via offline and the license key is not used anywhere else. Remember this offline plugins update will work only those nessus in where the license code is present. A combination of challenge id and license code is used to download the plugins. When you upload the plugins, then it checks whether the same license is present there or not. If not it will allow you to upload the plugins but actually it will not update the plugins .  Lets say, in windows server nessus is installed.  Navigate the below location from command prompt and run below command: C:\Program Files\Tenable\Nessus\nessuscli.exe fetch --challenge You will get the challenge id. Copy that. Now go to the below link: https://plugins.nessus.org/offline.php Provide the challenge id and license code. Once you submit, you will get Custom URL for ...

  Cloning is a nice feature of VMware Workstation Pro. Just right click of your vm > Manage > Clone > Then specify in which folder you want save the new cloned vm. Then start cloning. Use case: Say you need 4 windows 10 machines. Just setup one and then clone it to make it 4 Avi

 Probably the target host that you are scanning do not respond to icmp echo ping request. It may think that someone launch an attack against itself. So the host firewall on the target system may blocking what Nessus wants to do.  So here are the steps you can do: Go to nessus > select the host and choose configure. Select the scan type as custom instead of port scan (common or all ports). Now go to host discovery and turn off the ping the remote host. Hopefully your scan should work now. Thanks Mahim Avi.

Kali linux mouse disappear issue fix 1. Shut down the VM. 2. Select Upgrade this virtual machine (right under Edit virtual machine settings) 3. Choose Next. 4. For Hardware Compatibility, choose Workstation 17.5 or later. 5. Choose Alter this virtual machine. 6. Choose Finish. 7. Power on the VM. Problem solved. Avi

 Base64 decode command. Go to sans sift workstation: echo "base64 payload data" | base64 -d | iconv -f UTF-16LE -t UTF-8 iconv command is used to convert double-byte Unicode to single-byte Unicode or ascii, making the output easier to read.  Avi

 Setting up plaso on your own windows host using wsl distro- windows subsystem for linux. First go to your linux vm and run below commands: docker must be installed on your linux vm. docker run -t --name Plaso-v20230520 log2timeline/plaso:20230520 log2timeline.py --version Link for plaso tags: If you want to pull latest docker image then from the below link find the relative tags. Here we are pulling 20230520 plaso version.  https://hub.docker.com/r/log2timeline/plaso/tags Making the .tar file that will be moved to windows vm. docker export Plaso-v20230520 > /cases/Plaso-v20230520.tar Now you can remove it from linux vm. docker rm Plaso-v20230520 Now take it to windows vm. Then open command prompt in admin mode and run below commands: mkdir C:\SANS\Plaso-v20230520 wsl --import Plaso-v20230520 C:\SANS\Plaso-v20230520 .\Plaso-v20230520.tar Avi