Scribd
Upload
11 views1 page

Agent-less Windows Vulnerability Scanner

The document outlines a problem statement for developing an agent-less vulnerability and network scanner for Windows systems, aimed at identifying and mitigating potential security threats. The solution should audit system and network vulnerabilities, provide comprehensive system information, and generate reports in PDF or HTML format. The project is under the National Technical Research Organisation and focuses on enhancing cybersecurity through effective vulnerability detection and mapping.

Uploaded by

pshanjalwrites
Copyright
© All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
11 views1 page

Agent-less Windows Vulnerability Scanner

The document outlines a problem statement for developing an agent-less vulnerability and network scanner for Windows systems, aimed at identifying and mitigating potential security threats. The solution should audit system and network vulnerabilities, provide comprehensive system information, and generate reports in PDF or HTML format. The project is under the National Technical Research Organisation and focuses on enhancing cybersecurity through effective vulnerability detection and mapping.

Uploaded by

pshanjalwrites
Copyright
© All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd

Problem Statement Details

Problem Statement ID
1684
Problem Statement Title
Agent-less Windows System Vulnerability and Network Scanner
Description
Background: It has been observed that most individuals are hasty when it comes to
upgrade or update their Windows systems to mitigate any adversary actions.
Henceforth, a system vulnerability detector and scanner should be in place to audit
and verify the system and network based vulnerabilities (if exist) to rectify the
misconfigurations and mitigate any prominent threats to the individual or
organization. Description: The above problem statement envisions a blue team
approach to identify and map potential vulnerabilities of a Windows OS subsystem to
better secure and mitigate against various threats (System Level and Network
Level). Expected Solution: • The problem statement should result in a solution
which can provide possible vulnerabilities of the underlined Windows OS • The
AV/EDR friendly solution should have an agent-less mechanism to find the
vulnerabilities and must be able to search and crawl for the related available
open-source exploits and their patches • Some of the key information at the system
level that must be promptly identified by the proposed solution should fall under
the following categories: ? System Information: ? Basic OS info ? DotNet versions ?
Providers registered for AMSI ? Registered antivirus (via WMI) ? Classic and
Advanced audit policy settings present in registry keys ? Auto run
executable/scripts/programs ? Standard and Non-standard firewall rules ? Windows
Defender settings ? User and machine personal certificate files ? Current
environment PATH folders, environment variables and SDDL information ? Lists
files/folders. By default, lists users' downloads, documents, and desktop folders ?
Information about a file (version information, AMSIProvidersProviders registered
for AMSI) ? Installed hotfixses (via WMI) ? Installed products via the registry ?
Local Group Policy settings applied to the machine/local users ? Non-empty local
groups, displays all groups ? Local users, whether they're active/disabled ? All
Microsoft updates (via COM, WMI) ? NTLM authentication settings ? Saved RDP
connections stored in the registry ? Current incoming RDP sessions ? Remote Desktop
Server/Client Settings ? Secure Boot configuration ? Sysmon configuration from the
registry ? UAC system policies via the registry ? Windows Defender settings
(including exclusion locations) ? Searches PowerShell console history files for
sensitive regex matches ? Network Information: ? Lists the current ARP table and
adapter information ? DNS cache entries (via WMI) ? Windows network profiles ?
Network shares exposed by the machine ? Current TCP and UDP connections and their
associated processes and services ? Current RPC endpoints mapped ? Open ports
status • Additionally, the underlined solution should have the capability to
provide information at the network level that must fall under the following
categories: ? System interface connectors ? LLDP / CDP connections (to
infrastructure devices) ? Attached network vectors (systems connected within the
VLAN) ? And the capability to formulate network diagram using these information •
Should be able to work with latest Windows 10/11 builds • The proposed solution
should be able to consolidate its findings into a report file (pdf and/or html
format)
Organization National Technical Research Organisation (NTRO)
Department National Technical Research Organisation (NTRO)
Category Software
Theme Blockchain & Cybersecurity
Youtube Link
Dataset Link For Windows Enumeration, refer WinPEAS script from GitHub, Posh-
Sysmon (GitHub), Posh-SecMod (GitHub), SecurityPolicyDSC (GitHub) ? For crawling
purpose, refer exploitDB, CVEDetails, VulnDB, CXSecurity, Windows-Exploit-Suggestor
(GitHub) ? For Network Enumeration and Mapping, refer Posh-SecMod (GitHub), WinCDP
(GitHub), LDWin (GitHub), Network Topolog
Contact info

Common questions

Powered by AI

The solution integrates with network-level security by examining system interface connectors, LLDP/CDP connections, attached network vectors, and open port statuses. It supports the mapping of network topologies and current ARP tables, providing a comprehensive overview of network profiles and connections, which assists in identifying external and internal threats to Windows systems .

Evaluating secure boot configurations is significant within the framework as it ensures the integrity and security of the boot process, preventing unauthorized firmware or operating system loading. Identifying weaknesses in secure boot helps protect against low-level attacks and maintain system integrity, critical for comprehensive cybersecurity strategies .

The main challenges identified include user reluctance or haste in upgrading or updating their Windows systems, which can leave systems vulnerable to adversary actions. The need for a system vulnerability detector and scanner arises to audit and verify existing system and network vulnerabilities, rectify misconfigurations, and mitigate prominent threats to individuals or organizations .

The proposed solution addresses system-level Windows OS vulnerabilities by identifying key information areas such as basic OS info, registered antivirus, audit policy settings, firewall rules, Windows Defender settings, and user credentials. It also examines file and registry-based data like installed hotfixes, local group policies, and secure boot configurations to map potential vulnerabilities and secure against threats .

The solution leverages open-source resources by using databases such as exploitDB, CVEDetails, VulnDB, and utilizing scripts from GitHub like Windows-Exploit-Suggestor to search for known exploits and available patches. This approach ensures that the system remains up-to-date with the latest security vulnerabilities and corresponding solutions, facilitating proactive threat mitigation .

Local group policy settings play a crucial role in system vulnerability scanning as they define security configurations and user permissions on a Windows machine. By analyzing changes and ensuring compliance with security policies, the solution can identify potential misconfigurations that might expose the system to attacks or unauthorized access, providing triggers for corrective actions .

Identifying NTLM authentication settings is crucial as NTLM can be vulnerable to attacks such as pass-the-hash. By analyzing these settings, the solution helps ensure that authentication methods are secure, reducing the risk of unauthorized access or account compromise, and enforcing stronger authentication protocols where necessary .

The solution consolidates its findings into a comprehensive report, available in PDF or HTML format, which provides stakeholders with detailed insights into vulnerabilities identified at both system and network levels. This documentation is critical for understanding potential risks, prioritizing security measures, and ensuring compliance with cybersecurity policies .

The solution identifies risks associated with RDP configurations by examining saved RDP connections, current RDP sessions, and server/client settings. By doing so, it can reveal unsecured or misconfigured RDP endpoints vulnerable to brute force attacks or unauthorized access, enabling corrective measures to enhance remote access security .

An agent-less mechanism is important because it allows for the identification of vulnerabilities without the need to install additional software on client machines, reducing overhead and potential security risks associated with agent-based solutions. This approach increases compatibility with various environments, enables real-time scanning, and avoids disrupting system operations .

You might also like