Nessus Scanning with SSH Proxies

Unfortunately, Nessus does not support SSH proxying. This is a problem when scanning remote hosts behind a bastion box, especially when it is not possible to bind or connect to a new port to the bastion box due to firewall rules. Binding a port to localhost and pointing Nessus to is also not an option as Nessus handles scanning localhost in a different way and will report issues with the scanning box itself.

In a pinch it is possible to hack around this problem by tricking the Nessus scanner into thinking it’s scanning the remote host when it is in fact connecting via a port bound to the localhost. Iptables to the rescue….

COVID-19 Update

The impact of the COVID-19 outbreak on Cyberis’ ability to deliver services is currently minimal. We have always promoted a flexible working culture, with many of our consultants working from home on a regular basis.

Online Password Auditing of a Domain Controller

Password auditing of a domain traditionally involves obtaining copy of the ntds.dit and performing some offline analysis which can be time consuming. The DSInternals PowerShell Module has an Active Directory password auditing cmdlet which performs checks for default, duplicate, empty and weak passwords.  The audit can be performed against a domain online via DCSync, saving the need to obtain a copy of the ntds.dit.  This can be of benefit if regular password audits are being performed.

Install DSInternals as an administrator by using:


The Dangers Of Vulnerability Scoring Dependency

Vulnerability scanning has an important role in most enterprise threat & vulnerability management programmes – it provides multiple benefits to internal security teams as they identify vulnerabilities and it can also help verify control performance.  Associated vulnerability scoring systems, such as the Common Vulnerability Scoring System (CVSS), have also gained widespread industry adoption, as they are simple to understand and usually produce repeatable results.