During a penetration test you discover a valid set of SSH credentials to a remote system. How can this be used to your advantage in a Nessus scan?
During a penetration test you discover a valid set of SSH credentials to a remote system. How can this be used to your advantage in a Nessus scan?
Entering the SSH credentials under the 'credentials' tab in Nessus allows the scanner to log into the system. This enables Nessus to perform an authenticated scan, providing more detailed and accurate information about the vulnerabilities on the remote system. Simply checking a box to indicate that SSH is running does not leverage the full advantage of having valid credentials.
I think the correct answer is D. Scanners like Nessus can detect that SSHD is running on the target system, so you don't need to teach it to them manually. If you want to know how effective SSH credentials are for Nessus, please refer to the link. https://docs.tenable.com/nessus/Content/ConfigureNessusForSSHHostBasedChecks.htm