Vulnerability Analysis
Mind Map for Vulnerability Analysis Labs
Attacker: Kali Linux
Target: Metasploitable2
Tools: OpenVAS / Nessus
Reference Reports
Labs
Lab details.
LAB 1 (FOUNDATION)
Host-Based Vulnerability Assessment using OpenVAS / Nessus Essentials
Objective
Students learn how vulnerabilities are identified, classified, and prioritised, not exploited.
Student Tasks
- Define scan scope (IP, host, purpose)
- Run scan
- Identify: Top 5 vulnerabilities, CVE IDs, CVSS score & severity
- Export scan results (PDF)
Key Learning
- Difference between finding ≠real risk
- Why false positives exist
LAB 2 (CORE ANALYST SKILL)
CVE, CVSS & CWE Correlation Lab (Manual Analysis)
Objective
Train students to understand findings, not blindly trust scanners. (Interpretations) 3 vulnerabilities from Lab 1.
Student Tasks
- For EACH vulnerability: look up CVE on CVE.org and NVD
- Identify: CVSS Base Score, Attack Vector, Privileges Required
- Map to CWE
- Decide: Is this exploitable in THIS environment?
Key Learning
- CVSS ≠actual business risk
LAB 3 (REAL-WORLD SCENARIO)
False Positive Validation Exercise
Objective
Force students to think like professionals who must defend their findings.
Scenario (Scanner reports)
- SSL Weak Cipher
- Open Port with No Authentication
- Outdated Service
Student Tasks
- Validate finding manually (Nmap / browser / banner grab)
- Decide: True Positive / False Positive / Accepted Risk
- Justify decision (technical reasoning)
Key Learning
- This is EXACTLY what real VA analysts do
- Blind reporting = bad analyst
LAB 4 (ADVANCED)
Risk-Based Vulnerability Prioritisation
Objective
Teach risk, not severity.
Student Tasks
- Given 5 vulnerabilities: rank them based on Exploitability, Impact, Exposure
- Create a remediation priority list
- Explain WHY a Medium CVSS may be more dangerous than a High