That wasn’t a flaw. That was a pattern of neglect.
She moved to vulnerability identification . Using OpenVAS, she pointed the scanner at the identified assets. The dashboard populated slowly: low-severity warnings about cookie flags, a few medium-risk SSL certificates expiring soon. ethical hacking: vulnerability analysis lisa bock videos
Her final phase was risk prioritization . She opened her reporting template and drafted a summary: A critical remote code execution vulnerability exists in your main terminal server. Combined with outdated SMB protocols, this creates a pathway for a complete network takeover. Immediate action required. She didn’t just list CVSS scores. She translated them, as Lisa Bock would. “If exploited,” she wrote, “an attacker could lock your files for ransom, steal customer data, or shut down ATM transactions for three days. Estimated remediation: Apply the KB4499164 patch, restrict RDP access via VPN only, and isolate the server from the public internet.” That wasn’t a flaw
Following Lisa’s methodology, Maya began with the discovery phase. She launched Nmap, scanning the bank’s IP range. Ports 80 and 443 blinked open—standard web traffic. Then port 3389: Remote Desktop Protocol. That was a risk. Port 22: SSH, which was fine, but its version banner was old. Using OpenVAS, she pointed the scanner at the