Weaponizing Nessus

Once in a blue moon we come across a client that has truly done security right (or at least, tried really hard to do so). All the low hanging fruit has been trimmed: Responder doesn’t work, no passwords in GPP, all systems patched up to date, no Spring2016 passwords, etc. As frustrating as this is…