RETURN_TO_INDEX
[OP_01]// PERSONAL LAB // ra-sys-io/GitHub

Vulnerability Management Lab with Tenable

Cloud-based vulnerability management lab using Tenable's cloud console against a Windows 10 target in Azure. Ran a four-scan cycle: baseline → intentional misconfiguration → remediation → verification, tracking real DISA STIG v3r2 findings the whole way.

YEAR
2025
DURATION
Cloud-hosted, hands-on
ROLE
Solo — Setup → Scan → Introduce → Remediate → Verify
SCOPE
Tenable Vulnerability Management (cloud) · Microsoft Azure VMs · DISA STIG v3r2 · Credentialed scanning
4
SCAN_CYCLES
STIG_v3r2
DISA_FRAMEWORK
3
STIGs_TRACKED
[01]

Briefing

Practical, cloud-hosted lab to internalize the vulnerability management lifecycle — baseline scanning, intentional misconfiguration, remediation, and validation — using Tenable's cloud VM platform and Azure infrastructure.

[02]

Approach

  1. 01Cloud environment: provisioned Microsoft Azure VMs — one hosting the Tenable Scan Engine, another as the Windows 10 Scan Target. Interfaced with the Tenable Vulnerability Management cloud console.
  2. 02Scan configuration: authored a credentialed Tenable scan combining a basic vulnerability policy with DISA Windows 10 STIG v3r2 compliance checks.
  3. 03Baseline (Scan 1): established a documented vulnerability + compliance baseline. Focus STIGs — WN10-AU-000505 (Security Event Log size), WN10-SO-000025 (Rename Guest Account), WN10-SO-000010 (Disable Guest Account).
  4. 04Intentional vulnerability (Scan 2): installed an outdated Firefox v110 and enabled the Guest Account (forcing WN10-SO-000010 to fail). Rescanned and confirmed Tenable detected both changes.
  5. 05Remediation (Scans 3–4): uninstalled Firefox, modified the registry to increase Security Event Log size, disabled and renamed the Guest Account, and fully patched Windows. Two rescans confirmed the vulnerability trend dropping.
[03]

Outcome

  • Four-scan workflow that clearly maps a vulnerability from baseline → introduction → partial mitigation → full remediation, with annotated screenshots at every stage in the repo.
  • Hands-on operation of Tenable's cloud VM console, credentialed scanning, and DISA Windows 10 STIG v3r2 compliance checking.
  • Reproducible, evidence-first process — the same shape of work I apply to real vulnerability management at LOG(N) Pacific and UF Health.
[04]

Testimonial

“The lab isn't the point — the workflow is. Scan, remediate, verify, evidence. Repeat until the baseline is boring.”

— Notes // Richie Akpan
RA_SYS. // RICHIE_AKPAN
security.txt
© 2026 // ALL_SIGNALS_ENCRYPTED