Built a vulnerability inventory and risk assessment for an infrastructure using Kali Linux tooling. Stopped guessing what was exposed.
No central inventory of services or known CVEs across the infrastructure. Without it, prioritization is guesswork and the SOC fires blind.
Network sweeps with Nmap for service identification. Greenbone (GVM) for authenticated and unauthenticated vulnerability scans. Findings classified by severity and ownership.
A living vulnerability inventory and a prioritization report. Risky surfaces became visible to the team and the SOC, and triage routing became deterministic.
Scanners are loud. The real work is reducing noise and routing findings to the team that can actually fix them - otherwise the report becomes shelf-ware.