Hat tip to g0tmi1k for authoring one of the best basic Linux privilege escalation compilations ever. Operating System What’s the distribution type? What version? 1 2 3 4 cat /etc/issue cat /etc/*-release cat /etc/lsb-release # Debian based cat /etc/redhat-release # Redhat based What’s the kernel version? Is it 64-bit? 1 2 3 4 5 6 […]
Monthly Archives: January 2016
PDF file: common_ports by Jeremy Stretch, via packetlife.net
Analyzing Malicious Document Files
PDF download: analyzing-malicious-document-files Authored by Lenny Zeltser with feedback and contributions from Pedro Bueno, Frank Boldewin, an dDidier Stevens. Creative Commons v3 “Contribution” license for this cheat sheet version 2. This and other malware analysis topics are covered in Lenny’s Reverse-Engineering Malware(REM) course, which he teachesat SANS Institute—for details visit LearnREM.com
How to detect and investigate attack methods with AlienVault USM
Shellshock (Bash) Vulnerability Webcast: The Bash Vulnerability: Practical Tips to Secure your Environment Blog: Bourne Again: Helping you see the light through the Shellshock exploit Blog: Attackers exploiting Shellshock (CVE-2014-6721) in the wild Brute Force Attacks Webcast: Brute Force Attacks: Keeping the Bots at Bay with AlienVault USM Webcast: Detect Brute Force Attacks & APTs […]
Understanding Payloads in Metasploit
What Does Payload Mean? A payload in metapsloit refers to an exploit module. There are three different types of payload modules in the Metasploit Framework: Singles, Stagers, and Stages. These different types allow for a great deal of versatility and can be useful across numerous types of scenarios. Whether or not a payload is staged, is […]
What is the difference between a risk, a threat and a vulnerability?
A threat is any circumstance or event that has the potential to compromise confidentiality, integrity, or availability. A vulnerability is a weakness. It can be a weakness in the hardware, software, configuration, or users operating the system. A risk is the possibility of a threat exploiting a vulnerability and resulting in a loss. Risk mitigation […]
Metasploit The Metasploit Framework is a development platform for developing and using security tools and exploits. Metasploit Meterpreter The Meterpreter is a payload within the Metasploit Framework which provides control over an exploited target system, running as a DLL loaded inside of any process on a target machine. Metasploit msfpayload The msfpayload tool is component […]
What is Security Information and Event Management (SIEM)?
Security information and event management (SIEM) is an approach to security management that seeks to provide a holistic view of an organization’s information technology (IT) security. The acronym is pronounced “sim” with a silent e. The underlying principle of a SIEM system is that relevant data about an enterprise’s security is produced in multiple locations […]
What is Unified Security Management (USM)?
The AlienVault Unified Security Management™ (USM) platform provides five essential security capabilities in a single console, giving you everything you need to manage both compliance and threats. Understanding the sensitive nature of IT environments, we include active, passive and host-based technologies so that you can match the requirements of your particular environment. Unified, Coordinated Security […]
How to respond to a network distributed denial‐of‐service (DDoS) incident
How to respond to a network distributed denial‐of‐service (DDoS) incident. General Considerations DDoS attacks often take the form of flooding the network with unwanted traffic; some attacks focus on overwhelming resources of a specific system. It will be very difficult to defend against the attack without specialized equipment or your ISP’s help. Often, too many […]