Basic Linux Privilege Escalation

Hat tip to g0tmi1k for authoring one of the best basic Linux privilege escalation compilations ever. Operating System What’s the distribution type? What version? 1 2 3 4 cat /etc/issue cat /etc/*-release cat /etc/lsb-release     # Debian based cat /etc/redhat-release   # Redhat based What’s the kernel version? Is it 64-bit? 1 2 3 4 5 6 […]

Read More

Analyzing Malicious Document Files

PDF download: analyzing-malicious-document-files Authored by Lenny Zeltser with feedback and contributions from Pedro Bueno, Frank Boldewin, an dDidier Stevens. Creative Commons v3 “Contribution” license for this cheat sheet version 2.  This and other malware analysis topics are covered in Lenny’s Reverse-Engineering Malware(REM) course, which he teachesat SANS Institute—for details visit LearnREM.com

Read More

How to detect and investigate attack methods with AlienVault USM

Shellshock (Bash) Vulnerability Webcast: The Bash Vulnerability: Practical Tips to Secure your Environment Blog: Bourne Again: Helping you see the light through the Shellshock exploit Blog: Attackers exploiting Shellshock (CVE-2014-6721) in the wild Brute Force Attacks Webcast: Brute Force Attacks: Keeping the Bots at Bay with AlienVault USM Webcast: Detect Brute Force Attacks & APTs […]

Read More

Understanding Payloads in Metasploit

What Does Payload Mean? A payload in metapsloit refers to an exploit module. There are three different types of payload modules in the Metasploit Framework: Singles, Stagers, and Stages. These different types allow for a great deal of versatility and can be useful across numerous types of scenarios. Whether or not a payload is staged, is […]

Read More

What is the difference between a risk, a threat and a vulnerability?

A threat is any circumstance or event that has the potential to compromise confidentiality, integrity, or availability. A vulnerability is a weakness. It can be a weakness in the hardware, software, configuration, or users operating the system. A risk is the possibility of a threat exploiting a vulnerability and resulting in a loss. Risk mitigation […]

Read More

Metasploit

Metasploit The Metasploit Framework is a development platform for developing and using security tools and exploits. Metasploit Meterpreter The Meterpreter is a payload within the Metasploit Framework which provides control over an exploited target system, running as a DLL loaded inside of any process on a target machine. Metasploit msfpayload The msfpayload tool is component […]

Read More

What is Security Information and Event Management (SIEM)?

Security information and event management (SIEM) is an approach to security management that seeks to provide a holistic view of an organization’s information technology (IT) security. The acronym is pronounced “sim” with a silent e. The underlying principle of a SIEM system is that relevant data about an enterprise’s security is produced in multiple locations […]

Read More

What is Unified Security Management (USM)?

The AlienVault Unified Security Management™ (USM) platform provides five essential security capabilities in a single console, giving you everything you need to manage both compliance and threats. Understanding the sensitive nature of IT environments, we include active, passive and host-based technologies so that you can match the requirements of your particular environment. Unified, Coordinated Security […]

Read More

How to respond to a network distributed denial‐of‐service (DDoS) incident

How to respond to a network distributed denial‐of‐service (DDoS) incident. General Considerations DDoS attacks often take the form of flooding the network with unwanted traffic; some attacks focus on overwhelming resources of a specific system. It will be very difficult to defend against the attack without specialized equipment or your ISP’s help. Often, too many […]

Read More