Tag: security

Encryption, LUKS

Create an encrypted file container in Linux

Installations sudo apt-get install cryptsetupsudo apt-get install cryptsetup Create an empty file with the size of your container (e.g. 100MB) fallocate -l 100M mycontainer.imgfallocate -l 100M mycontainer.img or dd if=/dev/urandom of=mycontainer.img bs=1M count=100dd if=/dev/urandom of=mycontainer.img bs=1M count=100 Using a keyfile dd if=/dev/urandom of=mykey.key bs=1024 count=1dd if=/dev/urandom of=mykey.key bs=1024 count=1 Encrypting disk image file sudo cryptsetup …

Hardening, Microsoft Windows server 2016

Windows Server Hardening – Account Policies

The following were tested on Windows Server 2016 (Screenshots included). Account Policies Password Policy 1. Ensure ‘Enforce password history’ is set to ’24 or more password(s) Description: This policy setting determines the number of renewed, unique passwords that have to be associated with a user account before you can reuse an old password. The value …

Linux, Security

Change admin passwords

System sudo passwd rootsudo passwd root MySQL mysqladmin -u root -p passwordmysqladmin -u root -p password PostgreSQL sudo -u postgres psql -U postgres -h 127.0.0.1 -d postgres -c "ALTER USER postgres WITH PASSWORD ‘newpassword’;"sudo -u postgres psql -U postgres -h 127.0.0.1 -d postgres -c "ALTER USER postgres WITH PASSWORD ‘newpassword’;" Gitlab GLPI Project mysql -u …

Forensics

Forensics – Collecting Volatile Data

Under the principle of “order of Volatility”, you must first collect information that is classified as Volatile Data (the list of network connections, the list of running processes, log on sessions, and so on), which will be irretrievably lost in case the computer is powered off. This category includes the following data: 1.System uptime and …

Malware, Malware Analysis

Extract patterns of interest from suspicious files

Balbuzard is a package of malware analysis tools in python to extract patterns of interest from suspicious files (IP addresses, domain names, known file headers, interesting strings, etc). It can also crack malware obfuscation such as XOR, ROL, etc by bruteforcing and checking for those patterns. Balbuzard tools balbuzard is a tool to extract patterns …

Active Directory, Microsoft Windows Server 2003, Microsoft Windows Server 2008, Microsoft Windows Server 2012

Active Directory Security Hardening: Domain Admin Honeypot

Rename the account It’s a good idea to name the account like any other user account. That means giving it a real name, like Johnny Cash, with a username that matches your naming convention, say “jcash.” Remove description Next, you want to remove the default description for the built-in Administrator, which is “Built-in account for …

Linux, Security

Get a list of Open Ports in Linux

netstat – Print network connections, routing tables, interface statistics, masquerade connections, and multicast memberships. Get a list of open tcp/udp ports sudo netstat -plntusudo netstat -plntu -p = display PID/Program name for sockets -l = display listening server sockets -n = don’t resolve names -t = tcp ports -u = udp ports https://en.wikipedia.org/wiki/Netstat https://linux.die.net/man/8/netstat

Debian

How to setup SSH keys

Create RSA Key Pair ssh-keygen -t rsassh-keygen -t rsa Create .ssh folder mkdir ~/.sshmkdir ~/.ssh Set right permissions chmod 700 ~/.sshchmod 700 ~/.ssh Create authorized_keys file touch ~/.ssh/authorized_keystouch ~/.ssh/authorized_keys Set right permissions chmod 600 ~/.ssh/authorized_keyschmod 600 ~/.ssh/authorized_keys Add public key to the authorized_keys cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keyscat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys

Debian

Hardening SSH on Debian

Open a terminal Open file /etc/ssh/sshd_config sudo nano /etc/ssh/sshd_configsudo nano /etc/ssh/sshd_config Change the listen port Port 65002Port 65002 Deny root Login PermitRootLogin noPermitRootLogin no Make sure that users with empty passwords are not allowed to login to the system PermitEmptyPasswords noPermitEmptyPasswords no Allow certain users to have access via ssh AllowUsers user1 user2AllowUsers user1 user2 …

Debian

Hardening Apache2 on Debian 8

Disable Apache Web Server Signature sudo nano /etc/apache2/apache2.confsudo nano /etc/apache2/apache2.conf Add the following two lines at the end of Apache config file: ServerSignature Off ServerTokens ProdServerSignature Off ServerTokens Prod Hide PHP Version sudo nano /etc/php5/apache2/php.inisudo nano /etc/php5/apache2/php.ini Make sure that expose_php option is off. expose_php = Offexpose_php = Off Disable Directory Browsing Globally sudo a2dismod …