Tag: security

Malware, Malware Analysis

Extract patterns of interest from suspicious files

Balbuzard is a package of malware analysis tools in python to extract patterns of interest from suspicious files (IP addresses, domain names, known file headers, interesting strings, etc). It can also crack malware obfuscation such as XOR, ROL, etc by bruteforcing and checking for those patterns. Balbuzard tools balbuzard is a tool to extract patterns …

Active Directory, Microsoft Windows Server 2003, Microsoft Windows Server 2008, Microsoft Windows Server 2012

Active Directory Security Hardening: Domain Admin Honeypot

Rename the account It’s a good idea to name the account like any other user account. That means giving it a real name, like Johnny Cash, with a username that matches your naming convention, say “jcash.” Remove description Next, you want to remove the default description for the built-in Administrator, which is “Built-in account for …

Linux, Security

Get a list of Open Ports in Linux

netstat – Print network connections, routing tables, interface statistics, masquerade connections, and multicast memberships. Get a list of open tcp/udp ports sudo netstat -plntusudo netstat -plntu -p = display PID/Program name for sockets -l = display listening server sockets -n = don’t resolve names -t = tcp ports -u = udp ports https://en.wikipedia.org/wiki/Netstat https://linux.die.net/man/8/netstat

Debian

How to setup SSH keys

Create RSA Key Pair ssh-keygen -t rsassh-keygen -t rsa Create .ssh folder mkdir ~/.sshmkdir ~/.ssh Set right permissions chmod 700 ~/.sshchmod 700 ~/.ssh Create authorized_keys file touch ~/.ssh/authorized_keystouch ~/.ssh/authorized_keys Set right permissions chmod 600 ~/.ssh/authorized_keyschmod 600 ~/.ssh/authorized_keys Add public key to the authorized_keys cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keyscat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys

Debian

Hardening SSH on Debian

Open a terminal Open file /etc/ssh/sshd_config sudo nano /etc/ssh/sshd_configsudo nano /etc/ssh/sshd_config Change the listen port Port 65002Port 65002 Deny root Login PermitRootLogin noPermitRootLogin no Make sure that users with empty passwords are not allowed to login to the system PermitEmptyPasswords noPermitEmptyPasswords no Allow certain users to have access via ssh AllowUsers user1 user2AllowUsers user1 user2 …

Debian

Hardening Apache2 on Debian 8

Disable Apache Web Server Signature sudo nano /etc/apache2/apache2.confsudo nano /etc/apache2/apache2.conf Add the following two lines at the end of Apache config file: ServerSignature Off ServerTokens ProdServerSignature Off ServerTokens Prod Hide PHP Version sudo nano /etc/php5/apache2/php.inisudo nano /etc/php5/apache2/php.ini Make sure that expose_php option is off. expose_php = Offexpose_php = Off Disable Directory Browsing Globally sudo a2dismod …

Debian

Owncloud Security Hardening on Debian

Hardening owncloud folders permissions Open a terminal Create a new file nano ~/config_owncloud_permsnano ~/config_owncloud_perms Contents Paste the following into config_owncloud_perms file: #!/bin/bash ocpath=’/var/www/owncloud’ htuser=’www-data’ htgroup=’www-data’ rootuser=’root’   printf "Creating possible missing Directories\n" mkdir -p $ocpath/data mkdir -p $ocpath/assets mkdir -p $ocpath/updater   printf "chmod Files and Directories\n" find ${ocpath}/ -type f -print0 | xargs -0 …

Honeypot

Honeypot Linux distribution

HoneyDrive is the premier honeypot Linux distro. It is a virtual appliance (OVA) with Xubuntu Desktop 12.04.4 LTS edition installed. It contains over 10 pre-installed and pre-configured honeypot software packages such as Kippo SSH honeypot, Dionaea and Amun malware honeypots, Honeyd low-interaction honeypot, Glastopf web honeypot and Wordpot, Conpot SCADA/ICS honeypot, Thug and PhoneyC honeyclients …