Category: Security

Hardening, Microsoft Windows server 2016

Windows Server Hardening – Account Policies

The following were tested on Windows Server 2016 (Screenshots included). Account Policies Password Policy 1. Ensure ‘Enforce password history’ is set to ’24 or more password(s) Description: This policy setting determines the number of renewed, unique passwords that have to be associated with a user account before you can reuse an old password. The value …

Linux, Security

Change admin passwords

System sudo passwd rootsudo passwd root MySQL mysqladmin -u root -p passwordmysqladmin -u root -p password PostgreSQL sudo -u postgres psql -U postgres -h 127.0.0.1 -d postgres -c "ALTER USER postgres WITH PASSWORD ‘newpassword’;"sudo -u postgres psql -U postgres -h 127.0.0.1 -d postgres -c "ALTER USER postgres WITH PASSWORD ‘newpassword’;" Gitlab GLPI Project mysql -u …

Linux, Security

Get a list of Open Ports in Linux

netstat – Print network connections, routing tables, interface statistics, masquerade connections, and multicast memberships. Get a list of open tcp/udp ports sudo netstat -plntusudo netstat -plntu -p = display PID/Program name for sockets -l = display listening server sockets -n = don’t resolve names -t = tcp ports -u = udp ports https://en.wikipedia.org/wiki/Netstat https://linux.die.net/man/8/netstat

Debian, Encryption, Security

Remote unlocking LUKS encrypted LVM

Install dropbear on server sudo apt-get install dropbearsudo apt-get install dropbear Generate an SSH key pair on the client system (the one which will be used to unlock the remote machine) http://securityblog.gr/3657/how-to-setup-ssh-keys/ Stop dropbear from starting on normal boot on Server sudo update-rc.d -f dropbear removesudo update-rc.d -f dropbear remove Auto start dropbear sudo sed …

Security, Servers/Services

Creating managing and examining key stores, keys and certificates

Portecle is a user friendly GUI application for creating, managing and examining key stores, keys, certificates, certificate requests, certificate revocation lists and more. Features * Create, load, save, and convert keystores. * Generate DSA and RSA key pair entries with self-signed version 1 X.509 certificates. * Import X.509 certificate files as trusted certificates. * Import …

Security

Intrusion Detection-Prevention System Testing Framework

Pytbull is a python based flexible Intrusion Detection/Prevention System (IDS/IPS) Testing Framework for Snort, Suricata and any IDS/IPS that generates an alert file. It can be used to test the detection and blocking capabilities of an IDS/IPS and to validate config. The only way to ensure your IDS/IPS detects and blocks unwanted traffic is to …

Security

Protocol Analysis-Decoder Framework

ChopShop is a MITRE developed framework to aid analysts in the creation and execution of pynids based decoders and detectors of APT tradecraft. Note that ChopShop is still in perpetual beta and is dependent on libnids/pynids for the majority of its underlying functionality. Documentation for ChopShop can be found on ReadTheDocs. Pynids pynids is a …

Security

Artificial intelligence packet inspection engine

AIEngine is a next generation interactive/programmable Python/Ruby/Java packet inspection engine with capabilities of learning without any human intervention, NIDS(Network Intrusion Detection System) functionality, DNS domain classification, network collector, network forensics and many others. AIEngine also helps network/security professionals to identify traffic and develop signatures for use them on NIDS, Firewalls, Traffic classifiers and so on. …