Tag: security

Hardening, Microsoft Windows server 2016

Windows Server Hardening – Account Policies

The following were tested on Windows Server 2016 (Screenshots included). Account Policies Password Policy 1. Ensure ‘Enforce password history’ is set to ’24 or more password(s) Description: This policy setting determines the number of renewed, unique passwords that have to be associated with a user account before you can reuse an old password. The value …

Linux, Security

Change admin passwords

System sudo passwd rootsudo passwd root MySQL mysqladmin -u root -p passwordmysqladmin -u root -p password PostgreSQL sudo -u postgres psql -U postgres -h -d postgres -c "ALTER USER postgres WITH PASSWORD ‘newpassword’;"sudo -u postgres psql -U postgres -h -d postgres -c "ALTER USER postgres WITH PASSWORD ‘newpassword’;" Gitlab GLPI Project mysql -u …


Forensics – Collecting Volatile Data

Under the principle of “order of Volatility”, you must first collect information that is classified as Volatile Data (the list of network connections, the list of running processes, log on sessions, and so on), which will be irretrievably lost in case the computer is powered off. This category includes the following data: 1.System uptime and …

Malware, Malware Analysis

Extract patterns of interest from suspicious files

Balbuzard is a package of malware analysis tools in python to extract patterns of interest from suspicious files (IP addresses, domain names, known file headers, interesting strings, etc). It can also crack malware obfuscation such as XOR, ROL, etc by bruteforcing and checking for those patterns. Balbuzard tools balbuzard is a tool to extract patterns …

Active Directory, Microsoft Windows Server 2003, Microsoft Windows Server 2008, Microsoft Windows Server 2012

Active Directory Security Hardening: Domain Admin Honeypot

Rename the account It’s a good idea to name the account like any other user account. That means giving it a real name, like Johnny Cash, with a username that matches your naming convention, say “jcash.” Remove description Next, you want to remove the default description for the built-in Administrator, which is “Built-in account for …

Linux, Security

Get a list of Open Ports in Linux

netstat – Print network connections, routing tables, interface statistics, masquerade connections, and multicast memberships. Get a list of open tcp/udp ports sudo netstat -plntusudo netstat -plntu -p = display PID/Program name for sockets -l = display listening server sockets -n = don’t resolve names -t = tcp ports -u = udp ports https://en.wikipedia.org/wiki/Netstat https://linux.die.net/man/8/netstat


How to setup SSH keys

Create RSA Key Pair ssh-keygen -t rsassh-keygen -t rsa Create .ssh folder mkdir ~/.sshmkdir ~/.ssh Set right permissions chmod 700 ~/.sshchmod 700 ~/.ssh Create authorized_keys file touch ~/.ssh/authorized_keystouch ~/.ssh/authorized_keys Set right permissions chmod 600 ~/.ssh/authorized_keyschmod 600 ~/.ssh/authorized_keys Add public key to the authorized_keys cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keyscat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys


Hardening SSH on Debian

Open a terminal Open file /etc/ssh/sshd_config sudo nano /etc/ssh/sshd_configsudo nano /etc/ssh/sshd_config Change the listen port Port 65002Port 65002 Deny root Login PermitRootLogin noPermitRootLogin no Make sure that users with empty passwords are not allowed to login to the system PermitEmptyPasswords noPermitEmptyPasswords no Allow certain users to have access via ssh AllowUsers user1 user2AllowUsers user1 user2 …


Hardening Apache2 on Debian 8

Disable Apache Web Server Signature sudo nano /etc/apache2/apache2.confsudo nano /etc/apache2/apache2.conf Add the following two lines at the end of Apache config file: ServerSignature Off ServerTokens ProdServerSignature Off ServerTokens Prod Hide PHP Version sudo nano /etc/php5/apache2/php.inisudo nano /etc/php5/apache2/php.ini Make sure that expose_php option is off. expose_php = Offexpose_php = Off Disable Directory Browsing Globally sudo a2dismod …


Owncloud Security Hardening on Debian

Hardening owncloud folders permissions Open a terminal Create a new file nano ~/config_owncloud_permsnano ~/config_owncloud_perms Contents Paste the following into config_owncloud_perms file: #!/bin/bash ocpath=’/var/www/owncloud’ htuser=’www-data’ htgroup=’www-data’ rootuser=’root’   printf "Creating possible missing Directories\n" mkdir -p $ocpath/data mkdir -p $ocpath/assets mkdir -p $ocpath/updater   printf "chmod Files and Directories\n" find ${ocpath}/ -type f -print0 | xargs -0 …