elguber.wordpress.com
Open in
urlscan Pro
192.0.78.12
Public Scan
Submitted URL: https://elguber.com/
Effective URL: https://elguber.wordpress.com/
Submission: On March 14 via api from US — Scanned from US
Effective URL: https://elguber.wordpress.com/
Submission: On March 14 via api from US — Scanned from US
Form analysis 4 forms found in the DOM
POST https://elguber.wordpress.com/wp-comments-post.php
<form action="https://elguber.wordpress.com/wp-comments-post.php" method="post" id="commentform" class="comment-form">
<p class="comment-notes"> Required fields are marked <span class="required">*</span></p>
<div class="form"><textarea id="comment" class="expand50-100" name="comment" cols="45" rows="3"></textarea></div> <label class="post-error" for="comment" id="commenttext_error" style="display: none;"></label><span
class="progress spinner-comment-new">
<div class="spinner" aria-role="progressbar" style="position: relative; z-index: 2000000000; left: 8px; top: 8px;">
<div style="position: absolute; top: -1px; opacity: 0.25; animation: 0.769231s linear 0s infinite normal none running opacity-100-25-0-8;">
<div style="position: absolute; width: 4px; height: 2px; background: rgb(204, 204, 204); box-shadow: rgba(0, 0, 0, 0.1) 0px 0px 1px; transform-origin: left center; transform: rotate(0deg) translate(3px, 0px); border-radius: 1px;"></div>
</div>
<div style="position: absolute; top: -1px; opacity: 0.25; animation: 0.769231s linear 0s infinite normal none running opacity-100-25-1-8;">
<div style="position: absolute; width: 4px; height: 2px; background: rgb(204, 204, 204); box-shadow: rgba(0, 0, 0, 0.1) 0px 0px 1px; transform-origin: left center; transform: rotate(45deg) translate(3px, 0px); border-radius: 1px;"></div>
</div>
<div style="position: absolute; top: -1px; opacity: 0.25; animation: 0.769231s linear 0s infinite normal none running opacity-100-25-2-8;">
<div style="position: absolute; width: 4px; height: 2px; background: rgb(204, 204, 204); box-shadow: rgba(0, 0, 0, 0.1) 0px 0px 1px; transform-origin: left center; transform: rotate(90deg) translate(3px, 0px); border-radius: 1px;"></div>
</div>
<div style="position: absolute; top: -1px; opacity: 0.25; animation: 0.769231s linear 0s infinite normal none running opacity-100-25-3-8;">
<div style="position: absolute; width: 4px; height: 2px; background: rgb(204, 204, 204); box-shadow: rgba(0, 0, 0, 0.1) 0px 0px 1px; transform-origin: left center; transform: rotate(135deg) translate(3px, 0px); border-radius: 1px;"></div>
</div>
<div style="position: absolute; top: -1px; opacity: 0.25; animation: 0.769231s linear 0s infinite normal none running opacity-100-25-4-8;">
<div style="position: absolute; width: 4px; height: 2px; background: rgb(204, 204, 204); box-shadow: rgba(0, 0, 0, 0.1) 0px 0px 1px; transform-origin: left center; transform: rotate(180deg) translate(3px, 0px); border-radius: 1px;"></div>
</div>
<div style="position: absolute; top: -1px; opacity: 0.25; animation: 0.769231s linear 0s infinite normal none running opacity-100-25-5-8;">
<div style="position: absolute; width: 4px; height: 2px; background: rgb(204, 204, 204); box-shadow: rgba(0, 0, 0, 0.1) 0px 0px 1px; transform-origin: left center; transform: rotate(225deg) translate(3px, 0px); border-radius: 1px;"></div>
</div>
<div style="position: absolute; top: -1px; opacity: 0.25; animation: 0.769231s linear 0s infinite normal none running opacity-100-25-6-8;">
<div style="position: absolute; width: 4px; height: 2px; background: rgb(204, 204, 204); box-shadow: rgba(0, 0, 0, 0.1) 0px 0px 1px; transform-origin: left center; transform: rotate(270deg) translate(3px, 0px); border-radius: 1px;"></div>
</div>
<div style="position: absolute; top: -1px; opacity: 0.25; animation: 0.769231s linear 0s infinite normal none running opacity-100-25-7-8;">
<div style="position: absolute; width: 4px; height: 2px; background: rgb(204, 204, 204); box-shadow: rgba(0, 0, 0, 0.1) 0px 0px 1px; transform-origin: left center; transform: rotate(315deg) translate(3px, 0px); border-radius: 1px;"></div>
</div>
</div>
</span>
<p class="comment-form-author"><label for="author">Name <span class="required">*</span></label> <input id="author" name="author" type="text" value="" size="30" maxlength="245" autocomplete="name" required="required"></p>
<p class="comment-form-email"><label for="email">Email <span class="required">*</span></label> <input id="email" name="email" type="text" value="" size="30" maxlength="100" autocomplete="email" required="required"></p>
<p class="comment-form-url"><label for="url">Website</label> <input id="url" name="url" type="text" value="" size="30" maxlength="200" autocomplete="url"></p>
<p class="form-submit"><input name="submit" type="submit" id="comment-submit" class="submit" value="Reply"> <input type="hidden" name="comment_post_ID" value="668" id="comment_post_ID">
<input type="hidden" name="comment_parent" id="comment_parent" value="0">
</p>
<p style="display: none;"><input type="hidden" id="akismet_comment_nonce" name="akismet_comment_nonce" value="2a66a87553"></p>
<p class="comment-subscription-form"><input type="checkbox" name="subscribe" id="subscribe" value="subscribe" style="width: auto;"> <label class="subscribe-label" id="subscribe-label" for="subscribe" style="display: inline;">Notify me of new
comments via email.</label></p>
<p class="post-subscription-form"><input type="checkbox" name="subscribe_blog" id="subscribe_blog" value="subscribe" style="width: auto;"> <label class="subscribe-label" id="subscribe-blog-label" for="subscribe_blog" style="display: inline;">Notify
me of new posts via email.</label></p>
<p style="display: none !important;" class="akismet-fields-container" data-prefix="ak_"><label>Δ<textarea name="ak_hp_textarea" cols="45" rows="8" maxlength="100"></textarea></label><input type="hidden" id="ak_js_1" name="ak_js"
value="1710428906604">
<script>
document.getElementById("ak_js_1").setAttribute("value", (new Date()).getTime());
</script>
</p>
</form>POST https://subscribe.wordpress.com
<form method="post" action="https://subscribe.wordpress.com" accept-charset="utf-8" style="display: none;">
<div>
<input type="email" name="email" placeholder="Enter your email address" class="actnbr-email-field" aria-label="Enter your email address">
</div>
<input type="hidden" name="action" value="subscribe">
<input type="hidden" name="blog_id" value="10974231">
<input type="hidden" name="source" value="https://elguber.wordpress.com/">
<input type="hidden" name="sub-type" value="actionbar-follow">
<input type="hidden" id="_wpnonce" name="_wpnonce" value="a47f7906ad">
<div class="actnbr-button-wrap">
<button type="submit" value="Sign me up"> Sign me up </button>
</div>
</form><form id="jp-carousel-comment-form">
<label for="jp-carousel-comment-form-comment-field" class="screen-reader-text">Write a Comment...</label>
<textarea name="comment" class="jp-carousel-comment-form-field jp-carousel-comment-form-textarea" id="jp-carousel-comment-form-comment-field" placeholder="Write a Comment..."></textarea>
<div id="jp-carousel-comment-form-submit-and-info-wrapper">
<div id="jp-carousel-comment-form-commenting-as">
<fieldset>
<label for="jp-carousel-comment-form-email-field">Email (Required)</label>
<input type="text" name="email" class="jp-carousel-comment-form-field jp-carousel-comment-form-text-field" id="jp-carousel-comment-form-email-field">
</fieldset>
<fieldset>
<label for="jp-carousel-comment-form-author-field">Name (Required)</label>
<input type="text" name="author" class="jp-carousel-comment-form-field jp-carousel-comment-form-text-field" id="jp-carousel-comment-form-author-field">
</fieldset>
<fieldset>
<label for="jp-carousel-comment-form-url-field">Website</label>
<input type="text" name="url" class="jp-carousel-comment-form-field jp-carousel-comment-form-text-field" id="jp-carousel-comment-form-url-field">
</fieldset>
</div>
<input type="submit" name="submit" class="jp-carousel-comment-form-button" id="jp-carousel-comment-form-button-submit" value="Post Comment">
</div>
</form>POST
<form method="post">
<input type="submit" value="Close and accept" class="accept"> Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use. <br> To find out more, including how to control cookies, see here: <a href="https://automattic.com/cookies/" rel="nofollow">
Cookie Policy </a>
</form>Text Content
ELGUBER'S BLOG
Networking – Security
Advertisements
Powered by wordads.co
We've received your report.
Thanks for your feedback!
Seen too often
Not relevant
Offensive
Broken
Report this ad
* RECENT COMMENTS
* RECENT TAGS
* threat hunting ( 1 )
* security onion ( 1 )
* incident response ( 1 )
* honeypot ( 2 )
* perl ( 1 )
* scripting ( 1 )
* programming ( 1 )
* Back Track 3 ( 1 )
* Metasploit ( 1 )
* security ( 5 )
* FreeBSD ( 1 )
* resest password ( 1 )
* wireshark ( 1 )
* book ( 1 )
* tcp/ip ( 2 )
* commands ( 2 )
* F5 ( 3 )
* tcpdump ( 1 )
* ipv6 ( 1 )
* checkpoint ( 3 )
* BigIP ( 1 )
* juniper ( 1 )
* learning ( 1 )
* firewall ( 1 )
* W.Richard Stevens ( 1 )
* BackTrack ( 1 )
* Fedora 14 ( 1 )
* linux ( 4 )
* HTTP ( 1 )
* OCSP ( 1 )
* routers ( 1 )
* switches ( 1 )
* protocols ( 2 )
* MPLS ( 1 )
* networking ( 9 )
RECENT UPDATES TOGGLE COMMENT THREADS | KEYBOARD SHORTCUTS
* ELGUBER 20:47 ON 28 MARCH 2021 PERMALINK | REPLY
TAGS: INCIDENT RESPONSE, SECURITY ONION, THREAT HUNTING
SECURITY ONION (SO)
In the last months, the tendency to talk about cybersecurity was increasing
quite a lot. I was wondering if it is possible to have a cyber security
infrastructure at home. Of course, that I do not want an extraordinarily
complex one with many components. But something that I could run in a decent
computer with my current 12Gb RAM.
Precisely last week the Security onion Solutions was releasing the latest
version (2.3.40). Since a while ago I have been testing the previous version.
The options that I had were a CentOS or Ubuntu and then on top of it, the
software. To be honest, I did not test the new release but with the previous
one I am more than happy. I will talk about the one that I am running so far
(2.3.21).
What it this about?
It is a Linux distribution oriented to threat hunting and monitoring. Of
course, free, and open. The software running is very well known, with a good
reputation in the industry and specific for the following matters: The hive,
Playbook and Sigma, Fleet and osquery, Cyberchef, Elasticsearch, Logstasch,
Kibana, Suricata, Zeek, Wazuh. In older versions everything was installed and
burned in an ISO but now everything is running in Docker containers. There
is a command (so-status) to check the status of the containers.
What options do I have in case that I want to test it?
You can download an ISO, or It can be installed on top of a Centos or Ubuntu
distribution. A nice option in the latest version is that it is also
available in the Amazon cloud. If you want to test it with a lot of power,
this is an exceptionally alternative.
Hardware requirements for EVAL mode is 4 CPU cores, 12GB RAM and 200GB
storage.
From the Security Onion use cases mentioned in the documentation (NIDS, HIDS,
Static Analysis (PCAP Import) and SOC Workstation), I personally use it in
all cases. It is currently in front of my router. I did mirror the switch
port that it is going to internet and I have sniffed all the traffic that
pass through the port. For my small environment I can afford to have long
retention. This is especially important in a production environment. You
should keep that in mind. Just doing a quick calculation. For a 50Mbps link
the daily saved data is 540GB! Anyway, (since January) the packet loss in my
Grafana is always 0.
Which tools can we find inside?
[Alerts]
If we start at the home page from top left, the first interesting option in
which we should click on is Alerts.
As you see in the above screenshot, we have an overview of the alerts that,
like in the example, you can group by different options. Like event.module or
severity. From there, you could also escalate the alert with the blue icon or
acknowledge buttons. As soon as you click the alert it is sent to the hive
and it would disappear from that page. As you see in the picture, you could
also see the acknowledged and escalated alerts.
[Hunt]
In Hunt you have the same information as in the previous option but also
Group Metrics and 3 different graphs with occurrences and timeline.
[PCAP]
It is obvious what is this for. Important is the retention that you have in
your system. Just selecting for example a port and time filter, you could get
from the system all the traffic that matches the options that you selected.
[Grid]
This allows you to see all nodes but with an evaluation license, only one is
shown.
[Downloads]
Here there are some links to Elasticsearch Utilities, Wazuh agents and
osquery packages and configs. To be honest, I only tested the Wazuh agent.
[Administration]
This is only for users.
[TOOLS]
They have the option to install an analyst VM in which you can investigate
the pcaps and do further analysis. But now I have no time for that.
[Kibana]
This is an ELK with more than 90 predefined dashboards in which you could
have an overview of the topic. Below the complete logs.
[Grafana]
This is a small monitoring tool of your system status. With the provided
dashboard, you can see the status of your CPU and memory and the one consumed
by all the modules (Zeek, Suricata, Steno). Also, the packet loss of the
modules is shown.
The amount of space consumed by the main partitions “/” and “/nsm” (most of
the data is saved here)
Pcap retention, monitor traffic and some more.
I did not check if you can modify the default dashboards. Remember that If
you want to modify some configuration the system is salted. Keep that in
mind.
[Cyberchef]
I have been using this tool only in CTFs but they have an API and you could
automate many tasks. This is a great tool.
[Playbook]
There is also a tool with detection playbooks. You can edit them and modify.
If you are good with Sigma rules, this is your place to play. In the
following example, you see a playbook.
[Fleet]
This would be deprecated, then I will not comment anything about it.
[The hive]
If we want a Security Incident Response Platform, we also have “The hive”.
The tool allows you to deal with the incidents. In combination with Cortex
(there is no direct link in the home page of the security onion, but you can
view just adding /cortex to the URL), that is an analysis engine, you could
use it if you are working as incident responder or in a SOC. The hive is, as
they announce in the project website, highly integrated with MISP. It is a
threat sharing standard in which you could benefit from other investigation
cases that are also in your industry. For example, common cases in banking.
In any case, MISP is not installed by default. You need to do some steps if
you want it installed in your system.
[Navigator]
Another tool in the list is the Navigator. That is for MITRE ATT&CK. You can
personalize it with colors, create groups, select by threat groups, software,
mitigations and much more. You could also add different playbooks.
Apart of the “visible” software, there are other pieces as well that are
important to mention. Just in terms of networking, we have:
Suricata. This is a network-based IDS and gives us the alerts.
Zeek. This provides protocol metadata logs. It is a network analysis
framework. It was previously known as Bro. Thanks to AF-PACKET you can
balance the traffic capture using different Zeek workers. The number of
workers is selected at the installation but it can also be modified
afterwards.
Strelka. For threat hunting. It is used for real-time file scanning but it
also can be used for threat detection and incident response. You see it in
action when you click “Hunt” in SO.
Stenographer. That is a full packet capture software.
It is important to understand that once you put a network interface in Sniff
mode, this is the flow to generate the data and where it would be placed.
If we talk about the machine itself there are more tools involved:
Osquery: This is using SQL commands to describe a device.
Beats: A log shipper to send to Elastic Stack. I did not test it, since my
deployment is based on a single machine.
Wazuh: I tried this separately in the past and I was very happy with the
results. It is specific for threat detection, integrity monitoring, incident
response and compliance.
Syslog: I believe I have nothing to say other than it is a system logging
software.
Sysmon: It is designed for Windows logging.
Autoruns: Also designed for windows platform. It can gather information about
programs configured to run during the start of a machine.
If you are a threat hunter or incident responder, you should give a chance to
this tool. I did try others like RockNSM or SELKS, but Security Onion is
better in general.
In the screenshots mentioned in the document, most of them were about the Web
interface but of course the command option via SSH is possible. In fact, for
some options it is highly recommended. They have a bunch of “so-” commands.
With those you can start, stop, restart specific services. Also, if you want
to add users, it should be done here and it would be populated to the hive
and fleet apart of the one for the Security Onion Console.
Have in mind that for a small lab the Evaluation mode is enough but for a
large scale. You need to check the options proposed by them. It always
depends on your budget.
References:
https://securityonionsolutions.com/software/
https://thehive-project.org/
https://docs.securityonion.net/en/latest/index.html
Author: Eduardo Cuthbert
REPLY CANCEL REPLY
Required fields are marked *
Name *
Email *
Website
Notify me of new comments via email.
Notify me of new posts via email.
Δ
* ELGUBER 6:14 ON 18 JUNE 2015 PERMALINK | REPLY
TAGS: HONEYPOT ( 2 )
LIST OF HONEYPOTS
HONEYPOTS
* Database Honeypots
* Elastic honey
* mysql
* A framework for nosql databases ( only redis for now)
* Web honeypots
* Glastopf
* Interactive phpmyadmin
* servlet
* web honeypot in nodejs
* basic auth – for web protected pages
* Shadow Daemon
* Servletpot
* Nodepot
* Google Hack Honeypot
* Service Honeypots
* Kippo – Medium interaction SSH honeypot
* for NTP
* Camera pot *
* Anti-honeypot stuff
* kippo_detect This is not a honeypot, but it detects kippo. (This guy has
lots of more interesting stuff)
* ICS/SCADA honeypots
* Conpot
* scada-honeynet
* SCADA honeynet
* Deployment
* Dionaea and EC2 in 20 Minutes
* Visualization
* HoneyMap
* HoneyMalt
* Data Analysis
* Kippo-Graph
* Kippo stats
* Other/random
* NOVA uses honeypots as detectors, looks like a complete system
* Mantrap / Symantec Decoy Server
* BigEye
* BackOfficer Friendly
* Proxy honeypot
* Proxypot
* Open Relay Spam Honeypot
* SpamHAT
* Botnet C2 monitor
* Hale
* IPv6 attack detection tool
* ipv6-guard
* ipv6-attack-detector
* PHP honeypot
* smart-honeypot
* PHPHop
* Honeypot Database
* Manuka
* Research Paper
* vEYE
* Honeynet statistics
* HoneyStats
* Visual analsysis for network traffic
* Picviz
* dynamic code instrumentation toolkit
* Frida
* Front-end for dionaea
* DionaeaFR
* Tool to convert website to server honeypots
* HIHAT
* Malware collector
* Kippo-Malware
* Sebek in QEMU
* Qebek
* Malware Simulator
* imalse
* Distributed sensor deployment
* Sombria
* Smarthoneypot
* Network Analysis Tool
* Tracexploit
* Log anonymizer
* LogAnon
* server
* Honeysink
* Botnet traffic detection
* dnsMole
* Low interaction honeypot (router back door)
* Honeypot-32764
* honeynet farm traffic redirector
* Honeymole
* IDS signature generator
* Nebula
* Fake wireless access point
* FakeAP
* HTTPS Proxy
* mitmproxy
* spamtrap
* Jackpot Mailswerver
* System instrumentation
* Sysdig
* Honeypot for USB-spreading malware
* Ghost-usb
* Data Collection
* Kippo2MySQL
* Kippo2ElasticSearch
* Honeyd viewer
* Honeyview
* Passive network audit framework parser
* pnaf
* Honeyd to MySQL connector
* Honeyd2MySQL
* VM Introspection
* VIX virtual machine introspection toolkit
* xenaccess
* vmscope
* vmitools
* Binary debugger
* Hexgolems – Schem Debugger Frontend
* Hexgolems – Pint Debugger Backend
* Mobile Analysis Tool
* APKinspector
* Androguard
* Low interaction honeypot
* Honeypoint
* Honeyperl
* Honeynet data fusion
* HFlow2
* Server
* Tiny Honeypot
* Nephenthes
* LaBrea
* Kippo
* KFSensor
* Honeytrap
* Honeyd
* Bootable honeyd
* HOACD
* Honeeebox
* Glastopf
* DNS Honeypot
* Django-kippo
* Dionaea
* Conpot
* Bifrozt
* Beeswarm
* Bait and Switch
* Artillery
* Amun
* VM cloaking script
* Antivmdetect
* Honeyd ported to Windows
* Winhoneyd
* IDS signature generation
* Honeycomb
* Multiple
* Honeeepi
* Web interface to packet analyzer
* OpenWitness
* lookup service for AS-numbers and prefixes
* CC2ASN
* Data Collection / Analysis Tool
* Carniwwwhore
* WordPress spam honeypot
* wp-smart-honeypot
* Web interface (for Thug)
* Rumal
* Snort binary carving
* Pehunter
* Data Collection / Data Sharing
* HPfriends
* HPFeeds
* PE-executables analyses
* Xandora
* Distributed spam tracking
* Project Honeypot
* Python bindings for libemu
* Pylibemu
* Client honeypot
* Pwnypot
* Controlled-relay spam honeypot
* Shiva
* Visualization Tool
* Webviz
* Glastopf Analytics
* Afterglow Cloud
* Afterglow
* central management tool
* PHARM
* Network connection analyzer
* Impost
* Virtual Machine Cloaking
* VMCloak
* A script to visualize statistics from honeyd
* Honeyd-Viz
* Honeypot deployment
* Modern Honeynet Network
* SurfIDS
* Honeyd UI
* Honeyd configuration GUI
* Honeynet analysis tool
* Honeynet Security Console
* Automated malware analysis system
* Cuckoo
* Anubis
* Low interaction
* mwcollectd
* Low interaction honeypot on USB stick
* Honeystick
* Honeypot extensions to Wireshark
* Whireshark Extensions
* Data Analysis Tool
* HpfeedsHoneyGraph
* Acapulco
* Telephony honeypot
* Zapping Rachel
* Client
* MonkeySpider
* Capture-HPC-NG
* Wepawet
* URLQuery
* Trigona
* Thug
* Shelia
* PhoneyC
* Libemu
* Jsunpack-n
* HoneyC
* HoneyBOT
* CWSandbox / GFI Sandbox
* Capture-HPC-Linux
* Capture-HPC
* Andrubis
* Commercial high interaction honeypot
* Countertack Scout
* Visual analysis for network traffic
* ovizart-ng
* ovizart
* Binary Management and Analysis Framework
* Viper
* Honeypot
* Single-honeypot
* Honeyd For Windows
* SWiSH
* IMHoneypot
* Deception Toolkit
* Cybercop Sting
* PDF document inspector
* peepdf
* Distribution system
* Thug Distributed Task Queuing
* HoneyClient Management
* HoneyWeb
* Network Analysis
* HoneyProxy
* Hybrid low/high interaction honeypot
* HoneyBrid
* Sebek on Xen
* xebek
* SSH Honeypot
* Kojoney
* Glastopf data analysis
* Glastopf Analytics
* Distributed sensor project
* DShield Web Honeypot Project
* Distributed Web Honeypot Project
* a pcap analyzer
* Honeysnap
* Client Web crawler
* HoneySpider Network
* network traffic redirector
* Honeywall
* Honeypot Distribution with mixed content
* HoneyDrive
* Honeypot sensor
* Dragon Research Group Distro
* File carving
* TestDisk & PhotoRec
* File and Network Threat Intelligence
* VirusTotal
* data capture
* Sebek
* SSH proxy
* HonSSH
* Anti-Cheat
* Minecraft honeypot
* behavioral analysis tool for win32
* Capture BAT
* Live CD
* DAVIX
* Spamtrap
* Spampot.py
* Spamhole
* spamd
* SMTPot.py
* Commercial honeynet
* Specter
* Smoke Detector
* Sandtrap
* PatriotBox
* PacketDecoy
* NetFacade
* Netbait
* Server (Bluetooth)
* Bluepot
* Honeyd stats
* Honeydsum.pl
* Dynamic analysis of Android apps
* Droidbox
* Dockerized Low Interaction packaging
* Manuka
* Network analysis
* Quechua
* Sebek data visualization
* Sebek Dataviz
* Threat Intel feed aggregator / network grapher
* Malcom
* Sandbox
* Argos
* SIP Server
* Artemnesia VoIP
* Honeyd plugin
* Honeycomb
* Sandbox-as-a-Service
* malwr.com
* Botnet C2 monitoring
* botsnoopd
* low interaction
* mysqlpot
* Malware collection
* Honeybow
* sandbox
* PHPSandbox
* RFISandbox
* dorothy2
* COMODO automated sandbox
List copied from:
https://github.com/paralax/awesome-honeypots/blob/master/README.md
* ELGUBER 7:46 ON 19 AUGUST 2013 PERMALINK | REPLY
TAGS: PERL, PROGRAMMING, SCRIPTING
PERL PROGRAMMING
I am back again.
I just been thinking about a programming language that could be useful for a
network guy…. and finally I´m with Perl . I don´t know if it is the best one
or not… but it remind me my ages when I was studing. This language is quite
similar to C.
The purpose of the script is modify a given file. I did it because at work I
was doing a repetitive task so many times and I decided to use the scripting.
Because we are doing more and more repetitive task, I will keep my perl
skills up to date. Then, let´s read a file with Perl
> #!/usr/bin/perl -w
>
> use strict;
>
> use warnings;
> # read initial file to modify
>
> my $file=”file.txt”;
>
> # final file
>
> my $final =”final.txt”;
>
> #text or characters deleted
>
> my $bin=”bin.txt”;
>
> my $line;
>
> my $i=0;
>
> #check if files can be created or oppened
>
> open (FILE,”<$file”) || die “ERROR: File $file not found\n”;
>
> open (FINAL,”>$final”) || die “ERROR: File $final not found\n”;
>
> open (BIN,”>$bin”) || die “ERROR: File $bin not found\n”;
>
> #read the file
>
> while ($line=<FILE>){
>
> if ($line =~ /COMMENT/) { # if line contains the chain “COMMENT”, send
> the line to the bin file.
>
> print BIN $line;
>
> }
>
> else{
>
> if ($line =~ /\}/) { # if line contains the chain “}”, send the line to
> the bin file.
>
> print BIN $line;
>
> }
>
> else{
>
> if ($line =~ /;$/){ # if line is ending in “;”, send the line to the bin
> file. $ is indicating that is the end of the line. It is not considering
> the \n
>
> if ($line =~ /CHAIN/) { # if line contains the chain “CHAIN”,
>
> if ($i== 0){ # I added this counter for formating purposes
>
> print FINAL “\n——\n”;
>
> $i = $i + 1;
>
> }
>
> else{$i = 0;} # I set to 0 because the above “CHAIN” is twice on the file
> and I only need to add the lines(for formating purposes) only once.
>
> }
>
> print FINAL substr($line, 1,-2).”\n”; # with substr function I am taking
> the whole line except untill the last 2 possitions. Last one is “\n” and
> previous one was “;”
>
> }
>
> }
>
> }
>
> }
>
> # Closing files
>
> close (FILE);
>
> close (FINAL);
>
> close (BIN);
>
>
An important function in the script is substr. You can use it like this:
> print substr($line, 1,-2);
We are stracting a string from another one. In our case, we are reading the
line ($line), taking from position “1”, till position “-2”. With the negative
symbol, we indicating that should take from the end and not from the start.
I will explain the basic syntax for substr:
EXPR – string expression from which the substring will be extracted.
OFFSET – an index from where the substring to be extracted starts.
LENGTH – the length of the substring to extract.
* ELGUBER 17:56 ON 6 APRIL 2013 PERMALINK | REPLY
ANONYMOUS GROUP ATTACKS
In the last days you have been hearing several times this concept . This
kind of attacks are difficult to prevent. Even with the best firewalls, IPS,
IDS ….. depending on the attack it is not so easy to stop. The last known
group attack was on March .
Who is behind these attacks? Can we put some faces in these “anonymous”
attacks? Let´s say yes. Normally, after this kind of attacks, there are a
group of hackers(this concept can be discussed in a separate article). They
use to take credit for it.
Which are the objectives? Governs, big corporations. Let´s say that
information is power and power is money then, any company with some of this
could be an objective.
Goals? Mainly economic. Probably we will not see after we read the news, but
…. based on the fact that attack a corporation is not legal and you could be
on jail, I don´t see any other aim. Here you can think in any kind of
conspiracy theories.
what it is? It is also called distributed attack. The purpose of this
attack is trying to invoke a denial of service from victim side. In other
words, use the service that is providing in order to don’t allow anyone to
use it
– Then, it is easy to detect as long as you know the source ip
– That´s the problem! Source ips are usually spoofed before reach the
victim.
– If we secure our machine or server to allow only specific services?
– They use services that are allowed in the victim side or not known
vulnerabilities.
I will put an example for better understanding.
Let´s imagine that we have a company called “Carripote Corporation”. Our
company website is also used for customers to make secure payments. Based on
this, we are using HTTP and HTTPS services. We have the best security
appliances recently installed and there is no way to attack our system. The
server is hosted in our secure data center and we increased our bandwidth
with our ISP to 1Gb/s Till here, no problem. Let´s continue imagining that
we will publish our economic balance to the entire world and we are expecting
(based on previous averages graphs) 500Mb/s of traffic on that day. Our
security and network administrators they are not worried about the event
because we have load balancers and we are expecting 50% of bandwidth usage.
What´s going on if that day we have a DDoS attack and our bandwidth graphs
are at 100% ?? First of all, this is not good for the company reputation and
probably we will lose some of our customers because of this unless we can
manage the situation and solve the problem ASAP.
What we did wrong? Nothing. It is like the real life. Are we saved to be
robbed? Never!
Then, how was possible this attack? Which method was used? Let´s explain it
step by step:
1st – Basically, the hackers know your website(everyone knows. It is your
public website )
2nd – They spread a free app(which has become very famous in the last month
with more than 30.000 downloads) for mobile devices. The app is ready to send
any “GET /” command to a company website. I said GET but you can imagine
other kind of requests to a server.
3rd – They would choose a day to send this command. Then, what´s going on if
your company website receive the same day at more or less same time more than
50.000 requests. Is your website strong enough to reply all of them?
In the image below you see how is a well done distributed attack.
In the image above you see that reflectors are being used.
If your server only can reply 4 petitions at the same time and you are
receiving 6 request from each server and there are 6 sending request… Your
server is getting 36 petitions at the same time. You will not be able to
reply, then your server will become unstable or not able to respond.
Some of the tools used for DDOS attacks:
“Mobile LOIC”. This is a network stress mobile application.
* ELGUBER 18:08 ON 24 MARCH 2013 PERMALINK | REPLY
SECURITY BASICS IN CHROMIUM OS
I´m back with a new interesting article. A few days ago I received the
proposal to explain a little bit about the security in Chromium OS, and I was
given the chance to make a little closer for you.
First of all, I would like to mention what I believe is an important fact
regarding the subject at hand; in one of the most important security events
of the year, celebrated in Vancouver (CanSecWest 2013), no one was able to
point out any vulnerability for this OS. Another different thing is the
browser… Google offered a big amount of money to the person who was able to
find a vulnerability in his OS. No one was able to find anything. After
this, I would say that it is pretty difficult to find a bug, but not
impossible because nothing is impossible and even less in IT. Probably, the
mere action of telling that nobody was able to hack the OS is reason enough
to encourage them to try to do that. In any case, even if Chromium is still
not hacked social engineering is the better option. Nobody is safe in the
Internet ocean…We know that an OS that is oriented to use web applications
it is not so easy to exploit. Let´s say that they are playing in their own
field. Chromium is just an interface because it has been designed to be used
with Internet apps.
After this brief introduction I am going to explain my research in terms of
security.
When I play with a new OS, I use to download the image and then without any
network connection, I start a brief checking. The first problem I found when
I started with Chromium OS was that you need a network connection, because of
the fact that we are talking about an OS oriented to the cloud. As you can
see in Figure 1, there is no network interface to select and the “continue”
button is not active
Figure 1 – Welcome
Do you think that I turned off the virtual machine and I enabled the network
interface to continue with the article? Of course not! We are talking about a
Linux distribution. Then, it should have a command line interface (CLI)
option. The truth is that it is not just a “shuld” it is a “must” have.
Typing CTRL + ALT + F2, you´ll get the tty2.
Figure 2 – tty2
Login credentials:
User: chronospassword: facepunch (nice password by Google. LOL)
The chronos user is in the sudoers file. Then what we need to type to be root
is “sudo su”
Figure 3 – sudo su
Then type the chronos password and you are already root!
Figure 4 – id
We have been playing so much without network connectivity and now it is time
to enable the interfaces and see the real purpose of this OS.
Ok, so we have configured our user and we can now log in our session. Once
thing that I don´t really like is that you need a Google account. It is
mandatory. Of course, this is a Google OS, so Big Brother is looking at you
When you start Chromium OS, it is like an empty desktop without any icon and
just a few features to change. In the system tab(I don´t know if Google is
naming it like this)This is the aspect:
Figure 5 – Chromium desktop
Let´s imagine that we have already configured our session and we have no
internet connection(once the first user was created). Then, we have not so
many options to choose from. Now, what appears in the following figure is
this:
Figure 6 – offline
“Your device is offline”; when this kind of message appears, that is because
it is a kind of OS designed more for tablets or mobile.
Chromium seems to be designed to be used as a browser. The settings that you
can modify for the OS are like in Google Chrome browser. In fact, even if
your browser is not opened, it will be opened to modify the system settings.
I don´t think that you can open, by default, any other app.
Figure 7 – settings
Do you think that this is all that you can do with Chromium? Do you think
that this OS is basically the same as Chrome but with a dedicated OS?
Probably yes, but No! We should try to do more!
Did you ask yourself if a console is possible in a web browser? It is! Apart
of the command “CTRL + ALT + F2”, you can also type “CTRL + ALT + T” and
you´ll get a CLI as well. Specifically, you will get a “Chrome OS Shell” or
“crosh>”
Figure 8- crosh
In this chrome shell you have some commands to execute. Typing “help” or,
even better, “help_advanced” you can see some of them. Also if you use your
up arrow, you will get the available commands to be used in this shell. You
may take advantage of the “shell” command to get a Linux shell.
Figure 9 – shell
We are discovering step by step some interesting options about Chromium.
Let´s check if we have any security option like iptables to secure our
system. By typing:
“sudo iptables -L” YES!
In Figure 10 you can see the default iptables options.
Figure 10 – iptables
This is pretty interesting for us. What are not so interesting are the
default rules. Especially the one that is accepting all protocols from any ip
and destination also any ip. This is a question for you readers. If you don´t
like something and you want to change it, what would be your reaction? Let
me answer for you.
You must delete all rules and start from scratch. First of all, DROP any kind
of traffic. Then, you can start to allow ports. This is a basic rule for
firewall administrators.
If you are thinking like this, we are thinking about the same solution. I
believe that my reply will make sense for the mayority of you. I hope all of
you
A good begining is this output:
Figure 11 – clean iptables
And then, you can start to make your Chromium safer.
In Figure 12 you can see the basics to surf. We need to enable http and dns
ports.
Figure 12 – final iptables
When you are modifying iptables, you must pay attention to the INPUT/OUTPUT
and also to the destination/source ports. These are the commands that I used
:
Deleting all rules:
iptables -F
Allowing only http and dns:
iptables -A INPUT -p udp -i eth0 –sport 53 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp –sport 80 -m state –state RELATED,
ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 –dport 53 -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp –dport 80 -m state –state
NEW,RELATED,ESTABLISHED -j ACCEPT
All this information is only a little bit of what it could really become. It
is a very new subject and I´m sure, in the near future, a lot more of
information will come to our knowledge.
Written by: Eduardo Cuthbert
Proof reader: Desirée Suarez
* ELGUBER 12:52 ON 10 FEBRUARY 2013 PERMALINK | REPLY
TAGS: BACK TRACK 3, METASPLOIT
BACK TRACK 5 R3 A BOX OR A BOMB. THE SECURITY SUITE.
1. Back Track 5 r3 a BOx or a BOmb. The security suite.
2. Since it was started in 2006, Back Track has become one of the best
security suites in penetration testing market. Due to that fact, there
has been a huge proliferation of this kind of software in the last few
years.
In this article we are going to cover how a bunch of software could be as
easy as pie, or a dangerous game that could get you into trouble. On one
side, installation is pretty easy (even in a virtual machine, you can easily
run a security distribution). On the other side, the management and mastering
is in a completely different league.
We have in front of us a Linux OS with more than 300 penetration tools.
1. This article will help you to open the box. What can you do with a box?
Not so much or maybe nothing. But with the content of the box, you could
probably do a lot of things, even more if we are talking about a big box
with hundreds of boxes inside. I must tell you to be careful, because
depending on the use, the content can be as bad as nitroglycerin.
Regardless, it is not necessary to say that, in some countries, the use
of this tools can be considered as terrorism.
When used in the right way, we can have a great security tool which will be
able to help in several different areas (wifi, forensics….). With the right
knowledge on each area the power multiplies 10 times.
If you use it wrongly, you can have serious problems. That said, it will be
your own responsibility once you start BackTrack.
After you read this article, you would be able to run a security suite and
use a couple of applications. My opinion is that the information here
displayed is enough to get you hooked and with some hunger for knowledge. I
think like this, mainly because I will give you a few tips to get information
from the system you want to audit and I say a small part because it is quite
difficult to talk about more than the 300 tools that are a part of Back
Track. Inside security, there are also different fields that we could talk
about, and talk a lot by the way.
1. I still remember the time, several years ago, when I discovered this
tool. It was Back Track 2 at that time. I was using a new DELL laptop
with 2 Gb RAM , 1,6 Ghz intel processor and a nvidia graphic card. It
took me at least 3 days to sniff a simple packet because of my wifi
chipset version and another extra day to inject traffic. I didn´t have
internet at home because I was living abroad and I had to go to a local
cybercafe.
Let´s start from the beginning. The current version is BackTrack 5 r3. I
recommend to download the iso image from http://www.backtrack-linux.org/.
Since this is an Ubuntu version modified, Ubuntu 4.4.3. to be more accurate,
you can run it even in a smart phone.
Once the iso is in your hands, you have 3 options:
* Install it in your hard drive. Highly recommended for professionals.
* Install it in a USB or DVD (With the proliferation of the USB devices, it
does not make any sense but it is a possibility ) to run a live version.
It is also a good option if you do not want to change anything in your
computer. But I would recommend that, once you run your live image, you
must make your changes permanent in your USB, because the next time you
run it, you should change the features. And that is not so funny.
* Virtualization. The best and quick option to play with. This option offers
you the possibility to install or even run the live ISO image in a virtual
machine. It is the easiest way to start using it. You could run a lot of
virtual machines with only a PC, depending of the features and
characteristics of your equipment. With a computer and a couple of
virtualized machines you can play to protect a box and attack the other
one. It is funny if you are into it and you could spend lots of hours
First steps:
After booting the system, you can see the following message:
Figure 1 – Boot
Type intro and you will enter in the main boot menu. There are 3 different
modes:
-Stealth
-Forensics
-Text (this one is the default option)
Figure 2 – Back Track menu
The main objective of this article is to speak only about the first boot
option that is “Text mode”, so you can get to know it better. Let´s say that
I jump quickly into graphic mode, basically because that’s the easiest way in
most of the cases, and because it is a more friendly environment. I must also
say that to reach excellence in Back Track, you need to be fair good in text
mode and know it very well. That is the same as saying “if you want to run,
you should start to walk first”.
Following with the instructions, once you press “BackTrackText” the screen
will show:
Figure 3 – Login
When the “bt login” appears, it means that you are already in Text mode. The
following are the credentials to log into the system.
user root password toor(the one used in last back track distributions)
Figure 4 – Command line
When you type the default credentials, you will see the prompt that is showed
above. From here the race will begin! You can start to play now. So far, at
this point, we have crossed the line. Everything is ready!
You can start applications in text mode (Tcpdump, netcat, nmap… ). Also, as
in every linux distribution, with Alt + Function keys you can move to
different terminals.
To run the graphical environment, just type:
root@bt:~# startx
Once you are in the main window, go to Applications > BackTrack. You will now
see the whole areas that BackTrack is covering:
Figure 5 – Back Track Xwindow
From now on, it depends on preferences. As you can see in the previous image,
there are different areas to explore:
* Information Gathering
* Vulnerability Assessment
* Exploitation Tools
* Privilege Escalation
* Maintaining Access
* Reverse Engineering
* RFID Tools
* Stress Testing
* Forensics
* Reporting Tools
* Services
* Miscelaneous
As a good expert, before any attack, you need to know your “victim” right? I
believe that it is sensible to start with Information Gathering Tools. You
would need to get as much information as possible to find the best vector
attacks. Personally, one of my favorite tools for recognition jobs is
Maltego. The Paterva guys are doing a very well job on this area. With a
graphic interface, they make it easy for a program to start getting
information from a simple domain record. With this tools you would simplify
your work, avoiding getting locks in Text mode and parsing to draft the final
report. It is quite complete and there even is the possibility to add
plugins.
Believe me, this tool is fantastic.Let me tell you that, as a security
consultant, it helps a lot to use Maltego. To be honest, as a consultant, the
whole Suite is a mandatory tool to have. It is like an all-in-one. I do not
need to say that a good professional use to have every tool personalized and
this is also the case. Back Track is running under a Linux distribution or,
even better, it is a Linux distribution already modified for security
experts. Then, once you are provided with the ultimate Back Track tool, you
may start to tune it to fulfill your own necessities.
You also have wine installed by default to emulate any windows application
in a Linux machine.
ü Let´s talk now about Maltego. It comes to my mind a previous version
(version 2) in which you were not asked to log in as in this new one. This
has been made probably to provide better features.
How can we use it then? Where should I start? Once you open it up, the
picture that is showed next (figuere 6) is the first screen you would see:
Figure 6 – Maltego
The first option that you may check is the Manage > Manage Transforms. This
is an important one and the real engine that would help you establish the
parameters of how Maltego will work later on. A good transform will lead you
to achieve a best result.
Figure 7 – Transform manager
You can create your own transforms, personalized in order to your
necessities, or you can also modify the ones that are in the system by
default. You also need to accept each transform disclaimer, unless you want
to accept every time you do a transform. You can sort them by Status and
accept the ones in “disclamer not accepted” status. After you fine tune your
transformations, you are ready to start using Maltego.
As some ways to see the information, you have Main View, Bubble View and
Entity List View. By default, Main View is the one that will be selected. The
differences are in how data are represented (with icons in the main view,
with bubbles in the bubbles view and also as a list). The default view starts
the same as in Figure 6. Let´s see the options. On the left side, there are
the objects which you can drag and drop into the Main View. On the right side
you see some other windows that will be empty until you select an icon.
Starting from the left and selecting “Domain”, for example, you already have
the first piece of the game. I did a test with the default feature that is
paterva.com. Of course that you can change anything to whatever domain name
that you want, and do the same for each object. Clicking on it or even
passing the mouse over it, you have a detailed view and also a property view
in the right side of the main window. With an object, there is not so much
that we can do. Let´s go on! Now you click with the right button of the mouse
on the domain “Run Transform” -> “All transforms” and that´s the result:
Figure 8 – Transformation finished
As you can see, there is a lot of “rubbish”. In this case, if you visit
paterva.com, you´ll notice that at the end of the website, there are some
social network icons and that is why you see facebook, twitter, youtube… in
your schema. This is the same for phones and some other objects. For that
reason, discard all the icons that are not giving you any interesting
information. And you can continue with each icon doing transforms until you
get the final picture as well.
When you clik on “Running transforms” this is what Maltego is doing in the
“background” to finally draw the final picture.
Figure 9 – Transform output
The best idea is to check only the important transformations or even better
if you ask me, disable the ones not needed and create personalized ones. As
I said before, the first clicks you may do after start Maltego is Manage >
Manage Transforms.
ü Another interesting tool that we can talk about is Etherape. It is not
under BackTrack option in the main menu. You can find it in systems tools or
in internet. This is a graphical network monitor with 5 different capture
modes (Token Ring, FDDI, Ethernet, IP and TCP).You could see the connections
from your host , the connections to your host, or both ways. This is, in my
opinion, an easy and light tool with just a few options, but very useful.
Figure 10 – EtherApe – Preferences
You surely would be surprised if you run this tool after you type your
favorite website. It is like if it is alive. Every few seconds, a banner or
another link in your browser is creating a connection. I did a test with
http://www.facebook.com. You can also see the ips, traffic per node, traffic
per protocol.
Figure 11 – EtherApe
An easy and quick example that you can try is typing the ip of your own
router in your browser and you´ll see that only one connection is created
between you and the router. But if you type, for example,
http://www.amazon.com, you will see the bigger amount of connections that are
created.
Let´s assume that you are a security guy that needs to audit a “secured
system”. The first action that you may do is to change your mac address.
Because you do not want to be discovered or even because you already know the
physical address of a machine and you want to obfuscate. The tool used for
that purpose is the one that we are going to see next, macchanger.
ü “Macchanger”.
Figure 12 – Macchanger
As you can see in the previous screenshot of the help menu, this is an easy
and useful tool, much like some of the previous ones. With a virtual machine,
you could also do it but if you want to change too many times, it is worth
it.
The last application which I will cover in this article is
ü Metasploit. This application is an Exploitation tool, then we will find
in below path(see figure 13):
Figure 13 – Metasploit path
Metasploit is a powerful framework that could be used in different fields. It
is like a Back Track inside another Back Track. I would like to start
mentioning that, an important task which you should do before starting to
play with, it is to update the database. The real power of this tool is in
the database, which is being continuously updated. Metasploit is
“exploiting” vulnerabilities and if you don´t have this DDBB up to date, it
is like an old anti-virus not updated since 3 months ago. Maybe you have the
intention to exploit a vulnerability that is already in the database and you
do not want to update, but this is not usual because the vendors and software
developers are also fixing the problems as soon as possible. There are some
cases in which since day “0” to the moment the problem is patched, takes
longer than expected.
To understand better, let´s think about a scenario: You are a system
administrator for an important company and your web server is affected by a
XSS. Due to this vulnerability, a user could get a copy of your user database
compromising the privacy of the employees. As a good administrator, you need
to test that your application is not affected by the dangerous bug or, if it
is affected, try to fix the problem. The most important thing for you is the
system that you are administering. We need to know our infrastructure
(software and hardware), and also the behavior of a specific pattern.
Some concepts that should be familiar to you when you are using Metasploit
are payload and exploit. A payload is a part of a software which allows you
to take control of the computer that is affected by an exploit, which we are
exploiting. The most known payload is Meterpreter(we will see it in the
example later on). An exploit is a program or piece of software designed to
break or crash into a system through a known vulnerability.
What this software is basically doing, is to checking in a database for all
kind of bugs for different platforms, software… (that´s why is so important
to update first). You can load a bug for a specific application and once it
is loaded, you can attack the application with that tool. Let´s see it with
an example:
1st- Update the database. As I mentioned before this is an important step.
Looking at figure 13, we can see that there is an icon to update metasploit.
Click on it and prepare yourself a good coffee while you wait. It will takes
time.
Figure 14 – Updating Metasploit
2nd – Start Metasploit. You will get a random image and at the end you will
see: version, exploits, payloads….
Figure 15 – msf console
3rd – Find a bug in metasploit and try to use it. Just type “search”
command plus a chain to search. In the example below we are searching for
ms08 (command:”search ms08″).
Figure 16 – Searching in modules
4th – Load the module. Once you have defined the exploit, type: “use” +
module.
Figure 17 – Module loaded
Once you are in ms08_067_netapi module, you need to investigate which options
you can type.
Now, you can define your parameters with the “set” command.
* set rhost 192.168.1.61 (this is the ip of the remote host)
* set lhost 192.168.1.59 (our local ip)
5th – Once it is loaded run an attack to exploit the bug. When we have the
parameters configured, we will type the “exploit” command and WE ARE INSIDE!!
Figure 18 – Exploiting
Meterpreter is the payload. Invoking help, we will already see the commands
to execute in the remote host.
Figure 19 – Shell in remote host
This is only a module and you could load hundreds of modules. We also could
find hundreds of exploits.
Just to resume, the commands used in this article for metasploit are:
* ./msfpro -> Start the program
* search + “string” -> Search in the big database you need this command.
* use + module to load -> Load module
* show options -> Options in the module that you previously loaded.
* Set + option -> It defines the values
* exploit -> It starts the exploit
1. To cover in deep all the tools included in this distribution I should
spend some months of my life or even some years.
Just to summarize, we are standing in front of a swiss army knife(a big one
by the way!).
I have given you the main steps to use one of the best security suites in the
world. Now it is up to you. With that amount of tools in Back Track, you can
choose which one is your strong point and try to use it and do your best. Or
even you could try to investigate about other areas.
If you are an expert in networks, you can use BT. If you are a programmer,
you can use BT. If you are a DDBB expert, you can use BT. If you are a
security specialist, you can use BT. Even if you are not an IT expert you
also can use it, to get information about any place, person or item
About Eduardo Cuthbert:
I started in networking and security in 2004. Ever since I discovered the
field of Security I have been passionate about it.
Having always lived and worked in a medium size city in Spain, I decided to
try and take my chances abroad. Knowing that in other countries I could
develop and research, I left and found a job in Switzerland, where I am
living and working currently.
I have always worked in those two fields and I consider myself a committed
and focused person, so researching and learning about new developments is
something essential to me. That’s why I have always looked for better ways of
improving.
Through all my career I got several certifications, such as CCNP and CCSP.
I am also a cycling enthusiast.
Text: Eduardo Cuthbert González
Proof reader: Desirée Suarez González
* ELGUBER 12:19 ON 13 DECEMBER 2012 PERMALINK | REPLY
TAGS: SECURITY ( 5 )
SECURITY¿?
I was thinking today about security. In the way to work I use to read a book
who is talking about it. My mind is becoming paranoid. I was working before
in a remote site too far away of the crowded city but now the situation is
different. I am in a big city. When I´m going for work I see a lot of people
with laptops, smartphones, tablets… and I only think in security.
Are all of those devices really secured? I´d like to think that at least, the
professional people a device 100% secured. When I say secured… at least have
an antivirus and password to unlock the device or password and some kind of
encryption.
I believe that all other devices of teenagers and people who is not using the
technology for work is not so protected. I saw some people unlocking the
screen with a code number (that is good) and also with a figure code that is
not so good(basically is because if you see the telephone against the light
you would see the figure).
With a simple test, you could figure out how many devices are running with a
open window when I say that I´m refering with bluetooth or wireless active. I
know that for most of them, it is better having conections active because
they can save 5 seconds in activate(aaahhhhh!!!).
I´m remembering my ages as administrator:
> Me: – (looking out of the keyboard), please type your password.
>
> User: – I wrote my user and pass for you in a peace of paper. I´m going to
> put some order here in the office.
>
> Me: …..LOL!
Back to handy devices, there are many kind of attacks for smartphones that
could be used with bad intentions. There are tons of stupid apps that people
is downloading and they don´t update . This kind of apps are a good start to
exploit.
Just some security advices:
1. Put a password in your device(laptop, tablet, smartphone) to unlock. You
could forget it in a public place and anyone could sniff in your personal
data.
2. Don´t save passwords. If someone get access to your device he could spend
some time in ebay with your accout.
3. If you have your passwords there, use a software to encrypt the password
database.
4. Don´t use weak passwords like…. “123456”
When you go to the bank machine, you use to hide the keyboard to avoid
watchers. In same way, when you unlock your device, or you see an email try
to do the same.
A good idea is using polarised covers.
:))
* ELGUBER 7:40 ON 1 JULY 2012 PERMALINK | REPLY
TAGS: FREEBSD, RESEST PASSWORD
FREEBSD – RESET PASSWORD
> Three steps to change root password in FreeBSD:
>
> Step 1: Boot in single user mode
>
> As the operating system is starting, it will display the following message:
> Hit [Enter] to boot immediately, or any other key for command prompt.
> Booting [kernel] in 10 seconds…
> You should now press the space bar, and you will see the following message:
> Type ‘?’ for a list of commands, or ‘help’ for more detailed help.
> ok
>
> 1. boot -s
>
> to start FreeBSD in single user mode. After the system boots, you should
> see the statement:
> Enter full pathname of shell or RETURN for /bin/sh:
> Press the enter key and you will have a # prompt.
>
> Step 2: Mount the filesystems
>
> At the command prompt, issue the mount command. This command will mount all
> the filesystems listed in your /etc/fstab file.
>
> 1. mount -t ufs -a
>
> Step 3: Change the root password
>
> Issue the passwd command and you will be prompted to enter a new password
> for the root account.
>
> 1. passwd
>
> New password:_
> Retype new password:_
> passwd: updating the database…
> passwd: done
>
> 1. exit
ELGUBER 6:42 ON 30 JUNE 2012 PERMALINK | REPLY
TAGS: BOOK, WIRESHARK
WIRESHARK
A new book into my pariticular library.
Wireshark Network Analysis: The Official Wireshark Certified Network Analyst
Study Guide
I was following to close Laura Chappell and after a hard day in the office I
decided to buy this book.
I was feed up to see some of the options in a capture and using Wireshark at 10
or 20 % of the capacity.
I said to mylef, this is not the right path to understand and to analyze a
network.
It is time to chage and to try to understand a bit more this fantastic tool.
Who knows is this is my new certification challenge…. Let´s see. At the moment I
started with the chapter in which is explaining all the options in the program.
If you are thinking in buy the book you have some options:
http://www.wiresharkbook.com/
http://www.amazon.com/
ELGUBER 12:19 ON 2 MAY 2012 PERMALINK | REPLY
TAGS: IPV6
IPV4 “EXHAUSTION??”
I thought that this would be a new step but seems like all other kind of
inventions in the it world. At the end it is only with hte purpose of money as
usual. The amount of money for big companies or even small companies is
important at this time.
Apart of the economic part, is the people ready for ipv6? Iwould say that in
terms of knowledge I don´t know so many people who khow that 10.0.0.1 is
translated to ipv6 to 2001:0db8:1234::a00:1. From my point of view, I am not
ready for ipv6. What about the subnetting tables, classful ranges, etc….
I was following so close the IPv4 exhaustion but it was something like the 2000
efect. And now…?!!! World keeps turning!!!
I don´t expect a change in next 5 years. In the last years, the inccrement of
ips has been exponential due to the new technologies. Who at this time is not
using a smartphone or tablet … ? Each of this devices with a 3G connection is
using an ip to connect to internet, then… let´s see how this happens.
← Older posts
Create a free website or blog at WordPress.com.
cCompose new post jNext post/Next comment k Previous post/Previous comment r
Reply e Edit o Show/Hide comments t Go to top l Go to login h Show/Hide help
shift + esc Cancel
* Subscribe Subscribed
* Elguber's Blog
Sign me up
* Already have a WordPress.com account? Log in now.
* * Elguber's Blog
* Customize
* Subscribe Subscribed
* Sign up
* Log in
* Report this content
* View site in Reader
* Manage subscriptions
* Collapse this bar
Loading Comments...
Write a Comment...
Email (Required) Name (Required) Website
Advertisements
Powered by wordads.co
We've received your report.
Thanks for your feedback!
Seen too often
Not relevant
Offensive
Broken
Report this ad
Privacy & Cookies: This site uses cookies. By continuing to use this website,
you agree to their use.
To find out more, including how to control cookies, see here: Cookie Policy