Defensive

Snort 3 Configuration on CentOS

By kamal paul by kamal paul

Snort 3 includes two main configuration files, snort_defaults.lua and snort.lua. The snort.lua file contains Snort’s main configuration, allowing the implementation and configuration of Snort inspectors (preprocessors), rules files inclusion, event filters, output, etc.The snort_defaults.lua file contains default values such as paths to rules, AppID, intelligence lists, and network variables.The file snort_defaults.lua contains default values for rules paths, networks, ports, wizards, and inspectors, etc. An additional file file_magic.lua exists in the etc/snort/ directory. This file contains…

Continue reading

Uncategorized

My CTF notes-Vulhub & HTB

By kamal paul by kamal paul

Please ignore any typos and grammar mistakes. These are notes from my learning and various assessments. Before I forgot all these, thought to share them here as someone will find them useful. Again note, it’s not so arranged. Vulhub Machines Happy corp 1.whenever you find php files in the url , try doing LFI with ‘.php?file=/etc/passwd 2.after that try injecting the php code which will open a cmd in the victim machine with this command-…

Continue reading

Offensive

My notes on Redteaming in Windows enviroment

By kamal paul by kamal paul

Please ignore any typos and grammar mistakes. These are notes from my learning and various assessments. Before I forgot all these, thought to share them here as someone will find them useful. Again note, it’s not so arranged. What to expect?- Kerbroasting, Silver ticket, Golden ticket, AMSI bypass, PSRemoting, Mimikatz, DySnc, AS-Rep roast, Pass-the-hash, Pass-the-ticket, Domain Trust keys, Skeleton keys, ACL-Bloodhound Getting domain information using Powerview #Get-NetDomain Getting domain information about a specific domain #Get-NetDomain…

Continue reading

Offensive

Malware Infrastructure Series -1

By kamal paul by kamal paul

Disclaimer- Similar content exists but this is mine and authentic. Its always fascinating to see how cyber criminals run their infrastructure. The infrastructure they build has sometimes been state of the art which even surprises the law enforcement/intelligence communities with its sophistication and covert features and infact these people are always ahead at new technology adaption. My inspiration for writing this series came after reading about the Vault 7 leak that happened in March 2017.…

Continue reading

Uncategorized

Configuring NXLOG in CentOS-8

By kamal paul by kamal paul

First part of this blog can be found here Configuring Nxlog is a simple and straight process with changes made to ‘nxlog.conf’ file to read alerts from the alert.json file in the log directory and send it to the Nagios log server for processing.‘nxlog.conf’ file is created automatically during the installation with some default parameters. These default parameters will be customized according to our environment. The default location of the configuration file is at /opt/nxlog/etc.…

Continue reading