t-Pot: Honeypot Platform

Hi, in a previous post we created and configured the Cowrie SSH honeypot. A simple, easy and quick way to gather information, malicious IPs, uncover C2 servers, collect downloaded files, executables and scripts associated with cryptominers, reverse shells, DDoS attacks and much more. However, SSH is just one of the many services that attackers might… Continue reading t-Pot: Honeypot Platform

Cowrie: SSH Honeypot

Hi, if you are reading this you probably already know what a honeypot is, so I will skip the intro and get straight to the interesting part. However if you don’t know what a honeypot is you can read this great post by imperva. I will walk you through a fairly easy setup and by… Continue reading Cowrie: SSH Honeypot

#1

Uncovered my 1st cryptominer! A few days back I received a firewall alert regarding a log4j exploitation attempt, targeting a web server. Since every security vendor under the sun has released an update, the request was blocked and the attack was unsuccessful.The reported -source- IP was not flagged as malicious or reported in any of… Continue reading #1

Rant : Hotel

A few days ago I had to book a hotel room for a couple of nights,decided to go directly to the business ratherthan booking the room through a platform to help them avoid the commissions, little did I know that I was in for a surprise.After calling them to finalize the transaction I was presentedwith… Continue reading Rant : Hotel

Planning and Scoping : Engagements

Intro Scope The first step in penetration testing (if executed legally) is determining what should be tested – aka scope of the assessment. Defining scope is arguably one of the most important components of a penetration test, yet it is also one of the most overlooked, determining the scope requires a solid and clear understanding… Continue reading Planning and Scoping : Engagements

Common Vulnerability Scoring System – CVSS

Intro The Common Vulnerability Scoring System (CVSS) provides a numerical representation (scale 0-10) of the severity of an information security vulnerability, it also provides an open framework for communicating the characteristics and severity of software vulnerabilities. CVSS consists of three metric groups: Base, Temporal, and Environmental. The Base group represents the intrinsic qualities of a… Continue reading Common Vulnerability Scoring System – CVSS

Cybersecurity Goals

Intro The primary goal of cybersecurity is to ensure the privacy of information, the correctness of data, and access to authorized users. Although protecting sensitive information from unauthorized disclosure is on element of cybersecurity, it’s not the only one. This brings us to focus on the 3 crucial aspects of security which are confidentiality, integrity, and… Continue reading Cybersecurity Goals

LFI

Local File Inclusion (LFI) is the vulnerability that is mostly found in web servers. This vulnerability is exploited when a user input contains a certain path to the file which might be present on the server and will be included in the output. This kind of vulnerability can be used to read files containing sensitive… Continue reading LFI

Netbios

Intro NetBIOS (Network Basic Input/Output System) is a network service that enables applications on different computers to communicate with each other across a local area network. Today, NetBIOS is used to support legacy NetBIOS applications but is also widely used for NetBIOS name resolution. NetBios is often mistaken for a protocol where in fact it… Continue reading Netbios

Netcat

Intro TCP/IP swiss army knife Netcat is a simple unix utility which reads and writes data across network connections, using TCP or UDP protocol. It is designed to be a reliable “back-end” tool that can be used directly or easily driven by other programs and scripts. At the same time, it is a feature-rich network… Continue reading Netcat