Essential Event Log Configurations to be Corelated

Considering Windows audit event logging, there are plenty of guides available in the Internet to follow. Most of the event configurations would overlap. However, we have to consider the most optimal and practical implementation based on our business case, server capability, security requirements &...

Read More

Event Log Retention Requirements as mandated by Major Compliance Regulations

On September 20th, 2016, Digital Edge released an article on Log Management Laws and Regulations. Below is a little "Cheat Sheet" on the Event Log Retention Requirements as mandated by major compliance regulations:Regulation Retention Requirement HIPAA 7 years PCI DSS 1 year SOX 7...

Read More

Remove PostgreSQL in Ubuntu 18.04

Once I was using PostgreSQL and when I no longer need to keep the installation, I wanted to remove it completely.  So I used the command listed below to remove the PostgreSQL.#sudo apt-get --purge remove postgresql  Even though the un-installation was successful, when I go to login there's...

Read More

Why / Why Not Virtual Patching

 While the goal of many organizations is to maintain operating systems and other business application software are always up to date with latest security patches, realities impede the progress in being able to quickly address a vulnerability before a malicious adversary can be taken advantage....

Read More

Is Microsoft Windows User Account Control (UAC) a Security Feature?

User Account Control (UAC) helps mitigate the impact of malware. Each app that requires the administrator access token must prompt for consent. The one exception is the relationship that exists between parent and child processes. Child processes inherit the user's access token from the parent process....

Read More

SigRed (CVE-2020-1350) Registry Workaround

Security researchers at Check Point discovered a critical security flaw in Microsoft DNS servers. The flaw allows remote code execution attacks which leads to the total compromise of the server. The DNS server role is often bundled in Enterprise Domain Controllers in corporate environments. Hence,...

Read More

Cracking Passwords with John the Ripper

John the Ripper (JtR) is a password cracking tool originally produced for UNIX-based systems. It was designed to test password strength, brute-force encrypted (hashed) passwords, and crack passwords via dictionary attacks.The tool comes in both GNU-licensed and proprietary (Pro) versions. An enhanced...

Read More

Lessons to Learn from Recent Cyber Attacks in Australia

Multiple IT network infrastructures that belong to the Austrailian government and private sector organizations have been targeted by a large-scale cyber attack seeking to disrupt the work of the government as well as the operations of the essential service providers.Australian Cyber Security Centre...

Read More

Analysing Windows Event Logs collected in CSV Format

Recently I wanted to analyze Microsoft Windows server logs collected as CSV files. Logs in default evtx format were not available for the required period and they were extracted from the SIEM as cvs files.I had to face a challenge of analyzing 20gb logs span across six days. I didn't have enough computation...

Read More

Usefull OIDs when using snmpwalk

When conducting reconnaissance activities to discover the IP address details of public facing network devices which has SNMP enabled, snmpwalk will be a very useful tool.If you run the below command, it will give you a verbose output with all the available details. $ snmpwalk -v 2c -c public <IP_Address>Every...

Read More

Download Youtube Playlists in Ubuntu

I wanted to download youtube playlists and I decided to use youtube-dl on my Ubuntu instance. I thoguht of writing this article considering that some of the facts I found are useful for you also.youtube-dl is a command-line program to download videos from YouTube.com and a few more sites. It requires...

Read More

Using WMIC to communicate with remote hosts

We can manager user accounts on a Windows computer using wmic commands. You can find commands for various operations below.WMIC can collect a list of the currently running processes similar to what you’d see in “Task Manager” using the following command:#wmic process listNote that some of the WMIC built-ins...

Read More

Searching Through /var/log Folder

To check for all user logins and logsouts#last -f wtmpWtmp is a file on the Linux, Solaris, and BSD operating systems that keeps a history of all logins and logouts. On Linux systems, it is located at /var/log/wtmp. Various commands access wtmp to report login statistics, including the who and lastb...

Read More

Poking a hole through a firewall

Allowing highly critical network services such as Oracle (1521/tcp), MySQL (3306/tcp), MSSQL (1433/tcp) through firewalls to untrusted network are similar to poking a hole through a firewall.For example, leaving the Oracle Listener port 1521 open to untrusted networks, allow the database to connect...

Read More