Objective You have been asked to create a proof of concept showing how Azure users and groups are created. Also, how role-based access control is used to assign roles to groups. Specifically, you need to: Step 1: Login to the portal Step 2: Go to Microsoft Entra ID and click on add user Step 3:Continue reading “Lab 1: Role Based Access Control”
Category Archives: Uncategorized
Weekly roundup for August 27 to September 2
Notepad++ Flaw Several Buffer Overflow vulnerabilities have been discovered in Notepad++ that can be exploited by threat actors for malicious purposes. The severities of these vulnerabilities vary from 5.5 (Medium) to 7.8 (High). Splunk IT Service Intelligence Injection Flaw Splunk has been reported with a Unauthenticated Log injection vulnerability in the Splunk IT Service IntelligenceContinue reading “Weekly roundup for August 27 to September 2”
HackTheBox – Photobomb
NMAP Scanning Added address in /etc/hosts and open the web page Upon clicking the link it asks for credentials. As we do not have any credentials I got the page below. I tried to view the source code and found the photobomb.js file. After opening that file I got the credentials. Username: pH0t0 Password: b0Mb!Continue reading “HackTheBox – Photobomb”
Domain 1: Security and Risk Management
CIA Triad: IAAA: Accounting: The action owner logs are reviewed for violations Non-repudiation: The action owner cannot deny his/her actions Governance(Not us): Management(Us): Principle: There are 2 types of principles: Standards and Frameworks There are many security frameworks and standards available for security implementation and guidance for any organization. A few examples are Protection MethodsContinue reading “Domain 1: Security and Risk Management”
Common Linux Privilege Escalation
Used room: https://tryhackme.com/room/commonlinuxprivesc Privilege Escalation is a practice. It mainly depends upon configuration done in the system that acts as a weakness to escalate the privileges. These configurations can be of many types. For e.g.: So, today or tonight we will see various methods to do privilege escalation in Linux. Step 1: Enumerate the machineContinue reading “Common Linux Privilege Escalation”
AWS Messaging and Integration Services
Simple Queue Service (SQS) SQS is a message queuing service that allows you to build loosely coupled systems. Features: Allows component-to-component communication using messages. Messages are processed in an asynchronous manner. Multiple components can add messages to the queue. Helps to improve performance and scalability. Important for the exam: Queues are processed in FIFO order.Continue reading “AWS Messaging and Integration Services”
AWS Migration Services
A lot of companies are migrating to the cloud, and they need inexpensive, fast, and secure ways to move their on-premises data to AWS. Data Migration Service (DMS) DMS helps you migrate databases to or within AWS. Features: Migrate on-premise databases to AWS. Supports homogeneous and heterogeneous migrations. Continuous data replication. Virtually no downtime. UseContinue reading “AWS Migration Services”
AWS Storage Services
Simple Storage Service – S3 S3 is an object storage service for the cloud that is highly available. Objects(files) are stored in buckets(directories). Unlimited storage that can hold millions of objects per bucket. Objects can be public or private. You can upload objects via the console, CLI, or programmatically within code using SDKs. Features YouContinue reading “AWS Storage Services”
Terminology Cheat Sheet
S. No. Term Meaning/Use 1 Access control list(ACL) Firewall on network level 2 Auto Scaling Automates the process of adding or removing instances based on traffic 3 Buckets Root – level folders 4 CloudFront Content delivery network (CDN) that allows you to store your content at “edge locations” located all around the world, allowing customersContinue reading “Terminology Cheat Sheet”
Cross-site Scripting
It is an injection attack where malicious JavaScript gets injected into a web application with the intention of being executed by other users. Types of XSS Reflected XSS Stored XSS DOM based XSS Blind XSS Reflected XSS Reflected XSS happens when user-supplied data in an HTTP request is included in the webpage source without anyContinue reading “Cross-site Scripting”
