Scan the machine with nmap, how many ports are open? Answer: 7 Enumerating Samba for shares nmap -p 445 –script=smb-enum-shares.nse,smb-enum-users.nse 10.10.203.136 Using the nmap command above, how many shares have been found? Answer: 3 On most distributions of Linux smbclient is already installed. Lets inspect one of the shares. smbclient //<ip>/anonymous Using your machine, connectContinue reading “Tryhackme – Kenobi”
Tag Archives: compliance
Securing Linux
Linux enjoys various benefits with regards to security, yet no operating system is absolutely secure. One issue at present confronting Linux is its fame. For quite a long time, Linux was fundamentally utilized by a more modest, more tech-driven segment. Presently, its expanding use frees it up to the well-established issue of more clients promptingContinue reading “Securing Linux”
Hydra
What is Hydra? Hydra is a brute force online password cracking program; a quick system login password ‘hacking’ tool. We can use Hydra to run through a list and ‘bruteforce’ some authentication service. Imagine trying to manually guess someones password on a particular service (SSH, Web Application Form, FTP or SNMP) – we can useContinue reading “Hydra”
Upload Vulnerabilities
Task 1 – Deploying Machine Task 4 – Overwriting Existing Files What is the name of the image file which can be overwritten? Answer – mountains.jpg Overwrite the image. What is the flag you receive? Step 1: Download a sample image Step 2: Change the name of the image Step 3: Now select the downloaded image toContinue reading “Upload Vulnerabilities”
Metasploit Framework
Metasploit, an open-source pen testing framework, is a powerful tool utilized by security engineers around the world. Maintained by Rapid 7, Metasploit is a collection of not only thoroughly tested exploits but also auxiliary and post-exploitation tools. Throughout this room, we will explore the basics of using this massive framework and a few of theContinue reading “Metasploit Framework”
Computer Crimes
Definition Cybercrimes are defined as “Offences that are committed against individuals or groups of individuals with a criminal motive to intentionally harm the reputation of the victim or cause physical or mental harm to the victim directly or indirectly, using moderntelecommunication networks such as the Internet through chat rooms, emails, notice boards, groups, and mobileContinue reading “Computer Crimes”
Compliance
Compliance means conforming to a rule, such as a specification, policy, standard, or law. For example: ISO 27001, PCI DSS, GDPR, HIPAA, etc. Need For Compliance: Protect the critical information Enforce control through written policy Understand the requirements for protecting organizational information Identify requirements for protecting organizational information Avoid inadequate implementation and enforcement; this canContinue reading “Compliance”
Security Policies
Security policy is a broad statement produced by the senior management that dictates the role of security within the organization. Characteristics of Security Policy It must be generic, non technical, and easily understood It must integrate security into all business processes and functions It must be reviewed and modified periodically or as the company environmentContinue reading “Security Policies”
Some Generic Terms
Goals, Mission and Objectives Goals: Define what the organization desires to achieve Goals provide the overall context of what the organization wants to accomplish. Mission: Indicate how will you proceed to them Mission is a statement of the organization’s purpose and reason for existence. Objectives: Help in creation of long term and short term strategiesContinue reading “Some Generic Terms”
Governance, Risk and Compliance
GRC is an acronym of Governance, Risk management and Compliance. GRC of every organization is different and varies based on the type of organization. It depends on organization mission, size, industry, culture and legal regulations. Ultimate responsibility of GRC program is to protect their assets and operations, including their IT infrastructure and information. Governance ItContinue reading “Governance, Risk and Compliance”
