Used room: https://tryhackme.com/room/commonlinuxprivesc Privilege Escalation is a practice. It mainly depends upon configuration done in the system that acts as a weakness to escalate the privileges. These configurations can be of many types. For e.g.: So, today or tonight we will see various methods to do privilege escalation in Linux. Step 1: Enumerate the machineContinue reading “Common Linux Privilege Escalation”
Tag Archives: linux
Net Sec Challenge
What is the highest port number being open less than 10,000? 8080 There is an open port outside the common 1000 ports; it is above 10,000. What is it? 10021 How many TCP ports are open? 6 What is the flag hidden in the HTTP server header? THM{web_server_25352} What is the flag hidden in theContinue reading “Net Sec Challenge”
Securing Linux
Linux enjoys various benefits with regards to security, yet no operating system is absolutely secure. One issue at present confronting Linux is its fame. For quite a long time, Linux was fundamentally utilized by a more modest, more tech-driven segment. Presently, its expanding use frees it up to the well-established issue of more clients promptingContinue reading “Securing Linux”
OWASP Juice Shop
Day 1 Task – Injection Question #1: Log into the administrator account! Capture the request and change the parameters Click on send button See response in browser The token used is a jwt token which can be easily decoded from jwt.io After decoding you get the password Login with the credentials Here is your flag.Continue reading “OWASP Juice Shop”
Upload Vulnerabilities
Task 1 – Deploying Machine Task 4 – Overwriting Existing Files What is the name of the image file which can be overwritten? Answer – mountains.jpg Overwrite the image. What is the flag you receive? Step 1: Download a sample image Step 2: Change the name of the image Step 3: Now select the downloaded image toContinue reading “Upload Vulnerabilities”
Computer Crimes
Definition Cybercrimes are defined as “Offences that are committed against individuals or groups of individuals with a criminal motive to intentionally harm the reputation of the victim or cause physical or mental harm to the victim directly or indirectly, using moderntelecommunication networks such as the Internet through chat rooms, emails, notice boards, groups, and mobileContinue reading “Computer Crimes”
Security Policies
Security policy is a broad statement produced by the senior management that dictates the role of security within the organization. Characteristics of Security Policy It must be generic, non technical, and easily understood It must integrate security into all business processes and functions It must be reviewed and modified periodically or as the company environmentContinue reading “Security Policies”
Some Generic Terms
Goals, Mission and Objectives Goals: Define what the organization desires to achieve Goals provide the overall context of what the organization wants to accomplish. Mission: Indicate how will you proceed to them Mission is a statement of the organization’s purpose and reason for existence. Objectives: Help in creation of long term and short term strategiesContinue reading “Some Generic Terms”
Governance, Risk and Compliance
GRC is an acronym of Governance, Risk management and Compliance. GRC of every organization is different and varies based on the type of organization. It depends on organization mission, size, industry, culture and legal regulations. Ultimate responsibility of GRC program is to protect their assets and operations, including their IT infrastructure and information. Governance ItContinue reading “Governance, Risk and Compliance”
Information Security Management and Governance
ISO 27001:2013 ISO/IEC 27001 It is an internationally recognized structured methodology dedicated to information security. It is a management process to evaluate, implement and maintain an Information Security Management Systems(ISMS). It is a comprehensive set of controls compromised of best practices information security. It is applicable to all industry sectors. It emphasizes prevention. ISO 27001Continue reading “Information Security Management and Governance”
