A lot of companies are migrating to the cloud, and they need inexpensive, fast, and secure ways to move their on-premises data to AWS. Data Migration Service (DMS) DMS helps you migrate databases to or within AWS. Features: Migrate on-premise databases to AWS. Supports homogeneous and heterogeneous migrations. Continuous data replication. Virtually no downtime. UseContinue reading “AWS Migration Services”
Tag Archives: penetrationtesting
AWS Storage Services
Simple Storage Service – S3 S3 is an object storage service for the cloud that is highly available. Objects(files) are stored in buckets(directories). Unlimited storage that can hold millions of objects per bucket. Objects can be public or private. You can upload objects via the console, CLI, or programmatically within code using SDKs. Features YouContinue reading “AWS Storage Services”
Terminology Cheat Sheet
S. No. Term Meaning/Use 1 Access control list(ACL) Firewall on network level 2 Auto Scaling Automates the process of adding or removing instances based on traffic 3 Buckets Root – level folders 4 CloudFront Content delivery network (CDN) that allows you to store your content at “edge locations” located all around the world, allowing customersContinue reading “Terminology Cheat Sheet”
Cross-site Scripting
It is an injection attack where malicious JavaScript gets injected into a web application with the intention of being executed by other users. Types of XSS Reflected XSS Stored XSS DOM based XSS Blind XSS Reflected XSS Reflected XSS happens when user-supplied data in an HTTP request is included in the webpage source without anyContinue reading “Cross-site Scripting”
Understanding Log4j
What is Log4j? Log4j is a java package mostly a part of the Apache Logging utility used to capture logs. Everything you do on the internet becomes an event that gets captured in a form of a log. Even your inputs also get captured in logs. Your application is vulnerable if it logs a user’sContinue reading “Understanding Log4j”
John The Ripper
John the Ripper is one of the most well known and efficient hash cracking tool. It is a fast in cracking, with an extraordinary range of compatible hash types. What is Hash? A hash is basically a fingerprint of any piece of data. The process of hashing is irreversible i.e. information once converted into aContinue reading “John The Ripper”
Love HackTheBox Walkthrough
Steps followed: Recon – NMAP Directory Busting – GOBUSTER Sensitive data exposure File Upload Vulnerability Shell Upload Reverse TCP exploit Always_Install_Elevated exploit For simplicity I stored IP address of web application in a variable Using NMAP for the machine port scan VIA NMAP I found OS: Windows, some open ports and URL i.e. staging.love.htb NextContinue reading “Love HackTheBox Walkthrough”
UNION based SQL Injection
Requirements for UNION based injection Rule: The number and the order of the columns must be the same in all queries The data types must be compatible For practice, we are going to use PortSwigger Labs, Lab: SQL injection UNION attack, determining the number of columns returned by the query Description: This lab contains anContinue reading “UNION based SQL Injection”
Tryhackme – Kenobi
Scan the machine with nmap, how many ports are open? Answer: 7 Enumerating Samba for shares nmap -p 445 –script=smb-enum-shares.nse,smb-enum-users.nse 10.10.203.136 Using the nmap command above, how many shares have been found? Answer: 3 On most distributions of Linux smbclient is already installed. Lets inspect one of the shares. smbclient //<ip>/anonymous Using your machine, connectContinue reading “Tryhackme – Kenobi”
Securing Linux
Linux enjoys various benefits with regards to security, yet no operating system is absolutely secure. One issue at present confronting Linux is its fame. For quite a long time, Linux was fundamentally utilized by a more modest, more tech-driven segment. Presently, its expanding use frees it up to the well-established issue of more clients promptingContinue reading “Securing Linux”
