CIA Triad: IAAA: Accounting: The action owner logs are reviewed for violations Non-repudiation: The action owner cannot deny his/her actions Governance(Not us): Management(Us): Principle: There are 2 types of principles: Standards and Frameworks There are many security frameworks and standards available for security implementation and guidance for any organization. A few examples are Protection MethodsContinue reading “Domain 1: Security and Risk Management”
Tag Archives: security
Common Linux Privilege Escalation
Used room: https://tryhackme.com/room/commonlinuxprivesc Privilege Escalation is a practice. It mainly depends upon configuration done in the system that acts as a weakness to escalate the privileges. These configurations can be of many types. For e.g.: So, today or tonight we will see various methods to do privilege escalation in Linux. Step 1: Enumerate the machineContinue reading “Common Linux Privilege Escalation”
Net Sec Challenge
What is the highest port number being open less than 10,000? 8080 There is an open port outside the common 1000 ports; it is above 10,000. What is it? 10021 How many TCP ports are open? 6 What is the flag hidden in the HTTP server header? THM{web_server_25352} What is the flag hidden in theContinue reading “Net Sec Challenge”
AWS Infrastructure as Code (IaC)
IaC allows you to write a script to provision AWS resources. The benefit is that you provision resources in a reproducible manner that saves time. CloudFormation CloudFormation allows you to provision AWS resources using IaC. Features: Provides a repeatable process for provisioning resources. Works with most AWS services. Create templates for the resources you wantContinue reading “AWS Infrastructure as Code (IaC)”
Machine Learning Services
Artificial Intelligence(AI) teaches computers to do things that normally require human intelligence. Some services: Rekognition Rekognition allows you to automate your image and video analysis. Features: Image and video analysis. Identify custom labels in images and videos. Face to text detection in images and videos. Comprehend Comprehend is a natural-language processing (NLP) service that findsContinue reading “Machine Learning Services”
AWS Analytics Services
Data Warehouse A data warehouse is a data storage solution that aggregates massive amounts of historic data from disparate sources. Benefits: Data warehouses support querying, reporting, analytics. And business intelligence. They are not used for transaction processing. Amazon Redshift Redshift is a scalable data warehouse solution. Features: Data warehousing solution. Handles exabyte-scale data. Improves speedContinue reading “AWS Analytics Services”
AWS Migration Services
A lot of companies are migrating to the cloud, and they need inexpensive, fast, and secure ways to move their on-premises data to AWS. Data Migration Service (DMS) DMS helps you migrate databases to or within AWS. Features: Migrate on-premise databases to AWS. Supports homogeneous and heterogeneous migrations. Continuous data replication. Virtually no downtime. UseContinue reading “AWS Migration Services”
AWS Compute Services
Elastic Compute Cloud – EC2 EC2 allows you to rent and manage virtual servers in the cloud. Servers are physical computer hardware running at the data center. EC2 instances are virtual servers running on these physical servers. In the real world, it is used to deploy databases and applications. How to access the EC2 instance?Continue reading “AWS Compute Services”
AWS Introduction
Hey, I have just started learning about the AWS cloud service. During, my whole learning period I will be going to upload my notes or learnings over these blogs for others too. Traditional IT Approach How websites work We have a server that is hosted somewhere and the client uses a web browser to getContinue reading “AWS Introduction”
Understanding Log4j
What is Log4j? Log4j is a java package mostly a part of the Apache Logging utility used to capture logs. Everything you do on the internet becomes an event that gets captured in a form of a log. Even your inputs also get captured in logs. Your application is vulnerable if it logs a user’sContinue reading “Understanding Log4j”
