Beginner’s guide: OSSIM Part 2

-
Image
Hope all of you are keeping well. Thank you all for the overwhelming support you people are giving me. So today we’ll deal with everything from basic OSSIM configuration to integrating different types of assets. Before we jump in to all of that I hope all of you are ready with installation. If not please visit my previous post, which is actually the first part. Beginner’s guide: OSSIM (Open Source Security Information Management) part 1 Make sure you have an active internet connection for your OSSIM. As you all know the Alienvault platform has five modules in it, which are the Asset discovery, vulnerability assessment, threat detection, behavioural monitoring and security intelligence. In simple words we add assets first, and then we’ll configure all those assets under each and every module of Alienvault respectively. If you're ready with everything mentioned in part 1, we can now move forward with the configurations. Here we’re just considering only OSSIM not USM.
11 comments

Phases of hacking

-




Information Gathering and Reconnaissance


The information gathering and reconnaissance phase is the beginning of hacking. First the attacker gathers all the information passively and actively available about target. It includes anything and everything he could get hands on like information from googling, dumpster diving, whois lookup, reverse IP lookup etc.

Scanning and enumeration


The second phase is scanning and enumeration. From the information taken from phase one, the attacker take necessary steps to actively scan the subnets, web server or other IP address pools. After scanning, attacker list out all those open ports and tries to identify (enumerate) application /services running on each and every port

Gaining access


The third phase is gaining access. The attacker find outs a way (exploit) to break in to the system / network from the information he got from previous stage. The attacker may use one or more exploit to trigger an existing vulnerability in the system and gain access.

Maintaining access


In the fourth phase maintaining access, the attacker tries to get higher privileges and create backdoor in the machine. Since the attacker has created backdoor in the target, next time when he wants to access his target he could have it easily.

Clearing tracks 


The last phase is the clearing tracks, which includes clearing logs and all sort of such evidences to prevent a trace back. In some cases hacker switch their entire traffic to anonymity network / browser before performing a formal attack. In such cases clearing tracks are considered in phase one

Comments

  1. valborgcafarella4 March 2022 at 06:01

    The Casino | JT Hub
    The Casino. JT Hub has over 30000 slot 화성 출장안마 machines and over 400 table games available 제주 출장안마 to play. Visit us now! 계룡 출장마사지 Check 과천 출장샵 all the exciting new slots at the JT Hub 양주 출장안마 today!

    ReplyDelete

Post a Comment

Popular posts from this blog

Beginner’s guide: OSSIM (Open Source Security Information Management) part 1

-
Image
As we always do, we’ll start from the scratch, the very basics. OSSIM is most widely used open source SIM tool. The appliance is developed by the Alienvault. Other than OSSIM there are lots of open source SIM like LOGalyze, Kustodian, Prelude etc. But out of these SIM tools, OSSIM is my favorite. It is much user friendly and very stable with respect to performance and resilience. They also have a very good documentation center which gives step-by-step instructions and very good community forum to get help Before we start, if you haven’t seen my blog post on SOC please go through it first. http://pentesterblogs.blogspot.in/2017/05/beginners-guide-how-to-setup-soc.html
Read more

Beginner’s guide: OSSIM Part 2

-
Image
Hope all of you are keeping well. Thank you all for the overwhelming support you people are giving me. So today we’ll deal with everything from basic OSSIM configuration to integrating different types of assets. Before we jump in to all of that I hope all of you are ready with installation. If not please visit my previous post, which is actually the first part. Beginner’s guide: OSSIM (Open Source Security Information Management) part 1 Make sure you have an active internet connection for your OSSIM. As you all know the Alienvault platform has five modules in it, which are the Asset discovery, vulnerability assessment, threat detection, behavioural monitoring and security intelligence. In simple words we add assets first, and then we’ll configure all those assets under each and every module of Alienvault respectively. If you're ready with everything mentioned in part 1, we can now move forward with the configurations. Here we’re just considering only OSSIM not USM.
Read more

Beginner’s guide: How to setup a SOC (Security Operations Center)

-
Image
Lot of people asks me to put something about setting up a SOC. So from today onwards, I’ll be posting articles about, how to set up a SOC. Unlike my other tutorials, SOC is not a specific tool/device, which you can simply ‘fit and forget’. So you need lots of patience and hard work to build one. As usual I’ll posting set-by-step instructions from planning to setting up the SOC.   But before that we need to learn some basics. We need all of you networking, system administration and security skills for this. As a minimum requirement to start, you need to have the following skills Networking basics (Preferred CCNA) Basic system administration (Linux and windows) Security administration (Firewall / UTM management) In other words if know how to configure networking devices, knows how to install package in windows and Linux, and knows at least how to open close ports in firewall, then we’re good to go. I’ve tried my best to write the article from the very basics stuff.
Read more