Posts

Showing posts from August, 2016

Beginner’s guide: OSSIM Part 2

Image
Hope all of you are keeping well. Thank you all for the overwhelming support you people are giving me. So today we’ll deal with everything from basic OSSIM configuration to integrating different types of assets. Before we jump in to all of that I hope all of you are ready with installation. If not please visit my previous post, which is actually the first part. Beginner’s guide: OSSIM (Open Source Security Information Management) part 1 Make sure you have an active internet connection for your OSSIM. As you all know the Alienvault platform has five modules in it, which are the Asset discovery, vulnerability assessment, threat detection, behavioural monitoring and security intelligence. In simple words we add assets first, and then we’ll configure all those assets under each and every module of Alienvault respectively. If you're ready with everything mentioned in part 1, we can now move forward with the configurations. Here we’re just considering only OSSIM not USM....

Most commonly found Trojan Ports

If you see any of these ports open, then you should double check if it is really a Trojan or not. Trojans basically provide "Remote access" to it's command and control center TCP 1 Breach.2001, SocketsDeTroie.230, SocketsDeTroie.250 TCP 28 Amanda.200 TCP 31 MastersParadise.920 TCP 68 Subseven.100 TCP 142 NetTaxi.180 TCP 146 Infector.141, Intruder.100, Intruder.100 TCP 171 ATrojan.200 TCP 285 WCTrojan.100 TCP 286 WCTrojan.100 TCP 334 Backage.310 TCP 370 NeuroticKat.120, NeuroticKat.130 TCP 413 Coma.109 TCP 420 Breach.450 TCP 555 Id2001.100, PhaseZero.100, StealthSpy.100 TCP 623 Rtb666.160 TCP 660 Zaratustra.100

Passive Information Gathering

Passive Information gathering refers to the process of collecting information about a target network and its environment by passive methods.   The entire “information gathering ” is considered as a ״ methodological ” procedure, because those critical information gathered, is categorized based on a previous discovery. The Idea of information gathering is have an entire blueprint of the network infrastructure of the target organization. The blueprints will be probably unique for each and every branch. Passive information gathering is completely harmless to the target organization since we do not directly engage with the target organization. Technically speaking, we have four intention while performing information gathering 1. Collect all available information, passively and actively about the target and its network 2. Identify the operating system, platforms, web server versions, etc. 3. Perform techniques such as Whois llokup, DNS fingerprinting, other network and org...

Foot printing and Reconnaissance

Image
The very first phase of pentesting is Foot printing and reconnaissance. The idea is to develop a picture of our client before performing a test. Generally speaking foot printing and reconnaissance is only done for black box pentesting. But even if we are performing white or gray box testing, we’ll plot an idea about where to start and how to start the test. Specifically in white box testing, if we need some clarification with a few of the points given by the clients then, definitely we ask for them to clear it for us. In black box testing we identify whether any information is leaked to internet unknowingly by the client. Hence black box testing is the best way for security assessment, since it gives full picture about what information is disclosed. For a malicious hacker any information that is readily available on internet is useful to him. Before we jump into the technical we need to know a few basic terms used in information gathering. These terms helps to understand t...

How to setup Kali Linux in VM

Image
Kali linux is one of the most commonly used penetration testing distros, which is one of the commonly user tiger boxes, among pentesters. It is mostly used tools for penetration testing, cyber forensics and malware analysis. I hope you've already downloaded you matching version of Kali Linux. If not please download from the following link  https://www.kali.org/downloads/ Before we start, it is always best do review on the basics of virtualization. Please go through the following link before proceeding http://pentesterblogs.blogspot.in/2016/07/pentest-lab.html   At the time when I'm writing this blog Kali Linux has stable release "rolling".