e-cite

Anleitung aus: https://stackoverflow.com/questions/18880024/start-ssh-agent-on-login

1. Datei ~/.config/systemd/user/ssh-agent.service mit folgendem Inhalt anlegen:

[Unit]
Description=SSH key agent

[Service]
Type=simple
Environment=SSH_AUTH_SOCK=%t/ssh-agent.socket

e-cite

Schulung "Lateral Movement in Microsoft Environment"

Teil 1 (12.5.2022)

• Zoom-Webinar am 12.05.2022 von Peter Manev, OISF
• https://www.youtube.com/watch?v=GMapwE6GJZM

Techniken für Lateral Movement

• WinRM (Windows Remote Management)
• WinRS (Windows Remote Shell)
• SMB / PsExec/RCE/RSE

e-cite

1. Generate self-signed certificate

   openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes -keyout selfsigned.key -out selfsigned.crt -subj '/CN=example.com' -addext 'subjectAltName=DNS:example.com'

2. Import it to "Vertrauenswürdige Stammzertifizierungsstellen" in Windows

e-cite

Schulung "Suricata Datasets - Millions of IoCs handled easy"

• Zoom-Webinar am 14.04.2022 von Peter Manev, OISF

Datasets

• Erzeuge einen Alarm, wenn es eine Übereinstimmung zwischen DNS query und dataset gibt.
• Es können auch Transformations erfolgen, bspw. DNS query gegenüber einer md5 Blacklist prüfen.
• Das suricata-verify Repository enthält einige Beispiele zu Datasets.
• SELKS / Scirius sollten wir uns unbedingt anschauen.

Verwendung von Datasets

e-cite

Mnemonic Encoding Word List

http://web.archive.org/web/20090918202746/http://tothink.com/mnemonic/wordlist.html

• The wordlist contains 1626 words.
• All words are between 4 and 7 letters long.
• No word in the list is a prefix of another word (e.g. visit, visitor).
• Five letter prefixes of words are sufficient to be unique.
• The words should be usable by people all over the world. The list is far from perfect in that respect. It is heavily biased towards western culture and English in particular. The international vocabulary is simply not big enough. One can argue that even words like "hotel" or "radio" are not truly international. You will find many English words in the list but I have tried to limit them to words that are part of a beginner's vocabulary or words that have close relatives in other european languages. In some cases a word has a different meaning in another language or is pronounced very differently but for the purpose of the encoding it is still ok - I assume that when the encoding is

e-cite

Show current git branch in bash prompt

According to: https://thucnc.medium.com/how-to-show-current-git-branch-with-colors-in-bash-prompt-380d05a24745

Make these settings in ~/.bashrc:

1. Add function to get current git branch:

   parse_git_branch() {
        git branch 2> /dev/null | sed -e '/^[^*]/d' -e 's/* \(.*\)/(\1)/'

}

e-cite

// From: https://www.dragino.com/downloads/index.php?dir=LGT_92/Decoder/
// But roll, pitch and altitude are wrong due to <<24>>16.
// Better: <<8

//The function is :
function Decoder(bytes, port) {
	// Decode an uplink message from a buffer
	// (array) of bytes to an object of fields.

	var latitude;//gps latitude,units: °

e-cite

• Locales
• Timezone
• Hostname
• Domainname
• apt-get install open-vm-tools open-vm-tools-desktop terminator wipe virt-manager ssh-askpass dnsutils auto-apt-proxy
• apt-get install firmware-linux-nonfree xserver-xorg-input-synaptics
• Mac Book Pro: add non-free to packet sources
• Install VS Code
• Einstellungen / Session and Startup / Application Autostart / Activate SSH Key Agent (GNOME Keyring: SSH Agent)
• Einstellungen / Erscheinungsbild / Schriften / DPI-Wert auf 96

e-cite

Industrielle Netzwerk-Protokolle

Precision Time Protocol

• 319/udp
• 320/udp

BACnet

S7COMM

Beispiel PCAPs:

• https://github.com/ITI/ICS-Security-Tools/blob/master/pcaps/Combined/Plant1.pcap

e-cite

Industrial Ethernet

Grundlagen

Industrial Ethernet dient dazu, den vorhandenen Ethernet-Standard um die Anforderungen aus der Prozessdatenkommunikation zu erweitern.

Es sind insbesondere folgende Anforderungen zu berücksichtigen:

• Industrielle Umgebungsbedingungen (Temperaturbereiche; Beständigkeit gegen Öl, Säuren, etc.; Vibrationen; EMV)
• Schutzarten (IPxx)
• Hutschienenmontage
• Spannungsversorgung, typ. 24 V DC
• Topologien (Häufig Ring, eher selten Stern bzw. Baum)