This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#==================================================================== | |
#one log file per day | |
#script rotates daily by filename (rogue_dhcp_discover_warning_YYYY-MM-DD.log) | |
#Hourly cron job → appends to today’s log file. | |
#Next day → new file automatically created. | |
#Old logs (>30 days) are auto-deleted. | |
#!/bin/bash | |
# rogue_dhcp_monitor.sh | |
# Purpose: Detect multiple DHCP servers and log warnings or info |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
-------------------------------------------------------------------------------------------------- | |
# Check if container is running | |
docker-compose -f docker-compose.yml.ubuntu ps | |
Check the container is running | |
docker ps | |
Look for your Nagios container, something like: | |
nagios_core 0.0.0.0:8080->80/tcp Up nagios:4.5.9 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#==================================================================== | |
Nginx config | |
Why search: | |
Nginx server configuration. | |
Nginx is a popular web server, and its configuration files (nginx.conf) control | |
how the server processes requests, handles proxies, and serves content. An exposed | |
config file can reveal server secrets and misconfigurations. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
============================================================================ | |
The kill-chain model, originally developed by Lockheed Martin as the Cyber Kill Chain, is a framework that helps Security Operations Center (SOC) engineers analyze cyberattacks in a structured way. It breaks down an attack into stages, allowing SOC engineers to understand, detect, and respond effectively. | |
How a SOC Engineer Uses the Kill-Chain Model | |
SOC engineers use the kill-chain model to: | |
Detect Threats Earlier: By recognizing attack patterns at different stages, they can stop an attack before it progresses. | |
Improve Incident Response: Helps prioritize threats based on their progression within the chain. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#====================================================================== | |
Simulated Detection Scenarios | |
Falco – Chmod 777 | |
Scenario: Attacker gives full permissions to a sensitive file. | |
Simulate: | |
touch /tmp/test.sh && chmod 777 /tmp/test.sh |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#====================================================================== | |
Part 2: Simulated Detection Scenarios | |
✅ Wazuh – File Integrity Monitoring | |
Scenario: Someone modifies /etc/passwd. | |
Simulate: | |
echo "#TEST123" >> /etc/passwd |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#====================================================================== | |
To make an informed decision on purchasing an XDR product, you need a structured approach to evaluating vendors and ensuring the solution meets your security needs. Here's how you can organize the process effectively: | |
1. Define Evaluation Goals & Success Criteria | |
Establish clear objectives for adopting an XDR solution (e.g., better threat detection, improved response automation). | |
Identify key security gaps that need addressing. | |
Define measurable success criteria for the evaluation (e.g., ease of integration, accuracy of threat detection, response time). |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#=================================================================================================================================== | |
What does a Holistic Approach in PAM involve? | |
Comprehensive User Access Control | |
Not only managing privileged users, but also regular employees, third-party contractors, and automated system accounts. | |
Example: Instead of just securing admin accounts, PAM also tracks access for interns, vendors, and service accounts across all systems | |
Integration with Other Systems |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
To uninstall the CAT (Configuration Assistant Tool) installer from eduroam on Windows 10 | |
PS: | |
The CAT installer itself usually configures the network and installs certificates but does not stay as a running application, so it often doesn’t show up in Programs | |
Remove eduroam from Windows | |
https://servicedesk.msstate.edu/TDClient/45/Portal/KB/ArticleDet?ID=1625 | |
Method 1: Using Windows Settings (Recommended) | |
Uninstalling the eduroam CAT Installer Configuration |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#=================================================================================================================================== | |
Base64-Encoded C2 Domain: Explanation & Examples | |
What is Base64 Encoding? | |
Base64 is a method of encoding binary data into ASCII text, often used to obfuscate malicious commands, URLs, or payloads to evade detection. | |
Why Do Attackers Use Base64 for C2 Communication? | |
Evasion: Many security tools scan for known malicious domains in plaintext. | |
Obfuscation: Makes malicious traffic harder to identify in logs. |
NewerOlder