githubfoam

## fortigate waf cheat sheet
#=====================================================================
Enable the web application firewall

Enable the web application firewall:

    Go to System > Feature Visibility.
    Under Security Features, enable Web Application Firewall.
    Click Apply.
#=====================================================================
The web application firewall feature is only available when the policy inspection mode is proxy-based.

## apache cheat sheet
==========================================================================================================
#apache 2.4.10 on windows server 2012 data center.
#\apache\conf\extra\httpd-ssl

#The -ALL option disables all SSL/TLS protocols initially.
#The +TLSv1.2 and +TLSv1.3 options then selectively enable the TLS 1.2 and TLS 1.3 protocols.
SSLProtocol -ALL +TLSv1.2 +TLSv1.3

#this configuration directly specifies that Apache should use TLS 1.2 and TLS 1.3 for secure communications.
#It doesn't explicitly disable any other SSL or TLS versions, but it indicates the preferred versions.

## IIS cheat sheet
==========================================================================================================
reset IIS without having to reboot the whole server
iisreset
==========================================================================================================
To check if IIS (Internet Information Services) is running on a Windows Server 2019 Standard server, you can use several methods, including the graphical user interface (GUI) and command-line tools. Here are two common methods:

Method 1: Using the GUI (Server Manager)

Log In: Log in to the Windows Server 2019 Standard using an account with administrative privileges.

## ansible networking cheat sheet
--------------------------------------------------------------------------------------------------------------------
#Bard

Ansible uses the following connection types for connecting to network devices:

Network CLI: This is the default connection type for network devices. It uses the SSH protocol to connect to the device and execute commands on the CLI. The ansible.netcommon.network_cli connection plugin is used for this type of connection.

For example, to connect to a Cisco device using the network CLI, you would use the following inventory entry:

host: cisco_device

## windows 11 cheat sheet
#=====================================================================
 here are the steps on how to edit rules in Outlook Microsoft 365 Apps for Enterprise:

Open Outlook.
Click the File tab.
Click Manage Rules & Alerts.
In the Rules dialog box, select the rule that you want to edit.
Click the Edit button.
In the Edit Rule dialog box, make the changes that you want to the rule.
Click the OK button.

## dell switch S404 8cheat sheet
#=====================================================================
#https://www.dell.com/support/manuals/tr-tr/dell-emc-os-9/s4048-on-9.14.2.8-config-pub/view-command-history?guid=guid-c004c801-c43d-41fd-a85a-4816f78656f9&lang=en-us

#https://dl.dell.com/Manuals/all-products/esuprt_networking_int/esuprt_networking_operating_systems/dell-emc-os-9_White-Papers13_en-us.pdf
#=====================================================================
show version
show os-version
#=====================================================================

#save the configuration on a Dell S4048 switch and ensure that it's not lost after a reboot

## fortigate - HA mode cheat sheet
#=====================================================================
#how to power off fortigate cluster
#unplug the power cables as there is no power buttons

shut down first the secondary(backup unit)
Unit-1 # execute ha manage 1                 {To switch to the backup unit}
Unit-2 $                                     {Now on the backup unit}
Unit-2 $ execute shutdown                    {To shut down the backup unit}
This operation will shutdown the system !
Do you want to continue? (y/n)y

## ubuntu forensics cheat sheet
============================================================================
#ChatGPT

Determining the precise date and time when ClamAV was installed on an Ubuntu Linux system might require a bit of sleuthing, as Linux doesn't typically log installation timestamps by default. However, you can use system logs and package manager records to get an idea of when ClamAV was installed:

Method 1: Checking Package Installation Logs
APT Logs:

Look into the /var/log/apt/history.log* files. These logs contain historical information about package installations and updates.
zgrep "clamav" /var/log/apt/history.log*

## Investigation Path - command and control (C2 or C&C)
==========================================================================================================
#https://attack.mitre.org/tactics/TA0011/
Tactics/Techniques
Command and Control consists of techniques that adversaries may use to communicate with systems under their control within a victim network. Adversaries commonly attempt to mimic normal, expected traffic to avoid detection. There are many ways an adversary can establish command and control with various levels of stealth depending on the victim’s network structure and defenses
==========================================================================================================
#ChatGPT
As an incident response security engineer detecting a command and control (C2/C&C) attack on a host, you can use the MITRE ATT&CK Navigator as a helpful tool to aid in your incident response efforts. The MITRE ATT&CK Navigator is a web-based tool that allows you to visualize and track adversary techniques, tactics, and procedures in real-time. Here's how you

## threat hunting cheat sheet
#===================================================================================================================================
#ChatGPT

To schedule a PowerShell script to run at regular intervals in Windows, you can use the schtasks command. The schtasks command allows you to create, modify, delete, or view scheduled tasks on the local or remote computer. Here's how you can use it to schedule a PowerShell script:

Example: Schedule PowerShell Script to Run Daily

Let's say you have a PowerShell script named MyScript.ps1 located in C:\Scripts that you want to run daily at 10:00 AM. Here's how you can schedule it using schtasks:

    Open Command Prompt or PowerShell as an administrator.
	#=====================================================================
	Enable the web application firewall

	Enable the web application firewall:

	Go to System > Feature Visibility.
	Under Security Features, enable Web Application Firewall.
	Click Apply.
	#=====================================================================
	The web application firewall feature is only available when the policy inspection mode is proxy-based.
	==========================================================================================================
	#apache 2.4.10 on windows server 2012 data center.
	#\apache\conf\extra\httpd-ssl

	#The -ALL option disables all SSL/TLS protocols initially.
	#The +TLSv1.2 and +TLSv1.3 options then selectively enable the TLS 1.2 and TLS 1.3 protocols.
	SSLProtocol -ALL +TLSv1.2 +TLSv1.3

	#this configuration directly specifies that Apache should use TLS 1.2 and TLS 1.3 for secure communications.
	#It doesn't explicitly disable any other SSL or TLS versions, but it indicates the preferred versions.
	==========================================================================================================
	reset IIS without having to reboot the whole server
	iisreset
	==========================================================================================================
	To check if IIS (Internet Information Services) is running on a Windows Server 2019 Standard server, you can use several methods, including the graphical user interface (GUI) and command-line tools. Here are two common methods:

	Method 1: Using the GUI (Server Manager)

	Log In: Log in to the Windows Server 2019 Standard using an account with administrative privileges.
	--------------------------------------------------------------------------------------------------------------------
	#Bard

	Ansible uses the following connection types for connecting to network devices:

	Network CLI: This is the default connection type for network devices. It uses the SSH protocol to connect to the device and execute commands on the CLI. The ansible.netcommon.network_cli connection plugin is used for this type of connection.

	For example, to connect to a Cisco device using the network CLI, you would use the following inventory entry:

	host: cisco_device
	#=====================================================================
	here are the steps on how to edit rules in Outlook Microsoft 365 Apps for Enterprise:

	Open Outlook.
	Click the File tab.
	Click Manage Rules & Alerts.
	In the Rules dialog box, select the rule that you want to edit.
	Click the Edit button.
	In the Edit Rule dialog box, make the changes that you want to the rule.
	Click the OK button.
	#=====================================================================
	#https://www.dell.com/support/manuals/tr-tr/dell-emc-os-9/s4048-on-9.14.2.8-config-pub/view-command-history?guid=guid-c004c801-c43d-41fd-a85a-4816f78656f9&lang=en-us

	#https://dl.dell.com/Manuals/all-products/esuprt_networking_int/esuprt_networking_operating_systems/dell-emc-os-9_White-Papers13_en-us.pdf
	#=====================================================================
	show version
	show os-version
	#=====================================================================

	#save the configuration on a Dell S4048 switch and ensure that it's not lost after a reboot
	#=====================================================================
	#how to power off fortigate cluster
	#unplug the power cables as there is no power buttons

	shut down first the secondary(backup unit)
	Unit-1 # execute ha manage 1 {To switch to the backup unit}
	Unit-2 $ {Now on the backup unit}
	Unit-2 $ execute shutdown {To shut down the backup unit}
	This operation will shutdown the system !
	Do you want to continue? (y/n)y
	============================================================================
	#ChatGPT

	Determining the precise date and time when ClamAV was installed on an Ubuntu Linux system might require a bit of sleuthing, as Linux doesn't typically log installation timestamps by default. However, you can use system logs and package manager records to get an idea of when ClamAV was installed:

	Method 1: Checking Package Installation Logs
	APT Logs:

	Look into the /var/log/apt/history.log* files. These logs contain historical information about package installations and updates.
	zgrep "clamav" /var/log/apt/history.log*
	==========================================================================================================
	#https://attack.mitre.org/tactics/TA0011/
	Tactics/Techniques
	Command and Control consists of techniques that adversaries may use to communicate with systems under their control within a victim network. Adversaries commonly attempt to mimic normal, expected traffic to avoid detection. There are many ways an adversary can establish command and control with various levels of stealth depending on the victim’s network structure and defenses
	==========================================================================================================
	#ChatGPT
	As an incident response security engineer detecting a command and control (C2/C&C) attack on a host, you can use the MITRE ATT&CK Navigator as a helpful tool to aid in your incident response efforts. The MITRE ATT&CK Navigator is a web-based tool that allows you to visualize and track adversary techniques, tactics, and procedures in real-time. Here's how you
	#===================================================================================================================================
	#ChatGPT

	To schedule a PowerShell script to run at regular intervals in Windows, you can use the schtasks command. The schtasks command allows you to create, modify, delete, or view scheduled tasks on the local or remote computer. Here's how you can use it to schedule a PowerShell script:

	Example: Schedule PowerShell Script to Run Daily

	Let's say you have a PowerShell script named MyScript.ps1 located in C:\Scripts that you want to run daily at 10:00 AM. Here's how you can schedule it using schtasks:

	Open Command Prompt or PowerShell as an administrator.