Bulk IP Reputation Check using Security Websites and Open Source Scripts
This topic has been haunted in my mind for quite a while. As an information security guy, we got tons of reports about end point activities. One of them is…
Pen Test Lab – 3.Active Information Gathering
Unlike passive information gathering, which involves an intermediate system for gathering information, active information gathering involves a direct connection with the target.The client probes for information directly with the target…
Pen Test Lab – 1. Environment Setup
This post is focusing on how to build a simple Pen test lab with a minimal effort and also it can provides enough practice opportunity. It will be a series…
Pen Test Lab – 2.Passive Information Gathering
An information gathering endeavor is the pen tester locates publicly available information related to the target and seeks ways that could be exploited to get into the systems. There are…
Remove Target to Release Acunetix Licensed Target Count
Acunetix vulnerability scanner license is counted by the target number. Once consumed your target numbers, you wont be able to add new target into your scanner to do another scan.…
End Point Threat Hunting Tools & Steps
Here are some of my collections from Internet about Threat Hunting tools, information and resources. Steps to Scan and Fix your System 4.1 Download Malwarebytes Double click on the installer…
DarkTrace Investigation Steps
This post is to summarize some security incidents investigation steps using DarkTrace. Investigation methodology Any incident responder will always begin by asking some high-level questions concerning the incident under investigation…
Vulnerability Remediation – QID: 91017 and QID: 100269
One of my servers has been found two urgent (severity 5) vulnerabilities. Qualys scan report does give lots of details about those vulnerabilities such as solutions, patches, links etc. Applied…
PID 4 listening on Port 80 or Port 12345
It was interesting during one of our Vulnerability Scanning. There are lots of machines listening on port 12345, and it does has lots of connection on it. Also, PID is…
Vulnerability: SSL/TLS use of weak RC4(Arcfour) cipher port 3389/tcp over SSL
Recent during a vulnerability scan , there is RC4 cipher found using on SSL/TLS connection at port 3389. The solution in the Qualys report is not clear how to fix.…
Find Real IP of a Website Behind CDN
There are more and more websites using CDN (Content Delivery Network) to help deliver their contents to end users. It is faster, safer and more reliable. At the same time,…
Windows Remote Command Line Troubleshooting Tips and Tricks
Here are some scripts and methods to do remote troubleshooting or running some commands in remote machines. I found they are very useful especially in a enterprise environment if you…