Friday, December 1, 2017

OpenVAS configuration

OpenVAS http://openvas.org/ is an open-source security scanner.  The instructions below are concerning how to configure the application within Kali Linux.

The following commands are used once Kali Linux is installed and updated.

apt-get install openvas
openvas-setup
openvas-start
https://127.0.0.1:9392

openvas1

openvas2

openvas3

Once the initial configuration is completed, a default initial password should be displayed.  Start the required services and log in via the web interface to set a new password value under Administration -> Users.  The default user name is admin.

Log into the web interface of the OpenVAS service and use the Feed Status menu option under Extras tab to verify the local databases are current.
 
To update the NVT feed via a terminal session, use the command greenbone-nvt-sync.  The commands to update the other databases would be greenbone-scapdata-sync and greenbone-certdata-sync.

openvas4

View local root certificates within Windows using PowerShell

The local root certificate entries can be viewed within Windows using PowerShell.

ls CERT:\CurrentUser\AuthRoot

image

$store = New-Object System.Security.Cryptography.X509Certificates.X509Store("root","LocalMachine")
$store.Open("ReadOnly")
$store.certificates | select ThumbPrint,FriendlyName,NotAfter

image

A script is available at https://isc.sans.edu/forums/diary/Keep+An+Eye+on+your+Root+Certificates/23030/ to compare hashes to a previous dump.

Quad9 DNS Service

The Global Cyber Alliance (GCA) has partnered with IBM and Packet Clearing House to launch a free public Domain Name Service system. The system is intended to block domains associated with botnets, phishing attacks, and other malicious Internet hosts. The service is named Quad9 and it will not return name resolutions for sites that are identified via threat feeds the service aggregates daily.  The DNS IPv4 number is 9.9.9.9.

https://www.globalcyberalliance.org/initiatives/quad9.html

https://quad9.net/

Lingering Object Liquidator for Active Directory

Lingering objects are objects in AD than have been created, replicated, deleted, and then garbage collected on at least the DC that originated the deletion but still exist as live objects on one or more DCs in the same forest.  This utility provides an option to find and remove such objects.

https://blogs.technet.microsoft.com/askds/2017/10/09/introducing-lingering-object-liquidator-v2/

https://www.microsoft.com/en-us/download/details.aspx?id=56051

Spaghetti

Spaghetti is an Open-source Web Application Security Scanner, it is designed to find various default and insecure files, configurations, and misconfigurations.

https://github.com/m4ll0k/Spaghetti

https://www.darknet.org.uk/2017/10/spaghetti-download-web-application-security-scanner/

OSSIM

OSSIM is an open source SIEM or Security Information and Event Management (SIEM) product, providing event collection, normalization and correlation.

https://www.alienvault.com/products/ossim

https://www.darknet.org.uk/2017/10/ossim-download-open-source-siem-tools-software/

WAFNinja

WAFNinja is a Python-based Web Application Firewall Attack Tool designed to help penetration testers execute WAF bypass by automating the steps necessary to bypass input validation.

https://github.com/khalilbijjou/WAFNinja

https://www.darknet.org.uk/2017/11/wafninja-web-application-firewall-attack-tool-waf-bypass/

Specops Password Auditor

Specops Password Auditor is a freeware utility that scans Active Directory for weak password policies and high-privilege user accounts.

https://specopssoft.com/product/specops-password-auditor/

https://4sysops.com/archives/specops-password-auditor-detect-weak-password-policies/

PowerShell transcript feature

PowerShell has a feature to create a transcript of a session.  To start the process, use the cmdlet Start-Transcript.

image

To stop the process, close the session or use the cmdlet Stop-Transcript.

image

image

Thursday, November 2, 2017

Windows Exploitation resources

The web site below is a list of exploits for the Windows platform.

https://github.com/enddo/awesome-windows-exploitation/blob/master/README.md