find DNS sub domains

 https://geekflare.com/find-subdomains/

cisco asa 8.2 nat code examples

You combine the following commands in 8.2 code, in 8.3+ we are just using a NAT command

• nat
• global
• static

Global NAT for internet access

nat all 10.0.0.0/24 traffic from inside to NAT ID "1"

nat (inside) 1 10.0.0.0 255.255.255.0

On NAT ID "1" nat all traffic behind the outside interface

global (outside) 1 interface

Static nat for giving a server a public IP

static (inside,outside) 100.100.100.10 192.168.1.100

access-list 100 permit tcp any host 100.100.100.10 eq https

access-group 100 in interface outside

 

Create ACL to match traffic to be NAT'd for nat hide for VPN

access-list policy-nat extended permit ip 172.16.1.245 255.255.255.255 213.168.225.149 255.255.255.255

access-list policy-nat extended permit ip 172.16.1.245 255.255.255.255 217.114.160.101 255.255.255.255

Nat traffic matched with the ACL to NAT ID "2"

nat (public) 2 access-list policy-nat

Define what IP NAT id "2" should be nat'd to on the outside interface

global (outside) 2 172.16.1.242

select traffic, nat, define what IP to nat to 🤷

nessus scan

Scan box only has displayport + hdmi out so might need cables

Make sure time + date is set correctly

Make sure you have internet access on the scan box (may need FW rules and ssl exclusions)

Run software and plugin updates

Ask for AV/firewall logs not to log as it will create SIEM alerts

Copy from previous scan 

Don't use scheduled scans because it will just make alerts for the customer when it kicks off again in 1 months time

Config networks (get from firewall, LAN switch etc)

Don't forget anyconnect and WIFI pools / ranges

Watch out for citrix or other remote access global protect etc

Once you have list of networks email customer that list and ask if there is anything to add. Also get credentials for (windows / SSH / SNMP). Inform them the scan may set off alerts in their system logs (FW/SIEM/SOAR/SOC/EDR./AV etc). We will create some temp rules to allow it access.

Clear the log file and restart service before starting scan. (https://avleonov.com/2018/03/14/dealing-with-nessus-logs/)

Start scan just before 9am (Tuesday is good) to try catch as many point in time hosts. Scans can run for hours into days and users may connect/disconnect during this time.

After first scan check the scan to see how long it took to complete, were there any errors/notes. Were there any important networks missed.

Generate and write report

Nessus scan first setup

Choose advance scan

Give a name 

Discover -> turn off ping the remote host

Port scanning -> can use default or all 

T:1-65535,U:1-1024

Local port enumerators (leave as is)

Use syn scan

Turn on UDP

Service disover

probe al ports

search for SSL/TLS on all ports

Assessment -> tick perform through tests

Brute force -> Tick only user creds set by user

Web application -> don't scan if we are just doing an infra scan

Report -> untick show missing patches that have been superseded 

Tick designate hosts by their DNS name

Advanced -> usually can leave but if flat network can tick bot to slow down the scan.

For internal scan we want to add creds for windows / SSH / SNMP. Ask for a temp admin user to run the scan.

Enable schedule once a quarter etc

Network detector tool 

This is more MS and AD focused but can give good results like a list of users who have passwords set not to expire.

Run "RunNetworkDetective" as administrator

Give credentials

Give domain controller IP

Send output to R to run report from reporting tool

filezilla server quick setup

FileZilla server quick setup so you can transfer some files

Install the software

Setup FTP folder like C:\FTP and drop your files in there (in windows)

Create user and password in filezilla server

virtual path "/"

native "C:\FTP"

run a cmd "ftp localhost" and "dir" we should see your files

There can be a further step to make sure ports are open on windows firewall and any other firewall in-between your FTP server and client