Friday, 25 February 2022

find DNS sub domains

 https://geekflare.com/find-subdomains/


Posted by at No comments:

Wednesday, 16 February 2022

cisco asa 8.2 nat code examples

You combine the following commands in 8.2 code, in 8.3+ we are just using a NAT command

  • nat
  • global
  • static


Global NAT for internet access

nat all 10.0.0.0/24 traffic from inside to NAT ID "1"

nat (inside) 1 10.0.0.0 255.255.255.0

On NAT ID "1" nat all traffic behind the outside interface

global (outside) 1 interface


Static nat for giving a server a public IP

static (inside,outside) 100.100.100.10 192.168.1.100

access-list 100 permit tcp any host 100.100.100.10 eq https

access-group 100 in interface outside

 

Create ACL to match traffic to be NAT'd for nat hide for VPN

access-list policy-nat extended permit ip 172.16.1.245 255.255.255.255 213.168.225.149 255.255.255.255

access-list policy-nat extended permit ip 172.16.1.245 255.255.255.255 217.114.160.101 255.255.255.255


Nat traffic matched with the ACL to NAT ID "2"

nat (public) 2 access-list policy-nat


Define what IP NAT id "2" should be nat'd to on the outside interface

global (outside) 2 172.16.1.242


select traffic, nat, define what IP to nat to 🤷

Posted by at No comments:
Labels: , ,

Tuesday, 15 February 2022

nessus scan

Scan box only has displayport + hdmi out so might need cables

Make sure time + date is set correctly

Make sure you have internet access on the scan box (may need FW rules and ssl exclusions)

Run software and plugin updates

Ask for AV/firewall logs not to log as it will create SIEM alerts

Copy from previous scan 

Don't use scheduled scans because it will just make alerts for the customer when it kicks off again in 1 months time

Config networks (get from firewall, LAN switch etc)

Don't forget anyconnect and WIFI pools / ranges

Watch out for citrix or other remote access global protect etc

Once you have list of networks email customer that list and ask if there is anything to add. Also get credentials for (windows / SSH / SNMP). Inform them the scan may set off alerts in their system logs (FW/SIEM/SOAR/SOC/EDR./AV etc). We will create some temp rules to allow it access.

Clear the log file and restart service before starting scan. (https://avleonov.com/2018/03/14/dealing-with-nessus-logs/)

Start scan just before 9am (Tuesday is good) to try catch as many point in time hosts. Scans can run for hours into days and users may connect/disconnect during this time.

After first scan check the scan to see how long it took to complete, were there any errors/notes. Were there any important networks missed.

Generate and write report


Download nessus

https://www.tenable.com/downloads/nessus?loginAttempted=true

For VMware choose the .ova, installs nessus core and the scanner runs on top of this


Docs

https://docs.tenable.com/nessus/Content/GettingStarted.htm?_gl=1*md6u5u*_ga*ODc2NzM3MDkyLjE3MTU2NzgwNzk.*_ga_HSJ1XWV6ND*MTczMzgyODgzNS44Mi4xLjE3MzM4Mjg4NTAuNDUuMC4xMzIxMTM2MzI4


Palo prereqs fw

Add temp FW rule

Go to Network > Network profiles > Zone protection

Edit zone protection

Recon protection 

Source address exclusion

Add Nessus-INT and EXT scanner IPs here



Nessus scan first setup

Default port for scanner https://192.168.1.100:8834/

Choose advance scan

Give a name 

Discover -> turn off ping the remote host

Port scanning -> can use default or all 

T:1-65535,U:1-1024

Local port enumerators (leave as is)

Use syn scan

Turn on UDP

Service disover

probe al ports

search for SSL/TLS on all ports

Assessment -> tick perform through tests

Brute force -> Tick only user creds set by user

Web application -> don't scan if we are just doing an infra scan

Report -> untick show missing patches that have been superseded 

Tick designate hosts by their DNS name

Advanced -> usually can leave but if flat network can tick bot to slow down the scan.

For internal scan we want to add creds for windows / SSH / SNMP. Ask for a temp admin user to run the scan.

Enable schedule once a quarter etc



Network detector tool 

This is more MS and AD focused but can give good results like a list of users who have passwords set not to expire.

Run "RunNetworkDetective" as administrator

Give credentials

Give domain controller IP

Send output to R to run report from reporting tool


Posted by at No comments:
Labels: , ,

Friday, 4 February 2022

filezilla server quick setup

FileZilla server quick setup so you can transfer some files


Install the software

Setup FTP folder like C:\FTP and drop your files in there (in windows)

Create user and password in filezilla server

virtual path "/"

native "C:\FTP"

run a cmd "ftp localhost" and "dir" we should see your files

There can be a further step to make sure ports are open on windows firewall and any other firewall in-between your FTP server and client


Posted by at No comments:
Labels: , ,
Subscribe to: Posts (Atom)