thi0x

thi0x

A. Fernando Mehrez Garcia
Master in Cyber Security, System Engineer,
Pentester & Backend Programmer

Recent Posts

ISO27001 - ISMS pre-audit Sample by Fernando

The objective of this example is focused on performing a pre-audit of the security management compliance level of a company. a) Creation of a project: Creation of an audit project of a company, defining the company. b) Asset categorization: Identify at least 15 valuable assets of the organization. c) Controls analysis: Study and analyze the main controls of the organization. Focus on the first 6 domains.

FORTIFICATION OF A LINUX ENVIRONMENT by Fernando

The activity will allow to put into practice the concepts related to Linux systems. Specifically, an Ubuntu system will be fortified, restricting access to privileged users, securely managing access via SSH, restricting web browsing with a proxy and creating users with specific permissions. The same company of the windows fortification has contacted us again to request the installation and secure configuration of a virtual machine based on VirtualBox and whose operating system is Ubuntu.

ISO27001 - ITAF - Planning an IT audit Sample by Fernando

The company Librería On-Line S.A., which sells books through its web portal, has been the victim of cybercriminals who managed to steal through its web portal has been the victim of cybercriminals who managed to steal the access credentials of its customers. the access credentials of its clients. As a result, Librería On-Line S.A. suffered a loss of reputation loss of reputation, trust and image, loss of market share, loss of reputation, trust and image, loss of market share, distrust in its shareholders, loss of loyal customers, decrease in sales, and uncertainty among sales and uncertainty among current customers. In order to change the aforementioned problems and reinforce the level of security of their Librería On-Line S.A. has decided to hire a security audit as the main to contract a security audit with the company InfoSecurity.

FORTIFICATION OF A WINDOWS SERVER ENVIRONMENT by Fernando

In this activity we are asked to put into practice the knowledge acquired in the first topic of the operating systems security course. We are asked to deploy a domain controller and a computer attached to it, on which we will apply different security measures, both at the domain level to this one in which we will apply different security measures, both at domain level and in the as well as on the computer itself. For this purpose, the laboratory has been carried out on a Windows Server 2016 virtual machine and a Windows Server 2016 virtual machine. Windows Server 2016 virtual machine and a Windows 7 client machine.

ISO27001 - Phases Sample by Fernando

Distribuciones Mariano is a company dedicated to the sale and installation of electrical equipment to individuals and electrical material to individuals and professionals nationwide. In order to optimize the processes, Distribuciones Mariano has acquired a platform for Internet. The purpose of this report is to show my way of developing audit reports based in Phases and Process.

Keeper - Hack The Box

Keeper is a machine of HTB. The machine has a Website with nginx WAF, for this reason has access limited, later u can join to the system with default credentials, later get the password of an user lisa for the connection ssh, later download the .dmp file and recovery old session, next using the old session with private-openssh ssh service join like root.

CozyHosting - Hack The Box

CozyHosting is a machine of HTB. The machine has a Website with nginx, for this reason has access limited, later u can steal the cookies of an site in actuators/sessions, with the session we can intercept the request to login, later doing using a reverse shell to join like app, next continue scanning all possibilities with linpeas and finally with a file .jar can get password of postgre where is the password of ssh service to Privilege Escalation.