Keeper is a machine of HTB. The machine has a Website with nginx WAF, for this reason has access limited, later u can join to the system with default credentials, later get the password of an user lisa for the connection ssh, later download the .dmp file and recovery old session, next using the old session with private-openssh ssh service join like root.
CozyHosting is a machine of HTB. The machine has a Website with nginx, for this reason has access limited, later u can steal the cookies of an site in actuators/sessions, with the session we can intercept the request to login, later doing using a reverse shell to join like app, next continue scanning all possibilities with linpeas and finally with a file .jar can get password of postgre where is the password of ssh service to Privilege Escalation.
Sau is a machine of HTB. The machine has a SSH port open and antoher service TCP, you can doing create an token HTTP to later open a service called Maltrail, later you can search an exploit in this service to claim the flag.
Responder is a machine of Starting Point of HTB. The machine has a PHP Website in Apache, you can doing LFI (local file inclusion) to claim the flag.
Crocodile is a machine of Starting Point of HTB. The machine has a FTP Service and a Website in Apache where isn’t possible connect without password to claim the flag.
Sequel is a machine of Starting Point of HTB. The machine has a Mysql Service and it’s possible connect without password to claim the flag.
Appointment is a machine of Starting Point of HTB. The machine has a PHP web app and the objetive is find a command injection vulnerability in the site to claim the flag.
Travel is an awesome box from my ATeam teammates xct and jkr. The box has a code review part where we analyze the source code of a PHP web app to find a command injection vulnerability in a curl command. We then use the Gopher protocol to perform SSRF and write a serialized PHP payload into the memcache database. For the priv esc part, we manipulate attributes of a user in an LDAP database which is used by the NSS facility to extend the Linux authentication database.
Keeper is a machine of HTB. The machine has a Website with nginx WAF, for this reason has access limited, later u can join to the system with default credentials, later get the password of an user lisa for the connection ssh, later download the .dmp file and recovery old session, next using the old session with private-openssh ssh service join like root.
CozyHosting is a machine of HTB. The machine has a Website with nginx, for this reason has access limited, later u can steal the cookies of an site in actuators/sessions, with the session we can intercept the request to login, later doing using a reverse shell to join like app, next continue scanning all possibilities with linpeas and finally with a file .jar can get password of postgre where is the password of ssh service to Privilege Escalation.
Crocodile is a machine of Starting Point of HTB. The machine has a FTP Service and a Website in Apache where isn’t possible connect without password to claim the flag.
Sequel is a machine of Starting Point of HTB. The machine has a Mysql Service and it’s possible connect without password to claim the flag.
Implementation of a cybersecurity management plan. Based on the above example of the Hotel.
The objective of this example is focused on performing a pre-audit of the security management compliance level of a company. a) Creation of a project: Creation of an audit project of a company, defining the company. b) Asset categorization: Identify at least 15 valuable assets of the organization. c) Controls analysis: Study and analyze the main controls of the organization. Focus on the first 6 domains.
The company Librería On-Line S.A., which sells books through its web portal, has been the victim of cybercriminals who managed to steal through its web portal has been the victim of cybercriminals who managed to steal the access credentials of its customers. the access credentials of its clients. As a result, Librería On-Line S.A. suffered a loss of reputation loss of reputation, trust and image, loss of market share, loss of reputation, trust and image, loss of market share, distrust in its shareholders, loss of loyal customers, decrease in sales, and uncertainty among sales and uncertainty among current customers. In order to change the aforementioned problems and reinforce the level of security of their Librería On-Line S.A. has decided to hire a security audit as the main to contract a security audit with the company InfoSecurity.
Distribuciones Mariano is a company dedicated to the sale and installation of electrical equipment to individuals and electrical material to individuals and professionals nationwide. In order to optimize the processes, Distribuciones Mariano has acquired a platform for Internet. The purpose of this report is to show my way of developing audit reports based in Phases and Process.
Implementation of a cybersecurity management plan. Based on the above example of the Hotel.
The objective of this example is focused on performing a pre-audit of the security management compliance level of a company. a) Creation of a project: Creation of an audit project of a company, defining the company. b) Asset categorization: Identify at least 15 valuable assets of the organization. c) Controls analysis: Study and analyze the main controls of the organization. Focus on the first 6 domains.
The company Librería On-Line S.A., which sells books through its web portal, has been the victim of cybercriminals who managed to steal through its web portal has been the victim of cybercriminals who managed to steal the access credentials of its customers. the access credentials of its clients. As a result, Librería On-Line S.A. suffered a loss of reputation loss of reputation, trust and image, loss of market share, loss of reputation, trust and image, loss of market share, distrust in its shareholders, loss of loyal customers, decrease in sales, and uncertainty among sales and uncertainty among current customers. In order to change the aforementioned problems and reinforce the level of security of their Librería On-Line S.A. has decided to hire a security audit as the main to contract a security audit with the company InfoSecurity.
Distribuciones Mariano is a company dedicated to the sale and installation of electrical equipment to individuals and electrical material to individuals and professionals nationwide. In order to optimize the processes, Distribuciones Mariano has acquired a platform for Internet. The purpose of this report is to show my way of developing audit reports based in Phases and Process.
Implementation of a cybersecurity management plan. Based on the above example of the Hotel.
The objective of this example is focused on performing a pre-audit of the security management compliance level of a company. a) Creation of a project: Creation of an audit project of a company, defining the company. b) Asset categorization: Identify at least 15 valuable assets of the organization. c) Controls analysis: Study and analyze the main controls of the organization. Focus on the first 6 domains.
The company Librería On-Line S.A., which sells books through its web portal, has been the victim of cybercriminals who managed to steal through its web portal has been the victim of cybercriminals who managed to steal the access credentials of its customers. the access credentials of its clients. As a result, Librería On-Line S.A. suffered a loss of reputation loss of reputation, trust and image, loss of market share, loss of reputation, trust and image, loss of market share, distrust in its shareholders, loss of loyal customers, decrease in sales, and uncertainty among sales and uncertainty among current customers. In order to change the aforementioned problems and reinforce the level of security of their Librería On-Line S.A. has decided to hire a security audit as the main to contract a security audit with the company InfoSecurity.
Distribuciones Mariano is a company dedicated to the sale and installation of electrical equipment to individuals and electrical material to individuals and professionals nationwide. In order to optimize the processes, Distribuciones Mariano has acquired a platform for Internet. The purpose of this report is to show my way of developing audit reports based in Phases and Process.
Implementation of a cybersecurity management plan. Based on the above example of the Hotel.
The objective of this example is focused on performing a pre-audit of the security management compliance level of a company. a) Creation of a project: Creation of an audit project of a company, defining the company. b) Asset categorization: Identify at least 15 valuable assets of the organization. c) Controls analysis: Study and analyze the main controls of the organization. Focus on the first 6 domains.
The company Librería On-Line S.A., which sells books through its web portal, has been the victim of cybercriminals who managed to steal through its web portal has been the victim of cybercriminals who managed to steal the access credentials of its customers. the access credentials of its clients. As a result, Librería On-Line S.A. suffered a loss of reputation loss of reputation, trust and image, loss of market share, loss of reputation, trust and image, loss of market share, distrust in its shareholders, loss of loyal customers, decrease in sales, and uncertainty among sales and uncertainty among current customers. In order to change the aforementioned problems and reinforce the level of security of their Librería On-Line S.A. has decided to hire a security audit as the main to contract a security audit with the company InfoSecurity.
Distribuciones Mariano is a company dedicated to the sale and installation of electrical equipment to individuals and electrical material to individuals and professionals nationwide. In order to optimize the processes, Distribuciones Mariano has acquired a platform for Internet. The purpose of this report is to show my way of developing audit reports based in Phases and Process.
Sequel is a machine of Starting Point of HTB. The machine has a Mysql Service and it’s possible connect without password to claim the flag.
Appointment is a machine of Starting Point of HTB. The machine has a PHP web app and the objetive is find a command injection vulnerability in the site to claim the flag.
Sau is a machine of HTB. The machine has a SSH port open and antoher service TCP, you can doing create an token HTTP to later open a service called Maltrail, later you can search an exploit in this service to claim the flag.
Responder is a machine of Starting Point of HTB. The machine has a PHP Website in Apache, you can doing LFI (local file inclusion) to claim the flag.
Keeper is a machine of HTB. The machine has a Website with nginx WAF, for this reason has access limited, later u can join to the system with default credentials, later get the password of an user lisa for the connection ssh, later download the .dmp file and recovery old session, next using the old session with private-openssh ssh service join like root.
CozyHosting is a machine of HTB. The machine has a Website with nginx, for this reason has access limited, later u can steal the cookies of an site in actuators/sessions, with the session we can intercept the request to login, later doing using a reverse shell to join like app, next continue scanning all possibilities with linpeas and finally with a file .jar can get password of postgre where is the password of ssh service to Privilege Escalation.
The activity will allow to put into practice the concepts related to Linux systems. Specifically, an Ubuntu system will be fortified, restricting access to privileged users, securely managing access via SSH, restricting web browsing with a proxy and creating users with specific permissions. The same company of the windows fortification has contacted us again to request the installation and secure configuration of a virtual machine based on VirtualBox and whose operating system is Ubuntu.
In this activity we are asked to put into practice the knowledge acquired in the first topic of the operating systems security course. We are asked to deploy a domain controller and a computer attached to it, on which we will apply different security measures, both at the domain level to this one in which we will apply different security measures, both at domain level and in the as well as on the computer itself. For this purpose, the laboratory has been carried out on a Windows Server 2016 virtual machine and a Windows Server 2016 virtual machine. Windows Server 2016 virtual machine and a Windows 7 client machine.
Implementation of a cybersecurity management plan. Based on the above example of the Hotel.
The objective of this example is focused on performing a pre-audit of the security management compliance level of a company. a) Creation of a project: Creation of an audit project of a company, defining the company. b) Asset categorization: Identify at least 15 valuable assets of the organization. c) Controls analysis: Study and analyze the main controls of the organization. Focus on the first 6 domains.
Travel is an awesome box from my ATeam teammates xct and jkr. The box has a code review part where we analyze the source code of a PHP web app to find a command injection vulnerability in a curl command. We then use the Gopher protocol to perform SSRF and write a serialized PHP payload into the memcache database. For the priv esc part, we manipulate attributes of a user in an LDAP database which is used by the NSS facility to extend the Linux authentication database.
Sequel is a machine of Starting Point of HTB. The machine has a Mysql Service and it’s possible connect without password to claim the flag.
Sequel is a machine of Starting Point of HTB. The machine has a Mysql Service and it’s possible connect without password to claim the flag.
Crocodile is a machine of Starting Point of HTB. The machine has a FTP Service and a Website in Apache where isn’t possible connect without password to claim the flag.
Crocodile is a machine of Starting Point of HTB. The machine has a FTP Service and a Website in Apache where isn’t possible connect without password to claim the flag.
Crocodile is a machine of Starting Point of HTB. The machine has a FTP Service and a Website in Apache where isn’t possible connect without password to claim the flag.
Responder is a machine of Starting Point of HTB. The machine has a PHP Website in Apache, you can doing LFI (local file inclusion) to claim the flag.
Responder is a machine of Starting Point of HTB. The machine has a PHP Website in Apache, you can doing LFI (local file inclusion) to claim the flag.
Responder is a machine of Starting Point of HTB. The machine has a PHP Website in Apache, you can doing LFI (local file inclusion) to claim the flag.
Responder is a machine of Starting Point of HTB. The machine has a PHP Website in Apache, you can doing LFI (local file inclusion) to claim the flag.
Sau is a machine of HTB. The machine has a SSH port open and antoher service TCP, you can doing create an token HTTP to later open a service called Maltrail, later you can search an exploit in this service to claim the flag.
Sau is a machine of HTB. The machine has a SSH port open and antoher service TCP, you can doing create an token HTTP to later open a service called Maltrail, later you can search an exploit in this service to claim the flag.
Sau is a machine of HTB. The machine has a SSH port open and antoher service TCP, you can doing create an token HTTP to later open a service called Maltrail, later you can search an exploit in this service to claim the flag.
Sau is a machine of HTB. The machine has a SSH port open and antoher service TCP, you can doing create an token HTTP to later open a service called Maltrail, later you can search an exploit in this service to claim the flag.
CozyHosting is a machine of HTB. The machine has a Website with nginx, for this reason has access limited, later u can steal the cookies of an site in actuators/sessions, with the session we can intercept the request to login, later doing using a reverse shell to join like app, next continue scanning all possibilities with linpeas and finally with a file .jar can get password of postgre where is the password of ssh service to Privilege Escalation.
CozyHosting is a machine of HTB. The machine has a Website with nginx, for this reason has access limited, later u can steal the cookies of an site in actuators/sessions, with the session we can intercept the request to login, later doing using a reverse shell to join like app, next continue scanning all possibilities with linpeas and finally with a file .jar can get password of postgre where is the password of ssh service to Privilege Escalation.
CozyHosting is a machine of HTB. The machine has a Website with nginx, for this reason has access limited, later u can steal the cookies of an site in actuators/sessions, with the session we can intercept the request to login, later doing using a reverse shell to join like app, next continue scanning all possibilities with linpeas and finally with a file .jar can get password of postgre where is the password of ssh service to Privilege Escalation.
CozyHosting is a machine of HTB. The machine has a Website with nginx, for this reason has access limited, later u can steal the cookies of an site in actuators/sessions, with the session we can intercept the request to login, later doing using a reverse shell to join like app, next continue scanning all possibilities with linpeas and finally with a file .jar can get password of postgre where is the password of ssh service to Privilege Escalation.
Keeper is a machine of HTB. The machine has a Website with nginx WAF, for this reason has access limited, later u can join to the system with default credentials, later get the password of an user lisa for the connection ssh, later download the .dmp file and recovery old session, next using the old session with private-openssh ssh service join like root.
Keeper is a machine of HTB. The machine has a Website with nginx WAF, for this reason has access limited, later u can join to the system with default credentials, later get the password of an user lisa for the connection ssh, later download the .dmp file and recovery old session, next using the old session with private-openssh ssh service join like root.
Distribuciones Mariano is a company dedicated to the sale and installation of electrical equipment to individuals and electrical material to individuals and professionals nationwide. In order to optimize the processes, Distribuciones Mariano has acquired a platform for Internet. The purpose of this report is to show my way of developing audit reports based in Phases and Process.
In this activity we are asked to put into practice the knowledge acquired in the first topic of the operating systems security course. We are asked to deploy a domain controller and a computer attached to it, on which we will apply different security measures, both at the domain level to this one in which we will apply different security measures, both at domain level and in the as well as on the computer itself. For this purpose, the laboratory has been carried out on a Windows Server 2016 virtual machine and a Windows Server 2016 virtual machine. Windows Server 2016 virtual machine and a Windows 7 client machine.
In this activity we are asked to put into practice the knowledge acquired in the first topic of the operating systems security course. We are asked to deploy a domain controller and a computer attached to it, on which we will apply different security measures, both at the domain level to this one in which we will apply different security measures, both at domain level and in the as well as on the computer itself. For this purpose, the laboratory has been carried out on a Windows Server 2016 virtual machine and a Windows Server 2016 virtual machine. Windows Server 2016 virtual machine and a Windows 7 client machine.
In this activity we are asked to put into practice the knowledge acquired in the first topic of the operating systems security course. We are asked to deploy a domain controller and a computer attached to it, on which we will apply different security measures, both at the domain level to this one in which we will apply different security measures, both at domain level and in the as well as on the computer itself. For this purpose, the laboratory has been carried out on a Windows Server 2016 virtual machine and a Windows Server 2016 virtual machine. Windows Server 2016 virtual machine and a Windows 7 client machine.
In this activity we are asked to put into practice the knowledge acquired in the first topic of the operating systems security course. We are asked to deploy a domain controller and a computer attached to it, on which we will apply different security measures, both at the domain level to this one in which we will apply different security measures, both at domain level and in the as well as on the computer itself. For this purpose, the laboratory has been carried out on a Windows Server 2016 virtual machine and a Windows Server 2016 virtual machine. Windows Server 2016 virtual machine and a Windows 7 client machine.
The company Librería On-Line S.A., which sells books through its web portal, has been the victim of cybercriminals who managed to steal through its web portal has been the victim of cybercriminals who managed to steal the access credentials of its customers. the access credentials of its clients. As a result, Librería On-Line S.A. suffered a loss of reputation loss of reputation, trust and image, loss of market share, loss of reputation, trust and image, loss of market share, distrust in its shareholders, loss of loyal customers, decrease in sales, and uncertainty among sales and uncertainty among current customers. In order to change the aforementioned problems and reinforce the level of security of their Librería On-Line S.A. has decided to hire a security audit as the main to contract a security audit with the company InfoSecurity.
The activity will allow to put into practice the concepts related to Linux systems. Specifically, an Ubuntu system will be fortified, restricting access to privileged users, securely managing access via SSH, restricting web browsing with a proxy and creating users with specific permissions. The same company of the windows fortification has contacted us again to request the installation and secure configuration of a virtual machine based on VirtualBox and whose operating system is Ubuntu.
The activity will allow to put into practice the concepts related to Linux systems. Specifically, an Ubuntu system will be fortified, restricting access to privileged users, securely managing access via SSH, restricting web browsing with a proxy and creating users with specific permissions. The same company of the windows fortification has contacted us again to request the installation and secure configuration of a virtual machine based on VirtualBox and whose operating system is Ubuntu.
The activity will allow to put into practice the concepts related to Linux systems. Specifically, an Ubuntu system will be fortified, restricting access to privileged users, securely managing access via SSH, restricting web browsing with a proxy and creating users with specific permissions. The same company of the windows fortification has contacted us again to request the installation and secure configuration of a virtual machine based on VirtualBox and whose operating system is Ubuntu.
The activity will allow to put into practice the concepts related to Linux systems. Specifically, an Ubuntu system will be fortified, restricting access to privileged users, securely managing access via SSH, restricting web browsing with a proxy and creating users with specific permissions. The same company of the windows fortification has contacted us again to request the installation and secure configuration of a virtual machine based on VirtualBox and whose operating system is Ubuntu.
Implementation of a cybersecurity management plan. Based on the above example of the Hotel.