ISO27001 - Risk Analysis on ISO27001:2013 Sample by Fernando
Implementation of a cybersecurity management plan. Based on the above example of the Hotel.
Posts by Tag
- Portfolio 6
- Inform 5
- ISO27001 4
- Samples 4
- Report 4
- Security Misconfiguration 3
- A05:2021 3
- Nginx 3
- Planning 3
- php 2
- mysql 2
- injection 2
- A06:2021 2
- HTTP 2
- SSH 2
- Privilege Escalation 2
- Audit 2
- vhosts 1
- git 1
- memcache 1
- ssrf 1
- gopher 1
- deserialization 1
- ldap 1
- viminfo 1
- nss 1
- A03:2021 1
- A07:2021 1
- FTP 1
- NTLM 1
- LFI 1
- Vulnerable Components 1
- Exploit CWE 1
- Vulnerable and outdated components 1
- burpsuite 1
- Postgresql 1
- Reverse Shell 1
- WAF 1
- dmp credentials 1
- Vulnerable and Outdated Components 1
- Phases 1
- Applocker 1
- Powershell 1
- Active Directory 1
- Windows Server 1
- Windows7 1
- Proxy 1
- Bash 1
- OpenSSH 1
- Squid 1
- Linux 1
- Ubuntu 1
- Pre-Audit 1
- Risk Analysis 1
Portfolio
ISO27001 - Risk Analysis on ISO27001:2013 Sample by Fernando
ISO27001 - ISMS pre-audit Sample by Fernando
The objective of this example is focused on performing a pre-audit of the security management compliance level of a company. a) Creation of a project: Creation of an audit project of a company, defining the company. b) Asset categorization: Identify at least 15 valuable assets of the organization. c) Controls analysis: Study and analyze the main controls of the organization. Focus on the first 6 domains.
FORTIFICATION OF A LINUX ENVIRONMENT by Fernando
The activity will allow to put into practice the concepts related to Linux systems. Specifically, an Ubuntu system will be fortified, restricting access to privileged users, securely managing access via SSH, restricting web browsing with a proxy and creating users with specific permissions. The same company of the windows fortification has contacted us again to request the installation and secure configuration of a virtual machine based on VirtualBox and whose operating system is Ubuntu.
ISO27001 - ITAF - Planning an IT audit Sample by Fernando
The company Librería On-Line S.A., which sells books through its web portal, has been the victim of cybercriminals who managed to steal through its web portal has been the victim of cybercriminals who managed to steal the access credentials of its customers. the access credentials of its clients. As a result, Librería On-Line S.A. suffered a loss of reputation loss of reputation, trust and image, loss of market share, loss of reputation, trust and image, loss of market share, distrust in its shareholders, loss of loyal customers, decrease in sales, and uncertainty among sales and uncertainty among current customers. In order to change the aforementioned problems and reinforce the level of security of their Librería On-Line S.A. has decided to hire a security audit as the main to contract a security audit with the company InfoSecurity.
FORTIFICATION OF A WINDOWS SERVER ENVIRONMENT by Fernando
In this activity we are asked to put into practice the knowledge acquired in the first topic of the operating systems security course. We are asked to deploy a domain controller and a computer attached to it, on which we will apply different security measures, both at the domain level to this one in which we will apply different security measures, both at domain level and in the as well as on the computer itself. For this purpose, the laboratory has been carried out on a Windows Server 2016 virtual machine and a Windows Server 2016 virtual machine. Windows Server 2016 virtual machine and a Windows 7 client machine.
ISO27001 - Phases Sample by Fernando
Distribuciones Mariano is a company dedicated to the sale and installation of electrical equipment to individuals and electrical material to individuals and professionals nationwide. In order to optimize the processes, Distribuciones Mariano has acquired a platform for Internet. The purpose of this report is to show my way of developing audit reports based in Phases and Process.
Inform
ISO27001 - Risk Analysis on ISO27001:2013 Sample by Fernando
Implementation of a cybersecurity management plan. Based on the above example of the Hotel.
ISO27001 - ISMS pre-audit Sample by Fernando
The objective of this example is focused on performing a pre-audit of the security management compliance level of a company. a) Creation of a project: Creation of an audit project of a company, defining the company. b) Asset categorization: Identify at least 15 valuable assets of the organization. c) Controls analysis: Study and analyze the main controls of the organization. Focus on the first 6 domains.
ISO27001 - ITAF - Planning an IT audit Sample by Fernando
The company Librería On-Line S.A., which sells books through its web portal, has been the victim of cybercriminals who managed to steal through its web portal has been the victim of cybercriminals who managed to steal the access credentials of its customers. the access credentials of its clients. As a result, Librería On-Line S.A. suffered a loss of reputation loss of reputation, trust and image, loss of market share, loss of reputation, trust and image, loss of market share, distrust in its shareholders, loss of loyal customers, decrease in sales, and uncertainty among sales and uncertainty among current customers. In order to change the aforementioned problems and reinforce the level of security of their Librería On-Line S.A. has decided to hire a security audit as the main to contract a security audit with the company InfoSecurity.
FORTIFICATION OF A WINDOWS SERVER ENVIRONMENT by Fernando
In this activity we are asked to put into practice the knowledge acquired in the first topic of the operating systems security course. We are asked to deploy a domain controller and a computer attached to it, on which we will apply different security measures, both at the domain level to this one in which we will apply different security measures, both at domain level and in the as well as on the computer itself. For this purpose, the laboratory has been carried out on a Windows Server 2016 virtual machine and a Windows Server 2016 virtual machine. Windows Server 2016 virtual machine and a Windows 7 client machine.
ISO27001 - Phases Sample by Fernando
Distribuciones Mariano is a company dedicated to the sale and installation of electrical equipment to individuals and electrical material to individuals and professionals nationwide. In order to optimize the processes, Distribuciones Mariano has acquired a platform for Internet. The purpose of this report is to show my way of developing audit reports based in Phases and Process.
ISO27001
ISO27001 - Risk Analysis on ISO27001:2013 Sample by Fernando
Implementation of a cybersecurity management plan. Based on the above example of the Hotel.
ISO27001 - ISMS pre-audit Sample by Fernando
The objective of this example is focused on performing a pre-audit of the security management compliance level of a company. a) Creation of a project: Creation of an audit project of a company, defining the company. b) Asset categorization: Identify at least 15 valuable assets of the organization. c) Controls analysis: Study and analyze the main controls of the organization. Focus on the first 6 domains.
ISO27001 - ITAF - Planning an IT audit Sample by Fernando
The company Librería On-Line S.A., which sells books through its web portal, has been the victim of cybercriminals who managed to steal through its web portal has been the victim of cybercriminals who managed to steal the access credentials of its customers. the access credentials of its clients. As a result, Librería On-Line S.A. suffered a loss of reputation loss of reputation, trust and image, loss of market share, loss of reputation, trust and image, loss of market share, distrust in its shareholders, loss of loyal customers, decrease in sales, and uncertainty among sales and uncertainty among current customers. In order to change the aforementioned problems and reinforce the level of security of their Librería On-Line S.A. has decided to hire a security audit as the main to contract a security audit with the company InfoSecurity.
ISO27001 - Phases Sample by Fernando
Distribuciones Mariano is a company dedicated to the sale and installation of electrical equipment to individuals and electrical material to individuals and professionals nationwide. In order to optimize the processes, Distribuciones Mariano has acquired a platform for Internet. The purpose of this report is to show my way of developing audit reports based in Phases and Process.
Samples
ISO27001 - Risk Analysis on ISO27001:2013 Sample by Fernando
Implementation of a cybersecurity management plan. Based on the above example of the Hotel.
ISO27001 - ISMS pre-audit Sample by Fernando
The objective of this example is focused on performing a pre-audit of the security management compliance level of a company. a) Creation of a project: Creation of an audit project of a company, defining the company. b) Asset categorization: Identify at least 15 valuable assets of the organization. c) Controls analysis: Study and analyze the main controls of the organization. Focus on the first 6 domains.
ISO27001 - ITAF - Planning an IT audit Sample by Fernando
The company Librería On-Line S.A., which sells books through its web portal, has been the victim of cybercriminals who managed to steal through its web portal has been the victim of cybercriminals who managed to steal the access credentials of its customers. the access credentials of its clients. As a result, Librería On-Line S.A. suffered a loss of reputation loss of reputation, trust and image, loss of market share, loss of reputation, trust and image, loss of market share, distrust in its shareholders, loss of loyal customers, decrease in sales, and uncertainty among sales and uncertainty among current customers. In order to change the aforementioned problems and reinforce the level of security of their Librería On-Line S.A. has decided to hire a security audit as the main to contract a security audit with the company InfoSecurity.
ISO27001 - Phases Sample by Fernando
Distribuciones Mariano is a company dedicated to the sale and installation of electrical equipment to individuals and electrical material to individuals and professionals nationwide. In order to optimize the processes, Distribuciones Mariano has acquired a platform for Internet. The purpose of this report is to show my way of developing audit reports based in Phases and Process.
Report
ISO27001 - Risk Analysis on ISO27001:2013 Sample by Fernando
Implementation of a cybersecurity management plan. Based on the above example of the Hotel.
ISO27001 - ISMS pre-audit Sample by Fernando
The objective of this example is focused on performing a pre-audit of the security management compliance level of a company. a) Creation of a project: Creation of an audit project of a company, defining the company. b) Asset categorization: Identify at least 15 valuable assets of the organization. c) Controls analysis: Study and analyze the main controls of the organization. Focus on the first 6 domains.
ISO27001 - ITAF - Planning an IT audit Sample by Fernando
The company Librería On-Line S.A., which sells books through its web portal, has been the victim of cybercriminals who managed to steal through its web portal has been the victim of cybercriminals who managed to steal the access credentials of its customers. the access credentials of its clients. As a result, Librería On-Line S.A. suffered a loss of reputation loss of reputation, trust and image, loss of market share, loss of reputation, trust and image, loss of market share, distrust in its shareholders, loss of loyal customers, decrease in sales, and uncertainty among sales and uncertainty among current customers. In order to change the aforementioned problems and reinforce the level of security of their Librería On-Line S.A. has decided to hire a security audit as the main to contract a security audit with the company InfoSecurity.
ISO27001 - Phases Sample by Fernando
Distribuciones Mariano is a company dedicated to the sale and installation of electrical equipment to individuals and electrical material to individuals and professionals nationwide. In order to optimize the processes, Distribuciones Mariano has acquired a platform for Internet. The purpose of this report is to show my way of developing audit reports based in Phases and Process.
Security Misconfiguration
CozyHosting - Hack The Box
CozyHosting is a machine of HTB. The machine has a Website with nginx, for this reason has access limited, later u can steal the cookies of an site in actuators/sessions, with the session we can intercept the request to login, later doing using a reverse shell to join like app, next continue scanning all possibilities with linpeas and finally with a file .jar can get password of postgre where is the password of ssh service to Privilege Escalation.
Responder - Hack The Box
Responder is a machine of Starting Point of HTB. The machine has a PHP Website in Apache, you can doing LFI (local file inclusion) to claim the flag.
Crocodile - Hack The Box
Crocodile is a machine of Starting Point of HTB. The machine has a FTP Service and a Website in Apache where isn’t possible connect without password to claim the flag.
A05:2021
CozyHosting - Hack The Box
CozyHosting is a machine of HTB. The machine has a Website with nginx, for this reason has access limited, later u can steal the cookies of an site in actuators/sessions, with the session we can intercept the request to login, later doing using a reverse shell to join like app, next continue scanning all possibilities with linpeas and finally with a file .jar can get password of postgre where is the password of ssh service to Privilege Escalation.
Responder - Hack The Box
Responder is a machine of Starting Point of HTB. The machine has a PHP Website in Apache, you can doing LFI (local file inclusion) to claim the flag.
Crocodile - Hack The Box
Crocodile is a machine of Starting Point of HTB. The machine has a FTP Service and a Website in Apache where isn’t possible connect without password to claim the flag.
Nginx
Keeper - Hack The Box
Keeper is a machine of HTB. The machine has a Website with nginx WAF, for this reason has access limited, later u can join to the system with default credentials, later get the password of an user lisa for the connection ssh, later download the .dmp file and recovery old session, next using the old session with private-openssh ssh service join like root.
Keeper - Hack The Box
Keeper is a machine of HTB. The machine has a Website with nginx WAF, for this reason has access limited, later u can join to the system with default credentials, later get the password of an user lisa for the connection ssh, later download the .dmp file and recovery old session, next using the old session with private-openssh ssh service join like root.
CozyHosting - Hack The Box
CozyHosting is a machine of HTB. The machine has a Website with nginx, for this reason has access limited, later u can steal the cookies of an site in actuators/sessions, with the session we can intercept the request to login, later doing using a reverse shell to join like app, next continue scanning all possibilities with linpeas and finally with a file .jar can get password of postgre where is the password of ssh service to Privilege Escalation.
Planning
ISO27001 - Risk Analysis on ISO27001:2013 Sample by Fernando
Implementation of a cybersecurity management plan. Based on the above example of the Hotel.
ISO27001 - ISMS pre-audit Sample by Fernando
The objective of this example is focused on performing a pre-audit of the security management compliance level of a company. a) Creation of a project: Creation of an audit project of a company, defining the company. b) Asset categorization: Identify at least 15 valuable assets of the organization. c) Controls analysis: Study and analyze the main controls of the organization. Focus on the first 6 domains.
ISO27001 - ITAF - Planning an IT audit Sample by Fernando
The company Librería On-Line S.A., which sells books through its web portal, has been the victim of cybercriminals who managed to steal through its web portal has been the victim of cybercriminals who managed to steal the access credentials of its customers. the access credentials of its clients. As a result, Librería On-Line S.A. suffered a loss of reputation loss of reputation, trust and image, loss of market share, loss of reputation, trust and image, loss of market share, distrust in its shareholders, loss of loyal customers, decrease in sales, and uncertainty among sales and uncertainty among current customers. In order to change the aforementioned problems and reinforce the level of security of their Librería On-Line S.A. has decided to hire a security audit as the main to contract a security audit with the company InfoSecurity.
php
Appointment - Hack The Box
Appointment is a machine of Starting Point of HTB. The machine has a PHP web app and the objetive is find a command injection vulnerability in the site to claim the flag.
Travel - Hack The Box
Travel is an awesome box from my ATeam teammates xct and jkr. The box has a code review part where we analyze the source code of a PHP web app to find a command injection vulnerability in a curl command. We then use the Gopher protocol to perform SSRF and write a serialized PHP payload into the memcache database. For the priv esc part, we manipulate attributes of a user in an LDAP database which is used by the NSS facility to extend the Linux authentication database.
mysql
Sequel - Hack The Box
Sequel is a machine of Starting Point of HTB. The machine has a Mysql Service and it’s possible connect without password to claim the flag.
Appointment - Hack The Box
Appointment is a machine of Starting Point of HTB. The machine has a PHP web app and the objetive is find a command injection vulnerability in the site to claim the flag.
injection
Sequel - Hack The Box
Sequel is a machine of Starting Point of HTB. The machine has a Mysql Service and it’s possible connect without password to claim the flag.
Appointment - Hack The Box
Appointment is a machine of Starting Point of HTB. The machine has a PHP web app and the objetive is find a command injection vulnerability in the site to claim the flag.
A06:2021
Keeper - Hack The Box
Keeper is a machine of HTB. The machine has a Website with nginx WAF, for this reason has access limited, later u can join to the system with default credentials, later get the password of an user lisa for the connection ssh, later download the .dmp file and recovery old session, next using the old session with private-openssh ssh service join like root.
Sau - Hack The Box
Sau is a machine of HTB. The machine has a SSH port open and antoher service TCP, you can doing create an token HTTP to later open a service called Maltrail, later you can search an exploit in this service to claim the flag.
HTTP
Keeper - Hack The Box
Keeper is a machine of HTB. The machine has a Website with nginx WAF, for this reason has access limited, later u can join to the system with default credentials, later get the password of an user lisa for the connection ssh, later download the .dmp file and recovery old session, next using the old session with private-openssh ssh service join like root.
CozyHosting - Hack The Box
CozyHosting is a machine of HTB. The machine has a Website with nginx, for this reason has access limited, later u can steal the cookies of an site in actuators/sessions, with the session we can intercept the request to login, later doing using a reverse shell to join like app, next continue scanning all possibilities with linpeas and finally with a file .jar can get password of postgre where is the password of ssh service to Privilege Escalation.
SSH
Keeper - Hack The Box
Keeper is a machine of HTB. The machine has a Website with nginx WAF, for this reason has access limited, later u can join to the system with default credentials, later get the password of an user lisa for the connection ssh, later download the .dmp file and recovery old session, next using the old session with private-openssh ssh service join like root.
CozyHosting - Hack The Box
CozyHosting is a machine of HTB. The machine has a Website with nginx, for this reason has access limited, later u can steal the cookies of an site in actuators/sessions, with the session we can intercept the request to login, later doing using a reverse shell to join like app, next continue scanning all possibilities with linpeas and finally with a file .jar can get password of postgre where is the password of ssh service to Privilege Escalation.
Privilege Escalation
Keeper - Hack The Box
Keeper is a machine of HTB. The machine has a Website with nginx WAF, for this reason has access limited, later u can join to the system with default credentials, later get the password of an user lisa for the connection ssh, later download the .dmp file and recovery old session, next using the old session with private-openssh ssh service join like root.
CozyHosting - Hack The Box
CozyHosting is a machine of HTB. The machine has a Website with nginx, for this reason has access limited, later u can steal the cookies of an site in actuators/sessions, with the session we can intercept the request to login, later doing using a reverse shell to join like app, next continue scanning all possibilities with linpeas and finally with a file .jar can get password of postgre where is the password of ssh service to Privilege Escalation.
Audit
ISO27001 - ITAF - Planning an IT audit Sample by Fernando
The company Librería On-Line S.A., which sells books through its web portal, has been the victim of cybercriminals who managed to steal through its web portal has been the victim of cybercriminals who managed to steal the access credentials of its customers. the access credentials of its clients. As a result, Librería On-Line S.A. suffered a loss of reputation loss of reputation, trust and image, loss of market share, loss of reputation, trust and image, loss of market share, distrust in its shareholders, loss of loyal customers, decrease in sales, and uncertainty among sales and uncertainty among current customers. In order to change the aforementioned problems and reinforce the level of security of their Librería On-Line S.A. has decided to hire a security audit as the main to contract a security audit with the company InfoSecurity.
ISO27001 - Phases Sample by Fernando
Distribuciones Mariano is a company dedicated to the sale and installation of electrical equipment to individuals and electrical material to individuals and professionals nationwide. In order to optimize the processes, Distribuciones Mariano has acquired a platform for Internet. The purpose of this report is to show my way of developing audit reports based in Phases and Process.
vhosts
Travel - Hack The Box
Travel is an awesome box from my ATeam teammates xct and jkr. The box has a code review part where we analyze the source code of a PHP web app to find a command injection vulnerability in a curl command. We then use the Gopher protocol to perform SSRF and write a serialized PHP payload into the memcache database. For the priv esc part, we manipulate attributes of a user in an LDAP database which is used by the NSS facility to extend the Linux authentication database.
git
Travel - Hack The Box
Travel is an awesome box from my ATeam teammates xct and jkr. The box has a code review part where we analyze the source code of a PHP web app to find a command injection vulnerability in a curl command. We then use the Gopher protocol to perform SSRF and write a serialized PHP payload into the memcache database. For the priv esc part, we manipulate attributes of a user in an LDAP database which is used by the NSS facility to extend the Linux authentication database.
memcache
Travel - Hack The Box
Travel is an awesome box from my ATeam teammates xct and jkr. The box has a code review part where we analyze the source code of a PHP web app to find a command injection vulnerability in a curl command. We then use the Gopher protocol to perform SSRF and write a serialized PHP payload into the memcache database. For the priv esc part, we manipulate attributes of a user in an LDAP database which is used by the NSS facility to extend the Linux authentication database.
ssrf
Travel - Hack The Box
Travel is an awesome box from my ATeam teammates xct and jkr. The box has a code review part where we analyze the source code of a PHP web app to find a command injection vulnerability in a curl command. We then use the Gopher protocol to perform SSRF and write a serialized PHP payload into the memcache database. For the priv esc part, we manipulate attributes of a user in an LDAP database which is used by the NSS facility to extend the Linux authentication database.
gopher
Travel - Hack The Box
Travel is an awesome box from my ATeam teammates xct and jkr. The box has a code review part where we analyze the source code of a PHP web app to find a command injection vulnerability in a curl command. We then use the Gopher protocol to perform SSRF and write a serialized PHP payload into the memcache database. For the priv esc part, we manipulate attributes of a user in an LDAP database which is used by the NSS facility to extend the Linux authentication database.
deserialization
Travel - Hack The Box
Travel is an awesome box from my ATeam teammates xct and jkr. The box has a code review part where we analyze the source code of a PHP web app to find a command injection vulnerability in a curl command. We then use the Gopher protocol to perform SSRF and write a serialized PHP payload into the memcache database. For the priv esc part, we manipulate attributes of a user in an LDAP database which is used by the NSS facility to extend the Linux authentication database.
ldap
Travel - Hack The Box
Travel is an awesome box from my ATeam teammates xct and jkr. The box has a code review part where we analyze the source code of a PHP web app to find a command injection vulnerability in a curl command. We then use the Gopher protocol to perform SSRF and write a serialized PHP payload into the memcache database. For the priv esc part, we manipulate attributes of a user in an LDAP database which is used by the NSS facility to extend the Linux authentication database.
viminfo
Travel - Hack The Box
Travel is an awesome box from my ATeam teammates xct and jkr. The box has a code review part where we analyze the source code of a PHP web app to find a command injection vulnerability in a curl command. We then use the Gopher protocol to perform SSRF and write a serialized PHP payload into the memcache database. For the priv esc part, we manipulate attributes of a user in an LDAP database which is used by the NSS facility to extend the Linux authentication database.
nss
Travel - Hack The Box
Travel is an awesome box from my ATeam teammates xct and jkr. The box has a code review part where we analyze the source code of a PHP web app to find a command injection vulnerability in a curl command. We then use the Gopher protocol to perform SSRF and write a serialized PHP payload into the memcache database. For the priv esc part, we manipulate attributes of a user in an LDAP database which is used by the NSS facility to extend the Linux authentication database.
A03:2021
Appointment - Hack The Box
Appointment is a machine of Starting Point of HTB. The machine has a PHP web app and the objetive is find a command injection vulnerability in the site to claim the flag.
A07:2021
Sequel - Hack The Box
Sequel is a machine of Starting Point of HTB. The machine has a Mysql Service and it’s possible connect without password to claim the flag.
FTP
Crocodile - Hack The Box
Crocodile is a machine of Starting Point of HTB. The machine has a FTP Service and a Website in Apache where isn’t possible connect without password to claim the flag.
NTLM
Responder - Hack The Box
Responder is a machine of Starting Point of HTB. The machine has a PHP Website in Apache, you can doing LFI (local file inclusion) to claim the flag.
LFI
Responder - Hack The Box
Responder is a machine of Starting Point of HTB. The machine has a PHP Website in Apache, you can doing LFI (local file inclusion) to claim the flag.
Vulnerable Components
Sau - Hack The Box
Sau is a machine of HTB. The machine has a SSH port open and antoher service TCP, you can doing create an token HTTP to later open a service called Maltrail, later you can search an exploit in this service to claim the flag.
Exploit CWE
Sau - Hack The Box
Sau is a machine of HTB. The machine has a SSH port open and antoher service TCP, you can doing create an token HTTP to later open a service called Maltrail, later you can search an exploit in this service to claim the flag.
Vulnerable and outdated components
Sau - Hack The Box
Sau is a machine of HTB. The machine has a SSH port open and antoher service TCP, you can doing create an token HTTP to later open a service called Maltrail, later you can search an exploit in this service to claim the flag.
burpsuite
CozyHosting - Hack The Box
CozyHosting is a machine of HTB. The machine has a Website with nginx, for this reason has access limited, later u can steal the cookies of an site in actuators/sessions, with the session we can intercept the request to login, later doing using a reverse shell to join like app, next continue scanning all possibilities with linpeas and finally with a file .jar can get password of postgre where is the password of ssh service to Privilege Escalation.
Postgresql
CozyHosting - Hack The Box
CozyHosting is a machine of HTB. The machine has a Website with nginx, for this reason has access limited, later u can steal the cookies of an site in actuators/sessions, with the session we can intercept the request to login, later doing using a reverse shell to join like app, next continue scanning all possibilities with linpeas and finally with a file .jar can get password of postgre where is the password of ssh service to Privilege Escalation.
Reverse Shell
CozyHosting - Hack The Box
CozyHosting is a machine of HTB. The machine has a Website with nginx, for this reason has access limited, later u can steal the cookies of an site in actuators/sessions, with the session we can intercept the request to login, later doing using a reverse shell to join like app, next continue scanning all possibilities with linpeas and finally with a file .jar can get password of postgre where is the password of ssh service to Privilege Escalation.
WAF
Keeper - Hack The Box
Keeper is a machine of HTB. The machine has a Website with nginx WAF, for this reason has access limited, later u can join to the system with default credentials, later get the password of an user lisa for the connection ssh, later download the .dmp file and recovery old session, next using the old session with private-openssh ssh service join like root.
dmp credentials
Keeper - Hack The Box
Keeper is a machine of HTB. The machine has a Website with nginx WAF, for this reason has access limited, later u can join to the system with default credentials, later get the password of an user lisa for the connection ssh, later download the .dmp file and recovery old session, next using the old session with private-openssh ssh service join like root.
Vulnerable and Outdated Components
Keeper - Hack The Box
Keeper is a machine of HTB. The machine has a Website with nginx WAF, for this reason has access limited, later u can join to the system with default credentials, later get the password of an user lisa for the connection ssh, later download the .dmp file and recovery old session, next using the old session with private-openssh ssh service join like root.
Phases
ISO27001 - Phases Sample by Fernando
Distribuciones Mariano is a company dedicated to the sale and installation of electrical equipment to individuals and electrical material to individuals and professionals nationwide. In order to optimize the processes, Distribuciones Mariano has acquired a platform for Internet. The purpose of this report is to show my way of developing audit reports based in Phases and Process.
Applocker
FORTIFICATION OF A WINDOWS SERVER ENVIRONMENT by Fernando
In this activity we are asked to put into practice the knowledge acquired in the first topic of the operating systems security course. We are asked to deploy a domain controller and a computer attached to it, on which we will apply different security measures, both at the domain level to this one in which we will apply different security measures, both at domain level and in the as well as on the computer itself. For this purpose, the laboratory has been carried out on a Windows Server 2016 virtual machine and a Windows Server 2016 virtual machine. Windows Server 2016 virtual machine and a Windows 7 client machine.
Powershell
FORTIFICATION OF A WINDOWS SERVER ENVIRONMENT by Fernando
In this activity we are asked to put into practice the knowledge acquired in the first topic of the operating systems security course. We are asked to deploy a domain controller and a computer attached to it, on which we will apply different security measures, both at the domain level to this one in which we will apply different security measures, both at domain level and in the as well as on the computer itself. For this purpose, the laboratory has been carried out on a Windows Server 2016 virtual machine and a Windows Server 2016 virtual machine. Windows Server 2016 virtual machine and a Windows 7 client machine.
Active Directory
FORTIFICATION OF A WINDOWS SERVER ENVIRONMENT by Fernando
In this activity we are asked to put into practice the knowledge acquired in the first topic of the operating systems security course. We are asked to deploy a domain controller and a computer attached to it, on which we will apply different security measures, both at the domain level to this one in which we will apply different security measures, both at domain level and in the as well as on the computer itself. For this purpose, the laboratory has been carried out on a Windows Server 2016 virtual machine and a Windows Server 2016 virtual machine. Windows Server 2016 virtual machine and a Windows 7 client machine.
Windows Server
FORTIFICATION OF A WINDOWS SERVER ENVIRONMENT by Fernando
In this activity we are asked to put into practice the knowledge acquired in the first topic of the operating systems security course. We are asked to deploy a domain controller and a computer attached to it, on which we will apply different security measures, both at the domain level to this one in which we will apply different security measures, both at domain level and in the as well as on the computer itself. For this purpose, the laboratory has been carried out on a Windows Server 2016 virtual machine and a Windows Server 2016 virtual machine. Windows Server 2016 virtual machine and a Windows 7 client machine.
Windows7
FORTIFICATION OF A WINDOWS SERVER ENVIRONMENT by Fernando
In this activity we are asked to put into practice the knowledge acquired in the first topic of the operating systems security course. We are asked to deploy a domain controller and a computer attached to it, on which we will apply different security measures, both at the domain level to this one in which we will apply different security measures, both at domain level and in the as well as on the computer itself. For this purpose, the laboratory has been carried out on a Windows Server 2016 virtual machine and a Windows Server 2016 virtual machine. Windows Server 2016 virtual machine and a Windows 7 client machine.
Proxy
FORTIFICATION OF A LINUX ENVIRONMENT by Fernando
The activity will allow to put into practice the concepts related to Linux systems. Specifically, an Ubuntu system will be fortified, restricting access to privileged users, securely managing access via SSH, restricting web browsing with a proxy and creating users with specific permissions. The same company of the windows fortification has contacted us again to request the installation and secure configuration of a virtual machine based on VirtualBox and whose operating system is Ubuntu.
Bash
FORTIFICATION OF A LINUX ENVIRONMENT by Fernando
The activity will allow to put into practice the concepts related to Linux systems. Specifically, an Ubuntu system will be fortified, restricting access to privileged users, securely managing access via SSH, restricting web browsing with a proxy and creating users with specific permissions. The same company of the windows fortification has contacted us again to request the installation and secure configuration of a virtual machine based on VirtualBox and whose operating system is Ubuntu.
OpenSSH
FORTIFICATION OF A LINUX ENVIRONMENT by Fernando
The activity will allow to put into practice the concepts related to Linux systems. Specifically, an Ubuntu system will be fortified, restricting access to privileged users, securely managing access via SSH, restricting web browsing with a proxy and creating users with specific permissions. The same company of the windows fortification has contacted us again to request the installation and secure configuration of a virtual machine based on VirtualBox and whose operating system is Ubuntu.
Squid
FORTIFICATION OF A LINUX ENVIRONMENT by Fernando
The activity will allow to put into practice the concepts related to Linux systems. Specifically, an Ubuntu system will be fortified, restricting access to privileged users, securely managing access via SSH, restricting web browsing with a proxy and creating users with specific permissions. The same company of the windows fortification has contacted us again to request the installation and secure configuration of a virtual machine based on VirtualBox and whose operating system is Ubuntu.
Linux
FORTIFICATION OF A LINUX ENVIRONMENT by Fernando
The activity will allow to put into practice the concepts related to Linux systems. Specifically, an Ubuntu system will be fortified, restricting access to privileged users, securely managing access via SSH, restricting web browsing with a proxy and creating users with specific permissions. The same company of the windows fortification has contacted us again to request the installation and secure configuration of a virtual machine based on VirtualBox and whose operating system is Ubuntu.
Ubuntu
FORTIFICATION OF A LINUX ENVIRONMENT by Fernando
The activity will allow to put into practice the concepts related to Linux systems. Specifically, an Ubuntu system will be fortified, restricting access to privileged users, securely managing access via SSH, restricting web browsing with a proxy and creating users with specific permissions. The same company of the windows fortification has contacted us again to request the installation and secure configuration of a virtual machine based on VirtualBox and whose operating system is Ubuntu.
Pre-Audit
ISO27001 - ISMS pre-audit Sample by Fernando
The objective of this example is focused on performing a pre-audit of the security management compliance level of a company. a) Creation of a project: Creation of an audit project of a company, defining the company. b) Asset categorization: Identify at least 15 valuable assets of the organization. c) Controls analysis: Study and analyze the main controls of the organization. Focus on the first 6 domains.
Risk Analysis
ISO27001 - Risk Analysis on ISO27001:2013 Sample by Fernando
Implementation of a cybersecurity management plan. Based on the above example of the Hotel.