akde/infosec

Click Here

  • First steps after an incident

    If the sys­tem is pow­ered off: If the sys­tem is active: If the sys­tem is a VM: Oth­er systems: Ques­tions:

  • Various blue team / red team notes

    Blue team Use knockd to hide SSH List the arp cache and check if mul­ti­ple IPs routes to the same phys­i­cal adress. Maybe a MitM attack is in progress. More secure development If an attack­er can write files but not direc­to­ries, it could be a good idea to store sen­si­tive files in anoth­er sub­dir. If this…

  • Pentests ./. Vulnerability Assessments

    Vul­ner­a­bil­i­ty Assessment Pen­test Focus All vul­ner­a­bil­i­ties Only exploitable vulnerabilities Depth On the sur­face only On mul­ti­ple lay­ers (incl. pivoting) Risk Esti­mat­ed Enables for bet­ter esti­ma­tion due to com­bi­na­tion of vulnerabilities