types of social engineering attacks

Social Engineering:
 It involves psychological manipulation on users making them share confidential information by making trust relation.
Following are some types of social engineering attacks.

Phishing:
  Tools used for attack: Emails
 Attacking sends mails seeming like legitimate user. Intention could be steal user data like credit cards, username password.  Mail could have malicious link or a downloadable.


Spear Phishing
Tools used for attack: Emails
Attacking sends mails seeming like legitimate user targeting a specific group or a person.
Intention could be to steel confidential information.

Whaling
Attacker targeting people are executive level or any influential position.

Vishing:
  Tools used for attack: Phone
Attacker using telephone to persuade user in providing sensitive information

Tailgating or piggybacking:
Tools used for attack:  None
Person gaining to un authorized area by impersonating or by persuading a person to gain accessing using interpersonal skills.



Dumpster Diving:
Tools used for attack:  None
Attacker searchers through trash or garbage or in and around user to get user information.


Shoulder Surfing:
  Tools used for attack:  no tool, physical requires building trust.
Attacker hovers or spies over a user, while user enters PIN at atm or passwords.



Watering Hole Attack
  Tools used for attack:  websites
Attacker infects websites which user access and send intern infect the user when he accessing the infected website.
Posted by at No comments:
Labels: , ,

Making custom module to execute for httpd in selinux enforcing mode


Check if SeLinux is enabled or not using command getenforce.

[root@hostname /]# getenforce
Disabled



Navigate to Make sure /etc/selinux/config and set SELINUX to enforcing mode.


# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of three two values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected.
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

reboot the machine.

[root@hostname  ~]# getenforce
Enforcing




For custom module which is present in any custom directory say /test/seenabled directory.

For apache httpd to load custom library present in custom module, selinux would block the request, this can be seen using command:
journalctl -xe

this would show module failed to load.

Execute permission for custom module:


 Background to execute permission :
 ls -Z /usr/sbin/httpd
-rwxr-xr-x. root root system_u:object_r:httpd_exec_t:s0 /usr/sbin/httpd

  shows the permission for selinux are httpd_exec_t.
ls -Z custommodule.so
-rwxrwxr-x. root root system_u:object_r:default_t:s0

hence selinux block the access


chcon --reference=/usr/sbin/httpd  <destinationfolder>
example
chcon --reference=/usr/sbin/httpd /test/seenabled/*

this will inherit all the properties that httpd contains to others custom modules directory.
same can be applied if other modules are present in different directory.
   




Log Writing or other write permission to custom module.

If the custom module contains code to write log to different file apart for error_log, then 
write permissions needs to provided to directory
chcon -t httpd_sys_rw_content_t /<destinationfolder>
example:
chcon -t httpd_sys_rw_content_t /test/seenabled/logggin/*


Reading custom files with custom modules

chcon -t httpd_sys_ra_content_t  /<destinationfolder>

example:
chcon -t httpd_sys_rw_content_t /test/seenabled/configuration/*






Posted by at 16 comments:
Labels: , , , ,

windows core dump enabling

Save the following into file  with extension..


create a folder by name : CrashDumps in C:\ folder (say "C:\CrashDumps ")


core.reg

For Full Dump:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps]
"DumpFolder"="C:\\CrashDumps"
"DumpCount"=dword:00000011
"DumpType"=dword:00000002
"CustomDumpFlags"=dword:00000000



For Mini Dump

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps]
"DumpFolder"="C:\\CrashDumps"
"DumpCount"=dword:00000011
"DumpType"=dword:00000001
"CustomDumpFlags"=dword:00000000


Double click on the file..
It would add the registry data into registry.


Posted by at No comments:

Getting Started with Docker

Install docker

Enabling and start!!
systemctl status docker
systemctl enable docker
systemctl start docker


Create  docker file 

name : Dockerfile

Create a sample file index.html in the same folder.

Create a file name Dockerfile and have below content in it and save the file.

FROM centos
MAINTAINER kishore@test.com

ENV JAVA_VERSION 8u31
ENV BUILD_VERSION b13
RUN yum -y install httpd.x86_64
COPY index.html  /var/www/html/index.html




Build a docker file :
docker build -t samplek .

List of docker images

docker images

docker ps

Run a docker instance : 
docker run -d -i -t samplek /bin/bash

docker ps
Connect to docker instance
docker exec -i -t 1a5c9f21825d /bin/bash

control +D to come out of docker

stop docker instance
docker container stop <docker instance name>


Posted by at No comments:
Labels: , ,
Subscribe to: Posts (Atom)