Browsed by
Category: SECFND

Decode Windows Autounattend.xml password using PowerShell

Decode Windows Autounattend.xml password using PowerShell

Recently I needed to recover the password that I forgot from Windows unattended installer file Autounattend.xml. Password is stored in this file as Base64 encoded value which can be easily decoded with following lines of Powershell script. $EncodedText = “UABhAHMAcwB3AG8AcgBkAA==” $DecodedText = [System.Text.Encoding]::Unicode.GetString([System.Convert]::FromBase64String($EncodedText)) $DecodedText To encode using PowerShell: $EncodedText = “UABhAHMAcwB3AG8AcgBkAA==” $DecodedText = [System.Text.Encoding]::Unicode.GetString([System.Convert]::FromBase64String($EncodedText)) $DecodedText

Public Key Infrastructure (PKI) Explanation

Public Key Infrastructure (PKI) Explanation

Recently one of my colleagues asked me to about a good explanation of PKI. So i decided to collect him some materials from Cisco. I think following explanation of PKI is brilliant. Thanks to Cisco. PKI OVERVIEW A substantial challenge with both asymmetric encryption and digital certificates is the secure distribution of public keys. How do you know that you have the real public key of the other system and not the public key of an attacker who is trying…

Read More Read More

Linux Process Creation

Linux Process Creation

New processes are created in Linux with a fork-and-exec mechanism. When a process makes a fork call, a new process with a new PID is created. The process that made the fork call is the parent process and the new process is the child process. The child process starts as a duplicate of the parent process, with some significant status changes. Both processes receive a value from the fork call. The parent process receives the PID of the child process…

Read More Read More

OpenSSL Generating Private and Public Key Pair

OpenSSL Generating Private and Public Key Pair

In this post I will create asymmetric encryption key pair and then demonstrate the encryption and decryption of sample test.txt file with Private and Public keys using OpenSSL in Linux 1. Generate 4096-bit RSA Private key and protect it with “secops1” pass phrase using 128-bit AES encryption and store it as private.pem file openssl genrsa -aes128 -passout pass:secops1 -out private.pem 4096 Encryption of private key with AES and a pass phrase provides an extra layer of protection for the key….

Read More Read More

Describing Security Event Analysis: Diamond Model for Intrusion Analysis

Describing Security Event Analysis: Diamond Model for Intrusion Analysis

Critical thinking skills are a core requirement for a security analyst. The security analyst must be able to link together logs, events, and other meta-data by identifying patterns across a massive amount of gathered data. The diamond model, developed by Caltagirone, Pendergast, and Betz is a method for helping the security analysts derive order from the chaos. The basic intent of the diamond model is to create a systematic way to analyze events in a repeatable way so that the…

Read More Read More

Regulatory Compliance

Regulatory Compliance

Compliance regulations are a major driver for security in organizations of all kinds. They define not only the scope and parameters for the risk and security architectures of an organization, but also the liability for those organizations that fail to comply. Current trends in regulatory compliance include the following: Strengthened enforcement Global spread of data breach notification laws More prescriptive regulations Growing requirements regarding third parties (business partners) Risk-based compliance on the rise Compliance process streamlined and automated The following…

Read More Read More

Access Control Models

Access Control Models

Access control includes control over access to the network resources, information system resources, and information. It is crucial for an organization to implement the proper access controls to protect the organization’s resources and information. A security analyst should understand the different basic models for implementing access controls in order to better understand how attackers can break the access controls. Mandatory Access Control Secures information by assigning sensitivity (security level) labels on information and comparing it to the level of sensitivity…

Read More Read More

Describing Security Event Analysis: Cyber Kill Chain

Describing Security Event Analysis: Cyber Kill Chain

The cyber kill chain is a model that describes the structure of an attack. One of an analyst’s key jobs is to understand exactly what the attackers did. The steps of the kill chain enhance visibility into an attack and enrich an analyst’s understanding of an adversary’s tactics, techniques, and procedures.   The following lists the seven stages of the cyber kill chain: Reconnaissance: Research, identification and selection of targets, often represented as crawling Internet websites such as conference proceedings and…

Read More Read More

IPS Evasion Techniques

IPS Evasion Techniques

Traffic Fragmentation One of the early network IPS evasion techniques used fragmentation of traffic to attempt to bypass the network IPS sensor. Fragmentation-based evasion refers to any evasion attempts where the attacker fragments the malicious traffic, hoping to avoid detection or filtering in the following ways: Bypassing the network IPS sensor if the IPS sensor does not perform any fragment reassembly Reordering the fragments, hoping the network IPS sensor does not correctly reorder the fragments Classic examples of fragmentation-based evasion…

Read More Read More

Describing Information Security Concepts: Risk

Describing Information Security Concepts: Risk

Risk is a function of the likelihood of a given threat source’s exercising a particular potential vulnerability, and the resulting impact of that adverse event on the organization. Managing risk is a complex, multifaceted activity that requires the involvement of the entire organization. The NIST Special Publication 800-39: Risk Management Guide for Information Technology Systems defines some common risk terminology that is appropriate for security analysts, as follows: Risk= Threats x Vulnerabilities x Impact A threat source is an intent…

Read More Read More