Logo
RSS Feed

⚔️ Attacks DB

📚 Technical Reference

Network Topology It’s a geometric arrangment of hosts and network devices. Can be physical (cables and PCs’ layout) or logical (informaiton transmission methods).

⛔️ Access Controls

DAC I am the leader! I’m the one that says when we go. A user, who’s the owner of the file or another object defines who can and who cannot view it.

Gaining Initial Access

📚 Network Anonymity Techniques

Evasion techniques and what possible forensic footprints they are likely to leave? VPN Virtual private network.

Binary Attacks

Recent Activity

Application Attacks

Pipes

A named pipe is not exactly the same as a reverse shell, but it can be used in a similar way to establish a remote connection between two systems.

Persistence and Escalation Mechanisms

DoS Attacks and Mitigations

In this article, I will cover the main DoS techniques and how they look in the logs. I will also cover some main mitigation techniques.

Evasion Techniques

This is about … .

📚 Cloud

📚 Containers

Host-based IDP/IPS

Host-based IDS look for local system configurations and behaviour, while network-based IDS look for network connections and looks for anomalies and common signatures.

IDS and IPS as firewall’s filters. There are Control Plane (looks after the OS and routing table) and the Forwarding Plane (makes decisions on routing and discarding). If something happens to the Control Plane, the device will still forward the traffic (really???).

By default IDS only listens 👂 the traffic. It’s usually connected to the span port on a switch. Looks for anomalies and sends alerts. Won’t take any actions by default, but can be configured in such a way. If the IDS is down, nothing is changed for the rest of the network, it’s still operating.

IPS takes actions on its own. It is not connected to the span port, but rather is a gateway. Before it inspects and allows a packet through, nothing can move forward. So, if IPS is down, everyone is down (unless there is some load balancing enabled or may be some policy for such cases). Positioned right after the router, edge device or a firewall.

Network Recon

traceroute, tracert On Windows, it’s tracert (due to some legacy max-name-size limitations). On Linux and macOS - traceroute.

Port Scanning

There are several techniques for port scanning. Some of them work for one OS only.

📘 BTFM

dshell # MacOSX path to directory with pyenv (example): /Users/[user_name]/.pyenv/versions/3.8.5/envs/python3/lib/python3.8/site-packages/dshell/ decode -l # list decoders decode -d [decoder_name] # decoder info # who talked to whom decode -d ip [capture_file_name].

📚 Network Protocols

This set of articles describe network protocols for each layer separately. Each article may contain an attack description and how to metigate it.