DFIR Blog
  • Infosec
    • Blog
    • Threat Landscape
  • Digital Forensics
    • Windows Forensics
    • Mac Forensics
    • Memory Forensics
    • Forensic Resources
  • Incident Response
  • CISSP
    • Domain-1
    • Domain-2
    • Domain-3
    • Domain-4
    • Domain-5
    • Domain-6
    • Domain-7
    • Domain-8
  • Contact
  • HTB
  • Productivity

Incident Response Forensics

DIG - Domain Information Groper

9/29/2019

 
Dig is one of the more popular command to enumerate the information about a DNS Record.Lets see it in action. Get IPv4 Infomation about the domain
Picture
Get IP v6 Information
Picture
Get Information about Name Servers
Picture
Mail Server Information
Picture
Certification Info
Picture
Running Dig with Nmap
Picture
Couple of GUI based tools you can use for this purpose are as follows:
  • https://toolbox.googleapps.com/apps/dig/
  • https://urlscan.io

Investigating Linux Hardware

9/28/2019

 
In this post, we are going to discuss about how linux handles hardware and interact with them via command-line. udev service, is responsible for managing linux devices.

All information related to the hardware is in the /dev pseudo file system. We will run the following commands to understand it in detail.

​lspci - Displays Information of PCI Devices Attached
lsusb - Displays Information on USB Devices Attached
lscpu - Displays Information on Processes on a System
lsblk  - Displays information on all block devices on the system

Linux Kernel

9/28/2019

 

Linux kernel is the core framework of the operating system with any Linux operating system typically known as the GNU/Linux operating system. 
  • The GNU portion pertains to all of the tools, such as bash commands, different types of shells and other utilities that you can use on the system. 
  • The Linux side of that title pertains to the Linux kernel itself. 

The Linux kernel provides a way for the rest of the system to operate with its hardware that's connected to it. All the memories, such as the hard disk and the ram, has plugged into the system. The networking capabilities of the computer and, of course, itself. And what we mean by itself is the kernel's ability to communicate with this various subsystems.

The Linux kernel is known as a monolithic kernel, and what that means is that the kernel handles all memory management and hardware device interactions by itself. Also, extra functionality can be loaded and unloaded dynamically through kernel modules. A monolithic kernel ensures that the system will not need to be rebooted into a different kernel image for added functionality. 

Command for Linux Kernel Module
  • uname - Display information about currently running kernel.Commonly used as uname -a 
  • lsmod - Displays a listing of all currently loaded Kernal Modules
  • Modinfo - Display Information about a specific Kernel Module
  • Modprobe - Commonly used Dynamically load and unload Kernel Modules at runtime 

Pseudo File System - Linux

9/28/2019

 
In this post, we're going to take a look at pseudo file systems. 

What is a pseudo file system? 
File system is a method of laying off files and folders on a physical hard disk. Within Linux, every file and folder is actually nothing more than just a file itself. The hard drive, network information, keyboard, display monitor. Everything is seen as a file within Linux.

A pseudo file system, on the other hand, does not exist on a physical hard disk. It actually is created by the Linux Kernel after the computer boots up, and it only exists and RAM while the system is up and running. Once you shut your computer off, that file system no longer exist as it gets wiped out when the RAM is cleaned. When your system boots up, the kernel would create another pseudo file system, using the same directories that will hold all of the information that the kernel in a system uses. 

There are multiple pseudo files systems that are used within Linux, but the two main ones are
  • /proc 
  • /sys 


AWS CLI

9/21/2019

 
List all the AWS S3 Buckets
​aws s3api list-buckets --query "Buckets[].Name"

See if you can get a response from an AWS endpoint
​ curl <ip:port> -s | xmllint --format -

Access Public S3 Bucket:
​ aws --endpoint <url:port> --no-sign-request s3 ls s3://public

you can use 'cp' command to copy the data to your local machine.


    Archives

    April 2020
    September 2019
    August 2019
    July 2019
    June 2019
    April 2019
    February 2019
    March 2018

    Categories

    All
    Aws
    Cloud
    Dfir
    Incident Response
    Linux
    Recon

    RSS Feed

  • Infosec
    • Blog
    • Threat Landscape
  • Digital Forensics
    • Windows Forensics
    • Mac Forensics
    • Memory Forensics
    • Forensic Resources
  • Incident Response
  • CISSP
    • Domain-1
    • Domain-2
    • Domain-3
    • Domain-4
    • Domain-5
    • Domain-6
    • Domain-7
    • Domain-8
  • Contact
  • HTB
  • Productivity