Skip to main content


Being a Firewall Engineer : An Operational Approach: A Comprehensive guide on firewall operations and best practices

Glad to announce the second edition of my book, Being a Firewall Engineer : An Operational Approach: A Comprehensive guide on firewall operations and best practices is now live on Amazon . The firewall technologies and the landscape is rapidly changing and therefore i needed to make multiple changes from the first edition.This is not a configuration guide and is suitable for beginners and junior engineers. The following topics are briefly covered in the second edition of this book. Various Job roles related to Firewalls. What makes you a firewall expert? Know the major firewall vendors and their models. Firewall ranking and benchmarks. Understand the packet flow or order of operation. Understand the different types of firewalls. Daily tasks of a firewall administrator Guidelines on firewall hardening and compliance. Understand Change Management process. Illustration on How to make a firewall change (incorporating Change management process) with a real world example.
Recent posts

eLearnSecurity Resources [Syllabus,Report Templates, Useful links]

eLearnSecurity (ELS) offers a lot of great certifications in the field of Cybersecurity. Last year, ELS was acquired by INE. In my opinion, after the acquisition, there are a lot of gaps. First of all, many the links in the training materials are broken. Also information regarding the certification or the training materials are limited on the internet. Though INE has a community forum, getting a clear cut answer or solution is based on your luck. I haven't seen a lot of activity on their community page. It seems like many of the students are not even aware of this new community website. When i was preparing for some of the ELS courses, i was having a hard time to get information on the certification exam, even for the exam syllabus. I have also noticed that many like me, posting queries on syllabus, report templates etc on other websites like reddit, twitter etc. So, here are some of the useful links related to cybersecurity and its certifications, training and Syllabus. eJPT Penet

DFIR | [Fix] Cuckoo Error : Error starting virtual machine | VBoxManager error

If you are reading this, you might probably encountered the following error while performing the sample analysis in Cuckoo,  Error starting Virtual Machine / VBoxManage error.  This error happens when there is some communication issue between the guest and host or with the VM snapshot. The network configuration of the guest VM should be set as "Host only network" and verify the connectivity between the host and Guest by pinging each other. If that is fine, then check the guest VM snapshot. In my case, i had multiple snapshot and the one Cuckoo was invoking creates the issue. What i did was, i deleted all the existing snapshots and created a clean snapshot, also did a graceful shutdown of the Guest VM (Windows 7 in my case). Also noticed that, while running cuckoo, it try to load the VM snapshot named base2 . Instead of editing any configurations,  i just named the snapshot "base2". Then i put a sample on Cuckoo for analysis. The process completed without any issues.

DFIR KAPE : Evidence Collection

This post is an introduction on Kroll Artifact Parser and Extractor (KAPE) and how it can be used to collect evidences.  When a malware is executed, it usually leaves some evidences about its execution. These are important details used for investigation and forensics. KAPE is an evidence acquisition tool and can be used to acquire all the evidence of execution from the victim's system. The KAPE directory has two main folders. Modules and Targets.  KAPE Modules. The modules directory contains different directories and inside it, we can see the module files with .mkape file extension. That is how the modules are identified. These modules defines how to process the collected evidence, can use scripts or the installed applications. To view all the available modules, browse the Kape directory or execute from the command line. Run kape.exe --mlist . to list all the modules. It is also mentioned in the .mkape file on how to format and store the evidence output.  The bin folder contains

PACSP : Pentester Academy Cloud Security Bootcamp and Certification Review.

Recently i have attended the Cloud security boot-camp from Penetester Academy and has cleared the certification exam (PACSP). This is a simple review about the boot-camp and the certification exam. The boot-camp consists of 5 x 3 hour live interactive sessions. The instructor Jeswin Mathai knows his domain and has delivered the concepts pretty clear. The live sessions are via Zoom meeting and the participants can interact live through the discord channel. No questions unanswered. The discord channel can be also used for support issues, related to labs , access etc. Over all the training channels, delivery methods were excellent. When you signup for the boot-camp, you receives the access code for 50 days of lab access on their AttackDefense platform. Now about the course content, this is an AWS cloud pen-testing course  and as they mentioned on their website, the syllabus of this boot-camp focuses on the teaching you the fundamentals and exploits for the 5 most commonly used components

AWS Cloud Pentesting : Overly Permissive Permission

Most of the attacks targeting AWS are based on exploiting the extensive permissions attached to the roles/accounts. This can be considered as a mis-configuration because the administrator was not following the principle of least privilege while creating roles and permissions. Assume a scenario, Where there is a user in AWS who has the permission to attach user policy. The same user can elevate the privilege because it has the access to attach policies in to it. The user can even gain administrative privileges by exploiting this mis-configuration. The user can search for the ARN for the Administrator role and can try to attach the role to the same user. First list the permission for the user, aws iam list-attached-user-policies --user-name USER1 Note down the policy ARN. And do more research on it , in search of any overly permissive permissions.  aws iam get-policy --policy-arn arn:aws:iam::11223344556:policy/Service   Look for the currently using policy version. Once we identified th

PentesterAcademy Vulnerable Servers II Lab Write-Up | metasploit-pivoting

PentesterAcademy Vulnerable Servers II Lab Write-Up | metasploit-pivoting Lab Link : Vulnerable Servers II is a lab from PentesterAcademy, which is rated as easy. The lab topology shows two machines which means, there are two targets and the attacker has to perform pivoting in order to hack and get the flag from the target machine. First Select the nearest Server and Click on Run the lab.   Once the lab is up, a web based terminal will be opened in the Web Browser. Firstly, check the IP address of the attacking machine.  We can see that, there are two interfaces. And as per the instructions, the first target machine should be Let’s perform an Nmap scan of the target. The scan result shows that TCP port 8080 is open and is running an Apache Tomcat webserver/Coyote JSP engine 1.1. Let’s try to connect the webserver using netcat.   We can see that the Webserver is running OpenKM, a Document

Introducing Pre-Security Learning Path from TryHackMe.

Are you interested in learning cybersecurity and having the big question "Where to start?". Well, few months ago, i also had the same question in my mind. Do i need to learn programming languages first, or web applications or networking ??? That's where i want to talk about the popular learning platform Tryhackme . TryHackMe is an online platform that helps people to learn cybersecurity, especially penetration testing by doing hands-on labs.  There are multiple learning paths available on the platform and based on your knowledge and skill, you can select the most suitable one. If you want to learn cybersecurity from the scratch, then you can explore each learning path, finish the rooms (Rooms are a set of learning exercises with an objective) and proceed to the next. But before diving deep, one must understand the technology and basics first. Introducing the Pre Security learning path . This path consists of 40 hours of content and will teach the necessary technical knowl

PrintNightmare (CVE-2021-1675) PoC exploit Walkthrough

I am not an exploit developer but was interested to see how this vulnerability can be exploited. So i tried to replicate the infamous PrintNightmare vulnerability using the following PoCs ( ) and ( ) However i had trouble with the new metasploit module (auxiliary/admin/dcerpc/cve_2021_1675_printnightmare) and i couldn't able to exploit the machine successfully. So i tried the second PoC from cube0x0. This one has done the magic. I just followed the guidelines with couple of tweaks. First of all, i installed the impacket (cube0x0 version) which will install the required modules and files. After that i set up a samba share with an anonymous login. This is required for hosting the dll file. I edited the smb.conf with the following settings. [global]     map to guest = Bad User     server role = standalone server     usershare allow guests = yes     idmap config * : backend = tdb     s

Comparison between CEH Practical and eJPT

This month, i have done two certification exams. Certified Ethical Hacker (CEH) Practical and eLearn Security Junior Penetration Tester (eJPT). These were not actually in my plan however when i received the free vouchers, i thought of giving the exams.  So in this post, i am going to give a detailed comparison between the two certification exams.  Certified Ethical Hacker (CEH) Practical I went for the CEH practical exam with an aversion, but i found it not bad. Mostly the basic topics are validated in the exams. However for really really beginners, they might find the practical exam as useful. Most of the guys attempting this exam might sign up for iclass/ilabs for their exam preparation. But in my opinion, that is not necessary. The best alternative exam prep option is to sign up for Tryhackme and then learn + practice. As i mentioned earlier, i got the free voucher and therefore i didn't go through the ilabs/iclass. In the exam, there are some questions based on cryptographic,

[FIX] Can't locate Net/ in @INC (you may need to install the Net::SNMP module)

I was trying to use the in my lab and encountered this error. Can't locate Net/ in @INC (you may need to install the Net::SNMP module) I searched over the internet for the fix , but couldn't able to find something direct. However, going through some of the stackoverflow pages, i fixed it and is explained below. 1) First install the required packages related to snmp utilities. sudo apt-get install libsnmp-perl 2) Install the SNMP module for perl. perl -MCPAN -e 'install Net::SNMP' That's it. And i was able to run the script.

Pivoting via Meterpreter [metasploit v6.x]

Pivoting is a technique used during Pentesting. The attacker gain access on one of the remote machine in the target network segment and use that machine to move around another network. Pivoting is useful in a scenario where you don't have direct access to a remote network. For example, the attacker can access the DMZ server but not the Internal Server segment. But DMZ server can communicate with Internal Server Segment. In such scenario, firstly the attacker gain access to the DMZ server and then use the DMZ server as a foothold to gain access to the Internal Server Segment. Note that the older versions of metasploit supports MSF scripts but the latest version (metasploit 6.x) doesn't support it. So lets see how to perform pivoting using the newer versions of Metasploit. For the illustration, i assume that the attacker has been gained the access to one of the remote machine and now he needs to move around. After establishing a meterpreter shell, background it. Since msfscripts