Skip to main content

Posts

Windows Exploit Suggester - Next Generation (WES-NG)

Recently i came across this awesome Windows Exploit Suggester - Next Generation (WES-NG) tool and it comes handy for performing the privilege escalation. Once you have the initial access to the machine, simply grab the system information and run with WES-NG to view all the vulnerabilities in the target machine. WES-NG link : https://github.com/bitsadmin/wesng 1) Get the package form the above link and clone it to your machine. #git clone  https://github.com/bitsadmin/wesng 2) After cloning, update the vulnerability database. syntax : wes.py --update 3) Now, from the target machine, run systeminfo command. Copy the output on a text file, name it as systeminfo.txt and paste it in the same WES-NG folder. 4) Run WES-NG with the systeminfo.txt file as parameter. syntax : python wes.py systeminfo.txt   The tool will list down all the vulnerabilities in the target machine. Now it is up to you to find and select an applicable potential vulnerability and exploit to perform the privilege es
Recent posts

DISA SCAP Compliance Checker Tools are now available to the Public.

The Security Content Automation protocol (SCAP) Compliance Checker tools from DISA are now available free to the public . Security Content Automation Protocol (SCAP) is a method to enable automated vulnerability management, measurement, and policy compliance evaluation of systems deployed in an organization based on Security Technical Implementation Guidelines (STIG). The two most common and widely accepted system configuration baselines are the Center for Internet Security’s CIS Benchmarks, and the US Department of Defense Systems Agency (DISA) Security Technical Implementation Guides (STIG). However, DISA STIGs are more stringent than CIS Benchmarks and they are slant towards the US Government sectors. Now, since the tools are made public, you may try to use these tools to determine the security posture of your machines or to validate your security compliance. Link : https://public.cyber.mil/stigs/scap/

Cortex XSOAR and PCSAE exam guide

  Preparation : Use Palo Alto networks beacon portal to learn the basics of Cortex XSOAR. Download and install the community edition of Cortex XSOAR. If you need a step by step practical guide to learn the Cortex XSOAR and to prepare for PCSAE exam, check my book. And if you need to validate your knowledge on PCSAE exam topics, check the practice tests in Udemy . Dont just rely on the exam guide. Do hands on extensively. Practical knowledge is what validates in the PCSAE exam. The PCSAE certification validates the knowledge and skills required to develop, analyze and administer the Cortex XSOAR security orchestration, automation and response platform with native threat intelligence management. Kindly note that, this is a practice test and not an exam dump and for passing the PCSAE exam, one should have hands-on experience and in depth knowledge on the exam topics.

Book : Palo Alto Cortex XSOAR : A Practical Guide.

 Palo Alto Cortex XSOAR: A Practical Guide, First Edition 2021 I am glad to announce my new book on Palo Alto Cortex XSOAR. This is a step by step, beginner friendly 100% practical guide to learn SOAR platform with Cortex XSOAR.  Paperback : https://www.amazon.com/dp/B08Z4CTCJS/  E-book : https://www.amazon.com/dp/B08Z78WBQV Cortex XSOAR is the Security Orchestration, Automation and Response (SOAR) solution from Palo Alto Networks. Cortex XSOAR provides a centralized security orchestration and Automation solution to accelerate incident response and increase analyst productivity. A SOAR platform integrates your organization's security and monitoring tools, helping you centralize, standardize your incident handing processes.This book is a beginner friendly, step by step, practical guide that helps you to understand and learn Palo Alto Cortex XSOAR from scratch. No previous knowledge about the product is required and have explained all the important topics step by step, with

Adobe Flash EOL and Microsoft Update KB4577586

Adobe stopped supporting Flash Player beginning December 31, 2020. After this data, Adobe will not release new Flash Player updates or security patches and strongly recommends the users to uninstall Flash Player immediately from their machines. To help secure your system, major browser vendors have already disabled Flash Player from running. As part of the end of support for Adobe Flash, KB4577586 is now available as an optional update from Windows Update (WU) and Windows Server Update Services (WSUS). Installing KB4577586 will remove Adobe Flash Player permanently from your Windows device. Once installed, you cannot uninstall KB4577586 . This update only removes Adobe Flash Player that was installed by your version of Windows. If you installed Adobe Flash Player manually from another source, it will not be removed.  Ref : https://support.microsoft.com/en-us/topic/kb4577586-update-for-the-removal-of-adobe-flash-player-october-27-2020-931521b9-075a-ce54-b9af-ff3d5da047d5

Palo Alto Networks Certified Security Automation Engineer (PCSAE) exam review

Palo Alto Networks Certified Security Automation Engineer Exam Review Exam Length : 130 minutes (sufficient) Number of questions : 85 The exam is not an easy one. Compared to other networking and security exams from Palo Alto, this is a difficult one. The PCSAE candidates are supposed to have a decent operational experience with Cortex XSOAR. Those who don't, might struggle to answer the exam questions correctly.  Though the exam guide from Palo Alto helps, it is not enough to pass the PCSAE exam. I recommend you to go through the additional guides such as Admin guide, TIM, MSSP guides etc. Do install the community edition and explore everything. Without any hands-on knowledge, you are not going to pass the exam. You can find supplementary exam materials here. Takeaways: Make sure you can differentiate automation commands, scripts, system commands, search queries. Make sure you know the syntax and format of the commands. Have an idea on basic troubleshooting. Practice creating das

Palo Alto Cortex XSOAR/PCSAE exam preparation

Practice test on Udemy  : Link Book : Link Exam Review : https://www.jaacostan.com/2021/02/palo-alto-networks-certified-security.html Administration Guide : https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-1/cortex-xsoar-admin.html  Cortex XSOAR Threat Intel Management Guide : https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-1/cortex-xsoar-threat-intel-management-guide.html  Cortex XSOAR Multi-Tenant Guide : https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-1/cortex-xsoar-multi-tenant-guide.html Study Guide : https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/datasheets/education/pcsae-study-guide.pdf  XSOAR Use Case Definition Template : https://live.paloaltonetworks.com/t5/cortex-xsoar-articles/xsoar-use-case-definition-template/ta-p/344478 Free Training Course available at https://beacon.paloaltonetworks.com   Request Community edition : https://start.paloaltonetworks.com/sign-up-for-community-edition.html  My blog posts on Cortex XSOAR, Read here

Cisco Firepower Threat Defense(FTD) NGFW: An Administrator's Handbook

Cisco Firepower Threat Defense(FTD) NGFW: An Administrator's Handbook : A 100% practical guide on configuring and managing Cisco FTD using Cisco FMC and FDM. This book is written like a learning course, explained in detail with a lab topology using FTDv and FMCv. This is a 100% practical guide on configuring and managing Cisco Firepower Threat Defense Next Generation Firewall using Cisco Firepower Management Center. I have also covered the standalone firewall introduction and how to use Firepower Device Manager to manage your FTD firewall locally without using FMC. Covers , •How to upgrade ASA firewall to Cisco FTD (Migration and Upgrade) •Configure Cisco Firepower Threat Defense (FTD) Next Generation firewall •Configure Cisco Firepower Management Center (FMC) •Manage and administer the FTD devices using FMC ( Configure interfaces, zones, routing, ACLs, Prefilter policies, NAT, High Availability etc) • FTD local management using Firepower Device Manager (FDM) •Introduction

Palo Alto Cortex XSOAR Playbook Icons Explained

A Playbook is a set of tasks that will be executed for a specified incident and run like a flow chart. This enable the organization to automate many of the security processes, such as incident response, data collection, investigation, closure etc. You can structure and automate security responses that were previously handled manually and thereby saving time and increasing the efficiency of your Incident Response plan and operations. You can create a new playbook from the Playbook option in the Cortex XSOAR GUI. As i mentioned above, a playbook is a set of tasks and each of the tasks can be classified in to various types based on the function or action. Each types are marked with specific icons. The meaning of those icons are mentioned below. All Playbooks begins with a Section Header, which signifies the title. 1) Standard Automated Task : The arrow and the lightning bolt indicate a standard automated task. No analyst intervention is required for automated tasks.   2) Manual Task : Th

Palo Alto Cortex XSOAR Post-Installation Health Check.

After Installing Palo Alto Cortex XSOAR, it is recommended to perform a post-installation health check. As per Palo Alto documentation, the following tests has to be performed. 1) Check the Docker Sub-system   /docker_images : Verify that either a list of Docker images or an empty list is returned. Can run this command from the playground.  ! py script="demisto.results('hello world')" : Verify that hello world is returned, if not, there may be issues with your docker installation. Can run this command from the playground.      sudo docker info : Check for warnings or errors. 2) Verify Integration Tests Create an instance of each of the following integrations and test each of these integrations by clicking the Test button in the integration instance. You can also optionally run associated commands in the playground. Sample integration installation of ipinfo is shown below.      urlscan.io     ipinfo     PhishTank     OpenPhish     Rasterize Also, run !FailedInstanc