Josh Brade Technical Blog

Category: Cybersecurity

Linux Commands Security Professionals Should Know
User and Group Management
- passwd – Changes the password of a user account.
  - Example: sudo passwd username
- useradd – Creates a new user account.
  - Example: sudo useradd -m newuser
- userdel – Deletes a user account.
  - Example: sudo userdel username
- usermod – Modifies a user account, such as changing the username or group.
  - Example: sudo usermod -aG sudo username
- groupadd – Creates a new group.
  - Example: sudo groupadd newgroup
- groupdel – Deletes a group.
  - Example: sudo groupdel oldgroup
- groups – Displays the groups a user is a member of.
  - Example: groups username
- id – Displays user and group information for a specified user.
  - Example: id username
Package Manager
- apt-get – A command-line tool to handle packages on Debian-based systems, used to install, remove, or upgrade packages.
  - Example: sudo apt-get install curl
- apt – A newer, simpler front-end for the apt-get tool for package management on Debian-based systems.
  - Example: sudo apt update
- yum – Package management tool for RPM-based Linux distributions (like CentOS, Red Hat), used to install, update, or remove packages.
  - Example: sudo yum install curl
- dnf – A newer package manager for RPM-based systems, replacing yum in many distributions (like Fedora).
  - Example: sudo dnf install curl
- rpm – Command-line tool to install, remove, and query RPM packages.
  - Example: sudo rpm -ivh package.rpm
- dpkg – The low-level package manager for Debian-based systems that installs and manages .deb packages.
  - Example: sudo dpkg -i package.deb
- snap – A package management system for installing snaps (self-contained applications) across various Linux distributions.
  - Example: sudo snap install vlc
- zypper – Package manager for openSUSE, used to install, update, and manage packages.
  - Example: sudo zypper install curl
Network Configuration & Monitoring
- ifconfig – Displays and configures network interfaces (deprecated in favor of ip).
  - Example: ifconfig eth0
- ip add – Displays IP addresses of network interfaces (part of the ip tool suite).
  - Example: ip addr show
- ping – Sends ICMP echo requests to test network connectivity.
  - Example: ping 8.8.8.8
- netstat – Displays network connections, routing tables, and interface statistics (deprecated in favor of ss).
  - Example: netstat -tuln
- ss – A utility to investigate sockets and network connections, replacing netstat.
  - Example: ss -tuln
- traceroute – Traces the route packets take to a network host, showing each hop along the way.
  - Example: traceroute google.com
- ssh – Securely connects to a remote system using the SSH protocol.
  - Example: ssh user@hostname
- nc – Netcat, a utility for reading/writing network connections, useful for port scanning, listening, and sending data.
  - Example: nc -zv 192.168.1.1 1-1000
Process Management
- ps – Displays a snapshot of current running processes.
  - Example: ps aux
- top – Displays dynamic real-time information about processes.
  - Example: top
- kill – Sends a signal to terminate a process by its PID (process ID).
  - Example: kill 1337
- killall – Sends a signal to terminate processes by name.
  - Example: killall firefox
- pstree – Displays processes in a tree-like format, showing their hierarchy.
  - Example: pstree
- htop – Interactive version of top, providing a more user-friendly, color-coded view of processes.
  - Example: htop
File and Directory Management
- ls – Lists the contents of a directory.
  - Example: ls -l /home/user
- pwd – Displays the current working directory.
  - Example: pwd
- cd – Changes the current directory.
  - Example: cd /home/user/Documents
- mkdir – Creates a new directory.
  - Example: mkdir newdir
- mdir – Similar to mkdir, but used for creating directories on remote systems (e.g., with FTP).
  - Example: mdir /mnt/remote/dir
- touch – Creates an empty file or updates the timestamp of an existing file.
  - Example: touch newfile.txt
- cp – Copies files or directories.
  - Example: cp file1.txt file2.txt
- mv – Moves or renames files or directories.
  - Example: mv oldname.txt newname.txt
- rm – Removes files or directories. There are several options for the rm command as well (ie -force (-f), -recursive (-r), -verbose (-v), -interactive (-i))
  - Example: rm file.txt
File Viewing and Editing
- cat – Concatenates and displays file content.
  - Example: cat file.txt
- less – Displays file content one screen at a time, allowing scrolling backward and forward.
  - Example: less file.txt
- more – Similar to less, but less feature-rich (only allows forward scrolling).
  - Example: more file.txt
- nano – A simple, text-based text editor.
  - Example: nano file.txt
- vim – A powerful text editor with advanced features for editing files.
  - Example: vim file.txt
- gedit – A graphical text editor for GNOME-based systems.
  - Example: gedit file.txt
System Information
- uname – Displays system information, such as the kernel version and architecture.
  - Example: uname -a
- df – Displays disk space usage for all mounted filesystems.
  - Example: df -h
- du – Displays disk usage for files and directories.
  - Example: du -sh /home/user
- free – Displays memory usage, including free and used memory.
  - Example: free -h
- lscpu – Displays detailed information about the CPU architecture.
  - Example: lscpu
- lshw – Displays detailed hardware configuration information.
  - Example: sudo lshw -short
- lsblk – Lists information about block devices (e.g., hard drives and partitions).
  - Example: lsblk
Permission Commands
- chmod – Changes the file or directory permissions.
  - Example: chmod u+x file.txt
- chown – Changes the owner and/or group of a file or directory.
  - Example: sudo chown user:group file.txt
- chgrp – Changes the group ownership of a file or directory.
  - Example: sudo chgrp admin file.txt
- umask – Sets default file creation permissions.
  - Example: umask 022
- setfacl – Sets file access control lists for more granular permission control.
  - Example: setfacl -m u:username:rwx file.txt
- getfacl – Displays the access control list (ACL) of a file or directory.
  - Example: getfacl file.txt
- chattr – Changes file attributes for advanced file protection (e.g., immutability).
  - Example: sudo chattr +i file.txt
- ls -l – Lists files and directories with detailed information, including permissions.
  - Example: ls -l file.txt
Side note for chmod (Click the Arrow)

The chmod command changes the file’s permissions for the user, group, and others. Permissions can be set using symbolic mode or numeric mode.

Symbolic Mode: Uses letters to represent file permissions.

r (read)

w (write)

x (execute)

Numeric Mode: Uses numbers to represent permissions.

4 = read (r)

2 = write (w)

1 = execute (x)

Sum of numbers for the user, group, and others.

In numeric mode, you represent permissions using numbers. Each permission is assigned a number:

4 = read (r)

2 = write (w)

1 = execute (x)

To calculate the numeric value for each permission group (user, group, others), you add the numbers:

rwx = 4 + 2 + 1 = 7

rw- = 4 + 2 = 6

r– = 4

-wx = 2 + 1 = 3

–x = 1
November 17, 2024
A Few Cybersecurity Linux Tools to Explore
Information Gathering & Reconnaissance
1. Nmap: A network scanning tool for identifying hosts, open ports, and services. Commonly used for vulnerability assessments.
  Website: nmap.org
2. Recon-NG: A reconnaissance framework for gathering and processing OSINT data. Modules can automate recon tasks.
  Website: Recon-NG GitHub
3. theHarvester: Collects emails, subdomains, and hosts using sources like Google, Bing, and Shodan.
  Website: GitHub
4. DNSRecon: DNS enumeration tool for zone transfers and DNS record collection (MX, SPF, SRV).
  Website: GitHub
5. Netdiscover: A network scanning tool to identify active IPs in networks, particularly wireless networks.
  Website: Netdiscover SourceForge
6. Unicornscan: A high-performance asynchronous port scanner capable of scanning large networks.
  Website: Unicornscan GitHub
7. Masscan: Ultra-fast port scanner that can scan the entire internet within minutes.
  Website: masscan GitHub
8. P0f: A passive fingerprinting tool to infer OS, uptime, and device information by analyzing traffic.
  Website: P0f GitHub
Vulnerability Analysis & Exploitation
1. Nikto: Web server vulnerability scanner that identifies misconfigurations, outdated software, and potential exploits.
  Website: CIRT.net
2. OpenVAS: Open-source vulnerability scanner for automated network security assessments.
  Website: openvas.org
3. Metasploit: A penetration testing framework for exploit development and vulnerability validation.
  Website: Rapid7
4. jSQL Injection: A Java-based SQL injection exploitation tool.
  Website: GitHub
5. OWASP ZAP: An intercepting proxy for web app security testing and identifying vulnerabilities.
  Website: OWASP ZAP
6. Burp Suite: A web vulnerability scanner and exploitation platform with intercepting proxy capabilities.
  Website: PortSwigger
7. SQL Ninja: An SQL injection tool for exploiting database vulnerabilities.
  Website: GitHub
8. Sqlmap: An open-source tool for automating the detection and exploitation of SQL injection vulnerabilities.
  Website: sqlmap.org
Wireless & Network Attacks
1. Aircrack-ng: A suite of tools for Wi-Fi network security assessment, focusing on cracking WEP and WPA-PSK keys.
  Website: aircrack-ng.org
2. Kismet: Wireless network detector and packet sniffer, useful for Wi-Fi reconnaissance.
  Website: kismetwireless.net
3. Reaver: Exploits vulnerabilities in WPS to retrieve WPA/WPA2 passwords.
  Website: Reaver GitHub
4. Wireshark: A powerful packet analyzer for network troubleshooting and analysis.
  Website: wireshark.org
5. Ettercap: A suite for network sniffing and man-in-the-middle attacks, particularly for ARP poisoning.
  Website: ettercap GitHub
6. PixieWPS: A tool to exploit WPS vulnerabilities via offline brute-force attacks.
  Website: PixieWPS GitHub
7. Wifite: Automates attacks on Wi-Fi networks, including cracking WPA/2 and WEP keys.
  Website: GitHub
8. Netcat: A versatile networking utility for debugging, backdoors, and transferring files.
  Website: Netcat Guide
Forensics & Post-Exploitation
1. Autopsy: A digital forensics platform for analyzing and recovering deleted files, email parsing, and more.
  Website: Autopsy.com
2. Foremost: A file recovery tool for carving out files from disk images and raw data.
  Website: Foremost GitHub
3. Mimikatz: A tool for credential dumping and Windows security testing.
  Website: GitHub
4. PowerShell Empire: A post-exploitation framework leveraging PowerShell for remote access and persistence.
  Website: Empire Project
5. Shellter: A tool for obfuscating and injecting payloads into Windows executables.
  Website: Shellter GitHub
6. PowerSploit: A post-exploitation toolkit for executing PowerShell scripts on compromised systems.
  Website: PowerSploit GitHub
7. Memdump: Captures live memory for forensic analysis.
  Website: GitHub
Password & Hash Attacks
1. Hydra: A parallelized login cracker supporting numerous protocols.
  Website: Hydra GitHub
2. Rainbowcrack: Cracks hashes using precomputed rainbow tables.
  Website: Project
3. John the Ripper: A fast password cracker supporting many hash types.
  Website: John the Ripper
4. Crunch: A wordlist generator for brute-force attacks.
  Website: Crunch GitHub
5. Hashcat: A GPU-accelerated password recovery tool.
  Website: hashcat.net
6. Medusa: A parallelized, modular brute-forcer for password cracking.
  Website: GitHub
7. Patator: A brute-forcing tool supporting many protocols and methods.
  Website: GitHub
8. CeWL: Generates custom wordlists for brute-force attacks based on target website content.
  Website: CeWL GitHub
Malware Analysis, Vulnerability Research, & Incident Response
1. Ghidra: Reverse engineering tool for analyzing binaries and decompiling code.
  Website: ghidra-sre.org
2. Radare2: An open-source framework for binary analysis and reverse engineering.
  Website: radare.org
3. OllyDbg: A debugger for analyzing and manipulating executables.
  Website: OllyDbg
4. DynamoRIO: A dynamic binary instrumentation framework.
  Website: dynamorio.org
5. Cuckoo Sandbox: An automated malware analysis platform.
  Website: cuckoosandbox.org
6. Volatility: A memory forensics tool for analyzing RAM dumps.
  Website: Volatility Foundation
7. Binwalk: Firmware analysis tool for Website: Binwalk
November 17, 2024
Adobe Acrobat Is Scanning Your Documents

The generative AI features in Adobe Acrobat are scanning your documents! This could possible lead to sensitive data leakage.

You can turn this feature off through the windows registry.

“Go to Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockDown create a new dword key under feature lockdown, bEnableGentech

1 will enable the feature, 0 will disable the feature and remove all entry points”

You can also disable the generative AI features in Adobe Acrobat with PowerShell.

“New-ItemProperty -Path ‘HKLM:\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockDown’ -Name “bEnableGentech” -PropertyType DWord -Value 0″

References:

https://infosec.exchange/@briankrebs/111965550971762920

Turning off Adobe's ability to scan all of your organization's documents for generative AI
byu/rb3po insysadmin

March 22, 2024
Starting a Journey through Cybersecurity: A Roadmap
Embark on your cybersecurity journey with this well-rounded curriculum. These courses and learning paths equip you with fundamental knowledge and hands-on skills essential in the cybersecurity landscape. By completing these certifications, you’ll be well on your way to becoming a capable and well-rounded cybersecurity professional. Remember, continuous learning and practical application are key in this dynamic field. Good luck, and enjoy your learning experience!

Introduction to Cybersecurity and Blue Teaming (TryHackMe):
- Explore the fundamentals of cybersecurity and blue teaming.
- Gain insights into defensive strategies and techniques.
- Link: Blue Team Learning Path
SOC (Security Operations Center) Level 1 (TryHackMe):
- Deepen your understanding of Security Operations Center operations.
- Learn about threat detection, incident response, and more.
- Link: SOC Level 1 Learning Path
Windows Event Logs: Finding Evil (Hack The Box Academy):
- Explore the importance of Windows Event Logs in cybersecurity.
- Learn how to identify and analyze potential threats within logs.
- Link: Windows Event Logs Course
Introduction to Active Directory (Hack The Box Academy):
- Get acquainted with Active Directory and its significance.
- Dive into the structure, functions, and security considerations.
- Link: Active Directory Course
Introduction to Network Traffic Analysis (Hack The Box Academy):
- Explore the world of network traffic analysis.
- Learn how to identify and respond to network-based threats.
- Link: Network Traffic Analysis Course
Wireshark for Beginners: Capture Packets (Coursera):
- Gain hands-on experience with Wireshark for packet analysis.
- Learn how to capture and analyze network traffic.
- Link: Wireshark for Beginners Course
Analyze Network Traffic with Tcpdump (Coursera):
- Dive deeper into network traffic analysis using tcpdump.
- Learn how to capture and interpret network data using command-line tools.
- Link: Analyze Network Traffic with Tcpdump Course
Microsoft Windows Defender and Firewall for Beginners (Coursera):
- Explore the basics of Windows Defender and Firewall.
- Learn how to enhance the security of your Windows environment.
- Link: Windows Defender and Firewall Course
Mastering SQL Injection: The Ultimate Hands-On Course (Udemy):
- Gain proficiency in understanding and preventing SQL injection attacks.
- Learn how to secure databases from this common vulnerability.
- Link: SQL Injection Course
Google IT Automation Professional Certificate (Coursera):
- Enroll in a comprehensive program covering IT automation.
- Gain skills in using Python, Git, and automation tools.
- Link: Google IT Automation Professional Certificate
September 5, 2023
Two Free Cybersecurity Training Platforms

Empowering Cybersecurity Enthusiasts

In the dynamic landscape of cybersecurity, knowledge and skills are the armor that shields against digital threats. SecurityBlue Team and AntiSyphon Training, both dedicated to bolstering cyber defense proficiency, offer an invaluable opportunity to harness expertise in this critical field. Let’s dive into a comprehensive exploration of these two remarkable platforms that provide free cybersecurity courses.

SecurityBlue Team: Uniting Learning and Practice

Introduction: SecurityBlue Team stands as a beacon for those seeking to immerse themselves in the realm of cybersecurity. By seamlessly blending theoretical knowledge with practical application, this platform transcends traditional training approaches.

Course Offerings: The array of free cybersecurity courses offered by SecurityBlue Team covers an extensive spectrum of topics. From beginner-friendly introductions to advanced penetration testing, each course is meticulously crafted to cater to diverse skill levels.

Notable Features:

Hands-On Labs: One of SecurityBlue Team’s standout features is its emphasis on practical experience. The inclusion of hands-on labs enables learners to apply theoretical concepts in real-world scenarios, enhancing their problem-solving skills.

Community Interaction: A sense of community is fostered through SecurityBlue Team’s interactive platform. Learners can engage in discussions, seek guidance, and collaborate with like-minded individuals, further enriching the learning experience.

Structured Pathways: The platform offers structured pathways for different cybersecurity career tracks, helping learners navigate their journey and achieve their professional goals systematically.

AntiSyphon Training: Knowledge at Your Own Pace

Introduction: AntiSyphon Training stands as a testament to the belief that quality cybersecurity education should be accessible to all, regardless of financial constraints. By offering a “pay what you can” model, it opens doors for individuals eager to fortify their cybersecurity expertise.

Course Offerings: AntiSyphon Training’s courses span a wide range of cybersecurity domains, including ethical hacking, network defense, and incident response. Each course is designed to accommodate diverse learning styles and skill levels.

Notable Features:

Flexibility: The “pay what you can” approach grants learners the freedom to access high-quality cybersecurity training without the burden of financial limitations.

Self-Paced Learning: AntiSyphon Training recognizes that learners have varying commitments. The self-paced nature of the courses allows participants to tailor their learning experience according to their schedules.

Practical Focus: Much like SecurityBlue Team, AntiSyphon Training prioritizes hands-on experience. Practical exercises and simulations enable learners to grasp complex concepts through immersive application.

Elevating Cybersecurity Competence for All

SecurityBlue Team and AntiSyphon Training exemplify the democratization of cybersecurity education. By providing free courses that blend theory and practicality, these platforms empower individuals to cultivate skills vital to protecting digital landscapes. Whether you’re a beginner dipping your toes into the realm of cybersecurity or a seasoned professional seeking to enhance your expertise, these platforms are poised to be your partners on this transformative journey. Embrace the opportunities they offer, and embark on a voyage to fortify digital defenses and shape the future of cybersecurity.

Sources:

https://www.securityblue.team/

https://www.antisyphontraining.com/pay-what-you-can/

September 1, 2023