ECIH - commands

 0    50 fiche    dawidwilk3
Télécharger mP3 Imprimer jouer consultez
 
question réponse
System info
commencer à apprendre
systeminfo. exe, PsInfo
volatile info
commencer à apprendre
cat; uname
command history
commencer à apprendre
doskey /history
Netstat all executable files running running processes
commencer à apprendre
netstat -ab
basic info about processes
commencer à apprendre
Pslist. exe
string search
commencer à apprendre
pmdump. exe
chcek service for any malicious programm installed
commencer à apprendre
tasklist; wmic
logged-on users
commencer à apprendre
net sessions; logonsessions
NetBIOs info
commencer à apprendre
nbstat
linux running processes
commencer à apprendre
top; w; ps; pstree
netstat TCP and UDP including ports
commencer à apprendre
netstat -ano
netstat routing table
commencer à apprendre
netstat -r
Ping sweet scan attempts
commencer à apprendre
icmp. type==8; icmp. type==0; tcp. dstport==7; udp. dstport==7
SYN SCAN ATTACK
commencer à apprendre
tcp. flags. syn==1
NULL SCAN
commencer à apprendre
tcp. flags==0x00
TCP XMAS SCAN
commencer à apprendre
tcp. flags==0x029
Browser data Mozilla
commencer à apprendre
C\users\user_name\AppData\local\Mozilla\Firefox\Profiles\XXXdefault\cache: cookies. sqllite, fomhistory. sqllite
Browser data Chrome
commencer à apprendre
C\users\user_name\AppData\local\google\chrome\user data\default\cache: Profile 1(cookies): Default(history)
Browser data Edge
commencer à apprendre
C\users\Admin\AppData\local\microsoft\windows\INetCache:\AC\MsEdge(cookies): History
MSQL server logs
commencer à apprendre
c: programfiles\MSsqlServer\MSsql12...\MSSQL\LOG\EROR LOG: log_n. trc (open with notepad)
function that allows retrival of the active portion of the transaction log file
commencer à apprendre
fn_dblog()
SENDMAIL - log
commencer à apprendre
SENDMAIL - log - /var/log/maillog - most linux. /var/adm/maillog Solaris. /var/log/mail. log Debian/Ubuntu
Microsoft Exchange Email Server Log
commencer à apprendre
Microsoft Exchange Email Server Log -. edb database files,. stm, checkpoint files, temp files
locate access times
commencer à apprendre
access locate times - dir command, ls command
Collecting volatile info: open files
commencer à apprendre
Collecting volatile info: open files - "net file", psFile utility, OpenFiles command
Collecting volatile info: clopboard
commencer à apprendre
Collecting volatile info: clopboard - Free Clopboard Viewer
Collecting volatile info: Service/Driver info
commencer à apprendre
Collecting volatile info: Service/Driver info - tasklist, wmic
Collecting volatile info: logged on users
commencer à apprendre
Collecting volatile info: logged on users - PsLoggedOn, netsessions, LogonSessions
Logged on users PsLoggedOn
commencer à apprendre
Logged on users PsLoggedOn - "-l"-only local logons, "-x"-doesnt display times
Logged on users LogonSessions
commencer à apprendre
Logged on users LogonSessions: "-c"-CSV, "-ct"-prints as tab, "-p"-processes list
Collecting volatile info: DLL and shared libraries
commencer à apprendre
Collecting volatile info: DLL and shared libraries: ListDLL(win) "-r"-relocated "-u"-unsigned DLL, "-r"-DLL version. Ldd/ls(linux)
Nbstat
commencer à apprendre
Nbstat: "-c"-NetBIOS name-to-IP mapping, "-n"-names registered locally, "-r"-names resolved by broadcast and querying, "-s"-current NetBIOS sessions and statuses
netstat listening connections
commencer à apprendre
netstat -a
netstat ethernet statistics - number of bytes, packets
commencer à apprendre
netstat -e
commencer à apprendre
Malware is the most common threat
port monitoring command and tool
commencer à apprendre
port monitoring command and tool - netstat, TCPView
registry monitoring tool
commencer à apprendre
registry monitoring tool - jv16 Power tools 2017
windows service monitoring
commencer à apprendre
windows service monitoring - windows server manager (SrvMan)
startup programs monitoring
commencer à apprendre
startup programs monitoring - Autoruns for Windows
Perform string search tool
commencer à apprendre
Perform string search tool - BinText
identyfing packing/obfuscation methotds tool
commencer à apprendre
identifying packing/obfuscation methotds tool - PEiD
intrusion analysis: covert communication tools:
commencer à apprendre
intrusion analysis: covert communication tools: SSDT View, ReKall, RougeKiller
Detect packet sniffing: MAC flooding
commencer à apprendre
Detect packet sniffing: MAC flooding - from various IP to single with same TTL (malformed packets)
Detect packet sniffing: ARP poisoning
commencer à apprendre
Detect packet sniffing: ARP poisoning - filter: arp. duplicate-address-detected, Xarp tool
Machine generating ... will be most likely running a sniffer
commencer à apprendre
Machine generating REVERSE DNS LOOKUP TRAFFIC will be most likely running a sniffer
check if host has its network card in promiscuos mode
commencer à apprendre
check if host has its network card in promiscuous mode - nmap -script = sniffer-detect [IP]
Detects potentially malicious elements within HTML:
commencer à apprendre
Detects potentially malicious elements within HTML: tags like <FK>,
  • , <BR>, <DIV> and background-image, <script>, <object>, <applet>, <enabled>
  • Apache web server logs
    commencer à apprendre
    Apache web server logs: /var/log/'apache2/access. log - useful with Local File Injection LFI detection
    command line tool to locate connected devices
    commencer à apprendre
    command line tool to locate connected devices: DevCon(windows)
    Behavioral analysis:
    commencer à apprendre
    Behavioral analysis: 1) extract behavioral patterns 2) compare to other users 3) generated clusters based on behav simmilarity 4) build profiles of each group 5) discover outliners of each group

    Vous devez vous connecter pour poster un commentaire.