Professional Documents
Culture Documents
Nota Security Testing - Penetration Test
Nota Security Testing - Penetration Test
Product in evaluation:
EAL (evaluation assurance level, 1 hingga 7) - https://www.mycc.gov.my/ (malaysia,
singapore and india)
- how to test ->via pentest
- functionality test
- EAL7 is the higher and hanya ada di petronas
ADS streaming
Stegano
dir
notepad test.txt:gajah.txt
*if file JPG notepad SRK.jpg:try.txt
incident response:
ada 3 fasa
- IRP (incienr response protocol) https://www.incidentresponse.org/
- DRP (Disaster recovery)
- BCP (business resumption)
RISK
- Avoidance
- Mitigation
- Acceptance
- Transfer
SLE, kerugian = AV x EF
SLE, kerugian = asset value x exposure value
RISK
- qualitative (xboleh diukur dengan duit , impact to reputation)
- Quantitative (
IRP
- Malware
- Data Thef
anamoly - suspicious
https://www.volatilityfoundation.org/ (malware)
https://www.vulnhub.com/
https://www.hackthebox.com/
Detection of Malware
- Backdoor - valid service used illegally
- Trojans - Client (client) & server malicious file - poison ivy
- Rootkits - hiding process
- Ransonware - encrypting files for $
- A.P.T - advanced persistent threat
https://eternallybored.org/misc/netcat/ - netcat
https://upx.github.io/ - nak ubah size hash file