22 January 2020

NoSQL Network Recon - Exercise No. 1

In Redis Server, the command to retrieve key-value differs by data type.


Here are the commands to retrieve the key value:

if the value is of type string,
GET <key>

if the value is of type hash,
HGETALL <key>

if  the value is of type lists,
lrange <key> <start> <end>

if the value is of type sets,
smembers <key>

if the value is of type sorted sets,
ZRANGEBYSCORE <key> <min> <max>


The command to check the type of value a key mapping to:
type <key>




Source:
https://www.attackdefense.com/
https://stackoverflow.com/questions/37953019/wrongtype-operation-against-a-key-holding-the-wrong-kind-of-value-php

20 January 2020

MySQL Network Recon - Exercise No. 2

The command used to connect to a remote MySQL database.



MySQL [(none)]> show databases;



MySQL [data]> show tables;



root@% = allows connection from user 'root' from any host, local or TCP (internet).
root@localhost = only allows connection from 'root' on the machine running the MySQL server.

MySQL [information_schema]> select * from user_privileges where GRANTEE like '%\%%' ;

Sources : https://www.attackdefense.com/

19 January 2020

ACCA PM Chapter 7 - PRICING - Introduction, Cost plus pricing

Factors influencing selling price:

  • costs
  • competitors
  • customers



Cost-plus pricing

1. Full cost plus - Full cost includes a shared overhead and also often includes non-production costs.

Advantages:

  • Easy
  • Standard Policy
  • "Guaranties" Profit


Disadvantages:

  • Ignores Competition
  • Ignores Effect of Price on Demand
  • Absorption of Fixed Overheads


2. Marginal cost plus - the marginal (or incremental) cost of producing a unit and adding a mark-up.

Advantages:

  • Easy
  • Standard Policy
  • No need to absorb Fixed Overheads


Disadvantages:

  • Ignores Competition
  • Ignores Effect of Price on Demand
  • What % to add to make sure Fixed Overheads covered?


3. Opportunity cost plus - a marginal cost approach but also includes within the cost any opportunities foregone. It is a relevant costing approach.



Source: https://opentuition.com/acca/pm/acca-performance-management-pm-lectures/

18 January 2020

LAN Technologies - MAC Address Table and Gratuitous ARP

Classification of MAC Address Entries
  • Dynamic MAC address entries
  • Static MAC address entries
  • Blackhole MAC address entries

Classification of secure MAC address
  • Secure dynamic MAC address
  • Secure static MAC address
  • Sticky MAC address

Configuring MAC Address Anti-flapping
  • Increases the MAC address learning priority of an interface.
  • Prohibits MAC address entry overriding between interfaces with the same priority.


Gratuitous ARP functions:
  • Checks for IP address conflicts
  • Advertises a new MAC address
  • Notifies other devices of master/backup switchover in a Virtual Router Redundancy Protocol (VRRP) group

MEMCACHED Network Recon - Exercise No. 1

The number of key-value pairs stored on the Memcached server.
  • memcstat --servers=<ip address> | grep curr_items


The value stored in the key “password” on the Memcached server.
  • memccat --servers=<ip address> password



Using memcached-tool,
  • /usr/share/memcached/scripts/memcached-tool <ip address:port number> dump



Using msfconsole - memcached_extractor,



Segmented LRU,

Using Least Recently Used (LRU) crawler to output every valid item,
  • lru_crawler metadump all


Sources :

15 January 2020

ACCA PM Chapter 6 - Limiting Factors

Linear Programming
  1. Define the unknowns in terms of symbols
  2. Formulate equations for the constraints
  3. Formulate an equation for the objective
  4. Graph the constraints and the objective
  5. Find the optimum solution


Spare capacity
If the optimum solution results in using less than the maximum available of a particular resource, then we have spare capacity of that resource or slack.

Shadow prices (dual price)
Shadow Price is the most EXTRA we would be prepared to pay for an extra unit of the limited resource.



Explicitly Query a DNS record from a specific NameServer

Explicitly Query a DNS record from a specific NameServer:

rober:~$ dig +nottlid +noall +answer @8.8.8.8 boonkeat.com ANY


13 January 2020

ACCA PM Chapter 5 - Key Factor Analysis VS Throughput Accounting

Key Factor Analysis

Contribution = Selling Price - Variable Costs.
Contribution = Profit before Fixed Costs.

Contribution per hour = Contribution / hour

Fixed Costs,
(Assume that original costings were done before knowing about the limit on hours - produce to equal demand)

Contribution - Fixed Costs = Maximum Profit.



Throughput Accounting

Assume the ONLY Variable Cost is Materials.
(ALL Other Costs fixed in total).

Throughput = Revenue - Material Cost.

Return per factory hour = Throughput per hour.

Fixed Costs,
(All Costs other than Materials).
Throughput - Fixed Costs = Maximum Profit.

Total factory costs = all production costs except materials

Cost per factory hour = Total factory costs / Available hours

Throughput Accounting Ratio = Return per factory hour / Cost per factory hour.



Bottleneck

The rate of production will be restricted by the slowest of the machines, and this machine is known as the bottleneck resource.


Source: https://opentuition.com/acca/pm/acca-performance-management-pm-lectures/

12 January 2020

Domain 1: Security and Risk Management

1.1 Understand and apply concepts of confidentiality, integrity, and availability


1.2 Evaluate and apply security governance principles
  • Alignment of security function to business strategy, goals, mission, and objectives
  • Organizational processes (e.g., acquisitions, divestitures, governance committees)
  • Organizational Roles and responsibilities
  • Security control frameworks
  • Due care/due diligence

1.3 Determine compliance requirements
  • Contractual, legal, industry standards, and regulatory requirements
  • Privacy requirements

1.4 Understand legal and regulatory issues that pertain to information security in a global context

  • Cybercrimes and data breaches
  • Licensing and intellectual property requirements
  • Import/export controls
  • Trans-border data flow
  • Privacy

1.5 Understand, adhere to, and promote professional ethics

  • (ISC)² Code of Professional Ethics
  • Organizational code of ethics

1.6 Develop, document, and implement security policy, standards, procedures, and guidelines

1.7 Identify, analyze, and prioritize Business Continuity (BC) requirements

  • Develop and document scope and plan
  • Business Impact Analysis (BIA)

1.8 Contribute to and enforce personnel security policies and procedures

  • Candidate screening and hiring
  • Employment agreements and policies
  • Onboarding and termination processes
  • Vendor, consultant, and contractor agreements
  • and controls
  • Compliance policy requirements
  • Privacy policy requirements

1.9 Understand and apply risk management concepts

  • Identify threats and vulnerabilities
  • Risk assessment/analysis
  • Risk response
  • Countermeasure selection and implementation
  • Applicable types of controls (e.g., preventive, detective, corrective)
  • Security Control Assessment (SCA)
  • Monitoring and measurement
  • Asset valuation
  • Reporting
  • Continuous improvement
  • Risk frameworks

1.10 Understand and apply threat modeling concepts and methodologies

  • Threat modeling methodologies
  • Threat modeling concepts

1.11 Apply risk-based management concepts to the supply chain

  • Risks associated with hardware, software, and
  • services
  • Third-party assessment and monitoring
  • Minimum security requirements
  • Service-level requirements

1.12 Establish and maintain a security awareness, education, and training program

  • Methods and techniques to present awareness and training
  • Periodic content reviews
  • Program effectiveness evaluation




Source: https://www.udemy.com/course/cissp-domain-1-2/

11 January 2020

ACCA PM Chapter 4 - Environmental Management Accounting

1. The focus is to on the efficient use of resources and the disposal of waste and effluent.

2. Three ways of impact in environmental costs.
  • Cost on excessive resources and cleaning-up.
  • Reputation pf the company.
  • Fines and penalties.

3. Typical environmental cost, other than waste.
  • Raw Materials: Use recyclable material to save costs.
  • Transport Costs: Find alternatives.
  • Water and Energy consumption: Identify inefficiencies and wasteful practice to save costs.

4. The Accounting method for environmental costs.
  • Inflow / Outflow analysis
    • All waste in Raw materials as well as energy and water.
  • Flow Cost Accounting
    • Material (Not Raw)
    • System
    • Delivery and disposal
  • Lifecycle costing
    • Design-out the cost before the product launched.
  • Environmental Activity-Based Costing
    • Environment-related cost (E.g., Sewage plant)

09 January 2020

OSQUERY - Exercise No. 1

“consider JOINing against the users table”
osquery> select * from shell_history WHERE shell_history.uid IN (SELECT uid from users);

Who has stored the SSH private keys on the machine?
osquery> select * from shell_history WHERE shell_history.uid IN (SELECT uid from users) and shell_history.command like '%rsa%';

The path of the ftp service daemon running.
osquery> select path from  processes where name='vsftpd';

The complete path of a specific binary run as root.
osquery> select * from shell_history WHERE shell_history.uid IN (SELECT uid from users) and shell_history.command like '%sudo%';

Sources:
https://www.attackdefense.com
https://www.first.org/resources/papers/conf2018/Wilson-Doug_FIRST_20180629.pdf

07 January 2020

ACCA PM Chapter 2 - Target Costing

Target Cost is the maximum cost per unit in order to achieve the required profit.

It is used to compare the estimated actual cost. The excess of the actual cost over the target is called "Target Cost Gap".

Possible ways of attempting to close the target cost gap:

  1. Examine costs to look for cheaper.
  2. Reexamine design of the product, can we reduce cost without needing to reduce the price.


The five major characteristics that distinguish services from manufacturing are:

  1. Intangibility
  2. Inseparability / Simultaneity
  3. Variability / heterogeneity
  4. Perishability
  5. No transfer of ownership

05 January 2020

OSQUERY - Networking Tables

How many network interfaces are present on the machine?
osquery> select * from interface_addresses;

How many DNS servers are configured on the machine?
osquery> select * from dns_resolvers;

208.67.222.222 belongs to OpenDNS.

Which interface is acting as the default gateway for the machine?
osquery> select * from routes;

How many entries are there in the ARP cache?
osquery> select * from arp_cache;

What is the given hostname of the machine?
osquery> select * from etc_hosts;


Source:https://www.attackdefense.com/challengedetails?cid=1044

04 January 2020

ACCA PM Chapter 1 - Activity Based Costing

Overheads = Expenses

In ACCA F2, we probably used only one cost driver (e.g., labor hours) to calculate costs.

Activity-Based Costing (ABC) attempts to absorb overheads in a more accurate (and therefore more useful) way.

The steps to be followed are as follows:
  1. identify the major activities that give rise to overheads (e.g., machining; dispatching of orders)
  2. determine what causes the cost of each activity – the cost driver (e.g., machine hours; the number of dispatch orders)
  3. calculate the total cost for each activity – the cost pool (e.g., total machining costs; total costs of despatch department)
  4. calculate an absorption rate for each cost driver
  5. calculate the total overhead cost for each product manufactured
  6. calculate the overhead cost per unit for each product

02 January 2020

Windows PowerShell Basics and Cmdlets

Commands tried:
cd \
dir
ls
ps

Get Help:
PS C:\> Get-Help
PS C:\> Get-Help *process
PS C:\> Get-Help *alias*

Download and install Help files on your computer:
PS C:\> Update-Help

List all alias you can use:
PS C:\> Get-Alias

Get Help for conceptual topics:
PS C:\> Get-Help Get-Help -Examples | more

Get Help for conceptual topics about alias:
PS C:\> Get-Help about_alias | more

Get Help about Get-Command
PS C:\> Get-Help Get-Command | more

Get all the commands:
PS C:\> Get-Command | more

Get all the commands (cmdlet only)
PS C:\> Get-Command -CommandType cmdlet | more

Get detailed Help about Get-Command:
PS C:\> Get-Help Get-Command -full | more

Get detailed Help about Get-Command (Parameter only):
PS C:\> Get-Help Get-Command -Parameter * | more

Get cmdlet with Name containing process:
PS C:\> Get-Command -CommandType cmdlet -Name *process*

Get cmdlet with Name containing service:
PS C:\> Get-Command -CommandType cmdlet -Name *service*

Measure Object (cmdlet only):
PS C:\> Get-Command -CommandType cmdlet | Measure-Object

Get all Processes:
PS C:\> Get-Process | more

Get all Services:
PS C:\> Get-Service | more

Get Commands with stop as a verb:
PS C:\> Get-Command -Verb stop

Get Commands with start as a verb:
PS C:\> Get-Command -Verb Start

Get Help about Start-Process with examples:
PS C:\> Get-Help Start-Process -Examples | more

Start Notepad:
PS C:\> Start-Process Notepad.exe

Get Help about Stop-Process with examples:
PS C:\> Get-Help Stop-Process -Examples | more

Get processes with name containing notepad:
PS C:\> Get-Process -Name notepad

Stop a process by Id Number:
PS C:\> Stop-Process -Id <Id>

Get a list of HotFix installed:
PS C:\> Get-HotFix

Get Help containing "command":
PS C:\> Get-Help *command*

Get Help about Core Commands (more cmdlets):
PS C:\> Get-Help about_Core_Commands | more


01 January 2020

Insecure Docker Registry I

Docker Registry is the most essential server when it comes to creating a docker environment. It holds all the images which are then pulled by other servers, and then containers get created. Unfortunately, most of the time, the Docker Registry remains unprotected, depending on how people have architected the docker environment.

Run nmap,
root@attackdefense:~# nmap -sV -n -p- 192.127.17.3

SERVICE/VERSION DETECTION:
  -sV: Probe open ports to determine service/version info
HOST DISCOVERY:
  -n/-R: Never do DNS resolution/Always resolve [default: sometimes]
PORT SPECIFICATION AND SCAN ORDER:
-p- to scan ports from 1 through 65535

Scan Results,
PORT     STATE SERVICE VERSION
5000/tcp open  http    Docker Registry (API: 2.0)

Go to docker.com to learn Methods,
https://docs.docker.com/registry/spec/api/

Method Path Entity Description
GET /v2/_catalog Catalog Retrieve a sorted, json list of repositories available in the registry.
GET /v2/<name>/tags/list Tags Fetch the tags under the repository identified by name.

Use curl to retrieve docker image name (repository),
curl http://192.127.17.3:5000/v2/_catalog
curl http://192.127.17.3:5000/v2/alpine/tags/list




Alternatively, using python for loop to automate fetching the repository,
Using requests.get and response.contect from requests library, https://realpython.com/python-requests/
Using json.loads from json library, https://realpython.com/python-json/


Source: attackdefense.com

Intro to ACCA F5 - Performance Management

PM Syllabus
  • Costing techniques
  • Decision-making techniques
  • Budgeting and control
  • Performance management
The Exam
Section A - 15 x 2 marks
Section B - 3 Scenarios x 5 x 2 marks
Section C - 2 x 20 marks.

Computer-based
  • 3 hours 20 minutes
  • Sections A and B - all objective test questions
    • Extra 5 questions (2 marks each) do not count towards the overall mark.
  • Section C - type out full answers using the built-in spreadsheet and word processor
  • Pass mark - 50%

Credit to:

Open Source Information Gathering using Windows Command Line Utilities

 How to Find the Maximum Frame Size Packet needs to be fragmented but DF set, means that the frame is too large to be on the network and ne...