- NTLMSSP (NT LAN Manager Security Support Provider) is a binary messaging protocol used by the Microsoft Security Support Provider Interface (SSPI) to facilitate NTLM challenge-response authentication and to negotiate integrity and confidentiality options.
- EICAR Test Pattern:
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*- see also
cactaceae21
- Reload bash profile
source ~/.bash_profile - Display environment variable
echo $VARNAME - Dir by date
ls -Ghaltr - Copy with SCP
scp username@host:/some/remote/dir/\{a,b,c} ./ - Copy with SCP
scp {foo,bar}.txt username@host:/some/remote/dir/ - Generate SHA256 hash
openssl sha -sha256 <file> - Status of network interfaces
netstat -i(Local, Broadcast, Multicast, Promiscuous, Running, Up) - Set network promiscous mode
ifconfig eth0 promisc - Show physical and logical network devices
iw dev - Map logical network device to physical
iw phy phy0 interface add mon0 type monitor
cactaceae21
/ info.md
Last active
September 30, 2017 19:12
WD MYCloud - photo scanning disable #wd #mycloud
cactaceae21
/ pluginID.md
Last active
April 23, 2018 10:08
Tenable Nessus Plugin ID's #tenable #nessus #sccv
- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- Whether credentialed or third-party patch management checks are possible.
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
cactaceae21
/ AddAssets.ps1
Created
September 14, 2017 10:57
Security Center AddAssets #powershell #sccv #tenable
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Ignore self signed certificates | |
| [System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true} ; | |
| #variables | |
| $hostname = "https://hostname/rest" | |
| #prompt for credentials | |
| $LoginCreds = Get-Credential | |
| $username = $LoginCreds.UserName | |
| $password = $LoginCreds.GetNetworkCredential().Password |
cactaceae21
/ KeyExport.sh
Last active
September 14, 2017 10:47
SSL Key export from PFX #ssl #openssl #security
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## Uses exported certificates from CertMGR.exe | |
| ## Export private keys from PFX | |
| openssl pkcs12 -in filename.pfx -nocerts -nodes -out filename.key | |
| ## Export public keys from PFX | |
| openssl pkcs12 -in filename.pfx -clcerts -nokeys -out filename.pem |
cactaceae21
/ AddException.json
Created
September 14, 2017 10:43
Add Security Center exception #sccv #tenable
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //"expries" is UNIXTIME; | |
| { | |
| "hostType":"all", | |
| "hostValue":"", | |
| "comments":"This is an API test for Risk Acceptance", | |
| "expires":1503705600, | |
| "repositories":[{"id":1}], | |
| "organization":1, | |
| "plugin":{"id":11457} | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Get OS of all domain joined computers and group by OS with count | |
| # 1. | |
| Get-ADComputer -Filter * -Properties OperatingSystem | Sort-Object -Property OperatingSystem | Group-Object -Property OperatingSystem -NoElement | ft -AutoSize | |
| # 2. | |
| $ADComputers = @() | |
| $ADComputers = Get-ADComputer -Filter * -Properties OperatingSystem,lastLogonTimestamp | |
| $ADComputers | Sort-Object -Property OperatingSystem | Group-Object -Property OperatingSystem -NoElement | ft -AutoSize | |
| ##Create date object for queries below |
cactaceae21
/ instructions.md
Last active
April 1, 2024 06:10
Removing hosts from Security Center data #tenable #sccv #nessus
To remove the additional IP from the repository and your license count through a manual process you will need to target the desired IPs/DNS in a scan with a specific configuration. SecurityCenter needs to identify those hosts as inactive, meaning they provide no results from a scan that targets them. To accomplish that you will need to do the following:
- You will need to run a scan against those addresses, however you will have to create a policy that you know will not return any data for those addresses.
- Click on 'Scans' and then on 'Policies'
- Click on 'Add'
- Select the 'Advanced Scan' template
- Name the policy properly.
- In the Host Discovery tab uncheck 'Ping the remote host' and in the 'Port Scanning' tab make sure to uncheck all port scanning options. That will make Security Center runs the plugins against the targets without pinging them first.
- Click on the 'Plugins' tab and select a plugin family that you know will not return any results and has more than 100 plugins in it. (Usually t
NewerOlder