Friday, 18 March 2016
Recently I have came across situation where I had to point my DNS to Amazon EC2 instance.
- Amazon EC2 Windows Server
- Public IP allocation for Amazon server is Dynamic
- Purchased Domain name from GoDaddy.com
As our server IP is dynamic, and we want users who visit : http://www.mydomain.com to redirect on our Amazon EC2 windows server, we will edit "DNS Zone" file on GoDaddy.com website :
- Edit DNS Zone file -
- Change "A" record
- Set "Host" = "@"
- Set "Points To" = 188.8.131.52 ( IP of Amazon EC2 Instance)
Changing DNS Zone file record to point to our Amazon EC2 Instance
After some time DNS settings should apply and if you try to ping www.mydomain.com it will show you IP address of your Amazon EC2 instance
Recently I came across cool search engine for Cyberspace.
This is the place where you can search by :
- Port Numbers
- Application name and version
- Location - Country and city
- Operating System
- Service name
- IP Address
- CIDR notification - i.e. by IP subnets
This search engine may come in handy while performing external reconnaissance activities.
|Searching for IP's with 3389 open port|
Here is the User Manual
Saturday, 12 March 2016
Recently I came across interesting stuff related to Citrix XenApp
Although its very simple to perform but important to know what a normal user can do in Restricted Environment.
How can you test what is possible in restricted Citrix Environment?
Scenario : You have just given access to outlook application by default.
Isn't it interesting if User who has access to Citrix environment is able to ex-filtrate data on the machine to outside world ?
Test Cases (Simple and Old techniques) :
- Open "Save As"
- Attempt to create Text file
- Edit text files and add "cmd.exe" and save as "file.bat"
- Right click and execute "file.bat"
- It should execute command prompt in Citrix environment.
- You can also attempt to open Help and search for "How to open command prompt" , it should show you - Click here to open command prompt
- You can further attempt to perform
- Privilege escalation
- Attempt to ex-filtrate data via Browser by opening "iexplore.exe"
Sunday, 6 March 2016
Identity and Access Management (IdM) :
- IdM allows organizations to create, maintain, terminate digital identities in timely and automated fashion.
- What should each user have access to - Printers/Internet websites/Remote desktop access
- Who approves and allows access - Approver for allowing access
- How do the access decision map to policies - Does accessing RDP service map to organization policy
- Do former employee still have access to
- How to keep up with dynamic and ever changing environment
- How is access controlled and monitored centrally.
- Why should employee remember multiple passwords
- Centralizing credentials set
- Controlling access for employees, customers, partners
- Compliant with regulation
LDAP (Lightweight Directory Access Protocol) :
What is Meta Directory in IdM :
- Meta Directory is directory containing information fetched from various sources and stored in central directory, which provides a unified view.
- Meta Directory synchronizes itself with all identity sources periodically to ensure most up to date information is being used by applications and IdM components within enterprise.
An example of Meta Directory product MetaDirectory product from "etos"
The MetaDirectory product has capabilities to merges various databases into a single, consistent LDAP directory that can be used throughout the company.
MetaDirectory product supports below technologies as a source for collecting data (Interfaces) :
• ODBC (Access, SQL Server, MySQL)
• LDAP (OpenLDAP, NDS, public directory services)
• Active Directory / global catalogues
• Public exchange directories
• Off ice 365
• Lotus Notes databases
• Tobit David (free connector)
• DATEV pro and DATEV proprietary organization
• Microsoft Dynamics AX, CRM and Navision
• Microsoft Dynamics CRM Online
• Das Telefonbuch
• Swisscom Directories
What is Virtual Directory :
Virtual directory play similar role as Meta Directory however difference is,
Metadata Directory - Collects data from multiple sources and stores data in single Physical Directory
Virtual Directory - Virtual Directory does not store data in Physical Directory however, it just points to location where actual data is stored.
Good example can be a Dell product named "Dell One Identity Virtual"
Web Access Management :
Web access management software controls what user can access when using web browser to interact with we-based enterprise assets.
WAM software is a gateway between User and Corporate web based resources.
When user request for access web server software will query in a directory.
Another important thing is to "Keep track of user activity"
In Access Control, first step is Authentication followed by Authorization.
Authentication - Login ID & Password
Authorization - Checking of User is authorized to perform X activity.
Subject can be Program,Process, Server, Database, User which is trying to access Object such as Printer,Files,Folders,database.
Who is accessing - Subject
What is being accessed - Object
Security Principles : (Remember it as CIA )
Confidentiality - Assurance that information is not disclosed to unauthorized individual/program/process
Integrity - Protecting data from being altered.
Availability - Ensuring continuity of availability of resources
Identification - Authentication - Authorization - Accountability :
1. Identification - Username / Account number
2. Authentication - Password / Pass-phrase / Cryptographic key / PIN No. / Token
(After providing above information Subject is Authenticated )
3. Authorization - System checks if Subject is authorized to access resource
4. Accountability - Only way to ensure accountability is if subject is uniquely identified and actions are recorded ( Logging should be implemented )
Race Condition :
Ex. Attacker could force authorization to be forced before authentication step.
Three factors of Authentication :
- Something a person knows - Authentication By Knowledge - Passwords/PIN/ Combination to lock
- Something a person has - Authentication by ownership - Key, Swipe card, access card, badge
- Something a person is - Authentication by Characteristic - Physical attribute, biometrics
Strong Authentication = Multi-authentication = Three factor authentication