Friday, 18 March 2016

Amazing Download and upload Speed from Amazon EC2 instance

Amazing Download and upload Speed from Amazon EC2 instance!!

Image result for amazon ec2 black

Pointing DNS Zone File to Amazon EC2 Server IP

Recently I have came across situation where I had to point my DNS to Amazon EC2 instance.

My Set-up:
  1. Amazon EC2 Windows Server
  2. Public IP allocation for Amazon server is Dynamic
  3. Purchased Domain name from

As our server IP is dynamic, and we want users who visit : to redirect on our Amazon EC2 windows server, we will edit "DNS Zone" file on website :
  1. Edit DNS Zone file - 
  2. Change "A" record 
  3. Set "Host" = "@" 
  4. Set "Points To" = ( IP of Amazon EC2 Instance)

Changing DNS Zone file record to point to our Amazon EC2 Instance

After some time DNS settings should apply and if you try to ping it will show you IP address of your Amazon EC2 instance

Zoomeye Search Engine for Cyberspace

Recently I came across cool search engine for Cyberspace.
This is the place where  you can search by  :

  1. Port Numbers
  2. Application name and version
  3. Location - Country and city
  4. Operating System
  5. Service name
  6. Hostname
  7. IP Address
  8. CIDR notification - i.e. by IP subnets

This search engine may come in handy while performing external reconnaissance activities.

Searching for IP's with 3389 open port

Here is the User Manual

Saturday, 12 March 2016

Citrix XenApp Open Command Prompt in Restricted Environment

Recently I came across interesting stuff related to Citrix XenApp
Although its very simple to perform but important to know what a normal user can do in Restricted Environment.

How can you test what is possible in restricted Citrix Environment?

Scenario : You have just given access to outlook application by default.

Isn't it interesting if User who has access to Citrix environment is able to ex-filtrate data on the machine to outside world ?

Test Cases (Simple and Old techniques) :

  1. Open "Save As"
  2. Attempt to create Text file 
  3. Edit text files and add "cmd.exe" and save as "file.bat"
  4. Right click and execute "file.bat"
  5. It should execute command prompt in Citrix environment.
  6. You can also attempt to open Help and search for "How to open command prompt" , it should show you - Click here to open command prompt
  7. You can further attempt to perform 
    1. Privilege escalation
    2. Attempt to ex-filtrate data via Browser by opening "iexplore.exe"
Links you can refer for reviewing Citrix configurations

Link 1
Link 2
Link 3
Link 4

These are some of the simple and old ways an user can open command prompt and perform restricted operations in Citrix Environment.

Sunday, 6 March 2016

Identity and Access Management (IdM)

Identity and Access Management (IdM) :

  1. IdM allows organizations to create, maintain, terminate digital identities in timely and automated fashion.

Enterprise deals with below things :

  1. What should each user have access to - Printers/Internet websites/Remote desktop access
  2. Who approves and allows access - Approver for allowing access
  3. How do the access decision map to policies - Does accessing RDP service map to organization policy
  4. Do former employee still have access to 
  5. How to keep up with dynamic and ever changing environment
  6. How is access controlled and monitored centrally.
  7. Why should employee remember multiple passwords
  8. Centralizing credentials set
  9. Controlling access for employees, customers, partners
  10. Compliant with regulation

LDAP (Lightweight Directory Access Protocol) :

The string ("CN=Dev-India,OU=Distribution Groups,DC=gp,DC=gl,DC=google,DC=com") is a path from an hierarchical structure (DIT = Directory Information Tree) and should be read from right (root) to left (leaf).
It is a DN (Distinguished Name) (a series of comma-separated key/value pairs used to identify entries uniquely in the directory hierarchy). The DN is actually the entry's fully qualified name.

Reference Link

What is Meta Directory in IdM :

  1. Meta Directory is directory containing information fetched from various sources and stored in central directory, which provides a unified view.
  2. Meta Directory synchronizes itself with all identity sources periodically to ensure most up to date information is being used by applications and IdM components within enterprise.

Image Source

An example of Meta Directory product MetaDirectory product from "etos"
The MetaDirectory product has capabilities to merges various databases into a single, consistent LDAP directory that can be used throughout the company.

MetaDirectory product supports below technologies as a source for collecting data (Interfaces)  :

• ODBC (Access, SQL Server, MySQL)
• LDAP (OpenLDAP, NDS, public directory services)
• Active Directory / global catalogues
• Public exchange directories
• Off ice 365
• Lotus Notes databases
• Tobit David (free connector)
• DATEV pro and DATEV proprietary organization
• Microsoft Dynamics AX, CRM and Navision
• Microsoft Dynamics CRM Online
• Das Telefonbuch
• Herold
• KlickTel
• TwixTel
• Swisscom Directories

Official Link

What is Virtual Directory :

Virtual directory play similar role as Meta Directory however difference is,

Metadata Directory - Collects data from multiple sources and stores data in single Physical Directory
Virtual Directory - Virtual Directory does not store data in Physical Directory however, it just points to location where actual data is stored.

Good example can be a Dell product named  "Dell One Identity Virtual"

Web Access Management :

Web access management software controls what user can access when using web browser to interact with we-based enterprise assets.

WAM software is a gateway between User and Corporate web based resources.

When user request for access web server software will query in a directory.
Another important thing is to "Keep track of user activity"

Access Control

In Access Control, first step is Authentication followed by Authorization.

Authentication - Login ID & Password
Authorization  -  Checking of User is authorized to perform X activity.

Subject can be Program,Process, Server, Database, User which is trying to access Object such as Printer,Files,Folders,database.

Who is accessing - Subject
What is being accessed - Object

Security Principles :  (Remember it as CIA )

Confidentiality - Assurance that information is not disclosed to unauthorized individual/program/process

Integrity -   Protecting data from being altered.

Availability - Ensuring continuity of availability of resources

Identification - Authentication - Authorization - Accountability :

1. Identification   - Username / Account number
2. Authentication - Password / Pass-phrase / Cryptographic key / PIN No. / Token
    (After providing above information Subject is Authenticated )
3. Authorization   - System checks if Subject is authorized to access resource
4. Accountability -  Only way to ensure accountability is if subject is uniquely identified and actions are recorded  ( Logging should be implemented )

Race Condition :

Ex. Attacker could force authorization to be forced before authentication step.

Image result for race condition

Three factors of Authentication :

  1. Something a person knows - Authentication By Knowledge - Passwords/PIN/ Combination to lock
  2. Something a person has - Authentication by ownership - Key, Swipe card, access card, badge
  3. Something a person is  - Authentication by Characteristic - Physical attribute, biometrics

Strong Authentication = Multi-authentication  = Three factor authentication