CrowdStrike (BSOD) Case study _Technically, What Happened_.pdf
125.5 KB
اگه سرت درد میکنه اصل قضیه مشکلات سایبری این روزهای دنیا رو بدونی این فایل رو بخون
#crowdstrike
@Engineer_Computer
#crowdstrike
@Engineer_Computer
#استخدام
#هلپ_دسک
بندر جاسک هرمزگان
به همراه مکان استقرار و ...
حقوق ۲۵ تا حدود ۴۰
رزومه بفرستید به ایدی زیر
@Developer_network
@Engineer_Computer
#هلپ_دسک
بندر جاسک هرمزگان
به همراه مکان استقرار و ...
حقوق ۲۵ تا حدود ۴۰
رزومه بفرستید به ایدی زیر
@Developer_network
@Engineer_Computer
❤1
نت فلو یک عنصر مهم در امنیت اطلاعات است . نحوه ی تنظیم اون رو در ویدئوی زیر برای Cisco SD-WAN ببینید
https://m.youtube.com/watch?si=WeEoCAqX-uqkF-pI&v=a1Tw1xANgsU&feature=youtu.be
@Engineer_Computer
https://m.youtube.com/watch?si=WeEoCAqX-uqkF-pI&v=a1Tw1xANgsU&feature=youtu.be
@Engineer_Computer
YouTube
How to Configure SNMP and NetFlow on Cisco SD-WAN
In this video, I will guide you through the steps to configure SNMP and NetFlow on Cisco SD-WAN. Learn how to set up and manage these essential monitoring tools to ensure optimal network performance and visibility. Whether you're a network administrator or…
تحلیل سازمان معظم ISC2 ( صادر کننده مدرک CISSP) در مورد بحران CrowdStrike و راهکارهای جبرانی را بخوانید .
https://www.isc2.org/Insights/2024/07/After-the-CrowdStrike-Outage-What-Can-We-Learn
@Engineer_Computer
https://www.isc2.org/Insights/2024/07/After-the-CrowdStrike-Outage-What-Can-We-Learn
@Engineer_Computer
www.isc2.org
After the CrowdStrike Outage: What Can We Learn?
The CrowdStrike software update issue highlighted the importance of robust software testing and the software development lifecycle, domain elements of the CSSLP certification. Following on from our look at dealing with IT outages, we consider how this incident…
DHCP Starvation.pdf
2.4 MB
سناریوی عملی برای حمله علیه DHCP
@Engineer_Computer
@Engineer_Computer
https://www.remoto.ch/
دوستانی که علاقه به کار ریموت در #سوئیس دارند
میتونن ازین سایت اقدام کنن
مخصوصا افرادی که وب کار میکنند ....
@Engineer_Computer
دوستانی که علاقه به کار ریموت در #سوئیس دارند
میتونن ازین سایت اقدام کنن
مخصوصا افرادی که وب کار میکنند ....
@Engineer_Computer
❤2👍1
دو مقاله ی خوش نوشت از فورستر در مورد بحران CrowdStrike
https://www.forrester.com/blogs/the-crowdstrike-moment-calls-for-a-redefinition-of-business-resilience/
@Engineer_Computer
https://www.forrester.com/blogs/the-crowdstrike-moment-calls-for-a-redefinition-of-business-resilience/
@Engineer_Computer
Forrester
The CrowdStrike Moment Calls For A Redefinition Of Business Resilience
CrowdStrike's global outage holds lessons for business and tech leaders. Our new report provides a thorough overview of recommended actions.
در مصاحبه تیم قرمز چه میپرسند؟
https://github.com/HadessCS/Red-team-Interview-Questions
@Engineer_Computer
https://github.com/HadessCS/Red-team-Interview-Questions
@Engineer_Computer
GitHub
GitHub - HadessCS/Red-team-Interview-Questions: Red team Interview Questions
Red team Interview Questions. Contribute to HadessCS/Red-team-Interview-Questions development by creating an account on GitHub.
گزارش خوب بخوانیم
دور زدن اسمارت اسکرین ویندوز توسط گروه های APT
**مطالعه این گزارشات یکی از روتین های لایه ۲ و ۳ مرکز عملیات است
https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
@Engineer_Computer
دور زدن اسمارت اسکرین ویندوز توسط گروه های APT
**مطالعه این گزارشات یکی از روتین های لایه ۲ و ۳ مرکز عملیات است
https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
@Engineer_Computer
Fortinet Blog
Exploiting CVE-2024-21412: A Stealer Campaign Unleashed
FortiGuard Labs has observed a stealer campaign spreading multiple files that exploit CVE-2024-21412 to download malicious executable files. Read more.…
SOC Concepts & Questions .pdf
1.1 MB
خلاصه ای از دست نوشته ها از مفاهیم SOC
@Engineer_Computer
@Engineer_Computer
از جمله روشهای آنتی فارنزیک
پراکسی کردن سیستم کال
**البته هنوز ردپاهایی باقی میماند
https://medium.com/@nisaprmst/syscall-proxy-a-way-to-minimize-footprint-e7305efbfc5b
@Engineer_Computer
پراکسی کردن سیستم کال
**البته هنوز ردپاهایی باقی میماند
https://medium.com/@nisaprmst/syscall-proxy-a-way-to-minimize-footprint-e7305efbfc5b
@Engineer_Computer
Medium
Syscall Proxy: A Way To Minimize “Footprint”
This article will discuss one of the most advanced techniques of anti-forensics. Anti-forensics is tools or techniques that frustrate…
آنتی فارنزیک در حافظه
از جناب علیرضا تقی خانی
https://medium.com/@alirezataghikhani1998/memory-analysis-against-anti-forensics-methods-22dd2c37f2a
@Engineer_Computer
از جناب علیرضا تقی خانی
https://medium.com/@alirezataghikhani1998/memory-analysis-against-anti-forensics-methods-22dd2c37f2a
@Engineer_Computer
Medium
Memory Analysis Against Anti-Forensics Methods
“Exploring RAM acquisition techniques and focus on how malware uses anti-forensics techniques to evade memory acquisition”
سرتیفیکیت بیش از ۸۳ هزار دامین چرا باطل میشود؟
https://thehackernews.com/2024/07/digicert-to-revoke-83000-ssl.html
@Engineer_Computer
https://thehackernews.com/2024/07/digicert-to-revoke-83000-ssl.html
@Engineer_Computer
⭕️ قابل توجه کاربران ایرانی که از سرویس دهنده Aeza بدلیل ارزون بودن استفاده هایی مثل راه اندازی VPN میکنند .
گزارش فعالیت های هکرهای روسیه در اروپا نشون میده که در جهت گسترش منافع روسیه بحثهایی که شکل گرفته نشون میده از اسم شرکت Aeza به عنوان یکی از اهرم های اصلی تهیه زیرساخت های هکرهای روس نام برده شده است.
سرویس دهنده ای که بین کاربران ایرانی خیلی پرطرفدار است.
باید مراقب و آگاهی نسبت به ریسک های استفاده از سرورهای این سرویس دهنده رو داشته باشید.
https://correctiv.org/en/fact-checking-en/2024/07/22/inside-doppelganger-how-russia-uses-eu-companies-for-its-propaganda/
#Aeza #VPN #ru
@Engineer_Computer
گزارش فعالیت های هکرهای روسیه در اروپا نشون میده که در جهت گسترش منافع روسیه بحثهایی که شکل گرفته نشون میده از اسم شرکت Aeza به عنوان یکی از اهرم های اصلی تهیه زیرساخت های هکرهای روس نام برده شده است.
سرویس دهنده ای که بین کاربران ایرانی خیلی پرطرفدار است.
باید مراقب و آگاهی نسبت به ریسک های استفاده از سرورهای این سرویس دهنده رو داشته باشید.
https://correctiv.org/en/fact-checking-en/2024/07/22/inside-doppelganger-how-russia-uses-eu-companies-for-its-propaganda/
#Aeza #VPN #ru
@Engineer_Computer
CORRECTIV
Inside Doppelganger – How Russia uses EU companies for its propaganda
How Doppelganger, one of the biggest Russian disinformation campaigns, is using EU companies to keep spreading its propaganda – despite sanctions.
از chatGPT بهینه استفاده کنیم
مثال : سوال
As a forensic expert , Explain system call
جواب :
A system call is an essential mechanism that allows user-level processes to request services from the operating system's kernel. These services can include tasks like accessing hardware, managing files, allocating memory, or creating and managing processes. Here’s a detailed breakdown of system calls from a forensic expert's perspective:
### Basic Concept
1. Definition: A system call is a controlled entry point that allows a program to request a service from the operating system's kernel.
2. Purpose: It provides an interface between user-space applications and the kernel, enabling them to perform operations that require higher privileges.
### Categories of System Calls
System calls can be broadly categorized based on their functionality:
1. Process Control: Creating and managing processes (e.g., fork(), exec(), wait(), exit()).
2. File Management: Handling files and directories (e.g., open(), read(), write(), close(), unlink()).
3. Device Management: Interacting with hardware devices (e.g., ioctl(), read(), write()).
4. Information Maintenance: Gathering and setting system information (e.g., getpid(), alarm(), sleep()).
5. Communication: Facilitating inter-process communication (e.g., pipe(), shmget(), msgsnd(), recv()).
### System Call Lifecycle
1. Invocation: A system call is typically invoked by a user-level process through a library function (e.g., the C standard library).
2. Transition to Kernel Mode: The CPU switches from user mode to kernel mode to execute the system call. This transition is often triggered by a software interrupt or trap.
3. Kernel Execution: The kernel executes the requested service using its internal resources and privileged instructions.
4. Return to User Mode: The results of the system call are returned to the user process, and the CPU switches back to user mode.
### Forensic Relevance
From a forensic perspective, understanding system calls is crucial for several reasons:
1. Activity Monitoring: System calls provide insights into what a process is doing. By monitoring system calls, forensic experts can track file access, process creation, and other critical activities.
2. Malware Analysis: Malicious software often relies on system calls to perform its actions. By analyzing the sequence of system calls, experts can understand the behavior of malware.
3. Incident Response: During an incident, system call logs can help reconstruct the events leading up to the security breach.
4. Digital Evidence: System call traces can serve as digital evidence in investigations, revealing unauthorized access or data manipulation.
### Tools and Techniques
1. Strace: A widely used tool in Unix-like systems to trace system calls made by a process.
2. Auditd: The Linux Auditing System, which can log system calls for security monitoring and compliance purposes.
3. Sysmon: A Windows system service that logs system calls and other system events for detailed monitoring.
### Example
Here’s a simple example of how a system call works:
In this C program:
- The read() system call reads data from the standard input.
- The write() system call writes data to the standard output.
By understanding and analyzing such system calls, forensic experts can gain insights into the actions performed by processes on a system.
@Engineer_Computer
مثال : سوال
As a forensic expert , Explain system call
جواب :
A system call is an essential mechanism that allows user-level processes to request services from the operating system's kernel. These services can include tasks like accessing hardware, managing files, allocating memory, or creating and managing processes. Here’s a detailed breakdown of system calls from a forensic expert's perspective:
### Basic Concept
1. Definition: A system call is a controlled entry point that allows a program to request a service from the operating system's kernel.
2. Purpose: It provides an interface between user-space applications and the kernel, enabling them to perform operations that require higher privileges.
### Categories of System Calls
System calls can be broadly categorized based on their functionality:
1. Process Control: Creating and managing processes (e.g., fork(), exec(), wait(), exit()).
2. File Management: Handling files and directories (e.g., open(), read(), write(), close(), unlink()).
3. Device Management: Interacting with hardware devices (e.g., ioctl(), read(), write()).
4. Information Maintenance: Gathering and setting system information (e.g., getpid(), alarm(), sleep()).
5. Communication: Facilitating inter-process communication (e.g., pipe(), shmget(), msgsnd(), recv()).
### System Call Lifecycle
1. Invocation: A system call is typically invoked by a user-level process through a library function (e.g., the C standard library).
2. Transition to Kernel Mode: The CPU switches from user mode to kernel mode to execute the system call. This transition is often triggered by a software interrupt or trap.
3. Kernel Execution: The kernel executes the requested service using its internal resources and privileged instructions.
4. Return to User Mode: The results of the system call are returned to the user process, and the CPU switches back to user mode.
### Forensic Relevance
From a forensic perspective, understanding system calls is crucial for several reasons:
1. Activity Monitoring: System calls provide insights into what a process is doing. By monitoring system calls, forensic experts can track file access, process creation, and other critical activities.
2. Malware Analysis: Malicious software often relies on system calls to perform its actions. By analyzing the sequence of system calls, experts can understand the behavior of malware.
3. Incident Response: During an incident, system call logs can help reconstruct the events leading up to the security breach.
4. Digital Evidence: System call traces can serve as digital evidence in investigations, revealing unauthorized access or data manipulation.
### Tools and Techniques
1. Strace: A widely used tool in Unix-like systems to trace system calls made by a process.
2. Auditd: The Linux Auditing System, which can log system calls for security monitoring and compliance purposes.
3. Sysmon: A Windows system service that logs system calls and other system events for detailed monitoring.
### Example
Here’s a simple example of how a system call works:
#include <unistd.h>
#include <stdio.h>
int main() {
char buffer[128];
int bytesRead;
// System call: read from standard input (file denoscriptor 0)
bytesRead = read(0, buffer, 128);
// System call: write to standard output (file denoscriptor 1)
write(1, buffer, bytesRead);
return 0;
}
In this C program:
- The read() system call reads data from the standard input.
- The write() system call writes data to the standard output.
By understanding and analyzing such system calls, forensic experts can gain insights into the actions performed by processes on a system.
@Engineer_Computer
🔥1