Popcorn is a box that mimics a real world scenario. Attackers will establish the initial foothold by exploiting a vulnerability in a web app.
nmap scan shows ports 80 and 22 are open
October is a slightly difficult box. An attacker needs to apply some advanced techniques to gain root access. The complexity sits in identifying a buffer overflow and exploiting it with the tools available on a Linux system.
Perform a nmap scan of the system
Initial foothold is established through a very common developer mistake: code repository contains a set of credentials inadvertently included in one of the commits.
Perform a port scan using nmap:
For box Postman, the initial foothold is established by exploiting a security misconfiguration in REDIS. Through this vector an attacker can establish a SSH connection as an unprivileged user.
Enumerate using nmap and notice REDIS port is open
Nmap detects three open ports, ssh, http and elasticsearch
Heist is a box labeled easy and contains practical enumeration techniques and attack vectors. Initial foothold is achieved by leveraging an improper security configuration.
Start by checking what ports are open:
Once you begin collecting AWS data in Splunk using AWS Addon for AWS, there are a lot of detection capabilities that open up. We will cover the use case of detecting when large EC2 instances are launched, such as instance types 2xlarge, 4xlarge or 8xlarge with or without GPU.
The Splunk Add-on for AWS is an addon supporting data collection from AWS services. At the time of writing, it can seamlessly collect AWS config, AWS config rules, AWS Cloudtrail, CloudWatch, Cloudwatch logs and AWS inspector, Kinesis, S3 via SQS and billing data.
Nagios can be easily set up to handle graphing of mySQL database performance metrics. The set of indicators will be graphed by pnp4nagios, a performance data analyzer and grapher for Nagios.