1. Intro CentOS7에 snort를 설치해보자. 2. How to do? 기본적인 방법은 공식 홈페이지 매뉴얼을 따르되, 중간중간 오류가 있다. 따라서 아래의 방법대로 설치하면 오류 없이 설치할 수 있다. Step 1. Install snort & daq wget https://snort.org/downloads/snort/daq-2.0.6.tar.gz wget https://snort.org/downloads/snort/snort-2.9.12.tar.gz wget http://dl.fedoraproject.org/pub/epel/7/x86_64/Packages/l/libnghttp2-1.31.1-1.el7.x86_64.rpm yum install daq-2.0.6.tar.gz yum install libnghttp2-1.31.1-1.el7.x86_64.rpm yum install snort-2.9.12.tar.gz Step 2. Link library ln -s […]
Category: Information Security
Basic Analysis using cmd (bat file)
1. Intro You can use this batch file to perform basic analysis on computers using the Windows OS. The analysis file is output to a separate path (or default path) in txt file format. 2. Pre-Condition If you use this batch file, than you need necessary tools. You have to download and install the […]
Install WebGoat 7.1 on eclipse (Windows 10)
1. What is WebGoat? WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons. Official Site : https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project 2. Install WebGoat 2.1. Install JDK SE 7 and 8 JDK SE 7 : http://www.oracle.com/technetwork/java/javase/downloads/java-archive-downloads-javase7-521261.html JDK SE 8 : http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html Why Install both version? -> The ‘spring-web-3.2.4.RELEASE.jar’ included in […]
Volatility Basic Analysis
1. Intro This batch file can be used for initial analysis using volatility. After the initial analysis is done through this batch file, you can proceed with the detailed analysis with the commands you know. 2. Bat Code (to save ‘vola_analysis.bat’) @echo off cls :: Title : Memory Analysis using volatility :: Maker : […]
[HackTool] hxdef100
1. 개요 This tool can hidden task services, regKeys, ports(network). 2. Download hxdef100.zip unzip and move C:\ 3. edit hxdef100.ini [Hidden Table] hxdef* rcmd.exe iexplore.exe [Root Processes] hxdef* rcmd.exe [Hidden Services] NetDDEesm [Hidden RegKeys] NetDDEesm LEGACY_NetDDEesm HackerDefenderDrv100 LEGACY_HACKERDEFENDERDRV100 [Hidden RegValues] [Startup Run] [Free Space] [Hidden Ports] TCP:80,3389 UDP:445,500,1025,1049,4500,123 [Settings] Password=hxdef-rulez BackdoorShell=hxdefß$.exe FileMappingName=_.-=[Hacker Defender]=-._ […]
Search Ransomware ID
1. Intro You can search ransomware name or id When find ransomware file. 2. Site https://id-ransomware.malwarehunterteam.com/
Memory Forensic procedure on Windows
1. Intro Windows 환경에서의 메모리 포렌식 절차를 간단하게 살펴보자. 이 문서에서의 메모리 포렌식은 mdd를 사용하여 뜬 이미지를 volatility 프로그램을 사용하여 분석한 것을 바탕으로 작성되었다. 따라서 분석 이미지의 OS는 Windows XP이며 32bit이다. 2. Procedure Network connection이 있는 process 검색 ⓥconnections, connscan connections : 활성화 상태의 Network 상태 확인 connscan : 종료된 연결까지 포함한 Network 상태 […]
기본적으로 반드시 알아야하는 용어
프로세스 쓰레드 커널 커널 오브젝트 핸들 DLL E-Process K-Process E-Thread K-Thread PEB TEB
Memory dump program – mdd
1. Intro mdd is Memory dump Program. It is only execute 32-bit system. It was originally developed to work in the Win XP-2008, but it works fine on Windows 10 x32. This Tool is deprecated. Maintainer : ManTech 2. Requirement OS arch : Only 32-bit Administrator Permission 3. Download https://downloads.sourceforge.net/project/mdd/mdd/mdd-1.3/mdd_1.3.exe?r=https%3A%2F%2Fsourceforge.net%2Fprojects%2Fmdd%2Ffiles%2Flatest%2Fdownload&ts=1522983054 mdd_1.3.exe 4. […]
전역변수, 지역변수
http://soen.kr/lecture/ccpp/cpp1/7-1-1.htm