EDR (Endpoint Detection & Response)- CLOUDSTRIKE-CARBONBLACK→ Secures endpoint devices only (laptops, servers, VMs).→ Focus is endpoint telemetry + detection + containment. Endpoint Detection and Response (EDR): EDR kicks in after a threat bypasses traditional defenses. It provides continuous monitoring, detection, and response capabilities for advanced threats and zero-days. • EDR helps in threat hunting, forensic… Read More »
What are your Daily EDR & SIEM Tasks for answering in Interviews On a daily basis, I monitor SIEM and EDR alerts and quickly triage them to separate real threats from false positives using process trees, log correlation, and user behavior. I respond to endpoint incidents by isolating infected machines, killing malicious processes, and supporting… Read More »
We need to place the script to add tomcat to start automatically upon reboot inside the init.d directory. Follow the below steps: cd etc/init.d/ touch tomcat vi tomcat Modify the java version and path as required marked in red in the content which will be pasted in tomcat file, and also the home directory where tomcat start… Read More »
THREAT TRACE and TRACK are two HTTP methods used to debug web applications. These methods could be used by malicious users to perform Cross-site Tracing attacks which are used to bypass authentication token protections. httpd server is vulnerable to TRACE requests and this needs to be remedied, We need to disallow http trace requests in… Read More »
Details of the Vulnerability THREAT: The user ((local service account) has blank password in the shadow file, which allows to connect to the system without entering a password. IMPACT: An attacker may connect to the system by knowing just the username. SOLUTION: Set a password for the user(local service account). ( Many companies security policy… Read More »
This vulnerability allows a attacker to decrypt ciphertext using a padding oracle side-channel attack. POODLE affects Secure Socket Layer (SSL) version 3.0. It does not affect Transport Layer Security (TLS). To remediate this vulnerability SSL 3.0 should be disabled To check if your server is vulnerable follow the below steps Make a script file say… Read More »
Step by step tutorial to install OpenVPN on redhat/centos 6.X servers in the Amazon EC2 Cloud. Login to the Amazon EC2 Cloud Install the following # yum install gcc make rpm-build autoconf.noarch zlib-devel pam-devel openssl-devel -y Next download LZO RPM and the repo RPMForge has to be configured # wget http://openvpn.net/release/lzo-1.08-4.rf.src.rpm Prior to adding correct… Read More »
Steps required to login to Linux Servers in Amazon EC2 as a root user. By default root is not allowed to login to Amazon EC2, but you can login as ec2-user as indicated in the steps below. Once you login with ec2-user you can switch to root. Step 1 – Download putty from – http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html… Read More »
In our previous session we have seen what is Linux and history of Linux In today’s session we shall see what is a Linux Shell, Linux Architecture & Linux Directory Structure. Linux Shell Shell is a user program Shell is a environment provided for user interaction. Theoretically speaking Shell is a language interpreter that executes… Read More »
We shall start from Linux Administration ( Fundamentals) What is Linux Linux is an operating system, unlike other operating systems. We shall see how it is different from other operating systems. Linux is free Linux is portable to any hardware platform Linux was made to keep running on and on Linux is secure and versatile Linux… Read More »