Detect Visibility
Last updated
Last updated
Extract server name in certificates:
Extract information about certificates:
Check the status of applications and each port usage:
TSHARK Command Get network interfaces:
Check several network interfaces:
Save pcap and disable name resolution:
... and more commands follow in similar fashion.
Extract POST request values
Extract DNS response values
SNORT Command Run a test on the snort settings file:
Tools to inspect network traffic or PCAP files
EDITCAP tool Edit pcap files (separate 1000 packets):
Edit pcap files (separate packets per hour):
MERGECAP tool To merge several pcap files:
Windows
Honey Ports on Windows:
Step 1: Create a firewall rule to identify and deny all connections to port 3333.
Step 2: Execute the batch script.
... (additional steps for honey hashes and detection methods with PowerShell and batch script)...
Linux
Honey Ports on Linux:
Step 1: Create a loop to reject all requests to port 2222.
Honey Port Script on Linux:
Step 1: Download the Python script.
Step 2: Execute the Python script.
... (additional steps for using netcat, passive DNS monitoring, and log auditing)...
Windows
Increase Log Size for Better Auditing:
Check Security Log Settings:
For Audit Policy Settings:
Set Log Auditing (successful or unsuccessful) in All Categories:
Available Reports List and Sizes and Allowed:
Available reports list and their sizes and permitted:
Partial List of Security Log Auditing Events Keys:
Partial list of keys for monitoring Security Log Auditing events:
Display Reports Remotely:
Displaying reports remotely:
Display Event List Based on Event ID:
Displaying the list of events based on Event ID:
Account Access - Audit Credential Validation for the Last 14 Days:
Logging in - Audit Credential Validation for the last 14 days:
Account - Login and Logout:
Account - Logins and logouts:
Account Management - Audit Group Management Programs:
Account management - Managing the group of Audit apps:
Display Available Event Logs and their Sizes and Quota:
Partial List of Security Log Auditing Events Key Monitoring:
Display Logs Remotely:
Display Event List Based on Event ID:
Account Login - Audit Credential Validation for the Last 14 Days:
Account - Login and Logout:
Account Management - Audit Group Management Program:
Fine Tracking - Audit DPAPI Activity, Process Termination, RPC Events:
Domain Service Access - Audit Access to Directory Service:
Object Access - Audit File Share, File System, SAM, Registry, Certificates:
Policy Change - Audit Policy Change, Microsoft Protection Service, Windows Filtering Platform:
Privilege Use - Audit Sensitive and Non-sensitive Service Privilege Use:
System - Audit Security State Change, Security System Extension, System Integrity, System Events:
Add Microsoft IIS Module:
Get Information about IIS:
Get IIS Path Information:
List All Installed Software:
List Installed Software on Remote Computer:
Delete/Uninstall Software:
Query Users Connected to a Domain Controller:
Find Locked Out Accounts:
Note: Ensure you have the Active Directory module loaded (Import-Module ActiveDirectory) before executing.
Unlock User Account:
Check Service Status:
Start a Service:
Stop a Service:
Check Disk Space:
List All Running Processes:
Kill a Process:
Get All Available Network Adapters:
Enable Network Adapter:
Disable Network Adapter:
Get IP Configuration:
Set Static IP Address:
Set DNS Servers:
Create a New Folder:
Copy a Folder/File:
Move a Folder/File:
Delete a Folder/File:
Extract a Zip File:
Compress Files into a Zip:
Get System Uptime:
Check Memory Usage:
View Event Logs:
Send an Email:
*Note: Use Get-Credential to provide username and password for the SMTP server.
Schedule a Task:
Import a CSV File:
Export Data to a CSV File:
Get a List of User Profiles:
Remove a User Profile:
Check Firewall Status:
Source:
Source:
Source: