Documente Academic
Documente Profesional
Documente Cultură
MX RECORD – iti arata dns ul server ului de mail – numele (cum se numeste server ul care hosteaza ip ul
respectiv) – comanda nslookup si scrii ip ul
Introducere headere
SPF – arata ip urile care sunt alocate domeniurilor de mail.(SE DA LOOKUP PT SPF) – PASS / FAIL
include – toate
all toate
SPF – 4 rezultate:
DKIM – aloca o cheie cripografica mail ului – e clar ca e sigur / creeaza si hash
Algoritmii DKIM-ului:
V = versiunea
A – algoritm de criptare
Cyberchef - decriptez
SocGholish – are la baza zip si javascript – da comanda whoami si si creeaza un temp cu datele extrase
din calculator
Recomandari: izoleaza calc, blocheaza ip, hash si daca e compromise reinstall all
Threat Intelligence is the analysis of data using tools and techniques to generate meaningful information
about existing threats targeting organization that helps mitigate risks. (Alien Vault, IBM, CISCO TALOS)
Spear phishing is an email or electronic comunitcations scam that involves targeting a specific individual,
organization or bussiness to try to steal their login credentials.
Vishing, which is short for "voice phishing," is when someone uses the phone to try to steal information.
The attacker may pretend to be a trusted friend or relative or to represent them.
LDAP (Lightweight Directory Access Protocol) is an open and cross platform protocol used for directory
services authentication.
LDAP provides the communication language that applications use to communicate with other directory
services servers. Directory services store the users, passwords, and computer accounts, and share that
information with other entities on the network.
CLI – COMMAND LINE INTERFACE - is an interface for user to issue commands in the form of successive
lines of text or command lines to perform the tasks. (for exemple: nslookup, ip config, )
UI – USER INTERFACE – ALLOWS USERS TO INTERACT WITH ELECTRONIC DEVICES THROUGH GRAPHICAL
ICONS AND VISUAL INDICATORS.
COMENZI:
WHOAMI –
THE LINUX PROVIDES “LS” COMMAND IN ORDER TO LIST FILES AND FOLDERS.
Windows MS-DOS and PowerShell command-line interface provide the dir command in order to list files
and folders.
WHOAMI – is the command that displays the user, group, privileges information for the user who is
currently logged on to the local system. If used without parameters, whoami display the current domain
and user name. Whoami can also exploited by the attackers. For exemple, SocGholish employs several
scripted reconnaissance commands. While much of this activity occurs in momory, one that stands out is
the execution of whoami with the output redirected to a local temp file with naming convention rad<5-
hex-chars>.temp.
Java script – care incepe sa ruleze whoami Atac prin drive by download
VULN SCAN -