Posts

Showing posts from 2017

Install Xposed Inspector and Frida on Genymotion

Image
Today i had some work with android. So i need trace application. I found 2 nice tool can help me:
Xposed Inspector and Frida. To setup there, i used Genymontion with x86 Emulator (quick start and light).
First create custom phone with Android 6.
1. Install Xposed Inspector
Inspeckage Inspector is one module of Xposed, so i need install Xposed before. Your phone need to be rooted (Default genymotion phone is rooted). You need download:
- Genymotion-ARM-Translation_v1.1.zip
- xposed-v80-sdk23-x86.zip (Exactly version with android api)
- XposedInstaller_3.0_alpha4
- Inspeckage Download at: https://acpm.mobi/genymotion-xposed-inspeckage.
Drag and drop Genymotion-ARM-Translation_v1.1.zip and xposed-v80-sdk23-x86.zip to phone, it will be flashed. Reboot.
After reboot, drag and drop XposedInstaller_3.0_alpha4 and Inspeckage to install apk.
Enable Inspeckage module and reboot (with xposed reboot function).
After reboot, start Inspeckage to monitor your app.
Port map: adb forward tcp:8008 tcp:…

OSCP Course Review 09/2017

In this month, i have finished my OSCP course, and i had some review about course and exam:
Preparing
Before start lab, i had some preparing:
- I am pentester with more than 5 year experience.
- I am CTF player: web and pwnable is my category.
- Some experience with Software Exploit (Corelan and RPISEC course).
- Tried with some free lab.
OSCP Lab
After register, you will be received: PDF + Video material, VPN account to connect OSCP Lab. I used pdf only. In OSCP Lab, you had more than 50s machines to exploit. Some machine too easy, but some machine, you need "Try Harder". I get root more than 40s machine in first month, and spent two weeks to prepare OSCP exam. I used one week to complete my OSCP lab exercises and write lab report (to get 5 point bonus)
OSCP Exam
I had 24 hours to compromise a range of machine (5 machine). After first 3 hours, i compromise 3 machine. Next 6 hours to get 4th machine (1 hours to get limited shell and 5 hours to get root). After sleep, i start wr…

Experience in folder monitoring with OSSEC

Image
Today i had some job relate to folder monitoring. In my solution, i have selected OSSEC with ELK. I have spent 5 hour to troubleshooting OSSEC. :)). This it first time i config it.
You can use syscheck to folder monitoring. Reference in: http://ossec-docs.readthedocs.io/en/latest/faq/syscheck.html and http://ossec-docs.readthedocs.io/en/latest/manual/syscheck/
To monitor file edit, delete you can use syscheck with realtime monitor.
But to monitor  file added, you need:
Add to local_rule.xml
Edit ossec.conf:

Main problem is: you must edit ossec.conf in server (in my case is wazuh), not windows client.  Second problem, after integrity change more than 3 times, ossec disable alert. You must add auto_ignore is no in syscheck (on server). This is my result: ----------------------------------------------------------
Thanks for reading
--------------------------------------------------------------------------
Security Research
SecurityLab - Linux Lab -- Window and Cisco Lab
to be continued -…