Posts

Showing posts from 2017

Install Xposed Inspector and Frida on Genymotion

Image
Today i had some work with android. So i need trace application. I found 2 nice tool can help me: Xposed Inspector and Frida. To setup there, i used Genymontion with x86 Emulator (quick start and light). First create custom phone with Android 6. 1. Install Xposed Inspector Inspeckage Inspector is one module of Xposed, so i need install Xposed before. Your phone need to be rooted (Default genymotion phone is rooted). You need download: - Genymotion-ARM-Translation_v1.1.zip - xposed-v80-sdk23-x86.zip (Exactly version with android api) - XposedInstaller_3.0_alpha4 - Inspeckage Download at: https://acpm.mobi/genymotion-xposed-inspeckage. Drag and drop Genymotion-ARM-Translation_v1.1.zip and xposed-v80-sdk23-x86.zip to phone, it will be flashed. Reboot. After reboot, drag and drop XposedInstaller_3.0_alpha4 and Inspeckage to install apk. Enable Inspeckage module and reboot (with xposed reboot function). After reboot, start Inspeckage to monitor your app. Port map: adb forwa

OSCP Course Review 09/2017

In this month, i have finished my OSCP course, and i had some review about course and exam: Preparing Before start lab, i had some preparing: - I am pentester with more than 5 year experience. - I am CTF player: web and pwnable is my category. - Some experience with Software Exploit (Corelan and RPISEC course). - Tried with some free lab. OSCP Lab After register, you will be received: PDF + Video material, VPN account to connect OSCP Lab. I used pdf only. In OSCP Lab, you had more than 50s machines to exploit. Some machine too easy, but some machine, you need "Try Harder". I get root more than 40s machine in first month, and spent two weeks to prepare OSCP exam. I used one week to complete my OSCP lab exercises and write lab report (to get 5 point bonus) OSCP Exam I had 24 hours to compromise a range of machine (5 machine). After first 3 hours, i compromise 3 machine. Next 6 hours to get 4th machine (1 hours to get limited shell and 5 hours to get root). After sleep

Experience in folder monitoring with OSSEC

Image
Today i had some job relate to folder monitoring. In my solution, i have selected OSSEC with ELK. I have spent 5 hour to troubleshooting OSSEC. :)). This it first time i config it. You can use syscheck to folder monitoring. Reference in:  http://ossec-docs.readthedocs.io/en/latest/faq/syscheck.html  and  http://ossec-docs.readthedocs.io/en/latest/manual/syscheck/ To monitor file edit, delete you can use syscheck with realtime monitor. But to monitor  file added, you need: Add to local_rule.xml Edit ossec.conf: Main problem is: you must edit ossec.conf in server (in my case is wazuh), not windows client.  Second problem, after integrity change more than 3 times, ossec disable alert. You must add auto_ignore is no in syscheck (on server). This is my result: ---------------------------------------------------------- Thanks for reading -------------------------------------------------------------------------- Security Research SecurityLab - Linux Lab -- Window an