본문 바로가기

SECURITY/Network

[Tool] 와이어샤크 플러그인 https://github.com/pentesteracademy/patoolkit?fbclid=IwAR1Jn1pIb8LgqcHHc1YsRNG2lBcRpzwS3v7fJ5BoWjEv-N2nOVHBJngBcPg PA Toolkit (Pentester Academy Wireshark Toolkit)PA Toolkit is a collection of traffic analysis plugins to extend the functionality of Wireshark from a micro-analysis tool and protocol dissector to the macro analyzer and threat hunter. PA Toolkit contains plugins (both dissectors and.. 더보기
[자료] TCP dump https://danielmiessler.com/study/tcpdump/ A tcpdump Tutorial and Primer with ExamplesCREATED: JANUARY 4, 2004 | UPDATED: JULY 15, 2018Basic Examplesbasic communicationfind traffic by ipfilter by source and/or destinationshow traffic by networkshow traffic by portshow traffic by protocolshow ipv6 trafficfind traffic using port rangesfind traffic based on packet sizewriting to a fileAdvanced Examp.. 더보기
[자료] Capture a Network Trace without installing anything https://blogs.msdn.microsoft.com/canberrapfe/2012/03/30/capture-a-network-trace-without-installing-anything-capture-a-network-trace-of-a-reboot/ If you need to capture a network trace of a client or server without installing Wireshark or Netmon this might be helpful for you. (This feature works on Windows 7/2008 R2 and above).The short version:1. Open an elevated command prompt and run: "netsh t.. 더보기
[자료] TCP dump https://hackertarget.com/tcpdump-examples/ Tcpdump ExamplesPractical tcpdump examples to lift your network troubleshootingand security testing game. Commands and tips to not only use tcpdump but master ways to know your network.Knowing tcpdump is an essential skill that will come in handy for any system adminstrator, network engineer or security professional. 더보기
[자료] NSE Information Gathering1. DNS Brute ForceFind sub-domains with this script. Detecting sub-domains associated with an organizations domain can reveal new targets when performing a security assessment. The discovered hosts may be virtual web hosts on a single web server or may be distinct hosts on IP addresses spread across the world in different data centres.The dns-brute.nse script will find valid.. 더보기
[자료] SSL 패킷 디크립트 How to Decrypt SSL traffic using Wireshark : SSL is one the best way to encrypt network traffic and avoiding men in the middle attacks and other session hijacking attacks. But there are still multiple ways by which hackers can decrypt SSL traffic and one of them is with the help of Wireshark. Wireshark has an awesome inbuilt feature which can decrypt any traffic over a selected network card. So .. 더보기
[정리] SNMP community string 1. 개념 설명 문서 2. 설정 /etc/snmp/snmpd.conf 또는 /etc/snmp/conf/snmpd.conf 설정파일에서 "com2sec notConfigUser default public" 값을 "com2sec notConfigUser default 변경값" 으로 수정해 줌 서비스 재시작 해주고 service snmpd restart or /etc/init.d/snmpd start 3. 확인 snmpwalk로 확인하기 snmpwalk -v2c -c 변경값 localhost 더보기
[자료] TCP TIME_WAIT 관련 글 http://sunyzero.tistory.com/198 TCP TIME_WAIT를 없애는 방법 더보기
[Tool] CapTipper http://www.hakawati.co.kr/329http://noplanlife.com/?p=1134http://www.malware-traffic-analysis.net/2014/12/15/index.html pcap 파일을 이용해 악성 트래픽을 분석하는 도구 자세한 내용은 위 링크 참고 git clone으로 설치 후 사용 가능 재밌게 활용할 수 있을것 같다. 더보기
[자료] Nmap 자세한 정리 https://highon.coffee/docs/nmap/#target-specification 더보기