Red Teaming and Malware Analysis
  • About
  • Red Teaming
  • Cheat Sheet
    • Web
      • Misc
      • File Upload bypass
      • Authentication bypass
      • SQL Injection
      • XSS
      • XXE
      • Reverse-shell
      • Webshell
      • (De)Serialization
    • Active Directory
    • Services by port
      • Enum
      • 5060 - SIP
      • 25 - SMTP
      • 135 - RPC
      • 445 - SMB
      • 11211 - PHPMemCached
      • ldap
    • Hardening
    • Stuff
      • Basic tips/scripts
      • OpenBSD & NetBSD
      • File Transfer
      • Pivoting
  • Active Directory 101
    • Dumping Active Directory DNS using adidnsdump
    • PrintNightmare
    • From DFSCoercer to DA
  • Fuzzing and Web
    • Server Side Template Injection (SSTI)
    • Finding SSRF (all scope)
    • Format String Exploitation
    • Cache Poisoning using Nuclei
  • Initial Foothold
    • Browser In The Browser (BITB) Attack
    • Phishing with Office
      • Weaponizing XLM 4.0 macros
  • Privilege Escalation (Privesc)
    • AV/EDR Bypass
      • Bypass AV/EDR using Safe Mode
      • Resources
    • UAC bypass
    • Process migration like meterpreter
  • Lateral Movement (Pivoting)
    • From Windows VPN + Kali VPN + DC
      • By using Proxifier
  • Persistence
  • Command and Control (C&C)
    • CobaltStrike 101
      • Pivoting DMZ: weevely + ngrok + CS Pivot COMBO via Linux
      • Extras + Plugins
      • Resources
  • Data Exfiltration
    • Extracting certs/private keys from Windows using mimikatz and intercepting calls with burpsuite
  • CVE & Exploits / CTF
    • Privilege Escalation
    • Serialization
    • CVEs
      • CHIYU IoT devices
      • Chamilo-lms-1.11.x - From XSS to account takeover && backdoor implantation
    • CVE - Submission Guides
  • Tools
    • Intel
    • OSINT
    • DNS
    • WEB
      • API and WS Hacking
      • Web Discovery
      • Web Fuzzing
      • Path Traversal
      • GraphQL
      • JWT
    • Infrastructure and Network
      • Scan and Discovery
        • Network mapper
      • Automated Scanners
      • Misc
      • Active Directory
        • Burpsuite with Kerberos Auth
      • Cloud & Azure
      • Command and Control (C&C)
      • (De)serialization
      • Lateral Movement
      • Powershell
    • Privilege Escalation
    • Exfiltration
    • Persistence
    • Password & Cracking
      • Wordlists
      • Tips
      • Rainbow Crackalack
    • Static Code Analysis
    • Reporting
  • Resources
  • Pwnage
    • WiFi
      • HOSTAPD-WPE
      • Rogue APP
      • WPA3 Downgrade attack
    • NRF
    • rubber ducky
  • Malware Analysis
  • Unpacking
  • Basic tips
  • Malware instrumentation with frida
  • Tools
    • Debuggers / Disassemblers
    • Decompilers
    • Detection and Classification
    • Deobfuscation
    • Debugging and Reverse Engineering
    • Memory
    • File Analysis
    • Emulators
    • Network Traffic Analysis
    • Other
    • Online Tools
  • Resources
    • DFIR FTK Imager
    • Convert IP Range into CIDR
    • Parsing Large Raw Files and Excluding Country IP Address Ranges
    • Windows Logs Automation
      • amcache.hve
    • Windows EventViewer Analysis | DFIR
    • Prevent Windows shutdown after license expire
    • Firewall raw Logs
  • Mobile
    • Tools
    • Reverse iOS ipa
      • Jailbreak
      • Install Frida iPhone 5S
      • Frida instrumentation
      • Resources / Extra features
    • Reverse Android APKs
      • Android Dynamic Analysis
      • Bypass root + Frida
      • SSL unpining frida + Fiddler/Burp
      • Backdooring/patch APKs
    • Basic tips
    • Resources
  • IoT / Reverse / Firmware
    • Basic tips
      • Repair NTFS dirty disks
    • Reverse IoT devices
      • Reverse TP-Link Router TL-WR841N
      • Reverse Trendnet TS-S402 firmware
      • Full emulate Netgear WNAP320
      • Reverse ASUS RT-AC5300
      • Reverse LinkOne devices
    • Tools
      • Qemu + buildroot 101
      • Kernel
    • Resources
Powered by GitBook
On this page
  • Openscap guide
  • Checklists
  • SCC NIST guide
  • Available rules
  • Win10 - profile
  • Screenshots - how to use SCC
  • My own scripts
  • WINDOWS SERVER 2012 R2 HARDENING CHECKLIST
  • RED HAT ENTERPRISE LINUX 7 HARDENING CHECKLIST
  • Awesome CheetSheets
  • Bonus

Was this helpful?

  1. Cheat Sheet

Hardening

PreviousldapNextStuff

Last updated 4 years ago

Was this helpful?

Hi guys, this is not a complete list for hardening but compiles a set of things I usually use in my hardening exercises.

Openscap guide

This exercise will cover off the basics of SCAP (Security Content Automation Protocol) and using OpenSCAP to Harden our Linux based OS. We will show you how easy it is to proactively scan and lock down our systems to ensure they are hardened to best practices using the SCAP Security Guide.

In short, SCAP standard consists of these components: XCCDF, OVAL, DataStream, ARF, CPE, CVE, CWE. In this article we will use the OVAL format for assessing our output using XCCDF as well as CPE for identifying the packages installed on the host system. A brief summary of these components are as follows:

OVAL: The Open Vulnerability and Assessment Language is declarative language for making logical assertions about the state of endpoint system.

XCCDF: The eXtensible Configuration Checklist Description Format is a language to express, organize, and manage security policies. These are the basic building block of security policy.

CPE: The Common Platform Enumeration is a structured naming scheme used to identify information technology systems, platforms, and packages. It will be used to identify uniquely identify a “platform” of software, hardware, or application.

Firstly, let’s install openscap, openscap-utils and scap-security-guide CentOS (you can be run on many variants of Linux such as RHEL, Ubuntu, Debian and so on…):

sudo yum -y install openscap openscap-utils scap-security-guide

Once installed, the SCAP Security Guide will include a set of pre-defined checklist we can make use of. available in the SCAP Security Guide content directory. Let’s list the available XCDF checklists we can take advantage of:

$  ls /usr/share/xml/scap/ssg/content/ | grep xccdf

ssg-centos6-xccdf.xml
ssg-centos7-xccdf.xml
ssg-firefox-xccdf.xml
ssg-jre-xccdf.xml
ssg-rhel6-xccdf.xml
ssg-rhel7-xccdf.xml

We will scan our system against “ssg-centos7-xccdf.xml”. We can inspect this checklist:

As you can see above, we have a set of profiles we can use when assessing our system against within the checklist. For example, if this was a host that needed to be in compliance with PCI-DSS or RHEL7 DISA STIG, we can use these profiles in our assessment and check for compliance.

Now we can run our scan. We will execute the following command:

$ sudo oscap xccdf eval --profile standard --results $(hostname)-scap-results-$(date +%Y%m%d).xml --report $(hostname)-scap-report-$(date +%Y%m%d)-after.html --oval-results --fetch-remote-resources --cpe /usr/share/xml/scap/ssg/content/ssg-rhel7-cpe-dictionary.xml /usr/share/xml/scap/ssg/content/ssg-centos7-xccdf.xml

Once run, the system will be assessed based on the options above. We defined:

  • “standard” profile

  • “ssg-centos7-xccdf.xml” checklist

  • “ssg-rhel7-cpe-dictionary.xml” CPE dictionary which will download the OVAL tests to be run

The output is a configuration assessment report stored in a HTML file within the local directory by the value “$(hostname)-scap-report-$(date +%Y%m%d)-after.html”.

We can view this HTML file and assess the output to determine the changes we need to make on our system. It will give us a score and for each issue identified, provide an explanation as well as scripts that can be run to rectify.

Checklists

SCC NIST guide

SCAP Compliance Checker (SCC) version 5.4 is officially released, and for the first time SCC will be available to the general public, not just government employees and contractors.

Available rules

Win10 - profile

Screenshots - how to use SCC

How to create tailored profiles and import in another instance:

  1. Start to edit the target profile.

  2. Copy the tailored file from: C:\Program Files\SCAP Compliance Checker 5.4\Resources\Content\XCCDF_Tailoring

  3. Create the dir: C:\Program Files\SCAP Compliance Checker 5.4\Resources\Content\XCCDF_Tailoring on the target instance

  4. Import the tailored file

  5. Export the options.xml file (FILE > Save Options as)

  6. Import the options.xml file into the target instance.

My own scripts

#!/bin/sh
mkdir logs1

rpm -Va > logs1/rpm_va.log
rpm -qa > logs1/rpm_qa.log
ls -aRl /etc/ | awk '$1 ~ /^.*w.*/' 2>/dev/null | tee logs1/etc_write_anyone.txt
ls -aRl /etc/ | awk '$1 ~ /w.$/' 2>/dev/null | tee logs1/etc_write_others.txt
ls -alh /var/log > tee logs1/var.log > logs1/var.log	
cat /etc/fstab > logs1/fstab.log
find / -perm -1000 -type d 2>/dev/null | tee logs1/stick_bit.log
find / -writable -type d 2>/dev/null | tee logs1/world_writable_folders.txt
find / -perm -o x -type d 2>/dev/null | tee logs1/world_executable_folders.txt
find / -xdev -type d \( -perm -0002 -a ! -perm -1000 \) -print | tee logs1/world_writable_files.log
cat /etc/yum.conf > logs1/yum.conf
ls -l /etc/yum.repos.d/ > logs1/repos.txt
systemctl -a | tee logs1/systemctl_a.log
iptable -S | tee logs1/iptables.log
#!/bin/bash
mkdir "logs"
uname -a > logs/uname.log
whereis strace > logs/strace.log
whereis ltrace > logs/ltrace.log
cat /etc/passwd > logs/etc_pwd.log
ifconfig -a > logs/ifconfig.log
route -n > logs/route.log
hostnamectl > logs/hostnamectl.log
awk -F: '($2 == "") {print}' > logs/empty_pwd_accounts.log
awk -F: '($3 == "0") {print}' > logs/non_root_accounts_with_suid.log
iptables -L > logs/iptables.log
/etc/sudoers > logs/etc_sudoers.log

WINDOWS SERVER 2012 R2 HARDENING CHECKLIST

RED HAT ENTERPRISE LINUX 7 HARDENING CHECKLIST

Awesome CheetSheets

Bonus

Why not using LinEnum

😎
😼
NCP - National Checklist Program Checklist Repository
NCP - National Checklist Program Checklist Repository
CIS Benchmark Hardening/Vulnerability ChecklistsNew Net Technologies
Logo
Assessing and Hardening Linux with OpenSCAPBob Cromwell: Travel, Linux, Cybersecurity
Security Content Automation Protocol (SCAP) – DoD Cyber Exchange
Security Content Automation Protocol (SCAP) – DoD Cyber Exchange
NCP - Download
NCP - Download
Windows Server 2012 R2 Hardening Checklist
Red Hat Enterprise Linux 7 Hardening Checklist
GitHub - decalage2/awesome-security-hardening: A collection of awesome security hardening guides, tools and other resourcesGitHub
C-Based Toolchain Hardening - OWASP Cheat Sheet Series
https://www.sans.org/score/checklists/linuxwww.sans.org
the-practical-linux-hardening-guide/README.md at master · trimstray/the-practical-linux-hardening-guideGitHub
GitHub - rebootuser/LinEnum: Scripted Local Linux Enumeration & Privilege Escalation ChecksGitHub
Main panel.
Tailoring a file.
Show results.
Not-compliance report - Windows Firewal.
Tailoring a profile.
Tailored file. After that, create the "XCCDF_Tailoring" dir and copy the target file on the target instance.
Import/export options file.
Logo
Logo
Logo
Logo
Logo
Logo
Logo
Logo
Logo
Logo
Logo
Logo
Logo