Armory – A Tool Meant To Take In A Lot Of External And Discovery Data From A Lot Of Tools, Add It To A Database And Correlate All Of Related Information

Armory is a tool meant to take in a lot of external and discovery data from a lot of tools, add it to a database and correlate all of related information. It isn’t meant to replace any specific tool. It is meant to take the output from various tools, and use it to feed other tools.Additionally, it is meant to be easily extendable. Don’t see a module for your favorite tool? Write one up! Want to export data in just the right format for your reporting? Create a new report!InstallationPrerequisitesFirst, set up some kind of virtual environment. I like virtualenvwrapper:http://virtualenvwrapper.readthedocs.io/en/latest/install.htmlActually installingClone the repo:git clone https://github.com/depthsecurity/armoryInstall the module:python setup.py installYou will want to run armory at least once in order to create the default config directory: ~/.armory with the default settings.ini and settings for each of the modules.Next edit settings.ini and modify the base_path option. This should point to the root path you are using for your current project. You should change this with every project, so you will always be using a clean database. All files generated by modules will be created in here, as well as the sqlite3 database. By default it will be within the current directory-.UsageUsage is split into modules and reports.ModulesModules run tools, ingest output, and write it to the database. To see a list of available modules, type:armory -lmTo see a list of module options, type:armory -m -MReportsReports are similar to modules, except they are meant to pull data from the database, and display it in a usable format. To view all of the available reports:armory -lrTo view available report options:armory -r <report> -RInteractive ShellThere is also an interactive shell which uses IPython as the base and will allow you to run commands or change database values. It can be launched with: armory-shell. By default, the following will be available: Domain, BaseDomains, IPAddresses, CIDRs, Users, Creds, Vulns, Ports, Urls, ScopeCIDRs.Download Armory

Link: http://www.kitploit.com/2019/03/armory-tool-meant-to-take-in-lot-of.html

DOGE – Darknet Osint Graph Explorer

DOGEDarknet Osint Graph ExplorerStill in dev, works right.You should use this in addtion to Darknet OSINT TransformPay attention hereQuery prototype: SELECT DISTINCT custom_column_name AS input, another_custom_name AS output FROM some_table, obviously you can add other options as WHERE, ORDER BY, etc.How-ToDatabase file: the filename of the database (sqlite3), ex: db.sqlite3Graph file: useless (now as now)Icon From: the type of the “from" entity (email -> domain, email is "from", domain is "to"), so the same as Icon ToCenter to node: put node id here, then click on Center Graph to center the graph to that specific node idQuery: write here the query that you’ll use to retrieve data from the database, follow the prototype aboveLoad Data: add data but don’t draw, you could use this to import stuff from various databases and when everyting is imported, drawDraw Graph: draws nodes with edgesImport Graph: useless (now as now)Export Graph: useless (now as now)Prerender: does not display the graph until the "pre-rendering" process is done, this should be used when you have to graph 100s of nodes, feel free to change parameters:1st argument, precomputeGraph(), in pages/graph_1.html;in the same file, lines 246 and 247.Custom iconsEvery icon comes from Font Awesome, I just changed colors.  ScreenshotsStay tuned.Download DOGE

Link: http://feedproxy.google.com/~r/PentestTools/~3/Ugv1-a3xlrQ/doge-darknet-osint-graph-explorer.html

How Our Threat Analytics Multi-Region Data Lake on AWS Stores More, Slashes Costs

Data is the lifeblood of digital businesses, and a key competitive advantage. The question is: how can you store your data cost-efficiently, access it quickly, while abiding by privacy laws? At Imperva, we wanted to store our data for long-term access. Databases would’ve cost too much in disk and memory, especially since we didn’t know […]
The post How Our Threat Analytics Multi-Region Data Lake on AWS Stores More, Slashes Costs appeared first on Blog.

Link: http://feedproxy.google.com/~r/Imperviews/~3/0WO62f69Eys/

Hayat – Auditing & Hardening Script For Google Cloud Platform

Hayat is a auditing & hardening script for Google Cloud Platform services such as:Identity & Access ManagementNetworkingVirtual MachinesStorageCloud SQL InstancesKubernetes Clustersfor now.Identity & Access ManagementEnsure that corporate login credentials are used instead of Gmail accounts.Ensure that there are only GCP-managed service account keys for each service account.Ensure that ServiceAccount has no Admin privileges.Ensure that IAM users are not assigned Service Account User role at project level.NetworkingEnsure the default network does not exist in a project.Ensure legacy networks does not exists for a project.Ensure that DNSSEC is enabled for Cloud DNS.Ensure that RSASHA1 is not used for key-signing key in Cloud DNS DNSSEC.Ensure that RSASHA1 is not used for zone-signing key in Cloud DNS DNSSEC.Ensure that RDP access is restricted from the Internet.Ensure Private Google Access is enabled for all subnetwork in VPC Network.Ensure VPC Flow logs is enabled for every subnet in VPC Network.Virtual MachinesEnsure that instances are not configured to use the default service account with full access to all Cloud APIs.Ensure “Block Project-wide SSH keys" enabled for VM instances.Ensure oslogin is enabled for a Project.Ensure ‘Enable connecting to serial ports’ is not enabled for VM Instance.Ensure that IP forwarding is not enabled on Instances.StorageEnsure that Cloud Storage bucket is not anonymously or publicly accessible.Ensure that logging is enabled for Cloud storage bucket.Cloud SQL Database ServicesEnsure that Cloud SQL database instance requires all incoming connections to use SSL.Ensure that Cloud SQL database Instances are not open to the world.Ensure that MySql database instance does not allow anyone to connect with administrative privileges.Ensure that MySQL Database Instance does not allows root login from any host.Kubernetes EngineEnsure Stackdriver Logging is set to Enabled on Kubernetes Engine Clusters.Ensure Stackdriver Monitoring is set to Enabled on Kubernetes Engine Clusters.Ensure Legacy Authorization is set to Disabled on Kubernetes Engine Clusters.Ensure Master authorized networks is set to Enabled on Kubernetes Engine Clusters.Ensure Kubernetes Clusters are configured with Labels.Ensure Kubernetes web UI / Dashboard is disabled.Ensure Automatic node repair is enabled for Kubernetes Clusters.Ensure Automatic node upgrades is enabled on Kubernetes Engine Clusters nodes.RequirementsHayat has been written in bash script using gcloud and it’s compatible with Linux and OSX.Usagegit clone https://github.com/DenizParlak/Hayat.git && cd Hayat && chmod +x hayat.sh && ./hayat.shYou can use with specific functions, e.g if you want to scan just Kubernetes Cluster:./hayat.sh –only-kubernetesScreenshotsDownload Hayat

Link: http://feedproxy.google.com/~r/PentestTools/~3/eanL2lSrxVg/hayat-auditing-hardening-script-for.html

[database]Functions provided by DBMS

Here is a list of non-exhaustive functions provided by DBMS (Database management system) To prevent data lost during system failure, it should provide reliable recovery service. Provide transaction service for user such as read (select), update, delete, commit, insert, rollback. Provide authorisation service such as permission for user to insert (write new data), update (update … Continue reading “[database]Functions provided by DBMS"

Link: http://cyruslab.net/2018/12/01/databasefunctions-provided-by-dbms/

[DATABASE] File base vs database

This post illustrates the need for database approach to manage data. Problems with file base approach Data is stored in file defined by application, hence there is a possibility of potential useful data needed by another application but not aware by the application that requires it. Because the data is stored in file defined by … Continue reading “[DATABASE] File base vs database"

Link: http://cyruslab.net/2018/12/01/database-file-base-vs-database/

[DATABASE]ACID property of DBMS

Atomicity refers to a transaction is either fully completed or not completed at all, there is no partial complete transaction. This also refers to all or none rule. Consistency refers during transaction the integrity constraints are maintained so that the data are consistent before and after transactions. Isolation refers to changes of one transaction are … Continue reading “[DATABASE]ACID property of DBMS"

Link: http://cyruslab.net/2018/12/01/databaseacid-property-of-dbms/

[DATABASE] VIEWS

Views are virtual tables derived from columns and rows from the base table. Views provide what data are needed by the users, saving the trouble for users to understand the complexity and abstraction of the base tables. Views are dynamic, updates in base tables will reflect on views. Due to views only have limited access … Continue reading “[DATABASE] VIEWS"

Link: http://cyruslab.net/2018/12/01/database-views/

[DATABASE]SQL query examples

There are three relations used for this example – RENTAL_CUSTOMER, CAR, RENTAL. Below are the SQL statements used to create the relations. Data have been inserted to the relations: RENTAL_CUSTOMER CAR RENTAL List all cars rented by Smith since 1st of August 2017 List each make of the cars and the total number of cars … Continue reading “[DATABASE]SQL query examples"

Link: http://cyruslab.net/2018/12/01/databasesql-query-examples/