Tools: ELFF Format Explanation

Logs Explanation ****************************************************** This is an ELFF format with custom strings of: ****************************************************** date time time-taken c-ip sc-status s-action sc-bytes cs-bytes cs- method cs-uri-scheme cs-host cs-uri-port cs-uri-path cs-uri-query cs-username cs-auth-group s-hierarchy s-supplier-name rs(Content- Type) cs(User-Agent) sc-filter-result cs-category x-virus-id s-ip s- sitename******************************************************  example: 2013-11-07 01:01:11 1 10.10.10.10 304 TCP_HIT 320 894 GET http http://www.martugbo.com  80 /plugins/tt/tt.php ?src=photos/ce3ccf9cc6cfbbea1bce22547f35b950.jpg&w=86&h=56&zc=1&media=1 jon_do USER_Group\WWU-IA-StandardAccess Unknown 10.10.40.66 image/jpeg "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; xs-q__ic9-390M;iwOfva; … Continue reading Tools: ELFF Format Explanation

Windows: How do I find an LDAP User and their Group Base DN for Microsoft Active Directory?

To find the user and group base DN, you can run a query from any member server on your Windows domain. To find the User Base DN: - Open a Windows command prompt. - Type the command: dsquery user -name <known username> (Example: If I were searching for all users named John, I could enter … Continue reading Windows: How do I find an LDAP User and their Group Base DN for Microsoft Active Directory?

Tools: How to identify and clean up Windows computers infected with malware and bots

Solution: Follow the steps below in the given order: Step 1: Disconnect the computer from the network and notify the user that the computer cannot be re-connected until all malware has been successfully removed. Step 2: Find out if the user is familiar with the destination or action that the malware or bot is trying … Continue reading Tools: How to identify and clean up Windows computers infected with malware and bots

Tools: Test your Firewall’s AV, Anti-Bot and Threat Emulation functions

Found this tool from CheckPoint to test your AV, Anti-Bot and Threat Emulation function. https://threatwiki.checkpoint.com/threatwiki/public.htm Test Threat Emulation Click to download a DOC with an exploit. This file will not harm your computer. To confirm the file was detected, use the Smart Log / Smart View Tracker to locate the Threat Emulation log for this … Continue reading Tools: Test your Firewall’s AV, Anti-Bot and Threat Emulation functions

What Are Email Vulnerabilities And How Can We Secure Our Email Account

E-mail is one of the most widely used Internet services today. The services which are generally used in the e-mail Infrastructure are Simple Mail Transfer Protocol (SMTP) and Post Office Protocol version 3 (POP3) or Internet Message Access Protocol (IMAP). The client communicates with e-mail server through Simple Mail Transfer Protocol (SMTP) and retrieves a … Continue reading What Are Email Vulnerabilities And How Can We Secure Our Email Account