https://everything-cyber.netlify.app/Recent content on Everything CyberHugo -- gohugo.ioen-usThu, 01 May 2025 12:49:58 +0530https://everything-cyber.netlify.app/blog/hub-spoke/Thu, 01 May 2025 12:49:58 +0530https://everything-cyber.netlify.app/blog/hub-spoke/Azure Hub-and-Spoke Architecture Using Terraform Description To design and deploy a secure, scalable Azure infrastructure using a hub-and-spoke topology. This project leverages Terraform for Infrastructure-as-Code (IaC) and includes network segmentation, centralized firewall, controlled access via jumpbox, and log analytics integration. Structure hub-spoke-architecture/ ├── provider.tf ├── main.tf ├── variables.tf ├── vnet.tf ├── firewall.tf ├── peerings.tf ├── routes.tf ├── jumpbox.tf ├── webvm.tf ├── appvm.tf └── log_analytics.tf Diagram What This Architecture Enables This infrastructure design delivers centralized, secure, and controlled access across the Azure environment, with the following key outcomes:https://everything-cyber.netlify.app/blog/deepdive-cryptography/Sun, 16 Mar 2025 12:49:58 +0530https://everything-cyber.netlify.app/blog/deepdive-cryptography/A Deep Dive into Encoding, Ciphers, and Modern Cryptography Method Purpose Example Reversible Key Encoding Transformation for safe transmission(Conversion) Base 64 Yes No Encryption Securing data from unauthorized access(Secrecy) AES, RSA Yes(With Key) Yes Hashing Ensuring Data integrity(Integrity) SHA-256, MD5 No No Encoding: Representing Data in Different Forms Base Encoding Base encoding methods are used to represent binary data in a readable format.https://everything-cyber.netlify.app/blog/velociraptor/Sat, 15 Feb 2025 20:49:58 +0530https://everything-cyber.netlify.app/blog/velociraptor/Incident Response Training Lab with Velociraptor Description This project simulates a real-world cybersecurity incident investigation using Velociraptor. Environment Setup Virtual Machines Velociraptor Server: Ubuntu Server (4 GB RAM, 2 CPUs) windows endpoint: Windows 10 Workstation (4 GB RAM, 2 CPUs) Attack Machine: Kali Linux Machine (4 GB RAM, 2 CPUs) Note: Set the VM’s Networking to NAT, so that the machines can ping each other or in the same networkhttps://everything-cyber.netlify.app/blog/volatility/Sun, 29 Dec 2024 12:49:58 +0530https://everything-cyber.netlify.app/blog/volatility/Volatility CheatSheet (Forensics - THM) Description Volatility is a powerful open-source memory forensics framework used by cybersecurity professionals and incident responders to analyse memory dumps. It supports Linux, Windows, and macOS memory analysis and offers a comprehensive set of plugins to extract various types of information, such as processes, network connections, registry keys, and more. Installation You can download the required package from Volatility’s github page. releases Creating a Symlinkhttps://everything-cyber.netlify.app/blog/reverse-elf-thm/Sun, 17 Mar 2024 12:49:58 +0530https://everything-cyber.netlify.app/blog/reverse-elf-thm/Binary Reverse Engineering with Reversing Elf Description Reverse engineering is the process of analyzing a product, system, or software to understand its design, architecture, functionality, and behavior, often with the goal of replicating, modifying, or improving it. In the context of software, reverse engineering specifically refers to the analysis of compiled code (binaries) to uncover its original source code or to understand its inner workings.The main goal is to understand the program’s logic, identify vulnerabilities, extract useful information, or modify its behavior.https://everything-cyber.netlify.app/blog/brainpan1/Tue, 05 Mar 2024 12:49:58 +0530https://everything-cyber.netlify.app/blog/brainpan1/Practicing Buffer Overflow with Brainpan 1 Description Practicing buffer overflow attack using Immunity debugger. This is also a walkthrough on a THM free trial box called Brainpan 1 Environment and Tools Used Kali Linux Windows 10 Immunity Debugger Python Recon NMAP Scanning the box via Nmap, we could see 2 ports are open, port 10000 where a python http server and something else is running on port 9999.https://everything-cyber.netlify.app/blog/reverse-engineering-api/Sun, 17 Dec 2023 12:49:58 +0530https://everything-cyber.netlify.app/blog/reverse-engineering-api/Creating an API documentation of a website from scratch Description Reverse engineering an API assists in discovering potential endpoints for evaluating its functionality, a critical aspect of testing and analysis. When access to official documentation or the API’s original codebase is unavailable, these methods enable the manual creation of documentation. Environment and Tools Used Application Here I am using Parabank by Parasoft. Parabank is a web application used to demonstrate web, API testing.https://everything-cyber.netlify.app/blog/assembly-with-nasm-1/Mon, 16 Oct 2023 12:49:58 +0530https://everything-cyber.netlify.app/blog/assembly-with-nasm-1/Learning Assembly with NASM Assembly language Assembly language is used to communicate directly with computer hardware. It is architecture-specific and is used in the development of OS and embedded systems programming Notable Unix System Calls Process creation syscall (execve) - Allows execution of the new program I/O syscall (open, read, write) - Exploit file handling vulnerabilities to access, read, or write sensitive files, such as configuration files, passwords, or private user datahttps://everything-cyber.netlify.app/blog/buffer-overflow/Wed, 05 Jul 2023 12:49:58 +0530https://everything-cyber.netlify.app/blog/buffer-overflow/Practical Buffer Overflow with FreeFloat FTP Server Description A walkthrough illustrating the methodology of the Buffer Overflow attack, focusing on the FreeFloat FTP Server. Lab Setup -Virtual box -A windows XP machine -Favourite Pentest Distro -Favourite Code editor Softwares and Tools -Download or Install Immunity Debugger and the Free Float FTP server onto the Windows XP -Download the mona.py file to Windows XP -Need Metasploit and SPIKE tools on the Pentest box (Here, I won’t be using spike script but would manually exploit the application)https://everything-cyber.netlify.app/blog/splunk/Sun, 02 Jul 2023 12:49:58 +0530https://everything-cyber.netlify.app/blog/splunk/Splunk Enterprise with remote Hosts Description This is a sample project to setup a Splunk SIEM lab and forward alerts and events from remote hosts to the splunk server for monitoring and analysing Prerequisites - Virtual box - Ubuntu server iso for hosting our Splunk server - Windows machine (here using windows 7) - Splunk Enterprise Edition and Splunk forwarder (we can get a 14 day trial version from Splunk to use the enterprise edition) Setup - Create 2 VM in Virtual box with Bridged network adapter and enabling Promiscuous modehttps://everything-cyber.netlify.app/blog/2fa-steal/Sat, 15 Apr 2023 12:49:58 +0530https://everything-cyber.netlify.app/blog/2fa-steal/2FA Steal Description Just a simple demonstration inspired from the video of John Hammond to bypass 2FA SMS Authentication. You can watch the video Here Languages and Utilities Used - Linux - Python - Java Environments Used - Windows 10 - kali Procedure: - Took the HTML code from the browser view page source - Added the json payload inside the code payload that we use in the html pages, bear in mind to change the input type based on the webpages <script src ="https://cdnjs.https://everything-cyber.netlify.app/blog/fim/Wed, 04 Jan 2023 12:49:58 +0530https://everything-cyber.netlify.app/blog/fim/File Integrity Monitor Description Integrity in CIA Triad means the correctness in a file. If a data gets changed or edited an alert needs to be triggered so that an analyst or others can check the integrity This projects is to create a FIM – File integrity Monitor powershell script(below). FIM – is to monitor some important files and is designed to provide an alert once it gets modified # change the file path D:\Desktop\FIM\baseline.https://everything-cyber.netlify.app/blog/siem-azure-sentinel/Mon, 02 Jan 2023 12:49:58 +0530https://everything-cyber.netlify.app/blog/siem-azure-sentinel/SIEM With Azure Sentinal Description This is a project done on mapping failed event login attempts(or a bruteforce attempts) on a windows machine which is open to the internet. we either turn firewall off or put ICMP requests to allow. After catching the logs, we run a powershell script inside the machine and by using Workspace Analytics, Log Analytics, Cloud Defender and Azure Sentinal; we pull these log out and maps it to the worldmap and see how many attempts have generated from all around the worldhttps://everything-cyber.netlify.app/blog/nessus/Sun, 01 Jan 2023 12:49:58 +0530https://everything-cyber.netlify.app/blog/nessus/Vulnerability management using Nessus Description Using Nessus essentials vulnerability management we are scanning a Windows 10 VM for vulnerabilities that are present and trying to remediate it. Tools Used Nessus Essentials Deployed Windows 10 VM in Virtual box Procedure: Set up a VM in Virtual box with windows 10 and bridged adapter settings Test connectivity using the PING command from host machine to the VM (Might need to allow SMTP in firewall or Disable Firewall)https://everything-cyber.netlify.app/aboutme/Mon, 01 Jan 0001 00:00:00 +0000https://everything-cyber.netlify.app/aboutme/About