Jithin alex

OK
About Jithin alex
Cybersecurity Enthusiast, CISSP, CEH, CyberOps
Security Professional, having experience in IT governance, security operations, implementing and handling major security solutions and products in various technology sectors and regions.
Jithin Alex previously worked as an IT Security Manager for one of the top MNC and has used his technical knowledge and experience to write his books. Books authored by him has received major recognition from Bookauthority including,
• "Network Automation using Python 3" was named one of the best new Software Automation books
• "Cisco Firepower Threat Defense NGFW" was named one of the best Firewall books of all time
• "Network Automation Using Python3" has been listed as a recommended deep dive read in VMware's Network Automation for Dummies.
Read reviews and updates on https://www.goodreads.com/jithinalex
For articles and posts, visit my personal blog https://www.jaacostan.com
Customers Also Bought Items By
Are you an author?
Author Updates
-
-
Blog postInformation Technology Service Management (ITSM) Processes.
1) Service Request Management
Focuses on requests and responses for the IT help-desk items. The processes should be established and uniform. To reduce the workload on agents, organization may consider implementing self service options or chat-bots.
2) Service Catalogs
Generally Service Catalogs is a central location/webpage with all the details for contacting the help-desk. It may also contain the self1 week ago Read more -
Blog postWhen you do malware analysis of documents or office files, it is important to have Microsoft Office installed in your Lab machine. I am using flare VM and it doesn't comes with MS Office. Since Microsoft is promoting Microsoft 365 over the offline version, finding the offline installer is not that easy.
Here is the list of genuine Microsoft links to download the office .img files.
Download Microsoft Office 2019 Professional Plus : https://officecdn.microsoft.com/db/492350F5 months ago Read more -
Blog postWindows comes preinstalled with a lot of bloatware, telemetry and unnecessary services enabled. This results in higher resource utilization and less privacy. This post introduces some free open tools that helps to enhance privacy on windows by disabling unnecessary services and bloatware.
1) Privatezilla
Privatezilla integrates the most critical Windows 10 privacy settings and allows you to quickly perform a privacy check against these settings. Active settings are marked with th5 months ago Read more -
Blog postConsolidated list of selected top 10 Infosec Learning resources and platforms.
Red Teaming 1) Beginner? Want to learn ethical hacking basics.
The best stepping stone is Practical Ethical Hacking course by TCM on freeCodeCamp's YT. FreeCodeCamp has other free courses related to programming, ethical hacking etc on their YouTube channel. Learn for free.
Link : https://www.youtube.com/watch?v=3Kq1MIfTWCE
2) Try Hack Me (THM)
Learn and practice your cybersecurit5 months ago Read more -
Blog postRecently i encountered a very annoying problem. One of my Windows VM running on Virtualbox. This windows host keep shutting down on regular intervals. Initially i couldn't able to identify whether it is random or happening on fixed time intervals. I went through the settings, change active hours, change advanced startup options and went through the scheduled tasks suspecting something is triggering the reboot. Well, that didn't fix the issue. Then i went through the event viewer, and under Wi5 months ago Read more
-
Blog postNote : This is the continuation to my previous post on VirtualAlloc function, click here to refer.
RtlMoveMemory function copies the contents of the payload to the destination memory block/buffer.
The syntax of the function is,
VOID RtlMoveMemory(
_Out_ VOID UNALIGNED *Destination,
_In_ const VOID UNALIGNED *Source,
_In_ SIZE_T &nb5 months ago Read more -
Blog postWhile creating a malware, in-order to run they payload in the memory of the process, we need to create a memory buffer for the payload. For this purpose, we need to make use of the VirtualAlloc function.
As per the windows documentation, a VirtualAlloc function reserves, commits or changes the state of a region of pages in the virtual address space of the calling process.
Lets dig deep on this function and its parameters,
The syntax for the function usage is,
LPVOID Vi5 months ago Read more -
Blog postOften times, we might need to save some of the images in a word document or from a power point presentation. Most of us copy and save the images one by one. There is an easier way to extract all the images from the office file at once. Watch the video or follow the steps mentioned below.
1) Rename the file extension to .zip
2) Open or extract the Zip file.
3) Access the word/ppt directory
4) Open media folder and there you can see all the images embedded in the document.6 months ago Read more -
Blog postMetadata is the data about the data. Every files has some metadata and it describe what the file is (minus the content). For example, an image file, its metadata might contain information such as when the image is created, by whom, when is it modified, who can access etc, but it wont be able to tell what is in that image.
There are different types of metadata. Lets go through the main types.
1) System Metadata
This metadata is created and used by the Opera6 months ago Read more -
Blog postWhile performing a digital forensics investigation, you might need to collect various artifacts, information and images from the target machine. Most of the times, we make use of the automated tools to retrieve the information that we require. Read DFIR KAPE : Evidence Collection Tool
However, it is important to know to collect the data manually as well. This process of collecting the required information and image , also known as Evidence acquisition is one of the most important tasks6 months ago Read more -
Blog post"Global Privacy Control (GPC) is a proposed specification designed to allow Internet users to notify businesses of their privacy preferences, such as whether or not they want their personal information to be sold or shared. It consists of a setting or extension in the user’s browser or mobile device and acts as a mechanism that websites can use to indicate they support the specification." -- Source : https://globalprivacycontrol.org/
GPC is inbuilt with Brave and DuckDuckGo b7 months ago Read more -
Blog postGlad to announce the second edition of my book, Being a Firewall Engineer : An Operational Approach: A Comprehensive guide on firewall operations and best practices is now live on Amazon.
The firewall technologies and the landscape is rapidly changing and therefore i needed to make multiple changes from the first edition.This is not a configuration guide and is suitable for beginners and junior engineers. The following topics are briefly covered in the second edition of this book.
Va10 months ago Read more -
Blog posteLearnSecurity (ELS) offers a lot of great certifications in the field of Cybersecurity. Last year, ELS was acquired by INE. In my opinion, after the acquisition, there are a lot of gaps. First of all, many the links in the training materials are broken. Also information regarding the certification or the training materials are limited on the internet. Though INE has a community forum, getting a clear cut answer or solution is based on your luck. I haven't seen a lot of activity on their comm10 months ago Read more
-
Blog postIf you are reading this, you might probably encountered the following error while performing the sample analysis in Cuckoo,
Error starting Virtual Machine / VBoxManage error.
This error happens when there is some communication issue between the guest and host or with the VM snapshot.
The network configuration of the guest VM should be set as "Host only network" and verify the connectivity between the host and Guest by pinging each other. If that is f11 months ago Read more -
Blog postThis post is an introduction on Kroll Artifact Parser and Extractor (KAPE) and how it can be used to collect evidences.
When a malware is executed, it usually leaves some evidences about its execution. These are important details used for investigation and forensics. KAPE is an evidence acquisition tool and can be used to acquire all the evidence of execution from the victim's system.
The KAPE directory has two main folders. Modules and Targets.
KAPE Modules.11 months ago Read more -
Blog postRecently i have attended the Cloud security boot-camp from Penetester Academy and has cleared the certification exam (PACSP). This is a simple review about the boot-camp and the certification exam.
The boot-camp consists of 5 x 3 hour live interactive sessions. The instructor Jeswin Mathai knows his domain and has delivered the concepts pretty clear. The live sessions are via Zoom meeting and the participants can interact live through the discord channel. No questions unanswered. The11 months ago Read more -
Blog postMost of the attacks targeting AWS are based on exploiting the extensive permissions attached to the roles/accounts. This can be considered as a mis-configuration because the administrator was not following the principle of least privilege while creating roles and permissions.
Assume a scenario, Where there is a user in AWS who has the permission to attach user policy. The same user can elevate the privilege because it has the access to attach policies in to it. The user can even gain a11 months ago Read more -
Blog postPentesterAcademy Vulnerable Servers II Lab Write-Up | metasploit-pivoting
Lab Link : https://attackdefense.pentesteracademy.com/challengedetails?cid=1747
Vulnerable Servers II is a lab from PentesterAcademy, which is rated as easy. The lab topology shows two machines which means, there are two targets and the attacker has to perform pivoting in order to hack and get the flag from the target machine.
First Select the nearest Server and Click on Run the lab1 year ago Read more -
Blog postAre you interested in learning cybersecurity and having the big question "Where to start?". Well, few months ago, i also had the same question in my mind. Do i need to learn programming languages first, or web applications or networking ??? That's where i want to talk about the popular learning platform Tryhackme. TryHackMe is an online platform that helps people to learn cybersecurity, especially penetration testing by doing hands-on labs.
There are multiple learning p1 year ago Read more -
Blog postI am not an exploit developer but was interested to see how this vulnerability can be exploited. So i tried to replicate the infamous PrintNightmare vulnerability using the following PoCs (https://github.com/cube0x0/CVE-2021-1675) and (https://github.com/rapid7/metasploit-framework/pull/15385)
However i had trouble with the new metasploit module (auxiliary/admin/dcerpc/cve_2021_1675_printnightmare) and i couldn't able to exploit the machine successfully.
So i tried the second PoC f1 year ago Read more -
Blog postThis month, i have done two certification exams. Certified Ethical Hacker (CEH) Practical and eLearn Security Junior Penetration Tester (eJPT). These were not actually in my plan however when i received the free vouchers, i thought of giving the exams. So in this post, i am going to give a detailed comparison between the two certification exams.
Certified Ethical Hacker (CEH) Practical
I went for the CEH practical exam with an aversion, but i found it not bad. Mostl1 year ago Read more -
Blog postI was trying to use the snmpenum.pl in my lab and encountered this error.
Can't locate Net/SNMP.pm in @INC (you may need to install the Net::SNMP module)
I searched over the internet for the fix , but couldn't able to find something direct. However, going through some of the stackoverflow pages, i fixed it and is explained below. 1) First install the required packages related to snmp utilities.
sudo apt-get install libsnmp-perl 2) Install the SNMP module for perl.perl -1 year ago Read more -
Blog postPivoting is a technique used during Pentesting. The attacker gain access on one of the remote machine in the target network segment and use that machine to move around another network.
Pivoting is useful in a scenario where you don't have direct access to a remote network. For example, the attacker can access the DMZ server but not the Internal Server segment. But DMZ server can communicate with Internal Server Segment. In such scenario, firstly the attacker gain access to the DMZ server a1 year ago Read more -
Blog postThe Internet Explorer 11 desktop application will be retired and go out of support on June 15, 2022. Organizations with websites optimized for Internet Explorer may consider configuring IE mode in Microsoft Edge.
If you are configuring IE mode for an enterprise, you may refer the step by step guide from Microsoft.
To configure IE mode on your windows machine, follow the below steps.
1) Open Microsoft Edge browser
2) Go to Settings
3) Click on Default Browser1 year ago Read more -
Blog postWhen a packet is sent to an open UDP port, default behavior should be no response, Simply because UDP is a connection-less protocol. When this happens, Nmap or port scanning scripts refers to the port as being open|filtered. It could be open or behind the firewall. However, if it gets a UDP response which is very unusual in UDP, then the port is marked as open.
Then how Nmap or other port scanning scripts confirms whether there is an open UDP port exists??? For this, one should k1 year ago Read more
Titles By Jithin alex
Covers,
1) Solution architecture.
2) Incident lifecycle in Cortex XSOAR.
3) Integrations and incident creation.
4) Playbook development.
5) Layout customization.
6) Report creation.
7) Backup options.
8) Threat Intel management and EDL integration.
9) Introduction to MSSP.
Covers,
• How to upgrade ASA firewall to Cisco FTD (Migration and Upgrade)
• Configure Cisco Firepower Threat Defense (FTD) Next Generation firewall
• Configure Cisco Firepower Management Center (FMC)
• Manage and administer the FTD devices using FMC ( Configure interfaces, zones, routing, ACLs, Prefilter policies, NAT, High Availability etc)
• FTD local management using Firepower Device Manager (FDM)
• Introduction to the FTD Migration tool
Table of Contents
• Introduction
• How to use this book?
• What is Cisco FTD?
• Lab Topology
• Setting up Cisco Firepower Threat Defense (FTD) Firewall
• Changing Management IP
• Configure Manager in Cisco FTD
• Setting up Cisco Firepower Management Center (FMC)
• License Activation
• Explore the Cisco FMC options
• Register Cisco FTD with Cisco FMC
• Configure the Firewall Zone and Interface
• Additional Notes on Sub-Interface and Redundant Interfaces
• Create a Platform Policy
• Configure Routing on Cisco FTD
• Configuring FTD as a DHCP server
• Network Address Translation (NAT)
• Create an Access Control Policy
• Pre-Filter Policy
• Configuring High Availability on Cisco FTD
• Upgrading Cisco ASA firewall to FTD
• Installing Cisco FTD image on an existing ASA Firewall
• Install Firepower Threat Defense System Software
• Manage Cisco FTD firewall using Firepower Device Manager (FDM)
• Bonus: Introduction to Cisco FTD migration tool
Note: This book doesn’t cover the topics on VPN, SGT, and Cisco ISE integration.
What makes you a firewall expert? Understand different firewall products and the Packet-flows. Get familiarize with Change management and understand how to incorporate change management process in to firewall management operations. This book gives you a broad overview on Firewalls, packet flows, hardening, management & operations and the best practices followed in the industry. Though this book is mainly intended for firewall administrators who are in to operations, this book give a quick introduction and comparisons of the major firewall vendors and their products. In this book I have covered the following topics.
- Various Job roles related to Firewalls.
- What makes you a firewall expert?
- Know the major firewall vendors and their models.
- Firewall ranking and benchmarks.
- Understand the packet flow or order of operation.
- Understand the different types of firewalls.
- Daily tasks of a firewall administrator
- Guidelines on firewall hardening and compliance.
- Understand Change Management process.
- Illustration on How to make a firewall change (incorporating Change management process) with a real world example.
This is a Course, in a book format for Network administrators and engineers to learn python 3 and how to automate your network administration tasks using the python coding. You don't need to have a programming knowledge to use this book.This books covers all the basic necessary concepts with clear examples of python 3 programming required for network administration. Also providing a detailed explanation on Netmiko and its applications for SSH management with 11 real world examples.
•Python code to Change the Hostname using telnet.
•Python code to get the running configuration.
•Create and assign IP to a VLAN interface.
•Create multiple VLANs using python for loop.
•Create multiple VLANs on multiple switches.
•Configure SSH on all switches using python code.
•Backup the configuration of all switches.
•Create VLANs and Assign IP using SSH.
•Upload the configurations on all switches using SSH
•Create Multiple VLANs on all switches using SSH.
•Apply different configuration to different switches with a single python code.
Note: All exercises in this book are explained based on Cisco Networking environment.
This book provides a holistic approach for an efficient IT security Incident Management.
Key topics includes,
1) Attack vectors and counter measures
2) Detailed Security Incident handling framework explained in six phases.
_Preparation
_Identification
_Containment
_Eradication
_Recovery
_Lessons Learned/Follow-up.
3) Building a Incident response plan and key elements for an efficient incident response.
4) Building Play books.
5) How to classify and prioritize incidents.
6) Proactive Incident management.
7) How to conduct a table-top exercise.
8) How to write an RCA report /Incident Report.
9) Briefly explained the future of Incident management.
Also includes sample templates on playbook, table-top exercise, Incident Report, Guidebook.