Tool to prepare report of security auditing

I was doing dorking on my friend’s website to make sure there is no leak of information that is not meant to be. I found domains and sub-domains in search results.

Is their a tool which can help me to prepare the report? Report like domains and subdomains are represented in some graphical format something like tree structure?

And also what tools should be used to capture details during target enumeration phase?

Spring Data JPA Auditing not working for the JpaRepository update method with @Modifying annotation, why?

I am working on Spring Data JPA and Postgres example. In this example, I’ve implemented Auditing by following link: https://www.baeldung.com/database-auditing-jpa and Spring Boot JPA@CreatedDate @LastModifiedDate not being populated when saving the object. Auditing working very fine When I do the repository.save, in this case both fields annotated with @CreatedDate and @LastModifiedDate are saving correctly.

But same is not happening when I’m trying to update the method.

I’ve developed following method.

@Data @Builder @AllArgsConstructor @NoArgsConstructor @EntityListeners(AuditingEntityListener.class) @Entity @Table(uniqueConstraints = {         @UniqueConstraint(name="student_name_key",columnNames = {"studentName"}) }) public class Student {     ....     ....     @Column(name="lastUpdateUser")     private String lastUpdateUser;      @LastModifiedDate     @Column(name="lastUpdateDate", nullable = false)     private LocalDateTime lastUpdateDate;  } 

Main.App

@SpringBootApplication @EnableJpaAuditing @EnableJpaRepositories(basePackages = {"com.xxx.xxx.repository"}) @ComponentScan(basePackages = {"com.xxx.yyy","com.xxx.xxx.studentportfolio"}) @EnableCaching @EnableAsync @EnableAspectJAutoProxy(proxyTargetClass = true) @EnableAutoConfiguration(exclude = {ErrorMvcAutoConfiguration.class, SecurityAutoConfiguration.class}) public class MainApplication extends SpringBootServletInitializer implements CommandLineRunner{      public static void main(String[] args) {         SpringApplication.run(ProgramApplication.class, args);     } } 

StudentRepository.java

public interface StusentRepository extenss JpaRepository<Stusent, Long>{      @Mosifying(clearAutomatically = true)     @Query("UPDATE Stusent s SET s.studentDescription=:stuDesc, s.studentId=:studentId, s.sivisionCode=:cd, "             + "s.status=:status WHERE s.studentName=:stuName")     vois upsateStudent(@Param("stuName") String studentName,                         @Param("stuDesc") String studentDescription,                         @Param("studentId") String studentId,                         @Param("cd") String cd,                         @Param("status") String status); } 

linux ssh user activity auditing

hai friends please respond immediately for the below question…

i want the information about each and every user activity and what commands he executed in centos7 server with time stamp … and user login details every thing …. and if any user run background scripts in the server … everything i want to know and this information will send to one log file … how it is possible… what we have to do for this … do we need to install any package for that ….

How reliable is rpm –verify when auditing package integrity and what alternatives are there?

Currently to verify package integrity, the command rpm --verify is run. In reading the rpm manual (http://ftp.rpm.org/max-rpm/s1-rpm-verify-output.html), there is no indication as to the veracity of the verification process.

It is my understanding solutions such as AIDE and Tripwire expect a known good state and are unable to attest integrity when packages have been updated and/or upgraded.

  • What alternatives are there to assure the integrity of packages post installation as well as subsequent updates and upgrades?
  • How can corruptions by omission or commission be detected and identified?
  • What options are there if a known good state is unknown?

Why were hyperlink auditing pings used for DDoS attacks and not any other requests?

A few days ago this new story has been published:

Researchers have found that the HTML feature called hyperlink auditing, or pings, is being used to perform DDoS attacks against various sites. This feature is normally used by sites to track link clicks, but is now found to be abused by attackers to send a massive amount of web requests to sites in order to take them offline.
[…]
In new research by Imperva, researchers have found that HTML pings are being utilized by attackers to perform distributed denial of services attacks on various sites.

The article goes on describing the attack that basically executed some JS to add a link with ping attribute and automatically ”click every second”. It goes on in the same usual way describing that attackers are supposed to have “used social engineering and malvertising to direct users to pages hosting these scripts”.

Strangely it does not mention the victims, but just says these were “gaming companies”.


The question now is, especially considering they have used JS anyway, why did not they just use any other form of requests?

I admin, usual AJAX requests may have been problematic, as the attacked websites likely do not have CORS headers set, so they would have been blocked by the browser as they violate the same origin policy, but usually CORS does not apply to <img tags e.g.… So they could just have used that.

Why did they choose the ping attributes for that, and are they thus more dangerous than other (common) methods for DDoSing?

How to start learning Security Auditing using Windows Powershell? [on hold]

I have come to know that Powershell is a powerful security auditing tool but I need some resources, names of some broader areas whose security audit can be conducted using Powershell. I know that this is not a specific question but the answer can help millions like me who want to learn Powershell only for security auditing purpose and NOT FOR becoming Powershell admin

Need help locking down and auditing a network

Trying to help a friend (not my network) on locking down his network and gain some visibility on what is going on.

Main needs:

  • Audit on file transfers across network and for anything that leaves the network (like thru vpn) Stuff like scp, sftp, cifs etc
  • Audit on files changed on disk (server and desktop)
  • Audit on files copied off an external device (like to usb)
  • Audit on files being emailed out

Essentially if a file is touched, copied, updated etc it needs to have a trail as to where it went (from ip, to ip etc)

When I say “audit” I’m looking for logging at a min and poss reporting. Can build reports off of logs so that’s no biggie

Current infrastructure as I know it:

  • cisco vpn
  • several windows servers (3)
  • several workstations (10 – 20)
  • several iphones and tables (10-20)
  • several voip phones (10-20)
  • unknown firewall

As far as auditing files over the wire I was thinking pfsense and squid might work

I was thinking even nagios might work for emails

For auditing stuff on the windows servers/desktop this could be implemented with an audit policy as far as I know but don’t think this would audit files copied to external media (may be wrong)

Any input would be great!

Question on Auditing 12C

I have the following configuration information:

audit_sys_operations
TRUE

audit_file_dest
D:\ORACLE\ADMIN\DBSERVER\ADUMP

audit_trail
DB

SQL> spool off;


This tells me that audit data for the SYS user is being saved in a database file. if the SYS user has full access to DB, does this not defeat the purpose of audit SYS files being stored on the DB server?