MIB KASPERSKY SECURITY CENTER

So today i'll share the MIB kaspersky security center and the procedure to how you can configure for the ksc server (console) to stay on according for you start the monitoring by NOC (zabbix, nagios, or any way) your product just have support for SNMP protocol.


following the procedures:

file mib: https://mega.nz/#!3VMQALqa!DtNWxaNkynN3e9IjY1h5oVkYP5iPpfURMiM8sdTsDow


URL to make a server configuration:

SNMP configuration #https://support.kaspersky.com/2811
SNMP with SCOM #https://support.kaspersky.com/12603
SNMP overview http://support.kaspersky.com/learning/courses/kl_102.98/chapter1.2/section3

for import those mibs you must downlaod of this files and put on your MONITOR server like (ZABBIX, NAGIOS) or someting like that.



normally for zabbix for example, i need move this files for /usr/share/mibs folder and restart the service snmpd daemon. but depends for your monitoring software.

HOW TO RUN NMAP FOR WINDOWS TARGETS

MICROSOFT ENUMERATION PORT:

nmap -v -O -sV -T4 --osscan-guess -oA ms-smbscan --script=smb-enum-domains,smb-enum-processes,smb-enum-sessions,smb-enum-shares,smb-enum-users,smb-os-discovery,smb-security-mode,smb-system-info <target ip>

nmap -T4 --top-ports 50 -sV -O --osscan-limit --osscan-guess --min-hostgroup 128
--host-timeout 10m -oA ms-vscan -iL ms.ips.lst

HOW TO UPLOAD FILE VIA LINUX SHARE FOLDER FOR GOOGLE DRIVE

First of all, you must have a gmail account, after that enable to use a google drive feature.

After that, on debian for example or ubuntu just you add this account using the option online accounts

And keep the options : documents and file enable something like that:

and after you can see the share folder added

HOW TO INSTALL METASPLOIT RAPID7

Was used, ubuntu server 16.10 lts..


Was downloaded by wget  http://downloads.metasploit.com/data/releases/metasploit-latest-linux-x64-installer.run

after,

chmod +x metasploit-latest-linux-x64-installer.run

./metasploit-latest-linux-x64-installer.run

After all steps..

• define local installation
• terms.
• and everything.. 

try to open https://localhost:3790

If you start the remote access by another computer, try to use the network address, however you can't access, because first you must create a local user to try access your remote access..
  
for this procedure go to installation directory.

for me is :  /opt/metasploit

execute  ./createuser <your_user_name>
will define a default password.


good luck..

HOW TO INSTALL NEXPOSE RAPID7

Was used, ubuntu server 16.10 lts..

by this way https://www.rapid7.com/products/nexpose/download.jsp

Was downloaded by wget http://download2.rapid7.com/download/NeXpose-v4/NeXposeSetup-Linux64.bin

after,

chmod +x NeXposeSetup-Linux64.bin

./NeXposeSetup-Linux64.bin -c

After all steps..

• define local installation
• terms.
• and everything.. 

Continue executing this command:

go to installation directory.

for me is :  /opt/rapid7/nexpose/nsc
execute ./nsc.sh

Obs, for me was necessary execute two times.. for open the web internface:

https://localhost:3780.


good luck..

HOW TO CHECK WHAT CONNECTION PORTS IS USING BY NETSTAT (SOURCE AND DESTINY

netstat -sp TCP
netstat -abnp TCP
netstat -abnp UDP

HOW TO KNOW A COMPLIANCE DOCUMENTATION FOR CERTIFICATION ISO 27001,27002, FIPS200, PIC, NERC, FISMA,HIPAA,GLBA AND SOX

For reference and make a compliance documentation for your enviroment, i recommend use this document for know what the requirements guidelines for write yours.

https://mega.nz/#!iANjWDwC!vonEwcTewlfRkxfA75rAsvLCVOBDgkJqYGqd7yTIF2I

HOW TO DOWNLOAD A MALWARE SAMPLE

For download some virus for test you can download by this web sites:

http://www.malwareblacklist.com/
http://malshare.com/index.php
http://dasmalwerk.eu/
http://www.kernelmode.info/forum/viewforum.php?f=16

https://virusshare.com/

Or 

MALWARE SAMPLE DOWNLOAD | for unpack use the password infected

0.exe.zip https://mega.nz/#!edcCgBxR!ByiZn7Ne2N1SJ5gsis9QQGUfCS3YfxR8CgQ-2Gum3i4
1.exe.zip https://mega.nz/#!vZFjwITJ!vM6xbnNDnr7Q6ZNN06gSrAWd-TA2rTkjnyHUV2hGbeY
2d.exe.zip https://mega.nz/#!HBkH2STT!IfjK9_YlVO1w2Hc6Qj5FGqibY833uTCZp87AlNQdCxI
340s.exe.zip https://mega.nz/#!OFshhZoD!XbdmPPzQFi0LKYDP_vEVWlhMeLYHZR_HrM1JNAu0NqE
854137.exe.zip https://mega.nz/#!jUFQEZCK!c9a_FNKi_ZwGE3QgGC2CGEGtG8hr0H8NQL0fT96tEgA
Bombermania.exe.zip https://mega.nz/#!CF1FQICI!LYKQ826n_lgqFXPxkJwyFA6ZE19_MzWAOaEiyCISBis
bx89.exe.zip https://mega.nz/#!GRMGHLaK!vTSwmurhkEAPurPVscvUQMqr5EwJgwdOZwN6zh8NfnI
eh.exe.zip https://mega.nz/#!iMcW2CIa!xHQQNIef1zVSEcM2fPEIfd3W74quA1Pz0PMnkjWR9F8
GEPMALWARESAMPLE.rar https://mega.nz/#!iI0BULaL!ZaM8vV-bjymMomU4hEJ47pMNcFzczV48CqnkFl-UE2Q
Google_Adobe_FlashPlayer.exe.zip https://mega.nz/#!zYNhmCTb!F41BATHBvohbYv3ppQWeyxMjl0jcqV9nFFajAzXrhpA
KUNKRNMALWARESAMPLE.rar https://mega.nz/#!WdU3EQCJ!QauSh6f9JefU0HNhANvBqQ-wYGLVZ8FO_INpFodPrDI
Malz.zip https://mega.nz/#!iBFw1SqZ!RpZ3zpck892RMRPZBqrIlokEF46Om486z8-tLu6JdEY
Malz2.zip https://mega.nz/#!3UUEASjC!4E-18KOav-6I_AwRTBoAep7JSP5orNQA73_aV5KoWCM
Malz3.zip https://mega.nz/#!aQEFBArb!CxuIrQMg9m_68m0G_1n-8KACBqyL0REesgJaJRwkBSM
malz4.zip https://mega.nz/#!rYVx3YgS!tABqdgVOWDifTTy5txf-b3pgfOdPLwPYcxE-McdkeIo
malz5.zip https://mega.nz/#!vcdARDQD!21eRfqWuPf2C55UP127Zu24Y3yAU8mY_waWn8-giXVk
MALZ6.zip https://mega.nz/#!rEkhnSAa!D9ycqfgZxnXfa_RYqulGsfuyBIHTiP9VdTncJHJAEIk
mcpatcher.exe.zip https://mega.nz/#!jQdHiQbb!7bxO-zklWylqlSvgml-XtLMPWGlqu8k79dD4rmCszso
microsoft office 2007 service pack 2.exe.zip https://mega.nz/#!yYVx2a7T!PzzjzI8Z3y6QRM7o4kAxKJpW9qCSYDMDlwNctzFJWAI
newbos2.exe.zip https://mega.nz/#!jQ1VCIJa!vqGNxGDA707at8YFEuRMjRSe4cxE9gl9RjLCNFWzroA
TekDefense.7z https://mega.nz/#!TNEjyIKa!rWhxC3kBLpoM2FbNnpOzusvj8m7dEHO57b9OZMkX7sc
tekdefense.zip https://mega.nz/#!TJM21JoY!NT95Ut0shjcEJ6lxYZP0e5ds6R4Yr7U1XaYBcrjSBD0
whatami.zip https://mega.nz/#!SUsSBb5I!VJ49lioaR5y2C2T2QWvs4Ex3SDSMCWyK5Cplf0avFZQ
yitaly.exe.zip https://mega.nz/#!iE9BkTQY!OcfK0L139wOeEkuo2slCiJmw8WgqvvQ300sCiw5l-lo
YW4BB6TMALWARESAMPLE.rar https://mega.nz/#!6BlljSpD!MQs34lZpwIMvagCSHvZzL5zjG6UpEY7tqKCI8uL532o

After download the password is infected

HOW TO CHECK THE TIME FOR THE PROCESS ENCRYPTION - BENCHMARK

So, just run veracrypt and open encryption algorithm benchmark

source: https://veracrypt.codeplex.com/

HOW TO FIX AUDIO NOT WORK ON KALI LINUX 2.X (SOLVED)

First execute on root terminal:
pulseaudio -D

If you have this message, find the fle  .bashrc on root folder:
vi .bashrc and on the final file add

pulseaudio -D
clear

HOW TO INSTALL SPOTIFY ON KALI LINUX 2.0 (SOLVED ERRO spotify-client : Depends: libssl1.0.0 but it is not installable)

ADD on repository : /etc/apt/sourcelist

deb http://repository.spotify.com stable non-free

after execute:

apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 94558F59

and execute:
apt-get update && apt-get install spotify-client

If you have erro about the libcrypt, you can download the file and install:

LINK: https://mega.nz/#!eIdTnAyJ

DECRYPTION KEY: !3e1agLoQqskOq598gOq8PKMsuvh6sqqCBzNRTwIAayM


Start installation:
dpkg -i libgcrypt11_1.5.4-3_amd64.deb

For me normally i get this message erro :

The following packages have unmet dependencies:
 spotify-client : Depends: libssl1.0.0 but it is not installable
                  Recommends: libavcodec54 but it is not installable or
                              libavcodec-extra-54 but it is not installable
                  Recommends: libavformat54 but it is not installable
E: Unable to correct problems, you have held broken packages.

About this erro, i solved execute this configuration:
edit the file : /etc/apt/source.list
and add this line:
deb http://security.debian.org/debian-security jessie/updates main

After that execute apt-get update
and for finally execute: apt-get install spotify-client

HOW TO INSTALL SPOTIFY ON KALI LINUX 2.0 (SOLVED ERRO spotify-client : Depends: libssl1.0.0 but it is not installable)

ADD on repository : /etc/apt/sourcelist

deb http://repository.spotify.com stable non-free

after execute:

apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 94558F59

and execute:
apt-get update && apt-get install spotify-client

If you have erro about the libcrypt, you can download the file and install:

LINK: https://mega.nz/#!eIdTnAyJ

DECRYPTION KEY: !3e1agLoQqskOq598gOq8PKMsuvh6sqqCBzNRTwIAayM


Start installation:
dpkg -i libgcrypt11_1.5.4-3_amd64.deb

For me normally i get this message erro :

The following packages have unmet dependencies:
 spotify-client : Depends: libssl1.0.0 but it is not installable
                  Recommends: libavcodec54 but it is not installable or
                              libavcodec-extra-54 but it is not installable
                  Recommends: libavformat54 but it is not installable
E: Unable to correct problems, you have held broken packages.

About this erro, i solved execute this configuration:
edit the file : /etc/apt/source.list
and add this line:
deb http://security.debian.org/debian-security jessie/updates main

After that execute apt-get update
and for finally execute: apt-get install spotify-client

HOW TO PROTECT AGAINST RANSOMWARE - FREE (SOLVED)

So, today i came to share a great ideia to protect all windows hosts for any ransomware (current or new variant)

For users that don't have kaspersky antivírus is recommend install just this feature and finish.


https://go.kaspersky.com/Anti-ransomware-tool.html


Obs, this software have two great features that has on every protection kaspersky around world.




Set I accept the terms of the license agreement and next



Click on Yes, to accept.




Put the administrative user or a especify administrative user and next.




wait the process


After finished execute the setup.


Or click on your shortcut in desktop



After open click in setting or manage applications for change some options of work, how:

• Trace leve events,
• SelfDefense,
• Proxy Server ,

On manage application option, is available the category:
Blocked applications and trusted applications.

Normally this application will change every software que was detect some Threats. On this way you can change yourself.