smss.exe (session manager):- Responsible to create sessions. Session 0 creates OS services and starts csrss.exe and wininit.exe. Session 1 creates user session and starts csrss.exe and winlog.exe. Loads (its location is ) in shared memory and Locations. Executable Path: %SystemRoot%\System32\smss.exe Parent Process: System Username: NT AUTHORITY\SYSTEM (S-1–5–18) Base Priority: 11 Time of Execution…

Nmap Scans Filters to detect nmap scans:

Continuing with wireshark features:- Statistics: provides multiple statistics options to help users see the big picture in terms of the scope of the traffic, available protocols, endpoints and conversations, and specific protocols. Resolved Addresses:- It helps analysts identify IP addresses and DNS names. Statistics → Resolved Addresses Protocol Hierarchy This option breaks down all available protocols from the…

wireshark is a traffic analyzer it could be used as:- Detecting and solving network problems 2. Detecting security anomalies 3. Investigating and learning protocols details. NOTE: wireshark is not an IDS, and not modify the packets, it just reads them, and the analysist who will discover the anomalies and this…

Creating stable shell sudo python3 -c ‘import ptty;pty.spawn(“/bin/bash”)’ export XTERM = term ctrl + z stty raw -echo; fg

· Right-click the Immunity Debugger icon on the Desktop and choose “Run as administrator”. · Open the executable file in Immunity Debugger and run it. · Run !mona config -set workingfolder c:\mona\%p · Run the fuzzer.py …

1- Metasploit: - After exploiting one machine and get the meterpreter for it run the following commands:- 1- Run autoroute -r target_ip_network 2- Run post/windows/arp_scanner target_ip_networkà to see the reachable active hosts. 3- Use /auxiliary/server/socks à to open proxy channel. 4- Then use proxychains in the attacking machine to run…

Tools and commands used in PTPs’ Labs. Process Explorer:- uses to analyze the processes that run on Windows OS and check what techniques are used to mitigate the BOF attack. Lab1 :- 1* python3 -m http.server 8080:- makes the device work as a http server. So, the folders and files will be public and can be accessed by: http://ethernet_ip:8080 of that device. ـــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــ

1* Architecture Fundamentals:- CPU is used to execute the machine codes of programs. The machine code is in hexadecimal. Then, it is translated to Assembly language or mnemonic. It is a readable language. Netwide is an example of an assembly language. Every CPU has its own ISA Instruction Set Architecture. …