by frank | Jun 28, 2019 | Palo Alto
Reading Time: < 1 minuteet cli config-output-format setconfigureshow================================set cli config-output-format setset cli terminal width 500set cli scripting-mode onpaste your configcommit ====================show counter global filter delta...
by frank | Jun 28, 2019 | Palo Alto
Reading Time: < 1 minuteWarning, only mid to high end models 3xxx, 5xxx ou 7xxx support prempt LACP en HA A/PThis means, that for example 820 in HA mode with LCAP link can take roughly up to 40seconds to failover due to LACP negotiation time with the switches...
by frank | Jun 28, 2019 | Palo Alto
Reading Time: < 1 minuteshow all user attributes : show user user-attributes user allDump domain to ID mappings : debug user-id dump domain-id-table domain allshow content of IDMGR : debug user-id dump idmgr type user all debug user-id reset user-id-manager type...
by frank | Jun 28, 2019 | Palo Alto
Reading Time: < 1 minutein very old PANOS version the default Master Key = p1a2l3o4a5l6t7o8 Encryption = AES-256 This was later changed to AES CBC mode with salt = md5(“pannetwork”) =...
by frank | Jun 28, 2019 | Palo Alto
Reading Time: < 1 minuteA good site to test the regex : https://regexr.com/ Event Regex: ‘An account was successfully logged on.’Username Regex: ‘Account Name: ([^-][a-zA-Z0-9-\._]+) ‘ ( this takes out the machines as they finish by...
by frank | Jun 28, 2019 | Palo Alto
Reading Time: < 1 minuteBy default the encryption method is a MD5 Salt encryption. (Same as old Linux easyily recognized by $1$AAA$BBB where AAA is the Salt and BBB is the hash).Therefor bruteforce is possible with tools like John or Hashcat (type 500).Only when it...
by frank | Jun 28, 2019 | Debug, Palo Alto
Reading Time: < 1 minuteWhen doing Credential Theft feature using the UserID information. From Uadebug files we see a lot of denied access.The following needed doing : dsmgmt.exelocal rolesadd MYDOMAIN\my_serv_user administratorsOriginal...
by frank | Jun 28, 2019 | Palo Alto
Reading Time: < 1 minuteadmin / adminconfigureset deviceconfig system ip-address 10.1.1.1 netmask 255.255.255.0 default-gateway 10.1.1.2 dns-setting servers primary 4.2.2.2commitexit show interface managementShow stats for interfaces :...
by frank | Jun 28, 2019 | Blue Team, Security, Windows
Reading Time: < 1 minuteLLMLR : Disable WPAD can be changed in Group Policy via the Services setting under ComputerConfiguration > Policies > Windows Settings > Security Settings > System Services and by disabling the WinHTTP WebProxy Auto-Discover...
by frank | Jun 25, 2019 | Linux, Security
On Linux, the issue is that if you want a process to listen to a lower port (<1024), then it needs to be run as root. You can circumvent this by running on http as a high port and redirect this high port to port 80. Example in config file : Listen 8080And...
Recent Comments