Linux Infosec Professionals Comptia

Or log in to access your purchased courses

Linux For InfoSec Professionals 

Getting started with Linux
Linux file system and basic commands
Log parsing & malware analysis
Nmap NSE Scripting (using and writing your own NSE scripts)
Scapy (using and writing your own scapy scanning scripts)
Metasploit auxilliary and post modules

Linux+ Exam Prep 

CompTIA Linux+ covers common tasks in major distributions of Linux, including the Linux command line, basic maintenance, installing and configuring workstations, and networking. Linux+ is comprised of two exams – LX0-103 and LX0-104. Candidates must pass LX0-103 before taking LX0-104. 

Course By

Joseph McCray


C1L1: InfoSecAddicts Intro to Linux & Comptia Linux+

Author: Joseph McCray

VMWare For this workshop, you'll need the latest version of VMWare Workstation (Windows), Fusion (Mac), or Player. Although you can get the VM to run in VirtualBox, I will not be supporting this configuration for this class. you can go to the following link and download and create your own virtual machine. username: [...]

C1L3: Files

Author: Joseph McCray

FILES   cd ~ pwd ls cd LinuxBasics pwd cd ~ pwd cd LinuxBasics ls mkdir files cp one files/ ls files/ cd files/ cp ../two . ls cp ../three . ls tar cvf files.tar * ls gzip files.tar ls rm -rf one two three ls tar -zxvf files.tar.gz rm -rf files.tar.gz sudo apt install [...]

C1L4: VIM Demo

Author: Joseph McCray

VIM DEMO cd ~ sudo apt install -y vim infosecaddicts cd LinuxBasics mkdir vimlesson cd vimlesson vi i(press "i" to get into INSERT mode and then paste in the lines below) #!/bin/bash echo "This is my first time using vi to create a shell script" echo " " echo " " echo " " [...]

C1L5: Permissions

Author: Joseph McCray

PERMISSIONS   We can determine a lot from examining the results of this command. The file "one" is owned by user "me." Now "me" has the right to read and write this file. The file is owned by the group "me." Members of the group "me" can also read and write this file. Everybody else [...]

C1L6: Process Management

Author: Joseph McCray

PROCESS MANAGEMENT   You can list all of the signals that are possible to send with kill by typing: kill -l sudo kill -HUP pid_of_apache   The pkill command works in almost the same way as kill, but it operates on a process name instead: pkill -9 ping The above command is the equivalent of: [...]

C1L7: MD5 Hashing Demo

Author: Joseph McCray

MD5 HASHING DEMO cd ~/LinuxBasics mkdir hashdemo cd hashdemo echo test > test.txt cat test.txt md5sum test.txt echo hello >> test.txt cat test.txt md5sum test.txt cd ..

C1L8: Symmetric Key Encryption Demo

Author: Joseph McCray

SYMMETRIC KEY ENCRYPTION DEMO cd ~/LinuxBasics mkdir gpgdemo cd gpgdemo echo test > test.txt cat test.txt gpg -c test.txt password password ls | grep test cat test.txt cat test.txt.gpg rm -rf test.txt ls | grep test gpg -o output.txt test.txt.gpg cat output.txt

C1L9: Asymmetric Key Encryption Demo

Author: Joseph McCray

Configure random number generator sudo apt install -y rng-tools infosecaddicts sudo /etc/init.d/rng-tools start sudo rngd -r /dev/urandom infosecaddicts echo hello > file1.txt echo goodbye > file2.txt echo green > file3.txt echo blue > file4.txt tar czf files.tar.gz *.txt gpg --gen-key 1 1024 0 y John Doe [email protected] --blank comment-- O password password gpg --armor [...]

C1L10: Encryption using OpenSSL

Author: Joseph McCray

ENCRYPTION USING OPENSSL openssl genrsa -out private_key.pem 1024 openssl rsa -in private_key.pem -out public_key.pem -outform PEM -pubout echo hello > encrypt.txt openssl rsautl -encrypt -inkey public_key.pem -pubin -in encrypt.txt -out encrypt.dat cat encrypt.dat rm -rf encrypt.txt ls openssl rsautl -decrypt -inkey private_key.pem -in encrypt.dat -out decrypt.txt cat decrypt.txt

C1L12: Log Analysis with Linux command-line tools

Author: Joseph McCray

LOG ANALYSIS The following command line executables are found in the Mac as well as most Linux Distributions. cat – prints the content of a file in the terminal window grep – searches and filters based on patterns awk – can sort each row into fields and display only what is needed sed – performs [...]

C1L11: Secure File/Folder Deletion

Author: Joseph McCray

SECURE FILE/FOLDER DELETION sudo apt install -y secure-delete wipe wget file tcpip.pdf sudo srm tcpip.pdf wget shred tcpip.pdf wget wipe tcpip.pdf

C1L13: Cisco Logs

Author: Joseph McCray

CISCO LOGS wget AWK Basics To quickly demonstrate the print feature in awk, we can instruct it to show only the 5th word of each line. Here we will print $5. Only the last four lines are being shown for brevity. cat cisco.log | awk '{print $5}' | tail -n 4 - Looking at [...]

C1L14: The Scenario

Author: Joseph McCray

You've come across a file that has been flagged by one of your security products (AV Quarantine, HIPS, Spam Filter, Web Proxy, or digital forensics scripts). The fastest thing you can do is perform static analysis. Static Analysis cd Desktop/ wget unzip infected file wannacry.exe mv wannacry.exe malware.pdf file malware.pdf mv malware.pdf wannacry.exe [...]

C1L15: Tired of GREP – let’s try Python

Author: Joseph McCray

Decided to make my own script for this kind of stuff in the future. I Reference1: This is a really good script for the basics of static analysis   Reference: This is really good for showing some good signatures to add to the Python script. Here is my own script using the signatures [...]

C1L16: Yara Ninja

Author: Joseph McCray

YARA NINJA cd ~/Desktop sudo apt-get remove -y yara sudo apt -y install libtool wget unzip cd yara-3.6.0 ./ ./configure make sudo make install yara -v cd ~/Desktop   NOTE: McAfee is giving these yara rules - so add them to the hashes.txt file Reference: rule1.yar rule wannacry_1 : ransom { meta: author [...]

C1L17: External DB Lookups

Author: Joseph McCray

Creating a malware database (sqlite) sudo apt install -y python-simplejson python-simplejson-dbg wget python -f wannacry.exe -e Analysis of the file can be found at:

C1L18: Creating a Malware Database

Author: Joseph McCray

Step 1: Installing MySQL database Run the following command in the terminal: sudo apt install -y mysql-server infosecaddicts Step 2: Installing Python MySQLdb module Run the following command in the terminal: sudo apt install -y python-mysqldb infosecaddicts Step 3: Logging in Run the following command in the terminal: mysql -u root -p (set a password [...]

C1L19: Linux For InfoSec Homework

Author: Joseph McCray

In order to receive your certificate of attendance, you must complete the all of the quizzes on the website. Submit the results via email in an MS Word document with (naming convention example: YourFirstName-YourLastName-Linux-For-InfoSec-Homework.docx)

C1L20: Linux For InfoSec Challenge

Author: Joseph McCray

In order to receive your certificate of proficiency you must complete all of the tasks covered in the Linux For InfoSec pastebin ( Submit the results via email in an MS Word document with (naming convention example: YourFirstName-YourLastName-Linux-For-InfoSec-Challenge.docx) IMPORTANT NOTE: Your homework/challenge must be submitted via email to both (joe-at-strategicsec-.-com and kasheia-at-strategicsec-.-com) by Sunday July [...]