• 2 Posts
  • 6 Comments
Joined 1 year ago
cake
Cake day: October 18th, 2023

help-circle





  • I see. What I did for this incident specifically was to get a list of all the commands that were ran and of course, directly into the document, so it will be a template for future things but, I would like to make it more formal, as to something I can rely on completely, of course knowing that every incident is different, I would like to make some practices as to an incident or trying to reproduce a specific simple vulnerability.

    Perhaps I’m getting also ahead of myself, as there may be other things for pen testing or to implement environments like docker. I’m just thinking how it could be applied, like an org file that everyone can download and learn how this specific vulnerability is, and how can it be tried with curl against a specific environment also made in the org mode file, in this case the guix command for a container.

    Is this possible with Distros like Debian or Redhat?, in which case I would go for the most faster and simplest route, as I’m not sure if I want this just as a study for me (and having these tests available open source) or it can actually be used for something on the field.

    I haven’t heard about serverspec nor Inspec, I will read about them.

    Its a little hard to get my head around your stack yet, I really appreciate your response.