auditd VS PEASS-ng

Lastly, by using the “Linux Auditing System” the system administrator can investigate what happens in the system for the purpose of debugging or in case of a security incident. We can also use the “auditctl” utility get/add/delete rules as part of Linux's kernel audit system (https://linux.die.net/man/8/auditctl). Also, there are great examples for “audit.rules” in GitHub (one example is https://github.com/Neo23x0/auditd/blob/master/audit.rules).

2) There are many opensource solutions, and you hit on all the important ones. Think creativitly, and test all your controls. hit your boxes with Metaspoilt and atomic redteam. These tools will help you verify that you have the proper controls in place, and that you are able to detect attacks (successful, and failed). Run auditd with Florian Roth's rule set on your linux boxes (https://github.com/Neo23x0/auditd/blob/master/audit.rules ), and sysmon (https://github.com/olafhartong/sysmon-modular) on windows.

Linux: AuditD with customized configurations script for your environment

However, the auditd repo from Florian Roth is like a golden standard for auditd config.

Enabled auditd - with the rules from - https://github.com/Neo23x0/auditd

I don't think that the addon can do this for you. But, as a good start, check out Florian Roths auditd config (https://github.com/Neo23x0/auditd).

Once on a system, something like Linpeas or Winpeas would be useful: https://github.com/carlospolop/PEASS-ng

Reject internet, embrace man. TBH it is not usefull at all, it is just in manual or embedded in kali, like basic webshells for example. It is cool to do such thing as a little free time project to learn about hosting and developing a website, but usefulnes for broader audience is minimal I think. For everyday use https://book.hacktricks.xyz are the best in my opinion.

I'm taking my OSCP exam next Wednesday and was just wondering on what tools are actually prohibited and which are not. I'm specifically referring to linpeas, winpeas, seatbelt. I often times run these tools when I've exausted my enumeration methods for a quick find. Are these tools allowed on the AD set and the individual machines?

Seems like a cart before horse situation. Why not just release the cheat sheet you have now and see how it does? I like Carlos Polop's approach with HackTricks -- https://book.hacktricks.xyz/ -- he offers previews of new content to his patrons.

Hi I don't understand the self.files attribute in this code: https://github.com/carlospolop/PEASS-ng/blob/master/linPEAS/builder/src/fileRecord.py

I'd recommend poking around at github and see what you find. A good starting point is WinPEAS if you're looking for automation. Seatbelt might also be helpful

Using linpeas I found some useful information over the user steven