Today was all about security hardening across different systems like Linux, Windows, networks, and Active Directory.
I started with Linux by reviewing iptables and learning about nftables.
In simple terms, nftables is a modern replacement for iptables that simplifies firewall configuration and improves performance.
I also learned about safer ways to manage administrative access. Instead of using the root account directly, it’s better to create a dedicated admin account and add it to the sudoers group. To secure unused local accounts, I edited the /etc/passwd file and set their login shell to /sbin/nologin. This is especially important for service accounts that don’t need interactive access.
I’m more familiar with Windows, so some parts felt easier. One key component I reviewed was User Account Control (UAC). UAC improves security by ensuring applications and services run with minimal privileges unless explicitly elevated. This helps prevent malware from causing serious harm or gaining higher-level access without user consent.
I’m still getting more comfortable with tools like the Local Policy Editor, Group Policy Editor, and regedit. I now understand that regedit allows access to the Windows Registry, which stores low-level settings for the OS and installed applications.
I went further by doing two optional labs, focusing on Active Directory, something I’ve always wanted to understand better. Although I grasp the concepts of trees and forests, it still feels like there’s a lot going on.
I’ve used tools like Active Directory Users and Computers, Server Manager, and Domains and Trusts, but I’d love to see a real-world example of how Active Directory is used on a day-to-day. I understand it helps with centralized user and resource management, but beyond setup and occasional updates, its ongoing role still feels a bit abstract.
The networking lab was more comfortable for me since I’ve done some Cisco work during a CCNA course on Udemy. This lab used a GUI for configuring the network, which made things more intuitive. One new thing I learned was about initscripts, which are used to start and stop services on older Linux systems.
To wrap up the day, I teamed up with Mathieu and Adil to tackle a couple of CTF challenges.
The command injection exercise taught me how inputs like 127.0.0.1 can look innocent but be used as a decoy. For example, entering 127.0.0.1; whoami tricks the system into executing an additional command.
In the HTML injection challenge, I learned how an attacker can use elements like <iframe> to embed another webpage inside the current one, potentially leading to phishing or malicious content injection.
This topics weren’t very easy to me because I feel like Web pentesting is my weakness. I had a few lessons about cookies and when to look for Javascript from Mathieu. We were up until 8 PM. It was a nice lecture and I realised I have a lot more learning to do.
