Como programar PYTHON en HACKING DEFENSIVO y proteger tu ORDENADOR
Script Creation for Cyber Defense in Python
In this video, the speaker discusses creating a Python script focused on cyber defense. The script aims to perform operations against the power cell to identify potential hacking attempts and set up alerts for timely response.
Understanding Hacker's Actions
- When hackers breach a system, they typically establish persistence by creating backdoors and manipulating firewalls to ensure future access.
- Detecting hackers involves identifying their interactions with the system, leaving traces that can be monitored and mitigated promptly.
Developing an Alarm System in Python
- The goal is to create an alarm system using Python to detect specific operations occurring on the system.
- Setting up a virtual environment, creating a git ignore file, and initiating a Python file named "scan_events.py" are initial steps.
Implementing Event Scanning Functionality
- Importing the Win32evtlog library requires administrator permissions to access Windows security logs crucial for event monitoring.
- Creating a class with parameters for filtering events and defining event types like security logs enhances dynamic scanning capabilities.
Event Monitoring and Alert Generation
This section delves into enumerating critical events like service creation, user addition, log cleaning attempts, firewall operations, emphasizing alert mechanisms based on these activities.
Enumerating Key Events
- Listing significant events such as service creation, user manipulation, log modifications, firewall actions highlights potential threats triggering alerts within the script.
Establishing Log Connection Functions
- Defining functions to connect/disconnect from event logs and read events systematically ensures continuous monitoring of system activities.
- Utilizing Win32evtlog methods for reading events with defined parameters like handlers and offsets streamlines event capture processes.
Event Analysis and Response
- Employing loops to analyze captured events against predefined lists enables prompt identification of suspicious activities triggering error messages.
Encuentra Algo Sospechoso
In this section, the speaker discusses setting up a process to detect suspicious activities and receive alerts on the screen. They explain how to call this process from a task scheduler using a Main pun bat file.
Setting Up Detection Process
- When something suspicious is detected, it will notify us on the screen.
- To call this from a task scheduler, create a Main pun bat file and pass the Python executable from within the virtual environment.
- Copy and paste the content into the Main pun bat file.
Ejecutar Como Administrador
This part focuses on executing commands as an administrator and ensuring proper functionality of the created files.
Executing Commands
- Execute the cmd as an administrator for correct functioning.
- The events seen previously should display correctly when executed.
- Leave it in the task scheduler by pointing to the bat file, set recurrence, and it's ready to go.