Reconnaissance: logs - Paiet/Tech-Journal-for-Everything GitHub Wiki

  • Log review
    • Linux: /var/log
    • Windows: Event Viewer
      • Application logs
        • various logs from programs/applications
      • Security logs
        • login events
        • resource and rights usage
        • file created/opened/deleted
      • Setup logs
        • Created during application installation/setup
      • System logs
        • Events from Windows components
      • ForwardedEvents logs
        • events from remote computers
        • Not setup by default
          • Must be configured
  • Router/firewall ACLs review
    • Discover what is being protected
    • Look for possible loopholes
    • May discover other devices/hosts
    • Must know the difference in firewall logs from different vendors
      • Cisco
      • Palo Alto
      • CheckPoint
    • Also good for finding Unauthorized use