From 87630d80b02899e86ed1f679b7b9b6b63a7d68eb Mon Sep 17 00:00:00 2001 From: Jet Hughes Date: Wed, 21 Sep 2022 11:24:30 +1200 Subject: [PATCH] vault backup: 2022-09-21 11:24:30 --- content/notes/10-web-db-networks.md | 9 +++++++ content/notes/13-pen-testing-2.md | 40 ++++++++++++++++++++++++++++- content/notes/blockchain.md | 8 ++++++ content/notes/cosc-203.md | 1 + 4 files changed, 57 insertions(+), 1 deletion(-) create mode 100644 content/notes/10-web-db-networks.md create mode 100644 content/notes/blockchain.md diff --git a/content/notes/10-web-db-networks.md b/content/notes/10-web-db-networks.md new file mode 100644 index 000000000..607de7a35 --- /dev/null +++ b/content/notes/10-web-db-networks.md @@ -0,0 +1,9 @@ +--- +title: "10-web-db-networks" +aliases: +tags: +- cosc203 +- lecture +--- + +[slides](https://blackboard.otago.ac.nz/bbcswebdav/pid-2971203-dt-content-rid-19033355_1/courses/COSC203_S2DNI_2022/COSC203_lecture10%281%29.pdf) diff --git a/content/notes/13-pen-testing-2.md b/content/notes/13-pen-testing-2.md index c16e6090b..1f35e2bca 100644 --- a/content/notes/13-pen-testing-2.md +++ b/content/notes/13-pen-testing-2.md @@ -97,5 +97,43 @@ deliberately place sofware where it will interact with attacks, somewhat resembl # Pen-Testing checking if system is secure. Simulated attacks of system to detect vulnerabilities +- specialised and technical +- often done by consultants +- mindset of attacker +- complements intrusion detection + - but proactive not reactive - \ No newline at end of file +## tools +- same tools as attackers +- develop own tools +- automate + - scripts + - dedicated hardware + - parrallel/dist attacks +- create new attacks + +## e.g., software +- nmap - network exploration tool + - scan ports + - reports finding + - os, version + - used to find vulnerabilities +- netcat/ncat interact with network services +- nessus +- hashcat - password cracking +- sqlmap (SQL database pen tester) + - find account with default passwords etc +- specialised pen-testing OS distribution + - e.g., blackbox linux + +## Phases +- reconnaissance (info gathering) (e.g., finding relevant ip addresses) +- scanning (e.g.,, nmap) + - which hosts are availale + - which ports + - etc +- gaining access (attack) + - may require sequenced attacks +- maintaining access (avoid detection) +- covering tracks (remove files, edit logs, change timestamps etc) +- diff --git a/content/notes/blockchain.md b/content/notes/blockchain.md new file mode 100644 index 000000000..7fc28daad --- /dev/null +++ b/content/notes/blockchain.md @@ -0,0 +1,8 @@ +--- +title: "blockchain" +aliases: +tags: + +--- + + diff --git a/content/notes/cosc-203.md b/content/notes/cosc-203.md index 980b12913..63a15f389 100644 --- a/content/notes/cosc-203.md +++ b/content/notes/cosc-203.md @@ -33,6 +33,7 @@ tags: - [07-js-server-vs-client-side](notes/07-js-server-vs-client-side.md) - [08-web-frameworks](notes/08-web-frameworks.md) - [09-web-databases-networks](notes/09-web-databases-networks.md) +- # Archive