vault backup: 2022-09-21 11:24:30

content/notes/10-web-db-networks.md

@@ -0,0 +1,9 @@
+---
+title: "10-web-db-networks"
+aliases: 
+tags: 
+- cosc203
+- lecture
+---
+
+[slides](https://blackboard.otago.ac.nz/bbcswebdav/pid-2971203-dt-content-rid-19033355_1/courses/COSC203_S2DNI_2022/COSC203_lecture10%281%29.pdf)

content/notes/13-pen-testing-2.md

@@ -97,5 +97,43 @@ deliberately place sofware where it will interact with attacks, somewhat resembl
 
 # Pen-Testing
 checking if system is secure. Simulated attacks of system to detect vulnerabilities
+- specialised and technical
+- often done by consultants
+- mindset of attacker
+- complements intrusion detection
+	- but proactive not reactive
 
+## tools
+- same tools as attackers
+- develop own tools
+- automate
+	- scripts 
+	- dedicated hardware
+	- parrallel/dist attacks
+- create new attacks
 
+## e.g., software
+- nmap - network exploration tool
+	- scan ports
+	- reports finding
+		- os, version
+		- used to find vulnerabilities
+- netcat/ncat interact with network services
+- nessus
+- hashcat - password cracking
+- sqlmap (SQL database pen tester)
+	- find account with default passwords etc
+- specialised pen-testing OS distribution
+	- e.g., blackbox linux
+
+## Phases
+- reconnaissance (info gathering) (e.g., finding relevant ip addresses)
+- scanning (e.g.,, nmap)
+	- which hosts are availale
+	- which ports
+	- etc
+- gaining access (attack)
+	- may require sequenced attacks
+- maintaining access (avoid detection)
+- covering tracks (remove files, edit logs, change timestamps etc)
+- 

content/notes/blockchain.md

@@ -0,0 +1,8 @@
+---
+title: "blockchain"
+aliases: 
+tags: 
+
+---
+
+

content/notes/cosc-203.md

@@ -33,6 +33,7 @@ tags:
 - [07-js-server-vs-client-side](notes/07-js-server-vs-client-side.md)
 - [08-web-frameworks](notes/08-web-frameworks.md)
 - [09-web-databases-networks](notes/09-web-databases-networks.md)
+- 
 
 # Archive