Scribd
Upload
33 views

notes

The document provides an overview of various cybersecurity concepts, including types of attacks, vulnerabilities, and security measures. It discusses the OWASP Top 10 vulnerabilities, data encryption methods, and the importance of secure coding practices. Additionally, it covers aspects of penetration testing and vulnerability assessment tools like Nessus.

Uploaded by

B R GAMER
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
33 views

notes

The document provides an overview of various cybersecurity concepts, including types of attacks, vulnerabilities, and security measures. It discusses the OWASP Top 10 vulnerabilities, data encryption methods, and the importance of secure coding practices. Additionally, it covers aspects of penetration testing and vulnerability assessment tools like Nessus.

Uploaded by

B R GAMER
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 5

Notes:

jeopardy => challenge at any catego

attack - def => secure and attack

writeup => step by step slove for a ctf or bb , you need to read more writeups =>
medium website

ctf = problem solving

download seclist => sudo apt install seclists

cybersec domains :

1- network sec
2- app sec
3- server sec (prevent ddos and so)
4- hardware sec if lost/stolen
5- endpoint sec(clients/pc)
6- physical sec

tcp => 3 way hand shake (syn, syn ack, ack)

dos types:

volumetric ping of death

protocol dos : sync flooding

app dos : http get/post

attack and vuln:

vuln => weakness

social eng => attack , vuln => unawear ppl

exploit => how to siez the vuln

server side exploit : local => sys access and privesc


remote : over the network

client side exploit : by social eng and user interaction

ransomeware => encrept and demand fee, can infect endpoints and servers

wannacry encrypt and search for a vuln in SMB (enternal blue) if found then he
spread

ddos (is dos but preformed by botnets (ppl have been hacked(trojan) to dos a
server))

attacker control botnet using C&C command and control

botnet is a collection of zombies

every zombie has a bot inside on him is called bot


malwares are made with C

ddos mitigetor => hardware to prevent ddos

MITM: attacker intercept the trafic between to devices

phishing :> mails to gain access by convincing ppl , social engineering=> 1. human
based 2. electronic based

===================================================================================
==============================================

data encryption:

cryptography => confidentiality(keeping data secure), integrity (keeping data from


unauth change),auth

crypto transform plaintext to ciphertext

crypto :
encryption
1- plaintext -(encryption key)-> ciphertext example of encryption => xor method
decryption:
reverse operation

cipher (encryption algo)

you need a key to decrypt

fix apt install :https://ourcodeworld.com/articles/read/961/how-to-solve-kali-


linux-apt-get-install-e-unable-to-locate-package-checkinstall

arp posining (MITM)

^p replaces enter key

symmatric enc is when the sender and reciver use the same key for enc and dec
(private key crypto)
asymmetric crypto (public key crypto)

cieasr cipher is a shift in alphabets by a spacific amount (called a key)

hashing is a function that produce the same out givin the same in (md5,sha,argon2)

change a user password:

passwd <username> {if left with no username it will change the current user
password} (requires perm)

hashing is a one way function that takes input and return fixed output
hashing y722 integrety check

hashing types :

MD2
MD5
SHA1
SHA256
CRC32

hash clacs are calculators that provid the hash for any text or files

hash used in crypto currency, blockchain, malware identification

hash cracking : u have a word that u think will match > you hash it with the same
type of the hash u wanna crack > compaire them if they match its correct (could be
more than one word to try (dict attack))

johntheripper => wordlist, bruteforce for hash cracking


===============================================================
OWASP top 10 :
best teq => balanced approch
1-injection: ex:command injection/

A-sql injection(select * from x when username=ahmed and password=123

infected :
--(input user = ahmed"--)
select * from x when username="ahmed"-- " and password="123")

this is one of million methods search sql injection sheetcheat


2-Broken-auth
3-senstive data exposure
4-Xml external entites(ْْْ
XXE)
5-Broken access control
6-security misconf
7-Cross site scripting XSS
8-cross site request frogery CSRF
9-Server side request frogery SSRF

Cookies:

Saves info: small data sent from website to remember data


important in http header and can store many data

cookie session
on clinet site server side
live longer expire on closing browser
even if browser closed
less secure more secure
store strings store objects

cookie format:
Cookie: PHPSSID:6a6sx48awfa468; role=support

this cookie is vuln bc after loging in as a sub u can change the role as admin and
get admin prev

Cookie: PHPSSID:6a6sx48awfa468; role=admin

and boom ur admin

JavaScript can create, read, and delete cookies with the document.cookie property.
With JavaScript, a cookie can be created like this:

document.cookie = "username=user expires=Thu, 18 Dec 2013 12:00:00 UTC; path=/";

OWASP top ten 2021:

A01:2021-Broken Access Control moves up from the fifth position; 94% of


applications were tested for some form of broken access control. The 34 Common
Weakness Enumerations (CWEs) mapped to Broken Access Control had more occurrences
in applications than any other category.
A02:2021-Cryptographic Failures shifts up one position to #2, previously known as
Sensitive Data Exposure, which was broad symptom rather than a root cause. The
renewed focus here is on failures related to cryptography which often leads to
sensitive data exposure or system compromise.
A03:2021-Injection slides down to the third position. 94% of the applications were
tested for some form of injection, and the 33 CWEs mapped into this category have
the second most occurrences in applications. Cross-site Scripting is now part of
this category in this edition.
A04:2021-Insecure Design is a new category for 2021, with a focus on risks related
to design flaws. If we genuinely want to “move left” as an industry, it calls for
more use of threat modeling, secure design patterns and principles, and reference
architectures.
A05:2021-Security Misconfiguration moves up from #6 in the previous edition; 90% of
applications were tested for some form of misconfiguration. With more shifts into
highly configurable software, it’s not surprising to see this category move up. The
former category for XML External Entities (XXE) is now part of this category.
A06:2021-Vulnerable and Outdated Components was previously titled Using Components
with Known Vulnerabilities and is #2 in the Top 10 community survey, but also had
enough data to make the Top 10 via data analysis. This category moves up from #9 in
2017 and is a known issue that we struggle to test and assess risk. It is the only
category not to have any Common Vulnerability and Exposures (CVEs) mapped to the
included CWEs, so a default exploit and impact weights of 5.0 are factored into
their scores.
A07:2021-Identification and Authentication Failures was previously Broken
Authentication and is sliding down from the second position, and now includes CWEs
that are more related to identification failures. This category is still an
integral part of the Top 10, but the increased availability of standardized
frameworks seems to be helping.
A08:2021-Software and Data Integrity Failures is a new category for 2021, focusing
on making assumptions related to software updates, critical data, and CI/CD
pipelines without verifying integrity. One of the highest weighted impacts from
Common Vulnerability and Exposures/Common Vulnerability Scoring System (CVE/CVSS)
data mapped to the 10 CWEs in this category. Insecure Deserialization from 2017 is
now a part of this larger category.
A09:2021-Security Logging and Monitoring Failures was previously Insufficient
Logging & Monitoring and is added from the industry survey (#3), moving up from #10
previously. This category is expanded to include more types of failures, is
challenging to test for, and isn’t well represented in the CVE/CVSS data. However,
failures in this category can directly impact visibility, incident alerting, and
forensics.
A10:2021-Server-Side Request Forgery is added from the Top 10 community survey
(#1). The data shows a relatively low incidence rate with above average testing
coverage, along with above-average ratings for Exploit and Impact potential. This
category represents the scenario where the security community members are telling
us this is important, even though it’s not illustrated in the data at this time.

client side : XSS CSRF cookie/session


server side : DOS Dir Traversal(../../../../../etc/passwd (no control)) RCE
LFI/RFI(local/remote file inclution)

pen testing: info gathering(passive/active) 2. enum(scaning) 3. exploit 4. post


exploit enum 5. priv esc 6. rep

Vuln assessment : nessus

You might also like