#TestSecurity | Explore Tumblr posts and blogs

paarthbhasin · 6 years ago

Text

Week 7 Lecture

Under Construction

Diffie helman: The only way you can do this is by establishing a secret between the two parties.

DH approach: Sharing a secret, when people are near each other.

(5^3)^7 (....125) and (5^7)^3 (....125)

DH works. You think of a number and I think of a number.

x and 7. I tell you the base to my number. 5^7 = 78125

and you raise 5^(x) = 125

Its easy to guess the number if the base is small.

Secret key = 125

Both raise the secret to others secret, which is the same number - the secret key.

A vulnerability is a weakness in something, exploit takes advantage of that

What is the heap: Dynamic Programming, when the amount of space you need is not known at runtime. Can’t be put in a stack. We need to free the heap as programmers when we don’t need it anymore.

BUFFER OVERFLOW: Integer Overflow, integers are stored in a fixed amount of space. If you keep adding to the integer, it fills up all that space. It overflows.

printf() - It expects a variable number of arguments being passed. The first one is a format string. Its printed literally if it doesn’t have format string.

%s, %f,

%n - It writes to memory. Your print command does that. You can do that toget root access. Too hard to do this attack.

BREAK . . . . . . .

Example 1:

If the length is longer than expected,

Example 2:

Optimistic indent at the first if.

6-8 Lecture

BUG Bounty:Two types of website that offer bug bounty:

- Public

- private (need resume)

Look for publicly disclosed reports. A lot of these reports are public, and you can see what you can discover with them regarding bugs. If a bug has occured once, it has higher chance of occurring again. Teamwork is very important in bug finding.

- Like see stacktrace of bug.

Find the company,

review the scope,

find target via econ / background research,

Hit target and find vulnerability,

write a report,

submit the report to the company.

Hacker101 good place to start your journey on bugbounty.

Fuzzing:

Mutation based fuzzer

Generation type fuzzer, Aware of input structure

Aware of program structure vs not aware.

When is it effective?

Fuzzers are not precise than normal software tests. Its makes it more efficient because it is testing many things at once.

American Fuzzy Lops (AFL)

PENTESTING:

Authorised server hack on a computer system to find vulnerabilities.

penetration test is to identify weaknesses and strengths for full risk assessment.

Why would you conduct penetration tests.

Find vulnerabilities in system before releasing

Testsecurity controls

Sometimes thinking like an attacker is the best way to expose weaknesses

Practical uses of pentesting

Stages of pentesting

Recon

Planing

Exploitation

Post expoitation

Additional pentesting tools

metasploit

Burp

wireshark

Kali

NMAP

Open Source network scanner

Find open network ports

KALI

Information gathering

Vulnerability Analysis

METASPLOIT

Antivirus will go nuts with the installation. Add an exception.

LECTURE:

Stop MIM from happening:

I don’t know your public key.

PKI - Communicating using SSL,

To sign the certificate myself, I need to be the CA.

Trick the CA, fake the CA - www.gooooogle.com - check certificate whether I own it. I get certificate for www.goooooogle.com. Any CA will give me the certificate, because I��ll pay them.

0 notes