Week 2
Good Faith Policy
“These courses expects a high standard of professionalism from its students with regard to how security testing is conducted. We expect all students to act in good faith at all times […]”
TL;DR Don’t be mean
Challenges
How did you find last week’s challenges
not that you had any.
Bonus Marks
There are bonus marks available for this course.
- CS6443 doing CS6843 challenges - ⌛ pending…
- Presentations
- Challenge walkthroughs (0.5 bonus marks)
- Maximum of 2 bonus marks
- 🔥🔥🔥? maybe an extra mark 👀
Need a Shell?
Free Credits
- AWS via GitHub Education
- Google Cloud Platform
Reports
- Group Project
- Business Report
- Common Vulnerability Scoring System (CVSS)
- Common Vulnerabilities and Exposures (CVE)
- Other vulnerability frameworks
- NIST
- OCTAVE
- …
- or make your own
‘Example’ report * cough *
Enumeration
DNS
- Domain Name System (DNS)
mywebsite.com->1.2.3.4- DNS over HTTPS (DoH)
DNS Enumeration
- nslookup, dig, …
- Google it! -
site:* - DNS Dumpster
- Wolfram Alpha
- subbrute, sublist3r, dnsrecon, amass, …
Website Sources
and HTTP Responses
You don’t see everything that your browser receives!
File / Directory Enumeration
⚠️ Warning ⚠️
- Directory Enumeration is an active recon process. Your activity can/will be tracked.
- RATE LIMIT YOUR REQUESTS
Write your own enumeration script!
Demo: A basic GET/POST repeater
Word List? github:danielmiessler/SecLists
Some automated tools…
again. pls pls plssss rate limit
- dirb
- gobuster
- dirbuster
Just a note…
“N.B. Both sub-domain enumeration and sub-directory brute-forcing are discouraged and will not assist you in these challenges. However, you may be find it useful to enumerate IDs or passwords."
Source: Topic 2 Challenge Outline
Activity
10 minutes to create a 3-5 presentation
- what, why, how, etc -
Topics
- HTTP status codes
- HTTP headers
- Secure Cookie Sessions
- JSON Web Token (aka JWT)
- Or up to you!
(This doesn’t count towards bonus marks btw)
Deliverables
- This week’s challenges due Week 3 Sunday 23:59pm
- Report