Week 2
Good Faith Policy
“These courses expects a high standard of professionalism from its students with regard to how security testing is conducted. We expect all students to act in good faith at all times […]”
TL;DR Don’t be mean
Challenges
How are you finding the challenges?
Bonus Marks
There are bonus marks available for this course.
- Challenge walkthroughs (0.5 bonus marks)
- Maximum of 2 bonus marks
- 🔥🔥🔥? maybe an extra mark 👀
Need a Shell?
Free Credits
- AWS via GitHub Education
- Google Cloud Platform
Reports
- Group Project
- Business Report
- Common Vulnerability Scoring System (CVSS)
- Common Vulnerabilities and Exposures (CVE)
- Other vulnerability frameworks
- NIST
- OCTAVE
- …
- or make your own
‘Example’ report * cough *
Authentication vs Authorisation
authentication!= authorisation
- Authentication - Who am I?
- Authorisation - What can I do?
SMS 2FA (is bad)
SMS isn’t a very secure system…
(at all)
- Physical phone theft
- Phone number forwarding
- Phone number porting
- SIM replacement
Website that use 2FA SMS are bad.
But other 2FA methods can be inconvenient…
- Email verification
- OTP
inconvenient ~= sorta safer…
👀 More Recon
Last week: DNS recon
DNS recon isn’t the only way of reconnaissance…
Website Sources
and HTTP Responses
You don’t see everything that your browser receives!
File / Directory Enumeration
⚠️ Warning ⚠️
- Directory Enumeration is an active recon process. Your activity can/will be tracked.
- RATE LIMIT YOUR REQUESTS
Write your own enumeration script!
Demo: A basic GET/POST repeater
Word List? github:danielmiessler/SecLists
Some automated tools…
again. pls pls plssss rate limit
- dirb
- gobuster
- dirbuster
Just a note…
“N.B. Both sub-domain enumeration and sub-directory brute-forcing are discouraged and will not assist you in these challenges. However, you may be find it useful to enumerate IDs or passwords."
Source: Topic 2 Challenge Outline
Activity
10 minutes to create a 3-5 presentation
- what, why, how, etc -
Topics
- HTTP status codes + headers
- Secure Cookie Sessions
- JSON Web Token (aka JWT)
- One Time Password for 2FA
- A comparison of hash functions (i.e. SHA1, MD5, …)
- Or up to you!
(This doesn’t count towards bonus marks btw)
Deliverables
- Week 1 challenges due Week 2 Sunday 23:59pm (THIS SUNDAY)
- Week 2 challenges due Week 3 Sunday 23:59pm
- Report