Namish namishelex01

## Learn Exploit Development - 1
[Learning Exploit Development from fuzzysecurity.com]
Tools Needed:-
> Immunity debugger
> Mona.py
> Pvefindaddr.py
> Metasploit
> Virtual Box

Overflows to play with:-
1. Buffer overflow - A memory location receives more data than it was meant to

## Shellcode-Introduction
[This is the gist version of the wiki page of Shellcode.]
[For elaborated explaination, please visit:- en.wikipedia.org/wiki/Shellcode]
SHELLCODE is a small piece of code used as the payload in the exploitation of a spftware vulnerability
Its called shellcode because it typically starts a command shell from which attacker can control the compromised machines
TYPES:
  Local - Used by attacker who has limited access to a machine but can exploit a vulnerability
  Remote - Used to target a remote machine, if the shellcode establishes the connection, it called reverse-shell or connect-back shell.
           If attacker establishes the connection, shellcode is called bindshell because it binds certain port of victim's machine
  Download & execute - Type of remote shellcode that downloads and executes some form of malware on target system
  Staged - When amount of data that an attacker can inject into the target process is too limited to execute useful shellcode directly, it may be possible to execute it in stages

## Deep-Diving-Bluetooth
Bluetooth technology
> bluetooth basic rate/enhanced data rate
 >> High speed
> Low energy
> Attribute protocol/ generic attribute profile

------------
V2.1 - 2007 + EDR | secure device pairing by button press
V3.0 - 2009 + HS | MAC/PHY
V4.0 - 2010 + LE

## cissp_notes.md

      
              1 file
            
          
              6 forks
            
          
              0 comments
            
          
              3 stars
            
          
                namishelex01
                / cissp_notes.md
            
            
              Created
              July 3, 2018 12:52
                — forked from penafieljlm/cissp_notes.md
            
              
                Personal CISSP Study Notes
              
          
    CISSP Notes

CIA Triad


Confidentiality

Resources should be protected from unauthorized access
Prioritized by governments
Concepts

Sensitivity

How harmful is disclosure


Discretion


## WMIC Commands List
Wmic syntax - [global switches] <command>

The following global switches are available:
--------------------------------------------------------------------------
/NAMESPACE	NAMESPACE - Path for the namespace the alias is to operate against. Namespaces are always relative i.e. if the namespace does not begin with a '\\' it will be assumed to be relative to the current namespace.

USAGE:

	/NAMESPACE:<namespace>
--------------------------------------------------------------------------

## DNS
Introduction

> Distributed DB used by TCP/IP applications to map bt Hostnames & IP addrs and provide email routing information

> Why DNS? An app must convert hostname->IP addr before it can as TCP/UDP to, open connection/send datagram

> Access to DNS is through a "Resolver", its a part of application not OS

> UNIX hosts has two library functions
	- gethostname(3)	: Hostname -> IP addr

## Linux Abuse - I
Enumeration is the key.
(Linux) privilege escalation is all about:
Collect - Enumeration, more enumeration and some more enumeration.
Process - Sort through data, analyse and prioritisation.
Search - Know what to search for and where to find the exploit code.
Adapt - Customize the exploit, so it fits. Not every exploit work for every system "out of the box".
Try - Get ready for (lots of) trial and error.

 Operating System
What's the distribution type? What version?

## NMap
~~~~~Port Scanning~~~~~


| Discovery scans |
-sP   -   Ping           | -sW  -  Window Scan   |
-sL   -   List/DNS Scan  | -sA  -  ACK Scan      |
-sO   -   Protocol Scan  | -sR  -  RPC Scan      |
-sV   -   Verify***      | -sI  -  Idle Scan     |
-sU   -   UDP Scan***    | -sV  -  Version Scan  |

## xss-owasp-cheatsheet
#
# https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet
# based on the RSnake original http://ha.ckers.org/xss.html
# Retrieved on 2013-11-20
# Much of this wildly obsolete
#

# XSS Locator 2
'';!--"<XSS>=&{()}
	[Learning Exploit Development from fuzzysecurity.com]
	Tools Needed:-
	> Immunity debugger
	> Mona.py
	> Pvefindaddr.py
	> Metasploit
	> Virtual Box

	Overflows to play with:-
	1. Buffer overflow - A memory location receives more data than it was meant to
	[This is the gist version of the wiki page of Shellcode.]
	[For elaborated explaination, please visit:- en.wikipedia.org/wiki/Shellcode]
	SHELLCODE is a small piece of code used as the payload in the exploitation of a spftware vulnerability
	Its called shellcode because it typically starts a command shell from which attacker can control the compromised machines
	TYPES:
	Local - Used by attacker who has limited access to a machine but can exploit a vulnerability
	Remote - Used to target a remote machine, if the shellcode establishes the connection, it called reverse-shell or connect-back shell.
	If attacker establishes the connection, shellcode is called bindshell because it binds certain port of victim's machine
	Download & execute - Type of remote shellcode that downloads and executes some form of malware on target system
	Staged - When amount of data that an attacker can inject into the target process is too limited to execute useful shellcode directly, it may be possible to execute it in stages
	Bluetooth technology
	> bluetooth basic rate/enhanced data rate
	>> High speed
	> Low energy
	> Attribute protocol/ generic attribute profile

	------------
	V2.1 - 2007 + EDR \| secure device pairing by button press
	V3.0 - 2009 + HS \| MAC/PHY
	V4.0 - 2010 + LE
	Wmic syntax - [global switches] <command>

	The following global switches are available:
	--------------------------------------------------------------------------
	/NAMESPACE NAMESPACE - Path for the namespace the alias is to operate against. Namespaces are always relative i.e. if the namespace does not begin with a '\\' it will be assumed to be relative to the current namespace.

	USAGE:

	/NAMESPACE:<namespace>
	--------------------------------------------------------------------------
	Introduction

	> Distributed DB used by TCP/IP applications to map bt Hostnames & IP addrs and provide email routing information

	> Why DNS? An app must convert hostname->IP addr before it can as TCP/UDP to, open connection/send datagram

	> Access to DNS is through a "Resolver", its a part of application not OS

	> UNIX hosts has two library functions
	- gethostname(3) : Hostname -> IP addr
	Enumeration is the key.
	(Linux) privilege escalation is all about:
	Collect - Enumeration, more enumeration and some more enumeration.
	Process - Sort through data, analyse and prioritisation.
	Search - Know what to search for and where to find the exploit code.
	Adapt - Customize the exploit, so it fits. Not every exploit work for every system "out of the box".
	Try - Get ready for (lots of) trial and error.

	Operating System
	What's the distribution type? What version?
	~~~~~Port Scanning~~~~~


	\| Discovery scans \|
	-sP - Ping \| -sW - Window Scan \|
	-sL - List/DNS Scan \| -sA - ACK Scan \|
	-sO - Protocol Scan \| -sR - RPC Scan \|
	-sV - Verify*** \| -sI - Idle Scan \|
	-sU - UDP Scan*** \| -sV - Version Scan \|
	#
	# https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet
	# based on the RSnake original http://ha.ckers.org/xss.html
	# Retrieved on 2013-11-20
	# Much of this wildly obsolete
	#

	# XSS Locator 2
	'';!--"<XSS>=&{()}