tylernchls

End of year reflection (20 points)

• You must write a blog about the following topics. The blog must be at least a 5 minute read.
• Post link to your blog when finished.

1. What did you expect when you started this class.
2. What were some of your favorite things you learned in the class.
3. What is your particular area of interest in cyber security?
4. What did you find hard in the class.
5. What would you change about the class?
6. What advice would you give to new students taking the class?

tylernchls

WHS Cyber Lesson Plan for 4/23 - 5/9

Pico CTF (100 points)

• Pico CTF

Instructions:

• Work your way through each lesson of each level of Pico ctf starting with level 1.
• For each lesson you successfully complete, you must document your findings and explain how you solved each one. This can be done in a google doc, or github gist.
• You document must follow the following format for each lesson and level you work on Date Level # Category Lesson Name Solution
• If you can't complete a lesson, just move on for now and come back to it. Maybe you will find answers in the other lesson.

tylernchls

HTTP Basics

Excerise #2

• Solution: Inpect Post request in dev tools and you will see magic number at bottom with the post data.

SQL Lesson

String injection

• Goal: Return all users from the user table in the db via string injection
• Enter Smith will give you single record
• Solution: Fart' OR '1'='1
• The above will return all users in the db even though their is no user named Fart. This is because every record will return with a true value hence the OR statement('1'='1 or true), therefore return the whole users table.

tylernchls

1. Build a virtual environment. This will manage dependancies on a per application basis ensuring not to conflict with globaly installed packages.
2. Make an init.py file. This will hold your entire application existing as a package which is then imported and ran via server.py file by flask. This is where you will import packages and instantiate them assigning them to a variable ex. from flask_sqlalchemy import SQLAlchemy db=SQLAlchemy(app). Now can import db throughout the application.
3. Make templates directory. This will hold all of your template files ending in .html for your application. You should have a base.hmtl file that will serve as your main .html file that all subsequent template files will be dynamically rendered via jinja2 through template inheritance. Other template files are rendered in base.html file where you place {%block content%}.
4. Make forms.py file. This will hold all of the forms your application will need. They are represented via Classes ex ``` Class LoginFo

tylernchls

Proposed application breakdown

Saturday 3/17/18

Intro to web application architecture (2 hours):

• Whiteboard full stack architecture talking
• Explain interaction with browser and flow of data
• Brief overview of dev tools specifically networking
• Demostrate live network requests / inspecting requests

Install Fest (1 hour)

tylernchls

Python Programming Tips

1. Use python dictionaries when storing data.
2. INDENTATION, INDENTATION, INDENTATION.
   • Be knowledgable how your environment is set up whether using spaces or tabs. Keep it consistant and also be aware of which version you are using since they will interpret them differently. Example, Python 2 converts tabs as if they were 8-space tabs. Python 3 will just refuse to compile a file that contains a mixture of the two.
3. Naming convention is key. (I like PEP 8)
   • Name functions, variables... so they have meaning in your code.
   • Variables, functions, methods, packages, module lower_case_with_underscores
   • Classes and Exceptions CapWords
   • Protected methods and internal functions _single_leading_underscore(self, ...)

• Private Methods __double_leading_underscore(self, ...)

tylernchls

Brief overview of accomplishments, achievments, and goals

• Below is a quick rundown of what I have learned and think have accomplished since my onboarding. There is way more to add to this list but cant remember everthing :).

Baby Steps

• Made it through training... :)
• Started working academy hours teaching fundementals of web dev.
• Learned MIT Scratch for the purpose of integrating into new curriculum for Waipahu Elementary.
• Integrated Scratch into curriculum as new approach to teach basics of web development to kids. Made use of logic, critical thinking, problem solving, architecture, conditionals, loops, and collaboration.
  • Blink 182 ping pong
  • Game Logic
• Conditionals

tylernchls

Networking Survival Kit

Scenario:

You are a security professional that has been hired to carry out an investigation into a recent security breach of Arch industries. Upon initial scan of equipment, you have determined their system is severly outdated and contains none of the standard network cli tools and applications you normally have to perform your duties. Guess you will have to build your own!!!!!!

Your Task:

You are to use your knowledge of networking and scripting to build basic networking tools in order to complete your job. Below are your details if you choose to accept.

Required Tooling/Specs

tylernchls

Test function locally

sls invoke local -f "function name"

Deploy function only

sls deploy -f "function name

Deploy everything

sls deploy

Function logs

tylernchls

Create Bucket

aws s3api create-bucket --bucket website-bucket-name --region us-west-2 --acl public-read --create-bucket-configuration LocationConstraint=us-west- 2

Make Bucket A Static Website

aws s3 website s3://website-bucket-name/ --index-document index.html --error-document error.html

Sync Local Project Directory to Static Website Bucket