binarymist / holisticinfosec-for-webdevelopers-fascicle0 Goto Github PK
View Code? Open in Web Editor NEW:books: Overview :lock: Tooling :lock: Process :lock: Physical :lock: People :books:
Home Page: http://f0.holisticinfosecforwebdevelopers.com
:books: Overview :lock: Tooling :lock: Process :lock: Physical :lock: People :books:
Home Page: http://f0.holisticinfosecforwebdevelopers.com
This is an epic. Feel free to break it down into sub issues as we go.
Continuing with People ch.
BeEF has been updated in Kali Linux. See if it works. It is now in testing “proposed-updates” repository where we keep packages that need testing.
You will need to add the following line to your sources.list:
deb http://repo.kali.org/kali kali-proposed-updates main non-free contrib
and then:
apt-get update
apt-get install beef-xss
If everything works as expected, send Kali an email and they will push beef to the main repos.
Also address shank again.
More research required. Need to take the Metasploit modules further and populate the VPS chapter under Windows -> PSExec for both Identify Risks and Countermeasures.
Explore the different Metasploit PSExec exploit modules discussed here: https://community.rapid7.com/community/metasploit/blog/2013/03/09/psexec-demystified
PSExec Details:
http://www.windowsecurity.com/articles-tutorials/misc_network_security/PsExec-Nasty-Things-It-Can-Do.html
http://www.windowsecurity.com/articles-tutorials/misc_network_security/Dissecting-Pass-Hash-Attack.html
http://www.windowsecurity.com/articles-tutorials/authentication_and_encryption/How-Cracked-Windows-Password-Part1.html
http://www.windowsecurity.com/articles-tutorials/authentication_and_encryption/How-Cracked-Windows-Password-Part2.html
Somewhat helpful links:
https://www.offensive-security.com/metasploit-unleashed/psexec-pass-hash/
https://blog.netspi.com/bypassing-av-with-veil-evasion/
http://www.rebootuser.com/?p=1268
Simple file sharing in Windows:
http://www.home-network-help.com/file-sharing-in-windows-7.html
Also discuss demo 5 countermeasures from WDCNZ slide-deck.
Priority
Tech review by Russ
Merge to Master as tech review done
CloudFlair has some interesting details: https://support.cloudflare.com/hc/en-us/articles/201440054-Does-CloudFlare-support-DNSSEC-
Check my notes.
The tessel board could be a good place to start. James Mackie discussed it at WDCNZ: https://speakerdeck.com/macfie/wdcnz-2015-automating-the-real-world
Emma Woods is also running Wellington IoT meetup: http://www.meetup.com/Wellington-Internet-of-Things-IoT-Meetup/
Tech review by Russ
Identify Risks and Countermeasures
https://www.owasp.org/index.php/Top_10_2013-A3-Cross-Site_Scripting_(XSS)
Ready for author review: https://github.com/holisticinfosec/HolisticInfoSec-For-WebDevelopers
Tech review by Russ
Drewe Hinkley may be going to help with this one. Waiting for him to review and provide some writings.
Never heard back from Drewe.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.