Pen-Testing Comps
Monday, 8 January 2024

+ No office hours Wednesday

+ bandit debrief

+ Essential Unix commands and concepts?
- cat, ls -alh, file, cd, man, exit, 
- |, >, <, 2>/dev/null, ...
- nmap, ssh, openssl, ping
- reading the manual
- permissions (chmod, chown, ls -l)
- setuid
- ...

+ Ways to make Unix (intentionally or not) insecure?
- Badly set permissions
- Openly available passwords
- Crackable/guessable passwords
- No limit to number of password guesses
- Not changing defaults (kali/kali, for example)
- using obscurity (e.g. weird locations) to store secret info
    put secret info in "hidden" files
- git-related stuff
    - secrets in old commits
    - secrets in tags and log messages
- cron-related stuff?
    - ???

+ Lab: web servers using Kali


+ Coming up
- Unix / Linux [week 1]
- Web [week 2]
- Taking notes and writing walkthroughs [week 3]
- Creating and sharing VMs [week 3]
- Simple pen-testing methodology [week 3, 4]
- Creating your first vulnerable machine before midterm
    and trying to hack into other people's first efforts [weeks 4, 5]