Pen-Testing Comps
Friday, 26 January 2024

+ Rough calendar
M 01/29  - Design 1
W 01/31  - Design feedback
F 02/02  - Design 2
W 02/07  - Implementation 1
F 02/09  - Implementation feedback
W 02/14  - Implementation 2
M 02/19  - Poster 1
W 02/21  - Poster feedback
Th 02/22 - VM freeze
M 02/25  - Posters must be submitted for printing
Th 02/29 - Comps gala
F 03/01  - VM thaw
03/04-08 - Oral exams
W 03/13  - Final walkthroughs and VMs due

+ Requests so far
- Authentication [today]
- A Hack The Box walkthrough; maybe two [Monday]
- More privilege escalation techniques
- SQL injection
- Email servers

+ Authentication topics
- Web "basic authentication"
    - protocol
    - implementation server-side
    - .htpasswd file
- Login passwords
    - /etc/passwd
    - /etc/shadow
    - cryptographic hash functions
        shasum command
    - what does SSH do?
- Password cracking: john, hashcat
    - passphrase on private key
    - passphrase on zip file
    - passphrase on password manager vault
    - xxx2john commands
- Session keys
    - how cookies work
    - what is a session ke
- So much more
    - (Windows) NTLM, Kerberos
    - OAuth (authorization, not authentication, but people use it for authentication anyway)
    - ...