Cybersecurity

Fundamentals

CIA Triad

Ideal characteristics of a network; Confidentiality, Integrity, Availability

Code execution (CE)

Remote code execution (RCE)

Enumeration

SQL injections

SQL

SQL injection

Abusing input to return the output of injected SQL code

Blind
In-band
Out-of-band

OR injection

Comment injection

UNION injection

By injecting a UNION statement, the flexibiltiy to pass complex SELECT queries is obtained

Column testing

UNION statements require two results with the same amount of columns, so deducing the amount of columns the static portion of the query is necessary

Command inclusion

INFORMATION_SCHEMA inclusion

Miscellaneous Injections

DLL injection

Security protocols

TACACS+

AAA protocol

Kerberos

AAA protocol

NTLM

File Inclusion (FI)

Local file inclusion (LFI)

Accessing a file existing on the web server, byspassing any sanitisation

Hyperlink inputs may be sanitised, however there are a variety of methods to bypass these

../ traversal
Encoding
Null byte injection
Path truncation

Remote file inclusion (RFI)

Processing a file existing on some server through the webserver

File disclosure

HTTP GET parameter

Path truncation

Null byte injection

Encoding

Link sanitisers may not work if the input uses hexadecimal encoding rather than standard character input.

Base64

RCE

PHP Filters

PHP wrapper

Log poisoning

Buffer overflow development

Brute force techniques

Known plaintext attack
Dictionary attack

Cross Site Scripting (XSS)

Types

Persistent/stored; stored on back-end server and processed server side

Non-persistent/reflected; processed server side, not stored on server

DOM-based; processed client side, not stored on server

DOM-based XSS

DOM has default sanitization for script tags, hence javascript within tag attributes must be used.

Source

Sink

Priveledge escalation (privesc)

Horizontal
Vertical

Shell formation

Reverse shell

Summoning a shell from the victim device. This is done by triggering the victim device to send a shell to the attacking device, while the attacking device is listening

Direct shell

Summoning a shell from the attacking device

Shell formation

Obfuscation

Cryptography

Minifying

Packing

Base64

ROT13

Traffic analysis

Fuzzing

HTTP attacks

Deserialisation attacks

Hardware attacks

Active directory attacks

Log poisoning

DNS poisoning

ARP poisoning

Inclusions

Other

Denial of service (DOS)

Consuming a server's bandwidth by flooding packets

Distributed denial of service (DDOS)

Performing DOS through multiple clients

Domain Controller

PPTP

Control and Command attack (C2)

Botnet attack where a threat actor controls a domain of devices on which commands can be executed

Firewall

System that opens and closes network ports

zaco | ザコ

Cybersecurity

Fundamentals

CIA Triad

Code execution (CE)

Remote code execution (RCE)

Enumeration

SQL injections

SQL injection

OR injection

Comment injection

UNION injection

Column testing

Command inclusion

INFORMATION_SCHEMA inclusion

Miscellaneous Injections

DLL injection

Security protocols

TACACS+

Kerberos

NTLM

File Inclusion (FI)

Local file inclusion (LFI)

Remote file inclusion (RFI)

File disclosure

HTTP GET parameter

Path truncation

Null byte injection

Encoding

RCE

PHP Filters

PHP wrapper

Log poisoning

Buffer overflow development

Brute force techniques

Brute force techniques

Cross Site Scripting (XSS)

Types

DOM-based XSS

Source

Sink

Priveledge escalation (privesc)

Priveledge escalation (privesc)

Shell formation

Reverse shell

Direct shell

Shell formation

Obfuscation

Minifying

Packing

Base64

ROT13

Traffic analysis

Fuzzing

HTTP attacks

Deserialisation attacks

Hardware attacks

Active directory attacks

Log poisoning

DNS poisoning

ARP poisoning

Inclusions

Other

Denial of service (DOS)

Distributed denial of service (DDOS)

Domain Controller

PPTP

Control and Command attack (C2)

Firewall

Key agreement