Git-Mirrors/sec-pentesting-toolkit
1
0
Fork 0
mirror of https://github.com/autistic-symposium/sec-pentesting-toolkit.git synced 2025-05-02 06:46:07 -04:00
Code Issues Projects Releases Packages Wiki Activity

readmes

Browse source
This commit is contained in:
bt3gl 2014-11-19 14:46:14 -05:00
parent 7091a95fdc
commit f4b8b9ad43
9 changed files with 85 additions and 27 deletions
Download patch file Download diff file Expand all files Collapse all files

46
Vulnerabilities_and_Exploits/overall_protective_measures.md → Vulnerabilities_and_Exploits/README.md
View file

@ -1,3 +1,49 @@
# Tools
### Keyloggers
* Rin Logger
---
# Vulnerabilities Glossary
* LD_PRELOAD: hijacking functions to a shared library: you can set this enviroment variable direct to the linker to load a library of your choice.
### Common Vulnerabilities:
* Authentication: to not require authentication in a situation that warrants it; information isn't trustworthy (authentication in the client side).
* Authorization: there are several formal designs for access control: discretionary access control, mandatory access control, role-based access control. Vulnerabilities: missing authorization (webpages).
* Accountability: expectation that a system can identify and log users' activities. Vulnerabilities: system's failure to log operations in sensitive data; system doesn't protect its data.
* Confidentiality: expectation that only authorized parties can view data. Vulnerabilities: failure/lack in encryption, homemade encryption, storing sensitive data unnecessarily.
* Integrity: the expectation that only authorized parties are able to modify the data. Vulnerabilities: failure in access control, failure in confidentiality, bail-and-switch attack.
* Availability: capability to use a resource when expected. Vulnerability: DoS.
---
# Exploits and Attacks Glossary
* Denial of Service (DoS): occurs when an attacker can make a system unavailable by performing some unanticipated action.
* Attack surface: the collection of all entry points that provide access to an asset. Operational vulnerabilities occur when the attack surface is exposed unnecessarily. Minimizing the attack surface is referred to *host hardening*.
---
# Overall Protective Measures:
### Development Measures

5
Vulnerabilities_and_Exploits/exploits_and_attacks_gloassary.md
View file

@ -1,5 +0,0 @@
# Exploits and Attacks Glossary
* Denial of Service (DoS): occurs when an attacker can make a system unavailable by performing some unanticipated action.
* Attack surface: the collection of all entry points that provide access to an asset. Operational vulnerabilities occur when the attack surface is exposed unnecessarily. Minimizing the attack surface is referred to *host hardening*.

22
Vulnerabilities_and_Exploits/vulnerability_glossary.md
View file

@ -1,22 +0,0 @@
## Vulnerabilities Glossary
* LD_PRELOAD: hijacking functions to a shared library: you can set this enviroment variable direct to the linker to load a library of your choice.
### Common Vulnerabilities:
* Authentication: to not require authentication in a situation that warrants it; information isn't trustworthy (authentication in the client side).
* Authorization: there are several formal designs for access control: discretionary access control, mandatory access control, role-based access control. Vulnerabilities: missing authorization (webpages).
* Accountability: expectation that a system can identify and log users' activities. Vulnerabilities: system's failure to log operations in sensitive data; system doesn't protect its data.
* Confidentiality: expectation that only authorized parties can view data. Vulnerabilities: failure/lack in encryption, homemade encryption, storing sensitive data unnecessarily.
* Integrity: the expectation that only authorized parties are able to modify the data. Vulnerabilities: failure in access control, failure in confidentiality, bail-and-switch attack.
* Availability: capability to use a resource when expected. Vulnerability: DoS.