venus/CyberSecurityClub
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

commit

Browse Source
This commit is contained in:
stephensottosanti
2021-03-07 23:01:33 -06:00
parent 8d1e21665e
commit 7fd25253c5
4 changed files with 36 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
Skills/Network_Traffic_Analysis/README.md
View File

@@ -32,6 +32,4 @@ information. <br>
<p align="center">
<img width="500px" height="450px" src="/00_Archive/images/headerformat.png" alt="hf1"/>
<img width="500px" height="450px" src="/00_Archive/images/headerformat2.png" alt="hf2"/>
</p>
</p>

20
Skills/Reverse_Engineering/README.md
View File

@@ -1,17 +1,13 @@
# Reverse Engineering
[BACK TO UACTF](/UACTF)<br>
Reverse engineering is the process of extracting information or design knowledge from
anything that is man-made. The mechanisms within the field of reverse engineering are
used in many applications including understanding malware, bridging software
interoperability, and determining the strength of application code. <br>
Reverse engineering is the process of extracting information or design knowledge from anything that is man-made. The mechanisms within the field of reverse engineering are used in many applications including understanding malware, bridging software interoperability, and determining the strength of application code. <br>
Knowledge of the usage of a disassembler is helpful to solve reverse engineering tasks. A
disassembler is a tool that interprets a compiled program and produces the
corresponding machine code that can be used for analysis. There are several
disassemblers available including IDA and Ghidra (https://www.ghidra-sre.org). <br>
Knowledge of the usage of a disassembler is helpful to solve reverse engineering tasks. A disassembler is a tool that interprets a compiled program and produces the
corresponding machine code that can be used for analysis. There are several disassemblers available including IDA and Ghidra (https://www.ghidra-sre.org). <br>
A free evaluation version of IDA can be found at the following link: <br>
https://www.hex-rays.com/products/ida/support/download.shtml
https://www.hex-rays.com/products/ida/support/download.shtml <br>
Potential skills that may be necessary to solve reverse engineering tasks.
- Basic understanding of how binary data is read and structured
@@ -27,8 +23,8 @@ Below are potential examples of reverse engineering problems:
- Discovering malware
Helpful links for information on the reverse engineering process
- https://securityaffairs.co/wordpress/46606/hacking/software-reverse-
engineering-process-basics.html
- https://securityaffairs.co/wordpress/46606/hacking/software-reverse-engineering-process-basics.html
- https://www.geeksforgeeks.org/software-engineering-reverse-engineering/
- https://medium.com/@vignesh4303/reverse-engineering-resources-beginners-to-intermediate-guide-links-f64c207505ed
[BACK TO UACTF](/UACTF)<br>

24
Skills/Website_Security/README.md Normal file
View File

@@ -0,0 +1,24 @@
# Website Security
One of the most overlooked aspects of the corporate environment is the health and security of the company website. Far too often it is not until after a security breach has occurred that investments in website security practices are made. To protect the security of the website, one needs to be proactive with a defensive mindset. <br>
OWASP, the Open Web Application Security Project (https://www.owasp.org), has several resources for improving web application security. One of many informative and
helpful items produced is their Top 10 list of Application Security Risks. Below is the link to the 2017 version. <br>
https://owasp.org/www-project-top-ten/ <br>
<i>SQL Injections</i> <br>
Number one on that list is injection flaws, and one of the most common injections are SQL Injections. These flaws are the result of an all too common failure to filter untrusted input. By not filtering user input, an attacker can easily inject commands that can potentially result in the loss of important or confidential data and even the hijacking of a clients browser. <br>
Below is a tutorial on SQL Injection. <br>
https://www.guru99.com/learn-sql-injection-with-practical-example.html <br>
<i>Cross-Site Scripting</i> <br>
Number seven on the list is another very common vulnerability, Cross-Site Scripting (XSS). This is another vulnerability that has its roots in failure to filter input. Here an attacker will provide JavaScript tags as input to a web application. Without the filtering of the input, the users browser will execute it. One of the more common results is getting a user to click on the crafted link. <br>
Below is a tutorial on Cross-Site Scripting. <br>
https://excess-xss.com/

3
UACTF/README.md
View File

@@ -37,6 +37,9 @@ The following provides additional information and links for some of the challeng
to assist the students in preparing for UACTF 2021.<br>
[Code Breaking and Decoding](/Skills/Code_Breaking)<br>
[File Analysis](/Skills/File_Analysis)<br>
[Network Traffic Analysis](/Skills/Network_Traffic_Analysis)<br>
[Website Security](/Skills/Website_Security)<br>
[Reverse Engineering](/Skills/Reverse_Engineering)<br>
Again, the above is not an all-inclusive list of topics for UACTF, but it is a good starting