venus/blog
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

merge into: venus:fix-docker
Branches Tags
venus:master venus:main venus:dev venus:integrate-build venus:combine-docker venus:fix-docker
...
pull from: venus:master
Branches Tags
venus:master venus:main venus:dev venus:integrate-build venus:combine-docker venus:fix-docker

28 Commits
fix-docker ... master

Author SHA1 Message Date
venus
c03c37f691 live pull works!! 2026-03-05 02:03:16 -06:00
venus
c4634c0a0c set update to post again 2026-03-05 01:56:19 -06:00
venus
35cd103751 set update to post only 2026-03-05 01:53:19 -06:00
venus
eddd70c701 fixed live webhook update 2026-03-05 01:50:07 -06:00
venus
4d1eae0b25 fixed live pull issue 2026-03-05 01:46:02 -06:00
venus
e8a0831809 fixed rebase issue 2026-03-05 01:33:06 -06:00
venus
5ed4acf7bf updated compose 2026-03-05 01:28:39 -06:00
venus
4e35dabde7 ignoring compose now 2026-03-05 01:26:40 -06:00
venus
f6f192da26 basic webhook tested 2026-03-05 01:24:40 -06:00
venus
ebb6aa0f56 basic webhook 2026-03-05 01:21:13 -06:00
venus
cf6fc0da33 started webhook 2026-03-05 01:17:38 -06:00
venus
427c3b6427 public notes work now 2026-03-05 00:02:39 -06:00
venus
13d7676ff4 fixed names and function defs 2026-03-04 23:51:07 -06:00
venus
e9b1a95b9a improved readability again 2026-03-04 23:33:00 -06:00
venus
48d27184be improved readability 2026-03-04 23:32:08 -06:00
venus
c41f3a0286 implemented public vault initialization 2026-03-04 23:22:54 -06:00
venus
d6a1d30747 addded todo comment 2026-03-04 23:12:40 -06:00
venus
35f0edbc83 updated gitignore and build.py works to update vault 2026-03-04 23:10:09 -06:00
venus
f22fb410ab updated compose 2026-03-04 19:47:56 -06:00
venus
58e972e65f vault clones from env vars in compose 2026-03-04 19:46:37 -06:00
venus
bacbd48d30 added gitignore again 2026-03-04 18:03:05 -06:00
venus
62dcfab912 updated to render md from content dir 2026-03-04 18:00:42 -06:00
venus
6c6cccae49 added repo key 2026-03-04 16:37:17 -06:00
venus
7612837e82 updated .env 2026-03-04 16:32:39 -06:00
venus
fdbced9192 updated dockerfile and flask app name 2026-03-04 16:29:41 -06:00
venus
99a0df522e moved dockerfile 2026-03-04 16:27:53 -06:00
venus
1b177e3d86 removed some folders 2026-03-04 16:27:30 -06:00
venus
d3c8d6e544 docker works 2026-03-04 16:23:43 -06:00
21 changed files with 694 additions and 128 deletions
Expand all files Collapse all files

28
' Normal file
View File

@@ -0,0 +1,28 @@
from flask import Flask
from app import build
from pathlib import Path
import markdown
import os
from dotenv import load_dotenv
app = Flask(__name__)
PRIVATE_VAULT_DIR = Path("/vault")
PUBLIC_VAULT_DIR = "/content"
build.obsidian_vault(PRIVATE_VAULT_DIR) # initialize the private obsidian repo
build.public_vault(PRIVATE_VAULT_DIR, PUBLIC_VAULT_DIR) # initialize the public notes from the private repo
@app.route("/")
def index():
md_content = "# Welcome to my blog!\nThis is rendered from **Markdown**.\n##[test](http://localhost/test)"
html_content = markdown.markdown(md_content)
return html_content
@app.route("/api/vault-update") #webhook for vault updated
def update_vault():
# TODO SECURE THIS WITH SECRETTTTT or auth header
print(build.public_vault(PRIVATE_VAULT_DIR, PUBLIC_VAULT_DIR))# initialize the public notes from the private repo
return "vault-rebuilt"
@app.route ("/<filename>") # renders a filename if not otherwise specified
def render_post(filename):
return build.html_file(filename, PUBLIC_VAULT_DIR)

3
.env
View File

@@ -1,2 +1,5 @@
obsidian_vault=/home/venus/Documents/Personal-Wiki
obsidian_vault_url=git.riverrooks.dev/Personal-Wiki
OBSIDIAN_VAULT_URL=git.riverrooks.dev/Personal-Wiki
obsidian_vault_token=bd8cd9301ae2c1c5bacfb3340492acb5e862686a

3
.gitignore vendored Normal file
View File

@@ -0,0 +1,3 @@
app/__pychache__
public-vault
compose.yml

29
Dockerfile Executable file
View File

@@ -0,0 +1,29 @@
FROM python:3.14-slim
#install git
RUN apt-get update && apt-get install -y \
git \
&& rm -rf /var/lib/apt/lists/*
#install dependencies
RUN mkdir /app
COPY app/requirements.txt /app
RUN pip3 install -r /app/requirements.txt
#parse from .env file
ARG DEBUG_MODE=0
ARG obsidian_vault=/home/venus/Documents/Personal-Wiki
ARG OBSIDIAN_VAULT_URL=git.riverrooks.dev/venus/Personal-Wiki
ARG obsidian_vault_token=bd8cd9301ae2c1c5bacfb3340492acb5e862686a
ENV FLASK_DEBUG=$DEBUG_MODE
ENV FLASK_APP=app
# ENV OBSIDIAN_VAULT=$obsidian_vault
ENV OBSIDIAN_VAULT_URL=$OBSIDIAN_VAULT_URL
ENV OBSIDIAN_VAULT_TOKEN=$obsidian_vault_token
COPY app /app
ENTRYPOINT ["flask"]
CMD ["run", "--host=0.0.0.0", "--port=80"]

21
app/Dockerfile
View File

@@ -1,21 +0,0 @@
FROM python:3.10-slim AS builder
ARG DEBUG_MODE=0
ENV FLASK_DEBUG=$DEBUG_MODE
ENV FLASK_APP=app
COPY requirements.txt
RUN pip3 install -r requirements.txt
COPY . .
EXPOSE 443
ENTRYPOINT ["flask"]
# CMD [ "run", "--host=0.0.0.0", "--port=80"]
CMD ["--app", "app", "run", "--host=0.0.0.0", "--port=443"]

35
app/___init___.py
View File

@@ -1,35 +0,0 @@
from flask import Flask
import markdown
from pathlib import Path
app = Flask(__name__)
CONTENT_DIR = Path(__file__).parent.parent / "content"
@app.route("/hello")
def hello_world():
return "<h1>Hello, World!</h1>"
@app.route("/")
def index():
# Write your markdown content
md_content = "# Welcome to my blog!\nThis is rendered from **Markdown**."
# Convert it to HTML
html_content = markdown.markdown(md_content)
return html_content
@app.route ("/post/<filename>")
def render_markdown_file(filename):
filePath = CONTENT_DIR / f"{filename}.md"
# 3. Protect against missing files
if not filePath.is_file():
return f"<h1>404</h1><p>Could not find {filename}.md in {filePath}</p>", 404
# else:
# return f"<h1> found</h1> <p> found {filename} in {filePath}</p>"
# 4. Open, read, and convert the file
with open(filePath, "r", encoding="utf-8") as f:
textContent = f.read()
htmlContent = markdown.markdown(textContent)
return htmlContent

29
app/__init__.py Normal file
View File

@@ -0,0 +1,29 @@
from flask import Flask
from app import build
from pathlib import Path
import markdown
import os
from dotenv import load_dotenv
app = Flask(__name__)
PRIVATE_VAULT_DIR = Path("/vault")
PUBLIC_VAULT_DIR = "/content"
build.obsidian_vault(PRIVATE_VAULT_DIR) # initialize the private obsidian repo
build.public_vault(PRIVATE_VAULT_DIR, PUBLIC_VAULT_DIR) # initialize the public notes from the private repo
@app.route("/")
def index():
md_content = "# Welcome to my blog!\nThis is rendered from **Markdown**.\n##[test](http://localhost/test)"
html_content = markdown.markdown(md_content)
return html_content
@app.route("/api/vault-update", methods=['POST', 'GET']) #webhook for vault updated
def update_vault():
# TODO SECURE THIS WITH SECRETTTTT or auth header
build.obsidian_vault(PRIVATE_VAULT_DIR) # initialize the private obsidian repo
build.public_vault(PRIVATE_VAULT_DIR, PUBLIC_VAULT_DIR)# initialize the public notes from the private repo
return "vault-rebuilt"
@app.route ("/<filename>") # renders a filename if not otherwise specified
def render_post(filename):
return build.html_file(filename, PUBLIC_VAULT_DIR)

65
app/build.py
View File

@@ -1,26 +1,61 @@
from obsidian_parser import Vault
import shutil
from git import Repo
import markdown
from pathlib import Path
import os
def html_file(filename, contentPath): #renders markwown from filename
filePath = Path(f"{contentPath}/{filename}.md")
# 3. Protect against missing files
if not filePath.is_file():
return f"<h1>404</h1><p>Could not find {filename}.md in {filePath}</p>", 404
# open the file for reading
with open(filePath, "r", encoding="utf-8") as f:
textContent = f.read()
# convert it to markdown
htmlContent = markdown.markdown(textContent)
return htmlContent
def clone_secure_repo(url: str, token: str = "", dest: str): # clone a gittea repo using optional security token into dest dirand return a path to the directory
return dest
def public_notes(src: str): # return a list of notes tagged with public from an obsidian directory
# build vault from source
vault = Vault(src)
if vault:
print ("found vault")
else:
def obsidian_vault(dest = "/vault"): # makes sure there is a vault in dest
from git import Repo
url = os.getenv("OBSIDIAN_VAULT_URL")
token = os.getenv("OBSIDIAN_VAULT_TOKEN")
if not(token):
print ("token not found, cant build vault")
raise NameError("tokenNotFound")
return 0
url = f"https://{token}@{url}"
if os.path.exists(os.path.join(dest, '.git')):
#TODO handle merge conflictsjjj
print (f"pulling vault from {url} in {dest}")
repo = Repo(dest)
origin = repo.remotes.origin
origin.fetch()
origin.pull(strategy_option='theirs')
print ("vault updated")
return 1
print (f"building vault from {url} in {dest}")
Repo.clone_from(url, dest)
print("cloned vault!")
return 1
def public_vault(privateVault = "/vault", dest = "/content"): # build the public vault in dest from an obsidian repo in src
vault = Vault(privateVault)
if not(vault):
print("could not find vault")
return []
raise NameError("vaultNotFound")
return 0
# return a list ofnotes
return vault.get_notes_with_tag("public")
print(f"valid vault{vault}")
publicNotes = vault.get_notes_with_tag("public")
def buld_public_vault(src: str, dest: str): # build the public vault in dest from an obsidian repo in src
for note in public_notes(src):
print(f"publicNotes: {publicNotes}")
for note in publicNotes:
print(note.title)
shutil.copy2(f"{note.path}", dest)

3
app/requirements.txt
View File

@@ -1,2 +1,5 @@
flask
markdown
obsidianmd-parser
GitPython
python-dotenv

14
compose.yml
View File

@@ -1,15 +1,13 @@
services:
app:
build:
context: app
args:
- DEBUG_MODE=1
- obsidian_vault_url=https://git.riverrooks.dev/Personal-Wiki
- obsidian_vault_token=bd8cd9301ae2c1c5bacfb3340492acb5e862686a
ports:
- '80:80'
- '8188:80'
volumes:
- ./content:/content
# public_vault_builder:
# build:
# context: public_vault_builder
# volumes:
# - ./public_vault:/content
- ./content:/content #public
- ./public-vault:/vault #private

0
public_vault/Cyber-Crime.md → content/Cyber-Crime.md
View File

79
content/Homework.md Normal file
View File

@@ -0,0 +1,79 @@
#public
# Homework
Questions (P7.)
1. a
1. A. True
2. B. Order does not matter in sets
2. MISSISSIPPI
3.
1. $\subseteq$
2. $\in$
3. $\subseteq$
4. $\in$
5. $\in$ x wrong $\emptyset$ is a $\subseteq$ of all sets
6. $\subseteq$
4. 9.
1. a) $\{S_4, S_5, S_9\}$
2. b) **??**
3. c) quadrillion
4. d)
1. F
2. T (if order does not matter)
3. T
4. F
5. T
6. T
7. F
8. F
9. F
10. T
11. F
12. F
13. T
14. F
15. T
16. T
5. 10.
1. $D_1=\{1\}, D_2=\{1,2\}, D_{10}=\{1,2,5\}$
2. b)
1. T
2. F
3. T
4. T
5. T?
6. F
7. T
8. F
9. F
10. F
11. F
12. T
3. c) $|D_{10}|=3$, $|D_{19}|=2$
4. D) $|\mathcal{D}|=9$
| Questions | Answer |
| --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------- |
| 1. <br> 1. (a) True or false? {red, white, blue} = {white, blue, red}. <br> 2. (b) What is wrong with this statement: Red is the first element of the set {red, white, blue}? | a. True<br>b. Order does not matter in sets |
| 2. Which has the larger cardinality? The set of letters in the word MISSISSIPPI or the set of letters in the word FLORIDA ? | MISSIPPI |
| 3. Fill in the blank with the appropriate symbol, ∈ or ⊆. <br> 1. (a) {1, 2, 3} {1, 2, 3, 4} <br> 2. (b) 3 {1, 2, 3, 4} <br> 3. (c) {3} {1, 2, 3, 4} <br> 4. (d) {𝑎} {{𝑎}, {𝑏}, {𝑎, 𝑏}} <br> 5. (e) ∅ {{𝑎}, {𝑏}, {𝑎, 𝑏}} <br> 6. (f) {{𝑎}, {𝑏}} {{𝑎}, {𝑏}, {𝑎, 𝑏}} | |
| 9. Let 𝑆1 = {𝑜, 𝑛, 𝑒}, 𝑆2 = {𝑡, 𝑤, 𝑜}, 𝑆3 = {𝑡, , 𝑟, 𝑒, 𝑒}, and so on. <br> 1. (a) Find all 𝑘 ∈ {1, 2, . . . , 10} with \|𝑆𝑘\| = 4. <br> 2. (b) Find distinct indices 𝑗, 𝑘 with 𝑆𝑗 = 𝑆𝑘. <br> 3. (c) Find the smallest value of 𝑘 with 𝑎𝑆𝑘. <br> 4. (d) Let 𝒮 = {𝑆𝑘}40 𝑘=1. Determine whether the following statements are true or false. <br> 1. (i) 𝑆13 = {𝑛, 𝑒, 𝑖, 𝑡, , 𝑒, 𝑟} <br> 2. (ii) {𝑛, 𝑒, 𝑡} ⊆ 𝑆20 <br> 3. (iii) 𝑆1 ∈ 𝒮 <br> 4. (iv) 𝑆3 ⊆ 𝒮 <br> 5. (v) ∅ ∈ 𝒮 <br> 6. (vi) ∅ ⊂ 𝒮 <br> 7. (vii) ∅ ⊆ 𝒮 <br> 8. (viii) 𝑆1 ⊆ 𝑆11 <br> 9. (ix) 𝑆1 ⊆ 𝑆21 <br> 10. (x) 𝑆1 ⊂ 𝑆21<br> 11. (xi) {𝑛, 𝑖, 𝑒} ∈ 𝒮 <br> 12. (xii) {{𝑓, 𝑜, 𝑢, 𝑟}} ⊆ 𝒮 <br> 13. (xiii) 𝑢𝑆40 <br> 14. (xiv) 𝒫(𝑆9) ⊆ 𝒫(𝑆19) <br> 15. (xv) {𝑠, 𝑖} ∈ 𝒫(𝑆6) <br> 16. (xvi) 𝑤𝒫(𝑆2) | |
| 10. For 𝑘 ∈ {1, 2, . . . , 20}, let 𝐷𝑘 = {𝑥 𝑥 is a prime number which divides 𝑘} and let 𝒟 = {𝐷𝑘 𝑘 ∈ {1, 2, . . . , 20}}.<br> 1. (a) Find 𝐷1, 𝐷2, 𝐷10, and 𝐷20. <br> 2. (b) True or False: <br> 1. (i) 𝐷2 ⊂ 𝐷10 <br> 2. (ii) 𝐷7 ⊆ 𝐷10 <br> 3. (iii) 𝐷10 ⊂ 𝐷20 <br> 4. (iv) ∅ ∈ 𝒟 <br> 5. (v) ∅ ⊂ 𝒟 <br> 6. (vi) 5 ∈ 𝒟 <br> 7. (vii) {5} ∈ 𝒟 <br> 8. (viii) {4, 5} ∈ 𝒟 <br> 9. (ix) {{3}} ⊆ 𝒟 <br> 10. (x) 𝒫(𝐷9) ⊆ 𝒫(𝐷6) <br> 11. (xi) 𝒫({3, 4}) ⊆ 𝒟 <br> 12. (xii) {2, 3} ∈ 𝒫(𝐷12) <br> 3. (c) Find \|𝐷10\| and \|𝐷19\|. <br> 4. (d) Find \|𝒟\| | |
# Unit 1
## Krish Hw 2
1. A = {1, 2, 3}, B = {2, 3, 4} and C = {1, 2, 4}. List the elements of the specified set
1. (a) A ∩ B; | {2,3}
2. (b) A B; | {1,2,3,4}
3. (c) C\A; | {1}
4. (d) A (B ∩ C); | {2,1,3}
5. (e) (A ∩ C) (B ∩ C); | {1,2,4}
6. (f) A × B; | {(1,2),(1,3),(1,4),(2,3),(2,2),(2,4),(3,2),(3,3),(3,4)}
7. (g) B × A; | {(2,1),(2,2),(2,3),(3,1),(3,2),(3,3),(4,1),(4,2) ,(4,3)}
8. (h) (A × B) ∩ (B × A). | {(2,2),(3,3)}
2. $M_2$ = {2, 4, 6, 8, 10, · · · } and $M_3$ = {3, 6, 9, 12, 15, · · · }. Find:
1. (a) $M_2$ ∩ $M_3$;
1. $M_6$
2. (b) $M_3 \backslash M_2$
1. $\{x|x=6k-3 \space\forall\space k \in\mathbb{N}\}$

296
content/Malware.md Normal file
View File

@@ -0,0 +1,296 @@
#public
# Malware/malicious software
- **Malware**: software written with intent to do HARM
```mermaid
flowchart TD
A[Data] <---> B[People]
A <---> C[Devices]
B <---> C
```
> Greatest Vulnerability is People
## Malware types
- **virus:** program to modify other programs
- **Worm**: program that spreads itself
> diff b/t virus and worm is method of movement
- **Trojan**: an innocent program that hides malware inside
- **Ransomware**: require payment to remove (often in exchange for decryption key)
- **Phishing**: Faking identity in order to build trust to encourage specific user behavior
- **DOS/DDOS**: (distributed) denial of service to overwhelm services and prevent legitimate activity from getting through
# Threat Actors
| Group | Motivations |
| ---------------- | -------------------------------------------------------- |
| Nation States | Intelligence Infrastructure |
| Groups of people | Intimidate, org-goals |
| Individuals | ego, \$\$\$, etc |
| Insider Threats | Those inside of an organization who abuse trusted access |
>Insider Threats are the Greatest challenge in cyber-sec
> There is an upward trend in the amount of malware and damage done in USD. 5 month avg for identifying breaches
# CIA TRIAD
```mermaid
flowchart TD
A[Confidentiality] <---> B[Integrity]
A <---> C[Accessibility]
B <---> C
````
True security manages all 3, our job is to find the right balance
## CONFIDENTIALITY
Ensuring that only authorized users can access data
### 3 Types of confidentiality
| type | definition | exampe | |
| --------------- | -------------------------------------------------------------------------- | ------------------------- | --- |
| Confidentiality | limiting access to information including the existence of such information | "What conversation" | |
| Privacy | Limit the information shared | Not giving away PII | |
| Secrecy | Data not to be shared beyond small circle | Restricting access to PII | |
- **PII**: personally identifiable information
## INTEGRITY
Ensure data and system resources are trustworthy
Trustworthy: known author, not maliciously modified
| Catagory | definition |
| --- | --- |
| Data integrity | Data has not been modified or overwritten |
| Origin Integrity | maintaining the authorship and chain of editors |
| System integrity | overall design of processes that work with data |
> While confidentiality is often considered the "Traditional" focus of security, Integrity can be considred just as important
## AVAILABILITY
Authorized users can access data and systems when needed.
Confilicts directly with Confidentiality, this balance is our job.
DDOS/DOS attacks affect availibility.
> "If one person can have access, many have access"
# What is security?
> Just fire-walling/encrypting your system $\neq$ security
**Security is a systems issue**, good security is a heuristic endeavor encompassing the following questions:
1. What are we protecting?
2. What can go wrong?
3. What are we going to do about it?
4. Did we do a good job?
You need to deal with policy and procedure. E.G. talking to non-tech savvy people or encouraging more scrutiny of strange emails
- **Forensics:** determine what was done when
```mermaid
mindmap
id))system((
id(Hardware(
id(Software(
id)networking(
```
# The Five As
| [[Malware#Authentication]] | Verification of a user's Identity | static password |
| ------------------------ | -------------------------------------------- | ------------------------- |
| Access control | control who is allowed access to something | ACT card |
| [[Malware#Accounting]] | keeping track of activity | logs of command history |
| [[Malware#Auditing]] | checking for suspicious behavior or failures | log analysis |
| Action | taking action on a threat | changing a users password |
## Authentication
> How do we know who you say you are? j do we know you're authorized?
### 3 mechanism of authentication:
| something you **know** | Static username and passwd |
| ---------------------- | -------------------------------------------------------------------- |
| something you **have** | one time password (OTP) --> usually **2nd device** as authentication |
| something you **are** | Biometric credential |
## Accounting
- cant have $\infty$ storage, so what do you keep?
## Auditing
You need to know your system is compromised if you're taksed to protect it.
"Did something happen?"
This is looking at logs created and making policies to take action of some kind
you also need to determine the action to take
# measures and countermeasures
| prevention | measures to **stop breaches** | Gaurd at the gate, strong authentication policy | |
| ---------- | --------------------------------- | ----------------------------------------------- | --- |
| detection | measures to **detect breaches** | beggining, ongoing, or afterwords | |
| Reaction | measures to **recover of assets** | Rebuild, Repair, Pursue | |
```mermaid
flowchart TB
id1[Passwords are easy to guess] --> id2[Password policies] --> id3[Users write down passwds] --> id4[etc]
```
# Insider threats
- **Threat**: An event of condition that has the potential to cause loss or undesirable consequences
- **Insider Threat**: threat caused by someone inside of the organization
- Disgruntled employee
- Careless employee
| |IT sabatoge| Theft of IP | Fraud | Espionage |
| --- | --- | --- | --- | --- |
| WHO | techinal/priveleged access | scientists, programmers, engineers, sales | fincacial pros, low/mid developers, customer service | anybody |
| WHEN | on/before termination | ~60 days b4 leaving | Long period of time | long period of time |
| WHY | revenge | new job, start company | Greed, financial need | dissatisfaction, greed, financial need |
## Identifying Insider Threats:
- Who has the most access?
> Don't assume sysadmin is the villan, just be aware of their access level
- become the insider. "Think like the attacker"
- most employees dont join to become insiders
## Lifecycle of an insider
1. Recruitment/tipping point
2. Search/Reconnisance
3. Acquisition/collection
4. Exfiltration/Action
# Threat Modeling
> The equifax breach exploited a known vulnerability that equifax didn't patch for months. $1.4 Billion in damages
## The fundamental security problem
There are more attacks than can be reasonably stopped with limited time/money
## Why threat model
- Proactive vs Reactive
- Prioritization
- Systematic approach
- Find problem's you'd otherwise miss
- Legal compliance
## The cost of a vulnerability
![[Diagram 2.svg]]
## What is threat modeling?
A structured process to identify, quantify, and address security risks in a system or process
## Key Questions
1. What are we protecting
2. What can go wrong
3. What are we going to do about it
4. did we do a good job
## Steps
### 1. define scopes and assets
### 2. Create architecture diagram
- Data flow
- Network diagram
- Component diagram
- Trust breakdown diagram
### 3. Identify threats
| S | spoofing Identity |
| --- | --- |
| T | Tampering with data |
| R | Repudation |
| I | Information disclosure |
| D | Denial of servie |
| E | Escalation of privelege |
> [[Malware#CIA Triad]]
### 4. Rank and prioritize threats
#### DREAD
on a scale of 1 - 10
Risk = (D+R+E+A+D)/5
| D | Damage potential |
| --- | --- |
| R | Reproducability |
| E | Exploitability |
| A | Affected Users |
| D | Discoverability |
Ex: Mybama SQLI
| D | 10 |
| --- | --- |
| R | 10 |
| E | 7 |
| A | 10 |
| D | 8 |
R 9 = (10 + 10 + 7 + 10 + 8) / 5
9 is a **Critical threat**
#### Impact/likelyhood table
| likelyhood | low | med | high |
| ---------- | --- | --- | ---- |
| low | 1 | 2 | 3 |
| med | 2 | 4 | 6 |
| high | 3 | 6 | 9 |
| < 3 | < 6 | 9 |
| --- | --- |---|
| low, fix when possible | Vulnerable. Fix ASAP | HUGE PROBLEM |
### 5. Determine Mitigation
1. **Eliminate**: remove the vuln --> unused admin page
2. **Mitigate**: Reduce likelihood of attack --> Sanitize SQL inputs
3. **Transfer**: Move to somewhere else --> send it to your SSO
4. **Accept**: It's good enough --> password logins (using microsoft)
## Why it works:
1. Systematic, not random
2. Visual
3. Collaborative
4. Proactive
5. Prioritized
6. Documented
# Encryption
## Symmetric V. Asymmetric
- **Symmetric encryption**: Uses a single key
- **Asymmetric encryption**: Uses two keys
```mermaid
stateDiagram-v2
state symmetric{
plaintext
}
state asymmetric{
text
key
}
text --> encryption
key --> encryption
encryption --> cyphertext
plaintext --> encryption
cyphertext --> decryption
decryption --> Plaintext
```
### Asymmetric key encryption
> Asymmetric has 2 keys and is more computationally expensive
takes 2 keys, and runs the encryption algo on the combined input
1 is the private key, one is the public
how do you securely send the keys?
### Symmetric key encryption
Cheaper, older and more common
> Block cipher
- **DES**: Data Encryption Standard
- Oldest standard
- originally labbeled by NIST
- **AES**: Advanced Encryption Standard
- updated DES, more computationally signifigant for modern computing
- **3DES**: 3 Data Encryption Standard
- does DES 3 times
- **TLS**: Transport Layer security
- for high level web traffic
- **SSL**: Secure Socket layer
- for secure communication between machine
## Feistel block cipher
Takes initial input, splits in half, encrypts left half, and switches. Repeats
The key is used in encryption through a reversable algorithm.
![[Pasted image 20260217083518.png]]
## Diffie Heiman Key exchange
Symmetric means you have to pass around the key,
Asymmetric is computationally expensive
Diffie-Heiman is a solution
1. Publish your public key
2. Send hash function with any work you then publish
3. Your public key can be used to verify integrety of any published work
3a. verifying file downloads
3b. git commits
You can aslo force 1-way encryption with a block cipher so:
data --> hash
but not:
hash --> data
any slight change of input, dramatically changes output (Avalance effect)
> since encryption methods take any size and hash it to a fixed size, collisions are possible. Furthermore, Collisions are going to be vastly different inputs
## Hash functions
- Md5
- Sha1
- Sha3
- Sha256
- RSA

2
content/Public test 2.md Normal file
View File

@@ -0,0 +1,2 @@
if this is there, the site live updates from wh
#public

157
content/Unit 1 Sets and Logic.md Normal file
View File

@@ -0,0 +1,157 @@
---
tags:
- Math-301
- Math
- School
- notes
- Spring-25
- public
Slides: "[[Wed 1-7.pdf]]"
Topic: Sets and Logic
Unit: 1.1 - 1.6
---
# 1.1 Basic definitions
A set is a collection of objects. The objects in a set are called its elements or members.
> Let A={a,b,c}.
> $a\in A$ -- means *a* is an element of *A*
> $d \notin A$ -- means *d* is not an element of *A*
**Def**. the [[Cardinality]] of a finite set `S`, demoted `|S|`. is the number of elements in `S`.
In the example, `|A| = 3`.
### Notation for some sets of numbers
> Natural numbers: $\mathbb{N}$ = {1,2,3,...}
> Whole Numbers: $\mathbb{W}$ = {0,1,2,3,...}
> The set of integers: $\mathbb{Z}$ = {...-3,-2,-1,0,1,2,3,} = {0,1,-1,2,-2,3,-3...}
> Rational Numbers: $\mathbb{Q}$ = $\{\frac{a}{b}\vert a,b\in\mathbb{Z},b\neq0\}$
> Set of real numbers: $\mathbb{R}$
---
## 2 subsets
- Let *A* and *B* be sets. We say that *B* is a [[subset]] of *A*, if every element of *B* is also an element of *A*, denoted $B\subseteq A$
- Two sets are [[equal]], denoted $A = B$, if $A\subseteq B$ and $B\subseteq A$
>Ex. Let *A* = $\{x\vert x\in\mathbb{Z}\hspace{7px}and\hspace{7px}0\lt x\lt6\}$.
>We see that $A=\{1,2,3,4,5\}$.
>Note: $1\in A, 4\in A$, but $6\notin A$.
>$\{1,3,5\}\subseteq A,\{2\}\subseteq A$, but $\{2\}\notin A$
>{2,4,6}$\subsetneq A$ since $6 \notin A$
>|A| = 5.
>Ex. $\mathbb{N}\subseteq \mathbb{W} \subseteq \mathbb{Z} \subseteq \mathbb{Q} \subseteq \mathbb{R}$
[[Proper subset]]: $B\subset A$ if $B\subseteq A$ and $B\neq A$
### Intervals of $\mathbb{R}$
> (a,b) = {x$\in \mathbb{R}$ | a < x < b}, where $-\infty\le a \le b \le\infty$
> \[a,b] = {x$\in \mathbb{R}$ | a $\le$ x $\le$ b}, where $-\infty\lt a \le b \lt\infty$
> \[a,b) = \{x$\in \mathbb{R}$ | a $\le$ x < b}, where $-\infty\lt a \lt b \le\infty$
> \(a,b] = \{x$\in \mathbb{R}$ | a $\lt$ x $\le$ b}, where $-\infty\le a \lt b \lt\infty$
## 3. Collections of Sets
The elements of a set may themselves be sets, and so is is a collections of sets
> Ex. $\mathcal{C}$ = { {1}, {1, 2}, {1, 2, 3} }. Note that
> {1} $\in \mathcal{C}$, {1,2} $\notin\mathcal{C}$, {1,2,3} $\in\mathcal{C}$ **??**
> {1} $\subsetneq\mathcal{C}$ since $1\notin\mathcal{C}$
> {{1}, {1,2}} $\subseteq\mathcal{C}$
> {{1}, {1,2}} $\notin\mathcal{C}$.
### Indexed Collection of Sets
Let `I` be a set. Suppose $S_i$ is a set for each `i` $\in$ `I`.
Then we say that $\{S_i\}_{i\in I}$ = $\{S_i|i\in I\}$ Is called a [[collection of sets indexed]] by `I`.
> Ex. Let $S_n$ = (n-1, n) for each $n\in\mathbb{N}$. Then
> $\{S_n\}_{n=1}^{3}$ = {$S_1,S_2,S_3$} = $\{(0,1), (1,2), (2,3)\}$
> $\{S_n\}_{n\in\mathbb{N}}$ = $\{(0,1), (1,2), (2,3),...\}$
## 4. The Empty Set
Let `E` be a set with no elements. Then for any Set `A`, we have `E`$\subseteq$`A` [[(Vacuously True)]].
If `E'` is another set with no elements, then `E`$\subseteq$`E'` `E'`$\subseteq$`E`
So `E`=`E'` Therefore, there is a unique set with no elements. We call it the [[empty set]], denoted by $\emptyset$ = {}.
**Property: For every set `A`, $\emptyset\subseteq$`A`.**
## 5. The Power Set of a Set
the [[power set]] of a set `S` is the collection of all subsets of `S` and is denoted $\wp(S)$.
> $\wp(S) = \{A | A \subseteq S\}$.
>Ex. Let $A$ = $\{a,b,c\}$. Then
>$\wp(A)\{\emptyset\,\{a\},\{b\},\{c\},\{a,b\},\{a,c\},\{b,c\},\{a,b,c\}\}$
>Note: |$\wp(A)$ = 8 = $2^3$ = $2^{|A|}$.
## 6. Summarizing example
Consider the set:
> $S = \{1,2,\emptyset,\{a,b\}\}$. Then
> $2\in S, 2\subsetneq S$
> ${2}\notin S, 2\subseteq S$
> > $\emptyset, 2\subsetneq S$
# 1.2 Set Operations
## 1 Intersections and Unions
>Let `A` and `B` be sets. The [[Intersection]] of `A` and `B` is the set.
>$A\cap B$ {X | x $\in$ A and x $\in$ B}
>![[Pasted image 20260114205835.png]]
The [[Union]] of `A` and `B` is the set
> $A \cup B$ = {x | $\in$ a A or x $\in$ B } ## "Or" is the "Inclusive or"
> ![[Pasted image 20260114210548.png]]
> Ex. Let `A`={0,2,4,6,8}, `B`={0,3,6,9}, and C={1,2,3,4,5,6,8,9}. Then
> (a) $A\cap B$ = {0,6}
> (b) $A\cup B = \{0,2,4,6,8,3,9\}=\{0,2,3,4,6,8,9\}$
> (c) $B\cap C$ = {3}
> (d) $A\cup(B\cap C) = \{0,2,3,4,6,8\}$
> (e) $(A\cup B)\cap C = \{2,3,4\}$
> Note: $A\cup(B\cap C)\neq(A\cup B)\cap C$
**Def. We say that two sets A and B and [[disjoint]] if $A\cap B=\emptyset$**
![[Pasted image 20260115174934.png]]
> **Theorem. Let `A` and `B` be finite sets.**
> (a) $|A\cup B|=|A|+|B|-|A\cup B|$
> ![[Pasted image 20260115175142.png]]
> (b) if `A` and `B` and disjoint then $|A\cup B| = |A| + |B|$
> ![[Pasted image 20260115175132.png]]
> (c) If $A\subseteq B, then |A|\leq|B|$
## 2 Arbitrary Collections
Let $\mathcal{C}=\{S_i|i\in I\}$ be a collection of sets indexed by a set `I` (Assume $I\neq0$.) Then the [[Intersection]] of $\mathcal{C}$ is defined as
> $\cap\mathcal{C}=\cap_{i\in I} S_i=\{x|x\in S_i$ for all $i\in I\}$.
The [[Union]] of the collection $\mathcal{C}$ is the set
>$\cup\mathcal{C}=$ $\cup_{i\in I}S_i=\{x|x\in S_i$ for at least one $i\in I\}$
For a finite collection of sets indeed by $I=\{1,2 ... , n\}$
we often write the intersection and unions of $\mathcal{C}=\{S_1,S_2, ... ,S_n\}$ as
> $\cap_{i=1}^n S_i = S_1\cap S_2\cap S_3\cap ... \cap S_n$
> $\cup_{i\in I}^n S_i=S_1\cup S_2\cup ... \cup S_n$
Def. Let $\{\S_i|i\in I\}$ be an indexed collection of sets.
> (a) The collection is [[Mutually disjoint]] if for all $i,j\in I$, if $S_i\neq S_j, then S_I =\cap S_j\space\emptyset$
> Equivalently: for all $i,j\in I$, $S_i=S_j\space or\space S_i\cap S_j=\emptyset$
> (b) The collection is [[nested]] if for all $i,j\in I$, $S_i\subseteq S_j$ or $S_j\subseteq S_i$
$S=\{x\in\mathbb{W}|x\notin M_{5}, x\in M_3\}$
---
> $B_n$ = $\{x\in\mathbb{R}\space\vert\space |x| < n\}$
$B_1$ = (-1,1)
$B_2$ = (-2,2)
$B_3$ =(-3, 3)
> [!note] incluse vs exclusion
$[-1,1]\neq (-1,1)$ where $n=\mathbb{R}$
let $A$ = $(-1,1)$
let $B$ = $[-1,1]$
$A\subseteq B$
$A\neq B$
| Q | P | A |
| ------------------ | ---------------------- | ------------------ |
| Mutually disjoint? | $B_n\subseteq B_{n+1}$ | False |
| Nested?<br> | $B_n\subseteq B_{n+1}$ | True |
| Intersect | $B\cap B_n$ | $B_1$ |
| Union<br> | $B\cup B_n$ | $(-\infty,\infty)$ |

0
public_vault/Website Tutorial.md → content/Website Tutorial.md
View File

10
content/test.md Executable file → Normal file
View File

@@ -1,3 +1,11 @@
---
public: "true"
tags:
- public
---
# This is a test
and this is p
*italics*
[https://localhost/test]()
[asd](https://localhost/test)

7
public_vault/test.md
View File

@@ -1,7 +0,0 @@
---
public: "true"
tags:
- public
---
# This is a test
and this is p

14
public_vault_builder/Dockerfile
View File

@@ -1,14 +0,0 @@
FROM python:3.12-slim
run mkdir /public-vault
WORKDIR /build
COPY requirements.txt .
RUN pip3 install -r requirements.txt
COPY . .
CMD ["python", "build.py"]

25
public_vault_builder/build.py
View File

@@ -1,25 +0,0 @@
from obsidian_parser import Vault
import shutil
from git import Repo
# repo_url = "https://gitlab.com/username/my-vault.git"
dest = "/content"
src = "Personal-Wiki"
# Load a vault
vault = Vault(src)
if vault:
print ("found vault")
else:
print("could not find vault")
# Find notes by exact name
note = vault.get_note("test")
# Findd all public notes
publicNotes = vault.get_notes_with_tag("public")
for note in publicNotes:
print(note.title)
shutil.copy2(f"{note.path}", dest)

2
public_vault_builder/requirements.txt
View File

@@ -1,2 +0,0 @@
obsidianmd-parser
GitPython