updated hacks

F1nnC · Jan 10, 2024 · 7ca06b5 · 7ca06b5
1 parent f6ed8ee
commit 7ca06b5
Showing 1 changed file with 33 additions and 13 deletions.
diff --git a/_notebooks/2023-12-08-JavaExploitsStudent.ipynb b/_notebooks/2023-12-08-JavaExploitsStudent.ipynb
@@ -21,7 +21,8 @@
     "\n",
     "There are two types of sites, HTTP and HTTPS sites. One is obviously more secure than the other but why and how exactly is it more secure? The following sections will give an overview of this.\n",
     "\n",
-    "**Popcorn Hack:** Why is HTTPS more secure than HTTP?"
+    "**Popcorn Hack:** Why is HTTPS more secure than HTTP?\n",
+    "- Its more secure because it uses tsl handshake"
    ]
   },
   {
@@ -83,8 +84,8 @@
     "\n",
     "#### Process\n",
     "\n",
-    "1. SYN (____) - initiates connection\n",
-    "    - sends ISN (initial sequence number) that is used as an ____, organizing the data sent/received correctly\n",
+    "1. SYN (Client) - initiates connection\n",
+    "    - sends ISN (initial sequence number) that is used as an hello, organizing the data sent/received correctly\n",
     "2. SYN-ACK (synchronize-____) - acknowledgement of connection\n",
     "    - sends it's own ISN and the client's ISN, confirming a connection\n",
     "3. ACK (acknowledge) - completing the connection\n",
@@ -126,7 +127,9 @@
     "\n",
     "**Note:** Encryption is not 100% safe. TLS 1.2 has been recently replaced with TLS 1.3, due to RSA being deemed insecure when compared to ECDHE (____). This is because RSA is relatively shorter in length and with the advance of quantum computing is easier to decrypt. You can learn more about this [here](https://www.cloudflare.com/learning/ssl/keyless-ssl/).\n",
     "\n",
-    "**Popcorn Hack:** In your own words describe how the TCP and TLS handshakes work to create a reliable and secure connection between the client and server."
+    "**Popcorn Hack:** In your own words describe how the TCP and TLS handshakes work to create a reliable and secure connection between the client and server.\n",
+    "\n",
+    "- It will first send a communication to make sure of the client and secure the connection then it will send encrypted data to the person"
    ]
   },
   {
@@ -156,11 +159,11 @@
     "Information doesn't always have to be stolen through the transmission of data to servers. It can also be stolen with local software. Some common methods are:\n",
     "\n",
     "- Viruses\n",
-    "    - attach themselves to programs and replicate as that ____ program runs\n",
+    "    - attach themselves to programs and replicate as that program runs\n",
     "- Worms\n",
     "    - self-replicating programs that spread across networks\n",
     "- Trojans\n",
-    "    - malware ____ itself as another software within other system\n",
+    "    - malware hides itself as another software within other system\n",
     "- Spyware\n",
     "    - tracking data about the user like keystrokes, online activities, and sensitive information\n",
     "- Ransomware\n",
@@ -182,7 +185,10 @@
     "    - Use the latest security encryption on your Wi-Fi networks.\n",
     "    - Use trustworthy VPNs when on public networks.\n",
     "\n",
-    "**Popcorn Hack:** Research three specific example of such attacks that have occurred throughout history."
+    "**Popcorn Hack:** Research three specific example of such attacks that have occurred throughout history.\n",
+    "- ILOVEYOU\n",
+    "- WannaCry\n",
+    "- Zeus"
    ]
   },
   {
@@ -199,7 +205,10 @@
     " - 7-Eleven breach (Stole credit card information from corporate systems)\n",
     "\n",
     "### Popcorn Hack:  \n",
-    "Name three more ways of how an SQL Inject could be used for malicious actions, and what are the consequences of each action?"
+    "Name three more ways of how an SQL Inject could be used for malicious actions, and what are the consequences of each action?\n",
+    "- Input data that is misleading or benfits somebody\n",
+    "- Change ur own role in a database to have higher clearance\n",
+    "- Delete all information in a database"
    ]
   },
   {
@@ -290,7 +299,8 @@
     "</table>  \n",
     "\n",
     "### Popcorn hack:  \n",
-    "Explain briefly, what a SQL inject is, in your own words, and how it functions:"
+    "Explain briefly, what a SQL inject is, in your own words, and how it functions:\n",
+    "- If your able to find the table name, ur able to manipulate data inside the table with certain commands"
    ]
   },
   {
@@ -438,7 +448,9 @@
     "A term needed to know to understand XSS is **payload**: A \"payload\" refers to the malicious code or set of instructions that an perpetrator (attacker) delivers to a target system to achieve a specific objective, ex. stealing information from others.\n",
     "\n",
     "**Popcorn hack:**\n",
-    "What are two other possible harms of XSS?"
+    "What are two other possible harms of XSS?\n",
+    "- Users stop using ur service\n",
+    "- False Information shown"
    ]
   },
   {
@@ -525,7 +537,8 @@
     "**Popcorn Hack:**\n",
     "Provide an example of DOM-based XSS...\n",
     "\n",
-    "**Example:**"
+    "**Example:**\n",
+    "- make a person go to a link that will download malware onto the person computer"
    ]
   },
   {
@@ -788,9 +801,16 @@
     "## TCP/TLS\n",
     "![img](https://jyustin.github.io/JN-CSAblog/images/tcp.png)\n",
     "\n",
+    "- Here, I'm capturing the instance where I use get with my personal spring boot project running locally.\n",
+    "- First, I installed Wireshark and captured the adapter for loopback traffic capture.\n",
+    "- Next, I ran the springboot project locally\n",
+    "- then, I looked in wireshark for any handshakes occuring for my springboot project when I went to /api/persons as a test.\n",
+    "- I was able to see the TCP handshake on wireshark and the TLS handshake doing this.\n",
+    "\n",
     "## CORS\n",
-    "- I don't really know how to show cors was used because my instance on aws was deleted but I had made it so only our organization github.io was allowed to send request to our api, heres the controller file though\n",
-    "[Controller File](https://github.com/y2kcoders/backend/blob/master/src/main/java/com/nighthawk/spring_portfolio/mvc/skatepark/SkateparkController.java)"
+    "**.addHeaderWriter(new StaticHeadersWriter(\"Access-Control-Allow-Origin\", \"https://y2kcoders.github.io\"))**\n",
+    "- In my project about skateparks I had this header added so only our official github.io site could make requests\n",
+    "- If you were to try to send request from any other domain it would return a CORS error"
    ]
   }
  ],