The Purple Team Journey: My Cybersecurity Chronicles.

 Key terms: Ciphertext - The result of encrypting a plaintext, encrypted data Cipher - A method of encrypting or decrypting data. Modern ciphers are cryptographic, but there are many non cryptographic ciphers like Caesar. Plaintext - Data before encryption, often text but not always. Could be a photograph or other file Encryption - Transforming data into ciphertext, using a cipher. Encoding - NOT a form of encryption, just a form of data representation like base64. Immediately reversible. Key - Some information that is needed to correctly decrypt the ciphertext and obtain the plaintext. Passphrase - Separate to the key, a passphrase is similar to a password and used to protect a key. Asymmetric encryption - Uses different keys to encrypt and decrypt. Symmetric encryption - Uses the same key to encrypt and decrypt Brute force - Attacking cryptography by trying every different password or every different key Cryptanalysis - Attacking cryptography by finding a weakness in the underlyi...

John the Ripper  Is one of the most well known, well-loved and versatile hash cracking tools out there. It combines a fast cracking speed, with an extraordinary range of compatible hash types. This room will assume no previous knowledge, so we must first cover some basic terms and concepts before we move into practical hash cracking. A hash is a way of taking a piece of data of any length and  representing it in another form that is a fixed length. This masks the original value of the data. This is done by running the original data through a hashing algorithm. There are many popular hashing algorithms, such as MD4,MD5, SHA1 and NTLM. Lets try and show this with an example: If we take "polo", a string of 4 characters- and run it through an MD5 hashing algorithm, we end up with an output of: b53759f3ce692de7aff1b5779d3964da a standard 32 character MD5 hash. Likewise, if we take "polomints", a string of 9 characters- and run it through the same MD5 hashing algorithm, w...

 Hashing - Crypto 101 - Plaintext - Data before encryption or hashing, often text but not always as it could be a photograph or other file instead. - Encoding - This is NOT a form of encryption, just a form of data representation like base64 or hexadecimal. Immediately reversible. - Hash - A hash is the output of a hash function. Hashing can also be used as a verb, "to hash", meaning to produce the hash value of some data. - Brute force - Attacking cryptography by trying every different password or every different key - Cryptanalysis - Attacking cryptography by finding a weakness in the underlying maths ------------------------------------------------------------------------ What is a hash function? ------------------------------------------------------------------------ Hash functions are different from encryption. There is no key, and it's meant to be impossible or very difficult to go from the output back to the input. A hash function takes some input data of any size,...

 Top 10 OWASP: intro: 1 Injection 2 Broken Authentication 3 Sensitive Data Exposure 4 XML External Entity 5 Broken Access Control 6 Security Misconfiguration 7 Cross-site Scripting 8 Insecure Deserialization 9 Components with Known Vulnerabilities 10 Insufficent Logging & Monitoring ------------------------------------------------------------------------------------------  [Severity 1] Injection ------------------------------------------------------------------------------------------  - injection occur because user controlled input is interpreted as actual commands or parameters by the application. it depends on what technologies are being used and how the input is interpreted  examples:          * SQL injection: This occurs when user controlled input is passed to SQL queries. therefore the attacker can pass in sql queries to manipulate the outcome of such queries         * command injection: This occurs when user inp...