Tech

Notes to Self 11/05/2020

May 20, 2021 /

Notes to Self 11/05/2020

“Hack everything but harm none.”

  • OSSTMM (www.osstmm.org); Pronounced “aw-stem”.
    • Open Source Security Testing Methodology Manual

Interactions–Trust interactions are between people & things that are familiar with each other.

Access interactions happen between unknown people or systems. (You can use an ‘access‘ to take what you want yourself, or you can trick someone who has a ‘trust’ with the target to take what you want for you and give it to you.)

Visibility interaction– ‘opportunity’; knowing if there’s something to interact with or not.

Privacy is the opposite of ‘Visibility’ and it’s a powerful way to avoid being a target. Whether its on dangerous streets, in the jungle, or on the Internet, keeping a low ‘Exposure’ and avoiding ‘Visibility’ is a way to keep from getting attacked in the first place.”

Four Point Process (FPP)–outlines four ways these interactions are used to analyze something as deeply as possible. And by analyze we mean to mess with it so we can watch it and see what happens.

  • The F.P.P. has you look at interactions in the following ways:
    1. Induction–What can we tell about the target from its environment? How does it behave in that environment?
    2. Inquest–What signals (emanations) does the target give off? Investigate any tracks or indicators of those emanations. A system or process generally leaves a signature of interactions with its environment.
    3. Interaction–What happens when you poke it? This point calls echo tests, including expected & unexpected interactions with the target, to trigger responses.
    4. Intervention–How far will it bend before it breaks? Intervene with the resources the target needs, like electricity, or meddle with it interactions with other systems, to understand the extremes under which it can continue operating.

Scope is a word we use to describe the total possible operating environment, which is every interaction that the thing you want to hack has.

“Coding is the easy part, the algorithm is the hard part.” –Andy Harris

What problem are you trying to solve?

You can look-u[p or google “how to perform” the code. (i.e.–“How do I output text in Python3?”

BUT, you can’t really effectively google, “What problem am I trying to solve?”

It’s the programmer’s task to problem solve.

When you understand the concepts, the code becomes clear.

You May Also Like

Vim–The Vi IMproved Text Editor

December 30, 2020

Symbols!!! [Ruby Programming Language Notes]

May 19, 2021

The Covid-19 Crisis Highlights the Need for “Digital Upskilling”…

December 30, 2020