Notes to Self 11/05/2020
Notes to Self 11/05/2020
“Hack everything but harm none.”
- OSSTMM (www.osstmm.org); Pronounced “aw-stem”.
- Open Source Security Testing Methodology Manual
Interactions–Trust interactions are between people & things that are familiar with each other.
Access interactions happen between unknown people or systems. (You can use an ‘access‘ to take what you want yourself, or you can trick someone who has a ‘trust’ with the target to take what you want for you and give it to you.)
Visibility interaction– ‘opportunity’; knowing if there’s something to interact with or not.
“Privacy is the opposite of ‘Visibility’ and it’s a powerful way to avoid being a target. Whether its on dangerous streets, in the jungle, or on the Internet, keeping a low ‘Exposure’ and avoiding ‘Visibility’ is a way to keep from getting attacked in the first place.”
Four Point Process (FPP)–outlines four ways these interactions are used to analyze something as deeply as possible. And by analyze we mean to mess with it so we can watch it and see what happens.
- The F.P.P. has you look at interactions in the following ways:
- Induction–What can we tell about the target from its environment? How does it behave in that environment?
- Inquest–What signals (emanations) does the target give off? Investigate any tracks or indicators of those emanations. A system or process generally leaves a signature of interactions with its environment.
- Interaction–What happens when you poke it? This point calls echo tests, including expected & unexpected interactions with the target, to trigger responses.
- Intervention–How far will it bend before it breaks? Intervene with the resources the target needs, like electricity, or meddle with it interactions with other systems, to understand the extremes under which it can continue operating.
Scope is a word we use to describe the total possible operating environment, which is every interaction that the thing you want to hack has.
“Coding is the easy part, the algorithm is the hard part.” –Andy Harris
What problem are you trying to solve?
You can look-u[p or google “how to perform” the code. (i.e.–“How do I output text in Python3?”
BUT, you can’t really effectively google, “What problem am I trying to solve?”
It’s the programmer’s task to problem solve.
When you understand the concepts, the code becomes clear.