Cyber-security resources

Search tools Use different search engines Banner grab httrack inspy metagoofil intitle:“index of” DNS poison/spoof Infosec websites https://www.hackthissite.org/pages/index/index.php - website hacking training https://www.shodan.io/ - the IoT search engine https://searchdns.netcraft.com - what’s that site running? https://www.exploit-db.com/searchsploit https://pipl.com/ https://haveibeenpwned.com/ https://wigle.net/ https://www.peekyou.com/ https://www.spokeo.com/ https://radaris.com/ https://piknu.com/ Considerations Language vulnerabilities Common cyber attacks Tor Crypto attacks - frequency analysis Data encryption standard AES advanced encryption standard Substitution permutation network Kali Linux Vulnerability research with reverse engineering, penetration testing and ethical hacking Low level Linux programming and/or comprehensive knowledge in operating system security and associated network/platform design, hardening and deployment. [Read More]

The magnitude of it all

The units you should be aware of

In 2014 Randall Munroe estimated that Google stores 10 exabytes of data across all of its operations. See list of SI prefixes. If CPUs are topping out at gigahertz then single operations aren’t going to subceed the order of nanoseconds. 1 000 kilo | milli .001 1 000 000 mega | micro .000 001 1 000 000 000 giga | nano .000 000 001 1 000 000 000 000 tera | pico . [Read More]

Databases

MySQL or mongoDB?

Relational versus non-relational databases SQL – RELATIONAL NoSQL – NON-RELATIONAL Tables / schema Humongous data, collections, documents, duplication of data Structured Semi/no structure, flexible Relations Less dependence on relations, quick reads Atomic Eventually consistent Monolithic Distributed Scaling Horizontal: add more servers, difficult for SQL (cannot split relational databases) Vertical: add more resources Considerations Consistency versus scale Internal versus public SQL – “Structured Query Language” Relational databases are “Excel on steroids” [Read More]

SOLID

Single responsibility principle A class should have only a single responsibility (i.e. changes to only one part of the software’s specification should be able to affect the specification of the class). A class should have only one reason to change. Separate GUI and the business logic. Low coupling, high cohesion. Open/closed principle Software entities should be open for extension, but closed for modification. However, realistically you don’t know which bits need to be extensible. [Read More]

Stayin' alive...

Detecting closed sockets

OS config Linux proc echo 600 > /proc/sys/net/ipv4/tcp_keepalive_time echo 60 > /proc/sys/net/ipv4/tcp_keepalive_intvl echo 20 > /proc/sys/net/ipv4/tcp_keepalive_probes Registry keys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters TCP_KEEPCNT: overrides tcp_keepalive_probes TCP_KEEPIDLE: overrides tcp_keepalive_time TCP_KEEPINTVL: overrides tcp_keepalive_intvl Peek data to check socket is open. recv(sock, &buf, 1, MSG_PEEK | MSG_DONTWAIT); Linux only MSG_DONTWAIT: set blocking per recv call Script while (1) {clear; echo hello; netstat -n -a | select-string 2300; sleep 1} C Set extra params using SOL_TCP. optval = 1; optlen = sizeof(optval); if(setsockopt(s, SOL_SOCKET, SO_KEEPALIVE, &optval, optlen) < 0) { perror("setsockopt()"); close(s); exit(EXIT_FAILURE); } Nagle’s algorithm – “Congestion Control in IP/TCP Internetworks” TCP_NODELAY https://en. [Read More]

STL containers

Containers replicate structures very commonly used in programming: dynamic arrays (vector), queues (queue), stacks (stack), heaps (priority_queue), linked lists (list), trees (set), associative arrays (map)… http://www.cplusplus.com/reference/stl/ Sequence containers vector list deque array forward_list Modifying a vector potentially invalidates all existing iterators. And inserting an element can cause the whole container to be reallocated (here be dragons!) deque is not guaranteed to store all its elements in contiguous storage locations but has efficient insertion and deletion of elements at the beginning and end of a sequence. [Read More]

TCP/IP

Layers and protocols

Please Do Not Take Salami Pizza Away Comparison of OSI and TCP/IP models. OSI TCP/IP Protocol Data Unit Protocols Example Hardware example Application Application Files/data Facebook Application layer gateway (packet inspection) Presentation ssh Encryption Session http, telnet Login Transport Transport Segments/datagrams TCP, UDP TCP Firewall (port number) Network Internet Packets IP, ICMP, ARP ping Router, layer 3 switch Datalink Network Frames/bits fibre, Ethernet, Wi-Fi ARP Bridge, switch (forward or not forward) Physical Wi-Fi Repeater, hub (multiport repeater) Additionally ICMP: ping, sends echo request. [Read More]

Preparing for a C++ interview

As a senior software engineer

The Amazon tech interview topics is a great guide to whet your appetite. Know your language standards, algorithms and data structures. Be comfortable calculating and discussing the complexity of your solutions (Big O notation). What’s the difference between symmetric and asymmetric encryption? Get some side projects on GitLab to talk about at interviews and run/deploy them as a daily cron job. Be aware that recruiters may remove any contact details in your CV – including URLs with your coding projects – so be sure to obfuscate them. [Read More]