Network & Security Flashcards

Question

# Shell Commands How to make n directories? | 2+ Directories

Answer 1

**FORMAT:** mkdir directoryname1{0..n} ***EXAMPLE CODE:*** *Make 10 directories * ``` mkdir folder1{0..9} ```

Answer 2

Moves inside the directory of the address given *EXAMPLE:* ``` cd folder1 // Moves into folder1 ```

Answer 3

Moves back to the parent directory

Answer 4

**`ls `** - show all the files and folders in the directory **`ls -l`** - shows the same as ls with extra info *(user, date and time)*

Answer 5

**`ls -a`** - Just **`ls`** with hidden files For more details use **`ls -la`** - Same as **`ls -l`** with hidden files

Answer 6

A period in the front of / start of their name | example : .filename or (1+ periods (.))

Answer 7

``` echo "hello" > test ``` - puts "hello" in test - '>' means to write into file

Answer 8

``` echo "Welcome to the shell" >> test ``` - appends "Welcome to the shell" - '>>' means to append into the file

Answer 9

``` cat test ``` - outputs all the content in the test file - Main purpose of this is to concatenate files

Answer 10

- allows you to view the file one page at a time **EXAMPLE CODE:** ```less test ```

Answer 11

``` head -n test ``` - gets the first n lines from the test file

Answer 12

**FORMAT:** ```cp ``` **EXAMPLE CODE:** ```cp test copiedtest``` - copies all the content in test to copiedtest

Answer 13

- You need to use the path of the different directory to copy the file from the current one **EXAMPLE CODE:** ``` cp test ./folder1/copiedtest ```

Answer 14

`scp [[user]@source:]sourcefile [[user]@destination:]destinationfile`

Answer 15

- Owner - Group - Others

Answer 16

- read - write - execute

Answer 17

- Describes who, which & what activites could be performed with a specific file - Each file has an owner & a group

Answer 18

Authorised users only have access to what they need

Answer 19

- Principal *(Subject e.g. user/program)* - Action *(e.g. read)* - Resource Monitor - Object *(resource e.g. file)*

Answer 20

- Principal performs an action on an object - Resource Monitor checks if the action is legal or NOT

Answer 21

Password Program

Answer 22

Password FIle

Answer 23

Operating System

Answer 24

Who is allowed to do what is captured in this matrix - What permission do each principal have on each Object

Answer 25

System Admin can bypass these permission and re-write the os to gain access to specific files - Very large matrix can be difficult to maintain - Corrupted Matrix, all control is lost

Answer 26

- Matric of all principals & objects - Matrix entries describe the permissions - Problem: Maintaining such a matric can be difficult*** (VERY LARGE)*** - If Matrix gets corrupted then all control is lost

Answer 27

- Don't want to store one massove matrix - Instead we store each column of the matrix with the object it refers to

Answer 28

(Account data, [(sam,r),(Bob,r),(Account Program, rw)]) (object,[principal a actions, pricipal b actions]) actions can be a combo of {r,w,x}

Answer 29

Permission different users have on the file e.g.```-rw-r----- ```

Answer 30

File can appear with a different name in different directories. The - **- Link Counter Identitfies this Frequency ** e.g.```1 ``` (Can be any number)

Answer 31

Owner of the Files e.g.```root OR Bob ```

Answer 32

How big the file is ```e.g. 2150 ```

Answer 33

Each user can belong to several groups & a file to only one group ```e.g. Staff ```

Answer 34

Name of the file ```e.g. text.txt ```

Answer 35

Indicates when file was last modifed ```e.g. 26 Jan 12:45 ```

Answer 36

``` |-rw-r-----|1|bob|staff|2150|26 Jan 12:45|test.txt| ```

Answer 37

**```drwxrwxrwx ```** - 1st char `(d)` represents ** File Type** - char 2 -4 `(rwx)` represent **Owner Permissions** - char 5-7 `(rwx)` represent **Group Permissions** - char 8-10 `(rwx)` represent **Other Permissions** *(Anyone else)*

Answer 38

- `-` => file - `d` => directory - `b/c` => device file

Answer 39

- `r` => Read Permission - `w` => Write Permission - `x` => Execute Permission - `-` => No Permissions

Answer 40

- `r`: Read Only for directory contents - `x`: permission to traverse *e.g. switch to, run * - **NO** `x`: Can't run away commands inside the directory - **NO** `r`: Can't list files in the directory

Answer 41

```e.g: -r-sr-xr-x 1 root wheel 70352 19 Jun 2009 passwd ``` - `x` => Controls who can run a program* (Above example anyone)* - `s` => Indicates that the program runs with permission of its owner* (Root/Owner shoulf be allowed to write to the file)*

Answer 42

- **Real uid (ruid)** - **Effective uid (euid)** - **File System uid (fsuid)** - **Saved User uid (suid)**

Answer 43

Owner of proccess (*Whoever starts the program*)

Answer 44

Used for access checks (*except filesystem*)

Answer 45

Used for access checks & ownership of files (*equal to euid*)

Answer 46

**euid** changed, old **euid** is saved as **suid** - unprivalleged processes may change **euid** only to **ruid** or **suid**

Answer 47

Provides flexibility for granting Higher Privileges Temporarily **Example:** - Start as root (*bind to prots < 1024*) - Set **ruid, euid & suid** to unprivileged values - Cannot gain root privileges afterwards Process run as privileged user may set euid to priviledged value then execute non-privileged operations & gain roof privileges afterwards

Answer 48

- User can run programs with more privileges - Mistakes in program we could use it to do root actions - *Particular Problems:* **Race Condition in code** e.g. `if can_access file then peform_operations on file` - Make sure processes have a low level as possible

Answer 49

- **NOT** in Cleat text - Hash the password and store that

Answer 50

Anyone with access to the sytem or has used access can see all the passwords

Answer 51

- Store pair (salt, Hash) - Hash is the hash of salt & password - Same password for 2 users give rise to different entries in password file - Makes cracking passwords harder *(Crack one user password, won't help with the other users )*

Answer 52

Salt is a random bitstring

Answer 53

- **Stores hashes in: system32/config/SAM** - **Need admin level to read** - **Locked & Encrypted with a key, based on other key values ** *(Adds no real security because if you are admin then you need to find out what that key is and decrypt it with a key you can read)*

Answer 54

- Password hashes are used to authenticate users on host in the domain - Passwords hashes are cached to avoid asking for the password

Answer 55

- Obtain user credential for one host in the domain *(Phising)* - Exploit vulnerability to become local admin - Install process which waits for domain admin to login - Extract cached hash for domain admin - Login as domain admin - Has defence mechanism, but painful to use

Answer 56

- Public key on untrusted machine *Attacker can get this but cannot get private key* - Private key on trusted machine *Only used by domain admin*

Answer 57

- Boot into Linux - Get SAM file *Very difficult to defend against attack*

Answer 58

**John the Ripper:** - Most common brute force cracker - open source **Hashcat:** - Claims to be the fastest/best **Ohacrack:** - State of the art, free, rainbow table software

Answer 59

**Phishing:** Username & password captured by attackers via malicious links *e.g. Fake bank email* - used to login & then for attacks *Ransomware, theft of details, IP...*

Answer 60

**Multi-factor authentication *Besides Username & Password*** - SMS codes - One-time passwords - App approval **SSH with public key authentication ONLY protects against phishing** (*As long as private key is not given out, there is not much the attacker can do*)

Answer 61

- Want access to the system without cracking passwords - Have access to hard disk - Add your own account ot replace the hash wiht one you know

Answer 62

**BIOS:** - Set a password in BIOS to stop the computer booting from anything but the hard disk - Very hard to brute force BIOS *(Cannot Automate)* - *Workaround*: Remove the hard disk from the computer or reset BIOS password

Answer 63

**Opening the Box**: - Applying Jumpers - Removing the battery

Answer 64

- Encrypt important files - Whole disk Encryption: - Encrypt the whole drive (*Resetting BIOS psswrd won't work*) - Key can be brute forced - Not safe if the computer is in sleep mode - E.g. *BitLocker (Windows) , FIlevault (IOS) , Luks (Linux)*

Answer 65

**- Hash of any message is a short string generated from that message - Hash of a message always the same (*Deterministic*) - Small Change = New Hash - Very Hard to go from Hash to message - Very Unlikely 2 message have the same hash ** -*Cannot say impossible due to pigeonhole principal* - *But it is computationally Infeasible to fins 2 strings that map to same hash*

Answer 66

If you are using a hash function that generates 10 possible hash values (pigeonholes) but have 11 input keys (pigeons), at least one hash value will be shared by two or more input keys. ## Footnote It states that if you place more items into fewer containers than the number of items, at least one container must hold more than one item.

Answer 67

- Verification of download message - Tying parts of a message together (*Hash whole Message*) - Hash the message, then sign the hash *Electronic signature* - Reduces file size & not as computationally expensive as public key encryption - Protect Passwords: - store hash , not passwords - Attacker can get access, but passwords are not clear)

Answer 68

- Collision Attack - Preimage Attack - Prefix Collision Attack

Answer 69

FInd a message for a given hash : VERY HARD - Attacker gets to hash cannot go back and find original password OR Given a random y ∈ {0,1}^n, if the adversary could find a message m such that H(m) = y **the adversary can produce a message 𝑚 that, when hashed by H, results in exactly the binary string 𝑦*

Answer 70

an entity (often an attacker or an opponent) that tries to break or exploit a system.

Answer 71

It would indicate a weakness in the hash function.

Answer 72

Adversary could find distinct messages m & m' such that H(m) = H(m') *Represents collsions*

Answer 73

- Weakness beacuse it means that the hash fucntion is not unique for the same hash - **E.g of these Weaknesses:** - Digital Signatures can be forged using a different message - File Integrity/ password Storage, mean differnt inputs could be viewed as identical

Answer 74

A collsion where the attacker can pick a prefix for the message - Easier for the attacker *(can pick a prefix for the message & produce a hash, which is a hash only for the prefix of the message )* - Imagine beginning of the message contains all the impritant info then this attack is enough for the attacker.

Answer 75

- 23 people gives (23 * 22)/ 2 = 253 pairs - Probablilty 2 people have different Birthday is 364/365 - Probability is (364/365)^253 = 0.4995

Answer 76

- Hash Function (H) is random - ∀x ∈ {0,1} * ∀y ∈ {0,1}^n - Pr[H(x) = y] = (1/2^n) - Every point was equally there

Answer 77

**ALGORITHM:** x = 0^n while (collision not found){ compute H(x) & store check if collison else x ++ } **Explanation:** Take a number, hash it and store it then repeat it for the next number unto collision found

Answer 78

Pr[collision(1)] = 0

Answer 79

Pr[collison(2)|¬collision(1)] = 2/(2^n)

Answer 80

Pr[collison(n)|¬collision(1) ||...|| ¬collision(n-1)] = (i-1)/(2^n)

Answer 81

Describes how to transfer messages between particapants without anyone else being able to read/modify them

Answer 82

**Any way to represent data** E.g ASCII , HEX , MORSE CODE

Answer 83

Code where it is difficult to derive data from

Answer 84

- Always uses a key - Data for cipher is **Plaintext** - Encoded Plaintext is **Ciphertext**

Answer 85

Function From Plaintext to Ciphertext

Answer 86

Function From Ciphertext to Plaintext

Answer 87

**- Chars from 0 to F - Encode 4 Bits - Easiest way to write binary as text** *- Just use Binary values of 0-14 to represent numbers. i.e 34 would be 0011 0100 (Binary 3 & 4)*

Answer 88

- One of the oldest Ciphers - Shifts every char in the plaintext 3 spaces to the right (in the alphabet)

Answer 89

- As soon as you know the scheme you can decrypt the message. - This is due to the Algorithms to decrypt & encrypt are public.

Answer 90

Cipher should be secure even if the attacker knows everything about it apart from the key. Rule 2: System should not require secrecy

Answer 91

- 26 rotations, therefore 26 possible key, so you can try them all. **Better Scheme:** - Replace each letter with anothe - thus 26! = 4 * 10^(26) possible keys

Answer 92

-**Cannot be broken** by Brute Force - Replacing each letter with another can be broken by **Frquency Analysis**

Answer 93

- Each Symbol - Each pair of Symbol Then it draws a conclusion

Answer 94

- Use the most frequently used character , e - Then do the analysis - the most frequent char is what e has been ecrypted to - Find the difference between e and new char and use that difference for the other chars. - If makes no sense use the next most frequent chars

Answer 95

**Binary Addition MOD 2** - XOR on bit string of same length defined by applying XOR to corresponfing bitd

Answer 96

1) 0 2) 1 3) 1 4) 0

Answer 97

**-Associative & Commutative - All bit string M , M⊕0 = M - All bit string M , M⊕M = 0 ** *- Where 0 is bit string of 0's of the appropriate length*

Answer 98

Each CHAR is shifted by random offset

Answer 99

- Keys are long as message - Add/XOR key & message - For each char a random is chosen

Answer 100

**Cipher = Message + Key** -*Mod 26 the value to get the correct one *

Answer 101

**Message = Cipher - Key** - *if it negative +26*

Answer 102

- Key needs to be as long as the message - Key must only be used once

Answer 103

Yes, but one when the key is Random

Answer 104

You Learn nothing about plaintext grom ciphertext

Answer 105

**Given any ciphertext of certain length withiut knowing the key the probability of ciphertext being the encryption of a plaintext of same length is the same for all plaintexts of the same length as ciphertext.**

Answer 106

- Modern Ciphers work on blocks of plaintext, not just single symbol - Key controls the exact nature permutaions & substitution - Made up of a series of permutations & substitution repeated on each block

Answer 107

Takes 128-bit & Returns 128-bit - Encrypts n-bit block via a randomly chosen permutation

Answer 108

- Small msg can give a cipher as long as you want - Genreate a random looking bit-stream from a smaller key and XOR the message with the stream

Answer 109

- Works on Blcoks of 128-bit - Generates 10 round keys from a single 128-bit key

Answer 110

4 * 4 matrix - Where each element is a byte (8 bits) - 16 elements all together

Answer 111

- An Operation on byte using a finite field arithmetic - Has a Look up table - Picks a bit from one matrix and using the lookup table matches it to the corresponding value in the other matrix.

Answer 112

Move the : -2nd row 1 byte to the left - 3rd row 2 bytes - 4th row 3 bytes

Answer 113

Substitution of each column such that: (m1(x^3) + m2(x^2) + m3(x) + m4) * (3x^3 + x^2 + x + 2) mod (x^4 + 1) = b0(x^3) + b1(x^2) + b2(x) = b3 | mn are elemnts from matrix m and bn is outupt matrix

Answer 114

-Applies XOR to the Block & the 128-bit round key *(generated by main key) *

Answer 115

- NO FORMAL PROOF - Best Know cyrptographic attack require 2^126 key guesses. - An improvement of factor 4 compared to 2^128 key guesses for brute force attack.

Answer 116

- Measuring Power Consumption - Execution Time

Answer 117

- Shuffle rows & colums to ensure small change in input causes very big output change - Requires at least one non linear operation on the data **(Given by SubByte Operation)**

Answer 118

- Previous Standard before AES - Designed by IBM in 70s - Before accepted, NSA adddes S-Boxes & fixed key length at 56 bits

Answer 119

- Type of Substituion - Unknown why NSA added it - Thought to be a backdoor for NSA

Answer 120

-Triple DES, was a stop gap unit AES - Takes 3 keys (k1,k2,k3) - Expected to be good unitl 2030 (Computing power won't increase quickly) - Used in Bank card & RFID Chips - Setting the keys equal to each other you get DES.

Answer 121

**E{k1,k2,k3}(M) = E{k3}(E{K2}(E{k1}(M)))** - Encrypt M with K1 First - Then Decrypt with K2 - Then Encrypt with K3

Answer 122

- Block Ciphers only work on fixed size blocks - If message isn't of the right block need to pad it - Reciever need to tell the difference between padding & message

Answer 123

PKCS 5 / PKCS 7

Answer 124

- 1 Byte of space write **01** - 2 Bytes of Space write **0202** - 3 Bytes of Space write **030303** *LEFT OVER BYTES* - If message goes to the end of the block add a new block of **16161616...** (*Message exactly fits the block*) ## Footnote If you have something that takes 5 bytes and block has 8 you need 3 bytes to fill it so use **030303** to fill it

Answer 125

8 Byte Blocks

Answer 126

16 Byte Blocks

Answer 127

- Electronic Codebook Mode (ECB) - Cipher Block Chaning Mode (CBC) - Counter Mode (CTR)

Answer 128

- Each block is encrypted indvidually - Encrypted blocks are assembled in the same order as plaintext blocks - Blocks are repeated in plaintext, revealed by Ciphertext

Answer 129

- Each Block is XOR'd with previous one - Start with a random *Initialisation Vector* **IV** - Helps overcome relay attacks

Answer 130

*Plaintext is B1,...,Bn. Ciphertext is C1,...,Cn Where:* - IV => RANDOM NUM (SET IN CLEAR) - C1 => Encrypt(B1 ⊕ IV) - C2 => Encrypt(B2 ⊕ C1) **...** - Cn => Encrypt(Bn ⊕ C(n-1))

Answer 131

*Recive IV & Ciphertext. Plaintext is B1,..,Bn Where:* - B1 = decrypt(C1) ⊕ IV - B2 = decrypt(C2) ⊕ C1 **...** - B3 = decrypt(Cn) ⊕ C(n-1)

Answer 132

Schemes use random Elements to make every encryption different

Answer 133

CBC with **RANDOM IV** is a good way to make encryption probabilistic *Benefit* - Using both allows us to encrypt same message & key without attacker realising

Answer 134

By Choosing IV as it can have devastating Attacks - IV must be random and unique for each encrypted block

Answer 135

- IV was set as 0 - Encryption on All-Zero Plaintext will provide All-Zero Ciphertext - Can be used to bypass Authentication completely & set domain controller bypass - Only requires network access to domain controller (*Avaliable from any machine*)

Answer 136

Mode used with block ciphers like AES to turn them into a stream cipher. It works by encrypting a counter value and XOR-ing it with the plaintext.

Answer 137

*Plaintext: B1,...,Bn. IV => RANDOM (Set In Clear)* - C1 = B1 ⊕ encrypt(IV) - C2 = B2 ⊕ encrypt(IV+1) **...** - Cn = Bn ⊕ encrypt(IV + (n-1)) COUNTER = NONCE + COUNTER | IV / Counter are interchangable

Answer 138

**- Break the message into Chunks of 128** - m0 = m1 , so C0 = C1 - Inputs are the same then the outputs are the same therefore the message may still be visible & not encrypted fully. ## Footnote Mode is ECB : Parallel Applications of Block Cipher

Answer 139

- Same messages map to diiferent ciphertext - m0 = m1 but C0 != C1 - as Counter0 != Counter1 - As we XOR m0 & m1 with different Counter values the ciphertext will be different

Answer 140

**Ciphertexts are malleable** - If you flip bit of C0 to make C0' then C0'||C1 is a ciphertext of message m0'm1 where m0' is m0 with last bit flipped (GET DIFFERENT MESSAGE BUT CHANGE IS CIPHERTEXT & PLAINTEXT IS THE SAME)

Answer 141

-** Encryption (128/256 bit block) & Decryption ** with a specific key maps any 128-bit block to a 128-bit block - Decrypt can run on any block ( just NOT encryption)

Answer 142

**I know the plaintext, I can change the CTR encrypted Message**

Answer 143

*I Know Enc{CTR}(M1) & M1 I can make a ciphertext that decrypts to any message* **NEW CIPHERTEXT:** - Enc{CTR}(M1) ⊕ (M1 ⊕ M2) **Decrypt It:** - Dec{CTR} (Enc{CTR}(M1) ⊕ (M1 ⊕ M2)) - = Dec{CTR} ((Enc(N||Ctr) ⊕ (M1)) ⊕ (M1 ⊕ M2)) - = Enc(N||Ctr) ⊕ ((Enc(N||Ctr) ⊕ (M1)) ⊕ (M1 ⊕ M2)) - = M2 ## Footnote N = Nonce Ctr = Counter M1 = Message1 M2 = Message 2 Dec = Decrypt Enc = Encrypt CTR = Countrer Mode

Answer 144

- They stop Plaintext Attacks - Can ONLY form valid ciphertext if you know the key - Common way to do this is by Adding MAC to ciphertext

Answer 145

CCM mode Encryption

Answer 146

- 1st calculates an AES CBC-MAC on Data - Encrypts message followed by MAC using same key & CTR mode - Proven to be secure * fully defined as RFC 3610*

Answer 147

**- Used for authentication** e.g. Alice & Bank share Key k Alice sends "Pay Bob £10" to bank, MAC{k} ("Pay Bob £10") MAC & k allows bank to authnticate the request | - NOT RELATED TO MAC ADDRESS

Answer 148

**LENGTH EXTENSION** - Adding data to MAC without knowing the key | IF ATTACKER DOESN'T HAVE SHARED KEY WON'T BE ABLE TO DO ANYTHING

Answer 149

- Making a CBC MAC: - Need to make it determininstic - Set IV to always be 0 - Keep the key - Only use last block of plaintext | LOOK AT NOTES FOR PICTURE / DIAGRAM ## Footnote CAN USE an Ineffcient hash function where we set the key to 0

Answer 150

Have a hash try and make a MAC by: **MAC{key}(M) = H (Key,M)** - Use the output from the previous block as the input for the next block until the last block which is final output | LOOK AT NOTES FOR IMAGE

Answer 151

**- Can lead to Length Extension Attacks** *e.g.*: - Alice tells bank to "Pay Bob £10" - Adversary can easily add another step "Pay Eve £10" - Takes Output of "Pay Bob £10" as input & XORs it with "Pay Eve £10" & the encrypts it -*Bank is none the wiser to this attack when attacker adds/extend the length of MAC*

Answer 152

Tag = MAC (key, message)

Answer 153

- Fixed length - They are generated alongside ciphertext to provide confidentiality + integrity - Decryption verifies the tag to detect tampering - Part of encrypted output

Answer 154

**Not without knowing the Key** - They can modify ciphertext but without valid Tag it will not change, as decryption would reject it.

Answer 155

- **Confidentiality** - **Message Integrity** - **Sender Authentication** - **(soft) Sender Undenialbilty (NON-REPUDIATION)**

Answer 156

Transmitted message should remain hidden to adversary

Answer 157

Any modifications made by Adversary should be detected

Answer 158

Ensure sender of messages before accepting it

Answer 159

Sender of a message should not be able to deny they sent a message

Answer 160

- 2 Users hold Identical keys - Encryption / Decryption use the same keys - Message Authentication Keys must be used to indentify the MAC

Answer 161

Secret Communication to share it

Answer 162

- Every pair needs a separate key - Everyone needs n-1 many different key (one for each person) This is insufficent & Probibitively Expensive

Answer 163

- Each person has 2 keys: One Private & One Public - Keys are Asymmetric (Related but not identical) - Public Keys are Known to everyone - Private Keys are Secret

Answer 164

- Sender encrypts with reciever's public key - Reciever decrypts with their private key ## Footnote No one will be able to decrypt message even if they know the public key

Answer 165

- No longer require pairwise distinct key - For secret communication amoung n people, we need n secret keys & n public keys

Answer 166

- Signatures ## Footnote Receiver need to be convinced message is not tampered & was sent by correct sender

Answer 167

We have signatures

Answer 168

- Like Physical Signature: Public key signature a signer creates a signature message pair (*Signed Message*)

Answer 169

- Signer uses sign Algorithms, for security the signature needs to be unforgeable - The sign Algorithms would take a Private key & message as input to make signed document

Answer 170

- Authenticity can be verified by anyone - Use Verify Algorithm

Answer 171

- Takes a public key of signer & signed message & Algo will accept or reject the input - Authenticated Signer the Algorithm will accept the inputs - Forger does not know the secret key, the Algorithm can reject it.

Answer 172

- User registers to system & obtain public/private key pair 1) Register with Registration Authority 2) Registration Authority requests certificate Authority to generate public/private key pair 3) Certificate Authority provide user a certificate Authority for public key, with public & private key 4) Certifcate Authority also put user certificate of public key in the directory (PUBLIC)

Answer 173

1) User A obtians & verfies User B's public key from the public directory 2) Then User A sends User B a meesage & encrypts it using verified public key obtianed

Answer 174

Trusted 3rd Party {Certificate Authority}

Answer 175

User needs to agree on a secret key

Answer 176

- User needs to transfer a set of keys in the physical world | Solution: Postal Service

Answer 177

1) User A obtains a 2 sided lockbox 2) User A puts secret key in the box & lock using their own lock & key 3) User A ships box to User B 4) User B recives box with User A's lock 5) User B adds their own lock & key 6) User B sends it back to User A, who takes the lock and sends it back to User B 7) User B opens their lock and takes the shared key

Answer 178

- Secure if the padlocks on box cannot be opened without the key - Not impossible, just assume it difficult to do so - Assumption: Anyone carrying box has no intrest in opening it

Answer 179

- *p*=>a prime - *g*=>an integer, *g* < *p* , such that gcd(*g*,*p*-1) = 1 | gcd => greatest common divisor A.K.A HCF

Answer 180

1) User A & B publicly announce *g* & *p* 2) User A & B choose their corresponding Secret (e.g. a/b∈R {2,...,*p*-2}) 3) User A computes X = *g*^a mod *p* User B computes Y = *g*^b mod *p* 4) User A sends X to User B & User B sends Y to User A 5) User A derives Key as: k = (B)^a mod *p* = *g*^(ba) mod *p* User A derives Key as: k = (A)^b mod *p* = *g*^(ab) mod *p* ## Footnote Adversary knows *g* & *p*, X, Y

Answer 181

- B = *g*^b mod *p* (similarly A = *g*^a mod *p*) is not an increasing function as mod cycles through 0 - *p-1*. - Small changes in b do not lead to small, predictable changes in B. - It is resistant to Brute force approaches like aylor series approximation because it assumes continuity and differentiability. - No polytime algorithms to solve discrete log problem, therefore an adversary cannot compute the shared secret key.

Answer 182

- No Polytime solutions to solve B = *g*^b mod *p* (similarly A = *g*^a mod *p*) - The Adversary does not tamper with X & Y ## Footnote -2nd assumption may not be true in practice (Courier may have adversary that causes Man-in-the-Middle Attack)

Answer 183

- Advesary sits in between User A & B (pretends to be User A to B & User B to A) - User A sends X, the adversary recieves it & Y from User B - User A & B secret keys don't match as they didn't recieve message from each other only from adversary - Adversary will know secret key for both user, so when they send messages the adversary can easily retrieve the message.

Answer 184

- Authenticating Public Key (Authenticate Sender) - Requires a trusted 3rd party like certifcation Authority - ## Footnote Authenticate that User A is sending message to User B & vice versa

Answer 185

- Gen (key Generation): Produces a Public & Private key Pair - Enc (Encryption) - Dec (Decryption)

Answer 186

On a security parameter λ (No. of bits public & private keys will have) 1) Generate 2 distinct primes p & q of bit-size λ 2) Compute N = pq & Ø(N) = (p-1)(q-1) 3) Choose a random int e where e is (1< e< Ø(N)) s.t gcd(e, Ø(N)) = 1 4) Let Z{n} * = {x|0

Answer 187

- All Ints between 0 & N s.t gcd(x,N) = 1 - Basic Num Theory tell use their are Ø(N) integers

Answer 188

1) p = 3 & q = 11 2) N = 3 * 11 & Ø(N) = (3-1)(11-1) = 2 * 10 = 20 3) Let e = 7 (gdc(7,20) = 1) 4) Find d = 3 as (7 * 3 ) + (-1) * 20 = 1 (Find a value to times e with to get 1 when you subtract Ø(N) from it) 5) PK = (e = 7 , N = 33) 6) SK = (e =7 , d = 3 , N = 33)

Answer 189

Enc(PK,m): On input an element (m∈Z{N} * ) & public PK = (e,N) compute - c = (m^e) (mod N) - c is an element (m∈Z{N} * )

Answer 190

Z{N} * = {1,2,4,5,7,8,10,13,14,16,17,19,20,23,25,26,28,29,31,32} 1) m =4 2) c = m^e (mod N) = 4^7 (mod 33) = 16 (mod 33) 3) c = 16 | Z{N} * => Ints between 0-N, that are Prime to N(Not factor of N)

Answer 191

DEC(SK,c): On input an element (c∈Z{N} * ) & private key SK = (e,d,N) compute - m = c^d (mod N) | m is an element of Z{N} *

Answer 192

- Recover m = c^d (mod N) - 16^3 (mod 33) = 4 (mod 33) - m = 4

Answer 193

- Primary tool to achieve Authentication in public key setting - Aims to achieve what hand-written signatures achieve in real world - Ensures hardness of forgery (signature prodcued by fraud, should be easily detected)

Answer 194

- Bind a statement/message to its Author(i.e Job offer should have signature of employer) - Verification is Public (Against a Prior Authenticated one)

Answer 195

- **Correctness**: A correct signature should always be verified as true - **Security**: Hard to forge (s.t the bank doesn't pass a fake as valid)

Answer 196

- **Public Key Infrastructure**: Provide authentication of Public Keys (*Used in certificate to certify validity of public key*) - **Software Authentication**: Boot loader authentication, software updates (*Verifies signature before booting OS/ installing Update*) - **Contract Signing**: Legal documents, smart contracts, Authorise assets transfers in blockchain

Answer 197

- Gen (Key Generation) - Sign - Verify

Answer 198

- Takes security parameters & creates & secret key - Secret key is used for signing, so called Signing Key ## Footnote (1^k) => Gen => (PK,SK)

Answer 199

- Takes signing key & public key & message, to produce a signature σ (sigma) ## Footnote M => Sign(PK,SK) => σ

Answer 200

- Takes message & candidate signature x, with public key & either accept or rejects the message, signature pair ## Footnote (M,x) => Verify{PK} => Accept/Reject

Answer 201

If a message, signature pair was generated by Sign Algorithm, with the public key & secret key pair, then the verification algorithm wiht same public key & message, signature pair should ALWAYS ACCEPT ## Footnote If message signature pair was created honestly should always accept it

Answer 202

Adversary would not be able to produce a message, signature that will be accepted - Verify the algo will always reject the adversary's message & signature pair

Answer 203

Based on the idea of applying a cryptographic hash function to a message before signing it with RSA.

Answer 204

- **Public Function**: A Hash Function H (*Standard hash function e.g. SHA-3*) - **keygen**: Runs RSA.keygen.PK = (e,N) , SK = (d,N) - **Sign**: Input: SK,M Output: σ = RSA.Des(SK,H(M)) = H(M)^d mod N - **Verify**: Input: PK, M , σ => if RSA.Enc(PK,σ) = H(M) => Output: Accepted else Rejected *** (If σ^e mod N = H(M) => ouput accepted else rejected)***

Answer 205

CORRECTNESS: verify(PK,M,Sign(SK,M)) = Accept RSA.Enc(PK,Sign(SK,M)) = RSA.Enc(PK,H(M)^d mod N) = (H(M)^d) mod N = H(M) => by correctness of RSA

Answer 206

...Hardness of finding *d* from *e,n*

Answer 207

- Textbook algorithms are - In practice some random padding is used

Answer 208

- Requires gcd(m,n) =1 - However, finding a m < n s.t gcd(m,n) >1, leads to finding *p* or *q* & break the system - NO

Answer 209

- Shor's Quantum Algorithm - Quantum Computer of required capacity is still quite far away in the future

Answer 210

A global computer network providing a variety of info & connumication facilities, comsisting of interconnected networks using standardized communication protocols

Answer 211

- Internet is not a single entity but a network of networks - Uses protocols to enable devices worldwide to exchange data - Packet of data travel through different routes & devices, making intenet decentralised & flexible

Answer 212

- Packets do not rely on a single path or central hub to tavel from one place to another. - Takes multiple paths, making system flexible & resilient to failures

Answer 213

- Isolated local networkd with minimal external communications - Telephone-based connection (SLOW & COSTLY) - Dedicated leased lines for exclusive, high-cost connections - File sharing required physical transfers (floppy disk)

Answer 214

**Limited Interoperability:** - Different systems couldn't easily connect. - Need to know exact IP of device you were connecting to **Expensive & Low-speed Data exchange:** - Due to dedicated connections **No Universal communication Standard **

Answer 215

- Big cables underground - Decictaed Lines between Computers - High Cost but reliable for direct communication - Limited Scaliability as more node join | (More device = cost rises exponetially )

Answer 216

- Bottle Necks leads to slow communciation **E.G: ** *A talks to D, B cannot communicate with C Simultaneously *

Answer 217

Packet Switching

Answer 218

- Data is plit inot packets rather than continuos communication - Packets travel separately allowing multiple conversation at the same time

Answer 219

- A Packet is a Message/Data split into small chunks Contains Packets: - **HEADER:** Source, destination, size stored here - **Actual Data:** The message being sent

Answer 220

Each Packet: - Travels Independently - Reassembles at the destination - Use IP for Routing ## Footnote Helps diagnose slow connections ?& network issues

Answer 221

Allows us to trace the route our packets takes to gain access to a website

Answer 222

Many packets were getting lost & arriving out of order

Answer 223

- Ensuring lost packets are retransmitted - Guaranteed ordered,complete & error-checked data transfer - User Acknowledgment (Recievers confirms recieved data) ## Footnote Leads to Reliable file download, web browsing & video streaming

Answer 224

- IP is too hard to remember - We use Domain names, a name to match IP which will be easier to remeber

Answer 225

- DNS translates names into IP address via a hierarchial system

Answer 226

- Request first go to the ISP's DNS resolver, then higher level DNS Servers - Authoritative DNS server provides the correct IP

Answer 227

- Allows multiple connections - Each connection is uniquely identified by a TCP socket

Answer 228

- Destination IP - Destination Port - Source IP - Source Port

Answer 229

The Service ## Footnote HTTP => 80 SSH => 22 DNS => 53

Answer 230

Chosen Randomly

Answer 231

- A versatile tool for making TCP & UDP connections - Used to SEND, RECIECE, & LISTEN on network ports

Answer 232

- A tool for discovering hosts & open doors - Scans system for open ports

Answer 233

- Follows a Stack of protocols - Each layer depends on the layer below to send & recieve data - Layers focus on a specific task

Answer 234

- Application - Transport - Internet - Link

Answer 235

- Handles user-facing applications - Formats data for application - Decides what to send | e.g Web, Email, FTP, DNS ## Footnote Adds the protocol the application will follow i.e HTTP,HTTPS,FTP

Answer 236

- Manages end-to-end connections - Adds port Number to direct the packets to travel across different networks **TCP**: Ensures data is recieved completely & in the correct order **UDP**: Sends data quickly without checking for errors

Answer 237

- Routes packets across networks - Handles the addressing & Routing using IP - Determining the best path for packets to travel across | IP, ICMP, Routing

Answer 238

- Manages physical network connections - Converts data in signals - Manges the physical transmission & error decetion in the communication ## Footnote Signal Sent over : Ethernet (CABLES) , WIFI (WIRELESS) ARP is also done here

Answer 239

- **Scalability**: Network can grow without needign to change everything - **Flexibility**: New technologies can be added at specific layers without breaking everything -** Interoperability**: Different hardware & structure can work together as long as they follow te protol rules

Answer 240

- Unique to each device - Assigned by manufactuer - Identifies a user - Can be changes quite easily (Negative) | E.g 48:D7:05:D6:7A:51

Answer 241

Identifies devices golabally across networks | E.g. 147.133.123.15

Answer 242

- Private IPs - Not Unique - Enable multiple devices to share a single public IP

Answer 243

- Assigns an IP to machine based on MAC address - IP assignment is temporary & not stored long term

Answer 244

-Helps routers map IP addresses to MAC adresses - Discovers who is using a specific IP

Answer 245

- Send a Request to fins who has specific IP - Person who has it replies back with IP

Answer 246

- Malicious machin can inpersonate another by faking ARP response - Allows Man-in-the-Middle Attacks

Answer 247

Powerful network protocol analyzer that records & inspects networks

Answer 248

- Attacker send fake ARP reply, pretending to be gateway - Tricks victim into sending traffic to them - Attacker can now intercept, modify or drop packets ## Footnote Lack of Authentication

Answer 249

- All modles assume the attacker controls the network - Strong encryption is **only** protection (**True Defense**) - Data is unencrypted, should be considered compromised

Answer 250

- Connectivity, not security - Traffic can be monitored,intercepted or altered

Answer 251

Any point along the path | Path of the packets / communication

Answer 252

**A => B** - A sends a messgae to B - Message can be "I am Alice" It has basic authentication but lack security

Answer 253

**E(A) => B** - Attacker/ Adversary pretends to be a user - No way to check of sender is who they say they are. | E(A) => Adversary impersonating A

Answer 254

Symmetric Key Encryption: - Message encrypted & decrypted by the shared key Steps: - User A encrypts message using shared key kab - User B know its User A becaue they only share a key kab

Answer 255

Yes, as long as the adversary does not know the key kab, which will be hard to retrieve the message is still secure.

Answer 256

Replay Attack: - Even if a message is encrypted an attacker can record it and resend it later. How it works: - User A send User B a message - Attacker either steals it through man-in-the-midde or using wireshark and records it to send to User B. ## Footnote Attacker will not know messgae due to not knowing the Key

Answer 257

- Use a Nonce (a number that is only used once) Steps: - User A introduces themseleves to User B - User B sends a Random Num (Nonce) - User A sends the Nonce + 1 and the message

Answer 258

- Nonce is used once and if message is replayed checked and finds that the nonce is the same it was sent by an attacker, therfore can reject the message/ don't send packet to them. - This is due to Attacker not knowing shared key so they don't know the nonce value and the update value from the other user.

Answer 259

- Man-in-the-middle - Nothing is authenticated. - Due to the return message being split in 2 parts & the second part has no nonce therefore easy to change it. - If attacker knows ciphertext, they know the outcome, therfore can use previous message to swap with new message. ## Footnote Slide example, the attacker know the message gave him money last time so swap the new message with the old message will give him more money.

Answer 260

- Merge the 2 part of the message / packts, so that the nonce and message are together and the adversary cannot change it.

Answer 261

- Users can be sure they are talking to the actual person they want to talk to. (B is talking to A - The message sent is the actual message (e.g send £5 to Bob) - The nonce & messages are fresh (NOT REPLAYED)

Answer 262

- A way to generate and exchange keys. - It is neede because A & B shared a key - Creates a session key so not too much happens of session key is compromised as it it one time use.

Answer 263

- A key used once to encrypted & secrypted messages. - Not too much if key is intecrpted only loss 1 message. Set up: The principals need to set up a session key using a Key establisment ## Footnote Principals are the entities involved in setting up the shared key.

Answer 264

Must know either: - Each other's public key (AES Key Est) - Use a trusted Third Party (Symmettic Key Est.) | 3rd Party ~ cannot have cryptography without trusting someone ## Footnote Est = Establisment

Answer 265

Used to establish a shared symmetric session key between two parties. The protocol itself relies on public-key encryption for the exchange.

Answer 266

- User A encrypts a nonce Na and their indentity A with User B's public Key [E{B}(Na,A)] - User B decrypts Na & send it back with their own Nonce Nb (They send back [E{A}(Na,Nb)]) - User A decrypts the message and sends back Nb [E{B}(Nb)] This ensure users are talking to each other & generate a shared key using Na & Nb ## Footnote E{x} => mean encrypted with x's public key

Answer 267

- Users A & B are sure they are talking to each other - Whoever knows Na is the person to decrypt the first message. - Whoever Knows Nb is the person to decrypt the second message

Answer 268

STEPS: - User A sends nonce Na & their Identity A to User B, But Attacker intercepts it and replaces the identity with theirs E. - User B sends Ne & Nb to Attacker who forwards a modified version Na & Ne to User A. - User A send Attacker Ne & the attacker decrypts it and re-encrypts Nb and send it to User B - Attacker can now impersonate A & B, due to having a key with both users, so they can read the messages and modify it.

Answer 269

New Protocol called Needham-Schreoder-Lowe. - When User B sends back Na,Nb to user A they also send back their Identity. This is now secure because: - A & B mutually authenticate each other - Attacker can no longer impersonate User B (MITM protection) ## Footnote Needham-Schreider-Lowe ensures Mutual Authentication by including User B's identity

Answer 270

- Eventhough adversary cannot see the identity message they can still do a replay attack

Answer 271

No, the key is secure against : - Intecept , replay, delete & Alter attacks

Answer 272

- By law they can legally force you to give up your key, after the protocol has ran.

Answer 273

Protocol has forward secrecy if it keep the messaf secrt from an attacker who has: - Recording of the protocol run - Long term keys (SHARED KEYS) of the principals They Protect Against: - Government forcing people to give up keys - Hacker that might steal private keys

Answer 274

STEPS: - User A sends User B random DH value g^x - User B sends User A a Random DH value g^y and a signed message (g^y , g^x) encrypted by g^xy - User A send a signed message (g^y,g^x) encrypted by g^xy - User B sends A a Message encrypted by g^xy ## Footnote The Signed messages are used to prove identity of the user, Signature computed by a Users Private Key ensure it can only be generated by that user. PREVENTS MITM ATTACKS Key Arrangement is based on DH exchange Well desinged protocls prevent key leaks from compromisng post conversation

Answer 275

- x,y,g^xy are not stored after protocol run - A & B's keys don't let attacker read M - STS ensure Forward Secrecy as we don't store g^xy and keys are different everytime.

Answer 276

STS ensures forward secrecy because it does not store g^xy (the shared key), and a new key pair is generated for each session. This means that even if the long-term private keys are compromised, past session keys (which are used to encrypt the data) cannot be decrypted.

Answer 277

Possible Solutions: - Meet face to face & exchange keys - Use a pre-shared key mechanism Better Solutions: - Trusted 3rd Party (Signed Identies & public key, creating) - A certificate that verifies each other's keys ## Footnote This is important as it prevents MITM attacks that ensure only real users can decrypts other user messages

Answer 278

- User A sends g^x to User B - User B sends User A : g^y, Certificate for B CertB & Signed message containing (g^x,g^y) encrypted by g^xy - User A sends User B: Certificate for A CertA & Signed Message containing (g^x,g^y) encrypted by g^xy ## Footnote Verify Signature b#using certificate to make sure sender is who they say they are

Answer 279

CertX is the certificate for user X - Contains public key X - Signed by a trusted Certificate Authority To authenticate X

Answer 280

- Full STS protocol includes certificates for A & B - Certificated contain public keys signed by Trusted 3rd Party - Don't nned to know Public key beforehand

Answer 281

- User A send the Server its Identity A , Indentity B & Nonce Na - Server Sends User A, Nonce Na, Idnetity B & Session Key K{ab}, the Session Key K{ab} & A's Idneity encrypted with S's Session key K{bs} All of this is encrypted by K{as} - User A sends User B the Session Key K{ab} & A's Identity encrypted with B's Session key K{bs} - User B send User A a Nonce Nb encrypted with the session key K{ab} - User A sends User B Nb+1 encrypted in the session ket K{ab}

Answer 282

- S is a Trusted 3rd Party that helps establish a shared key K{ab} - S enccrypts the session key for A & B - A & B mutulally authenticate using Nonce Na & Nb - Ensure that only A & B K{ab}

Answer 283

- **Key Freshness:** Don't want to use the same key all the time / Key estabished is new - **Key Exclusivity:** Only the intended users know it. - **Good Key:** A good key is both fresh & exclusive

Answer 284

Good Key / \ Fresh Key Key Exclusivity

Answer 285

- A knows that B exists / Currently active E.g.: - A sends B a Nonce Na - B sends A a signed message of Na

Answer 286

A knows B want to communicate with A E.g.: B sends A a message a Signed message A {B might have the name A is the message }

Answer 287

A Knows B is currently active & wants to communicate. - They will verify each other. E.g.: - A sends B Na - B sends A a signed message of A & Na

Answer 288

- Entity Aythentication - Far-End Operative - Once Authentication

Answer 289

- Protocol Provides Mutual Belief in a Key K for A with respcet to B if, after running the protocol, B can be sure that: - K is a good key A - A can be sure B wishes to communicate with B using K - A knows that B believes that K is good key for B

Answer 290

1) Mutual Beleif in Key 2) Good Key & Entity Authentication 3) Fresh key , Key Exclusivity, Far-end Operative & Once Authentication

Answer 291

Mutual Belief in a Key - ensuring bith A & B trust the estabkished key & each other

Answer 292

Contains: - Subject (entity Indentity) (Who the certificate is for) - Subject's public key - Issuer's name (Authority that signed the certificate)

Answer 293

- SSL was renamed to TLS - Provides encrypted communication & authentication using public keys | SSL => Secure Sockets Layer TLS => Transport Layer Security

Answer 294

TLS/SSL supports: - RSA - DES - DH Specific cipher suite is negotiated at the start of the session

Answer 295

- Issuer signs the hash of all certificate data - To Verify a certificate: - Compute the hash of the data - Check the signature using the issuer's public key - If I can trust the issuer's public key, I can trust the subject's pulbic key

Answer 296

- **Application:** Where your program will operate e.g. web browser - **Transport:** Uses TCP/UDP to manahe data transmission - **Network:** Uses IP for routing Data - **Link/Hardware:** Underlies phyiscal connections

Answer 297

- TLS layer runs inbetween the Application & Transport Layer - Encryption is transparent to the Application layer - Normal TCP & IP protocol etc. can be used at the low layers - TLS handles encryption/decryption before the data is passed to TCP/IP (Making secure communication 'invisible' to application)

Answer 298

**TLS Handshake: establishing a secure connection:** 1) C sends a message listing supported cipher & random Numbers to S 2) Server responds with its chosen cipher suite & its own random Nonce 3) Server sens its certificate, which contains public key 4) The client sends a pre-master secret encrypted with the server's public key 5) Both Parties exchange verification messages to confirm that the handshake was successful **Key Exchange Options:** - RSA: client encrypts pre-master secret with server's public key - Diffie-Hellman: Client & server derive a shared secret After the handshake, all communication is encrypted using the negotiated symmetric key

Answer 299

1) Client send sever a nonce Nc 2) The server responds with its nonce NC & certificate CertS 3) Client sends an encrypted pre-master secret (denoted E{s}(kSeed)) plus a hash encrypted with a session key 4) Server relies with its own hash encrypted with K{CS}

Answer 300

- Both side then compute session as: K{CS} = f (Nc,Ns,Kseed) -Where f is a key derivation function ensuring bith parties use the same key

Answer 301

- Textual: Client sends a random nonce & support cipher list - Transmits a Random Nonce Nc & list of supported Ciphers - Avoid Repay Attacks | Mathematical: C => S: Nc ## Footnote Nc => client's Nonce & used in key derivations

Answer 302

- Textual: Server responds with a random nonce & chosen cipher suite - Server send its certificate (signed by CA) - The Server's response incldes its nonce Ns & certificate containing its public ket | Mathematical: S => C : Ns , Cert{S} ## Footnote Ns => Server's Random Nonce Cert{S} => Server Certificate containing its public key

Answer 303

- Textual: Client encrypts a pre-master with the server's public key - Client encrypts the pre-master secret with the server's public key - A hash is computed over the exchaged values to ensute integrity Mathematical: C => S: E{S}(Kseed),{Hash1}Kcs ## Footnote E{S}(Kseed) => Pre-master secret encrypted with the server's public key Hash1 => ensures the integrity & is encrypted using the session key Kcs

Answer 304

- Textual: Server verfies handshake & confirms key agreement - Server verfies this Hash & sends back another hash to confirm mutual agreement Mathematical: S => C : {Hash2}Kcs ## Footnote Hash2 => Is computed over handshake date, confiriming mutual agreement

Answer 305

- Textual: Both sides dervie the session key using nonces & exchnaged key material - Use a function of Nc, Ns & keySeed Mathematical: - Kcs = f (Nc,Ns,Kseed) - f is key derivation function KDF that combined Nc, Ns & Kseed to generate Kcs.

Answer 306

- Some suites provide encryption & authenitcation - Others provide authentication OR just encryption

Answer 307

Client & server agree on one suite from the list they both support to govern cryptographic methods used in the session ## Footnote Usually the Highest level of security, the both have

Answer 308

** - Cipher Downgrading: ** - Forcing a session to use a weaker cipher than both parties are capable of ** - Self-Singed certificates:** - Accepting certificates that are not validated by a trusted Authority 3RD Party

Answer 309

How it Works: - Both the client & server list their supported cipher suites in order of prefrences. - Attacker can interfer with the handshake to force both parites to use the highest mutulally supported cipher. (Lie & say you only support the weaker ciphet, so not secure) (Reduce it by using latest / secure protocols)

Answer 310

- Weaker cioer may lacj robust authentication, can make session vulnerable to further attacks - Like MITM attack

Answer 311

- Maintiang a set of certificates is hard - Much easier just to accept any certificate Trade Off: - In enviroments like loT or certian apps, maintain a full set of trusted certificate us challenginh - Easier to acceots self-signed certificates Security Problems: - Accepting self-signed certificates can allow attackes to easily impersonate servers, facilitating MITM attacks

Answer 312

- Allowed attackers to bypass TLS/SSL certificate validation What Happened: - Found in Apple's Secure Transport Library - A misplaced goto statement caused the certificate validation chek to be skipped - Allows MITM attack agaonst secure connections

Answer 313

Affected Safari, Mail, iCloud & other apple services using TLS. - These were all at risk as the bug meant that invalid certificates were accepted without proper verification

Answer 314

- Client blindly trusts any certificate (Valid or not) - MITM Attacker could impersonate trusted website - Encrypted Communication coul be intercepted

Answer 315

in the SSLVerifySignedServerKey Exchange Function, in the if((err= SSLHashSHA1.final(...)...)), there was an additional goto final which skipped verification, and any certificate was trusted, making secure connections vulnerable

Answer 316

Remove the additional goto fail

Answer 317

Need to have proper coding practices & through testing to avoid vulnerabilities - **Code Style matter:** Good Indentation & clear structure can prevent logic errors. - **Testing Matters: **Automated Tests can catch subtle bugs that mutual reviews miss. - **Open review in valuable:**Bug was unnoticed for years, wider security can help identify vulnerabilities early

Answer 318

- Genrealy considered safe. - Developer removed all weak ciphers, some remained in servers. - Depnends on different cioher suites being incompatible ## Footnote - Handshake will select the highest mutually supported cipher - Attacker forces the use of weak cipher, security maybe comprimised

Answer 319

SSL_RSA_WITH_DES_CBC_SHA & TLS_DHE_DSS_WITH_AES_256_CBC_SHA

Answer 320

- Attacker can force a downgrade to these weak groups & then use precomputed discrete logarithms to break the encryption in real time Key Insight: Weak DH groups are compatible with strong groups (Stronger DH group can be decrypted by a weaker DH group) ## Footnote DH => Diffie Hellman History : Snowden leaks revealed NSA's large-scale TLS interception

Answer 321

- TLS Servers commonly support weak 512-bit 'export-grade' DH groups - MITM attacker can force TLS to use weak DH group, even if strong group is avaliable - Precomputed discrete logs allow attackers to break key in real-time *(Lets attacker passively decrypts TLS traffic in scale)*

Answer 322

DH key exchange is widely used in TLS for forward secrecy: 1) C & S agree of a **prime** p & **generator** g 2) C picks a secret a, Computes A = g^a & sends it to S 3) S picks a secret b, Comutes B = g^b & sends it to C 4) S & C compute shared secret: K = B^a mod p = A^b mod p ## Footnote C => Client S => Server

Answer 323

- server reuse the same small set of DH primes, making them vulnerable to precomputatuin attacks - Making Pre-computatuon attacks feasible if weak primes are used

Answer 324

**Step 1 : MITM Attack** - Attacker intercepts the ClientHelllo message - Client proposes a strong DH group (2048-bit) - Attacker modifies this to request an export-grade 512-bit DH group **Step 2 :Server Accepts Weak DH Group** - Server allows the downgrade & responds with a weak DH group - Attacker can now easily compute the discrte log for the shared key

Answer 325

1) C => S: ClientHello (Strong DH group, e.g. 2048 bits) 2) S => C: ServerHello (Same DH group) 3) S => C: Certificate, DH Params 4) C => S: Key Exchange

Answer 326

The Server, supporitng export-grade DH for legacy reason, accepts the weak group. 1) C => MITM => S: ClientHello (Requesting weak 512-bit) 2) S => MITM => C: ServerHello (Accepting weak 512-bit) 3) S => C: Certificte, Weak DH Param 4) Attacker quickly computes the shared secret due to precomputed discrete logs 5) Attackers decrypts & relays traffic in real-time RESULT: Attacker can derive the session & decrypt communications

Answer 327

- Normal handshake, a strong DH is used, making it computationally hard to break. - Handshake is manipulated to use a weak size-bit group

Answer 328

With weak parameter, the attacker can compute the shared secret quicklt & decrypt TLS traffic in real time

Answer 329

1) **Many server reuse the same small set of DH primes:** - NSA can precompute discrete logs for these primes 2)**Export-grade cryptography is still widley supported:** - Weak DH groups weere left in for legacy reasons - Attackers can downgrade connections to force weaker groups 3) **No Authentication Required of DH Params** - TLS handshake does not authenticate the DH group selection - Attackers can ,odify the handshake without detection

Answer 330

**Mitigation Steps:** - Increase minimum DH key size (~2048 bits) - Disable export-grade ciphers completely - Use unique DH groups, instead of common shared primes - Prefer Elliptic Curve DH over Traditional DH **Industry Response:** - Browser vendors removed support for weak DH groups - TLS 1.3 removes support for static DH & export-grade cryptography

Answer 331

- Allowed Attackers to read up to 64kb of memory from a server potentially exposing private keys, session cookies, passwords & other sensitive data ## Footnote Affected OpenSSL versions 1.0.1 to 1.0.1f

Answer 332

- OpenSSL implemented a Heartbeat extension to keep TLS conncetion alive. - Bound-checking failure allowed attacker to read up to 64 kb of memory - No authenitcation, so memonry can be requested by an attakcer without being a legitimate user

Answer 333

- Allows clients & server to check if connection is still open - Works by sending a small requests & expecting the same response - Meant to prevent unescessary re-negotiations in TLS

Answer 334

EXPLOT: ``` Client => Server: HeartbeatRequest("Hello", length = 64KB) Server => Client: HeartbeatResponse(Leaked memory up to 64Kb) ``` - An attacker send a HeartbeatRequest with a deiliberately inflated length field - The server, not verfiying the actual length of tha payload, responds by sending back extra data from its memory ## Footnote Attacker could repeatedly send malicious reauest to extract private keys, passwords or other data

Answer 335

- Lack of proper bound checking is the root cause of the vulnerability - Memory beyond legitimate data is copied & sent back to attacker - Attackers could srnd small packets, but request large response, causing leaks - Server reads a 'length' value from the request & then copies that many bytes from memory without checking if the requests actually contained that much data

Answer 336

Could Expose: - **Server private keys** Allowing attacker to decrypt past & future TLS traffic - **User Credentials** Including session cookies & passwords - **Sensitive session data** Any Info presents in the server's memory (**Internal API Keys, OAuth tokens, SSH Keys** ) - **Anything stored in memory** Since OpenSSL is widely used, many systems were affected

Answer 337

- Steak session cookies without triggering alerts - Compromised Private keys meant attackers could decrypt past traffic - Attack left no logs - **Undetectable unless you were monitoring memory leaks**

Answer 338

**Affected Services:** - **Major websites:** Yahoo, Tumnlr, GitHub & Google - **VPNs & Firewalls:** Cisco, Juniper Networks - **Cloud Providers:** AWS, Google Cloud, Azure **Response & Damages:** - OpenSSL released a patch 1.0.1g (after discovery) - Websites scrambled to revoke & reissue TLS Certificates - Users were told to change their passwords - Attacker likely had access to sensitive data for years before discovery

Answer 339

1) **Proper Bound Checking:** - Length field must be checked against actual input size - Length is greater thand provided data, it is rejected 2) **OpenSSL Patch:** - Introduced proper bounds checking - Disablrd heartbeat extension unless explicitly enabled 3) **Industry Response:** - Websites had to revoke compromised certificates - Users advised to change passwords - Organisations moved away from Open SSL

Answer 340

- Proxy server sit between you & the Internet - Hides your IP address from the webiste you visit

Answer 341

- Securely connect you to another network over the internet - Provides privacy & security by encrypting your connection - promise "Anonymity" (to website not to the VPN company) - Access to private networks remotely - Single (ONE) proxy

Answer 342

- VPN acts like a proxy by routing traffic through a differnet server - Recipent websites only sees the VPN's IP, not yours - VPN provider knows your original IP

Answer 343

- Connection made via their servers - Intended recipent server never sees your IP

Answer 344

- Use encryption like TLS & IPSec to protect data - Ensures that your ISP & hackers cannot easily intercept your traffic

Answer 345

Helps with Anonymity?: - Server thinks you are the VPN provider - ISP sees the connection to VPN - Global observar can probablu link your connections Limitiations: - Global observer may still link your VPN activity to your identity - VPN provider itself can see your traffic & could store logs (NOT ANONYMOUS)

Answer 346

- WIFI's Outgoing IP address - That you are connect to the VPN Means, public WIFI cannot monitor your browusing habits if you use a VPN

Answer 347

- WIFI's Outgoing IP address - You are connected to VPN - VPNs Outgoing IP address - The website you are browisng VPN provider can track & log everything you do. If provider is compromised, then your privacy is at Risk.

Answer 348

- The VPNs Outgoing IP address - The Website you are browsing - The contents of your website - Shouldn't know you are using VPN (can be inferred) Website does not know your real IP when using VPN, but know your activity

Answer 349

Onion Routing (TOR)

Answer 350

- Best Anonymity by routing traffic via multiple proxies - Ensures your message is **seurely encrypted in layers** & routed through multiple nodes - Each node only know the PREV & NEXT hop, thus ensuring no single enity can trace full path

Answer 351

- Each proxy only learns the IP of the PREV & NEXT Proxy in circuit - Public Keys of each proxy is known - Soruce IP is visible only to entry node - Destination IP is visible to exit node - Use picks 3 Proxies & remain anonymous as long as at least one node is not compromised

Answer 352

User Picks 3 Proxies (Nodes): - **Entry Node:** Knows user's IP - **Middle Node:** Acts as Relay - **Exit Node:** Knows the destination websites

Answer 353

As long as at least one node is not compromised, anonymity is maintained - Entry Node doesn't allow the destination - Exit Node doesn't know the Sender

Answer 354

- Each node only decrypts one layer, enough to know where to send it - Final Layer is decrypted at the exit node, and goes to the website/gets message - Prevent any single entity from tacking their connection

Answer 355

- Message is Encrypted 3 times (for 3 node) - Each node decrypt the relative layer & if it cannot decrypt it, it will send it ot the next node - Then the node will send it back to the user & the decrypted message sent to it & repeats until final node is reached - Final node, the message gets decrypted and send back a response being encrypted layer by layer by each node. To be decrypted by the User

Answer 356

Due to the constant decrypting and encrypting TOR is very slow (Dercypting to send website message & encrypting response back to user to decrypt)

Answer 357

- Hide Server from you (USER) - Give websites .'onion' addresses (Only accessible through TOR network)

Answer 358

- Server dies not reveal its IP address - Instead, it connect through TOR relay to stay anonymous

Answer 359

1) Service Provider picks some introduction points (IPs from TOR Cloud) & builds circuit to them 2) Service Procider puts their service name.onion in Database & uses the IPs of the nodes (information Points). DONT use your own 3) User hear that the name.onion exist and request more info from database & she sets up a rendezvous point (Can be done before) 4) User writes to privder an encrypted message using their PK, lisiting the rendezvous point & one time secret and ask the indroduction point to deliver it to the service provider 5) Provider connects to User's redezvous point & provides their one-time secret {if connection is accepted} (Connection can be rejected) 6) User & provider proceed to use their TOR circuits like normal (User never knows Provider IP & vice versa)

Answer 360

NO - Protects anonmity but not security - If exit node is compromised/ is malicoius, it can see unecrypted data send to website/service - If you login to your account (Facebook), your identity is exposed

Answer 361

**Final Takeaways:** PROS: - Provides strong anonymity by routing traffic through multiple nodes - Hides IP, making tracking difficult - TOR hidden services allow anonymous websites CONS: - Remains one of the best tools for online privacy - **Not foolproof:** - entry node sees your IP - Exit node sees your traffic (if unencrypted) - Government & adversaries try to break TOR

Answer 362

- Inject client-side code into pages viewed by other users - Attacker tricks web application to include malicious code

Answer 363

- Display images, open popups - Change page contents - Session Hijacking: Steal Cookies

Answer 364

Input/Output Validation - NEVER TRUST USER'S INPUT (THEY CAN BE ATTACKER)

Answer 365

Attacker sends script to application, that sends it to the web application to send database, so it gets sent to others users

Answer 366

Occurs when the attacker can inject malicious code into server-side & code is later displayed to other users.

Answer 367

In an area with little access control you can put: - HTML : `

comment

` - Script : `` WORMS: - Self Replicating Attack - (NO. of links/comments appear multiple times) - E.g. If user goes to malicious page with worm, everytime they access that page it will output the output the worm produces.

Answer 368

Attacker sends user URL with malicious code already in it. Not stored on server, but is displayed on the visted page `e.g: https://web.site/?search=`

Answer 369

- Edit Script to flip page 180 degrees - HTML edit code to show other values OR get other inputs

Answer 370

1) Attacker injects script on the victim server & waits for a victim 2) Server passes a session cookie & the Attacker's Script to Visitor 3) Scriot runs in the victim's browser, & passes the session cookie to the attacker 4) Attacker passes the stolen cookie, making the server think he is the victim ## Footnote - Redirects Victim's browser to attackers site , passing cookies - Might also pass currently visited web page - ALT , a Request, load an image

Answer 371

- **Validate User Input** - **Output Filtering** - **HttpOnly Cookies** - **Content Security Policy**

Answer 372

It only allows a very strict subset of inputs e.g : alphanumeric Chars | Validation can be tricky, so you need to understand dataflow through app

Answer 373

**Plain Output: HTML Encoding** - Stored data values need to be encoded to represent HTML **Marked up output: Encoding + Domain Specific Language (DSL)** - Use a dedicated syntax & convert it tot a safe subset of HTML

Answer 374

Cookies with HttpOnly flag, so they are not accessible via Javascript, preventing theft via document.cookies

Answer 375

A Strict CSP can prevent inline scripts & limit which domians can be requested.

Answer 376

Attacker can act otuside their intended Permissions

Answer 377

- Violation of the principle of least privilege OR deny by default - Bypassing access control checks by modifying the URL - Permitting viewinf OR editing someone else's account - Elevation of Privilege

Answer 378

Access should be granted for particular capabilities, roles, or users, but is available to anyone | (HIDE LINK OF ADMIN AREA)

Answer 379

Parameter tampering OR force browsing Internal application state, OR the HTML page , or by using an attack tool modifying API request | (PATH TRAVERSAL)

Answer 380

Providin its unqiue identifier | (OBJECT REFRENCES )

Answer 381

Acting as a user without being logged in OR acting as admin when logged in as user | (REDIRECTING)

Answer 382

- Format is not reliable as you can change URL to something else to open different file - If you know paths in the application you can access them - Remote user can potentially vist any file on the system

Answer 383

- Reads a plain HTML file - Wraps it with navigation links. site style

Answer 384

- http sever should not serve hust any file - Use internal web server config (Each webapp is separate) - Add External OS config (e.g. nobody users , chroot) - Use of allow-list (Filter inputs against Know / safe options)

Answer 385

- Can Modify & re-run HTML on your devise - Can change HTML, Change account and access it ## Footnote Uses Post to protect sensitve data

Answer 386

- **Re-validate**: Check authorisation again after every action from user, to make sure they have the access to perform the action - **Add a data Indirection**: Session specific server side array of account numbers - **Use of database/hashtables**: Use SQL to make sure users can access their accounts only

Answer 387

- Passing Potentially unnecessary info to the client - Expecting it unmodified - User can change types / HTML code/ User (email)

Answer 388

- If the info is not needed, don't send it/ add it to frontend - If it needs to be in visible frontend, encrypt it - Add MAC constructed with server-side key

Answer 389

- Manage Authorisation in a separate module - Single Route through Code - Trace to make sure authentication happens - Make authorisation checks for each function - Use deny-by-default policy *{if you forget it its not accessible}*

Answer 390

Exploit Browser's trust relationship with website *E.g. Existing login* ## Footnote Examples: home router admin, banking, email , browser is authorised to connet here

Answer 391

- Attacker Triggers malicious action - get user to open malicious link - Browser undertakes action on target site on behalf of authorised user

Answer 392

- User goes to bad website then to the good website in CSRF - XSS Changes/Modifes good website, user goes to good then gets bad page sent back

Answer 393

1) Attacker Send user a link to a website, and user opens it 2) Website has an image which triggers a get request in the browser 3) The get request access the actual website, the get request will perform transaction without user's knowledge (INCLUDES COOKIES) 4) Using the Cookies a transactions is performed ## Footnote example of transactions: Email, banking

Answer 394

- Include a CRSF token that the attacker cannot load in the HTML code The token is Hidden and the value is randomly genreated, it gets checked by server to make sure CSRF doesn't occur

Answer 395

- Standard browser-side mechanism to protect simultaneously running web apps from one another

Answer 396

- DOM - APIs for web access - Cookies, HTML5 local storage APIs Prevents attacker website from reading data from other website To pages from the same domain, i.e., protocol-host-port { Different ports for website cannot access each other data} - TOO RESTRICTIVE for legitmate cases , e.g. APIs / 3rd party services ## Footnote SANDBOXING enhances this

Answer 397

- Modern Web Apps use Javascript APIs like fetch to send & recieve data asynchronously - Relaxes Same-origin Policy securely - Works by allowing servers to specify permitted origins using special HTTP Header

Answer 398

**Access-Control-Allow-Origin: http://www.example.com** OR **Access-Control-Allow-Origin: * **

Answer 399

- Whole web app stack must be secure - Makes sure its up-to-date with security patches - Disable unnecessary features - Use minimum Privilege - Ensure Error handling does not expose info - Have repeatable security config process - Have automated checking process

Answer 400

Most attacks are due to systems being outdated

Answer 401

- Default Accounts - Demo pages - Debug Interfaces

Answer 402

- Separate Concerns - ACLs per component/app

Answer 403

- App-specific checklist to work through - Unifrom config for development, QA & deployment

Answer 404

Ensure an automated checking process

Answer 405

- Apps often allow redirections - Sends user off-site with a polite message - Reroute them immediately OR Forwards them to different part of the same site

Answer 406

- Attacker could redirect to their website to steal your data E.g. Bank website in email, when clicked can redirect you to the phishing website, the ultimate destination can be concelaed in URL encoding

Answer 407

YES, by URL encoding

Answer 408

- Preventing open redirects - Open mail Relays - ICMP broadcast GOOD PRACTICE OF ALL PROVIDES SECURITY FOR OTHERS

Answer 409

- Means of analysing software to figure out how it works, often without original code (LIKE TALING APART A TOY & SEEING HOW INSIDES WORK) - Examining low-level code, can remove protection & alter function - Good protection slows this down, NOT STOP IT

Answer 410

Lots of attacks we have seen trick a program into accepting data that is really code: - SQL Injection - XSS

Answer 411

Executable code can be written & edited - An attacker can do anything they want with the program, edit the code

Answer 412

- Security research - Debugging & Performance Optimiation - Learning how compliers & systems work

Answer 413

- File that computer can rin and understand. - Complier converts programs it into this binary format - Helps understand which tools are needed for reverse engineeing on each system

Answer 414

- Each OS has it own Binary format {Program compiled for one system won't run on another} - CPUs Understand specific Instruction

Answer 415

Need to know the binary format & CPU type the program is built for (DETERMINES TE TOOLS YOU SHOULD USE)

Answer 416

- Debugger - Disassembler - Decompiler

Answer 417

- Allows you to pause & inspect our running program - Helps you follow the program step-by-step & see's what's happening - Modify Contents of memory, CPU Registers & stack Frames

Answer 418

- Converts machine code into assembly code. - Show the assembly Instructions Binary is Machine code Assembly is Low-Level Language

Answer 419

- Translates machine code back into High-Level code to make it even easier to understand - Tries to recreate the original source cose (NOT PERFECT)

Answer 420

- The complier converts the high level code into machine code (Like Lossy Compression removes Variable names, an other redundant data) (IN Assembly each luine corresponds to a part to complete the function) - The Disassembler converts the Machine code into Assembly.

Answer 421

- Assembler converts assembly to binary - - Decomplier converts the Binary file into higher level code (NOT THE SAME AS ORIGINAL CODE)

Answer 422

**Optimisation:** Compiler may simplify the code, removing same steps **Variables Names:** Compiled, meaningful names like num are replaced with vauge things like edi **Onfuscation:** Some program are intentionally make harder to to reverse engineer mixing up the instruction.

Answer 423

- Optimisation remove parts - Removes Variable names - Other info can get lost

Answer 424

- Program might not be the orginal code written in C - Complier migh be unkniwn - Onfuscation can make decomping impossible

Answer 425

- Small, super-fast storage location inside the cpu - Holds data the CPU os currently working with - Registers are fast than normal memory because they are inside processor

Answer 426

Used for most calculations & Data movements

Answer 427

- **Instruction Pointer (RIP):** Keeps track of where the CPU it in the program - **Stack Pointer (RSP):** Points to the top of the stack (USED FOR FUN CALLS & VARIABLES)

Answer 428

- Large data - Referenced by Address - Stores large amounts of data for longer periods while program runs

Answer 429

- **Code** : Instruction the CPU executes - **Heap**: For Dynamic Memory - **Stack**: Temporary data like local Variables

Answer 430

Reverse Engineering, knowing where the data is stored helps you understand what the program is doing

Answer 431

Registers that describe different parts of the same memory cell

Answer 432

- Understand these register is key to reading assembly - E.g: If a program multiple numbers, will probably use RAX

Answer 433

- **RSP** in 64-bits *Stack Pointer AKA: ESP(32)/SPL(8)* - **RBP** in 64-bits *Base Pointer AKA: EBP(32)/BPL(8)*

Answer 434

- Key to reading assembly - Registers hold specific data for function

Answer 435

**- 64 bit:** RAX **- 32 bit:** EAX **- 8 high bits of lower 16 bits:** AH **- 8 bit:** AL

Answer 436

**- 64 bit:** RBX **- 32 bit:** EBX **- 8 high bits of lower 16 bits:** BH **- 8 bit:** BL

Answer 437

**- 64 bit:** RCX **- 32 bit:** ECX **- 8 high bits of lower 16 bits:** CH **- 8 bit:** CL

Answer 438

**- 64 bit:** RDX **- 32 bit:** EDX **- 8 high bits of lower 16 bits:** DH **- 8 bit:** DL

Answer 439

**- 64 bit:** RSI **- 32 bit:** ESI **- 8 bit:** SIL

Answer 440

**- 64 bit:** RDI **- 32 bit:** EDI **- 8 bit:** DIL

Answer 441

**- 64 bit:** R8-R15

Answer 442

- **move dst,scr** => puts the value in scr into dst - **push scr** => stores the current value scr onto the stack - **pop dst** => Loads data from dst to scr *Loads last stores value into scr* ## Footnote scr (SOURCE) dst (DESTINATION)

Answer 443

- **add dst,scr** => adds scr to dst *e.g. add rax, 10 => Adds 10 to the rax register* - **sub dst,scr** => subs scr from dst *e.g. sub rbx, 10 => subs 10 to the rbx register* - **imul dst, scr** => multiplies dst to sct *e.g. imul rax, 10 => multiplies the value in rax by 10*

Answer 444

- **ZF: Zero flag** set to 1 if the result is 0 - **SF: Sign flag** set 1 if the result is -VE - **OF: Overflow flag** set to 1 if operation overflowed

Answer 445

- Important for decisions in code - In Rev Eng, watch the flag change to understand the program flow

Answer 446

- **jmp label** jumps to label *e.g. jmp exit => Jumps to section labelled exit* - **call fn** calls a function, pushes current* IP* onto stack, and jumps to the function *e.g. call myFun => calls function named myFun* - **ret** Pop* IP* from the stack & continues from saved positon on stack *e.g. ret (Goes back to point from the stack)* - **cmp a,b** calculates b-a & sets flags *e.g. cmp rax,5 => compares rax with 5* - **test a,b** calcuates a&b & sets flags - **je label** Jumps to label if zero flag is set *e.g. je done => Jumps to done if the prev cmp was equal* - **jne label** Jumps to label if zero flag not set *e.g. Jumps if not equal (Opposite of jn)* - **nop** No-op instructions *DON'T DO ANYTHING*

Answer 447

- Instruction control program's logic - When REV ENG, follow these jumps to trace how the program works

Answer 448

- **and dst,scr** Performs a bitwise AND *e.g. and rax,0xFF keeps ont the loest 8 bits* (Both Bits must be 1) - **or dst,scr** Performs a bitwise OR *e.g. or rax,0x1 keeps ont hte loest 8 bits* (Either Bits can be 1) - **xor dst,scr** Performs a bitwise XOR *e.g. xor rax,rax sets rax to 0* (Flips bits where one is 1)

Answer 449

- Memory Access helps you track vatiables in a program - Crucial for understanding function arguments & local variables [] => REPRESENT that operand is Mem Address

Answer 450

- Use a specific memory address -e.g.:**mov eax,[0x1234]** *moves the value at 0x1234 into eax*

Answer 451

- Use a register holding an address - e.g.: **mov eax, [ebp]** *Moves the value at the address in ebp itno eax*

Answer 452

- Access memory relative to a register - e.g.: **mov eax, [rbp-4]** *Loads data 4 bytes before rbp*

Answer 453

- **Find important Vals:** Looks for mov instruction moving data to register - **Trace Decisions:** Id cmp by conditional jumps - **Modify Behaviour:** Bypass checks by relpacing jump with nop (Do nothing instructions)

Answer 454

**What is Happening:** - ***mov eax, [esp+1]* ** Loads a value from memory location 1 byte after esp inot eax register. esp hold the current position on the stack, so this reads data from stack - ** *add [esp +1]* ** This takes the value in eax & adds it to the value located 18 bytes after esp **Interpretation:** - Pattern typically moves data from mem to a register, modify & write it back - Common calculations for handling variables stored on stack **Importance:** -Pattern means the program is manipulating local variables in a function - In Rev Eng, the iding the pattern allow you to identify where importance data is stored & changed

Answer 455

**What is Happening:** - *** cmp [esp+1],3* ** Compare the value 1 byte after esp with 3 Doesn't change data, only updates flags - ** *je label1* ** Jumps to a specific part o the code if the 2 values are equal **Interpretation:** - Conditional checks; if the program jumps to another part of the code - Condition is false, program continues to next instruction **Importance:** - Used for if statements, loops & error checking - Understanding these jumps is critical for Rev Eng beacuse modifying the jumo can alter program behaviour

Answer 456

- Last-in-First-Out - Grows from high address to Low address - Top is always the lowest address - Bottom of stack is the oldest item *(i.e first function call)* - Used to manage & organise information for functions (func args, return address & local variables)

Answer 457

- RSP always points to top of stack - Data added, RSP values decreases - Data Removed, RSP value increases

Answer 458

**sub rsp,8** (subs 8 from stack pointer) *beacause 64 bit register holds 8 bytes* **mov [rsp], rax** (move rax into new position ontop of stack) (stores the rax value in the new mem location)

Answer 459

- Saves a value onto the stack - Pushes the value onto the lowest adrees in the stack

Answer 460

Multiple push instructions decreases stack pointer further

Answer 461

**mov rax, [rsp]** Get the value from the top of the stack **add rsp,8** Move stack pointer up

Answer 462

- Returns the top of the stack - Then moves the Stack pointer to the next lowest position

Answer 463

- Data does not overwrite memory - Data is not erased (No longer referenced) - Value still exist until a new push, puts new data onto the stcak

Answer 464

- How data is passed to & from functions - Ensures that both caller & callee agree on how to handle the stack - First 6 integers & pointers arguments should be passed by registers ***Example:*** 1. rdi (1st Arg) 2. rsi (2nd Arg) 3. rdx (3rd Arg) 4. rcx (4th Arg) 5. r8 (5th Arg) 6. r9 (6th Arg) - Extra Args go on Stack - Return val is stored in rax

Answer 465

1) First, args 7 & 8 are pushed on the stack 2) Other args go in registers (rdi,rsi,etc) 3) Call Instruction is used to jump to myFunc 4) returns value stored in rax

Answer 466

- Register hold the first 6 args - Extra arguments go on the stack - **RIP** is saved to return after the call

Answer 467

- Location the program returns to after finishing a function - **call** instruction saves this address on the stack - **ret** instruction pops it to resume execution **Importance:** - Changing the return address can redirect the program

Answer 468

- Is the organised setion of the stack where the function's: - Args - return Address - Local Variables Are stored

Answer 469

**push rbp, 24;** save old base pointer **move rbp,rsp;** set new base pointer **sub rsp,24;** reverse space for local vars

Answer 470

**add rsp,24;** clean up local vars **pop rbp;** restore old base pointer **ret;** return to caller

Answer 471

- Look for human-readable text (*e.g. error message*) - Instruction Manipluataion (*e.g. Swap je & jne*) - Id key tests & check the vals in the register using debugger - Replace the instruction that perform checks with a nop (*e.g. can bypass security attacks*)

Answer 472

**Dynamically Construct Code:** - *Attacker can run the code * **Encrypt the Binary:** - Program must include the key for it to be executable (Not readable until its ran) **Obfuscation:** - Mix data & code so its harder to read - Can slow down attacks by months/years **Online Activation:** - Force the program to connect to a server - *Completely disabled by an attacker* **Require Online Content** **Require a hardware dongle** **Hardware-based protection:**store & run part of the code in tamper-resistant hardware

Network & Security Flashcards

Revision for the Network and Security Module

comment