undergroundwires / ceh-in-bullet-points Goto Github PK
View Code? Open in Web Editor NEWπ» Certified ethical hacker summary in bullet points
Home Page: https://cloudarchitecture.io/hacking
License: Creative Commons Attribution 4.0 International
π» Certified ethical hacker summary in bullet points
Home Page: https://cloudarchitecture.io/hacking
License: Creative Commons Attribution 4.0 International
IoT Architecture Layers have a different structure in the v11 book (No mention to business layer there, instead Access Gateway Layer is defined). This is often included in exam prep questions; Usually a definition is given and a name is required.
5 Layers of IoT Architecture are:
Edge Technology Layer
This layer consists of all the hardware components, including sensors, radio-frequency identification (RFID) tags, readers, or other soft sensors, and the device itself. These entities are the primary part of the data sensors that are deployed in the field for monitoring or sensing various phenomena. This layer plays an important part in data collection, and in connecting devices within the network and with the server.
Access Gateway Layer
This layer helps to bridge the gap between two endpoints, such as a device and a client. The initial data handling also takes place in this layer. This layer carries out message routing, message identification, and subscribing.
Internet Layer
This is a crucial layer as it serves as the main component in carrying out communication between two endpoints, such as device-to-device, device-to-cloud, device-to-gateway, or back-end data sharing.
Middleware Layer
This is one of the most critical layers that operates in two-way mode. As the name suggests, this layer sits in the middle of the application layer and the hardware layer, thus behaving as an interface between these two layers. It is responsible for important functions such as data management, device management, and various issues like data analysis, data aggregation, data filtering, device information discovery, and access control.
Application Layer
This layer, placed at the top of the stack, is responsible for the delivery of services to the relevant users from different sectors, including building, industrial, manufacturing, automobile, security, healthcare, etc.
In Cloud attacks I would add a couple more that are included in official course-ware (v11) and show in exam prep questions:
Cloud Attacks: Cloud Hopper Attack
Cloud Hopper attacks are triggered at the managed service providers (MSPs) and their users
Attackers initiate spear-phishing emails with custom-made malware to compromise the accounts of staff or cloud service firms to obtain confidential information
Cloud Attacks: Cloudborne Attack
Cloudborne is a vulnerability residing in a bare-metal cloud server that enables the attackers to implant a malicious backdoor in its firmware. The malicious backdoor can allow the attackers to bypass the security mechanisms and perform various activities such as watching new userβs activity or behavior, disabling the application or server, and intercepting or stealing the data.
Vulnerabilities in the bare-metal cloud server and inappropriate firmware re-flashing can pave the way for attackers to install and maintain backdoor persistence.
1.i.b Discusses OS attacks. One line states that unpatched operating systems can allow for zero days. If they are vulnerable due to a known issue that has a patch, it is not a zero day. Clarification is necessary to avoid confusion for new learners.
Thanks for your effort!
However it's not very reader-friendly - have you thought about using any docs system for your project ? (with reading mode, etc ?).
Would you like your repo to be converted into reader-friendly site? (I thought about mkdocs with material).
This would adding indexes to files & commiting some code from mkdocs. Here is example screenshot of what I tried locally.
Note the features:
Please let me know if I should start working on it.
Then you can publish it on github pages & everyone can look at it in more reader-friendly mode.
hey thanks for developing it can you help me by sending a video tutorial how to use it?
In Banner Grabbing Tools sections says:
"nmap -0 for OS automatic fingerprinting" but I think it should be "nmap -O " according to Nmap.org.
It could be a silly thing that has to do with github font or my browser (if so, I'm sorry for bringing this up) but might generate some confusion for newbies like me.
Thanks for the resources!
I think the sentence "Computer B in that case can send RST packet to computer B." needs to be reviewed. Author probably meant "to computer A"
I think in the line "e.g. through host discovery using nmap e.g. nmap -sn 192.168.0.0" the Nmap scan is missing /16
Thank you for that awesome repo!
03-scanning-networks/scanning-networks-overview.md
Hello,
Just wanted to let you know that https://cloudarchitecture.io/hacking appears to be down.
While performing a Xmas Scan if target port is closed, target will send a packet with RST flag up to the attacker.
Arrow should point from Target to Attacker.
Thanks for the bullet-points. Really helpful. Great content! :)
Hi Guys,
This site has been so helpful. I did notice the arrow for a closed port on the half-open scan is going from the attacker to the victim. But as the port is closed should it not be from the victim to the attacker. A Wireshark test confirmed it.
OR
I made a silly mistake and apologies for the interruption.
Thanks
Tim
https://github.com/undergroundwires/CEH-in-bullet-points/blob/master/chapters/03-scanning-networks/scanning-techniques.md
Last row of XOR cipher table should indicate A = 1 ; B = 1 ; Output = 0
A declarative, efficient, and flexible JavaScript library for building user interfaces.
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. πππ
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google β€οΈ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.