April 21

first : "the thief no one saw"

topics to discuss

dns and exploration

• whois | command line | may be hidden by registrar these days
• dns lookup | "man dig" | "man host" | reverse lookup
• other: ping , traceroute
• HTTP GET ... and info in response
• VPN
  • related : ssh tunnels ... that we discussed when talking about flask on cs.marlboro

sql injection

... maybe something to play around with yourself this week ?

1. create a toy sqlite database
2. write a toy python script to interact with it, command line "change user name"
3. do that with and without correct string sanitizing
4. profit ?

networks

• fscan ... dated
  • scanline
  • nmap
• banner grabbing
• network shares ... windows

wireshark

related

• ipv4
• ipv6
• openvpn | wireguard

other things you could try

• ... maybe look at packets on your own network this week?
• can you figure out what machines are on your network from the packets alone?
• what are the packet types ... report back

second

Your red-team / blue-team investigations ?

third

recipe site ... on hold for now.

next ?

• read the next chapter for Thursday, "flying the friendly skies"
• decide ?