#badhax
Kali Linux: Penetration Testing
The Credo of the Lock Picker: You may only pick locks that you own, or those to which you've been given explicit permission to pick by the rightful owner
Social Engineering

Cookies

How websites remember you
Every time you request a page from a website, you send it any cookies it gave you
Every time it sends you a page, it tells you new cookies to set
Seven Layers of Networks
Open Systems Interconnection (OSI) model
The OSI model: seven layers of networks
Each layer only talks to the layer above and below it
The seven layers pictured a third way, taken from Wikipedia: https://en.wikipedia.org/wiki/OSI_model#Description_of_OSI_layers
screenshot of ebay with all of the images flipped upside down Upside-Down-Ternet
Ok, so Wireshark
screenshot of wireshark interface
wireshark interface: network layer 2 highlighted
wireshark interface: network layer 1 highlighted
wireshark interface: network layer 3 highlighted
wireshark interface: network layer 4 highlighted
wireshark interface: network layer 7 highlighted
wireshark interface: network layer 6 highlighted
First person to hack me gets 5cɃ
Second person to hack me gets 5cɃ

Firesheep

(baaaa)
Protect Yourself with a VPN
Building a site?

Use HTTPS everywhere

XSS

Cross-Site Scripting
<input type="search" name="q" value="harper">
filling the input with "><script>alert(document.cookie)</script><input type="hidden 

<input type="search" name="q" value="

"><script>
  alert(document.cookie)
</script><input type="hidden

">
X-Xss-Protection: 0
Making it last
In a comment on catmeanings.herokuapp.com, "This cat is definitely about drugs. <script>alert('hello')</script>"
Caught with my hand in the Catnip Jar

XSRF/CSRF

Cross-Site Request Forgery
<form action="/users/dumb_update" method="get">
<img src="http://catmeanings.herokuapp.com/users/dumb_update?user[email]=lol%40lol.lol&user[password]=p0wned&user[password_confirmation]=p0wned" />
SQL Injection
A woman is talking on the phone, holding a cup / Phone: Hi, this is your son's school. We're having some computer trouble. Mom: Oh dear—did he break something? / Phone: In a way— Phone: Did you really name your son "Robert'); DROP TABLE Students;--" ? / Mom: Oh, yes. Little Bobby Tables, we call him. Phone: Well, we've lost this year's student records. I hope you're happy. / Mom: And I hope you've learned to sanitize your database inputs

Other Resources

Class Survey