Update bold metacharacter to be consistent with notes2html.

guifre · guifre · commit c10b680872a0 · 2018-02-13T17:16:22.000Z
diff --git a/androidtesting.txt b/androidtesting.txt
@@ -16,8 +16,8 @@
     Vulnerabilities on the servers.
 
 M1 - Improper platform usage
-    Miss-configuration in *AndroidManifest.xml*, check *https://developer.android.com/guide/topics/permissions/requesting.html#normal-dangerous*.
-    If the application uses the fingerprint, test this *https://www.blackhat.com/docs/us-15/materials/us-15-Zhang-Fingerprints-On-Mobile-Devices-Abusing-And-Leaking-wp.pdf*
+    Miss-configuration in **AndroidManifest.xml**, check **https://developer.android.com/guide/topics/permissions/requesting.html#normal-dangerous**.
+    If the application uses the fingerprint, test this **https://www.blackhat.com/docs/us-15/materials/us-15-Zhang-Fingerprints-On-Mobile-Devices-Abusing-And-Leaking-wp.pdf**
 
 M2 - Insecure Data storage
     Consider XML or SQL injection if the application uses this formats.
diff --git a/mobilesec.txt b/mobilesec.txt
@@ -1,5 +1,44 @@
 *Mobile security*narrative
 
+Threats
+    Apps perform network communication, which can occur through unsecure networks such as cafe wifi.
+    The phone can be lost or stolen, no app data should be available in the filesystem
+    Unofficial markets provide malware threats
+    Big attack surface (NFC, bluetooth, camera, SMS, USB, QR, ...)
+
+Common vulnerabilities
+    Insecure data storage: data in cleartext, hardcoded keys, or other means that can be reversed engineered.
+    Insecure transmission of data: not using TLS or implemented incorrectly
+    Lack of binary protections: No having protections against debugging, tampering, reverse engineering.
+    Client-side injection: untrusted data in handled in an unsafe manner
+    Hard-coded passwords: in the app code or data.
+    Leakage of sensitive data: leaking data through OS or frameworks.
+
+Mobile OWASP top 10
+    M1 - Improper platform usage
+    M3 - Insufficient Transport Layer (on server side)
+    M2 - Insecure Data storage
+    M4 - Insecure Authentication
+    M5 - Insufficient Cryptography
+    M6 - Insecure Authorization
+    M8 - Code Tampering
+    M9 -Reverse Engineering
+    M10 - Extraneous Functionality
+
+
+Mobile pentest
+
+Static analysis
+    Use **http://jd.benow.ca/** to decompile to APK classes. Read the code to understand what libraries it uses, how communication is handled and obvious flaws.
+
+Network traffic
+    Intercept requests using Burp
+
+Data storage
+    Encrypted?
+
+
+
 IOS Security
 
     Secure Boot Chain
@@ -137,7 +176,7 @@ Decompile classes
     First get the jar:
     *$ sh dex2jar.sh diva-beta.apk
 dex2jar diva-beta.apk -> diva-beta_dex2jar.jar*
-    You can use *JD-GUI* to decompile the classes
+    You can use **JD-GUI** to decompile the classes
 
 Getting AndroidManifest.xml and smali code
     *$ java -jar apktool_2.0.3.jar d diva-beta.apk -o output8*
diff --git a/pentesting.txt b/pentesting.txt
@@ -1,7 +1,7 @@
 *Pentesting*
 Report
-    The *executive overview* summarizes the attacks and indicates their potential business impact while suggesting remedies.
-    The *technical summary* will include a methodological presentation of the technical aspects of the penetration test and is usually read by IT management and staff.
+    The **executive overview** summarizes the attacks and indicates their potential business impact while suggesting remedies.
+    The **technical summary** will include a methodological presentation of the technical aspects of the penetration test and is usually read by IT management and staff.
 
 
 HAProxy upstream proxy load balancing VPN
diff --git a/python.txt b/python.txt
@@ -1,7 +1,7 @@
 Use Map reduce to divide CPU intensive tasks:
     *def get_paths():
     return []
-    *def get_inpus():
+def get_inpus():
     return []
 pool = Pool(4)
 paths = pool.map(get_paths, get_input())*
diff --git a/sqli.txt b/sqli.txt
@@ -1,11 +1,11 @@
 *SQLI Injection*
 
-SQLI
+SQLI impact
     Bypass auth
-    Leak db
-    Find passwords, reuse in SSH, etc
-    MySql: drop a backdoor, read sensitive files
-    MsSql: code execution
+    Dump DB
+    Find passwords, find reuse in SSH, etc
+    MySql: read sensitive files, write arbitrary files (backdoor).
+    MsSql: Code execution
 
 Testing SQLI
     Test error based sending ' " ; and look for errors.
@@ -29,7 +29,7 @@ or 1=1 --
 admin' --*
 
 MsSql attacks
-    Group by + having can be used to specify a search condition for a group and aggregate the result.
+    Group by and *having* can be used to specify a search condition for a group and aggregate the result.
         1. Sending ' having 1=1-- should produce column 'table.column1' is invalid...
         2. Sending ' group by table.column1 having 1=1--- should produce: column 'table.column2' is invalid...
         3. Sending ' group by table.column1,table.column2 HAVING 1=1-- should end up generating no error when you put all the columns.
