Notes & Work in progress:
Working list of Flaws:
Users have access to installation - beginnerUsers have access to uninstallment - beginner
Admin does not have access to certain privileges - intermediate
Certain websites aren’t blocked - intermediate
Admin doesn’t have password - beginner
Users have access to the internet - beginner
Users have access to the control panel - intermediate
Limited download size - intermediate
Unidentified hardware devices can not be plugged in - intermediate
Users can change the password of other users - intermediate
Admin has no password
● Unauthorized user is there
● Check for anything unauthorized
○ Such as Mp3 files
○ Viruses
○ Remote Host
● Update firewall
● Connect to Wifi
● Phishing e-mails
● Block restricted sites
1. Passwords that are poor (easy)
2. No passwdz (E
3. Set passwords according to the rules E
4. Make the person change the password rules [I
5. Edit sharing permissions I
6. Make the .DMG not able to w or x mp3s. Advanced
7. Make them look for unauthorized files in the other users directories E
8. Use the password recycle rule and edit it. E
9. Look for unauthorized accounts. E
10. Look for banned files. E
11. Get anti-virus software if needed. I
12. Quit all unauthorized processes I
13. Uninstall all redundant and unnecessary applications. I
14. Get rid of torrents E
Beginner:
1. Weak or Default Passwords
o Leave admin password to default
2. Misconfigured Firewall
o Accepting all incoming connections
3. Unused services and open ports
o Leaving port open to access the system remotely
4. Ransomware on Browser opening
o Pre-package the system to contain a ransomware file disguised as the default browser
5. Every user has administrative privileges (Excessive privileges)
o Automatically grant all new users full access
6. Lack of Malware Protection
7. Weak or nonexistent drive encryption
8. Clickjacking
Intermediate:
9. Missing Patches
o Set the system not to automatically update
Expert:
10. Hidden Backdoor
o Leave a backdoor to the system
cloud is not safe it creates new security problems
Actual strong passwords are important so having a shitty password would be a vulnerability
Automatic wifi connecting
Disabling Firewalls, and Windows defender
Leave cookies and automatic saving passwords on the internet
Having all accounts have admin access
Have any authentication systems off or removed
Injection flaws
Having direct hacking by someone placing usb in computer or something of that sort
Using software that is known to have vulnerabilities
1. Avoid Updates -
● Beginning
2. Keep Old Versions of Applications -
● Beginning
3. Disable User Account Control (UAC) Features -
● Intermediate
4. Double-Click Everything -
● Beginning
5. Download Random Programs From Anywhere -
● Intermediate
6. Open up your Wi-Fi to everyone! -
● Beginning
7. Surfing on an Administrator - Enabled Account-
● Intermediate
8. Continuing to Use Windows XP -
● Beginning
9. Using the Same Password. Everywhere -
● Beginning
10.Not Using Antivirus Software -
● Intermediate
Beginning
Admin Password
User Setting
Update Browser
Admin Password
User Setting
Update Browser
Setup Password setting
Change Date back to normal
Immediate
Change Date back to normal
Immediate
Update Firewall
Remove Video/Media
Uninstall a software that Repeated Play a Song or Sound
Change Language back to normal
Remove remote Bluetooth
Uninstall a software that Repeated Play a Song or Sound
Change Language back to normal
Remove remote Bluetooth
Change Public Wifi to Private
Set a website that will ping the IP of the VM
Advance
Set a website that will ping the IP of the VM
Advance
Remove viruses or Malware
Installing an Antivirus program
Remove advance Host
Disable Software on Machine that cause problems
1. Unprotected users - beg
2. Admin doesnt not have a password -beg
3. Have a rat on there that would start when clicking on control panal - xpert
4. Have zero virus protection - beg
5. Have a timer on the side that counting down 15 min and after the 15 ed a ddos attack
happens -xpert
6. Have adware pop up on the screen until they disable and uninstall - inter
7. Have a harmless virus installed on the image - inter
8. Have unwanted add-ons in the web browser - inter
9. Have a fake password capture pop up on boot up that send password to bad people -
inter
10. Have a fake bank account statement pop up and push them to sign into their account in
which the computer has a key logger - xpert
11. Have a lot of vulnerable system files -inter
12. Make every password simple and the same- inter
13. Have installed programs automatically enabled- xpert
14. Have the browser stay logged into admin email - inter
15. Have a whole bunch of websites and tabs open with un updated antivirus
2. Admin doesnt not have a password -beg
3. Have a rat on there that would start when clicking on control panal - xpert
4. Have zero virus protection - beg
5. Have a timer on the side that counting down 15 min and after the 15 ed a ddos attack
happens -xpert
6. Have adware pop up on the screen until they disable and uninstall - inter
7. Have a harmless virus installed on the image - inter
8. Have unwanted add-ons in the web browser - inter
9. Have a fake password capture pop up on boot up that send password to bad people -
inter
10. Have a fake bank account statement pop up and push them to sign into their account in
which the computer has a key logger - xpert
11. Have a lot of vulnerable system files -inter
12. Make every password simple and the same- inter
13. Have installed programs automatically enabled- xpert
14. Have the browser stay logged into admin email - inter
15. Have a whole bunch of websites and tabs open with un updated antivirus
- All accounts have admin rights - int
- Internet explorer is installed - beg
- No users have passwords - beg
- All users in a meme workgroup instead of the right one - int
- All ports open - int
- Firewall off - beg
- No antivirus installed - beg
- No admin password - beg
- No dank memes - EXTREMELY ADVANCED CONCEPT
- FTP server up - adv
- Literally viruses on the computer - int
- Videos/illegal media on the computer - beg
- Desktop background a meme - beg
- Wrong screen resolution - beg
- Internet explorer is installed - beg
- No users have passwords - beg
- All users in a meme workgroup instead of the right one - int
- All ports open - int
- Firewall off - beg
- No antivirus installed - beg
- No admin password - beg
- No dank memes - EXTREMELY ADVANCED CONCEPT
- FTP server up - adv
- Literally viruses on the computer - int
- Videos/illegal media on the computer - beg
- Desktop background a meme - beg
- Wrong screen resolution - beg
● Users that have access to the computer do not have passwords - beginner
○ Create passwords for each user
● Users that aren’t admins have admin powers - beginner
○ Take away admin powers from any users that should not have access to it
● Malware protection isn’t fully updated - inter
○ Update malware protection
● Secure guest accounts - beginner
● Provide rules for password strength - inter
● Close/ Delete programs that aren’t supposed to be on the computer - Inter
● Delete pictures and videos that should not be on the computer - beginner
● Forget wifi networks that shouldn’t be used - beginner
● Update software protection - beginner
● Make sure the computer has the date and time - beginner
○ Create passwords for each user
● Users that aren’t admins have admin powers - beginner
○ Take away admin powers from any users that should not have access to it
● Malware protection isn’t fully updated - inter
○ Update malware protection
● Secure guest accounts - beginner
● Provide rules for password strength - inter
● Close/ Delete programs that aren’t supposed to be on the computer - Inter
● Delete pictures and videos that should not be on the computer - beginner
● Forget wifi networks that shouldn’t be used - beginner
● Update software protection - beginner
● Make sure the computer has the date and time - beginner
Beginners -
● Admin has no passwords
● Unwanted users
● The date is set to 100 years back
● Unwanted files, picture, videos, etc…
● Has a bad, not secure passwords
Inter -
● No virus or malware protection
● Files that cannot be deleted
● Users who are not allowed to access areas can access it
● Add virus that copies files
● The browser does not work
● Video cam doesn’t work
Expert -
● Can’t connect to wifi
● Automatically connects to wifi
● touchpad or mouse doesn’t work
● Skype security
● Admin has no passwords
● Unwanted users
● The date is set to 100 years back
● Unwanted files, picture, videos, etc…
● Has a bad, not secure passwords
Inter -
● No virus or malware protection
● Files that cannot be deleted
● Users who are not allowed to access areas can access it
● Add virus that copies files
● The browser does not work
● Video cam doesn’t work
Expert -
● Can’t connect to wifi
● Automatically connects to wifi
● touchpad or mouse doesn’t work
● Skype security
1. Windows defender off
a. Beginner
b. Turn off windows defender
2. Firewall off
a. Beginner/Intermediate
b. Turn off firewall
3. Admin has no password
a. Beginner
b. Delete admin’s password
4. Users are admin when not supposed to be
a. Beginner
b. Make users admin
5. There is a web server running that is not supposed to be
a. Expert
b. Have a web server in the startup folder
6. Internet explorer is the default browser
a. Beginner
b. Default
7. No ports are blocked
a. Intermediate
b. Change firewall settings
8. There is media on the computer that shouldn’t be on it
a. Beginner/Intermediate depending on the implementation
b. Put media on the machine
9. There is an FTP server running
a. Expert
b. Same as 5
10. There is a remote desktop instance installed on the machine
a. Expert
b. Make a remote desktop instance
user s with admin access who shouldn't have it.
2. Extra user who shouldn't be there.
3. Admin doesn't have a password.
4. Image doesn't work.
5. Virus
6. Not booting
7. Discoloration in imaged
8. Fire wall not set up right
9. Old software
10. Fake virus
a. Beginner
b. Turn off windows defender
2. Firewall off
a. Beginner/Intermediate
b. Turn off firewall
3. Admin has no password
a. Beginner
b. Delete admin’s password
4. Users are admin when not supposed to be
a. Beginner
b. Make users admin
5. There is a web server running that is not supposed to be
a. Expert
b. Have a web server in the startup folder
6. Internet explorer is the default browser
a. Beginner
b. Default
7. No ports are blocked
a. Intermediate
b. Change firewall settings
8. There is media on the computer that shouldn’t be on it
a. Beginner/Intermediate depending on the implementation
b. Put media on the machine
9. There is an FTP server running
a. Expert
b. Same as 5
10. There is a remote desktop instance installed on the machine
a. Expert
b. Make a remote desktop instance
user s with admin access who shouldn't have it.
2. Extra user who shouldn't be there.
3. Admin doesn't have a password.
4. Image doesn't work.
5. Virus
6. Not booting
7. Discoloration in imaged
8. Fire wall not set up right
9. Old software
10. Fake virus
No comments:
Post a Comment