Updating for ep12

zachroofsec · zachroofsec · commit 0aff1cb13950 · 2018-07-01T20:30:44.000-04:00
diff --git a/ep12-clickjacking/readme.org b/ep12-clickjacking/readme.org
@@ -42,115 +42,7 @@ injection-fundamentals-4
   :header-args: :tangle (src_path :tutorial 'injection-fundamentals-4) :mkdirp yes :noweb yes :exports code :src_dir (src_parse :tutorial 'injection-fundamentals-4) :filename (src_path :tutorial 'injection-fundamentals-4)
   :CUSTOM_ID: h-CF80E32A-A437-49F9-B392-7CDA7A51D79A
   :END:
-** Metadata                                                        :noexport:
-   :PROPERTIES:
-   :CUSTOM_ID: h-DD1FE88E-6C85-4324-B0F8-B07A67161A6C
-   :END:
-** Config Files                                                    :noexport:
-   :PROPERTIES:
-   :header-args: :tangle (config_path :tutorial 'injection-fundamentals-4) :mkdirp yes :noweb yes :exports no :src_dir (src_parse :tutorial 'injection-fundamentals-4)
-   :CUSTOM_ID: h-7533202F-D026-4986-85B6-D81AF4F47277
-   :END:
- #+NAME:package.json
- #+BEGIN_SRC json
-   {
-     "name": "securingthestack",
-     "version": "1.0.0",
-     "description": "Interactive Examples",
-     "main": "",
-     "scripts": {
-       "test": "echo \"Error: no test specified\" && exit 1"
-     },
-     "repository": {
-       "type": "git",
-       "url": "git+https://github.com/SecuringTheStack/tutorials.git"
-     },
-     "author": "Zach Roof",
-     "license": "SEE LICENSE IN license.org",
-     "bugs": {
-       "url": "https://github.com/SecuringTheStack/tutorials/issues"
-     },
-     "homepage": "https://github.com/SecuringTheStack/tutorials/blob/master",
-     "devDependencies": {
-       "nodemon": "^1.12.7"
-     }
-   }
-   #+END_SRC
-
- #+NAME:node-dockerfile
- #+BEGIN_SRC dockerfile
-   FROM node
-   # For simplicity, we're keeping this Dockerfile very small.
-   # From a security perspective, this Dockerfile shouldn't
-   # be considered "production ready".
-   ARG NODE_PATH=/home/node/app/
-   COPY package.json $NODE_PATH
-   COPY src $NODE_PATH/src
-   COPY node-dockerfile-wrapper.sh $NODE_PATH
-
-   RUN apt-get update && apt-get install -y \
-     && cd $NODE_PATH \
-     && chown node:node node-dockerfile-wrapper.sh \
-     && chmod +x node-dockerfile-wrapper.sh \
-     && npm install
-
-   CMD ["bash"]
- #+END_SRC
-
- #+NAME:node-dockerfile-wrapper.sh
- #+BEGIN_SRC sh
-   #!/bin/bash
-   EX_NUM=$1
-   EXEC_MODE=$2
-   ENV_SECRET="This is a secret"
-
-   if [[  -z "${EX_NUM// }" ]]; then
-       echo "Please set EX_NUM"
-       echo "Ex: EX_NUM=1 docker-compose up"
-       echo "Additional help: https://sts.tools/setup"
-       exit 1
-   fi
-
-   # Start nodemon
-   npx "${EXEC_MODE:-nodemon}" "src/${EX_NUM}/${FILE:-app.js}"
-   status=$?
-   if [ $status -ne 0 ]; then
-     echo "Failed to start Node: $status"
-     exit $status
-   fi
- #+END_SRC
-
- #+NAME:docker-compose.yml
- #+BEGIN_SRC yaml
-   version: "3"
-   # For simplicity, we're keeping this file very small.
-   # From a security perspective, this docker compose shouldn't
-   # be considered "production ready".
-   services:
-     node:
-       build:
-         context: .
-         dockerfile: node-dockerfile
-       image: "securingthestack/<<CURRENT_TUTORIAL>>"
-       user: "node"
-       working_dir: /home/node/app
-       environment:
-         - NODE_ENV=dev
-         - NPM_CONFIG_LOGLEVEL=info
-       volumes:
-         - ./src:/home/node/app/src
-       command: ["./node-dockerfile-wrapper.sh", "$EX_NUM", "$EXEC_MODE"]
- #+END_SRC
-** Course Notes                                                    :noexport:
-   :PROPERTIES:
-   :CUSTOM_ID: h-6DA5D248-359E-4D95-B72D-C5D3364F0D05
-   :END:
-  var ps = execFile('ps', ['aux']);
-  ps.stdout.on('data', function(data) {
-    // Add in debugging output to help with exercise
-    console.log(data);
-  });
-** Table Of Contents                            :toc_3_gh:injection:noexport:
+** Table Of Contents                                     :toc_3_gh:injection:
    :PROPERTIES:
    :CUSTOM_ID: h-E2FCBD6C-BE30-4131-A6AE-844E0BE39093
    :END:
@@ -174,137 +66,6 @@ injection-fundamentals-4
   - [[#additional-resources][Additional Resources]]
   - [[#error-log][Error Log]]
 
-** Help Me/Important StS Links                                     :noexport:
-   :PROPERTIES:
-   :CUSTOM_ID: h-DBE0041D-8E72-4A59-99CB-467436C5F079
-   :END:
-- Video
-- Prerequisites
-- Env Setup
-- Ask A Question In Forums
-- Chat Support
-- Overarching Playlist
-
-** TODO StS Tutorial Description Links                             :noexport:
-   :PROPERTIES:
-   :CUSTOM_ID: h-50911AC2-02C5-4A1D-9588-BFB95BA17C45
-   :END:
-+ Course Resources/Notes: https://github.com/SecuringTheStack/tutorials/tree/master/injection-fundamentals-4
-+ Environment Setup/Error Reporting: https://sts.tools/setup
-+ Prerequisites: https://github.com/SecuringTheStack/tutorials/blob/master/injection-fundamentals-4/readme.org#knowledge-dependency-tree
-+ Injection Playlist: https://securingthestack.com/p/injection-playlist
-+ Additional Resources: https://github.com/SecuringTheStack/tutorials/blob/master/injection-fundamentals-4/readme.org#additional-resources
-+ Ask A Question: https://sts.tools/injection-question
-
-** Cross-Site Scripting (XSS) NOTES and MasterClass/SyntaxCon flow :noexport:
-   :PROPERTIES:
-   :CUSTOM_ID: h-E9CAADC9-3E6A-4CA0-A78C-E5DBE5EAE02B
-   :END:
- + Depends On
-   + SOP Lecture
- + Make modular enough to be included within the Injection Masterclass
- + Define injection after you show xss
- + Overall flow of lectures
-   1. What is XSS?
-      1. NEED a generic INTRO of what XSS is
-   2. DOM XSS
-   3. EXTRA: In-depth exercise
-   4. Reflected XSS
-   5. EXTRA: In-depth exercise
-      1. From juice shop
-   6. What is BeeF?
-   7. EXTRA: Exploit with Redis
-   8. After Syntax
-      1. Create ~XSS Mitigations~ module
-
-** Overall Scope                                                   :noexport:
-   :PROPERTIES:
-   :CUSTOM_ID: h-A0015150-C4F0-4CAE-A649-63BE52B09A34
-   :END:
-+ Full-stack Injection: Exploiting Our Security Assumptions
-+ We often forget that there's unknown- unknowns
-+ XSS
-  + "Client-side validation is silly.  We only do it on the server"!
-  + DOM XSS
-  + BF example.  Payload pulled into localstorage
-  + Dev flawed assumption
-  + Devs/DevOps miscommunications
-+ "If we firewall our internal services, we are safe from external connectivity
-  + DevOps flawed assumption
-+ "We are safe by segmenting our databases"
-  + elasticsearch restore
-  + but are we segmenting your backups?
-  + put backups in s3 and restore another clusters backups
-  + devops flawed assumption
-+ All flawed assumptions equal a complete compromise
-+ Allow CORS from localhost
-+ https://github.com/spalger/elasticsearch-angular-example/issues/3
-+ https://www.elastic.co/guide/en/elasticsearch/reference/6.x/cluster.name.html
-  + Default cluster name `elasticsearch`
-+ Flow
-  + Devs enable CORS for local dev envs
-    + Common with elasticsearch/kibana within ELK stack
-    + Could be other envs/overall dev envs
-  + Script
-    + Cross-Origin Scanner to find vulnerable 9200 instances
-      + Check on localhost first, then do LANS including VPC default CIDRs
-    + Find Any ES clusters that have CORS protection
-      + If found
-        + Inject CORS disabled instance
-          + Join cluster of other instance
-          + by default
-
-** Talk Summary                                                    :noexport:
-   :PROPERTIES:
-   :CUSTOM_ID: h-D9EDAA95-63AC-4B1E-9A5D-A27B41998DF1
-   :END:
-+ Talk Title: "Exploiting Local Dev Environments"
-
-+ When developing locally, we often loosen the security of our local environment
-  to make testing/debugging easier. However, what if others on the public
-  internet could easily access this environment? Further, what if your local
-  environment could be leveraged to steal production data?
-
-+ In this talk, we'll sit at the security "intersection" of Developers and
-  DevOps Engineers, and witness how local dev environments can interact with our infrastructure in unintended ways.
-
-+ Additionally, we'll explore this topic through a realistic example which includes the following:
-  1. BeEF (Browser Exploitation Framework)
-  2. Cross-Site Scripting (XSS)
-  3. Same Origin Policy (SOP)
-  4. Cross-Origin Resource Sharing (CORS)
-  5. Elasticsearch
-
-** Running Locally                                                 :noexport:
-   :PROPERTIES:
-   :CUSTOM_ID: h-E21B7A9D-3C3C-40D1-9F1C-E1659ACE6C55
-   :END:
-+ Update ~/etc/hosts~
-  + ~127.0.0.1	evil.example.com~
-  + ~127.0.0.1	victim.example.com~
-  + ~127.0.0.1	prod.example.com~
-+ BeEf Server Credentials
-  + Username/Password: ~beefy~
-+ Running
-  + ~git clone https://github.com/zachroof/community.git~
-  + cd $REPO/syntaxcon
-  + ~docker-compose up~
-    + Be careful, this runs an intentionally vulnerable web application
-
-** Who Am I?                                                       :noexport:
-   :PROPERTIES:
-   :CUSTOM_ID: h-64F7C04A-3B25-4AFD-88AB-D2201D356BA5
-   :END:
-#+ATTR_REVEAL: :frag (default)
-+ Developer Life
-  + Froliced through Frontend/Backend Code
-+ InfoSec Life
-  + AppSec
-+ DevOps/Security Life
-  + Current role at Snag
-  + Help build internal DevOps tooling
-  + Security infrastructure
-+ Blah Blah Blah.. Dude, what does this have to do with this talk?!
 ** Talk Scope
    :PROPERTIES:
    :CUSTOM_ID: h-853FB39F-D352-437D-BFA7-1B19A6A40BC7
