Learning Notes

Examining the type of database and its details like version, how many tables and what the table holds is useful. Cheat Sheet SQL Injection https://portswigger.net/web-security/sql-injection/cheat-sheet Do SQL Injection to retrieve the database version.  (ORACLE) Lab-07 - SQL injection attack, querying the database type and version on Oracle (1) Determine the number of columns ' order by 3 -- -> internal server error 3 - 1 = 2 (2) Determine the data types of the columns ' UNION SELECT 'a', 'a' from DUAL-- -> Oracle database (3) Output the version of the database ' UNION SELECT

Boot Methods: - USB Storage (Bootable USB. PC System must have USB Booting Enable) - CD-ROM and DVD-ROM (Common media going out of phase) - PXE ("PIXIE") - Preboot eXecution Environment (Have OS files on a server and pc perform a remote network installation. Computer must support botting with PXE) - NetBoot (Apple's macOS version of PXE) - SSD/HDD (store many OS installation files if want different OS's) - External/Hot Swappable Drive (Some External Drives can mount an ISO image (DVD-ROM IMAGE), Boot from USB) - Internal Hard Drive (Install and boot from separate drive. Create and boot from new partition. Types of Installations: - Unattended Installation Answer Windows questions in a file (unattend.xml). Pre-answered to questions so no user input required, requires a file. No installation interruptions. - In-place upgrade (Maintain existing apps and data) - Clean-install (Wipe the slate clean and reinstall. Migration tool can help.) - Image (Deploy a clone on every

 Windows at Work: - Large scale support needed. Thousands of devices need to be supported and run on a network. - Security concerns. Mobile devices with important data. Local file shares. - Windows need to play videos or run different apps. - Windows from out of state or country need to be able to connect or communicate with work computers in-state. Geographical sprawn (Cache data between sites). Domain Services: - Active Directory Domain Services (centralized/large database of your network) ADDS help contain all users, what system is being used, all connected systems. - Distributed architecture, (Many servers. Not suitable for home use.) - Everything documented in one place. (User accounts, servers, volumes, printers). - Many different uses (Authentication, Centralized management). BitLocker and EFS (Encrypting File System) - Data confidentiality (encrypt important information) - EFS is built into windows using NTFS file system. Protects individual files/folders. - BitLocker. Full Dis

  Windows 10 Windows 10 - Released JULY 29, 2015 - Skipped Win 9, because dont want be related to Win8 - Designed to work on many devices. - Free upgrade to Win 10 for first year of release. Win7/Win8 -> Win10 - Windows 10 is now a SERVICE. Receives periodic update to OS instead of new windows versions every year. Editions: - Windows 10 Home - Windows 8/8.1 PRO - Windows 8/8.1 ENTERPRISE Windows 10 Home - Home user (Retail Sales) - Integration with Microsoft Account for Services/Apps (EX: OneDrive Backup) - Windows Defender Included  - Cortana Included Windows 10 PRO - Business version of Windows (Additional Management features) - Remote Desktop Host (Remotely control each computer). Allows PC to be host of a Remote Desktop controller - BitLocker (Full Disc Encryption (FDE) ). - Can join a Windows Domain (Group Policy Management) Windows 10 Education/Enterprise - Very similar in features for both (Minor differences) - Both are managed with Volume licensing - Volume Licensing to &quo

  SQLi UNION: Using UNION clause can let you retrieve data from other tables. Lets execute an additional select query. Union SQL injection works if the results from a query are returned back to the application's response. Requires to work:     - individual query must return same amount of columns     - data type must be compatible between the queries First:     - Figure out how many columns are being returned from the original query.     - Which columns from original query are suitable data type to hold the results from injected query. Determining Number of Columns Returned from Original Query:     - Method 1:     Using "ORDER BY" clause and increment index of possible columns until error occurs. This orders the results to be ordered by different columns.     EXAMPLE:     ' ORDER BY 1--     ' ORDER BY 2--     ' ORDER BY 3--     - Method 2:     Using "UNION SELECT" specifying a number of null values. If number of nulls does not match number of columns