This document contains definitions and explanations of common cybersecurity terms like hackers (white hat, black hat, grey hat), vulnerabilities (injection, XSS, sensitive data exposure), attacks (DDoS, APT, zero-day), and cryptography concepts (hashing, encryption algorithms, two-factor authentication). It provides examples to illustrate injection vulnerabilities and defines cybersecurity acronyms like CVE.

2. ▸ ShenXD
▸ CCU GAISLab
▸ Full Stack
▸ JavaScript Android

3. ⚡︎ ⚡︎

5. ▸
▸
▸
▸
▸

6. ⚡︎ ⚡︎

7. ‣ der?
‣
‣ Hacker
‣

8. ‣ White Hat
‣
‣ Black Hat
‣

9. ‣ Grey Hat
‣
‣ Script Kiddie
‣

11. ‣
‣
‣
‣ Zero-day attack

12. ‣ CVE Common Vulnerabilities and Exposures
‣
▸ CVE-YYYY-NNNN
▸ YYYY
▸ NNNN
▸ CVE-2017-5638 Apache Struts 2 RCE

13. ⚡︎ ⚡︎

14. A1 - Injection
A2 - Broken Authentication and Session Management
A3 - Cross-Site Scripting (XSS)
A4 - Broken Access Control
A5 - Security Misconfiguration
A6 - Sensitive Data Exposure
A7 - Insufficient Attack Protection
A8 - Cross-Site Request Forgery (CSRF)
A9 - Using Components with Known Vulnerabilities
A10 - Underprotected APIs

15. <?php
…
$sql = "SELECT * FROM `users` WHERE
`account`='$name' AND `password`=‘$password'";
$result = mysql_query($sql);
…
A1 - Injection

16. SELECT * FROM `users` WHERE `account`='$name'
AND `password`=‘$password'
$name = 'shenxd';
$password = 'hahauccu';
SELECT * FROM `users` WHERE `account`='shenxd'
AND `password`='hahauccu'
A1 - Injection

17. $name = 'shenxd';
$password = '?';
SELECT * FROM `users` WHERE
`account`='shenxd' AND `password`='?'
A1 - Injection

18. ‣ MySQL 5.7 Comment Syntax
‣ #
‣ --
‣ /* */
A1 - Injection

19. shenxd' --
A1 - Injection

20. $name = 'shenxd' -- ';
$password = '';
SELECT * FROM `users` WHERE
`account`='shenxd' -- ' AND `password`=''
A1 - Injection

21. SELECT * FROM `users` WHERE
`account`='shenxd' -- ' AND `password`=''
A1 - Injection

22. $name = '' or 1=1 -- ';
$password = '';
SELECT * FROM `users` WHERE `account`='' or
1=1 -- ' AND `password`=''
A1 - Injection

23. SELECT * FROM `users` WHERE `account`=''
or 1=1 -- ' AND `password`=''
A1 - Injection

29. a.php?id=' and 1=0 union select
1,2,3,concat_ws(char(32,58,32),
0x7c,user(),database(),version()),5,6,7/* '
!(◉◞౪◟◉ )!
A1 - Injection

30. ▸
▸ Stored Procedure
▸ API
▸
A1 - Injection

34. ▸
▸ Parameterized
▸ Prepare Statement
▸ Parameterized Query
A1 - Injection

36. ‣ HTML&
▸ JavaScript
▸ VBScript
▸ etc.
A3 - Cross-Site Scripting (XSS)

37. ‣
▸ e.g.Cookie
▸
▸ DDoS
A3 - Cross-Site Scripting (XSS)

42. ▸
▸
▸
A6 - Sensitive Data Exposure

43. ▸
▸
▸
▸
A6 - Sensitive Data Exposure

44. ⚡︎ ⚡︎

45. ▸ DoS Denial of Service attack
▸
▸ ICMP / IGMP
▸ UDP

46. ▸ DDoS Distributed Denial-of-Service attack
▸ ACK
▸ DNS
▸ Botnet
▸ etc.

48. ▸ v.s.
▸
▸ CDN Content delivery network

49. ▸
▸
▸
▸ ...

56. ▸
▸
▸
▸
▸

58. ▸
▸
▸ Log
▸
▸

59. ‣ APT Advanced Persistent Threat
▸
▸ Rootkit
▸
▸
▸ C&C Server

64. 🌰

65. ‣ 🌰 WannaCry
▸ AES RSA
▸ Bitcoin
▸

68. ‣
▸
▸
▸
▸

69. ⚡︎ ⚡︎

74. ‣ Charset
▸ Email 7 bits ASCII
‣
▸
▸
▸

75. ‣ 3 Bytes 4 Bytes ASCII
‣ Base64 6 bits
‣ 1/3
‣ 65 ASCII
‣ A-Z, a-z, 0-9, +, =
‣ 3 =

76. ‣ Hash
‣
▸ Hash

77. ‣
▸
▸
▸

78. ‣ HashTable
▸
▸

79. ‣ MD5
▸ SHA-1
▸ SHA-256
▸ Tiger
▸ etc.

80. ‣ password = '123456789'
‣ sha1(password)
‣ f7c3bc1d808e04732adf679965ccc34ca7ae3441

82. ‣ Salt
‣ hash(password + salt)
‣
‣ Argon2 bcrypt scrypt PBKDF2

83. ‣ salt = ‘hahauccu'
‣ password = '123456789'
‣ sha1(password + salt)
‣ sha1('123456789hahauccu')
‣ 2f36ff20469046fa8e4ded243240cc68be563cd2
‣ f7c3bc1d808e04732adf679965ccc34ca7ae3441

84. ‣ Key
‣
‣ Decipher
‣

85. ‣
‣ Symmetric
‣ Block Cipher
‣ Stream Cipher
‣ Asymmetric
‣ Public-key cryptography

86. ‣ Key
‣
‣
‣
‣
‣ DES 3DES AES RC5

87. ‣ Public-key cryptography
‣ Key pair
‣ Public key
‣ Private key
‣
‣ RSA ElGamal

88. ⚡︎ ⚡︎

89. ‣
‣
‣
‣

90. ‣
‣
‣
‣
‣
‣ ...

91. ‣
‣ SMS
‣ Google Authenticator
‣ Microsoft Authenticator

92. ‣
‣ 360
‣
‣
‣
‣
‣ i-Fi