Added more cheatsheets

Added more cheatsheets

Cheatsheet_BuildReviews.txt

@@ -0,0 +1,120 @@
+Windows Hosts:
+
+[+] Server Roles
+[+] Server Manager
+[+] System Properties
+[+] Default Domain Policy
+[+] Global Domain Policy
+
+[+] Net accounts/Users/groups/Administrators
+[+] IPConfig/Routing
+
+[+] Installed Programs
+[+] Installed System Updates
+[+] AV Version/Definition Dates
+[+] Check Computer folders
+
+[+] Firewall Configuration
+[+] Audit Policy
+[+] Password/Lockout Policy
+[+] Security Policy
+[+] User Rights Policy
+
+[+] Lanman Parameters (HKLM - System - Current Control - Services - LanmanServer - Parameters)
+[+] LSA (HKLM - System - Current Control - Control - LSA)
+[+] MSV (HKLM - System - Current Control - Control - LSA - MSV1_0)
+
+
+BIOS password
+boot to usb
+file system
+- encrypted?
+- grab /Windows/System32/config/SAM SECURITY SYSTEM
+- put C:\Program.exe (eg calc)
+
+Control Panel
+- Windows Firewall
+   - enabled
+   - editable
+   - logs
+- System Info
+- Windows Update
+
+Anti-Virus
+- config
+- logs
+- version
+- dates
+- EICAR
+
+cmd.exe
+script.cmd
+- ipconfig /all
+- netstat
+- net accounts
+- net accounts /domain (review password policy)
+- net user hacker Password@1 /add
+- regedit
+- ping
+- sched
+- tracert
+- net use \\IP address_or_host name\ipc$ "" /user:""  # null session
+- net use
+- net view
+- net start 	
+- tasklist
+
+mount usb
+usb autostart
+
+copy over files
+- nc
+- enum
+- nmap
+- DIRE
+- EICAR
+
+# SAM files in backtrack
+/Windows/System32/config/SAM SECURITY SYSTEM
+
+# mounting on desktop review
+# mount <target> <mydir>
+# sda1 = client hdd, sdb2 = my usb part 2
+mkdir /mnt/client-hdd
+mount /dev/sda1 /mnt/client-hdd
+mkdir /mnt/win-usb
+mount /dev/sdb2 /mnt/win-usb
+
+hosts file C:\Windows\System32\drivers\etc\hosts.txt
+
+http://pcsupport.about.com/od/tipstricks/tp/control-panel-applets-list.04.htm
+control netconnections
+control netsetup.cpi
+control /name Microsoft.NetworkAndSharingCenter
+
+remote scan (nessus, nmap)
+
+SYSVOL GPO preference item, check for obscured passwords in xml
+http://blogs.technet.com/b/grouppolicy/archive/2008/08/04/passwords-in-group-policy-preferences.aspx
+
+
+
+Unix Based Hosts:
+
+hostname
+whoami
+uname -a
+cat /etc/lsb-release
+dmesg | grep Linux
+cat /etc/passwd
+cat /etc/sudoers
+netstat -antup
+ps -aux
+ps aux | grep root
+crontab -l
+/sbin/ifconfig -a
+iptables -L
+arp -e
+cat ~/.bash_history
+cat ~/.ssh/authorized_keys
+mount

Cheatsheet_OWASPCheckList.txt

@@ -0,0 +1,170 @@
+The Checklist
+
+[+] Information Gathering
+
+Manually explore the site
+Spider/crawl for missed or hidden content
+Check for files that expose content, such as robots.txt, sitemap.xml, .DS_Store
+Check the caches of major search engines for publicly accessible sites
+Check for differences in content based on User Agent (eg, Mobile sites, access as a Search engine Crawler)
+Perform Web Application Fingerprinting
+Identify technologies used
+Identify user roles
+Identify application entry points
+Identify client-side code
+Identify multiple versions/channels (e.g. web, mobile web, mobile app, web services)
+Identify co-hosted and related applications
+Identify all hostnames and ports
+Identify third-party hosted content
+
+[+] Configuration Management
+
+Check for commonly used application and administrative URLs
+Check for old, backup and unreferenced files
+Check HTTP methods supported and Cross Site Tracing (XST)
+Test file extensions handling
+Test for security HTTP headers (e.g. CSP, X-Frame-Options, HSTS)
+Test for policies (e.g. Flash, Silverlight, robots)
+Test for non-production data in live environment, and vice-versa
+Check for sensitive data in client-side code (e.g. API keys, credentials)
+
+[+] Secure Transmission
+
+Check SSL Version, Algorithms, Key length
+Check for Digital Certificate Validity (Duration, Signature and CN)
+Check credentials only delivered over HTTPS
+Check that the login form is delivered over HTTPS
+Check session tokens only delivered over HTTPS
+Check if HTTP Strict Transport Security (HSTS) in use
+
+[+] Authentication
+
+Test for user enumeration
+Test for authentication bypass
+Test for bruteforce protection
+Test password quality rules
+Test remember me functionality
+Test for autocomplete on password forms/input
+Test password reset and/or recovery
+Test password change process
+Test CAPTCHA
+Test multi factor authentication
+Test for logout functionality presence
+Test for cache management on HTTP (eg Pragma, Expires, Max-age)
+Test for default logins
+Test for user-accessible authentication history
+Test for out-of channel notification of account lockouts and successful password changes
+Test for consistent authentication across applications with shared authentication schema / SSO
+
+[+] Session Management
+
+Establish how session management is handled in the application (eg, tokens in cookies, token in URL)
+Check session tokens for cookie flags (httpOnly and secure)
+Check session cookie scope (path and domain)
+Check session cookie duration (expires and max-age)
+Check session termination after a maximum lifetime
+Check session termination after relative timeout
+Check session termination after logout
+Test to see if users can have multiple simultaneous sessions
+Test session cookies for randomness
+Confirm that new session tokens are issued on login, role change and logout
+Test for consistent session management across applications with shared session management
+Test for session puzzling
+Test for CSRF and clickjacking
+
+[+] Authorization
+
+Test for path traversal
+Test for bypassing authorization schema
+Test for vertical Access control problems (a.k.a. Privilege Escalation)
+Test for horizontal Access control problems (between two users at the same privilege level)
+Test for missing authorization
+
+[+] Data Validation
+
+Test for Reflected Cross Site Scripting
+Test for Stored Cross Site Scripting
+Test for DOM based Cross Site Scripting
+Test for Cross Site Flashing
+Test for HTML Injection
+Test for SQL Injection
+Test for LDAP Injection
+Test for ORM Injection
+Test for XML Injection
+Test for XXE Injection
+Test for SSI Injection
+Test for XPath Injection
+Test for XQuery Injection
+Test for IMAP/SMTP Injection
+Test for Code Injection
+Test for Expression Language Injection
+Test for Command Injection
+Test for Overflow (Stack, Heap and Integer)
+Test for Format String
+Test for incubated vulnerabilities
+Test for HTTP Splitting/Smuggling
+Test for HTTP Verb Tampering
+Test for Open Redirection
+Test for Local File Inclusion
+Test for Remote File Inclusion
+Compare client-side and server-side validation rules
+Test for NoSQL injection
+Test for HTTP parameter pollution
+Test for auto-binding
+Test for Mass Assignment
+Test for NULL/Invalid Session Cookie
+
+[+] Denial of Service
+
+Test for anti-automation
+Test for account lockout
+Test for HTTP protocol DoS
+Test for SQL wildcard DoS
+
+[+] Business Logic
+
+Test for feature misuse
+Test for lack of non-repudiation
+Test for trust relationships
+Test for integrity of data
+Test segregation of duties
+
+[+] Cryptography
+
+Check if data which should be encrypted is not
+Check for wrong algorithms usage depending on context
+Check for weak algorithms usage
+Check for proper use of salting
+Check for randomness functions
+
+[+] Risky Functionality - File Uploads
+
+Test that acceptable file types are whitelisted
+Test that file size limits, upload frequency and total file counts are defined and are enforced
+Test that file contents match the defined file type
+Test that all file uploads have Anti-Virus scanning in-place.
+Test that unsafe filenames are sanitised
+Test that uploaded files are not directly accessible within the web root
+Test that uploaded files are not served on the same hostname/port
+Test that files and other media are integrated with the authentication and authorisation schemas
+
+[+] Risky Functionality - Card Payment
+
+Test for known vulnerabilities and configuration issues on Web Server and Web Application
+Test for default or guessable password
+Test for non-production data in live environment, and vice-versa
+Test for Injection vulnerabilities
+Test for Buffer Overflows
+Test for Insecure Cryptographic Storage
+Test for Insufficient Transport Layer Protection
+Test for Improper Error Handling
+Test for all vulnerabilities with a CVSS v2 score > 4.0
+Test for Authentication and Authorization issues
+Test for CSRF
+
+[+] HTML 5
+
+Test Web Messaging
+Test for Web Storage SQL injection
+Check CORS implementation
+Check Offline Web Application