Week 1 - 6443 | Jesse Merhi

## We'll get started at 5 past the hour!

---

# week01
### COMP6443
### Web Front-End Programming

---

# week01
### COMP6443
### Hacking the websites for dummies

---

## Good faith policy

We expect a high standard of professionalism from you at all times while you are taking any of our courses. We expect all students to act in good faith at all times

*TLDR: Don't be a jerk*

[sec.edu.au/good-faith-policy](https://sec.edu.au/good-faith-policy)

---

## Whoami

* Jesse Merhi (Like that plant  + "he")
* Product Security @ Atlassian
* Been interning there for 2 years.
* Not Like @melon (Ex-CommBank)

## In saying that..
* If any of you want some advice regarding career things. Consider this tut an opportunity to chat to someone who is in the industry and has some insight!

## how to contact me

* z5312498@ad.unsw.edu.au
* [@merhi]() on the SecSoc Discord (pls join)
* [https://secso.cc/discord](https://secso.cc/discord)

## places for course discussion

* [SecSoc Discord](https://secso.cc/discord) - Ad-hoc and general chatting
* We also have Ed! (More official)
* How do I find Ed? [Moodle](https://moodle.telt.unsw.edu.au/my/)

---

## > whoareu

---

![test](/slides/assets/img/week01/icebreaker.jpg)

* Your name -> I will forget this. I am sorry (I will try to remember your name).
* What is your degree and year
* Why'd you do the course?
* What level of exp do you have in security?

---

## Questions
* Are tuts compulsory? No
* Are they recorded? No
* Where are these resources? [jmerhi.mov/6443/weekX]()

---

## Course content
* Topic Challenges: 20%
* Written Reports: 30% (2 x 15%)
* Exams: 50%

## Challenges

* If you havent set up MTLS - we will figure that out today (for real I dont know how to do it so we can do it together).

* [https://ctfd.quoccacorp.com](https://ctfd.quoccacorp.com)
* Rip quoccabank.

* START NOW YOU WONT REGRET IT.

## how to approach learning in this course

* Work together - but dont cheat - you are just dooming yourself.

* We aren't extended - but the challenges are fun to solve, so if you are interested try to get them done.

* I will be of some help - but I wont give things away. If you need extra help, I have two tuts.

## Report
* Pentesting / Vulnerability report
  * Groups of 3
  * Keep track of how you got found each of the flags
  * Threats and Remediation are really important
* More on this later.

---

## What happened in the lecture? 
* Did we watch the lectures? 
* What did the panda say
* Are we internet masterminds?
* Make sure to ask "What is a JWT?" in the next lecture.

![Panda](https://tenor.com/view/kris-mansfield-kristian-mansfield-gif-9274499650417227911.gif)

## Recon Things
> I have some cool stuff @ [jmerhi.zip/6443/resources/recon]()
* What is "Active Recon"
* What is "Passive Recon"

## Bruteforcing
> if you use automated tools, pls dont use uni DNS servers, use these :)
> Bonus points if you use cloud compute
* Google - 8.8.8.8
* Cloudflare - 1.1.1.1

---

## Lecture content
* web things??

---

## Demo
> BurpSuite and Proxy Setup

---

## Activities
* Form groups for the reports (2-3 people)
* Signing up/logging into QuoccaBank
* Installing burp suite/setting up certs?
* Try out some of the challenges!
    * Recon stuffs
    * HTTP as a service