GFACT - tconklin-champlain/Tech-Journal GitHub Wiki

Computer Components and Concepts:

Intro to Computer Hardware

Motherboard

  • Motherboards come in different sizes
    • EATX, ATX, micro-ATX, mini-ITX
    • These sizes allow for more expand-ability via slots like PCIe
  • Motherboards differ via the socket type
    • You need to make sure that your socket types match or else you will be unable to place them on the board
    • ✅LGA2011=LGA2011 // ❌LGA2011≠AM6
  • These slots communicate via buses which vary in speed depending on the motherboards quality

The CPU

  • The CPU is the fastest component and considered the brain of any computer
  • The CPU is divided into multiple internal parts
    • ALU: Algorithmic Logic Unit
    • CU: Control Unit
    • AGU: Address Generation Unit
    • MMU: Memory Management Unit
  • Clock speed is necessary to understand how CPU's create the illusion of multitasking
    • A Clock speed is determined by how many instructions a CPU can complete in 1 second.
    • A CPU that completes 1 instruction in 1 second has a clock speed of 1Hz, modern technology has CPU that can do 4GHz or 4 billion instructions per second!
  • Using Context Switching the CPU can switch back and forth between these instructions at a speed humans cannot perceive allowing for us to think computers are brilliant multitaskers when in reality they are just incomprehensibly fast!
  • The CPU often is doing one task at a time, a single core processor will always process one task at a time. Modern computers with more cores can do multiple tasks according to how many cores the CPU has.
    • The more cores the more process the CPU can divide.
    • The caches are temporary and very fast storage locations for different computations sent from the CPU

RAM

  • RAM or Random Access Memory is volatile data in a computer used by programs to quickly place and remove memory from the RAM.
  • More RAM means your computer is able to compute more quickly very useful for resource intensive programs like Games and Visual Programs.
  • Motherboards have a certain specification of RAM they can handle a motherboard that has a max of DDR3 can only use that and below a DDR4 cannot be used.
  • Not to be confused with storage, virtual memory, or page file

Types of Storage

  • All storage have a listed amount that is more then it's real capacity For example, a 4TB drive will in actuality have only 3.8TB usable
  • Mechanical Hard Drives
    • Moving parts, higher capacity, cheaper
    • Unreliable for long term storage, moving parts cause issue if jolted
    • 3.5" and 2.5" formats
  • Solid State Drive or SSD
    • No moving parts, more expensive
  • Buses for access are SATA, and now NvMe: Nonvolatile memory environment

GPU

  • The graphics processing unit or GPU is a specialized hardware that is not required for a computer but is becoming more common in the modern days.
  • Dedicated memory, GB's of it that allow the computer to offload heavy number calculation tasks to the GPU instead of the CPU.
  • Used to be bridged vis SLI and Crossfire but is becoming less common nowadays.
  • They are not only useful for graphics, but can be used in 3d graphics or even cyber security as well.
    • Encryption breaking
    • Password brute force
    • Anything number crunch intensive

Input Devices

  • USB : Universal Serial Bus
    • USB A
    • USB B
    • USB micro A
    • USB micro B
    • USB mini A
    • USB mini B
  • As well as type there are various USB speeds
    • USB 1 - Transfer Speed: 1.5 Mbit/s
    • USB 2 - Transfer Speed: 480 Mbit/s
    • USB 3 - Transfer Speed: 4.8 Gbit/s (You can usually tell if a port is USB 3 compatible because the port will be colored blue)
    • USB 3.1 - Transfer Speed: 10 Gbit/s (You can usually tell if a port is USB 3.1 compatible because the port will be colored teal)
  • Some old peripherals still use PS/2 ports
  • The focus on the progression of input devices was to create one cable that can be used for multiple purposes
    • power
    • data transfer
    • ...etc

Output Devices

  • Output devices are devices that accept data from the computer
    • monitors
    • printers
    • ...etc
  • One A/V output was VGA
    • VGA is one the oldest A/V outputs
  • Then there is DVI
    • A modern version of VGA but still old by modern standards
  • The most used modern A/V output is HDMI
    • like usb's they have many different sizes and versions
  • After HDMI is the Display Port
  • Finally the most current is USB-C
    • a potential one port to rule them all, not very widespread yet

Heat Sinks

  • Heat sinks are cooling mechanisms used on various parts of the hardware to be able to use them more aggressively.
  • All computers use fans while some others use certain water cooling setups to cool parts.
    • Rarely some people even use mineral oil submerging to cool a computer
  • Heatsinks are usually large blocks with many metal plates that distribute the heat from the piece of hardware.
  • There are microscopic imperfections if you were just to put the heatsink attached to the part so we use thermal paste to bind them together for better heat transfer.

PSU

  • The power supply unit(s) main job is to deliver the correct power to the correct parts.
  • Most if not all PSU's you'd buy have a fan built in.
  • They come with a wattage number for example 1200 Watts. You need to add up all your parts power consumption together and make sure it is below the margin on the PSU.
  • Highly unlikely but you could find a situation where the 30Amps that comes out of your home wall is not enough power for the computer.
  • The PSU uses various power connectors (below)
    • Pin peripheral connector
    • SATA power connector
    • Main ATX some require 20 some require 24 pins
    • 12V connector some require 4 some require 8
    • PCI-E power connector some require 6 some require 8

Data Storage and Representation:

Bits and Bytes

  • All data is a computer is made of bits those bits are Booleans either a 1 or a 0
    • 1 byte is 8 bits.
    • 1 kilobyte (kB) is 1000 bytes.
    • 1 megabyte (MB) is 1000 kilobytes.
    • 1 gigabyte (GB) is 1000 megabytes.
    • 1 terabyte (TB) is 1000 gigabytes.
      • also half a byte is a nibble or nybble
  • The problem comes in that a Kilo is a 1000 not 1024
  • The IEC introduced a new denotation
    • 1 byte is 8 bits.
    • 1 kibibyte (KiB) is 1024 bytes.
    • 1 mebibyte (MiB) is 1024 kibibytes.
    • 1 gibibyte (GiB) is 1024 mebibytes.
    • 1 tebibyte (TiB) is 1024 gibibytes.

Alternate Number Bases

  • Humanity counts in base10 0-9 then when we want to go above that we use two digits and so on
    • this is Denary
  • Computers often will use base2 and base6 or binary and hexadecimal
    • You can tell the difference between their use by the notation
  • 10 in denary is not the same as it is in binary or hexadecimal so how do we tell them apart?
    • 0d10 is denary, 0b10 is binary, and 0x10 is hexadecimal

Binary

  • Binary is a lower level storage in computers
  • counting in binary is similar to denary using the base and exponent
    • 2^0 = 1 (Remember, it's the rules: anything to the power of 0 is 1.)
    • 2^1 = 2 (Again, anything to the power of 1 is itself!)
    • 2^2 = 4 (2 x 2 = 4, no this isn't primary school...)
    • 2^3 = 8 (2 x 2 x 2 = 8)
    • 2^4 = 16 (2 x 2 x 2 x 2 = 16)
    • 2^5 = 32 (I'm not writing it out anymore, it's starting to get very long!)
    • 2^6 = 64
    • 2^7 = 128
    • 2^8 = 256
512 256 128 64 32 16 8 4 2 1
0 0 0 0 0 0 0 0 0 0

Hexadecimal

  • Counting in hexadecimal is the same process as counting in denary and binary
  • The issue is hexadecimal used letters.
  • 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, F
    • 16^0 = 1
    • 16^1 = 16
    • 16^2 = 256
    • 16^3 = 4096
    • 16^4 = 65536
65536 4096 256 16 1
0 0 0 0 0

ASCII

  • ASCII is a standard to represent text
  • The original ACII was 7bits wide but in modern day we use Extended ASCII which support 255 characters
  • 255 is not enough for the whole world of alphabets though so another solution was UNICODE which supported languages outside the usual Latin alphabet.
  • UNICODE took up more data though since the Cyrillic, Chinese and other languages cannot be confines to 255 characters.

Encoding

  • Encoding is what allows us to convert formats such as binary to ASCII or hexadecimal to UNICODE
  • A basic example, here a message is encoded into ASCII due to a constraint only allowing those characters through. Afterwards being easily decoded back into its original entry.
    • echo -e '\x254 Hey folks how goes
    • echo -e '\x254 Hey folks how goes' | base64
    • echo -e "JTQgSGV5IGZvbGtzIGhvdyBnb2VzCg==" | base64 -d

Automatically Decoding Encoding

  • Various tools are out there for automatic decryption like Ciphey or Cyber Chef Magic
  • In the example we use Ciphey from a docker container
    • Excellent use case is decoding basic ciphers when they get heavily layered one on top of the other
  • Encoding is not used for security it allows for transforming data and obscurity

File Headers

  • Most people when they want to know what file type is, is to look at the file extension like .txt or .mp3 so on so forth.
  • Most files have a file headers otherwise known as magic numbers
  • Here is an example for a zip file
    • 50 4B 03 04 (for a normal zip archive)
    • 50 4B 05 06 (for an empty zip archive)
    • 50 4B 07 08 (for a spanned zip archive)
  • Another for a jpg file
    • FF D8 FF DB
    • FF D8 FF E0
    • FF D8 FF E1
  • Notice they are all hexadecimal this is because using binary would be far too long they are written in pairs because each group is a byte of data
    • 0b11111111 = 0xFF = 255

Logic and Data Manipulation

The Importance of Logic

  • These logical processes may seem abstract math problems that are useless in real life but be rest assures they are extremely important to the functionality and understanding of modern security measures today within computing.
  • "In the course of your careers you will most likely use logic to craft queries to access databases (or exploit them), to create Linux commands, craft web exploits and a host of other tasks."

Boolean Logic

  • Boolean are always a dual state value true or false, 1 or 0.
  • There are different logic circuits that work in various ways often used in programming it is a common hurdle and issue for those who do not fully understand it.
  • Truth tables are usually used to show all possible outcomes from inputs to that gate
    • We will be seeing these a lot so it is best to get comfortable now, the one below is unfilled since we have not learned AND gates yet.
A B A AND B
0 0  
0 1  
1 0  
1 1

Logical AND

  • AND checks if both inputs are true then the output is true if the input is false then the output is false
    • Below is a logical string you could see in computing the function dostuff() will not run
string1 = "demo"
string2 = "demo"
int1 = 42
int2 = 33

if (string1 == string2 && int1 == int2):
  dostuff()
A B A AND B
0 0  0
0 1  0
1 0  0
1 1 1

Logical OR

  • OR logic gates check if one of the inputs is true if it is then the output is true
    • Below is a logical string you could see in computing the function dostuff() will run
  • The OR is a connective known as a disjunction
string1 = "demo"
string2 = "demo"
int1 = 42
int2 = 33

if (string1 == string2 && int1 == int2):
  dostuff()
A B A AND B
0 0
0 1
1 0
1 1 1

Logical NOT

  • The logical NOT gate is odd because it only takes one input, it inverts its input so 1 becomes 0 and true becomes false
    • The NOT is shown as !
    • Below is an example
  • The NOT is a connective known as a negation
string1 = "demo"
string2 = "demo"

if !(string1 == string2):
  dostuff()

Logical NAND

  • The NAND gate is a AND circuit followed by a NOT circuit so just invert your AND gate output
    • Below is an example due to the nature of a NAND gate even though normally this function would not run due to the AND output being false since its a NOT AND it becomes the inverse so it becomes true.
  • The NAND is a type of connective called a alternative denial
string1 = "demo"
string2 = "demo"
int1 = 42
int2 = 33

if (string1 == string2 && int1 == int2):
  dostuff()

Logical NOR

  • The NOR logic gate is similar to NAND it is an OR output inverted
  • A NOR logical gate is a connective also known as a joint denial

Logical XOR

  • The XOR gate stands for Exclusive OR it will only check one side if it is true not both
    • XOR does not like both inputs being true and will output false
  • This is not used in conditionals often but it is used ALOT in cryptography
  • The XOR is a connective known as a exclusive disjunction
A B A AND B
0 0
0 1
1 0
1 1 0

Encryption with XOR

  • XOR is a key part of encryption but is not its entirety
    • Below is an example
  • First we make a function to XOR two strings
def sxor(s1,s2):
  return ''.join(chr(ord(a) ^ ord(b)) for a,b in zip(s1,s2))
  • Now we populate the plaintext, then the key and then encrypt
plaintext="Hey how goes?"
key="adhnawdagjswb" # Note the key is equal in length to the plaintext.
ciphertext=sxor(plaintext,key)
  • Now printing them as binary values
bin(int.from_bytes(plaintext.encode(),'big'))
bin(int.from_bytes(key.encode(),'big'))
bin(int.from_bytes(ciphertext.encode(),'big'))
  • Producing in order
0b100100001100101011110010010000001101000011011111
11001000000110011101101111011001010111001100111111

--

0b110000101100100011010000110111001100001011101110
11001000110000101100111011010100111001101110111011
00010

--

0b0101001000000010001000101001110000010010001
10000001001101000001000000000000010100010110000001
0001011101
  • XORing the plaintext against the secret text we get a cipher ENCRYPT
  • XORing the ciphertext against the secret we get the plaintext DECRYPT
  • XORing the ciphertext against the plaintext we get the key!
  • This process follows for each character in the string

The Language of Logic

  • Tautology is the assertion that a formula is always true no matter what
  • Contradiction is the opposite of a Tautology all outputs are false
  • Contingency is anything that is not either of the above

Storing Data and Files:

File Systems

Think a cake!

  • File System
    • Volume
      • Partition
        • Disk
  • A cluster is the smallest section of the disk that can be used to store a file
    • If you have a file system of 32kb and save a file that is 64kb then the file will spread over two clusters.
    • When you store a file smaller then the size of the cluster you cannot use the unused storage
      • This unused space is called slack space
  • Every file has at least two pieces of info
    • Data on the file
    • Metadata
  • Metadata is data that describes other data
  • Metadata is stored in a index when a file is deleted the index entry is removed, but not its content as of yet.
    • This is why some data can be restored even if it gets deleted off a computer
  • Multiple Clusters
    • How can a computer tell a file that has been written to multiple clusters know which part is what file?
      • If next cluster after the first one was written is empty it will go their
      • If the next one is occupied then the rest of the cluster is put somewhere the room and that locations address is added to the end of the first cluster

FAT32 & exFAT

  • FAT32 file system was originally released with Windows95, It uses a file allocation table to map each cluster which is where FAT comes from.
    • It doesn't support file permissions which is actually perfect for USB drives but this has changed since the implementation of exFAT
  • exFAT is the new USB standard file system based on FAT32, it supports windows mac and linux, file size limit is so large it is no longer an issue.

NTFS

  • New technology file system is the file system used by windows, it has file permission support, encryption support and shadow copies (backups of files), it also has an immensely large file size limit to the point it doesn't matter.
    • Issues arrive when connected a NTFS drive to mac it cannot be written to just read and on linux it is labeled "experimental"

EXT3 and EXT4

  • This file system the extended file system 3 introduced in 2001 it supports file permissions and encryption but no shadow copies.
    • This file system is known as a journal. This can help to recover the disk in case of a corruption caused by jostles
  • EXT4 is the modernized version of EXT3 it is the one you will be using on linux same file system features as before as well lacking the shadow copy feature akin to Microsoft.

HFS+ & APFS

  • Hierarchical file system plus was the file system mac and apple used before the recent improved format. Only compatible with mac as its a proprietary file system from Apple.
  • APFS has been recently released by apple known as the apple file system, it supports permissions, encryption and duplicate files can be stored without taking up space, with one file copy saving changes as a delta the before and after of a file being edited.
    • It is modern designed for resilience and security and now is the default on mac systems.

Cloud Computing:

SaaS, IaaS, PaaS

  • Software as a service SaaS
    • You get software they deal with hardware, managing the system, deploying and configuring updates
      • Think SalesForce, ZenDesk and Slack
  • Infrastructure as a service
    • Think AWS EC2 as a great example
    • You are buying someone hosting the hardware, like renting the foundation of a home it allows you to build what you need with a great base.
      • Very flexible allowing cost saving measures but need a expert to get everything you need without running the risk of asking for too much.
  • Platform as a service
    • You are buying application and service delivery, sensible defaults
    • This allows you to buy a server without having to set up all the services and security like mySQL and properly securing it.
    • Think AWS elastic beanstalk, Heroku, Symfony Cloud

What you get to manage

Operating Systems

Windows

Linux

MacOS

The Kernel

  • The Kernel is the first part to be loaded on the computer in a OS
    • It is responsible for loading new programs, access to hardware's shared resources and IO of peripherals

The Process

  • A series of steps or actions to achieve a particular end similar in computers the computer will load the code in a program like chrome and then will create a process that contains the needed info for execution by the processor

Interrupts

  • A Interrupt is a signal that is sent to the CPU which alerts the CPU to a task that needs immediate attention
    • Hardware interrupt
      • When you plug in a mouse or keyboard and the computer has a new IO it will send an interrupt
    • Software interrupt
      • A program may generate a interrupt lets say when opening a file and the kernel needs to be consulted before it occurs
    • Interrupts are automated via API in most software applications

Bootloader

  • A bootloader is loaded by the BIOS when the computer first turns on, It is a set of instructions to help the BIOS load the designated OS.
    • It is usually installed at the same time as the OS and is loaded from a known place on the hard drive by the BIOS

BIOS and UEFI

  • The BIOS or basic input output system, is a program stored on the motherboard itself, when a computer is turned on the bios is the first program that is loaded and initialized
    • UEFI or unified extensible firmware interface is the most used successor to BIOS tough the term BIOS is actually more used like an umbrella term since the two are so similar.

Virtualization

What is Virtualization?

  • Where we create a virtual computer or machine that acts as a separate computer when in reality it is just software.
  • Host Operating System
    • The system that RUNS the virtualization
  • Guest Operating System
    • The system that runs INSIDE the virtual machine

Types of Virtualization

  • Hypervisor Types
    • Type 1 - The hypervisor otherwise known as bare metal is right on top of the hardware regardless of OS
    • Type 2 - The most common used when making home labs, the hypervisor is similar to an application running virtual machines on top of itself
  • A fundamental of modern computing ever since its implementation

Uses of Virtualization

  • Most cloud structures are run off Type 1 hypervisor
  • Allows security professionals to separate their computer from a dangerous virtual machine that has been infected by certain malware
  • Used by programmer to test their program on different OS'