Vulns and classes.

config/_default/taxonomies.toml

@@ -1,3 +1,8 @@
-class = 'class'
+class = 'classes'
 vuln = 'vulns'
-year = 'year'
+year = 'years'
+
+disableKinds = [
+  'taxonomy',
+  'term',
+]

content/classes/_index.md

@@ -0,0 +1,7 @@
+---
+title: Classes of Vulnerabilities
+description:
+layout: list
+---
+
+## By type

content/classes/bit-flipping.md

@@ -0,0 +1,23 @@
+---
+title: Bit-Flipping Attacks
+description: Cryptographic cipher attack
+layout: class
+
+learn_more:
+  - text: 'What Is A Bit Flipping Attack? How It Works & Examples'
+    url: https://www.twingate.com/blog/glossary/bit-flipping-attack
+    source: Twingate
+
+---
+
+## Overview
+
+From [Wikipedia]:
+
+> A bit-flipping attack is an attack on a cryptographic cipher in which the attacker can change the ciphertext in such a way as to result in a predictable change of the plaintext, although the attacker is not able to learn the plaintext itself. Note that this type of attack is not—directly—against the cipher itself (as cryptanalysis of it would be), but against a particular message or series of messages. In the extreme, this could become a Denial of service attack against all messages on a particular channel using that cipher.
+>
+> The attack is especially dangerous when the attacker knows the format of the message. In such a situation, the attacker can turn it into a similar message but one in which some important information is altered. For example, a change in the destination address might alter the message route in a way that will force re-encryption with a weaker cipher, thus possibly making it easier for an attacker to decipher the message.
+>
+> When applied to digital signatures, the attacker might be able to change a promissory note stating "I owe you $10.00" into one stating "I owe you $10,000".
+
+[Wikipedia]: https://en.wikipedia.org/wiki/Bit-flipping_attack

content/classes/brute-force-against-export-grade-encryption.md

@@ -0,0 +1,21 @@
+---
+title: Brute Force against Export-Grade Encryption
+description: Encryption can be broken in a matter of days using a single computer
+layout: class
+
+# learn_more:
+#   - text: 'What Is A Bit Flipping Attack? How It Works & Examples'
+#     url: https://www.twingate.com/blog/glossary/bit-flipping-attack
+#     source: Twingate
+
+---
+
+## Overview
+
+From [Wikipedia]:
+
+> Netscape's SSL technology was widely adopted as a method for protecting credit card transactions using public key cryptography. Netscape developed two versions of its web browser. The "U.S. edition" supported full size (typically 1024-bit or larger) RSA public keys in combination with full size symmetric keys (secret keys) (128-bit RC4 or 3DES in SSL 3.0 and TLS 1.0).
+>
+> The "International Edition" had its effective key lengths reduced to 512 bits and 40 bits respectively (RSA_EXPORT with 40-bit RC2 or RC4 in SSL 3.0 and TLS 1.0). Acquiring the 'U.S. domestic' version turned out to be sufficient hassle that most computer users, even in the U.S., ended up with the 'International' version, whose weak 40-bit encryption can currently be broken in a matter of days using a single computer. A similar situation occurred with Lotus Notes for the same reasons.
+
+[Wikipedia]: https://en.wikipedia.org/wiki/Export_of_cryptography_from_the_United_States

content/classes/compression-attack.md

@@ -0,0 +1,27 @@
+---
+title: Compression Attack
+description: Attacker can know whether the page contains data by observing the encrypted stream
+layout: class
+
+learn_more:
+  - text: 'What Are Compression Side Channel Attacks?'
+    url: https://venafi.com/blog/what-are-compression-side-channel-attacks/
+    source: Venafi
+
+  - text: 'How are websites actually mititating BREACH? (HTTPS + compression)'
+    url: https://security.stackexchange.com/questions/222677/how-are-websites-actually-mititating-breach-https-compression
+    source: Stack Exchange
+
+  - text: 'The VORACLE attack vulnerability'
+    url: https://openvpn.net/security-advisory/the-voracle-attack-vulnerability/
+    source: OpenVPN
+
+---
+
+## Overview
+
+From [Wikipedia]:
+
+> Compression allows a form of chosen plaintext attack to be performed: if an attacker can inject any chosen content into the page, they can know whether the page contains their given content by observing the size increase of the encrypted stream. If the increase is smaller than expected for random injections, it means that the compressor has found a repeat in the text, i.e. the injected content overlaps the secret information. This is the idea behind CRIME.
+
+[Wikipedia]: https://en.wikipedia.org/wiki/HTTP_compression#Security_implications

content/classes/data-leakage.md

@@ -0,0 +1,27 @@
+---
+title: Data Leakage
+description: Software bugs which expose sensitive data
+layout: class
+
+learn_more:
+  - text: 'Data Leakage'
+    url: https://www.rapid7.com/fundamentals/what-is-data-leakage/
+    source: Rapid7
+
+  - text: 'What is data leakage?'
+    url: https://www.ibm.com/think/topics/data-leakage
+    source: IBM
+
+  - text: 'What is data leakage?'
+    url: https://www.crowdstrike.com/en-us/cybersecurity-101/data-protection/data-leakage/
+    source: CrowdStrike
+
+---
+
+## Overview
+
+From [Wikipedia]:
+
+> Despite developers' goal of delivering a product that works entirely as intended, virtually all software and hardware contains bugs. If a bug creates a security risk, it is called a vulnerability. Patches are often released to fix identified vulnerabilities, but those that remain unknown (zero days) as well as those that have not been patched are still liable for exploitation. Both software written by the target of the breach and third party software used by them are vulnerable to attack. The software vendor is rarely legally liable for the cost of breaches, thus creating an incentive to make cheaper but less secure software.
+
+[Wikipedia]: https://en.wikipedia.org/wiki/Data_breach

content/classes/denial-of-service.md

@@ -0,0 +1,21 @@
+---
+title: Denial of Service
+description: Overloading a machine by flooding it with requests
+layout: class
+
+# learn_more:
+#   - text: 'What Is A Bit Flipping Attack? How It Works & Examples'
+#     url: https://www.twingate.com/blog/glossary/bit-flipping-attack
+#     source: Twingate
+
+---
+
+## Overview
+
+From [Wikipedia]:
+
+> A denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to a network.
+>
+> Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled. The range of attacks varies widely, spanning from inundating a server with millions of requests to slow its performance, overwhelming a server with a substantial amount of invalid data, to submitting requests with an illegitimate IP address.
+
+[Wikipedia]: https://en.wikipedia.org/wiki/Denial-of-service_attack

content/classes/downgrade-attack.md

@@ -0,0 +1,29 @@
+---
+title: Downgrade Attack
+description: Cryptographic attack which abandons a high-quality mode in favor of a lower-quality mode
+layout: class
+
+learn_more:
+  - text: 'What are downgrade attacks?'
+    url: https://www.crowdstrike.com/en-us/cybersecurity-101/cyberattacks/downgrade-attack/
+    source: CrowdStrike
+
+  - text: 'Downgrade Attacks: What They Are, How to Prevent Them'
+    url: https://venafi.com/blog/preventing-downgrade-attacks/
+    source: Venafi
+
+  - text: 'What Is A Protocol Downgrade Attack? How It Works and Examples'
+    url: https://www.twingate.com/blog/glossary/protocol%20downgrade%20attack
+    source: Twingate
+
+---
+
+## Overview
+
+From [Wikipedia]:
+
+> A downgrade attack is a form of cryptographic attack on a computer system or communications protocol that makes it abandon a high-quality mode of operation (e.g., an encrypted connection) in favor of an older, lower-quality mode of operation (e.g., cleartext) that is typically provided for backward compatibility with older systems.
+>
+> An example of such a flaw was found in OpenSSL that allowed the attacker to negotiate the use of a lower version of TLS between the client and server. This is one of the most common types of downgrade attacks. Opportunistic encryption protocols such as STARTTLS are generally vulnerable to downgrade attacks, as they, by design, fall back to unencrypted communication. Websites which rely on redirects from unencrypted HTTP to encrypted HTTPS can also be vulnerable to downgrade attacks, as the initial redirect is not protected by encryption.
+
+[Wikipedia]: https://en.wikipedia.org/wiki/Downgrade_attack

content/classes/side-channel-attack.md

@@ -0,0 +1,23 @@
+---
+title: Side-Channel Attack
+description: Timing information, power consumption, electromagnetic leaks, and sound
+layout: class
+
+learn_more:
+  - text: 'Side-Channel Attack'
+    url: https://csrc.nist.gov/glossary/term/side_channel_attack
+    source: NIST
+
+  - text: 'What is a Side-Channel Attack? How It Works and Examples'
+    url: https://www.twingate.com/blog/glossary/side-channel%20attack
+    source: Twingate
+
+---
+
+## Overview
+
+From [Wikipedia]:
+
+> A side-channel attack is any attack based on extra information that can be gathered because of the fundamental way a computer protocol or algorithm is implemented, rather than flaws in the design of the protocol or algorithm itself (e.g., flaws found in a cryptanalysis of a cryptographic algorithm) or minor, but potentially devastating, mistakes or oversights in the implementation. (Cryptanalysis also includes searching for side-channel attacks.) Timing information, power consumption, electromagnetic leaks, and sound are examples of extra information which could be exploited to facilitate side-channel attacks.
+
+[Wikipedia]: https://en.wikipedia.org/wiki/Side-channel_attack

content/learning/tls/_index.md

@@ -46,10 +46,5 @@ If any one part of a cipher suite has an issue, it can compromise the integrity
 
 Security vulnerabilities can impact _classes_ of cipher suites.
 
-[depr-sslv2]: https://datatracker.ietf.org/doc/html/rfc6176
-[depr-sslv3]: https://datatracker.ietf.org/doc/html/rfc7568
-[SSLv3]: https://datatracker.ietf.org/doc/html/rfc6101
-[TLS 1.0]: https://datatracker.ietf.org/doc/html/rfc2246
-[TLS 1.1]: https://datatracker.ietf.org/doc/html/rfc4346
 [TLS 1.2]: https://datatracker.ietf.org/doc/html/rfc5246
 [TLS 1.3]: https://datatracker.ietf.org/doc/html/rfc8446

content/learning/tls/anon.md

@@ -3,6 +3,15 @@ title: Anonymous Key Exchanges
 # description:
 layout: learn-single
 
+learn_more:
+  - text: 'Key-agreement protocol'
+    url: https://en.wikipedia.org/wiki/Key-agreement_protocol
+    source: Wikipedia
+
+  # - text: ''
+  #   url:
+  #   source:
+
 ---
 
 ## Summary

content/learning/tls/cbc.md

@@ -16,4 +16,4 @@ The [CBC] encryption algorithm suffers from a handful of vulnerabilites, namely
 
 Any cipher suite with `CBC` in the name should be avoided.
 
-[CBC]: https://en.wikipedia.org/w/index.php?title=Block_cipher_mode_of_operation#CBC
+[CBC]: https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Cipher_block_chaining_(CBC)

content/vulns/beast.md

@@ -1,10 +1,10 @@
 ---
 title: BEAST
 description: Browser Exploit Against SSL/TLS
-layout: term
+layout: vuln
 
 year: 2011
-class:
+classes:
   - Data leakage
 
 learn_more:

content/vulns/breach.md

@@ -1,10 +1,10 @@
 ---
 title: BREACH
 description: Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext
-layout: term
+layout: vuln
 
 year: 2013
-class:
+classes:
   - Compression attack
 
 learn_more:

content/vulns/cloudbleed.md

@@ -1,10 +1,10 @@
 ---
 title: Cloudbleed
-description: '@TODO'
-layout: term
+description: Vulnerability in Cloudflare’s HTML parser
+layout: vuln
 
 year: 2017
-class:
+classes:
   - Data leakage
 
 learn_more:

content/vulns/crime.md

@@ -1,10 +1,10 @@
 ---
 title: CRIME
 description: Compression Ratio Info-leak Made Easy
-layout: term
+layout: vuln
 
 year: 2012
-class:
+classes:
   - Compression attack
 
 learn_more:

content/vulns/dheatattack.md

@@ -1,12 +1,12 @@
 ---
 title: DHEat Attack
 description: Triggering Diffie-Hellman to eat the CPU
-layout: term
+layout: vuln
 
 year:
   - 2002
-  - 2022 (PoC)
-class:
+  - 2022
+classes:
   - Denial-of-service
 
 learn_more:
@@ -25,6 +25,8 @@ learn_more:
 
 The [DHEat Attack] is a denial-of-service vulnerability targeting the Diffie-Hellman key exchange (DHE) algorithm, exploiting its CPU-intensive operations to overload servers using protocols like TLS, SSH, IPsec, and OpenVPN.
 
+While the bug was identified in 2002, a proof-of-concept was created in 2022.
+
 It impacts systems with DHE enabled for backward compatibility or forward secrecy. Its unauthenticated, low-cost exploitability make this a notable vulnerability. While the protocol flaw is unfixable, mitigation includes disabling DHE in favor of ECDHE, applying rate-limiting techniques, and updating server configurations.
 
 The best way to avoid this vulnerability is to _only_ allow TLS 1.2 (with recommended cipher suites) and TLS 1.3.

content/vulns/drown.md

@@ -1,10 +1,10 @@
 ---
 title: DROWN
 description: Decrypting RSA with Obsolete and Weakened eNcryption
-layout: term
+layout: vuln
 
 year: 2016
-class:
+classes:
   - Downgrade attack
   - Brute force against export-grade encryption
 

content/vulns/freak.md

@@ -1,10 +1,10 @@
 ---
 title: FREAK
 description: Factoring RSA Export Keys
-layout: term
+layout: vuln
 
 year: 2015
-class:
+classes:
   - Downgrade attack
   - Brute force against export-grade encryption
 

content/vulns/heartbleed.md

@@ -1,10 +1,10 @@
 ---
 title: Heartbleed
 description: Vulnerability in OpenSSL’s implementation of the TLS/DTLS heartbeat extension
-layout: term
+layout: vuln
 
 year: 2014
-class:
+classes:
   - Data leakage
 
 learn_more:

content/vulns/heist.md

@@ -1,10 +1,10 @@
 ---
 title: HEIST
 description: HTTP Encrypted Information can be Stolen through TCP-windows
-layout: term
+layout: vuln
 
 year: 2016
-class:
+classes:
   - Compression attack
   - Side-channel attack
 

content/vulns/logjam.md

@@ -1,10 +1,10 @@
 ---
 title: Logjam
-description:
-layout: term
+description: Vulnerability with Diffie-Hellman and export-grade cryptography
+layout: vuln
 
 year: 2015
-class:
+classes:
   - Downgrade attack
   - Brute force against export-grade encryption
 
@@ -15,14 +15,14 @@ learn_more:
   - text: 'NSA in P/poly: The Power of Precomputation'
     url: https://scottaaronson.blog/?p=2293
 
-  - text: 'CVE-2015-4000'
-    url: https://nvd.nist.gov/vuln/detail/CVE-2015-4000
-    source: NIST
-
   - text: 'Logjam: the latest TLS vulnerability explained'
     url: https://blog.cloudflare.com/logjam-the-latest-tls-vulnerability-explained/
     source: Cloudflare
 
+  - text: 'CVE-2015-4000'
+    url: https://nvd.nist.gov/vuln/detail/CVE-2015-4000
+    source: NIST
+
 ---
 
 ## Overview