What is Cyber Security?

Cyber Security refers to the practice of protecting systems, networks, programs, and data from digital attacks, damage, or unauthorized access. These cyberattacks are typically aimed at accessing, changing, or destroying sensitive information, extorting money from users, or interrupting normal business processes.

Key Concepts

• CIA Triad: Confidentiality, Integrity, Availability - the three core principles of information security
• Attack Vectors: Paths or means by which hackers can gain access to a computer or network
• Threat Actors: Individuals or groups that perform cyber attacks (hackers, nation-states, insiders)
• Vulnerabilities: Weaknesses in a system that can be exploited by threats

Real-World Examples

• Equifax (2017): Data breach exposing personal information of 147 million people
• WannaCry (2017): Ransomware attack affecting over 200,000 computers across 150 countries
• SolarWinds (2020): Sophisticated supply chain attack affecting multiple government agencies

Networking Fundamentals

• OSI Model: 7-layer conceptual model (Physical, Data Link, Network, Transport, Session, Presentation, Application)
• TCP/IP Model: 4-layer model (Network Interface, Internet, Transport, Application)
• IP Addressing: IPv4, IPv6, public vs private IPs
• DNS: Domain Name System - translates domain names to IP addresses
• DHCP: Dynamic Host Configuration Protocol - automatically assigns IP addresses

Essential Security Concepts

• Firewalls: Network security devices that monitor and control incoming and outgoing traffic
• VPN: Virtual Private Network - creates secure, encrypted connections over public networks
• Encryption: Process of converting data into code to prevent unauthorized access

Linux Fundamentals

• File System: Understanding Linux directory structure
• User Management: Creating users, groups, and managing permissions
• Essential Commands: ls, cd, pwd, cp, mv, rm, chmod, chown, grep, find, ps, top
• Package Management: apt, yum, or pacman for software installation

Virtual Machines

Virtual machines allow you to run isolated operating systems within your main OS, essential for safe security testing and learning.

Common Attack Types

• Malware: Malicious software including viruses, worms, trojans, and spyware
• Phishing: Fraudulent attempts to obtain sensitive information by disguising as trustworthy entities
• Ransomware: Malware that encrypts files and demands payment for decryption
• Man-in-the-Middle (MITM): Attack where the attacker secretly intercepts and relays messages between two parties
• DDoS: Distributed Denial of Service - overwhelming a system with traffic to make it unavailable
• Zero-day: Attacks targeting vulnerabilities that are unknown to the vendor
• Social Engineering: Manipulating people into performing actions or divulging confidential information
• SQL Injection: Injecting malicious SQL code to manipulate databases
• Cross-Site Scripting (XSS): Injecting malicious scripts into webpages viewed by other users

1. Reconnaissance

Passive: Gathering information without direct interaction (OSINT, public records)

Active: Directly interacting with the target system to gather information

2. Scanning

Identifying live hosts, open ports, and services running on target systems using tools like Nmap

3. Enumeration

Extracting detailed information about the target such as user accounts, network shares, and services

4. Exploitation

Gaining access to the target system using vulnerabilities identified in previous phases

5. Privilege Escalation

Gaining higher-level privileges on the compromised system (vertical or horizontal escalation)

6. Post-Exploitation

Maintaining access, covering tracks, and gathering additional information from the compromised system

7. Reporting

Documenting findings, vulnerabilities, and recommendations for remediation

Key Concepts

• Firewalls: Control incoming and outgoing network traffic based on security rules
• IDS/IPS: Intrusion Detection Systems monitor for suspicious activity; Intrusion Prevention Systems actively block threats
• Packet Inspection: Deep Packet Inspection (DPI) examines the content of data packets
• Traffic Filtering: Blocking or allowing network traffic based on predefined rules
• Wireshark Basics: Capturing and analyzing network packets to identify anomalies
• Router Security: Securing network infrastructure devices against attacks
• Zero Trust Model: "Never trust, always verify" approach to network security

Network Segmentation

Dividing a network into smaller parts to limit the spread of attacks and improve monitoring.

VPN Technologies

• IPSec: Secure protocol suite for encrypting IP communications
• SSL/TLS VPN: Provides remote access through web browsers
• WireGuard: Modern, high-performance VPN protocol

Major Cloud Providers

• AWS (Amazon Web Services): Largest cloud provider with extensive security services
• Azure (Microsoft): Enterprise-focused cloud platform with strong security integration
• Google Cloud Platform (GCP): Advanced data analytics and machine learning capabilities

Cloud Security Concepts

• IAM (Identity and Access Management): Managing user identities and permissions
• MFA (Multi-Factor Authentication): Adding extra layers of authentication
• Encryption: Protecting data at rest and in transit
• Logging: CloudTrail (AWS), Activity Log (Azure) for monitoring and auditing
• Shared Responsibility Model: Understanding security responsibilities divided between provider and customer

Common Cloud Misconfigurations

• Publicly accessible S3 buckets
• Overly permissive IAM policies
• Unencrypted storage volumes
• Exposed management consoles
• Inadequate logging and monitoring

Digital Forensics

• Disk Forensics: Analysis of storage media for evidence
• Memory Forensics: Examination of RAM contents for volatile evidence
• Timeline Analysis: Creating chronological sequences of events
• Evidence Acquisition: Proper collection and preservation of digital evidence
• Chain of Custody: Documenting who handled evidence and when

Incident Response

• Preparation: Developing IR plans and teams
• Identification: Detecting and confirming security incidents
• Containment: Limiting the damage from incidents
• Eradication: Removing the cause of the incident
• Recovery: Restoring systems to normal operation
• Lessons Learned: Documenting and improving from incidents

Analysis Techniques

• Static Analysis: Examining malware without executing it
• Dynamic Analysis: Running malware in a controlled environment to observe behavior
• Reverse Engineering: Disassembling and decompiling malware to understand its functionality
• Sandboxing: Isolated environments for safe malware execution
• Signature Extraction: Creating detection patterns for malware
• Behavioral Analysis: Observing how malware interacts with systems

Malware Types

• Viruses: Self-replicating malware that attaches to clean files
• Worms: Self-replicating malware that spreads through networks
• Trojans: Malware disguised as legitimate software
• Ransomware: Malware that encrypts files and demands payment
• Spyware: Malware that secretly monitors user activity
• Rootkits: Malware that hides its presence on a system