Table of contents
Computer security, cybersecurity, or information technology security is the protection of computer systems and networks from information disclosure, theft of, or damage to their hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide.
Cyber Threats -
Malware - Malware is any software intentionally designed to cause damage to a computer, server, client, or computer network.
Phishing - Phishing is a type of social engineering where an attacker sends a fraudulent message designed to trick a human victim into revealing sensitive information to the attacker or to deploy malicious software on the victim's infrastructure like ransomware.
Password Attack - In cryptanalysis and computer security, password cracking is the process of recovering passwords from data that has been stored in or transmitted by a computer system in scrambled form.
DDoS - In computing, a denial-of-service attack is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting the services of a host connected to the Internet.
Man in the Middle - A man-in-the-middle attack is a type of eavesdropping attack, where attackers interrupt an existing conversation or data transfer. After inserting themselves in the "middle" of the transfer, the attackers pretend to be both legitimate participants.
Drive-By Download - Drive-by download means two things, each concerning the unintended download of computer software from the Internet
Malvertising - Malvertising is the use of online advertising to spread malware. It typically involves injecting malicious or malware-laden advertisements into legitimate online advertising networks and web pages.
Rogue Software - Rogue software or applications are forms of Internet fraud using computer ****malware to trick users into revealing financial and social account details or paying for bogus products.
Confidentiality - Simply put, confidentiality ensures that secret information is protected from unauthorized disclosure
Integrity - Integrity is the ability to ensure that a system and its data have not suffered unauthorized modification
Availability - Availability is the assertion that a computer system is available or accessible by an authorized user whenever it is needed.
The first computer worm (Morris Worm) was designed by Robert Tappan Morris in 1988
Types of Hacker
White hat hacker - A white hat is an ethical computer hacker, or a computer security expert, who specializes in penetration testing and other testing methodologies that ensure the security of an organization's information systems.
Black hat hacker - A black hat hacker is a hacker who violates computer security for their own personal profit or out of malice.
Grey hat hacker - A grey hat is a computer hacker or computer security expert who may sometimes violate laws or typical ethical standards, but does not have the malicious intent typical of a black hat hacker.
Basic understanding of OS
Understanding of basic computer systems
Grasp on CLI command
Cables, System, and Switches
Understanding of different networking protocols
Life skills -
Ability to think out of the box
Ability to accept failure and move on
How to use lots of tools
How to capture packets from a network
TCP/IP in detail
Understanding how protocols interact
How to use gathered information
Getting the best of your resource
Types of attack
Website defacing - Website defacement is an attack on a website that changes the visual appearance of a website or a web page. These are typically the work of defacers, who break into a web server and replace the hosted website with one of their own.
Buffer Overflow - When a piece of data is being transferred over a network, it is not immediately written to memory but rather stored on the RAM, which has a set buffer size. This can be easily exploited by bombarding the target with data causing the buffer overflow
Denial of Service - A Denial-of-Service (DoS) attack is an attack meant to shut down a machine or network, making it inaccessible to its intended users. DoS attacks accomplish this by flooding the target with traffic or sending it information that triggers a crash.
What is Penetration Testing?
Penetration Testing, also called Pen Testing or Ethical Hacking, is the practice of testing a computer system, network, or web application to find security vulnerabilities that an attacker could exploit.
Footprinting is part of the reconnaissance process used to gather useful information about a target computer or network.
It can be both passive and active
DNS ( Domain Name System )
The Domain Name System is a hierarchical and decentralized naming system for computers, services, or other resources connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities
Google is a valuable resource when it comes to Information Gathering, knowing how to use google to target the things you are looking for is a useful skill for an Ethical Hacker
History of the Internet
Advanced Research Project Agency was commissioned in 1968 and the first internet connection was in 1969.
OSI (Open System Interconnection) Model
DHCP ( Dynamic Host Configuration Protocol )
Dynamic Host Configuration Protocol (DHCP) is a network management protocol used to automate the process of configuring devices on IP networks, thus allowing them to use network services such as DNS, NTP, and any communication protocol based on UDP or TCP.
Classification of Cryptography
Symmetric-key algorithms are algorithms for cryptography that use the same cryptographic keys for both the encryption of plaintext and the decryption of ciphertext. The popular technique is DES.
In cryptography, a transposition cipher is a method of encryption by which the positions held by units of plaintext are shifted according to a regular system so that the ciphertext constitutes a permutation of the plaintext. That is, the order of the units is changed.
n cryptography, a substitution cipher is a method of encrypting in which units of plaintext are replaced with the ciphertext, in a defined manner, with the help of a key; the "units" may be single letters, pairs of letters, triplets of letters, mixtures of the above, and so forth.
A stream cipher is a symmetric key cipher where plaintext digits are combined with a pseudorandom cipher digit stream. In a stream cipher, each plaintext digit is encrypted one at a time with the corresponding digit of the keystream, to give a digit of the ciphertext stream.
A block cipher is an encryption method that applies a deterministic algorithm along with a symmetric key to encrypt a block of text, rather than encrypting one bit at a time as in stream ciphers. For example, a common block cipher, AES, encrypts 128-bit blocks with a key of a predetermined length: 128, 192, or 256 bits.
History of Cryptography
The Caesar Cipher is one of the earliest known and simplest ciphers. It is a type of substitution in which a letter in the plaintext is shifted a certain number of places down the alphabet
Enigma Cipher - It is a field cipher used by the Germans during world war II. The Enigma is one of the better-known historical encryption machines, and it actually refers to a range of similar cipher machines
Digital Encryption Standard - DES is a symmetric-key block cipher published by the National Institute of Standard and Technology (NSIT), DES is an implementation of a Feistel Cipher
If you want more in detail, please let me know in the comment section below, I will surely make a series on that
Thanks for reading :)
Did you find this article valuable?
Support Aman Yadav by becoming a sponsor. Any amount is appreciated!