Pre Security Module 1: Introduction to Cyber Security

TryHackMe: Pre Security Module 1: Introduction to Cyber Security Expanded Study Guide

What this guide covers

  • Offensive Security

  • Defensive Security

  • Careers in Cyber Security

Section 1: What Is Cyber Security?

  • Definition:

    • Cyber security is the practice of protecting computers, networks, programs, and data from unauthorized access, damage, or attack.

  • Significance:

    • Everything in the modern world relies on digital infrastructure, including banking, healthcare, communications, and government systems.

    • Understanding both offensive and defensive techniques is foundational in cyber security.

Key Concept

  • Cyber security is split into two broad disciplines:

    • Offensive Security:

    • Focuses on attacking systems to find weaknesses.

    • Key attributes: Think like an attacker, find vulnerabilities before criminals do, use legal hacking tools.

    • Also known as: Red Team, Ethical Hacking, Pentesting.

    • Defensive Security:

    • Concentrates on protecting systems from attacks.

    • Key attributes: Think like a defender, detect and respond to attacks, monitor systems, and investigate alerts.

    • Also known as: Blue Team, Security Operations Center (SOC), Security Operations.

Importance of Cyber Security

  • Consequences of Breaches:

    • Data breaches can expose sensitive personal, financial, and medical information.

    • Ransomware attacks can incapacitate hospitals, schools, and businesses.

    • Nation-state hackers may target critical infrastructure, such as power grids and water systems.

  • Career Opportunities:

    • Over 3.5 million cyber security roles remain unfilled globally, highlighting a substantial skills gap.

    • Entry-level salaries in cyber security are competitive, with strong growth potential.

Section 2: Offensive Security

  • Definition:

    • Offensive security is about anticipating an attack by proactively searching for vulnerabilities within a system, always under legal and controlled conditions.

Core Concepts

  • The Attacker Mindset:

    • Offensive security requires creative and adversarial thinking:

    • Rather than focusing on correct system use, ask how it can be misused or broken.

    • Key strategies:

      • Question assumptions; developers may overlook security gaps.

      • Look for hidden or unintended vulnerabilities, such as exposed pages.

      • Chain small vulnerabilities to create larger, more significant issues.

Reconnaissance: Knowing the Target

  • Definition:

    • The process of gathering information about a target before an attack, often referred to as reconnaissance or