Introduction to Cybersecurity and Penetration Testing

CPD Model: A beginner to intermediate course focusing on core cybersecurity topics and testing tools.
Exam Duration: The exam is set for $4\,\text{hours}$ .
Scoring System:
- Total: $100\,\text{marks}$ .
- Practical: $75\,\text{marks}$ .
- Theory: $25\,\text{marks}$ .
Additional Requirements: A compulsory internal seminar and project worth $70\,\text{marks}$ .
Labs: Practical oriented labs involving cracking vulnerabilities with scores ranging from $120$ to $40$ .

Cybersecurity: The practice of protecting personal, digital, and organizational data from unknown cyber threats via the Internet.
Information Security: A broader discipline focused on protecting all forms of data, including physical documents (e.g., bank passwords, ID proofs) and digital information.
Vulnerability: Defined as a security flaw, loophole, or weakness in a system (e.g., a weak password) that can be exploited by an attacker.

CIA Triad (Foundational Blocks):
- Confidentiality: Ensuring the right data is only accessible by the right authorized persons.
- Integrity: Maintaining the accuracy of data and ensuring it is not tampered with or modified intentionally/accidentally.
- Availability: Ensuring data is accessible to authorized users anytime and anywhere it is needed.
DAD Triad (Opposites of CIA):
- Disclosure: Unauthorized access (opposite of Confidentiality).
- Alteration: Tampering or modifying data (opposite of Integrity). Example: MITM (Man-in-the-middle) attack.
- Destruction/Denial: Making data unavailable (opposite of Availability). References were made to service outages with CloudFire and Gmail.

Ethical Hacking: The legal practice of identifying security flaws within a company's virtual or internal infrastructure.
Red Team: Simulates real, advanced cyber attacks (offensive) to test defensive capabilities. Penetration Testing is a subset of Red Teaming.
Blue Team: Focuses on defensive strategies, proactive analysis, and mitigation.

Black Box: The tester has zero knowledge of the target system and operates from outside the network.
White Box: The tester has full knowledge and access permissions to the target domain.
Gray Box: The tester has partial knowledge or limited privileges/permissions (e.g., manager-level access).
Internal vs. External: Internal testing focuses on the company's internal products and networks, while external testing focuses on outward-facing services like Google OneDrive.

Network Pentesting: Focuses on centralized access points, routers, firewalls, and servers.
Web Application Pentesting: Involves testing web server software and browser-based applications (e.g., WhatsApp web app, Instagram).
Wireless Pentesting: Focuses on wireless routers and communication protocols like WPA (Wi-Fi Protected Access).
Social Engineering: Tests human awareness against threats like unknown email links or phishing.
Physical Pentesting: Evaluates hardware security such as IP cameras, motion sensors, and access card mechanisms.

Question: Is the speaker audible?
Response: The audience confirmed the audio was clear.
Question: What is the definition of Gray box penetration testing?
Response: It was clarified as having half of the knowledge and specific permissions or privileges relative to the target.