CYBERSECURITY AND ETHICAL HACKING

Introduction to Cybersecurity & Ethical Hacking

• Cybersecurity: Protecting systems, networks, and data from cyber threats.

  • Ensures confidentiality, integrity, and availability of information.

  • Critical due to increasing reliance on digital technologies.

• Cyber Threats:

  • Phishing: Deceptive emails to steal sensitive information.

  • Ransomware: Encrypts files and demands payment for decryption.

  • Denial-of-Service (DoS) Attacks: Overloads systems to make them unavailable.

  • Insider Threats: Security risks from within the organization.

• Security Measures:

  • Firewalls: Block unauthorized access.

  • Encryption: Protect data confidentiality.

  • Intrusion Detection Systems (IDS): Monitor for malicious activities.

  • Multi-Factor Authentication (MFA): Enhances user authentication.

Understanding Cybersecurity

• Cybersecurity: Protecting computer systems, networks, and data from unauthorized access and cyberattacks.

• CIA Triad: Ensuring Confidentiality, Integrity, and Availability of information.

• Importance of Cybersecurity:

  • Reliance on Technology: Businesses and individuals depend on technology for various operations.

  • Sophisticated Cyber Threats: Malware, ransomware, phishing, and DoS attacks can cause financial losses and reputational damage.

• Key Components of Cybersecurity:

  • Network Security: Protecting networks from unauthorized access using firewalls, IDS/IPS, and VPNs.

  • Information Security: Ensuring data protection through encryption and access controls.

  • Application Security: Securing software applications by identifying code vulnerabilities.

  • Cloud Security: Protecting data in cloud environments.

  • Operational Security: Monitoring and responding to incidents.

• Ongoing Process:

  • Continuous Updates: Constant updates and improvements are essential to counter evolving threats.

  • Security Policies: Implementing security policies and conducting penetration tests.

  • Employee Education: Educating employees to reduce cyber risks.

Importance of Cybersecurity in the Digital World

• Digital Expansion: Rapid growth of the internet, cloud computing, and digital transactions increases cyber threats.

• Vital Role: Cybersecurity ensures confidentiality, integrity, and availability (CIA) of data and protects systems from attacks.

• Why is Cybersecurity Important?

  • Protection Against Cyber Threats: Prevents financial losses, reputational damage, and legal consequences from attacks like ransomware and data breaches.

  • Securing Personal and Financial Data: Protects online banking, e-commerce transactions, and prevents identity theft.

  • Safeguarding Businesses: Prevents disruption to communication, operations, and customer interactions.

  • Protecting National Security: Prevents cyber warfare and attacks on critical infrastructure.

  • Compliance with Regulations: Adheres to laws like GDPR and HIPAA to protect user data and avoid penalties.

• Maintaining Digital Trust:

  • Ensuring a Secure World: Cybersecurity is crucial for a secure and resilient digital environment.

  • Investing in Cybersecurity: Safeguards against evolving threats.

Cyber Threats & Attack Vectors

• Cyber Threat: Malicious activity aimed at damaging, stealing, or disrupting digital systems.

• Common Cyber Threats:

  • Malware: Viruses, worms, Trojans, and ransomware that disrupt or steal data.

  • Phishing: Deceptive emails tricking users into revealing sensitive information.

  • Ransomware: Encrypts files and demands payment for decryption.

  • Denial-of-Service (DoS) & Distributed DoS (DDoS) Attacks: Overload systems, making services unavailable.

  • Man-in-the-Middle (MitM) Attacks: Intercepts and alters communication between two parties.

  • SQL Injection: Manipulates databases by injecting malicious SQL code.

• Attack Vectors:

  • Social Engineering: Manipulating people to reveal confidential information.

  • Unpatched Software: Exploiting outdated systems with security vulnerabilities.

  • Weak Passwords: Using brute force or credential stuffing.

  • Malicious Attachments & Links: Spreading malware through infected websites.

Ethical Hacking vs. Malicious Hacking

• Hacking: Gaining unauthorized access to computer systems or networks.

• Ethical Hacking (White-Hat Hacking):

  • Legally testing systems to identify and fix security vulnerabilities.

  • Improving cybersecurity defenses.

  • Structured approach: Reconnaissance, scanning, exploitation, reporting.

  • Adhering to legal and ethical guidelines.

  • Uses ethical hacking tools like Nmap, Metasploit, and Burp Suite.

  • Requires certifications such as CEH and OSCP.

• Malicious Hacking (Black-Hat Hacking):

  • Exploiting vulnerabilities for personal gain, financial theft, or cyber espionage.

  • Using techniques like malware injection, phishing, and DoS attacks to harm organizations.

  • Conducted without permission.

  • Motivated by financial gain, revenge, or disruption.

  • Can result in legal consequences and severe penalties.

Cybersecurity Laws and Ethical Hacking Guidelines

• Cybersecurity Laws:

  • General Data Protection Regulation (GDPR): Protects user privacy in the EU.

  • Computer Fraud and Abuse Act (CFAA) (USA): Criminalizes unauthorized access to computer systems.

  • Cybersecurity Information Sharing Act (CISA) (USA): Encourages organizations to share threat intelligence.

  • Personal Data Protection Act (PDPA) (Singapore, India): Ensures proper handling of personal data.

  • Digital Millennium Copyright Act (DMCA) (USA): Protects against digital copyright infringement.

• Ethical Hacking Guidelines:

  • Obtain Proper Authorization: Written permission required before testing.

  • Respect Privacy: No unauthorized access to personal data.

  • Report Vulnerabilities Responsibly: Share findings only with the organization.

  • Follow Legal Compliance: Adhere to cybersecurity laws and regulations.

  • No Exploitation for Personal Gain: Focus on improving security.

Fundamentals of Networking & Security

• Networking and security ensure efficient data transmission and protection from cyber threats.

• Networking Fundamentals:

  • Network: Interconnected devices sharing resources and information.

    • OSI Model – Seven layers.

    • TCP/IP Model – Four layers.

  • Key network components: Routers, switches, firewalls, IP addresses, protocols (HTTP, HTTPS, FTP, DNS).

• Networking Security Basics

  • Protecting networks from threats like malware, hacking and DoS attacks.

    • Firewalls – Block unauthorized access.

    • IDS/IPS – Monitor and respond to threats.

    • Encryption – Protect data during transmission (HTTPS, VPNs).

    • Access Controls – Restrict user access.

Basics of Networking (OSI & TCP/IP Model)

• Networking: Foundation of digital communication, enabling devices to share data.

• Models:

  • OSI (Open Systems Interconnection) model.

  • TCP/IP (Transmission Control Protocol/Internet Protocol) model.

• OSI Model:

  • Conceptual framework with seven layers for network communication.

  • Layers:

    • Physical Layer: Manages physical connections using cables, switches, and radio signals.

    • Data Link Layer: Handles MAC addresses, error detection, and data framing.

      • Examples: Ethernet, Wi-Fi.

    • Network Layer: Routes data using IP addresses.

      • Examples: Routers, IPv4, IPv6.

    • Transport Layer: Ensures reliable data delivery using TCP or UDP.

    • Session Layer: Manages sessions between applications.

    • Presentation Layer: Translates and encrypts data.

      • Example: SSL/TLS.

    • Application Layer: Interfaces directly with users through applications like web browsers.

      • Examples: HTTP, FTP, SMTP.

• TCP/IP Model:

  • Practical framework used for modern internet communication with four layers.

    • Link Layer: Manages data transmission over physical devices (Ethernet, Wi-Fi).

    • Internet Layer: Handles IP addressing and packet routing (IP, ICMP).

    • Transport Layer: Ensures end-to-end communication using TCP or UDP.

    • Application Layer: Supports user applications like web browsing (HTTP, FTP, DNS).

IP Addressing, Subnetting & Routing

• IP Addressing:

  • A unique identifier assigned to devices to enable communication.

    • IPv4: A 32-bit address (e.g., 192.168.1.1) supporting approximately 4.3 billion addresses.

    • IPv6: A 128-bit address (e.g., 2001:db8::1) designed to handle the growing number of internet-connected devices.

  • Classified into public (internet-accessible) and private (used within local networks).

• Subnetting:

  • Divides a large network into smaller sub-networks (subnets) to improve efficiency and security.

  • Optimize IP address allocation and reduces network congestion.

  • Subnet mask determines how an IP address is divided.

  • $CIDR$ (Classless Inter-Domain Routing) notation (e.g., 192.168.1.0/24) is used for flexible subnetting.

• Routing:

  • Forwarding data between networks using routers.

    • Static Routing: Manually configured routes, ideal for small networks.

    • Dynamic Routing: Uses protocols like RIP, OSPF, and BGP to adapt to network changes automatically.

Common Network Protocols (HTTP, HTTPS, FTP, SSH, etc.)

• Network protocols define how devices communicate, ensuring secure and efficient data exchange.

• Web Communication Protocols:

  • HTTP (HyperText Transfer Protocol): Transfers web pages and data but lacks encryption (Port 80).

  • HTTPS (HyperText Transfer Protocol Secure): Secure version of HTTP using SSL/TLS encryption (Port 443).

• File Transfer Protocols:

  • FTP (File Transfer Protocol): Transfers files between computers but lacks security (Port 21).

  • SFTP (Secure File Transfer Protocol): Secure alternative to FTP, using SSH for encryption (Port 22).

• Remote Access Protocols:

  • SSH (Secure Shell Protocol): Provides encrypted remote access to servers (Port 22).

  • Telnet: Allows remote access but lacks encryption (Port 23).

• Email Protocols:

  • SMTP (Simple Mail Transfer Protocol): Sends emails (Port 25/587).

  • IMAP/POP3: Retrieves emails from servers (IMAP: 143/993, POP3: 110/995).

• Network Services Protocols:

  • DNS (Domain Name System): Converts domain names to IP addresses (Port 53).

  • DHCP (Dynamic Host Configuration Protocol): Assigns IP addresses dynamically.

Firewalls, IDS & IPS

• Network security relies on these to monitor, detect, and block cyber threats.

• Firewalls:

  • Security device or software that monitors and controls network traffic based on security rules.

  • Acts as a barrier between trusted internal and untrusted external networks.

    • Packet Filtering Firewalls: Inspect packets based on IP addresses and ports.

    • Stateful Firewalls: Monitor active connections and allow legitimate traffic.

    • Next-Generation Firewalls (NGFW): Advanced security features, including deep packet inspection.

• Intrusion Detection System (IDS):

  • Security tool that monitors network traffic for suspicious activity and alerts administrators.

    • Network-Based IDS (NIDS): monitors network traffic.

    • Host-Based IDS (HIDS): Monitors activities on individual devices.

• Intrusion Prevention System (IPS):

  • Advanced version of IDS that actively blocks or mitigates detected threats in real-time, preventing attacks.

VPNs and Secure Communication

• VPN (Virtual Private Network): Technology that creates a secure, encrypted connection between a user and a network over the internet.

• How VPNs Work:

  • Encrypts internet traffic and routes it through a remote server, masking the user’s IP address.

• Types of VPNs:

  • Remote Access VPN: Allows individuals to securely connect to a private network from any location.

  • Site-to-Site VPN: Connects multiple office locations securely over the internet.

  • SSL/TLS VPN: Uses web browsers for secure access without special software.

• Secure Communication Methods:

  • End-to-End Encryption (E2EE): Ensures only the sender and receiver can read messages.

  • TLS (Transport Layer Security): Secures web communication (HTTPS).

  • PGP (Pretty Good Privacy): Encrypts emails and files.

Footprinting & Reconnaissance

• Footprinting and reconnaissance are the first steps in cybersecurity assessments.

• Footprinting:

  • Collecting data about a target using passive and active techniques to map the target’s digital footprint.

    • Passive Footprinting: Gathering publicly available information without directly interacting with the target (e.g., WHOIS lookup).

    • Active Footprinting: Directly engaging with the target’s network to collect data (e.g., ping sweeps, port scanning).

• Reconnaissance:

  • Broader process of information gathering that includes footprinting, scanning, and enumeration.

• Common Reconnaissance Tools:

  • WHOIS & nslookup – Gather domain and DNS information.

  • Shodan – Search for internet-connected devices.

  • Nmap – Scan networks and identify open ports.

  • Maltego – Perform OSINT (Open Source Intelligence) investigations.

Passive vs. Active Reconnaissance

• Reconnaissance: Gathering information about a target system, network, or organization, divided into passive and active techniques.

• Passive Reconnaissance:

  • Collecting information without directly interacting with the target.

  • Intelligence (OSINT) investigations.

    • WHOIS Lookup: Retrieves domain ownership, registration, and contact details.

    • Google Dorking: Uses advanced Google search queries.

    • Social Media Investigation: Gathers employee information and organizational details.

    • Public Databases & Dark Web: Checks for security breaches.

  • Advantages: Low risk of detection, uses publicly available information.

  • Disadvantages: Limited data collection, may not reveal real-time vulnerabilities.

• Active Reconnaissance:

  • Directly interacting with the target system to gather information, involving scanning, probing, and testing network defenses.

    • Ping Sweeps: Checks live hosts in a network.

    • Port Scanning (Nmap, Netcat): Identifies open ports and running services.

    • DNS Enumeration: Gathers subdomains and DNS records.

    • Website Crawling (Burp Suite, DirBuster): Finds hidden directories and vulnerabilities.

  • Advantages: Detailed information, helps identify security loopholes.

  • Disadvantages: Risk of detection, legal or ethical boundaries.

OSINT (Open-Source Intelligence) Techniques

• Open-Source Intelligence (OSINT): Collecting and analyzing publicly available information to gather intelligence.

• OSINT Sources:

  • Search Engines (Google, Bing, DuckDuckGo): Finding documents and exposed credentials.

  • Social Media (Facebook, LinkedIn, Twitter, Instagram): Extracting employee details and organizational structure.

  • WHOIS & DNS Records: Identifying domain ownership and server locations.

  • Dark Web & Data Breach Databases: Checking for leaked passwords and confidential information.

  • Government & Public Records: Examining business filings and legal documents.

• OSINT Techniques:

  • Google Dorking: Using advanced search queries to find hidden files.

  • WHOIS Lookup: Extracting domain details.

  • Shodan Search: Scanning the internet for exposed devices and unsecured servers.

  • Metadata Analysis: Extracting hidden details from documents.

  • Social Engineering & Phishing Research: Identifying employee email patterns.

• OSINT Tools:

  • Maltego: Graph-based OSINT visualization tool.

  • theHarvester: Collects emails, subdomains, and IPs.

  • SpiderFoot: Automates OSINT data gathering.
    OSINT uncovers potential security risks by assessing vulnerabilities and gathers intelligence.

WHOIS Lookup & DNS Enumeration

• WHOIS lookup and DNS enumeration: Essential techniques for gathering information about a target domain, network, or organization.

• WHOIS Lookup:

  • Database that stores domain registration details.

  • Tools: whois (Linux command-line tool), https://whois.domaintools.com/, Nslookup & Dig (for domain analysis).

• DNS Enumeration:

  • Translates domain names into IP addresses, extracting DNS records to uncover subdomains, mail servers, and hidden services.

    • A Record – Maps a domain to an IP address.

    • MX Record – Identifies mail servers.

    • TXT Record – Contains security details

  • Tools: nslookup (Windows/Linux), dig (Linux), Fierce and DNSRecon (Automated tools).

Google Dorking & Shodan Search

• Google Dorking (also known as Google Hacking) is a technique that uses advanced search operators to find hidden or sensitive information on the web.

• Common Google Dorking Operators:

  • site:example.com – Finds pages within a specific domain.

  • filetype:pdf – Searches for specific file types.

  • inurl:admin – Locates admin login pages.

  • intitle:"index of" – Finds directories with exposed files.

  • "password" – Searches for text within a webpage, sometimes revealing sensitive data.

• Shodan Search is a search engine for internet-connected devices that scans and catalogs servers, IoT devices, webcams, databases, routers, and industrial control systems.

• Common Shodan Queries:

  • port:22 – Finds devices with SSH open.

  • country:"US" – Lists devices located in the U.S.

  • org:"Google" – Displays devices owned by Google.

  • has_screenshot:true – Finds devices with screenshots (e.g., exposed security cameras).

• Shodan is also used to locate vulnerable systems.

Social Engineering Basics

• Social engineering: A psychological manipulation technique used to deceive individuals into revealing confidential information or granting access that compromises security.

• Common Social Engineering Techniques:

  • Phishing: Attackers send fraudulent emails or messages pretending to be legitimate sources to steal login credentials or install malware.

  • Pretexting: Creating a fake identity or scenario to trick victims into sharing sensitive information.

  • Baiting: Attackers offer something appealing to entice victims into downloading malware.

  • Tailgating (Piggybacking): Gaining physical access to restricted areas by following authorized personnel.

• How to Prevent Social Engineering Attacks:

  • Verify Requests: Always confirm identities before sharing sensitive data.

  • Beware of Urgent Requests: Scammers often create a sense of urgency.

  • Use Multi-Factor Authentication (MFA): Reduces risk even if credentials are compromised.

  • Security Awareness Training: Employees should be trained to recognize social engineering attempts.

Scanning & Enumeration

• Scanning and enumeration are critical phases in ethical hacking and penetration testing that identifies active hosts, open ports, services, and vulnerabilities in a target network.

• Scanning:

  • Analyzing the network to gather information about systems, ports, and services.

    • Network Scanning – Identifies active devices and their IP addresses.

    • Port Scanning – Detects open ports and services running on them.

    • Vulnerability Scanning – Finds security weaknesses using automated tools.

  • Common Scanning Tools:

    • Nmap – Maps networks, identifies hosts, and detects open ports.

    • Zenmap – A GUI version of Nmap.

    • Nessus – A vulnerability scanner that detects misconfigurations.

• Enumeration:

  • Extracting detailed system and network information after scanning.

    • User & Group Enumeration – Listing usernames and roles.

    • DNS Enumeration – Gathering subdomains and records.

    • SNMP & SMB Enumeration – Extracting system details from network services.

Introduction to Network Scanning

• Network scanning: Crucial phase in ethical hacking and penetration testing for identifying active hosts, open ports, services, and vulnerabilities in a target network.

• Types of Network Scanning:

  • Host Discovery (Ping Scan): Identifies live devices in a network using ICMP or ARP requests.

• Example: $nmap -sn 192.168.1.0/24$

  • Port Scanning: Detects open ports on a target system.

    • Open – Actively receiving connections.

    • Closed – No service running.

    • Filtered – Blocked by a firewall.

• Example: $nmap -p 80,443 192.168.1.10$

  • Service & Version Detection: Identifies applications and software versions running on open ports.
    *Example: $nmap -sV 192.168.1.10$

  • OS Fingerprinting: Determines the operating system of a target machine.

• Example: $nmap -O 192.168.1.10$

• Network Scanning Tools:

  • Nmap – The most widely used tool for scanning networks.

  • Angry IP Scanner – A simple GUI-based tool for scanning IPs and ports.

  • Zenmap – A graphical frontend for Nmap.

  • Masscan – A fast network scanner.

Port Scanning with Nmap

• Port scanning: Crucial step in ethical hacking to identify open ports, running services, and vulnerabilities.

• Types of Port Scanning with Nmap:

  • TCP Connect Scan (-sT): Establishes a full connection with the target.

    • Example: $nmap -sT 192.168.1.10$

  • SYN Scan (Stealth Scan) (-sS): Sends SYN packets without completing the handshake.

    • Example: $nmap -sS 192.168.1.10$

  • UDP Scan (-sU): Scans UDP ports.

    • Example: $nmap -sU 192.168.1.10$

  • Specific Port Scan (-p): Scans selected ports

    • Example: $nmap -p 22,80,443 192.168.1.10$

  • Service & Version Detection (-sV): Identifies services running on open ports.

• Example: $nmap -sV 192.168.1.10$

Banner Grabbing & Service Fingerprinting

• Banner grabbing and service fingerprinting: Techniques used to gather information about software versions, and potential vulnerabilities on a target system.

• What is Banner Grabbing?

  • Retrieving service banners identify software versions and operating systems.

  • Techniques:

    • Passive Banner Grabbing – Captures banners using tools like Wireshark without directly interacting with the target.

    • Active Banner Grabbing – Sends requests to extract banners from services.

  • Example Commands: Using Netcat (nc): $nc -v 192.168.1.10 80$

• Using Telnet: $telnet 192.168.1.10 22$

• What is Service Fingerprinting?

  • Identifying specific versions of software running on open ports is used by ethical hackers to find vulnerabilities.

  • Example Nmap Command for Service Fingerprinting:

    • $nmap -sV 192.168.1.10$

Vulnerability Scanning with Nessus/OpenVAS

• Vulnerability scanning: Crucial cybersecurity process that identifies weaknesses in systems, networks, and applications.

• Nessus:

  • Developed by Tenable, is a commercial vulnerability scanner with a free version (Nessus Essentials).

• Nessus Scanning Process:

  • Install Nessus and create a scan.

  • Select scan type (e.g., host discovery, web application).

  • Run the scan and review findings.

  • Apply patches and fixes based on recommendations.

• OpenVAS:

  • (Open Vulnerability Assessment System) is an open-source alternative maintained by Greenbone Networks maintained by Greenbone Networks.

• OpenVAS Workflow:

  • Install and configure OpenVAS.

  • Create a scan target (IP or domain).

  • Launch the scan and analyze the report.

  • Apply security fixes.

SNMP & SMB Enumeration

• Enumeration: Extracting valuable information from a target system, user accounts, network shares, and system details.

• SNMP (Simple Network Management Protocol):

  • Used for network device management, monitoring devices like routers, switches, and servers.

  • Tools:

    • SNMPwalk: Retrieves SNMP data from a target device: $snmpwalk -v2c -c public 192.168.1.10$

    • SNMP-check: Automates SNMP data extraction.

    • Onesixtyone: Brute-forces SNMP community strings.

• Mitigation:

  • Disable SNMP if not needed.

  • Change default community strings.

  • Restrict SNMP access to trusted IPs.

• SMB (Server Message Block):

  • Protocol for file sharing in Windows networks to allow server access.

  • Information:

    • Shared folders and files.

    • User and group accounts.

    • System policies and settings.

  • Tools:
    Enum4Linux: Extracts SMB shares, users, and policies: $enum4linux -a 192.168.1.10$
    *Nmap (SMB Scripts): Scans SMB services: $nmap --script smb-enum-shares 192.168.1.10$

  • Mitigation:

    • Disable SMBv1 (vulnerable to EternalBlue exploit).

    • Use strong authentication (NTLMv2 or Kerberos).

    • Restrict SMB access with firewall rules.

Gaining Access - Exploitation Techniques

• Critical phase in ethical hacking where professionals attempt to exploit vulnerabilities to gain control to simulate real attacks.

• Common Exploitation Techniques:

  • Exploiting Software Vulnerabilities: Attackers exploit unpatched software flaws.

    • EternalBlue exploited a Windows SMB vulnerability to spread ransomware.

  • Credential Attacks:

    • Brute-force attacks – Guessing passwords repeatedly.

    • Dictionary attacks – Wordlists.
      Credential stuffing – Stolen passwords from data breaches

  • Phishing & Social Engineering: Tricking users into revealing information.

    • Exploiting Misconfigurations: Default credentials weak security policies allow attackers unauthorized access.

• Tools For Exploitation

  • Metasploit Framework: powerful automated exploitation.

  • SQLmap: Automates SQL injection attacks.

  • Hydra: Brute Force tool for cracking login credentials.

• Mitigation Strategies

  • Regular software updates and patching.

  • Strong password policies and multi-factor authentication (MFA).

  • Security awareness training to prevent phishing.

Understanding Exploits and Vulnerabilities

• An exploit is Code to take advantage of weakness in Software.

• A vulnerability is security Flaw. *Common Types of Vulnerabilities.

  • Software Bugs.

  • Misconfigurations.

  • Unpatched System
    *What are Exploits? An exploits attacks a vulnerability.
    *Remote Code Execution(RCE)
    *Privilege Escalation
    *SQL Injection(SQLi)
    *Mitigation.
    *Regular Software updates and patch management.
    *Code Security.
    *Authentication and Netwrok Security.

Metasploit Framework Basics

*Open source tool for penetration testing and exploiting vulnerabilities
*Features:
*Has prebuilt exploits.
*Auxiliary modules for scanning.
*Commands
* msfconsole-Starts Metasploit.
* use-Chooses an exploit.
* set- Sets Payload.
* Exploit-Executes attack
*It identifies security weaknesses.

Exploiting Web Applications (SQL Injection, XSS, CSRF)

• Web applications are vulnerable to attack, with SQL Injection (SQLi), Cross-Site Scripting (XSS), and Cross-Site Request Forgery (CSRF) being among the most common.

• SQL Injection (SQLi) occurs when an attacker manipulates a web application's database query by injecting malicious SQL code.
  To prevent SQLi, developers should use prepared statements and parameterized queries.

• Cross-Site Scripting (XSS) enables attackers to inject malicious JavaScript into web pages viewed by other users. There are three types of XSS attacks:

  • Stored (persistent).

  • Reflected (non-persistent).

  • DOM-based.
    Proper input validation, output encoding, and Content Security Policy (CSP) implementation help mitigate XSS risks.

• Cross-Site Request Forgery (CSRF) tricks a user into unknowingly executing malicious actions on a trusted site where they are authenticated.
  Protection methods include using CSRF tokens, enforcing SameSite cookie attributes, and requiring user re-authentication for sensitive actions.
  Defending against these threats requires secure coding practices, regular security audits, and adherence to security best practices such as the OWASP Top 10 recommendations.

Exploit System Vulnerabilities

*System vulnerabilities exploited to gain unauthorized access
Common Exploits
*Buffer Overflow
*Privilege escalation
*Preventative measures include using programming languages that handle memory safely Implement bounds checking and safe functions

Password cracking and Brute force

*Password Cracking helps recover lost/stolen/encrypted passwords
Common password methods exploited include
*Brute force method
*Dictionary attack
* Hybrid attack
*Credential Stuffing

Post Exploitation And Maintaining Access

*Attackers focus on control to maintain access, and expand networks.
It Helps Gain
*persistence
*privilege escalation
*Lateral Movement
*Data exfiltration

Covering Tracks And Log Clearing

*Attackers attempting to evade detected
Involves erasing their presence and logs
Techniques to clear logs includes
*Deleting logs- Erasing records of user actions.
*Hiding malicious process - using rootkits to hide from normal view
*Disabling security mechanisms- turning off firewalls and anti-viruses
*Enabling measures like centralized logging

Creating backdoor and persistence techniques

*Attackers maintain long term control bypassing normal authentication.
Includes
*Malicious Remote Access Tools
*Replacing system files with compromised systems
* SSH key injection

• Techniques include scheduled tasks and registry modification as well as setting up strict controls

Privilege Escalation Methods

• Attackers gain higher level permission than granted to perform administrative tasks
  A way to do so includes
  *Exploiting vulnerabilities
  *Credential theft
  Abusing Misconfigurations by exploiting weaker system requirements

• Defnese include keeping up security levels and strict permissions

Extracting Credential and Sensitive Data.

*Attackers extract and steal credentials to gain access to even more
These attackers will also steal passwords database and files through SQL

• Preventative measure to protect from these includes encrypting passwords and logging activities.

Tunneling and Pivoting.

• Attackers tunnel and bypass security to move deeper in the system
  Techniques used for tunneling
  *SSH- traffic routes through compromised systems to receive access.
  *VPN and Proxy Tunneling
  Preventative measures to protect against these threats include Network Segmentation and access.

Web Application Security & Penetration Testing

*Web application targeted for cyber attack that handles sensitive data. Penetration ensures web security.

• web application treat include: *SQL injection - attackers enter wrong requests that exploit database.

  • Cross-Site Scripting - Enter malicious scripts to steal cookies and hijack site.
    *Insecure Direct Object References - attackers use parameters to take accounts.
    *Implementation and sanitization is helpful to avoid these attacks.

Introduction to Web Application Security.

* Web application security focuses on protecting web-based applications from cyber threats that could compromise data, user privacy, and system integrity.

*Common Web Application Threats
*SQL Injection (SQLi): Attackers inject malicious SQL queries to manipulate databases, steal, or delete data.
*Cross-Site Scripting (XSS): Attackers inject scripts into web pages that execute in a user’s browser, stealing session cookies or performing unauthorized actions.
*Cross-Site Request Forgery (CSRF): Attackers trick users into executing unintended actions on a web application where they are authenticated.
Security Misconfigurations
*Key Security Principles
*Principle of Least Privilege (PoLP): Grant users and applications only the minimum required permissions.
*Input Validation & Sanitization: Filter and validate user inputs to prevent SQLi and XSS attacks.
*Strong Authentication & Authorization.
# OWASP top 10
*Broken authentication
*Cryptographic failure
*Injection (SQL,XSS,command)
*Security Missconfiguration

These factors expose websites to multiple exploits

*Mitigation- strong session management, encryptions updates, security patches

SQL Injection, XSS and CSRF Attacks.

Web Application are open and vulnerable various forms of attacks, majorly
*SQL - malicious code to gain data breach.
*XSS- scripts into webpages.
* CSRF- Authenticated users that causes access.

• Preventative Measures include sanitizing data and requests.

Web Shells and Code Execution (RCE)

*Web applications exploited by hackers for access and controlling the server.
*WebShells
* malicious scripts uploaded to web server that grant ability to control a system. Used through file upload
*RCE-exploit vulnerability that attackers to execute and control database.
Includes validating and sanitizing use inputs to avoid.

Web Application Firewalls (WAF)

• This is technique to evade cyber security. WAF is designed to filter or block HTTP to protect from attacks such as Injection, XSS and other threats.

• One technique used is encoding and obfuscation to avoid detections.
  To prevent this, organizations should use strong security and Anomaly detections.

Wireless and Mobile Security

Wireless security and Mobile provides protection of wireless networks, mobile devices and transfer from cyber threats.
WIFI, smartphones and tablets have become prone to wireless open network hacks

• Preventative measures include firewall, using strong encryption such are WPA3, and network monitoring

Basics of Wireless Security and Encryption

• Wireless security refers to the protection of wireless networks and communications from cyber threats and attacks such as interception and unauthorized access.

• Several Encryption protocols developed are the following: Wired equivalent privacy WIFI protected Access +1 +2 and +3 respectively. *Improvement *Use Strong Encryption *change User Credential

  • Implement Network firewall

WIFI Hacking

*Involves exploiting vulnerabilities in wireless and exploiting to gain unauthorized access
*Weaknesses in WEP WPA and WPA2 help cracker codes to intercept data
*WEP-Highly insecure due to low code Keys
*WPA2-Susceptible to attack especially if password is low
*WPA3 encryption-Help protect against brute force attacks

Rogue Access