mirror of
https://github.com/kamranahmedse/developer-roadmap.git
synced 2025-09-25 00:21:28 +02:00
chore: sync content to repo
This commit is contained in:
kamranahmedse
committed by
github-actions[bot]
github-actions[bot]
parent
d55bfd4b49
commit
e1e8e01d97
@@ -2,7 +2,7 @@
|
||||
|
||||
An Access Control List (ACL) is a security mechanism used to define which users or system processes are granted access to objects, such as files, directories, or network resources, and what operations they can perform on those objects. ACLs function by maintaining a list of permissions attached to each object, specifying the access rights of various entities—like users, groups, or network traffic—thereby providing fine-grained control over who can read, write, execute, or modify the resources. This method is essential in enforcing security policies, reducing unauthorized access, and ensuring that only legitimate users can interact with sensitive data or systems.
|
||||
|
||||
Learn more from the following resources:
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@article@Access Control List: Definition, Types & Usages](https://www.okta.com/uk/identity-101/access-control-list/)
|
||||
- [@video@Access Control Lists](https://www.youtube.com/watch?v=IwLyr0mKK1w)
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
An Access Control List (ACL) is a security mechanism used to define which users or system processes are granted access to objects, such as files, directories, or network resources, and what operations they can perform on those objects. ACLs function by maintaining a list of permissions attached to each object, specifying the access rights of various entities—like users, groups, or network traffic—thereby providing fine-grained control over who can read, write, execute, or modify the resources. This method is essential in enforcing security policies, reducing unauthorized access, and ensuring that only legitimate users can interact with sensitive data or systems.
|
||||
|
||||
Learn more from the following resources:
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@article@Access Control List: Definition, Types & Usages](https://www.okta.com/uk/identity-101/access-control-list/)
|
||||
- [@video@Access Control Lists](https://www.youtube.com/watch?v=IwLyr0mKK1w)
|
||||
@@ -2,8 +2,8 @@
|
||||
|
||||
Anti-malware is a type of software designed to detect, prevent, and remove malicious software, such as viruses, worms, trojans, ransomware, and spyware, from computer systems. By continuously scanning files, applications, and incoming data, anti-malware solutions protect devices from a wide range of threats that can compromise system integrity, steal sensitive information, or disrupt operations. Advanced anti-malware programs utilize real-time monitoring, heuristic analysis, and behavioral detection techniques to identify and neutralize both known and emerging threats, ensuring that systems remain secure against evolving cyber attacks.
|
||||
|
||||
Learn more from the following resources:
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@article@Anti-malware Definition](https://www.computertechreviews.com/definition/anti-malware/)
|
||||
- [@video@How Does Antivirus and Antimalware Software Work?](https://www.youtube.com/watch?v=bTU1jbVXlmM)
|
||||
- [@article@What is Antimalware?](https://riskxchange.co/1006974/cybersecurity-what-is-anti-malware/)
|
||||
- [@video@How Does Antivirus and Antimalware Software Work?](https://www.youtube.com/watch?v=bTU1jbVXlmM)
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
Antivirus software is a specialized program designed to detect, prevent, and remove malicious software, such as viruses, worms, and trojans, from computer systems. It works by scanning files and programs for known malware signatures, monitoring system behavior for suspicious activity, and providing real-time protection against potential threats. Regular updates are essential for antivirus software to recognize and defend against the latest threats. While it is a critical component of cybersecurity, antivirus solutions are often part of a broader security strategy that includes firewalls, anti-malware tools, and user education to protect against a wide range of cyber threats.
|
||||
|
||||
Learn more from the following resources:
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@video@What is an Antivirus and how does it keep us safe?](https://www.youtube.com/watch?v=jW626WMWNAE)
|
||||
- [@article@What is Antivirus Software?](https://www.webroot.com/gb/en/resources/tips-articles/what-is-anti-virus-software)
|
||||
- [@article@What is Antivirus Software?](https://www.webroot.com/gb/en/resources/tips-articles/what-is-anti-virus-software)
|
||||
- [@video@What is an Antivirus and how does it keep us safe?](https://www.youtube.com/watch?v=jW626WMWNAE)
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
ANY.RUN is an interactive online malware analysis platform that allows users to safely execute and analyze suspicious files and URLs in a controlled, virtualized environment. This sandbox service provides real-time insights into the behavior of potentially malicious software, such as how it interacts with the system, what files it modifies, and what network connections it attempts to make. Users can observe and control the analysis process, making it a valuable tool for cybersecurity professionals to identify and understand new threats, assess their impact, and develop appropriate countermeasures. ANY.RUN is particularly useful for dynamic analysis, enabling a deeper understanding of malware behavior in real-time.
|
||||
|
||||
Learn more from the following resources:
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@official@Any.run](https://any.run/)
|
||||
- [@video@Malware analysis with ANY.RUN](https://www.youtube.com/watch?v=QH_u7DHKzzI)
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
Advanced Persistent Threats, or APTs, are a class of cyber threats characterized by their persistence over a long period, extensive resources, and high level of sophistication. Often associated with nation-state actors, organized cybercrime groups, and well-funded hackers, APTs are primarily focused on targeting high-value assets, such as critical infrastructure, financial systems, and government agencies.
|
||||
|
||||
Learn more from the following resources:
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@video@What is an Advanced Persistent Threat?](https://www.youtube.com/watch?v=sGthMsDlqew)
|
||||
- [@article@Advanced Persistent Threat (APT)](https://www.crowdstrike.com/cybersecurity-101/advanced-persistent-threat-apt/)
|
||||
- [@article@Advanced Persistent Threat (APT)](https://www.crowdstrike.com/cybersecurity-101/advanced-persistent-threat-apt/)
|
||||
- [@video@What is an Advanced Persistent Threat?](https://www.youtube.com/watch?v=sGthMsDlqew)
|
||||
@@ -6,8 +6,8 @@ When one device on a LAN wants to communicate with another, it needs to know the
|
||||
|
||||
Once the requesting device receives the MAC address, it updates its ARP cache—a table that stores IP-to-MAC address mappings—allowing it to send data directly to the correct hardware address.
|
||||
|
||||
Learn more from the following resources:
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@article@ARP - Wikipedia](https://en.wikipedia.org/wiki/Address_Resolution_Protocol)
|
||||
- [@video@ARP Explained](https://www.youtube.com/watch?v=cn8Zxh9bPio)
|
||||
- [@article@What is Address Resolution Protocol?](https://www.fortinet.com/resources/cyberglossary/what-is-arp)
|
||||
- [@article@What is Address Resolution Protocol?](https://www.fortinet.com/resources/cyberglossary/what-is-arp)
|
||||
- [@video@ARP Explained](https://www.youtube.com/watch?v=cn8Zxh9bPio)
|
||||
@@ -2,8 +2,8 @@
|
||||
|
||||
ARP is a protocol used by the Internet Protocol (IP) to map an IP address to a physical address, also known as a Media Access Control (MAC) address. ARP is essential for routing data between devices in a Local Area Network (LAN) as it allows for the translation of IP addresses to specific hardware on the network. When a device wants to communicate with another device on the same LAN, it needs to determine the corresponding MAC address for the target IP address. ARP helps in this process by broadcasting an ARP request containing the target IP address. All devices within the broadcast domain receive this ARP request and compare the target IP address with their own IP address. If a match is found, the device with the matching IP address sends an ARP reply which contains its MAC address. The device that initiated the ARP request can now update its ARP cache (a table that stores IP-to-MAC mappings) with the new information, and then proceed to send data to the target's MAC address.
|
||||
|
||||
Learn more from the following resources:
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@article@ARP - Wikipedia](https://en.wikipedia.org/wiki/Address_Resolution_Protocol)
|
||||
- [@video@ARP Explained](https://www.youtube.com/watch?v=cn8Zxh9bPio)
|
||||
- [@article@What is Address Resolution Protocol?](https://www.fortinet.com/resources/cyberglossary/what-is-arp)
|
||||
- [@article@What is Address Resolution Protocol?](https://www.fortinet.com/resources/cyberglossary/what-is-arp)
|
||||
- [@video@ARP Explained](https://www.youtube.com/watch?v=cn8Zxh9bPio)
|
||||
@@ -2,8 +2,8 @@
|
||||
|
||||
ARP is a protocol used by the Internet Protocol (IP) to map an IP address to a physical address, also known as a Media Access Control (MAC) address. ARP is essential for routing data between devices in a Local Area Network (LAN) as it allows for the translation of IP addresses to specific hardware on the network. When a device wants to communicate with another device on the same LAN, it needs to determine the corresponding MAC address for the target IP address. ARP helps in this process by broadcasting an ARP request containing the target IP address. All devices within the broadcast domain receive this ARP request and compare the target IP address with their own IP address. If a match is found, the device with the matching IP address sends an ARP reply which contains its MAC address. The device that initiated the ARP request can now update its ARP cache (a table that stores IP-to-MAC mappings) with the new information, and then proceed to send data to the target's MAC address.
|
||||
|
||||
Learn more from the following resources:
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@article@ARP - Wikipedia](https://en.wikipedia.org/wiki/Address_Resolution_Protocol)
|
||||
- [@video@ARP Explained](https://www.youtube.com/watch?v=cn8Zxh9bPio)
|
||||
- [@article@What is Address Resolution Protocol?](https://www.fortinet.com/resources/cyberglossary/what-is-arp)
|
||||
- [@article@What is Address Resolution Protocol?](https://www.fortinet.com/resources/cyberglossary/what-is-arp)
|
||||
- [@video@ARP Explained](https://www.youtube.com/watch?v=cn8Zxh9bPio)
|
||||
@@ -2,8 +2,8 @@
|
||||
|
||||
MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. It provides a comprehensive matrix of attack methods used by threat actors, organized into tactics like initial access, execution, persistence, and exfiltration. This framework is widely used by cybersecurity professionals for threat modeling, improving defensive capabilities, and developing more effective security strategies. ATT&CK helps organizations understand attacker behavior, assess their security posture, and prioritize defenses against the most relevant threats.
|
||||
|
||||
Learn more from the following resources:
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@official@MITRE ATT&CK®](https://attack.mitre.org/)
|
||||
- [@video@MITRE ATT&CK Framework](https://www.youtube.com/watch?v=Yxv1suJYMI8)
|
||||
- [@video@Introduction To The MITRE ATT&CK Framework](https://www.youtube.com/watch?v=LCec9K0aAkM)
|
||||
- [@video@Introduction To The MITRE ATT&CK Framework](https://www.youtube.com/watch?v=LCec9K0aAkM)
|
||||
@@ -4,11 +4,11 @@
|
||||
|
||||
**Authorization** comes into play after the authentication process is complete. It involves granting or denying access to a resource, based on the authenticated user's privileges. Authorization determines what actions the authenticated user or entity is allowed to perform within a system or application.
|
||||
|
||||
Learn more from the following resources:
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@article@Two-factor authentication (2FA)](https://authy.com/what-is-2fa/)
|
||||
- [@article@Biometrics (fingerprint, facial recognition, etc.)](https://me-en.kaspersky.com/resource-center/definitions/biometrics)
|
||||
- [@article@Security tokens or certificates](https://www.comodo.com/e-commerce/ssl-certificates/certificate.php)
|
||||
- [@article@Role-based access control (RBAC)](https://en.wikipedia.org/wiki/Role-based_access_control)
|
||||
- [@article@Access Control Lists (ACLs)](https://en.wikipedia.org/wiki/Access-control_list)
|
||||
- [@article@Attribute-based access control (ABAC)](https://en.wikipedia.org/wiki/Attribute-based_access_control)
|
||||
- [@article@Attribute-based access control (ABAC)](https://en.wikipedia.org/wiki/Attribute-based_access_control)
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
Autopsy is a versatile and powerful open-source digital forensics platform that is primarily used for incident response, cyber security investigations, and data recovery. As an investigator, you can utilize Autopsy to quickly and efficiently analyze a compromised system, extract crucial artifacts, and generate comprehensive reports. Integrated with The Sleuth Kit and other plug-ins, Autopsy allows examiners to automate tasks and dig deep into a system's structure to discover the root cause of an incident.
|
||||
|
||||
Learn more from the following resources:
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@official@Autopsy](https://www.autopsy.com/)
|
||||
- [@video@Disk analysis with Autopsy](https://www.youtube.com/watch?v=o6boK9dG-Lc&t=236s)
|
||||
@@ -2,10 +2,10 @@
|
||||
|
||||
Amazon Web Services (AWS) is a leading cloud computing platform provided by Amazon. Launched in 2006, AWS offers an extensive range of on-demand IT services, such as computing power, storage, databases, networking, and security, which enable organizations to develop, deploy, and scale applications and infrastructure quickly and cost-effectively.
|
||||
|
||||
Learn more from the following resources:
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@roadmap@Visit Dedicated AWS Roadmap](https://roadmap.sh/aws)
|
||||
- [@course@AWS Complete Tutorial](https://www.youtube.com/watch?v=B8i49C8fC3E)
|
||||
- [@official@AWS](https://aws.amazon.com)
|
||||
- [@article@How to create an AWS account](https://grapplingdev.com/tutorials/how-to-create-aws-account)
|
||||
- [@video@AWS Overview](https://www.youtube.com/watch?v=a9__D53WsUs)
|
||||
- [@course@AWS Complete Tutorial](https://www.youtube.com/watch?v=B8i49C8fC3E)
|
||||
- [@video@AWS Overview](https://www.youtube.com/watch?v=a9__D53WsUs)
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
Azure is Microsoft's comprehensive cloud computing platform that offers a wide range of services for building, deploying, and managing applications. It provides infrastructure as a service (IaaS), platform as a service (PaaS), and software as a service (SaaS) solutions, supporting various programming languages, tools, and frameworks. Azure's services include virtual machines, storage, databases, AI and machine learning, IoT, and more. It offers global data center coverage, integrated DevOps tools, and robust security features, making it a versatile platform for businesses of all sizes to innovate, scale, and transform their operations in the cloud.
|
||||
|
||||
Learn more from the following resources:
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@official@Azure](https://azure.microsoft.com)
|
||||
- [@video@Azure DevOps Tutorial for Beginners](https://www.youtube.com/watch?v=4BibQ69MD8c)
|
||||
|
||||
@@ -2,9 +2,9 @@
|
||||
|
||||
Bash (Bourne Again Shell) is a widely-used Unix shell and scripting language that acts as a command-line interface for executing commands and organizing files on your computer. It allows users to interact with the system's operating system by typing text commands, serving as an alternative to the graphical user interface (GUI). Bash, created as a free and improved version of the original Bourne Shell (`sh`), is the default shell in many Unix-based systems, including Linux, macOS, and the Windows Subsystem for Linux (WSL).
|
||||
|
||||
Learn more from the following resources:
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@official@Bash](https://www.gnu.org/software/bash/)
|
||||
- [@video@Bash in 100 Seconds](https://www.youtube.com/watch?v=I4EWvMFj37g)
|
||||
- [@course@Beginners Guide To The Bash Terminal](https://www.youtube.com/watch?v=oxuRxtrO2Ag)
|
||||
- [@course@Start learning bash](https://linuxhandbook.com/bash/)
|
||||
- [@official@Bash](https://www.gnu.org/software/bash/)
|
||||
- [@video@Bash in 100 Seconds](https://www.youtube.com/watch?v=I4EWvMFj37g)
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
Threat hunting is a proactive approach to cybersecurity where security professionals actively search for hidden threats or adversaries that may have bypassed traditional security measures, such as firewalls and intrusion detection systems. Rather than waiting for automated tools to flag suspicious activity, threat hunters use a combination of human intuition, threat intelligence, and advanced analysis techniques to identify indicators of compromise (IoCs) and potential threats within a network or system. The process involves several key concepts, starting with a **hypothesis**, where a hunter develops a theory about potential vulnerabilities or attack vectors that could be exploited. They then conduct a **search** through logs, traffic data, or endpoint activity to look for anomalies or patterns that may indicate malicious behavior. **Data analysis** is central to threat hunting, as hunters analyze vast amounts of network and system data to uncover subtle signs of attacks or compromises. If threats are found, the findings lead to **detection and mitigation**, allowing the security team to contain the threat, remove malicious entities, and prevent similar incidents in the future.
|
||||
|
||||
Learn more from the following resources:
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@article@What is Threat Hunting](https://www.ibm.com/topics/threat-hunting)
|
||||
- [@article@What is Threat Hunting? Threat Hunting Types and Techniques](https://www.fortinet.com/resources/cyberglossary/threat-hunting)
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
Computer networking is the practice of connecting computers and devices to share data and resources. It involves the use of protocols like TCP/IP for communication, hardware such as routers and switches for directing traffic, and various network topologies (e.g., star, mesh, bus) for organizing connections. Networks can be categorized by size and scope, from small local area networks (LANs) to wide area networks (WANs) that span large geographical areas. Key concepts include IP addressing, subnetting, DNS for name resolution, and network security measures. Understanding networking basics is crucial for managing data flow, troubleshooting connectivity issues, and ensuring efficient communication in modern computing environments.
|
||||
|
||||
Learn more from the following resources:
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@article@Networking basics - What you need to know](https://www.cisco.com/c/en/us/solutions/small-business/resource-center/networking/networking-basics.html)
|
||||
- [@video@Computer Networking in 100 seconds](https://www.youtube.com/watch?v=keeqnciDVOo)
|
||||
|
||||
@@ -2,16 +2,18 @@
|
||||
|
||||
When it comes to cybersecurity, detecting and preventing intrusions is crucial for protecting valuable information systems and networks. In this section, we'll discuss the basics of Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) to help you better understand their function and importance in your overall cybersecurity strategy.
|
||||
|
||||
## What is Intrusion Detection System (IDS)?
|
||||
What is Intrusion Detection System (IDS)?
|
||||
-----------------------------------------
|
||||
|
||||
An Intrusion Detection System (IDS) is a critical security tool designed to monitor and analyze network traffic or host activities for any signs of malicious activity, policy violations, or unauthorized access attempts. Once a threat or anomaly is identified, the IDS raises an alert to the security administrator for further investigation and possible actions.
|
||||
|
||||
## What is Intrusion Prevention System (IPS)?
|
||||
What is Intrusion Prevention System (IPS)?
|
||||
------------------------------------------
|
||||
|
||||
An Intrusion Prevention System (IPS) is an advanced security solution closely related to IDS. While an IDS mainly focuses on detecting and alerting about intrusions, an IPS takes it a step further and actively works to prevent the attacks. It monitors, analyzes, and takes pre-configured automatic actions based on suspicious activities, such as blocking malicious traffic, resetting connections, or dropping malicious packets.
|
||||
|
||||
Learn more from the following resources:
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@video@Intrusion Prevention System (IPS)](https://www.youtube.com/watch?v=7QuYupuic3Q)
|
||||
- [@article@What is an Intrusion Prevention System?](https://www.paloaltonetworks.com/cyberpedia/what-is-an-intrusion-prevention-system-ips)
|
||||
- [@article@What is Intrusion Detection Systems (IDS)](https://www.fortinet.com/resources/cyberglossary/intrusion-detection-system)
|
||||
- [@video@Intrusion Prevention System (IPS)](https://www.youtube.com/watch?v=7QuYupuic3Q)
|
||||
@@ -4,8 +4,8 @@ Network Attached Storage (NAS) and Storage Area Network (SAN) are both technolog
|
||||
|
||||
SAN, on the other hand, is a high-performance, specialized network designed to provide block-level storage, which means it acts as a direct-attached storage device to servers. SAN uses protocols such as Fibre Channel or iSCSI and is typically employed in large enterprise environments where fast, high-capacity, and low-latency storage is critical for applications like databases and virtualized systems. While NAS focuses on file sharing across a network, SAN is designed for more complex, high-speed data management, enabling servers to access storage as if it were directly connected to them. Both NAS and SAN are vital components of modern data storage infrastructure but are chosen based on the specific performance, scalability, and management needs of the organization.
|
||||
|
||||
Learn more from the following resources:
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@article@NAS vs SAN - What are the differences?](https://www.backblaze.com/blog/whats-the-diff-nas-vs-san/)
|
||||
- [@video@What is a NAS](https://www.youtube.com/watch?v=ZwhT-KI16jo)
|
||||
- [@video@What is a Storage Area Network](https://www.youtube.com/watch?v=7eGw4vhyeTA)
|
||||
- [@article@NAS vs SAN - What are the differences?](https://www.backblaze.com/blog/whats-the-diff-nas-vs-san/)
|
||||
- [@video@What is a Storage Area Network](https://www.youtube.com/watch?v=7eGw4vhyeTA)
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
Reverse engineering is the process of deconstructing a system, software, or hardware to understand its internal workings, design, and functionality without having access to its source code or original documentation. In cybersecurity, reverse engineering is often used to analyze malware or software vulnerabilities to uncover how they operate, allowing security professionals to develop defenses, patches, or detection methods. This involves breaking down the binary code, disassembling it into machine code, and then interpreting it to understand the logic, behavior, and intent behind the program. Reverse engineering can also be used in hardware to investigate a device's design or performance, or in software development for compatibility, debugging, or enhancing legacy systems. The process typically includes static analysis, where the code is examined without execution, and dynamic analysis, where the program is executed in a controlled environment to observe its runtime behavior. The insights gained through reverse engineering are valuable for improving security, fixing bugs, or adapting systems for different uses. However, it’s important to be aware of the legal and ethical boundaries, as reverse engineering certain software or hardware can violate intellectual property rights.
|
||||
|
||||
Learn more from the following resources:
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@course@Reverse Engineering for Everyone!](https://0xinfection.github.io/reversing/)
|
||||
- [@video@What is reverse engineering?](https://www.youtube.com/watch?v=gh2RXE9BIN8)
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
Subnetting is a technique used in computer networking to divide a large network into smaller, more manageable sub-networks, or "subnets." It enhances network performance and security by reducing broadcast traffic and enabling better control over IP address allocation. Each subnet has its own range of IP addresses, which allows network administrators to optimize network traffic and reduce congestion by isolating different sections of a network. In subnetting, an IP address is split into two parts: the network portion and the host portion. The network portion identifies the overall network, while the host portion identifies individual devices within that network. Subnet masks are used to define how much of the IP address belongs to the network and how much is reserved for hosts. By adjusting the subnet mask, administrators can create multiple subnets from a single network, with each subnet having a limited number of devices. Subnetting is particularly useful for large organizations, allowing them to efficiently manage IP addresses, improve security by segmenting different parts of the network, and control traffic flow by minimizing unnecessary data transmissions between segments.
|
||||
|
||||
Learn more from the following resources:
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@article@Networking Basics: What is IPv4 Subnetting?](https://www.cbtnuggets.com/blog/technology/networking/networking-basics-what-is-ipv4-subnetting)
|
||||
- [@video@Subnetting](https://www.youtube.com/playlist?list=PLIhvC56v63IKrRHh3gvZZBAGvsvOhwrRF)
|
||||
@@ -2,8 +2,8 @@
|
||||
|
||||
Threat Intelligence (Threat Intel) and Open-Source Intelligence (OSINT) are both critical components in cybersecurity that help organizations stay ahead of potential threats. Threat Intelligence refers to the collection, analysis, and dissemination of information about potential or current attacks targeting an organization. This intelligence typically includes details on emerging threats, attack patterns, malicious IP addresses, and indicators of compromise (IoCs), helping security teams anticipate, prevent, or mitigate cyberattacks. Threat Intel can be sourced from both internal data (such as logs or past incidents) and external feeds, and it helps in understanding the tactics, techniques, and procedures (TTPs) of adversaries. OSINT, a subset of Threat Intel, involves gathering publicly available information from open sources to assess and monitor threats. These sources include websites, social media, forums, news articles, and other publicly accessible platforms. OSINT is often used for reconnaissance to identify potential attack vectors, compromised credentials, or leaks of sensitive data. It’s also a valuable tool in tracking threat actors, as they may leave traces in forums or other public spaces. Both Threat Intel and OSINT enable organizations to be more proactive in their cybersecurity strategies by identifying vulnerabilities, understanding attacker behavior, and implementing timely defenses based on actionable insights.
|
||||
|
||||
Learn more from the following resources:
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@course@Open-Source Intelligence (OSINT) in 5 Hours](https://www.youtube.com/watch?v=qwA6MmbeGNo&t=457s)
|
||||
- [@official@OSINT Framework](https://osintframework.com/)
|
||||
- [@article@Threat Intelligence](https://www.microsoft.com/en-us/security/blog/topic/threat-intelligence/)
|
||||
- [@course@Open-Source Intelligence (OSINT) in 5 Hours](https://www.youtube.com/watch?v=qwA6MmbeGNo&t=457s)
|
||||
- [@article@Threat Intelligence](https://www.microsoft.com/en-us/security/blog/topic/threat-intelligence/)
|
||||
@@ -1,13 +1,13 @@
|
||||
# Basics of Vulnerability Management
|
||||
|
||||
Vulnerability management is the process of identifying, evaluating, prioritizing, and mitigating security vulnerabilities in an organization's systems, applications, and networks. It is a continuous, proactive approach to safeguarding digital assets by addressing potential weaknesses that could be exploited by attackers. The process begins with **vulnerability scanning**, where tools are used to detect known vulnerabilities by analyzing software, configurations, and devices.
|
||||
Vulnerability management is the process of identifying, evaluating, prioritizing, and mitigating security vulnerabilities in an organization's systems, applications, and networks. It is a continuous, proactive approach to safeguarding digital assets by addressing potential weaknesses that could be exploited by attackers. The process begins with **vulnerability scanning**, where tools are used to detect known vulnerabilities by analyzing software, configurations, and devices.
|
||||
|
||||
Once vulnerabilities are identified, they are **assessed and prioritized** based on factors such as severity, potential impact, and exploitability. Organizations typically use frameworks like CVSS (Common Vulnerability Scoring System) to assign risk scores to vulnerabilities, helping them focus on the most critical ones first.
|
||||
|
||||
Next, **remediation** is carried out through patching, configuration changes, or other fixes. In some cases, mitigation may involve applying temporary workarounds until a full patch is available. Finally, continuous **monitoring and reporting** ensure that new vulnerabilities are swiftly identified and addressed, maintaining the organization's security posture. Vulnerability management is key to reducing the risk of exploitation and minimizing the attack surface in today's complex IT environments.
|
||||
|
||||
Learn more from the following resources:
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@article@What is Vulnerability Management? - Rapid7](https://www.rapid7.com/fundamentals/vulnerability-management-and-scanning/)
|
||||
- [@article@What is Vulnerability Management? - CrowdStrike](https://www.crowdstrike.com/cybersecurity-101/vulnerability-management/)
|
||||
- [@video@Vulnerability Management explained by experts](https://www.youtube.com/watch?v=RE6_Lo2wSIg)
|
||||
- [@video@Vulnerability Management explained by experts](https://www.youtube.com/watch?v=RE6_Lo2wSIg)
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
In the context of cybersecurity, Blue Team, Red Team, and Purple Team are terms used to describe different roles and methodologies employed to ensure the security of an organization or system. Let's explore each one in detail. In cybersecurity, Blue Team and Red Team refer to opposing groups that work together to improve an organization's security posture. The Blue Team represents defensive security personnel who protect systems and networks from attacks, while the Red Team simulates real-world adversaries to test the Blue Team's defenses. Purple Team bridges the gap between the two, facilitating collaboration and knowledge sharing to enhance overall security effectiveness. This approach combines the defensive strategies of the Blue Team with the offensive tactics of the Red Team, creating a more comprehensive and dynamic security framework that continuously evolves to address emerging threats and vulnerabilities.
|
||||
|
||||
Learn more from the following resources:
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@article@What is a Blue Team?](https://www.checkpoint.com/cyber-hub/cyber-security/what-is-a-blue-team/)
|
||||
- [@article@What is Red Teaming?](https://www.ibm.com/think/topics/red-teaming)
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
Bluetooth is a short-range wireless technology standard used for exchanging data between fixed and mobile devices over short distances. While it offers convenience for connecting peripherals and transferring information, it also presents several security concerns in the cybersecurity landscape. Bluetooth vulnerabilities can potentially allow attackers to intercept communications, execute malicious code, or gain unauthorized access to devices. Common attacks include bluejacking, bluesnarfing, and bluebugging. To mitigate these risks, cybersecurity professionals recommend regularly updating device firmware, using the latest Bluetooth protocols, enabling encryption, and turning off Bluetooth when not in use. Despite ongoing security improvements, Bluetooth remains an attack vector that requires vigilant monitoring and protection in both personal and enterprise environments.
|
||||
|
||||
Learn more from the following resources:
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@article@Bluetooth in Cyber Security](https://www.zenarmor.com/docs/network-basics/what-is-bluetooth)
|
||||
- [@video@Everything about Bluetooth Security](https://www.youtube.com/watch?v=i9mzl51ammA)
|
||||
- [@video@Everything about Bluetooth Security](https://www.youtube.com/watch?v=i9mzl51ammA)
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
Box is a popular cloud storage service that provides individuals and businesses with a platform to securely store, share, and access files and documents from any device. Box is known for its emphasis on security and collaboration features, making it an ideal choice for businesses who want a secure way to share and collaborate on files with their teams.
|
||||
|
||||
Learn more from the following resources:
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@official@Box](https://www.box.com/en-gb/home)
|
||||
- [@video@Box Cloud Storage Review 2024](https://www.youtube.com/watch?v=ktNDLO1T96c)
|
||||
@@ -1,15 +1,17 @@
|
||||
# Brute Force vs Password Spray
|
||||
|
||||
## What is Brute Force?
|
||||
|
||||
Brute Force is a method of password cracking where an attacker systematically tries all possible combinations of characters until the correct password is found. This method is highly resource-intensive, as it involves attempting numerous password variations in a relatively short period of time.
|
||||
|
||||
## What is Password Spray?
|
||||
|
||||
Password Spray is a more targeted and stealthy method of password cracking where an attacker tries a small number of common passwords across many different accounts. Instead of bombarding a single account with numerous password attempts (as in brute force), password spraying involves using one or a few passwords against multiple accounts.
|
||||
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@article@Brute-force vs. Password Spray Attack](https://www.inspark.nl/brute-force-vs-password-spray-attack-in-azure-sentinel/)
|
||||
- [@article@What is Password Spraying?](https://www.techtarget.com/whatis/definition/password-spraying)
|
||||
- [@article@What is a Brute-force Attack?](https://www.fortinet.com/resources/cyberglossary/brute-force-attack)
|
||||
# Brute Force vs Password Spray
|
||||
|
||||
What is Brute Force?
|
||||
--------------------
|
||||
|
||||
Brute Force is a method of password cracking where an attacker systematically tries all possible combinations of characters until the correct password is found. This method is highly resource-intensive, as it involves attempting numerous password variations in a relatively short period of time.
|
||||
|
||||
What is Password Spray?
|
||||
-----------------------
|
||||
|
||||
Password Spray is a more targeted and stealthy method of password cracking where an attacker tries a small number of common passwords across many different accounts. Instead of bombarding a single account with numerous password attempts (as in brute force), password spraying involves using one or a few passwords against multiple accounts.
|
||||
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@article@Brute-force vs. Password Spray Attack](https://www.inspark.nl/brute-force-vs-password-spray-attack-in-azure-sentinel/)
|
||||
- [@article@What is Password Spraying?](https://www.techtarget.com/whatis/definition/password-spraying)
|
||||
- [@article@What is a Brute-force Attack?](https://www.fortinet.com/resources/cyberglossary/brute-force-attack)
|
||||
@@ -1,9 +1,9 @@
|
||||
# Buffer Overflow
|
||||
|
||||
A Buffer Overflow is a type of vulnerability that occurs when a program or process attempts to write more data to a buffer—a temporary storage area in memory—than it can hold. This overflow can cause the extra data to overwrite adjacent memory locations, potentially leading to unintended behavior, crashes, or security breaches.
|
||||
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@article@What Is Buffer Overflow?](https://www.fortinet.com/resources/cyberglossary/buffer-overflow)
|
||||
- [@article@Buffer Overflow Attack](https://www.imperva.com/learn/application-security/buffer-overflow/)
|
||||
# Buffer Overflow
|
||||
|
||||
A Buffer Overflow is a type of vulnerability that occurs when a program or process attempts to write more data to a buffer—a temporary storage area in memory—than it can hold. This overflow can cause the extra data to overwrite adjacent memory locations, potentially leading to unintended behavior, crashes, or security breaches.
|
||||
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@article@What Is Buffer Overflow?](https://www.fortinet.com/resources/cyberglossary/buffer-overflow)
|
||||
- [@article@Buffer Overflow Attack](https://www.imperva.com/learn/application-security/buffer-overflow/)
|
||||
- [@video@Buffer Overflows Made Easy](https://www.youtube.com/watch?v=qSnPayW6F7U)
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
In the context of cybersecurity, a bus refers to a communication system that transfers data between components inside a computer or between computers. It's a critical part of computer architecture that can be vulnerable to various security threats. Attackers may attempt to exploit bus systems to intercept sensitive data, inject malicious code, or perform side-channel attacks. These vulnerabilities can exist at different levels, from the system bus connecting major computer components to expansion buses for peripheral devices. Securing bus communications involves implementing encryption, access controls, and monitoring for unusual activity. As buses play a crucial role in data transfer, protecting them is essential for maintaining the overall security and integrity of computer systems and networks.
|
||||
|
||||
Learn more from the following resources:
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@article@Bus in Computing](https://en.wikipedia.org/wiki/Bus_(computing))
|
||||
- [@article@What is a Bus?](https://www.lenovo.com/gb/en/glossary/bus/?srsltid=AfmBOoocoXVvqdupLu13XAm0FZMOHjRtjnnCCFxa59tEa-bQwhiVhac2)
|
||||
|
||||
@@ -2,8 +2,8 @@
|
||||
|
||||
C++ is a widely-used, high-level programming language that evolved from the earlier C programming language. Developed by Bjarne Stroustrup in 1985 at Bell Labs, C++ provides object-oriented features and low-level memory manipulation, making it an essential language for many fields, including game development, high-performance systems, and cybersecurity.
|
||||
|
||||
Learn more form the following resources:
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@roadmap@Visit Dedicated C++ Roadmap](https://roadmap.sh/cpp)
|
||||
- [@video@C++ Full Course - BroCode](https://www.youtube.com/watch?v=-TkoO8Z07hI)
|
||||
- [@article@C++ Introduction](https://www.w3schools.com/cpp/cpp_intro.asp)
|
||||
- [@article@C++ Introduction](https://www.w3schools.com/cpp/cpp_intro.asp)
|
||||
- [@video@C++ Full Course - BroCode](https://www.youtube.com/watch?v=-TkoO8Z07hI)
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
`cat` is a widely used command-line utility in UNIX and UNIX-like systems. It stands for "concatenate" which, as the name suggests, can be used to concatenate files, display file contents, or combine files. In the context of incident response and discovery tools, `cat` plays an essential role in quickly accessing and assessing the contents of various files that inform on security incidents and help users understand system data as well as potential threats.
|
||||
|
||||
Learn more from the following resources:
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@article@Cat Command in Linux](https://linuxize.com/post/linux-cat-command/)
|
||||
- [@article@Linux cat command](https://phoenixnap.com/kb/linux-cat-command)
|
||||
|
||||
@@ -2,8 +2,8 @@
|
||||
|
||||
The Cisco Certified Network Associate (CCNA) certification is an entry-level certification for IT professionals who want to specialize in networking, specifically within the realm of Cisco products. This certification validates an individual's ability to install, configure, operate, and troubleshoot medium-sized routed and switched networks. It also covers the essentials of network security and management.
|
||||
|
||||
Learn more from the following resources:
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@official@CCNA Certification](https://www.cisco.com/site/us/en/learn/training-certifications/certifications/enterprise/ccna/index.html)
|
||||
- [@video@Network Chuck Free CCNA Course](https://www.youtube.com/playlist?list=PLIhvC56v63IJVXv0GJcl9vO5Z6znCVb1P)
|
||||
- [@video@Jeremy's IT Lab](https://www.youtube.com/@JeremysITLab)
|
||||
- [@video@Jeremy's IT Lab](https://www.youtube.com/@JeremysITLab)
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
**Certified Ethical Hacker (CEH)** is an advanced certification focused on equipping cybersecurity professionals with the knowledge and skills required to defend against the continuously evolving landscape of cyber threats. This certification is facilitated by the EC-Council, an internationally recognized organization for information security certifications.
|
||||
|
||||
Learn more from the following resources:
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@official@CEH](https://www.eccouncil.org/train-certify/certified-ethical-hacker-ceh/)
|
||||
- [@article@Certified Ethical Hacker Online Training](https://iclass.eccouncil.org/our-courses/certified-ethical-hacker-ceh/)
|
||||
@@ -4,7 +4,7 @@ Certificates, also known as digital certificates or SSL/TLS certificates, play a
|
||||
|
||||
Digital certificates provide a crucial layer of security and trust for online communications. Understanding their role in cybersecurity, the different types of certificates, and the importance of acquiring certificates from trusted CAs can greatly enhance your organization's online security posture and reputation.
|
||||
|
||||
Learn more from the following resources:
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@article@What is an SSL Certificate?](https://www.cloudflare.com/en-gb/learning/ssl/what-is-an-ssl-certificate/)
|
||||
- [@article@What is a Certificate Authority](https://www.ssl.com/article/what-is-a-certificate-authority-ca/)
|
||||
@@ -6,7 +6,7 @@ CIDR achieves its goals by replacing the traditional Class A, B, and C addressin
|
||||
|
||||
A CIDR notation looks like this: `192.168.1.0/24`. Here, `192.168.1.0` is the IP address, and `/24` represents the subnet mask. The number after the slash (/) is called the _prefix length_, which indicates how many bits of the subnet mask should be set to 1 (bitmask). The remaining bits of the subnet mask are set to 0.
|
||||
|
||||
Learn more from the following resources:
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@article@What is CIDR?](https://aws.amazon.com/what-is/cidr/)
|
||||
- [@video@What is Network CIDR Notation?](https://www.youtube.com/watch?v=tpa9QSiiiUo)
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
The **Center for Internet Security (CIS)** is a non-profit organization that focuses on enhancing the cybersecurity posture of individuals, organizations, and governments around the world. CIS offers various tools, best practices, guidelines, and frameworks that help in defending against common cyber threats.
|
||||
|
||||
Learn more from the following resources:
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@official@CIS](https://www.cisecurity.org/)
|
||||
- [@video@CIS Overview](https://www.youtube.com/watch?v=f-Z7h5dI6uQ)
|
||||
@@ -4,7 +4,7 @@ The **Certified Information Systems Auditor (CISA)** is a globally recognized ce
|
||||
|
||||
CISA was established by the Information Systems Audit and Control Association (ISACA) and is designed to demonstrate an individual's expertise in managing vulnerabilities, ensuring compliance with industry regulations, and instituting controls within the business environment.
|
||||
|
||||
Learn more from the following resources:
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@official@CISA](https://www.isaca.org/credentialing/cisa)
|
||||
- [@article@What is a Certified Information Systems Auditor?](https://www.investopedia.com/terms/c/certified-information-systems-auditor.asp)
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
The Certified Information Security Manager (CISM) is an advanced cybersecurity certification offered by ISACA that focuses on information security management. It is designed for professionals who have a strong understanding of information security and are responsible for overseeing, designing, and managing an organization's information security programs.
|
||||
|
||||
Learn more from the following resources:
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@official@CISM](https://www.isaca.org/credentialing/cism)
|
||||
- [@article@Certified Information Security Manager (CISM)](https://www.techtarget.com/searchsecurity/definition/certified-information-security-manager-CISM)
|
||||
- [@article@Certified Information Security Manager (CISM)](https://www.techtarget.com/searchsecurity/definition/certified-information-security-manager-CISM)
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
The Certified Information Systems Security Professional (CISSP) is a globally recognized certification offered by the International Information System Security Certification Consortium (ISC)². It is designed for experienced security professionals to validate their knowledge and expertise in the field of information security.
|
||||
|
||||
Learn more from the following resources:
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@official@CISSP Certification](https://www.isc2.org/certifications/cissp)
|
||||
- [@video@CISSP Certification Course](https://www.youtube.com/watch?v=M1_v5HBVHWo)
|
||||
@@ -4,7 +4,7 @@ Cloud skills and knowledge are essential for working effectively with cloud comp
|
||||
|
||||
Security in the cloud is a vital skill, encompassing encryption, identity and access management (IAM), compliance, and disaster recovery. Understanding DevOps practices, containerization (using tools like Docker and Kubernetes), and serverless computing also plays a significant role in cloud operations. Additionally, familiarity with cloud-native tools for automation, monitoring, and orchestration, as well as knowledge of cloud cost optimization and performance tuning, are important for maximizing cloud efficiency and ensuring a secure, scalable infrastructure.
|
||||
|
||||
Learn more from the following resources:
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@article@7 Cloud Computing skills to know](https://www.coursera.org/articles/cloud-computing-skills)
|
||||
- [@video@What Cloud Skills are Essential?](https://www.youtube.com/watch?v=udKBDRcj178)
|
||||
@@ -2,29 +2,30 @@
|
||||
|
||||
Common operating system (OS) commands are essential for interacting with a system's shell or command-line interface (CLI). These commands allow users to perform a wide range of tasks, such as navigating the file system, managing files and directories, checking system status, and administering processes. Below are some commonly used commands across Unix/Linux and Windows operating systems:
|
||||
|
||||
1. **Navigating the File System:**
|
||||
- Unix/Linux: `ls` (list files), `cd` (change directory), `pwd` (print working directory)
|
||||
- Windows: `dir` (list files), `cd` (change directory), `echo %cd%` (print working directory)
|
||||
|
||||
2. **File and Directory Management:**
|
||||
- Unix/Linux: `cp` (copy files), `mv` (move/rename files), `rm` (remove files), `mkdir` (create directory)
|
||||
- Windows: `copy` (copy files), `move` (move/rename files), `del` (delete files), `mkdir` (create directory)
|
||||
|
||||
3. **System Information and Processes:**
|
||||
- Unix/Linux: `top` or `htop` (view running processes), `ps` (list processes), `df` (disk usage), `uname` (system info)
|
||||
- Windows: `tasklist` (list processes), `taskkill` (kill process), `systeminfo` (system details)
|
||||
|
||||
4. **File Permissions and Ownership:**
|
||||
- Unix/Linux: `chmod` (change file permissions), `chown` (change file ownership)
|
||||
- Windows: `icacls` (modify access control lists), `attrib` (change file attributes)
|
||||
|
||||
5. **Network Commands:**
|
||||
- Unix/Linux: `ping` (test network connection), `ifconfig` or `ip` (network interface configuration), `netstat` (network statistics)
|
||||
- Windows: `ping` (test network connection), `ipconfig` (network configuration), `netstat` (network statistics)
|
||||
1. **Navigating the File System:**
|
||||
|
||||
* Unix/Linux: `ls` (list files), `cd` (change directory), `pwd` (print working directory)
|
||||
* Windows: `dir` (list files), `cd` (change directory), `echo %cd%` (print working directory)
|
||||
2. **File and Directory Management:**
|
||||
|
||||
* Unix/Linux: `cp` (copy files), `mv` (move/rename files), `rm` (remove files), `mkdir` (create directory)
|
||||
* Windows: `copy` (copy files), `move` (move/rename files), `del` (delete files), `mkdir` (create directory)
|
||||
3. **System Information and Processes:**
|
||||
|
||||
* Unix/Linux: `top` or `htop` (view running processes), `ps` (list processes), `df` (disk usage), `uname` (system info)
|
||||
* Windows: `tasklist` (list processes), `taskkill` (kill process), `systeminfo` (system details)
|
||||
4. **File Permissions and Ownership:**
|
||||
|
||||
* Unix/Linux: `chmod` (change file permissions), `chown` (change file ownership)
|
||||
* Windows: `icacls` (modify access control lists), `attrib` (change file attributes)
|
||||
5. **Network Commands:**
|
||||
|
||||
* Unix/Linux: `ping` (test network connection), `ifconfig` or `ip` (network interface configuration), `netstat` (network statistics)
|
||||
* Windows: `ping` (test network connection), `ipconfig` (network configuration), `netstat` (network statistics)
|
||||
|
||||
These commands form the foundation of interacting with and managing an OS via the command line, providing greater control over system operations compared to graphical interfaces.
|
||||
|
||||
Learn more from the following resources:
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@article@Essential Unix Commands](https://www.geeksforgeeks.org/essential-linuxunix-commands/)
|
||||
- [@video@60 Linux commands you must know](https://www.youtube.com/watch?v=gd7BXuUQ91w)
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
Common ports are standardized communication endpoints used by various network protocols and services. In cybersecurity, understanding these ports is crucial for configuring firewalls, detecting potential threats, and managing network traffic. Some widely used ports include 80 and 443 for HTTP and HTTPS web traffic, 22 for SSH secure remote access, 25 for SMTP email transmission, and 53 for DNS name resolution. FTP typically uses port 21 for control and 20 for data transfer, while ports 137-139 and 445 are associated with SMB file sharing. Database services often use specific ports, such as 3306 for MySQL and 1433 for Microsoft SQL Server. Cybersecurity professionals must be familiar with these common ports and their expected behaviors to effectively monitor network activities, identify anomalies, and secure systems against potential attacks targeting specific services.
|
||||
|
||||
Learn more from the following resources:
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@video@Common Network Ports](https://www.youtube.com/watch?v=dh8h-4u7Wak)
|
||||
- [@article@Common network ports you should know](https://opensource.com/article/18/10/common-network-ports)
|
||||
- [@article@Common network ports you should know](https://opensource.com/article/18/10/common-network-ports)
|
||||
- [@video@Common Network Ports](https://www.youtube.com/watch?v=dh8h-4u7Wak)
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
Networking protocols are essential for facilitating communication between devices and systems across networks. In cybersecurity, understanding these protocols is crucial for identifying potential vulnerabilities and securing data transmission. Common protocols include TCP/IP, the foundation of internet communication, which ensures reliable data delivery. HTTP and HTTPS are used for web browsing, with HTTPS providing encrypted connections. FTP and SFTP handle file transfers, while SMTP, POP3, and IMAP manage email services. DNS translates domain names to IP addresses, and DHCP automates IP address assignment. SSH enables secure remote access and management of systems. Other important protocols include TLS/SSL for encryption, SNMP for network management, and VPN protocols like IPsec and OpenVPN for secure remote connections. Cybersecurity professionals must be well-versed in these protocols to effectively monitor network traffic, implement security measures, and respond to potential threats targeting specific protocol vulnerabilities.
|
||||
|
||||
Learn more from the following resources:
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@video@Networking For Hackers! (Common Network Protocols)](https://www.youtube.com/watch?v=p3vaaD9pn9I)
|
||||
- [@article@12 Common Network Protocols](https://www.techtarget.com/searchnetworking/feature/12-common-network-protocols-and-their-functions-explained)
|
||||
- [@article@12 Common Network Protocols](https://www.techtarget.com/searchnetworking/feature/12-common-network-protocols-and-their-functions-explained)
|
||||
- [@video@Networking For Hackers! (Common Network Protocols)](https://www.youtube.com/watch?v=p3vaaD9pn9I)
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
Compliance in cybersecurity refers to the adherence to laws, regulations, standards, and best practices designed to protect sensitive data and ensure the security of information systems. It encompasses a wide range of requirements that organizations must meet to safeguard their digital assets and maintain the trust of customers, partners, and regulatory bodies. Common compliance frameworks include GDPR for data protection in the EU, HIPAA for healthcare information in the US, PCI DSS for payment card industry, and ISO 27001 for information security management. Compliance often involves implementing specific security controls, conducting regular audits, maintaining documentation, and demonstrating ongoing commitment to security practices. While achieving compliance can be complex and resource-intensive, it is crucial for mitigating legal and financial risks, protecting reputation, and fostering a culture of security within organizations.
|
||||
|
||||
Learn more from the following resources:
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@article@What is Cyber Security Compliance?](https://www.comptia.org/content/articles/what-is-cybersecurity-compliance)
|
||||
- [@article@Cyber Security Compliance 101](https://sprinto.com/blog/cyber-security-compliance/)
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
CompTIA A+ is an entry-level certification for IT professionals that focuses on essential knowledge and skills in computer hardware, software, and troubleshooting. This certification is widely recognized in the IT industry and can serve as a stepping stone for individuals looking to start a career in the field of information technology.
|
||||
|
||||
Learn more from the following resources:
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@official@CompTIA A+](https://www.comptia.org/certifications/a)
|
||||
- [@video@CompTIA A+ Course](https://www.youtube.com/watch?v=1CZXXNKAY5o)
|
||||
@@ -2,8 +2,8 @@
|
||||
|
||||
The CompTIA Linux+ certification is an entry-level certification aimed at individuals who are seeking to learn and demonstrate their skills and knowledge of the Linux operating system. This certification is widely recognized in the IT industry as an essential qualification for entry-level Linux administrators and helps them gain a strong foundation in Linux system administration tasks.
|
||||
|
||||
Learn more from the following resources:
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@official@CompTIA Linux+](https://www.comptia.org/certifications/linux)
|
||||
- [@video@Linux+ Exam Prep](https://www.youtube.com/watch?v=niPWk7tgD2Q&list=PL78ppT-_wOmuwT9idLvuoKOn6UYurFKCp)
|
||||
- [@article@CompTIA Linux+ Certification Training Labs](https://github.com/labex-labs/comptia-linux-plus-training-labs)
|
||||
- [@article@CompTIA Linux+ Certification Training Labs](https://github.com/labex-labs/comptia-linux-plus-training-labs)
|
||||
- [@video@Linux+ Exam Prep](https://www.youtube.com/watch?v=niPWk7tgD2Q&list=PL78ppT-_wOmuwT9idLvuoKOn6UYurFKCp)
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
The CompTIA Network+ is a highly sought-after certification for IT professionals who aim to build a solid foundation in networking concepts and practices. This certification is vendor-neutral, meaning that it covers a broad range of knowledge that can be applied to various network technologies, products, and solutions. The Network+ certification is designed for beginners in the world of IT networking, and it is recommended that you first obtain the CompTIA A+ certification before moving on to Network+.
|
||||
|
||||
Learn more from the following resources:
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@official@CompTIA Network+](https://www.comptia.org/certifications/network)
|
||||
- [@video@CompTIA Network+ Course](https://www.youtube.com/watch?v=xmpYfyNmWbw)
|
||||
@@ -2,8 +2,8 @@
|
||||
|
||||
CompTIA Security+ is a highly recognized and respected certification for individuals seeking to start their careers in the field of cybersecurity. This certification is vendor-neutral, meaning it doesn't focus on any specific technology or platform, and provides a solid foundation in cybersecurity principles, concepts, and best practices.
|
||||
|
||||
Learn more from the following resources:
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@course@CompTIA SY0-701 Security+ Exam Course Playlist](https://www.youtube.com/playlist?list=PLG49S3nxzAnl4QDVqK-hOnoqcSKEIDDuv)
|
||||
- [@official@CompTIA Security+ Website](https://www.comptia.org/certifications/security)
|
||||
- [@course@CompTIA Security+ Course](https://www.youtube.com/watch?v=yLf2jRY39Rc&list=PLIhvC56v63IIyU0aBUed4qwP0nSCORAdB)
|
||||
- [@official@CompTIA Security+ Website](https://www.comptia.org/certifications/security)
|
||||
@@ -4,7 +4,7 @@ Computer hardware components are the physical parts of a computer system that wo
|
||||
|
||||
The **storage device**, such as a hard disk drive (HDD) or solid-state drive (SSD), is where data is permanently stored, including the operating system, applications, and files. The **power supply unit (PSU)** provides the necessary electrical power to run the components. **Graphics processing units (GPU)**, dedicated for rendering images and videos, are important for tasks like gaming, video editing, and machine learning. Additionally, **input devices** like keyboards and mice, and **output devices** like monitors and printers, enable users to interact with the system. Together, these components make up the essential hardware of a computer, enabling it to perform various computing functions.
|
||||
|
||||
Learn more from the following resources:
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@video@Computer Components for Dummies](https://www.youtube.com/watch?v=cZs6kh0WFRY)
|
||||
- [@article@What is computer hardware?](https://uk.crucial.com/articles/pc-builders/what-is-computer-hardware)
|
||||
- [@video@Computer Components for Dummies](https://www.youtube.com/watch?v=cZs6kh0WFRY)
|
||||
@@ -12,9 +12,9 @@ There are several types of network connections that enable communication between
|
||||
|
||||
Each connection type plays a specific role, balancing factors like speed, distance, and convenience to meet the varying needs of users and organizations.
|
||||
|
||||
Learn more from the following resources:
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@article@What is Ethernet?](https://www.techtarget.com/searchnetworking/definition/Ethernet)
|
||||
- [@article@What is WiFi and how does it work?](https://computer.howstuffworks.com/wireless-network.htm)
|
||||
- [@article@How bluetooth works](https://electronics.howstuffworks.com/bluetooth.htm)
|
||||
-.[video@How bluetooth works](https://www.youtube.com/watch?v=1I1vxu5qIUM)
|
||||
- [@article@video@How bluetooth works](https://www.youtube.com/watch?v=1I1vxu5qIUM)
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
Containment in cybersecurity refers to the process of limiting the impact of a security incident by isolating affected systems, networks, or data to prevent further spread or damage. When a breach or malware infection is detected, containment strategies are quickly implemented to halt the attack's progress, often by disconnecting compromised systems from the network, blocking malicious traffic, or restricting user access. Containment is a critical step in incident response, allowing security teams to control the situation while they investigate the root cause, assess the extent of the breach, and prepare for remediation. Effective containment minimizes the potential harm to the organization, preserving the integrity of unaffected systems and data.
|
||||
|
||||
Learn more from the following resources:
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@article@Microsoft Security Incident Management: Containment, Eradication, and Recovery](https://learn.microsoft.com/en-us/compliance/assurance/assurance-sim-containment-eradication-recovery)
|
||||
- [@article@Containment - AWS](https://docs.aws.amazon.com/whitepapers/latest/aws-security-incident-response-guide/containment.html)
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
The core concepts of Zero Trust revolve around the principle of "never trust, always verify," emphasizing the need to continuously validate every user, device, and application attempting to access resources, regardless of their location within or outside the network perimeter. Unlike traditional security models that rely on a strong perimeter defense, Zero Trust assumes that threats could already exist inside the network and that no entity should be trusted by default. Key principles include strict identity verification, least privilege access, micro-segmentation, and continuous monitoring. This approach limits access to resources based on user roles, enforces granular security policies, and continuously monitors for abnormal behavior, ensuring that security is maintained even if one segment of the network is compromised. Zero Trust is designed to protect modern IT environments from evolving threats by focusing on securing data and resources, rather than just the network perimeter.
|
||||
|
||||
Learn more from the following resources:
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@article@What is a Zero Trust Network?](https://www.cloudflare.com/en-gb/learning/security/glossary/what-is-zero-trust/)
|
||||
- [@video@Zero Trust Explained in 4 minutes](https://www.youtube.com/watch?v=yn6CPQ9RioA)
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
CREST is a non-profit, accreditation and certification body that represents the technical information security industry. Established in 2008, its mission is to promote the development and professionalization of the cyber security sector. CREST provides certifications for individuals and accreditation for companies, helping customers find knowledgeable and experienced professionals in the field.
|
||||
|
||||
Learn more from the following resources:
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@official@CREST Certifications](https://www.crest-approved.org/skills-certifications-careers/crest-certifications/)
|
||||
- [@video@A brief overview of CREST](https://www.youtube.com/watch?v=Cci5qrv8fHY)
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
The Cybersecurity Framework (CSF) is a set of guidelines aimed at helping organizations better protect their critical infrastructure from cyber threats. Developed by the National Institute of Standards and Technology (NIST), this voluntary framework provides a flexible, risk-based approach to managing cybersecurity risks.
|
||||
|
||||
Learn more from the following resources:
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@official@NIST Cybersecurity Framework](https://www.nist.gov/cyberframework)
|
||||
- [@video@NIST Cybersecurity Framework Explained](https://www.youtube.com/watch?v=_KXqDNVmpu8)
|
||||
- [@video@NIST Cybersecurity Framework Explained](https://www.youtube.com/watch?v=_KXqDNVmpu8)
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
Cross-Site Request Forgery (CSRF) is a type of web security vulnerability that allows an attacker to trick a user into performing actions on a web application without their consent. It occurs when a malicious website or link causes a user’s browser to send unauthorized requests to a different site where the user is authenticated, such as submitting a form or changing account settings. Since the requests are coming from the user’s authenticated session, the web application mistakenly trusts them, allowing the attacker to perform actions like transferring funds, changing passwords, or altering user data. CSRF attacks exploit the trust that a web application has in the user's browser, making it critical for developers to implement countermeasures like CSRF tokens, same-site cookie attributes, and user confirmation prompts to prevent unauthorized actions.
|
||||
|
||||
Learn more from the following resources:
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@video@Cross-Site Request Forgery Explained](https://www.youtube.com/watch?v=eWEgUcHPle0)
|
||||
- [@article@Cross-Site Request Forgery](https://owasp.org/www-community/attacks/csrf)
|
||||
- [@article@Cross-Site Request Forgery](https://owasp.org/www-community/attacks/csrf)
|
||||
- [@video@Cross-Site Request Forgery Explained](https://www.youtube.com/watch?v=eWEgUcHPle0)
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
cURL is a versatile command-line tool primarily used for transferring data using various network protocols. It is widely used in cybersecurity and development for the purpose of testing and interacting with web services, APIs, and scrutinizing web application security. Curl supports various protocols such as HTTP, HTTPS, FTP, SCP, SFTP, and many more.
|
||||
|
||||
Learn more from the following resources:
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@article@What is the cURL command?](https://blog.hubspot.com/website/curl-command)
|
||||
- [@video@You need to know how to use cURL](https://www.youtube.com/watch?v=q2sqkvXzsw8)
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
The **Cyber Kill Chain** is a model that was developed by Lockheed Martin, a major aerospace, military support, and security company, to understand and prevent cyber intrusions in various networks and systems. It serves as a framework for breaking down the stages of a cyber attack, making it easier for security professionals to identify, mitigate, and prevent threats.
|
||||
|
||||
Learn more from the following resources:
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@official@Cyber Kill Chain](https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html)
|
||||
- [@video@Learn the Cyber Kill Chain](https://www.youtube.com/watch?v=oCUrkc_0tmw)
|
||||
@@ -4,7 +4,7 @@
|
||||
|
||||
This command-line utility is available on Unix-based systems such as Linux, BSD, and macOS. It can perform tasks like data duplication, data conversion, and error correction. Most importantly, it's an invaluable tool for obtaining a bit-by-bit copy of a disk or file, which can then be analyzed using forensic tools.
|
||||
|
||||
Learn more from the following resources:
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@video@How to use the dd command in Linux](https://www.youtube.com/watch?v=hsDxcJhCRLI)
|
||||
- [@article@When and how to use the dd command](https://www.baeldung.com/linux/dd-command)
|
||||
- [@article@When and how to use the dd command](https://www.baeldung.com/linux/dd-command)
|
||||
- [@video@How to use the dd command in Linux](https://www.youtube.com/watch?v=hsDxcJhCRLI)
|
||||
@@ -1,8 +1,8 @@
|
||||
# Deauth Attack
|
||||
|
||||
A Deauthentication (Deauth) Attack is a type of denial-of-service (DoS) attack specific to wireless networks. It involves sending fake deauthentication frames to a Wi-Fi client or access point, forcing the client to disconnect from the network. The attacker uses this technique to disrupt the communication between the client and the access point, often with the intention of capturing data, launching further attacks, or simply causing disruption.
|
||||
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@article@Wi-Fi Deauthentication Attack](https://medium.com/@balaramapunna123/wi-fi-deauthentication-attack-76cdd91d5fc)
|
||||
- [@article@Deauthentication Attacks](https://www.baeldung.com/cs/deauthentication-attacks)
|
||||
# Deauth Attack
|
||||
|
||||
A Deauthentication (Deauth) Attack is a type of denial-of-service (DoS) attack specific to wireless networks. It involves sending fake deauthentication frames to a Wi-Fi client or access point, forcing the client to disconnect from the network. The attacker uses this technique to disrupt the communication between the client and the access point, often with the intention of capturing data, launching further attacks, or simply causing disruption.
|
||||
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@article@Wi-Fi Deauthentication Attack](https://medium.com/@balaramapunna123/wi-fi-deauthentication-attack-76cdd91d5fc)
|
||||
- [@article@Deauthentication Attacks](https://www.baeldung.com/cs/deauthentication-attacks)
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
A default gateway is a network node, typically a router or a firewall, that serves as the access point or intermediary between a local network and external networks, such as the internet. When a device on a local network needs to communicate with a device outside its own subnet—such as accessing a website or sending an email—it sends the data to the default gateway, which then routes it to the appropriate external destination. The default gateway acts as a traffic director, ensuring that data packets are correctly forwarded between the internal network and external networks, making it a crucial component for enabling communication beyond the local network's boundaries.
|
||||
|
||||
Learn more from the following resources:
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@article@What is a Default Gateway?](https://nordvpn.com/blog/what-is-a-default-gateway/?srsltid=AfmBOoosi5g4acnT9Gv_B86FMGr72hWDhk8J-4jr1HvxPCSu96FikCyw)
|
||||
- [@video@Routers and Default Gateways](https://www.youtube.com/watch?v=JOomC1wFrbU)
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
The Dynamic Host Configuration Protocol (DHCP) is a network management protocol used to automatically assign IP addresses and other network configuration details, such as subnet masks, default gateways, and DNS servers, to devices on a network. When a device, such as a computer or smartphone, connects to a network, it sends a request to the DHCP server, which then dynamically assigns an available IP address from a defined range and provides the necessary configuration information. This process simplifies network management by eliminating the need for manual IP address assignment and reduces the risk of IP conflicts, ensuring that devices can seamlessly join the network and communicate with other devices and services.
|
||||
|
||||
Learn more from the following resources:
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@video@What is DHCP and how does it work?](https://www.youtube.com/watch?v=ldtUSSZJCGg)
|
||||
- [@article@Dynamic Host Configuration Protocol (DHCP)](https://learn.microsoft.com/en-us/windows-server/networking/technologies/dhcp/dhcp-top)
|
||||
- [@article@Dynamic Host Configuration Protocol (DHCP)](https://learn.microsoft.com/en-us/windows-server/networking/technologies/dhcp/dhcp-top)
|
||||
- [@video@What is DHCP and how does it work?](https://www.youtube.com/watch?v=ldtUSSZJCGg)
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
The Dynamic Host Configuration Protocol (DHCP) is a network management protocol used to automatically assign IP addresses and other network configuration details, such as subnet masks, default gateways, and DNS servers, to devices on a network. When a device, such as a computer or smartphone, connects to a network, it sends a request to the DHCP server, which then dynamically assigns an available IP address from a defined range and provides the necessary configuration information. This process simplifies network management by eliminating the need for manual IP address assignment and reduces the risk of IP conflicts, ensuring that devices can seamlessly join the network and communicate with other devices and services.
|
||||
|
||||
Learn more from the following resources:
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@video@What is DHCP and how does it work?](https://www.youtube.com/watch?v=ldtUSSZJCGg)
|
||||
- [@article@Dynamic Host Configuration Protocol (DHCP)](https://learn.microsoft.com/en-us/windows-server/networking/technologies/dhcp/dhcp-top)
|
||||
- [@article@Dynamic Host Configuration Protocol (DHCP)](https://learn.microsoft.com/en-us/windows-server/networking/technologies/dhcp/dhcp-top)
|
||||
- [@video@What is DHCP and how does it work?](https://www.youtube.com/watch?v=ldtUSSZJCGg)
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
The Diamond Model is a cybersecurity framework used for analyzing and understanding cyber threats by breaking down an attack into four core components: Adversary, Infrastructure, Capability, and Victim. The Adversary represents the entity behind the attack, the Infrastructure refers to the systems and resources used by the attacker (such as command and control servers), the Capability denotes the tools or malware employed, and the Victim is the target of the attack. The model emphasizes the relationships between these components, helping analysts to identify patterns, track adversary behavior, and understand the broader context of cyber threats. By visualizing and connecting these elements, the Diamond Model aids in developing more effective detection, mitigation, and response strategies.
|
||||
|
||||
Learn more from the following resources:
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@article@The Diamond Model: Simple Intelligence-Driven Intrusion Analysis](https://kravensecurity.com/diamond-model-analysis/)
|
||||
- [@video@The Diamond Model for Intrusion Detection](https://www.youtube.com/watch?v=3AOKomsmeUY)
|
||||
@@ -2,25 +2,28 @@
|
||||
|
||||
In the field of cyber security, it is essential to stay up-to-date with different versions of software, tools, and technology, as well as understanding the differences between them. Regularly updating software ensures that you have the latest security features in place to protect yourself from potential threats.
|
||||
|
||||
## Importance of Versions
|
||||
Importance of Versions
|
||||
----------------------
|
||||
|
||||
- **Security**: Newer versions of software often introduce patches to fix security vulnerabilities. Using outdated software can leave your system exposed to cyber attacks.
|
||||
* **Security**: Newer versions of software often introduce patches to fix security vulnerabilities. Using outdated software can leave your system exposed to cyber attacks.
|
||||
|
||||
* **Features**: Upgrading to a newer version of software can provide access to new features and functionalities, improving the user experience and performance.
|
||||
|
||||
* **Compatibility**: As technology evolves, staying up-to-date with versions helps ensure that software or tools are compatible across various platforms and devices.
|
||||
|
||||
|
||||
- **Features**: Upgrading to a newer version of software can provide access to new features and functionalities, improving the user experience and performance.
|
||||
|
||||
- **Compatibility**: As technology evolves, staying up-to-date with versions helps ensure that software or tools are compatible across various platforms and devices.
|
||||
|
||||
## Understanding Differences
|
||||
Understanding Differences
|
||||
-------------------------
|
||||
|
||||
When we talk about differences in the context of cybersecurity, they can refer to:
|
||||
|
||||
- **Software Differences**: Different software or tools offer different features and capabilities, so it's crucial to choose one that meets your specific needs. Additionally, open-source tools may differ from proprietary tools in terms of functionalities, licensing, and costs.
|
||||
|
||||
- **Operating System Differences**: Cybersecurity practices may differ across operating systems such as Windows, Linux, or macOS. Each operating system has its own security controls, vulnerabilities, and potential attack vectors.
|
||||
|
||||
- **Protocol Differences**: Understanding the differences between various network protocols (HTTP, HTTPS, SSH, FTP, etc.) can help you choose the most secure method for your purposes.
|
||||
|
||||
- **Threat Differences**: Various types of cyber threats exist (e.g., malware, phishing, denial-of-service attacks), and it is crucial to understand their differences in order to implement the most effective countermeasures.
|
||||
|
||||
Learn more from the following resources:
|
||||
* **Software Differences**: Different software or tools offer different features and capabilities, so it's crucial to choose one that meets your specific needs. Additionally, open-source tools may differ from proprietary tools in terms of functionalities, licensing, and costs.
|
||||
|
||||
* **Operating System Differences**: Cybersecurity practices may differ across operating systems such as Windows, Linux, or macOS. Each operating system has its own security controls, vulnerabilities, and potential attack vectors.
|
||||
|
||||
* **Protocol Differences**: Understanding the differences between various network protocols (HTTP, HTTPS, SSH, FTP, etc.) can help you choose the most secure method for your purposes.
|
||||
|
||||
* **Threat Differences**: Various types of cyber threats exist (e.g., malware, phishing, denial-of-service attacks), and it is crucial to understand their differences in order to implement the most effective countermeasures.
|
||||
|
||||
|
||||
Learn more from the following resources:
|
||||
@@ -2,6 +2,6 @@
|
||||
|
||||
`dig`, short for the Domain Information Groper, is a powerful and flexible command-line tool used to perform DNS queries and obtain valuable information about domains, IPs, and DNS records. This utility, available on UNIX-based systems like Linux and macOS, provides an essential function to help diagnose and resolve various issues related to domain name resolution and network connectivity. It is highly useful for network administrators and cybersecurity professionals when troubleshooting DNS-related problems.
|
||||
|
||||
Learn more from the following resources:
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@video@How to look up DNS records with dig](https://www.youtube.com/watch?v=iESSCDnC74k)
|
||||
- [@video@How to look up DNS records with dig](https://www.youtube.com/watch?v=iESSCDnC74k)
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
`dig`, short for the Domain Information Groper, is a powerful and flexible command-line tool used to perform DNS queries and obtain valuable information about domains, IPs, and DNS records. This utility, available on UNIX-based systems like Linux and macOS, provides an essential function to help diagnose and resolve various issues related to domain name resolution and network connectivity. It is highly useful for network administrators and cybersecurity professionals when troubleshooting DNS-related problems.
|
||||
|
||||
Learn more from the following resources:
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@video@How to look up DNS records with dig](https://www.youtube.com/watch?v=3AOKomsmeUY)
|
||||
- [@article@How to use Linux dig command](https://www.google.com/search?client=firefox-b-d&q=linux+dig+command)
|
||||
- [@article@How to use Linux dig command](https://www.google.com/search?client=firefox-b-d&q=linux+dig+command)
|
||||
- [@video@How to look up DNS records with dig](https://www.youtube.com/watch?v=3AOKomsmeUY)
|
||||
@@ -1,13 +1,13 @@
|
||||
# Directory Traversal
|
||||
|
||||
Directory Traversal, also known as Path Traversal, is a vulnerability that allows attackers to read files on a system without proper authorization. These attacks typically exploit unsecured paths using "../" (dot-dot-slash) sequences and their variations, or absolute file paths. The attack is also referred to as "dot-dot-slash," "directory climbing," or "backtracking."
|
||||
|
||||
While Directory Traversal is sometimes combined with other vulnerabilities like Local File Inclusion (LFI) or Remote File Inclusion (RFI), the key difference is that Directory Traversal doesn't execute code, whereas LFI and RFI usually do.
|
||||
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@article@Portswigger's guide on File Path Traversal](https://portswigger.net/web-security/file-path-traversal)
|
||||
- [@official@OWASP's article on Path Traversal](https://owasp.org/www-community/attacks/Path_Traversal)
|
||||
- [@course@TryHackMe's room on Path Traversal & File Inclusion](https://tryhackme.com/r/room/filepathtraversal)
|
||||
- [@article@Acunetix's article on directory traversal](https://www.acunetix.com/websitesecurity/directory-traversal/)
|
||||
- [@course@HackTheBox Academy's module on File Inclusion & Path Traversal](https://academy.hackthebox.com/course/preview/file-inclusion)
|
||||
# Directory Traversal
|
||||
|
||||
Directory Traversal, also known as Path Traversal, is a vulnerability that allows attackers to read files on a system without proper authorization. These attacks typically exploit unsecured paths using "../" (dot-dot-slash) sequences and their variations, or absolute file paths. The attack is also referred to as "dot-dot-slash," "directory climbing," or "backtracking."
|
||||
|
||||
While Directory Traversal is sometimes combined with other vulnerabilities like Local File Inclusion (LFI) or Remote File Inclusion (RFI), the key difference is that Directory Traversal doesn't execute code, whereas LFI and RFI usually do.
|
||||
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@course@TryHackMe's room on Path Traversal & File Inclusion](https://tryhackme.com/r/room/filepathtraversal)
|
||||
- [@course@HackTheBox Academy's module on File Inclusion & Path Traversal](https://academy.hackthebox.com/course/preview/file-inclusion)
|
||||
- [@official@OWASP's article on Path Traversal](https://owasp.org/www-community/attacks/Path_Traversal)
|
||||
- [@article@Portswigger's guide on File Path Traversal](https://portswigger.net/web-security/file-path-traversal)
|
||||
- [@article@Acunetix's article on directory traversal](https://www.acunetix.com/websitesecurity/directory-traversal/)
|
||||
@@ -5,4 +5,4 @@ Data Loss Prevention (DLP) refers to a set of strategies, tools, and processes u
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@article@What is DLP (data loss prevention)?](https://www.cloudflare.com/es-es/learning/access-management/what-is-dlp/)
|
||||
- [@article@What is Data Loss Prevention (DLP)?](https://www.techtarget.com/whatis/definition/data-loss-prevention-DLP)
|
||||
- [@article@What is Data Loss Prevention (DLP)?](https://www.techtarget.com/whatis/definition/data-loss-prevention-DLP)
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
A **DMZ**, also known as a **Demilitarized Zone**, is a specific part of a network that functions as a buffer or separation between an organization's internal, trusted network and the external, untrusted networks like the internet. The primary purpose of a DMZ is to isolate critical systems and data from the potentially hostile external environment and provide an extra layer of security.
|
||||
|
||||
Learn more from the following resources:
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@article@What is a DMZ Network?](https://www.fortinet.com/resources/cyberglossary/what-is-dmz)
|
||||
- [@video@DMZ explained](https://www.youtube.com/watch?v=48QZfBeU4ps)
|
||||
@@ -1,9 +1,9 @@
|
||||
# DNS Poisoning/DNS Spoofing/DNS Cache Poisoning
|
||||
|
||||
DNS spoofing or DNS cache poisoning, occurs when fake information is inserted into a DNS server’s cache.This causes DNS queries to return incorrect IP addresses, directing users to the wrong websites. Hackers exploit this to reroute traffic to malicious sites. The issue persists until the cached information is corrected.When the cache is poisoned, it misdirects traffic until the incorrect information is fixed. This technique exploits vulnerabilities in the DNS system and can spread to other servers, causing widespread issues.
|
||||
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@article@What is DNS Cache Poisoning? | DNS spoofing](https://www.cloudflare.com/learning/dns/dns-cache-poisoning/)
|
||||
- [@article@What Is DNS Poisoning?](https://www.fortinet.com/resources/cyberglossary/dns-poisoning)
|
||||
- [@article@DNS Poisoning (DNS Spoofing): Definition, Technique & Defense](https://www.okta.com/identity-101/dns-poisoning/)
|
||||
# DNS Poisoning/DNS Spoofing/DNS Cache Poisoning
|
||||
|
||||
DNS spoofing or DNS cache poisoning, occurs when fake information is inserted into a DNS server’s cache.This causes DNS queries to return incorrect IP addresses, directing users to the wrong websites. Hackers exploit this to reroute traffic to malicious sites. The issue persists until the cached information is corrected.When the cache is poisoned, it misdirects traffic until the incorrect information is fixed. This technique exploits vulnerabilities in the DNS system and can spread to other servers, causing widespread issues.
|
||||
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@article@What is DNS Cache Poisoning? | DNS spoofing](https://www.cloudflare.com/learning/dns/dns-cache-poisoning/)
|
||||
- [@article@What Is DNS Poisoning?](https://www.fortinet.com/resources/cyberglossary/dns-poisoning)
|
||||
- [@article@DNS Poisoning (DNS Spoofing): Definition, Technique & Defense](https://www.okta.com/identity-101/dns-poisoning/)
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
The Domain Name System (DNS) is a fundamental protocol of the internet that translates human-readable domain names, like `www.example.com`, into IP addresses, such as `192.0.2.1`, which are used by computers to locate and communicate with each other. Essentially, DNS acts as the internet's phonebook, enabling users to access websites and services without needing to memorize numerical IP addresses. When a user types a domain name into a browser, a DNS query is sent to a DNS server, which then resolves the domain into its corresponding IP address, allowing the browser to connect to the appropriate server. DNS is crucial for the functionality of the internet, as it underpins virtually all online activities by ensuring that requests are routed to the correct destinations.
|
||||
|
||||
Learn more from the following resources:
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@article@What is DNS?](https://www.cloudflare.com/en-gb/learning/dns/what-is-dns/)
|
||||
- [@video@DNS Explained in 100 Seconds](https://www.youtube.com/watch?v=UVR9lhUGAyU)
|
||||
|
||||
@@ -2,8 +2,8 @@
|
||||
|
||||
The Domain Name System (DNS) is a fundamental protocol of the internet that translates human-readable domain names, like `www.example.com`, into IP addresses, such as `192.0.2.1`, which are used by computers to locate and communicate with each other. Essentially, DNS acts as the internet's phonebook, enabling users to access websites and services without needing to memorize numerical IP addresses. When a user types a domain name into a browser, a DNS query is sent to a DNS server, which then resolves the domain into its corresponding IP address, allowing the browser to connect to the appropriate server. DNS is crucial for the functionality of the internet, as it underpins virtually all online activities by ensuring that requests are routed to the correct destinations.
|
||||
|
||||
Learn more from the following resources:
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@article@What is DNS?](https://www.cloudflare.com/en-gb/learning/dns/what-is-dns/)
|
||||
- [@video@DNS Explained in 100 Seconds](https://www.youtube.com/watch?v=UVR9lhUGAyU)
|
||||
- [@video@What is DNS?](https://www.youtube.com/watch?v=nyH0nYhMW9M)
|
||||
- [@article@What is DNS?](https://www.cloudflare.com/en-gb/learning/dns/what-is-dns/)
|
||||
- [@video@What is DNS?](https://www.youtube.com/watch?v=nyH0nYhMW9M)
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
DNS Security Extensions (DNSSEC) is a suite of protocols designed to add a layer of security to the Domain Name System (DNS) by enabling DNS responses to be authenticated. While DNS itself resolves domain names into IP addresses, it does not inherently verify the authenticity of the responses, leaving it vulnerable to attacks like cache poisoning, where an attacker injects malicious data into a DNS resolver’s cache. DNSSEC addresses this by using digital signatures to ensure that the data received is exactly what was intended by the domain owner and has not been tampered with during transit. When a DNS resolver requests information, DNSSEC-enabled servers respond with both the requested data and a corresponding digital signature. The resolver can then verify this signature using a chain of trust, ensuring the integrity and authenticity of the DNS response. By protecting against forged DNS data, DNSSEC plays a critical role in enhancing the security of internet communications.
|
||||
|
||||
Learn more from the following resources:
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@article@How DNSSEC works](https://www.cloudflare.com/en-gb/dns/dnssec/how-dnssec-works/)
|
||||
- [@video@What is DNSSEC?](https://www.youtube.com/watch?v=Fk2oejzgSVQ)
|
||||
@@ -2,8 +2,8 @@
|
||||
|
||||
Denial of Service (DoS) and Distributed Denial of Service (DDoS) are both types of cyber attacks aimed at disrupting the normal functioning of a targeted service, typically a website or network. A DoS attack involves a single source overwhelming a system with a flood of requests or malicious data, exhausting its resources and making it unavailable to legitimate users. In contrast, a DDoS attack amplifies this disruption by using multiple compromised devices, often forming a botnet, to launch a coordinated attack from numerous sources simultaneously. This distributed nature makes DDoS attacks more challenging to mitigate, as the traffic comes from many different locations, making it harder to identify and block the malicious traffic. Both types of attacks can cause significant downtime, financial loss, and reputational damage to the targeted organization.
|
||||
|
||||
Learn more from the following resources:
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@article@DoS vs DDoS](https://www.fortinet.com/resources/cyberglossary/dos-vs-ddos)
|
||||
- [@video@What is Denial-of-Service attack?](https://www.youtube.com/watch?v=Z7xG3b0aL_I)
|
||||
- [@video@What is a DDoS attack?](https://www.youtube.com/watch?v=z503nLsfe5s)
|
||||
- [@article@DoS vs DDoS](https://www.fortinet.com/resources/cyberglossary/dos-vs-ddos)
|
||||
- [@video@What is a DDoS attack?](https://www.youtube.com/watch?v=z503nLsfe5s)
|
||||
@@ -1,8 +1,8 @@
|
||||
# Drive-by Attack
|
||||
|
||||
Drive-by Attack is a type of cyberattack where malicious code is automatically downloaded and executed on a user's system simply by visiting a compromised or malicious website. The user does not need to click on anything or interact with the page; just loading the website is enough to trigger the attack.
|
||||
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@article@What is a Drive-By Attack?](https://www.ericom.com/glossary/what-is-a-drive-by-attack/)
|
||||
- [@video@Drive-By Download attack](https://www.youtube.com/watch?v=xL4DyblbnKg)
|
||||
# Drive-by Attack
|
||||
|
||||
Drive-by Attack is a type of cyberattack where malicious code is automatically downloaded and executed on a user's system simply by visiting a compromised or malicious website. The user does not need to click on anything or interact with the page; just loading the website is enough to trigger the attack.
|
||||
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@article@What is a Drive-By Attack?](https://www.ericom.com/glossary/what-is-a-drive-by-attack/)
|
||||
- [@video@Drive-By Download attack](https://www.youtube.com/watch?v=xL4DyblbnKg)
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
Dropbox is a widely used cloud storage service that allows you to store, access, and share files, documents, and media with ease across various devices. Launched in 2007, Dropbox has become one of the most popular cloud storage solutions, catering to both individual users and businesses. The service is available on multiple platforms, including Windows, macOS, Linux, iOS, and Android.
|
||||
|
||||
Learn more from the following resources:
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@official@Dropbox](https://dropbox.com)
|
||||
- [@official@How to Use Dropbox - a guide to your account](https://learn.dropbox.com/self-guided-learning/dropbox-fundamentals-course/how-to-use-dropbox)
|
||||
|
||||
@@ -1,9 +1,9 @@
|
||||
# Dumpster Diving
|
||||
|
||||
Dumpster Diving in the context of cybersecurity refers to the practice of searching through discarded materials in trash or recycling bins to find confidential information. This technique may seem unsophisticated, but it can be extremely effective in obtaining valuable data such as passwords, account information, network diagrams, or any other sensitive information that has not been properly destroyed.
|
||||
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@article@Dumpster Diving](https://www.techtarget.com/searchsecurity/definition/dumpster-diving)
|
||||
- [@article@What is Dumpster Diving](https://powerdmarc.com/dumpster-diving-in-cybersecurity/)
|
||||
# Dumpster Diving
|
||||
|
||||
Dumpster Diving in the context of cybersecurity refers to the practice of searching through discarded materials in trash or recycling bins to find confidential information. This technique may seem unsophisticated, but it can be extremely effective in obtaining valuable data such as passwords, account information, network diagrams, or any other sensitive information that has not been properly destroyed.
|
||||
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@article@Dumpster Diving](https://www.techtarget.com/searchsecurity/definition/dumpster-diving)
|
||||
- [@article@What is Dumpster Diving](https://powerdmarc.com/dumpster-diving-in-cybersecurity/)
|
||||
- [@video@Dumpster Diving for Sensitive Information](https://www.youtube.com/watch?v=Pom86gq4mk4)
|
||||
@@ -4,7 +4,7 @@ EAP and PEAP are both authentication frameworks used in wireless networks and Po
|
||||
|
||||
PEAP, on the other hand, is a version of EAP designed to enhance security by encapsulating the EAP communication within a secure TLS (Transport Layer Security) tunnel. This tunnel protects the authentication process from eavesdropping and man-in-the-middle attacks. PEAP requires a server-side certificate to establish the TLS tunnel, but it does not require client-side certificates, making it easier to deploy while still ensuring secure transmission of credentials. PEAP is widely used in wireless networks to provide a secure authentication mechanism that protects user credentials during the authentication process.
|
||||
|
||||
Learn more from the following resources:
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@article@Extensible Authentication Protocol (EAP) for network access](https://learn.microsoft.com/en-us/windows-server/networking/technologies/extensible-authentication-protocol/network-access?tabs=eap-tls%2Cserveruserprompt-eap-tls%2Ceap-sim)
|
||||
- [@article@What is Protected Extensible Authentication Protocol (PEAP)](https://www.techtarget.com/searchsecurity/definition/PEAP-Protected-Extensible-Authentication-Protocol)
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
Endpoint Detection and Response (EDR) is a cybersecurity technology that provides continuous monitoring and response to threats at the endpoint level. It is designed to detect, investigate, and mitigate suspicious activities on endpoints such as laptops, desktops, and mobile devices. EDR solutions log and analyze behaviors on these devices to identify potential threats, such as malware or ransomware, that have bypassed traditional security measures like antivirus software. This technology equips security teams with the tools to quickly respond to and contain threats, minimizing the risk of a security breach spreading across the network. EDR systems are an essential component of modern cybersecurity strategies, offering advanced protection by utilizing real-time analytics, AI-driven automation, and comprehensive data recording.
|
||||
|
||||
Learn more from the following resources:
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@video@What is Endpoint Detection and Response (EDR)? - IBM](https://www.youtube.com/watch?v=55GaIolVVqI)
|
||||
- [@article@What is Endpoint Detection and Response?](https://www.crowdstrike.com/cybersecurity-101/endpoint-security/endpoint-detection-and-response-edr/)
|
||||
- [@article@What is Endpoint Detection and Response?](https://www.crowdstrike.com/cybersecurity-101/endpoint-security/endpoint-detection-and-response-edr/)
|
||||
- [@video@What is Endpoint Detection and Response (EDR)? - IBM](https://www.youtube.com/watch?v=55GaIolVVqI)
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
Endpoint security focuses on protecting individual devices that connect to a network, such as computers, smartphones, tablets, and IoT devices. It's a critical component of modern cybersecurity strategy, as endpoints often serve as entry points for cyberattacks. This approach involves deploying and managing security software on each device, including antivirus programs, firewalls, and intrusion detection systems. Advanced endpoint protection solutions may incorporate machine learning and behavioral analysis to detect and respond to novel threats. Endpoint security also encompasses patch management, device encryption, and access controls to mitigate risks associated with lost or stolen devices. As remote work and bring-your-own-device (BYOD) policies become more prevalent, endpoint security has evolved to include cloud-based management and zero-trust architectures, ensuring that security extends beyond the traditional network perimeter to protect data and systems regardless of device location or ownership.
|
||||
|
||||
Learn more from the following resources:
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@article@What is Endpoint Security?](https://www.crowdstrike.com/cybersecurity-101/endpoint-security/)
|
||||
- [@video@Endpoints are the IT Frontdoor - Guard them!](https://www.youtube.com/watch?v=Njqid_JpqTs)
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
Eradication in cybersecurity refers to the critical phase of incident response that follows containment, focusing on completely removing the threat from the affected systems. This process involves thoroughly identifying and eliminating all components of the attack, including malware, backdoors, and any alterations made to the system. Security teams meticulously analyze logs, conduct forensic examinations, and use specialized tools to ensure no traces of the threat remain. Eradication may require reimaging compromised systems, patching vulnerabilities, updating software, and resetting compromised credentials. It's a complex and often time-consuming process that demands precision to prevent reinfection or lingering security gaps. Successful eradication is crucial for restoring system integrity and preventing future incidents based on the same attack vector. After eradication, organizations typically move to the recovery phase, rebuilding and strengthening their systems with lessons learned from the incident.
|
||||
|
||||
Learn more from the following resources:
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@article@Eradication - AWS](https://docs.aws.amazon.com/whitepapers/latest/aws-security-incident-response-guide/eradication.html)
|
||||
- [@article@What is eradication in Cybersecurity?](https://heimdalsecurity.com/blog/what-is-eradication-in-cybersecurity/)
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
VMware ESXi is a Type 1 hypervisor and the core building block for VMware's virtualization technology. It represents a bare-metal hypervisor, which means it is installed directly onto your physical server's hardware, without the need for a supporting operating system. This results in elevated performance, reduced overhead, and efficient resource allocation.
|
||||
|
||||
Learn more from the following resources:
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@official@What is ESXi?](https://www.vmware.com/products/cloud-infrastructure/esxi-and-esx)
|
||||
- [@article@What is VMWare ESXi?](https://www.liquidweb.com/blog/what-is-vmware-esxi/)
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
Event logs are digital records that document activities and occurrences within computer systems and networks. They serve as a crucial resource for cybersecurity professionals, providing a chronological trail of system operations, user actions, and security-related events. These logs capture a wide range of information, including login attempts, file access, system changes, and application errors. In the context of security, event logs play a vital role in threat detection, incident response, and forensic analysis. They help identify unusual patterns, track potential security breaches, and reconstruct the sequence of events during an attack. Effective log management involves collecting logs from various sources, securely storing them, and implementing tools for log analysis and correlation. However, the sheer volume of log data can be challenging to manage, requiring advanced analytics and automation to extract meaningful insights and detect security incidents in real-time.
|
||||
|
||||
Learn more from the following resources:
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@article@What is an Event Log?](https://www.crowdstrike.com/cybersecurity-101/observability/event-log/)
|
||||
- [@article@What are event logs and why do they matter?](https://www.blumira.com/blog/what-are-event-logs-and-why-do-they-matter)
|
||||
@@ -1,8 +1,8 @@
|
||||
# What is Evil Twin attack
|
||||
|
||||
An Evil Twin is a type of wireless network attack where an attacker sets up a rogue Wi-Fi access point that mimics a legitimate Wi-Fi network. The rogue access point has the same SSID (network name) as the legitimate network, making it difficult for users to distinguish between the two. The attacker's goal is to trick users into connecting to the rogue access point, allowing them to intercept sensitive information, inject malware, or launch other types of attacks.
|
||||
|
||||
Learn more from the following resources:
|
||||
|
||||
- [@article@What is an Evil Twin attack?](https://www.techtarget.com/searchsecurity/definition/evil-twin)
|
||||
# What is Evil Twin attack
|
||||
|
||||
An Evil Twin is a type of wireless network attack where an attacker sets up a rogue Wi-Fi access point that mimics a legitimate Wi-Fi network. The rogue access point has the same SSID (network name) as the legitimate network, making it difficult for users to distinguish between the two. The attacker's goal is to trick users into connecting to the rogue access point, allowing them to intercept sensitive information, inject malware, or launch other types of attacks.
|
||||
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@article@What is an Evil Twin attack?](https://www.techtarget.com/searchsecurity/definition/evil-twin)
|
||||
- [@video@How Hackers Can Grab Your Passwords Over Wi-Fi with Evil Twin Attacks](https://www.youtube.com/watch?v=HyxQqDq3qs4)
|
||||
@@ -6,7 +6,7 @@ A false negative occurs when the security tool fails to detect an actual threat
|
||||
|
||||
To have an effective cybersecurity system, security professionals aim to maximize true positives and true negatives, while minimizing false positives and false negatives. Balancing these aspects ensures that the security tools maintain their effectiveness without causing undue disruptions to a user's experience.
|
||||
|
||||
Learn more from the following resources:
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@article@Difference Between False Positive and False Negative](https://www.differencebetween.net/science/difference-between-false-positive-and-false-negative/)
|
||||
- [@video@What is a false positive virus?](https://www.youtube.com/watch?v=WrcAGBvIT14)
|
||||
|
||||
@@ -4,7 +4,7 @@ Firewalls are network security devices that monitor and control incoming and out
|
||||
|
||||
Next-generation firewalls (NGFWs) build upon this foundation, offering more advanced features to address modern cyber threats. NGFWs incorporate deep packet inspection, application-level filtering, and integrated intrusion prevention systems. They can identify and control applications regardless of port or protocol, enabling more granular security policies. NGFWs often include additional security functions such as SSL/TLS inspection, antivirus scanning, and threat intelligence integration. This evolution allows for more comprehensive network protection, better visibility into network traffic, and improved defense against sophisticated attacks in today's complex and dynamic threat landscape.
|
||||
|
||||
Learn more from the following resources:
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@article@What is a Firewall?](https://www.kaspersky.com/resource-center/definitions/firewall)
|
||||
- [@article@What is a next-generation firewall (NGFW)?](https://www.cloudflare.com/en-gb/learning/security/what-is-next-generation-firewall-ngfw/)
|
||||
- [@article@What is a next-generation firewall (NGFW)?](https://www.cloudflare.com/en-gb/learning/security/what-is-next-generation-firewall-ngfw/)
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
Firewall logs are detailed records of network traffic and security events captured by firewall devices. These logs provide crucial information about connection attempts, allowed and blocked traffic, and potential security incidents. They typically include data such as source and destination IP addresses, ports, protocols, timestamps, and the action taken by the firewall. Security professionals analyze these logs to monitor network activity, detect unusual patterns, investigate security breaches, and ensure policy compliance. Firewall logs are essential for troubleshooting network issues, optimizing security rules, and conducting forensic analysis after an incident. However, the volume of log data generated can be overwhelming, necessitating the use of log management tools and security information and event management (SIEM) systems to effectively process, correlate, and derive actionable insights from the logs. Regular review and analysis of firewall logs are critical practices in maintaining a robust security posture and responding promptly to potential threats.
|
||||
|
||||
Learn more from the following resources:
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@article@What is Firewall Logging and Why is it Important?](https://cybriant.com/what-is-firewall-logging-and-why-is-it-important/)
|
||||
- [@video@Reviewing Firewall Logs](https://www.youtube.com/watch?v=XiJ30f8V_T4)
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
FTK Imager is a popular and widely used free imaging tool developed by AccessData. It allows forensic analysts and IT professionals to create forensic images of digital devices and storage media. It is ideal for incident response and discovery as it helps in preserving and investigating digital evidence that is crucial for handling cyber security incidents.
|
||||
|
||||
Learn more from the following resources:
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@official@Create Forensic Images with Exterro FTK Imager](https://www.exterro.com/digital-forensics-software/ftk-imager)
|
||||
- [@video@Imaging a Directory Using FTK Imager](https://www.youtube.com/watch?v=trWDlPif84o)
|
||||
- [@video@Imaging a Directory Using FTK Imager](https://www.youtube.com/watch?v=trWDlPif84o)
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
File Transfer Protocol (FTP) and Secure File Transfer Protocol (SFTP) are both used for transferring files over networks, but they differ significantly in terms of security. FTP is an older protocol that transmits data in plain text, making it vulnerable to interception and unauthorized access. It typically uses separate connections for commands and data transfer, operating on ports 20 and 21. SFTP, on the other hand, is a secure version that runs over the SSH protocol, encrypting both authentication credentials and file transfers. It uses a single connection on port 22, providing better firewall compatibility. SFTP offers stronger authentication methods and integrity checking, making it the preferred choice for secure file transfers in modern networks. While FTP is simpler and may be faster in some scenarios, its lack of built-in encryption makes it unsuitable for transmitting sensitive information, leading many organizations to adopt SFTP or other secure alternatives to protect their data during transit.
|
||||
|
||||
Learn more from the following resources:
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@article@FTP defined and explained](https://www.fortinet.com/resources/cyberglossary/file-transfer-protocol-ftp-meaning)
|
||||
- [@video@How to use SFTP commands](https://www.youtube.com/watch?v=22lBJIfO9qQ)
|
||||
- [@video@How to use SFTP commands](https://www.youtube.com/watch?v=22lBJIfO9qQ)
|
||||
@@ -4,8 +4,8 @@ FTP is a standard network protocol used to transfer files from one host to anoth
|
||||
|
||||
FTP operates on a client-server model, where one computer acts as the client (the sender or requester) and the other acts as the server (the receiver or provider). The client initiates a connection to the server, usually by providing a username and password for authentication, and then requests a file transfer.
|
||||
|
||||
Learn more from the following resources:
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@article@File Transfer Protocol](https://en.wikipedia.org/wiki/File_Transfer_Protocol)
|
||||
- [@video@What is FTP?](https://www.youtube.com/watch?v=HI0Oh4NJqcI)
|
||||
- [@article@FTP meaning and uses](https://www.investopedia.com/terms/f/ftp-file-transfer-protocol.asp)
|
||||
- [@article@FTP meaning and uses](https://www.investopedia.com/terms/f/ftp-file-transfer-protocol.asp)
|
||||
- [@video@What is FTP?](https://www.youtube.com/watch?v=HI0Oh4NJqcI)
|
||||
@@ -2,9 +2,9 @@
|
||||
|
||||
Fundamental IT skills form the backbone of cybersecurity proficiency and encompass a broad range of technical knowledge. These skills include understanding computer hardware and software, networking concepts, and operating systems (particularly Windows and Linux). Proficiency in at least one programming language, such as Python or JavaScript, is increasingly important for automation and scripting tasks. Database management, including SQL, is crucial for handling and securing data. Knowledge of cloud computing platforms like AWS or Azure is becoming essential as organizations migrate to cloud environments. Familiarity with basic cybersecurity concepts such as encryption, access control, and common attack vectors provides a foundation for more advanced security work. Additionally, troubleshooting skills, the ability to interpret logs, and a basic understanding of web technologies are vital. These fundamental IT skills enable cybersecurity professionals to effectively protect systems, identify vulnerabilities, and respond to incidents in increasingly complex technological landscapes.
|
||||
|
||||
Learn more from the following resources:
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@course@Cisco Networking Academy: Introduction to Cybersecurity](https://www.netacad.com/courses/introduction-to-cybersecurity?courseLang=en-US)
|
||||
- [@course@Cisco Networking Academy: Introduction to Cybersecurity](https://www.netacad.com/courses/introduction-to-cybersecurity?courseLang=en-US)
|
||||
- [@article@8 In-Demand IT Skills to Boost Your Resume in 2025](https://www.coursera.org/articles/key-it-skills-for-your-career)
|
||||
- [@article@Top IT Skills in Demand](https://www.comptia.org/en/blog/top-it-skills-in-demand)
|
||||
- [@article@IT Skills: Definition and Examples](https://www.indeed.com/career-advice/finding-a-job/it-skills)
|
||||
- [@article@IT Skills: Definition and Examples](https://www.indeed.com/career-advice/finding-a-job/it-skills)
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
Google Cloud Platform (GCP) is a collection of cloud computing services offered by Google, which provides infrastructure and platform services to businesses or individuals. It enables users to either build their own applications or services on the provided resources, or utilize ready-to-use services provided by Google. GCP covers a wide range of services, including (but not limited to) compute, storage, databases, networking, and many more.
|
||||
|
||||
Learn more from the following resources:
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@official@Google Cloud Platform](https://cloud.google.com)
|
||||
- [@official@Cloud Computing, Hosting Services, and APIs](https://cloud.google.com/gcp)
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
GIAC is a globally recognized organization that provides certifications for information security professionals. Established in 1999, its primary aim is to validate the knowledge and skills of professionals in various cybersecurity domains. GIAC certifications focus on practical and hands-on abilities to ensure that certified individuals possess the necessary expertise to tackle real-world cybersecurity challenges.
|
||||
|
||||
Learn more from the following resources:
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@official@GIAC](https://www.giac.org/)
|
||||
- [@official@Get Certified - GIAC](https://www.giac.org/get-certified/?msc=main-nav)
|
||||
- [@official@Get Certified - GIAC](https://www.giac.org/get-certified/?msc=main-nav)
|
||||
@@ -2,8 +2,8 @@
|
||||
|
||||
Go, also known as Golang, is an open-source programming language created by Google. Launched in 2009, it was designed to overcome issues present in other languages and offer a more secure, robust, and efficient development experience.
|
||||
|
||||
Learn more from the following resources:
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@roadmap@Visit Dedicated Go Roadmap](https://roadmap.sh/golang)
|
||||
- [@video@Go in 100 seconds](https://www.youtube.com/watch?v=446E-r0rXHI)
|
||||
- [@video@Go Tutorial for beginners](https://www.youtube.com/watch?v=yyUHQIec83I)
|
||||
- [@video@Go Tutorial for beginners](https://www.youtube.com/watch?v=yyUHQIec83I)
|
||||
@@ -2,6 +2,6 @@
|
||||
|
||||
Google Drive is a cloud-based storage solution provided by Google, which offers users the ability to store, share, and collaborate on files and documents across different platforms and devices. It is integrated with Google's productivity suite, including Google Docs, Sheets, Slides, and Forms, allowing seamless collaboration with team members in real-time.
|
||||
|
||||
Learn more from the following resources:
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@official@Google Drive](https://drive.google.com)
|
||||
@@ -2,6 +2,6 @@
|
||||
|
||||
Google Workspace, formerly known as G Suite, is a collection of cloud-based productivity and collaboration tools developed by Google. It includes popular applications such as Gmail for email, Google Drive for file storage and sharing, Google Docs for document creation and editing, Google Sheets for spreadsheets, and Google Meet for video conferencing. From a cybersecurity perspective, Google Workspace presents both advantages and challenges. It offers robust built-in security features like two-factor authentication, encryption of data in transit and at rest, and advanced threat protection. However, its cloud-based nature means organizations must carefully manage access controls, data sharing policies, and compliance with various regulations. Security professionals must be vigilant about potential phishing attacks targeting Google accounts, data leakage through improper sharing settings, and the risks associated with third-party app integrations. Understanding how to properly configure and monitor Google Workspace is crucial for maintaining the security of an organization's collaborative environment and protecting sensitive information stored within these widely-used tools.
|
||||
|
||||
Learn more from the following resources:
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@official@Google Workspace](https://workspace.google.com/intl/en_uk/)
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
The GIAC Penetration Tester (GPEN) certification is an advanced-level credential designed for professionals who want to demonstrate their expertise in the field of penetration testing and ethical hacking. Created by the Global Information Assurance Certification (GIAC) organization, GPEN validates an individual's ability to conduct legal, systematic, and effective penetration tests to assess the security of computer networks, systems, and applications.
|
||||
|
||||
Learn more from the following resources:
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@official@GPEN Certification](https://www.giac.org/certifications/penetration-tester-gpen/)
|
||||
- [@article@What is the GPEN Certification?](https://hackernoon.com/what-is-the-giac-penetration-tester-gpen-certification)
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
Grep is a powerful command-line tool used for searching and filtering text, primarily in Unix-based systems. Short for "global regular expression print", grep is widely used for its ability to search through files and directories, and find lines that match a given pattern. It is particularly useful for incident response and discovery tasks, as it helps you identify specific occurrences of potentially malicious activities within large amounts of log data.
|
||||
|
||||
Learn more from the following resources:
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@article@grep command in Linux](https://www.digitalocean.com/community/tutorials/grep-command-in-linux-unix)
|
||||
- [@video@The grep command](https://www.youtube.com/watch?v=Tc_jntovCM0)
|
||||
@@ -6,7 +6,7 @@ Group Policy works by maintaining a hierarchy of _Group Policy Objects_ (GPOs),
|
||||
|
||||
When a user logs in or a computer starts up, the relevant GPOs from the AD structure get evaluated to determine the final policy settings. GPOs are processed in a specific order — local, site, domain, and OUs, with the latter having the highest priority. This order ensures that you can have a baseline set of policies at the domain level, with more specific policies applied at the OU level, as needed.
|
||||
|
||||
Learn more from the following resources:
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@official@Group Policy overview](https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/hh831791(v=ws.11))
|
||||
- [@video@Learn Windows Group Policy the easy way!](https://www.youtube.com/watch?v=rEhTzP-ScBo)
|
||||
- [@video@Learn Windows Group Policy the easy way!](https://www.youtube.com/watch?v=rEhTzP-ScBo)
|
||||
@@ -2,6 +2,6 @@
|
||||
|
||||
The GIAC Security Essentials Certification (GSEC) is an advanced cybersecurity certification that demonstrates an individual's knowledge and skills in addressing security threats and vulnerabilities in various systems. Developed by the Global Information Assurance Certification (GIAC), this certification is suitable for security professionals, IT managers, and network administrators who want to enhance their expertise in the core cybersecurity concepts and practices.
|
||||
|
||||
Learn more from the following resources:
|
||||
Visit the following resources to learn more:
|
||||
|
||||
- [@official@GSEC Certification](https://www.giac.org/certifications/security-essentials-gsec/)
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user