- Networks-Vulnerbaility
- Hasncet(password creaking tools)
- Brutforce
- RAT (Remote Access Trojans)
- Resources
- Security
- Pysical Control, Administration Control, Logical Control
- Port-Scaninning
- Protocals (set of rules)
- TCP ports-65535
- UDP ports-65535
- github(HTTP-443)(lock file)
- unsafe(HTTPS-80)(without lock file) -> TCP Handshake
-
|-> TLS Handshake
- Block Chain Security
- Exploit
- SQL ingection
- Section Hijacking
- Phissing
- DNS Poisioning
- IP addresses
- Cloud
- Cripto Graphy
- ARP poisioning (Addresses Resoning Protocal)
- Spoofing
- Hasing
- Metasploit
- Back door
- Cross fight
- Haking ->Ganning unauthorised acesses
- Ethical Haking ->Ganning unauthorised acesses with writen Concen
- Web Application penetration testing
- Web Site
- Web Page
- Web Server (which Computer)
- Web Application (user intract)
Opperchinity
- affence -red
- deffence (SOC-Security Operation Control)-blue
- purble -both affence & deffence
types of hakers:
- white hat - Architecture (blue print of the website) - Attacker
- black hat - Unauthorised Haker
- gray hat - both white & black hat
- Script kiddies - use others code
- hacktivism - help for the socity
- state sponce haker - government sponcer hacker
CIA Stands for:
-> Confidentiality
-> integrity - orginality
SSL - Secure Socket Layer Encription - convertion of clear text to cyber text -> Availability like ATM
- Athentication ( verify the identity) -> verify is to something you Know about that -> Something is to know you have -> something you are -> more than one is two factor -> wotking all the three is multie factor -> UAC - User acess control
- Authorication (permition) or Access control
- Breach - the loss of control,compromise,unauthorized disclosure
- Event - Any observable Occurrence (any error occur)
- Bug - To deviate from others
- Exploit - a perticular attack
- Insident - affect the CIA
- intrusion - Compination of events
- Vulnerability - Weakness
- Threat - potential to damage
- risk - Vulnerability + Threat
- TOE - Target of Evoluation
- mySQL - 3303 port
- ip addresses 192.168.1.1/24 - 11000000.10101000.00000001.00000001 0.0.0.0 - 255.255.255.255
- request time out na connection wrong
- Destination host unreachable na routing wrong
- cmd for basic command
- power shell for windows command
- the command is correct nothing is print
- nat used for to convert the public network to private network
- vpn - Encryption / Decryption
- RSA AES
- ------------vpn------------
- Client <------------> Server
- -----------vpn-------------
- Encryption - clear text -> Cipher text
- Decryption - Cipher text -> clear text
- Symmetric Encrp - Single Key
- Asymmetric Encrp - Public/Private Key
- what is 3 way hand shake:
SYN SYN_ACK ACK
- TLS hand shake: transerver security
- Get-FileHash used for finding hash (hash means the official vallue)
- all permatutation and compination is called Brut force
- Types of Environment:
- QA Environment -test build
- Staging Environment - Actual copy of production
- Production Environment - Live websites/web app
- Request --------> Server Response >HTTP Method Response Code >GET 1xx - Information >POST 2xx - ok >PUT 3xx - Redirection >OPTIONS 4xx - Client-side error >DELETE 5xx - Server-side error
- Client -------------------> Proxy ----------------> Server
- proxy means having middle person form the both side
- more than one proxy also having
- SNIPER ATTACK -- INTRUDER
- HIODEN WEBSITE SEEING
- SSO (Single Sign-On)
- CISCO -- Secure web appliances
- Cloud Services models
SaaS ==> Software as a Services PaaS ==> Plate form as a Services IaaS ==> Infrastructue as a Services
- testing,receving && retreving the data
----------------------------------------------------- 16/04/2024 ----------------------------------------------------
-> Reactive -- After the attack -> Proacrive -- Before the attack
- Types of Cloud security Models:
- public -- to access by all
- private -- to be a specific acesses
- hybrid -- evry organization have a website
- community -- one peritcular organization
Cloud services products:
AWS Microsoft Azure Google cloud
Cloud Security Challenges:
Data Breaches Data loss Compliance Concerns Insider Threats
Regulatory Complianse in cloud Security
GDPR -- General Data Production Regulation GRC -- Goverance Risk and Comblians HIPAA -- Health Insurance Portability and Accountability Act PCIDSS -- Payment Cerd Industry Data Security Standard ISQ 27001 -- ISMS ISMS -- Information Security Management Systems CMM -- Capability Maturity Model
Future Trenas in CLoud Security:
Zero trust Security Models:
- MAC -- Moduratory Acesses Control
- DAC -- Discreanary Acesses Control
- RBAC -- Role Base Acesses Control
AD -- Active Directory DC -- Domain Control
CISCO WAF Features :
Data Loss Prevention Native FTP Protection
WAF -- Web Application Firewall
How to you ditect the SQL injuction:
- single Quote
- Double Quote Prevent :
- paramentarized Quries
Man-In-The-Middle Attack:
Social Engineering Attack Vectors :
-
Technical :
- Vishing
- Phishing and Trojan Email
- Spear Phishing
- Spam Email
- Interesting Software
- Popup Window
- Baiting
- whaling
-
Hardware :
- old unused