giriprasathlatha/cyber-security

1. Networks-Vulnerbaility
2. Hasncet(password creaking tools)
3. Brutforce
4. RAT (Remote Access Trojans)
5. Resources
6. Security
7. Pysical Control, Administration Control, Logical Control
8. Port-Scaninning
9. Protocals (set of rules)
10. TCP ports-65535
11. UDP ports-65535
12. github(HTTP-443)(lock file)
13. unsafe(HTTPS-80)(without lock file) -> TCP Handshake

14.                                           |-> TLS Handshake
    

15. Block Chain Security
16. Exploit
17. SQL ingection
18. Section Hijacking
19. Phissing
20. DNS Poisioning
21. IP addresses
22. Cloud
23. Cripto Graphy
24. ARP poisioning (Addresses Resoning Protocal)
25. Spoofing
26. Hasing
27. Metasploit
28. Back door
29. Cross fight
30. Haking ->Ganning unauthorised acesses
31. Ethical Haking ->Ganning unauthorised acesses with writen Concen
32. Web Application penetration testing
33. Web Site
34. Web Page
35. Web Server (which Computer)
36. Web Application (user intract) Opperchinity
    1. affence -red
    2. deffence (SOC-Security Operation Control)-blue
    3. purble -both affence & deffence types of hakers:
       1. white hat - Architecture (blue print of the website) - Attacker
       2. black hat - Unauthorised Haker
       3. gray hat - both white & black hat
       4. Script kiddies - use others code
       5. hacktivism - help for the socity
       6. state sponce haker - government sponcer hacker CIA Stands for: -> Confidentiality -> integrity - orginality

          SSL - Secure Socket Layer Encription - convertion of clear text to cyber text -> Availability like ATM

37. Athentication ( verify the identity) -> verify is to something you Know about that -> Something is to know you have -> something you are -> more than one is two factor -> wotking all the three is multie factor -> UAC - User acess control
38. Authorication (permition) or Access control
39. Breach - the loss of control,compromise,unauthorized disclosure
40. Event - Any observable Occurrence (any error occur)
41. Bug - To deviate from others
42. Exploit - a perticular attack
43. Insident - affect the CIA
44. intrusion - Compination of events
45. Vulnerability - Weakness
46. Threat - potential to damage
47. risk - Vulnerability + Threat
48. TOE - Target of Evoluation
49. mySQL - 3303 port
50. ip addresses 192.168.1.1/24 - 11000000.10101000.00000001.00000001 0.0.0.0 - 255.255.255.255
51. request time out na connection wrong
52. Destination host unreachable na routing wrong
53. cmd for basic command
54. power shell for windows command
55. the command is correct nothing is print
56. nat used for to convert the public network to private network
57. vpn - Encryption / Decryption
58. RSA AES
59. ------------vpn------------
60. Client <------------> Server
61. -----------vpn-------------
62. Encryption - clear text -> Cipher text
63. Decryption - Cipher text -> clear text
64. Symmetric Encrp - Single Key
65. Asymmetric Encrp - Public/Private Key
66. what is 3 way hand shake:

    SYN SYN_ACK ACK

67. TLS hand shake: transerver security
68. Get-FileHash used for finding hash (hash means the official vallue)
69. all permatutation and compination is called Brut force
70. Types of Environment:
    1. QA Environment -test build
    2. Staging Environment - Actual copy of production
    3. Production Environment - Live websites/web app
71. Request --------> Server Response >HTTP Method Response Code >GET 1xx - Information >POST 2xx - ok >PUT 3xx - Redirection >OPTIONS 4xx - Client-side error >DELETE 5xx - Server-side error
72. Client -------------------> Proxy ----------------> Server
73. proxy means having middle person form the both side
74. more than one proxy also having
75. SNIPER ATTACK -- INTRUDER
76. HIODEN WEBSITE SEEING
77. SSO (Single Sign-On)
78. CISCO -- Secure web appliances
79. Cloud Services models

    SaaS ==> Software as a Services PaaS ==> Plate form as a Services IaaS ==> Infrastructue as a Services

80. testing,receving && retreving the data

----------------------------------------------------- 16/04/2024 ----------------------------------------------------

-> Reactive -- After the attack -> Proacrive -- Before the attack

81. Types of Cloud security Models:
82. public -- to access by all
83. private -- to be a specific acesses
84. hybrid -- evry organization have a website
85. community -- one peritcular organization

Cloud services products:

AWS Microsoft Azure Google cloud

Cloud Security Challenges:

Data Breaches Data loss Compliance Concerns Insider Threats

Regulatory Complianse in cloud Security

GDPR -- General Data Production Regulation GRC -- Goverance Risk and Comblians HIPAA -- Health Insurance Portability and Accountability Act PCIDSS -- Payment Cerd Industry Data Security Standard ISQ 27001 -- ISMS ISMS -- Information Security Management Systems CMM -- Capability Maturity Model

Future Trenas in CLoud Security:

Zero trust Security Models:

1. MAC -- Moduratory Acesses Control
2. DAC -- Discreanary Acesses Control
3. RBAC -- Role Base Acesses Control

AD -- Active Directory DC -- Domain Control

CISCO WAF Features :

Data Loss Prevention Native FTP Protection

WAF -- Web Application Firewall

How to you ditect the SQL injuction:

1. single Quote
2. Double Quote Prevent :
3. paramentarized Quries

Man-In-The-Middle Attack:

Social Engineering Attack Vectors :

1. Technical :

   1. Vishing
   2. Phishing and Trojan Email
   3. Spear Phishing
   4. Spam Email
   5. Interesting Software
   6. Popup Window
   7. Baiting
   8. whaling

2. Hardware :

   1. old unused