Keyword
1) Attack: Action with malicious intension.
2) Authentication : It is a process of identifying the person or system with username or password.
3) Backdoor: Trapdoor, used to gain unauthorized access to computer or network.(how?=programmer may bypass security steps without permission)
4) Buffer: Temporarily data storage. While data is placed to one to another.
5) Cipher: It is a process to cover the data into code or encrypt algorithm technique.
6) Cryptography: It is the science and art of protecting the privacy of the information by encrypting into a secret code.
7) Decryption: Process of converting cipher text into plain text.
8) Encryption : Process of converting plain text into cipher text.
9) Exploit: To take an advantage of the weakness of the system.
10) Hash Value It is a result of applying cryptographic hash function to data.
11) Malware: Malware stand for Malicious Software. It is used to damage computer system and network and steal the data from that infected system.
12) Threat: It is a possible danger that might exploit a vulnerability to violate security protocols
Terms
1) Computer Security : To protect the computer system and the data which is stored in the system.2) Cyber Security : It is a process of protecting data, system and networks against cyber attack.
3) Information Security : It is a process to protect information and information system from threats through security control to reach C.I.A.
4) Cyber Forensics : Extracting data as a proof for crime. Recovery process of deleted files.
5) Vulnerability : The potential to harm or loss.
6) Exposure : Risk property exit.
7) Resistance : Action taken to prevent.
8) Resilience : Ability to recover root state.(Original State)
9) Confidentiality : Limits access to information or restrictions on information access.
10) Integrity : Assurance that the information is accurate.
11) Availability : Definite and reliable access by authorized people.
12) Cryptanalysis : Studying cryptographic system to find weakness of the cryptographic algorithm and decipher the cipher text without knowing secret key.
13) Authentication : It is used to identify users.
14) Authorization : It is a process to enforcing policies to determine what type of services can be use by user.
15) Accounting : It manages user consumed resources during access. It includes amount of data user used and send login session time.
16) Bug : It is also called as an error.
17) Loophole : programming gap through which exploit can be access.
18) Key : It is used to decode encoding things. Also called as authorized identity.
19) Public Key : It is used to encrypt the data.
20) Protocol : Set of rules or guidelines for communicating in the internet.
21) Protocol Suit : Also called as TCP/IP suit. Network Protocol suit for communicating over TCP.
22) Hash Function: Used to convert plain text into cipher text.
Security Attack
1) Man in the Middle(MIM) : Done By Hijacking, IP Spoofing; Encryption, Authentication of digital certificates.
2) Phishing and Spear-Phishing : It can be done through fraudulent email & message. With clicking links
3) Drive by Attack: Attackers finds insecure website to do hack. Once they found they injects malicious code into HTTP or PHP
4) Botnet Attack: Botnets are system net attackers injected malwares. It can lead to DDoS.
5) Social Engineering Attack: For finding personal details or victim.
6) SQL Injection Attack: It happens where cyber attackers injects malicious code into the SQL server.
7) Malware Attack: Attackers uses different types of malicious software to compromise security.
8) XSS Attack: XSS Stand for Cross Site Scripting. It is done using third party website to inject Malicious java scripts code into target web browser.
9) Password Attack: Authentication mechanism to gain access to user's account. Type (1) Brute force attack (2) Dictionary based attack.
10) DoS Attack: DoS stand for Denial-of-service attack. Happens where resources are unavailable to server.
11) DDoS Attacks: DDoS stand for Distributed Denial of service attack. Many compromise networks try to attack on target system.
12) Key logger Attack : It is used to access your keyword area to find out your login id and passwords.
13) Eavesdropping Attack: It happens where an attacker uses user's network traffic.
Operating System Attacks
1) Attacks: Passive Attack (not modified data) & Active Attack (modified data); Sniffing (not modified data) & Spoofing Active Attacks (modified data).
2) Attacking on web server through remote then executing system commands through browser.
3) Types of OS Attacks: Gaining Access Attacks, Misconfiguration Attack, Application-Level Attack
4) Gaining Access Attacks: Brute Force Attack, Dictionary Attack, Rainbow Table Attack
5) Misconfiguration Attack: Code Injection, Brute Force, Buffer Overflow, XSS Attack
6) Application-Level Attack: SQL Injection, Phishing Attack, Cross Site-Scripting, Session Hijacking, Denial of Service Attack
7) Countermeasures: Do not install third party software, always use firewall, Keep update your system periodically, Backup your data
Type of Hackers
1) White Hat Hackers: Ethical Hacker, Not Danger
2) Black Hat Hackers: Unethical Hacker, Danger
3) Grey Hat Hackers: Help of Hacker
4) Red Hat Hackers: Only Attack to Hackers, Not Danger
5) Blue Hat Hackers: System Check Hackers, Not Danger
6) Script Kiddie
7) Hacktivist: A hacktivist is someone who hacks into government networks and systems to draw attention to a political or social-hence why the name "hacktivist" is a play on the word "activist". They use hacking as a form of protest, retrieving sensitive government information, which is used for political or social purposes.
8) Crackers: Create Duplicate app and game
9) Social Engineers: Collection of Information
10) Phreakers: Mobile Signal Hackers
11) Nation State Hackers: Protect of Country
12) Noobs/Green Hat: Beginner Hackers
Linux
Operating System, Open-Source OS, Free of Cost, Command Line Interface
Various Flavors of Linux (Type)
Ubuntu OS, Linux Mint OS, Kali Linux OS, Debian OS, Fedora OS, Cent OS/Red Hat Linux, Arc Linux OS
Kernel
It works as an interface between Hardware and Operating System.
File Security Technique
1) Hide, Password Protected, Encrypt
2) Why you need to secure file?
To protect data unauthorized access
3) CIA stand for Confidentiality Integrity Availability
4) 5 Phases of Hacking
Information Gathering, Scanning Access, Maintaining Access, Clearing Access
5) Tools: Bit locker, Vera Crypt, Ax Crypt
VeraCrypt OS Download
VeraCrypt OS install your system
How to use more than one OS in single machine?
Virtual OS, VM Ware Design
Oracle VirtualBox (formerly Sun VirtualBox, Sun xVM VirtualBox and InnoTek VirtualBox) is a hosted hypervisor for x86 virtualization developed by Oracle Corporation. VirtualBox was originally created by InnoTek Systemberatung GmbH, which was acquired by Sun Microsystems in 2008, which was in turn acquired by Oracle in 2010.
Virtual Box Download
Kali Linux Download for Virtual Box
What is Metasploit?
) Ruby based penetration texting platform to perform an Exploit code.
) It is used for making payloads.
) It is used for discovering vulnerabilities.
) It is a framework.
Metasploit Download for Windows
Linux Few Commands
1) cd Direct to Home page
2) cd .. Step by Step back Home page
3) clear Delete all commands in terminal
4) echo Output of what we provide
5) whoami Finding current user login
6) pwd Present working directory
File System Commands
| Commands | Name & Purpose |
|---|---|
| ls | Listing |
| cd | Change Directory |
| pwd | Present Working Directory |
| cat | Concatenate |
Folder Commands
| Command | Full Name | Purpose |
|---|---|---|
| touch | Touch | Create file |
| mkdir | Make Directory | Create a folder |
| cp | Copy | Copy a file and folder |
| mv | Move | Move a file or folder |
| rm | Remove | Remove a file or folder |
| file | File | Determine the type of file |
Shell Commands
| Command | Description |
|---|---|
| & | Run commands in the background of your internal |
| && | Combines multiple commands in one line |
| > | Redirector operator. Takes output from a commands |
| >> | Function is same as ">" operator. Appends the output rather than replacing(nothing is overwritten) |
Flag and Switches
Linux Directory
Directory |
Description |
|---|---|
$ |
Home and Basic Directory |
# |
Root Directory |
First Few Commands
Directory |
Description |
|---|---|
/etc |
Common place location to store system files that are used by your operating system. |
/var |
"variable data".Stores data that is accessed or written by application which is running on system. |
/root |
It is home folder for "root" user. |
/temp |
"temporary".Stores data that is only used for once or twice.Once system restarted, data from this folder are cleared |
