Show Menu
Cheatography

Cyber Security basic Cheat Sheet (DRAFT) by

This is a draft cheat sheet. It is a work in progress and is not finished yet.

Udemy Nathan cyber security basic

Basic theory - asset and vulner­ability

Protect valued
confid­ential, not afford to lose, irrepa­ceable, cost most damages, impact reputation
privac­y(c­onf­ide­ntial), anonymity (identity hiding­),P­reu­don­ymity (false identity, such as bitcoin)
security and vulner­abi­lities (ssh, https, 2FA, vpn etc)
threats (virus malware, hacking, spyware, rootkits, adware, phishi­ng,­vis­hin­g,e­xploit kits)
advers­aries ( hacker, cyber criminals, spies, creackers, law enforc­ement goverments
assets and protec­tion, granul­arity, risk assess­ments
risk =vulne­rab­ility X threads X conseq­uences, trade off risk and beneficial
select - implement - assess -monitor
security vs privacy vs anonymity: conflict
cinfid­ent­ial­ity­(keep your self), integrity ( accuracy unmodi­fied) availa­bility ( functi­onal): CIA Tiad
Defense in depth: preven­tion- detection - recovery
Zero trust model, the less trust, including yourself, the safer. trust nothing trust nobody. never put online. nothing is safe online

basic theory - current threat and vulner­ability

Value of hack: not a person, but a Bot -automate AI software to continuous attacking you.hi­jacking

Top 3 things need to stay safe online?

security bugs:a­lways exist, as human writing code.OS, firmware, app, web browser ( js, java), known bug + patches, unknown bugs + zero days , no patch
https:­//w­ww.c­ve­det­ail­s.com/
https:­//e­xpl­oit.db.com: public available, patch available, can be used to exploit unpatched system

hacker­-white (ethnic legal hacking) and black hacker (cyber criminals)
cracker- crack the key of a software
cyber criminal (black hacker,

malwar­e:macro virus,­stealth virus, polymo­rphic virus,­sel­f-g­arb­ling, bots and zombies, worms OS rootki­t(bed in kernel), firmware Rootki­t,key logger, trojan, Romote access tool (RAT)
Ransom­ware: designed to deny access to a computer system or data until a ransom is paid, usu by phishing.

spywar­e(spy), adware­(formal spyware, highjack web search­ing), browser hijacking, scareware( fake info to scare you to pay), pup ( potent­ially unwanted programs)

phishi­ng(­trick you to click, easy and high successful rate, 30% people still be fooled, email is common way to phishing): google.xx­xxx.com, check HLD high level domain, goog1e, g00gle, hidden URLs
<a href = ....>fake link </a>
vishing: phone/­voice
smsmhing: sms

spamming: unsoli­cited message, email, message etc. minimal cost, high earning.
doxing­:re­n-rou, googli­ng/­any­thing to get info for some body

social engine­ering: - scams, cons, tricks, fraud

cpu hijackers: crypto mining malware and crypto­jackers

darknet (only accessible with special tools) vs clearn­et(­google, amazon)
dark market: access through darknet
exploit kits

govern­ment, spies, and secrete stuff: 5 eyes

regulating encryp­tion, mandating insecurity and legalizing spying

trust and backdoors: formal methods, closed, open source, binaries, hash,d­igital signature

censorship
 

encryption

plan text ->c­ipher text ->plan text: encryption (ciper) decryp­tio­n(d­eci­pher)

algorithm: public­/lock
key: secret­e/p­assword
winzip: encryption method 256, 128, legacy(zip 2.0) key length and key space
AES(Ad­vance encryption Standard): symetric algorithm (uses 1 Key private) password becomes the key
DES(data encryption standard,3 DES (tripl­e-DES), blowfish, RC4-6
brutle force,­dic­tionary force, hybride the two

Asymetric encryp­tion: 2 keys(p­ublic and private),
RSA(Rivest shamir adleman), ECC(El­liptic curve crypto­sys­tem­):d­igtal signature; D (diffie hellman), EL Gamal
Key exchange and agreem­ent­:en­crypt with one, decrypt with another.
Confid­ent­ial­ity­(pr­ivate key): decrypt with receiver's private key
authen­tic­ati­on(­private key): encrypt with sender's private key-si­gnature
NOnrep­udi­ation
integrity:

Asymmetric better key distr, scalab­ili­ty,­aut­hen­tic­ation and non repudi­ati­on(not deniable), slow,m­ath­ema­tically intensive
Symetric: fast, strong
RSA:AES( 1024-80, 2048-112, 3072-128, 15360-256)

hybrid crypto­system: RSA(key distri­but­ion­/en­cap­sul­ation) and AES( data encryption encaps­ula­tion)

Https:­han­dsh­aki­ng(­client hello/­server hello)­-->­exc­hange certif­icate ( authen­ica­tio­n,a­uth­orized server issue their private key encrypted certif­icate, name, domain, public key of server usu, client is not required in general) -->­exc­hange key( server public key, client symmetric key)

SSL TLS

Secure Sockets Layer ( SSL) -> Transport layer security TLS(1.0­-1.3)
Confif­ent­ial­(sy­mmetric key AES), authen­tic­ate­d(p­ublic key, digital signature) and integr­ity­(in­tegrity check, hash value ectc)
cipher suites setup on server

Session Encryption Negoti­ation
1 shared larger prime number
2 AES algorithm
3 generated primes as private key
4 private key +shared prime + AES > public key > distribute to another party
5 private key +shared prime + public key of the other > shared symmetric key,ge­nerated indepently but the same
6.the shared key is used to encrypt the connection

Authen­tic­ation:
client password and user nameor SSH Key Pairs.

Https

Https:­han­dsh­aki­ng(­client hello/­server hello)
-->­exc­hange certif­icate ( authen­ica­tio­n,a­uth­orized server issue their private key encrypted certif­icate, name, domain, public key of server usu, client is not required in general)
-->­exc­hange key( client sends symmetric key)

ssh stripping: client­>http > middle man > https>­server
usingkali, or hardware
avoid: https only, tunnel­lin­g(V­PN/­SSH), only trusted website
sniffdet
arpwatch
VLAN:v­irtual LAN

ssllab­s.com

SNI server name Indication

Hash

Integrity: hash function, checksum
MD5, Sha-256

powers­hell: get-fi­lehash -Algorithm Sha512 c:\tes­t.txt.

download checksum compar­ison: verify download
hash password to save d to use as verifi­cation, original password not saved.
HMAC: haseh based msg authen­tic­ation code

digital signature

hash algorithm - hash value --> sender private key - signed msg
authen­tic­ation, nonrep­uda­tion, integrity

signed msg --sender's publick key -hash value

windows device guide

digital certif­ictes and https

digital signature from well know trusted company( third parties)
local library of digital cert library auto loaded (roots)
local digital cert manually loaded­(self signed, trusted parties)

compro­mis­ed/fake digital cert: really risk
CA Ecosystem
CA example mistaks
SSL sniff
CA patrol
cert finger­prints

pinning

E2EE, stegan­ography

E2EE end to end encryp­tio­n:PGP ZRTP OTR SSL/TLS
use E2EE always possible

stegan­ogr­aphy: the practice of concealing a file, message, image, or video within another file, message, image, or video.
openpuff

Setup testing enviro­nments

type2 Hosted: hard ware ->OS ->h­ype­rvi­sor­->OS
type 1 native: hardware >hy­per­vis­or-­>OS

vmware or virtualbox

testing enviro­nment |security options

install virtual OS: physical DVD, virtual DVD (ISO), prebuilt virtual disk/image (.ova form virtual box)

Kali: debian, 600 penetr­ation testing tools.

osboxe­s.org for prebuilt images