For our second meeting, we presented a cybersecurity bootcamp. This primarily served as an introduction for people who were new to cyber, as this meeting covered many of the important disciplines of cyber at a high level.
This post will be a bit of a TL;DR for those who could not make it to the meeting but would still like to know a little bit about the topics we covered.
Cryptography can cover both defensive and offensive security, so we covered it before either of them. Cryptography is the development of ways to secure information, usually utilizing mathematical concepts and algorithms. There are many different types of ciphers and methods of encryption and those specialized in cryptography study how to both create and break them.
Blue teaming is a very important aspect of defensive security. Blue teams typically cover things such as incident response, identifying threats, and securing systems against those threats.
The goal of digital forensics is to recover and protect data. This can include looking at raw disk information to determine what files might have been deleted or changed, or it can also include topics such as steganography, the process of hiding information in an image.
Network analysis is somewhat self-explanatory, as it is the process of analyzing network traffic to detect anomalous and suspicious behavior on a network. It is important to know what parts of a network are the most vulnerable to attackers and which parts need to be most protected.
One of the first lines of defense for protecting against cyber attacks is threat intelligence. Threat intelligence involves looking at all the potential threats to a system and determining why, how, and when they would launch an attack. Then this information needs to be communicated to other people within the organization to enable them to better protect against attacks.
Reversing / Malware Analysis
Reverse engineering is the process of taking software apart and analyzing it. Reversing is commonly used in malware analysis, which as the name would imply is the process of dissecting malicious applications. There are many different types of malware that all function differently such as worms, rootkits, trojans, and botnets, and the job of malware analysts is to figure out how the malware works so it can be stopped if a system is infected. This can be done by either examining the malware’s code or even running the malware on an isolated system to see what results.
Red Team / Pentesting
The objective of the red team is the exact opposite of the blue team. Instead of looking to defend and harden systems, red teamers seek to find exploits and vulnerabilities to leverage. Usually they attempt to reach certain objectives while trying to remain undetected by the blue team. Penetration testers, also known as pentesters, are similar to red teamers, but are usually more focused on finding lots of vulnerabilities and are not as concerned with remaining undetected.
Open source intelligence, or OSINT, is the process of finding information about a target by using publicly available sources. This can involve collecting data from social media, using website lookup tools, and other methods such as Google dorking.
Phishing is a very common attack, but is still one people fall victim to quite often. This type of attack is when an attacker sends messages to targets in order to manipulate them into doing something they otherwise would not. This type of attack can be used to gain personal information, login credentials, or even install malware on a user’s system.
Similar to phishing attacks, social engineering is the skill of manipulating people to divulge information they otherwise would not. Social engineering is more broad than phishing however, as it can include spoofing a phone call pretending to work at a company among other things.
Web Application Hacking
Web application hacking is the process of finding vulnerabilities in websites and exploiting them. There are many ways that a site can be exploited, such as login fields that are not properly sanitized against unexpected input. Then once access to a network is obtained, there are many ways to use that, such as pivoting to other systems in the network or attempting to gain root access to systems.