Internet is integral part of Business

and personal life – What happens

online in 60 Sec
Things that Happen on Internet
every 60 Seconds
• Around 700,000 Hours of Videos watched and more than 400
Hours of Videos Uploaded on Youtube
• Google processes approximately 5.7 million searches every
minute
• More than 3.8 Million Searches on Google
• More than 243,000 photos uploaded and 70,000 hours of
video content watched on Facebook
• More than 350,000 Tweets Sent on Twitter
• More than 65,000 photos have been uploaded on Instagram
• More than 210,000 snaps have been uploaded on Snapchat
• Cybersecurity remains a critical concern, with around 95 cyber
attacks occurring every minute
• Cloud services like Google Drive, Dropbox, and OneDrive
handle over 1.2 petabytes of data transfer every minute
• Approximately 1,400 data records are compromised every minute
• More than 5,500 check-ins on Foursquare
• 120 New accounts created on LinkedIn
• More than 87,000 hours of video have been watched on
Netflix
• More than 156 Million emails were sent.
• WhatsApp and Facebook Messenger handle around 69
million messages every minute
• More than 29 Million Messages were processed, 1 Million
photos were taken, and 175,000 Video messages were
shared on WhatsApp
• More than 25,000 posts on Tumblr
• 16,550 Video Views on Vimeo
• Payment gateways like PayPal and Stripe process around 1.4 million
transactions every minute
• More than 500,000 Apps have been downloaded.
• More than 80 New Domains have been registered.
• More than 1,000,000 Swipes and 18,000 Matches on Tinder
• Around 200 Event Tickets were sold on EventBrite
• More than 50 New reviews have been posted on Yelp
• More than 1000 images have been uploaded on Imgur
• More than 2,000,000 minutes of calls done by Skype users
• More than 800,000 files have been uploaded on Dropbox
Cybersecurity Threats
• Cyber Attacks
• Cybersecurity remains a critical concern, with around 95 cyber attacks
occurring every minute. These attacks range from phishing attempts
to ransomware and data breaches, underscoring the need for robust
security measures.

• Data Breaches
• Approximately 1,400 data records are compromised every minute.
This highlights the ongoing challenges in protecting sensitive
information in an increasingly digital world.
Data exposure at Pegasus Airlines
due to employee negligence
https://cybersecurityventures.com/intrusion-daily-cyber-threat-alert/
https://www.ekransystem.com/en/blog/real-life-examples-insider-threat-caused-breaches
https://www.bluefin.com/bluefin-news/biggest-data-breaches-year-2024/
Mega Breach
• https://informationisbeautiful.net/visualizations/worlds-biggest-data-
breaches-hacks/
Google Play Hack
Data Breach Statistics
let’s examine few areas to help us gain
perspective on this industry and
profession, namely;
• 1. Legitimate professions open to hackers;
• 2. The history of hacking, to give you some appreciation and perspective of our
discipline;
• 3. The legal consequences of hacking, to help keep you out of the harm’s way.
• Professions for Hackers
• Earlier for fun, lulz or profit
• By 2019, it has become a legitimate profession widely sought-after by many
organizations and governments
• Here are just a few of the legitimate employment opportunities for master hackers
as you plan your future.
Careers in
Cybersecurity
While ethical hacking can be a rewarding career path, it's
essential to understand the ethical implications and legal
frameworks that govern cybersecurity. You must always
act responsibly and within the bounds of the law.
National Security
1 Protect Critical Infrastructure
National security professionals work to safeguard critical infrastructure
like power grids, communication networks, and government systems from
cyberattacks.

2 Cyberwarfare and Espionage

These individuals defend against cyberattacks and espionage from
foreign adversaries, while also using their skills to gather intelligence.

3 Digital Forensics and Incident Response

They investigate cyber incidents, analyze data, and help prevent future attacks.

4 Threat Intelligence and Analysis

They monitor emerging cyber threats, analyze adversary tactics, and
provide actionable insights to decision-makers.
Military Cybersecurity
Defend Military Networks Cyberwarfare Operations Information Warfare

Military cybersecurity They conduct offensive cyber They leverage cyber

professionals secure military operations to disrupt capabilities to influence the
networks, sensitive data, and adversary networks and information environment and
critical systems from gather intelligence. achieve strategic goals.
cyberattacks.
Penetration Testing
Plan and Execute Tests
Pentesting involves simulating real-world
cyberattacks to identify vulnerabilities and
weaknesses in an organization's security posture.

Vulnerability Assessment
They use specialized tools and techniques to discover
and analyze security weaknesses.

Report Findings and Remediation

Penetration testers document their findings, provide
recommendations for remediation, and assist with the
implementation of security measures.
Bug Bounty Hunting
1 Identify Vulnerabilities
Bug bounty hunters find and report security
vulnerabilities in software applications, websites,
and other systems.

2 Report Vulnerabilities
They document their findings and submit detailed
reports to the program administrators.

3 Receive Rewards
Organizations often offer financial rewards to bug
bounty hunters for disclosing valid vulnerabilities.
Zero-Day Exploitation
Vulnerability Discovery
Zero-day exploit developers discover and exploit
vulnerabilities in software before the vendor is aware of them.

Exploit Development
They create specialized tools and techniques to leverage
these vulnerabilities for malicious purposes.

Ethical Use
Ethical zero-day exploit developers often work with security
researchers and vendors to help patch vulnerabilities before
they are exploited.
Information Security Engineers
Security Architecture Design and implement secure
network infrastructure and
security solutions.

Vulnerability Management Identify, assess, and mitigate

security vulnerabilities.

Incident Response Respond to security incidents,

investigate breaches, and
implement recovery plans.

Security Policy and Compliance Develop and implement

security policies, procedures,
and standards.
Ethical Considerations

Privacy and Data Protection

Ethical hackers respect the privacy of individuals and organizations and only access data
with proper authorization.

Legal Compliance
Ethical hackers must adhere to all applicable laws and regulations, ensuring their
actions are legal and responsible.

Transparency and Communication

Ethical hackers maintain transparency with their clients and stakeholders, providing
clear communication and documentation.
• National Security
• National Espionage
• Military
• Penetration Testing or Pentesting
• Bug Bounty Hunting
• Zero-Day Developer
• Information Security (Infosec) Engineers
Hacker types
• Hacker
• An individual who uses their computer and technical skills to gain
access to systems and networks.
• A common theory is that a hacker meant initially anyone who
possessed skills and knowledge and determination to solve problems
in a creative way.
• There are arguments against it never was a benign term and the malicious
connotations of the word were a later perversion is untrue.
The Hats
• White Hat - ethical hackers
• Black Hat - hackers that seek to perform malicious activities
• Gray Hat - hackers that perform good or bad activities but do not have
the permission of the organization they are hacking against
• Hacktivist - someone who hacks for a cause
• Suicide Hackers - do not case about any impunity to themselves; hack to
get the job done
• Cyberterrorist - motivated by religious or political beliefs to create fear
or disruption
• State-Sponsored Hacker - hacker that is hired by a government
• Script Kiddie - uneducated in security methods, but uses tools that are
freely available to perform malicious activities
Black hat hackers

• Uses knowledge and skills to discover and exploit

security vulnerabilities for financial gain or other
malicious reasons
• Bad guys
• No regard of law & regulations etc.
• Activities include stealing personal and financial
information or shutting down websites and networks
• E.g. bank robbing
White hat hackers
• Also known as ethical hackers
• 📝 Uses knowledge and skills to improve a system's security
by discovering vulnerabilities before black hats do.
• Will not break laws and regulations
• Scope is determined by the client
• E.g.
• Publish vulnerabilities
• Do penetration tests
• ❗Participate in bounty programs to claim rewards.
• Benefiting financially from hack is not illegal
Ethical hacking
• Also known as white hat hacking
• Performed by security specialists to help companies identify
vulnerabilities in their networks and systems.
• Helps them analyzing and strengthening their system and network
security
• Allows for creating preventive measures that should prevent any future
security breaches as well as protect data and information stored in the
system.
• Difference from black-hat hacking:
• Hacking with permission of system owner
• They remain compliant to the law
• Purpose is to prevent hackers from breaking into systems and networks.
• Flow
• Find vulnerabilities
• Assess problems & threats about them
• Offer solutions e.g. you can do to fix this
• Inform within the company
• Ethical hackers should ask themselves when evaluating a
system: (also companies asks often "why would we fix it?" in
three questions)
• What is it that an attacker can see on this network/system?
• What could the attacker do with that knowledge?
• Are there any traces of attempted attacks on the system/network?
Ethical hacking scope

• No test should be performed without appropriate permissions and

authorization.
• Test results should be kept confidential
• Only those tests that the client requested should be performed
Grey hat hackers

• Also known as grayhat, gray hat, gray-hat, grey

hat, greyhat or grey-hat hackers.
• 📝 Might break laws, regulations and ethical standards
but do not have explicitly malicious indent.
• Middleground; Not as bad as black, not as ethical as
white hackers.
Suicide hackers

• 📝 Perform attacks for a cause despite the risk of being

caught and prosecuted.
• E.g. they'll know for sure that they'll get caught but they
still attempt the hack for a "cause".
Script kiddies

• 📝 Inexperienced hackers who don't have enough

knowledge or skills to perform hacks on their own
• Instead, they use tools and scripts developed by more
experienced hackers.
• Dangerous because running the closed-sourced tools on
one's own system is a big risk.
Cyber terrorists

• Money is not the priority, but to destroy stuff.

• Influenced by religious or political beliefs.
• 📝 Goal is to promote fear, unrest and disruption.
State sponsored hackers

• 📝 Recruited by governments
• Gain access to classified information of other governments
• Information source can be governments, individuals or corporations.
• Hacktivists
• 📝 Break into government and corporate systems out of protest.
• Promotes political or social agenda.
• E.g. steal and leak data on public domain
Essential Knowledge
• The OSI Reference Model
Layer Description Technologies Data Unit

1 Physical USB, Bluetooth Bit

2 Data Link ARP, PPP Frame

3 Network IP Packet

4 Transport TCP Segment

5 Session X255, SCP Data

6 Presentation AFP, MIME Data

7 Application FTP, HTTP, SMTP Data

TCP/IP Model

Layer Description OSI Layer Equivalent

1 Network Access 1, 2
2 Internet 3
3 Transport 4
4 Application 5-7
TCP Handshake

• SYN -> SYN-ACK -> ACK

ARP

Resolves IP address to physical address

Terms to Know
• Hack value - perceived value or worth of a target as seen by the attacker
• Vulnerability: Existence of a weakness, design, or implementation error that can lead to
an unexpected event compromising the security of the system.
• Exploit: A breach of IT system security through vulnerabilities.
• Payload: Payload is the part of an exploit code that performs the intended malicious
action, such as destroying, creating backdoors, and hijacking computer.
• Zero-day attack - attack that occurs before a vendor knows or is able to patch a flaw
• Doxing - searching for and publishing information about an individual usually with a
malicious intent
• Daisy Chaining: It involves gaining access to one network and/or computer and then
using the same information to gain access to multiple networks and computers that
contain desirable information.
• Enterprise Information Security Architecture (EISA) - process that determines how
systems work within an organization
• Incident management - deals with specific incidents to mitigate the attack
• Bot: A "bot" is a software application that can be controlled remotely to execute or
automate predefined tasks.
Types of Security Controls
Description Examples
Physical Guards, lights, cameras
Encryption, smart cards, access control
Technical
lists
Administrative Training awareness, policies

Description Examples
Preventative authentication, alarm bells
Detective audits, backups
Corrective restore operations
Information Security

• The information security is a state of well-being of

information and infrastructure in which the possibility of
theft, tampering , and disruption of information and
services is kept low or tolerable.
Elements of Information
Security
• CIA triad
• Confidentiality: Assurance that the information is accessible only
to those authorized to have access.
• passwords, encryption
• Confidentiality != authentication - MAC address spoofing is an authentication attack
• Integrity: The trustworthiness of data or resource in terms of
preventing improper and unauthorized changes.
• hashing, digital signatures
• Bit flipping is an example of an integrity attack. The outcome is not to gain
information - it is to obscure the data from the actual user.
• Availability: Assurance that the systems responsible for
delivering, storing, and processing information are accessible when
required by the authorized users.
• anti-dos solutions
• Other
• Authenticity: Authenticity refers to the characteristic
of a communication, document or any data that ensures
the quality of being genuine.
• Non-Repudiation: Guarantee that the sender of a
message cannot later deny having sent the message
and that the recipient cannot deny having received the
message.
The Security, Functionality, and Usability
triangle

• Security: Restrictions imposed on accessing the components of the

system (restrictions).

• Functionality: The set of features provided by the system (features).

• Usability: The GUI components used to design the system for ease of
use (GUI).
Information Security Attacks
and Attack Vectors
• Attacks = Motive (Goal) + Method + Vulnerability
• A motive originates out of the notion that the target
system stores or process something valuable and this
leads to threat of an attack on the system
• Attackers try various tools and attacks techniques to
exploit vulnerabilities in a computer system or security
policy and controls to achieve their motives
Motives behind attacks:
• Disrupting business continuity
• Information theft and manipulating data
• Creating fear and chaos by disrupting critical infrastructures
• Financial loss to the target
• Propagating religious or political beliefs
• Achieving state's military objectives
• Demanding reputation of the target
• Taking revenge
• Demanding ransom
Top InfoSec Threats

• Cloud Computing Threat

• Advanced Persistent Threats (APT): stealing information
from the victim machine without the user being aware
of it
• Viruses and Worms
• Ransomware
• Mobile Threats
Top InfoSec vectors:

• Botnet
• Insider Attack
• Phishing
• Web Application Threat
• IoT Threats
InfoSec Threats categories:

• Network Threats (spoofing, sniffing, ...)

• Host Threats (malware, dos, ...)
• Application Threats (auth attacks, SQL injection, ...)
Type of Attacks on a System:

• Operating System Attacks (OS vulnerabilities)

• Misconfiguration Attacks
• Application-Level Attacks (exploit the application)
• Shrink-Wrap Code Attacks (exploit the common vulnerable libraries)
Attack Types

• Operating System (OS) - attacks targeting OS flaws or security

issues inside such as guest accounts or default passwords
• Application Level - attacks on programming code and software
logic
• Shrink-Wrap Code - attack takes advantage of built-in code or
scripts
• Misconfiguration - attack takes advantage of systems that are
misconfigured due to improper configuration or default
configuration
• Infowar - the use of offensive and defensive techniques to
create an advantage
Access Control Types

• Mandatory (MAC) - access is set by an administrator

• Discretionary (DAC) - allows users to give access to
resources that they own and control
Security Policies

• Access Control - what resources are protected and who can access
them
• Information Security - what can systems be used for
• Information Protection - defines data sensitivity levels
• Password - all things about passwords (how long, characters required,
etc.)
• E-Mail - proper and allowable use of email systems
• Information Audit - defines the framework used for auditing
Policy Categorizations

• Promiscuous - wide open

• Permissive - blocks only known dangerous things
• Prudent - blocks most and only allows things for business purposes
• Paranoid - locks everything down