This page is created strictly for educational purposes.
All concepts, tools, and techniques described here are intended to help learners understand how systems work and how to defend them.
Never apply any technique on systems, networks, or accounts you do not own or have explicit written permission to test.
Unauthorized access to computer systems is illegal in most countries and can result in criminal prosecution.
Practice only in legal environments: your own lab, CTF platforms (HackTheBox, TryHackMe), or with signed authorization.
History
How
Cybersecurity emerged as a discipline in the 1970s–1980s as networked computing grew.
The Morris Worm (1988) — first major internet worm — infected ~6,000 machines and triggered the creation of the first CERT (Computer Emergency Response Team).
The 1990s saw the rise of the web, firewalls, antivirus software, and SSL/TLS encryption.
The 2000s brought large-scale data breaches, botnets, and formalization of ethical hacking certifications (CEH, OSCP).
The 2010s–present: nation-state attacks, ransomware epidemics (WannaCry, NotPetya), cloud security, zero-day markets, and AI-driven threats.
Who
Whitfield Diffie & Martin Hellman — invented public-key cryptography (1976).
Ron Rivest, Adi Shamir, Leonard Adleman — created RSA encryption (1977).
Bruce Schneier — cryptographer, security author (Applied Cryptography).
Kevin Mitnick — famous social engineer turned security consultant.
Organizations: NSA, CISA, NIST, OWASP, SANS Institute, Offensive Security.
Why
Protect sensitive data (personal, financial, national security).
Ensure trust in digital systems (banking, healthcare, government).
Defend critical infrastructure (power grids, hospitals, water systems).
graph LR
CIA["🔐 CIA Triad"]
C["Confidentiality\nOnly authorized access\nEncryption · ACL · Auth"]
I["Integrity\nData is accurate & unaltered\nHashing · Signatures · Checksums"]
A["Availability\nSystems accessible when needed\nRedundancy · DDoS Protection · Backups"]
CIA --> C
CIA --> I
CIA --> A
AAA Framework
Authentication → verify WHO you are (password, MFA, biometrics)
Authorization → verify WHAT you can do (RBAC, ACLs, permissions)
Accounting → track WHAT you did (audit logs, SIEM)
Key Security Terms
Term
Definition
Vulnerability
A weakness in a system that can be exploited
Threat
A potential event that could cause harm
Risk
Likelihood × Impact of a threat exploiting a vulnerability
Exploit
Code or technique that takes advantage of a vulnerability
Zero-Day
Vulnerability unknown to the vendor — no patch exists
CVE
Common Vulnerabilities and Exposures (public database)
CVSS
Vulnerability severity score (0.0 – 10.0)
IOC
Indicator of Compromise — evidence of a breach
TTPs
Tactics, Techniques, and Procedures — attacker behavior
Attack Surface
All possible entry points into a system
Defense Principles
Hacker Classifications
Type
Description
White Hat
Ethical hackers, authorized security testers
Black Hat
Malicious hackers, criminal intent
Grey Hat
Find vulnerabilities without permission, no harm intended
Script Kiddie
Uses pre-made tools without understanding them
Hacktivist
Hacks for political/social causes
Nation-State
Government-sponsored APT groups
Insider Threat
Malicious or negligent employee with internal access
AES (Advanced Encryption Standard)
→ 128/192/256-bit keys, block cipher, current gold standard
→ Modes: ECB (weak ❌) | CBC | CTR | GCM (authenticated ✅)
ChaCha20 → stream cipher, fast on mobile, used in TLS 1.3
DES → 56-bit, BROKEN ❌ — do not use
3DES → deprecated, slow ❌
Asymmetric Encryption
RSA → 2048/4096-bit, based on prime factorization
ECC → Elliptic Curve, smaller keys, same security as RSA
ECDSA → EC Digital Signature Algorithm
ECDH → EC Diffie-Hellman key exchange (used in TLS 1.3)
DH → Diffie-Hellman key agreement (not encryption)
Hashing Algorithms
Algorithm
Output
Status
MD5
128-bit
❌ BROKEN — checksums only
SHA-1
160-bit
❌ BROKEN — deprecated
SHA-256
256-bit
✅ Secure — widely used
SHA-512
512-bit
✅ More secure, slower
SHA-3
Variable
✅ Keccak-based, different design
bcrypt
Variable
✅ Password hashing with salt
Argon2
Variable
✅ Best for passwords (PHC winner)
HMAC-SHA256
256-bit
✅ Integrity + authenticity
TLS Handshake Flow
sequenceDiagram
participant C as 🖥️ Client
participant S as 🌐 Server
C->>S: ClientHello (TLS version + cipher suites)
S->>C: ServerHello (chosen cipher + Certificate)
C->>C: Verify certificate (CA chain, expiry, domain)
C->>S: Key Exchange (ECDH public key)
S->>C: Key Exchange (ECDH public key)
Note over C,S: Both derive same session keys
C->>S: Finished (encrypted)
S->>C: Finished (encrypted)
Note over C,S: 🔒 Encrypted communication begins
Common Cryptographic Attacks
Attack
Description
Defense
Brute Force
Try all possible keys/passwords
Long keys, rate limiting
Dictionary
Try common passwords from wordlist
Strong passwords, MFA
Rainbow Table
Precomputed hash lookup
Salt passwords
Birthday Attack
Find two inputs with same hash
Use SHA-256+
MITM
Intercept + modify communication
TLS, certificate pinning
Padding Oracle
Exploit CBC padding to decrypt
Use AES-GCM
Timing Attack
Measure execution time to infer secrets
Constant-time comparison
Replay Attack
Re-send captured auth messages
Nonces, timestamps
Threat Landscape & Attack Types
Malware Categories
Type
Description
Virus
Attaches to files, spreads when executed
Worm
Self-replicates across networks without user action
Trojan
Disguised as legitimate software, opens backdoor
Ransomware
Encrypts files, demands payment for decryption key
Spyware
Secretly monitors user activity, steals data
Rootkit
Hides deep in OS (kernel level), hard to detect
Bootkit
Infects MBR/bootloader, loads before OS
Keylogger
Records keystrokes to steal passwords
RAT
Remote Access Trojan — full remote control
Fileless
Lives in memory only, no file on disk, evades AV
Botnet
Network of infected machines (C2 server controlled)
graph LR
subgraph Provider["☁️ Cloud Provider Responsible"]
P1["Physical data center security"]
P2["Hypervisor + host OS"]
P3["Network infrastructure"]
P4["Managed service patching"]
end
subgraph Customer["👤 Customer Responsible"]
C1["Data classification + encryption"]
C2["IAM — identity and access"]
C3["OS + app patching (IaaS)"]
C4["Network config (security groups)"]
C5["Monitoring and logging"]
end
Common Cloud Misconfigurations
Cloud Security Services
Platform
Service
Purpose
AWS
GuardDuty
ML-based threat detection
AWS
Security Hub
Centralized security findings
AWS
Inspector
Vulnerability assessment
AWS
Macie
Sensitive data discovery in S3
AWS
CloudTrail
API call logging
Azure
Defender for Cloud
CSPM + workload protection
Azure
Sentinel
Cloud-native SIEM
GCP
Security Command Center
Threat detection + compliance
Multi
Wiz / Prisma Cloud
CSPM across clouds
Incident Response
IR Lifecycle (NIST SP 800-61)
graph LR
P["1️⃣ Preparation\nIR plan · Playbooks\nTools · Training · SIEM"]
D["2️⃣ Detection & Analysis\nIdentify IOCs · Triage\nScope + Severity · Preserve evidence"]
C["3️⃣ Containment\nIsolate systems\nNetwork quarantine"]
E["4️⃣ Eradication\nRemove malware\nPatch · Reset credentials"]
R["5️⃣ Recovery\nRestore from backups\nMonitor closely"]
L["6️⃣ Lessons Learned\nRoot cause analysis\nUpdate IR plan + detections"]
P --> D --> C --> E --> R --> L --> P
Common IOCs (Indicators of Compromise)
Critical Windows Event IDs
Event ID
Description
Significance
4624
Successful logon
Baseline
4625
Failed logon
Brute force indicator
4648
Logon with explicit credentials
Lateral movement
4720
User account created
Persistence
4732
Member added to security group
Privilege escalation
7045
New service installed
Malware persistence
1102
Audit log cleared
Critical — attacker covering tracks
4698
Scheduled task created
Persistence
4776
NTLM auth attempt
Pass-the-Hash indicator
Digital Forensics — Order of Volatility
Secure Development (DevSecOps)
Secure SDLC — Shift Left
graph LR
R["Requirements\nSecurity requirements\nThreat modeling\nCompliance needs"]
D["Design\nSTRIDE threat model\nSecurity architecture\nData flow diagrams"]
DEV["Development\nSecure coding standards\nSAST · SCA\nNo hardcoded secrets"]
T["Testing\nDAST · IAST\nPenetration testing\nDependency scanning"]
DEP["Deployment\nSecrets management\nContainer image scanning\nIaC security scan"]
OPS["Operations\nRuntime protection\nSIEM monitoring\nPatch management"]
R --> D --> DEV --> T --> DEP --> OPS
STRIDE Threat Modeling
Letter
Threat
Example
Defense
S
Spoofing
Impersonating another user
Strong authentication
T
Tampering
Modifying data in transit
Integrity checks, TLS
R
Repudiation
Denying an action occurred
Audit logging, signatures
I
Info Disclosure
Exposing sensitive data
Encryption, access control
D
Denial of Service
Making system unavailable
Rate limiting, redundancy
E
Elevation of Privilege
Gaining higher access
Least privilege, RBAC
Secrets Management
Scan for accidentally committed secrets
# truffleHog — scan git history for secretstrufflehog git https://github.com/org/repo# git-secrets — prevent committing secretsgit secrets --installgit secrets --register-aws