Free Ethical Hacking and Cybersecurity Course

Try this Free Ethical Hacking and Cybersecurity Course

Covered subjects include:

Cybersecurity

Ethical Hacking

Information Security

Application Security

Software Security

Network Security
Disaster Recovery
Hacking
Threats and Attacks
Penetration Testing
End User Education
Encryption

Simply Click the below link "Free Cybersecurity Course" at the end of each section click on "up next" to instantly link to next subject.

Free Cybersecurity Course

Interested in learning to code? Try these Free Code Examples:

Share with Friends

Free Code Examples

Free Code Examples

Encryption

Encryption

Encryption is the process of converting data to an unrecognizable or "encrypted" form.

In encryption the information or message, referred to as plaintext, is encrypted using an encryption algorithm – a cipher – generating ciphertext that can be read only if decrypted.

Cryptography

Cryptography or Cryptology is from the Greek words κρυπτός kryptós, "hidden, secret"; and γράφειν graphein, "to write", or -λογία -logia, "study" Cryptology is the study of codes, or the art of writing and solving them.

Cryptanalysis

Cryptanalysis (from the Greek kryptós, "hidden", and analýein, "to loosen" or "to untie") is the study of analyzing information systemsin order to study the hidden aspects of the systems. Cryptanalysis is used to breach cryptographic security systems and gain access to the contents of encrypted messages.

Encryption

Encryption is the process of converting plain text into something that appears to be random sometimes called ciphertext.

Decryption

Decryption is the process of converting ciphertext back into plaintext. A Key is often used to create secret codes.

Types of Encryption

Asymmetric-key - or Public Key the encryption key is published or public for anyone to use and encrypt messages. However, only the receiving party has access to the decryption key that is private and enables messages to be read.

Symmetric-key - Private or Secret Key the encryption and decryption keys are the same. Communicating parties must have the same key in order to achieve secure communication.

Examples of asymmetric systems include RSA (Rivest-Shamir-Adleman), and ECC (Elliptic Curve Cryptography). Symmetric models include AES (Advanced Encryption Standard) and DES (Data Encryption Standard).

Hashing - or a Hash Function is the transformation of a string of characters into a usually shorter fixed-length value or key it is always a one-way operation. 

(MACs) Message authentication codes - are much like cryptographic hash functions, except that a secret key can be used to authenticate the hash value.

Penetration Testing

Penetration Testing

A penetration test or pen test, is an authorized simulated attack on a computer system, performed to evaluate the security of the system.

Pen testers aka ethical hackers essentially get paid to legally break into computers or devices.

Pen tests can be automated with software applications or they can be performed manually.

Ethical hacking steps

1. Planning and reconnaissance - Get documented permission and gather information.

2. Scanning - inspect code and how the system works.

3. Exploitation - get into the system and back out with information without being noticed.

4. Maintaining access - The goal of this step is to see if the vulnerability can be used to achieve a persistent presence in the exploited system.

5. Analysis - compile a report detailing:
-Specific vulnerabilities that were exploited
-Sensitive data that was accessed
-The amount of time the pen tester was able to remain in the system undetected

Penetration Testing Methods

External Testing - target the assets of a company that are visible on the internet.

Internal Testing - test with access to an application behind its firewall.

Blind Test - a tester is only given the name of the enterprise that’s being targeted. This gives security personnel a real-time look into how an actual application assault would take place.

Double Blind Test - security personnel have no prior knowledge of the simulated attack.

Targeted Testing - In this scenario, both the tester and security personnel work together and keep each other appraised of their movements.

The main objective of penetration testing is to determine security weaknesses.

Up Next: Encryption

Threats or Attacks

Threats or Attacks

A Threat or Cyberattack is deliberate exploitation of computer systems, technology-dependent enterprises and networks.

Common Threats can include

Botnets - A collection of computers compromised by malicious code and controlled across a network.

(DoS)Denial of Service - An attack that prevents or impairs the authorized use of information system resources or services.

(DDoS)Distributed Denial of Service - A denial of service technique that uses numerous systems to perform the attack simultaneously.

Malware - Software that compromises the operation of a system

(MITM) Man-in-the-middle attack - is an attack where the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other.

Phishing - A digital form of social engineering to deceive individuals into providing sensitive information.

Ransomware - is a type of malware that prevents users from accessing their system or personal files and demands ransom payment in order to regain access.

Spoofing -  Faking the sending address of a transmission to gain illegal entry. The deliberate inducement of a user or resource to take incorrect action. Impersonating, masquerading, piggybacking, and mimicking are forms of spoofing.

Spyware - Software that is secretly or surreptitiously installed into an information system.

(SQLi)SQL injection - is a code injection technique, used to attack data-driven applications.

Trojan horse - A computer program that appears to have a useful function, but also has a hidden and potentially malicious function.

Virus - A computer program that can replicate itself infect a computer and then spread.

Worm - A self-replicating, self-propagating, self-contained program that uses networking mechanisms to spread itself.

(XSS)Cross-Site Scripting - is a common attack that injects malicious code into a vulnerable web application.

The process of keeping up with new technologies, security trends and threat intelligence is a challenging task.

Up Next: Penetration Testing

Hacking

Hacking

What is Hacking?

Hacking -  refers to the practice of modifying or altering computer software and hardware to accomplish a goal that is considered to be outside of the creator's original objective.

Hacking is the gaining of access(wanted or unwanted) to a computer and viewing, copying, or creating data without the intention of destroying data or maliciously harming the computer.

A computer hacker is any skilled computer expert that uses their technical knowledge to overcome a problem.

Types of Hackers

Black hats - hack to take control over the system for personal gains.

White hats - professionals who hack to check security systems to make it more hack-proof. This process is typically referred to as penetration testing.

Grey hats - differ from black hats in the sense that they notify the admin of the network system about the weaknesses discovered in the system instead of exploiting for personal gains.

Ethical hacker - is an individual hired to hack into a system to identify and repair potential vulnerabilities

Script kiddies - or skids are people breaking into computers using programs written by others, with very little knowledge about the way they work.

Blue hats - hacker is someone outside computer security consulting firms who is used to bug-test a system prior to its launch, looking for exploits so they can be closed.

Crackers - find exploits for system vulnerabilities and often use them to their advantage by either selling the fix to the system owner or selling the exploit to other black hat hackers

Hacktivist - is someone who uses their hacking skills for political ends.

Red team - an independent group that challenges an organization to improve its effectiveness by assuming an adversarial role or point of view.

Green hats - are the amateurs in the online world of hacking.

Cracking is a method by which a person who gains unauthorized access to a computer with the intention of causing damage.

Hacking and Cracking is a crime when the perpetrators access systems without the owner's permission.

Up Next: Threats or Attacks

Information Security

Information Security

Information security ("IS" “InfoSec” "data security") is the practice of preventing unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction of information. Its primary concern is for the confidentiality, integrity, and availability of your data. (This is often referred to as the “CIA.”)

Ensuring that information is not compromised in any way when critical issues arise. These issues include but are not limited to natural disasters, computer/server malfunction and physical theft.

Helpful terms

Authentication - The process that affirms an entity’s credentials, thus proving an identity.

CIA - CIA triad (or C/I/A), these three security aspects have long been held as the fundamental principles of Information Security.
Confidentiality: describes the need for information to be accessible only to those that are authorised to view it.
Integrity: describes the need for information to be protected from modification by those that are not authorised to change it.
Availability: describes the need for information to be available to those that require it, when they require it.

Cryptography - or cryptology is the practice and study of techniques for secure communication. Cryptography involves creating written or generated codes that allow information to be kept secret.

Digital Certificate -  An electronic identifier that establishes your credentials when doing business or other transactions on the Web.

Digital Signature -  A tool used to provide the authentication of the sender of a message, as well as the origin of the message and identity of the sender. It is unique for every transaction and created with a private key.

Hash Functions - These are different from SKC and PKC. They use no key and are also called one-way encryption. Hash functions are mainly used to ensure that a file has remained unchanged.

Public Key Cryptography - (PKC): Here two keys are used. This type of encryption is also called asymmetric encryption. One key is the public key that anyone can access. The other key is the private key.

Secret Key Cryptography - (SKC): Here only one key is used for both encryption and decryption. This type of encryption is also referred to as symmetric encryption.

User Identification - (User ID, UID) Information (aka credential) that is used to uniquely identify or define attributes about an individual's or entity's identity.

Information security handles risk management. Anything that can act as a risk or a threat to the CIA triad must be kept - it cannot be changed, altered or transferred without permission. For example, a message could be modified during transmission by someone intercepting it before it reaches the intended recipient. Good cryptography tools can help mitigate this security threat. Digital signatures can improve information security by enhancing authenticity processes and prompting individuals to prove their identity before they can gain access to computer data.

Up Next: Network Security

Application Security

Application Security

Application security is the use of software, hardware, and procedural methods to protect applications from external threats.

Security is becoming an increasingly important concern during development as applications become more frequently accessible over networks and are, as a result, vulnerable to a wide variety of threats.

Helpful terms

Application firewall - an enhanced firewall that limits access by applications to the operating system (OS) of a computer.

Backdoor - A method of bypassing established authentication or other security processes to obtain access to a system.

Cross-Site Scripting (XSS) - An attack on an application where malicious executable scripts are injected into a trusted application or website.

Countermeasure -  is an action, device, procedure, or technique that reduces a threat, a vulnerability, or an attack by eliminating or preventing it.

Encryption - The transformation of plaintext data into indecipherable data (ciphertext).

IP address - short for Internet Protocol address, is an identifying number for a piece of network hardware.

JavaScript hijacking - is a technique that an attacker can use to masquerade as a valid user and read sensitive data from a vulnerable Web application, particularly one using Ajax (Asynchronous JavaScriptand XML). Nearly all major Ajax applications have been found vulnerable.

Router - a networking device that forwards data packets between computer networks.

Countermeasures

Different techniques are used to surface such security vulnerabilities at different stages of an applications lifecycle such design, development, deployment, upgrade, maintenance.

Actions taken to ensure application security are sometimes called countermeasures. The most basic software countermeasure is an application firewall that limits the execution of files or the handling of data by specific installed programs.

The most common hardware countermeasure is a router that can prevent the IP address of an individual computer from being directly visible on the Internet. Some basic techniques used for application security are: Input parameter validation, User/Role Authentication & Authorization, Session management, parameter manipulation & exception management, and Auditing and logging.

Other countermeasures include conventional firewalls, encryption/decryption programs, anti-virus programs, spywaredetection/removal programs and biometric authentication systems.

Security measures built into applications and a sound application security routine minimize the likelihood that unauthorized code will be able to manipulate applications to access, steal, modify, or delete sensitive data.

Up Next: Information Security

Ethical Hacking

Ethical Hacking

What is Ethical Hacking?

Ethical Hacking is the act of locating weaknesses and vulnerabilities of computer and information systems by duplicating the intent and actions of malicious hackers. The key difference between this and illegal hacking is gaining the owners permission before beginning. Ethical Hacking can also be called or known as penetration testing, intrusion testing, red teaming, or tiger teams.

Who are Ethical Hackers?

An Ethical Hacker or white hat is a security professional professional who applies their hacking skills for defensive purposes on behalf of the owners of information systems.

Ethical hackers know how to find and exploit vulnerabilities and weaknesses in systems just like a malicious hacker or black hat. In fact, they both use the same skills; however, an ethical hacker uses those skills in a legitimate, lawful manner to try to find vulnerabilities and fix them before the bad guys can get there and try to break in. The primary difference between ethical hackers and real hackers is the legality. Nowadays, certified ethical hackers are among the most sought after information security employees in large organizations.

Ethical Hackers use many techniques and tools to locate vulnerabilities in systems including but not limited to penetration testing, social engineering, scanning, sniffing, cracking passwords, and locating weaknesses in security systems.

Popular Ethical Hacking tools include: Nmap, Metasploit, Kalu Linux, Burp Suite, Cain & Able, Aircrack, Nessus, and many more.

The role of an ethical hacker is important since the bad guys will always be there, trying to find cracks, backdoors, and other secret ways to access data they shouldn’t. In fact, there’s even a professional certification for ethical hackers: the Certified Ethical Hacker(CEH).

*make sure you have documented permission from the right people before breaking into something. Not breaking the law is paramount to being an ethical hacker.

Up Next:. Software Security

Software Security

Software Security

 What is Software Security?

        Software security is the idea of engineering software with a robust design so that it is resistant to and continues to function correctly under malicious attack.
       

Secure Coding

         
         Secure coding is the practice of writing software that’s resistant to attack by malicious or mischievous people or programs. An insecure program can provide access for an attacker to take control of a server or a user’s computer, resulting in anything from denial of service to a single user, to the compromise of secrets, loss of service, or damage to the systems of thousands of users.

Attacks

       
        Attacks often take advantage of vulnerabilities found in web-based and other application software. Vulnerabilities can be present for many reasons, including coding mistakes, logic errors, incomplete requirements, and failure to test for unusual or unexpected conditions. Examples of specific errors include: the failure to check the size of user input; failure to filter out unneeded but potentially malicious character sequences from input streams; failure to initialize and clear variables; and poor memory management allowing flaws in one part of the software to affect unrelated and more security critical portions.

There is a flood of public and private information about such vulnerabilities available to attackers and defenders alike, as well as tools and techniques to allow “weaponization” of vulnerabilities into exploits. Attackers can inject specific exploits, including buffer overflows, Structured Query Language (SQL) injection attacks, cross-site scripting, cross-site request forgery, and click-jacking of code to gain control over vulnerable machines.

Best Practices

Software security best practices leverage good software engineering practice and involve thinking about security early in the software development lifecycle, knowing and understanding common threats, including language-based flaws and pitfalls, designing for security and subjecting all software artifacts to thorough objective risk analyses and testing. <br><br>

Secure coding helps protect a user’s data from theft or corruption. By identifying the insecure coding practices that lead to these errors and educating developers on secure alternatives, we can take proactive steps to help significantly reduce or eliminate vulnerabilities in software before deployment.

Here is a Great Resource for Secure Coding:

Secure Coding Cheat Sheet

Up Next: Application Security

Cybersecurity

Cybersecurity

What is Cybersecurity?

Cybersecurity, Computer Security, Electronic Information Security or IT Security is a set of techniques for the protection of computer systems, their hardware, software or electronic data, as well as, servers, mobile devices, electronic systems, and networks from disruption, misdirection, unauthorized access, modification,or malicious attacks of the services they provide.

There are hundreds of job titles in cyber security, but some of the top positions include:

Chief information security officer.

Security Analyst.

Incident responder.

Security Engineer.

Computer forensics expert.

Security Architect.

Penetration tester. 

Security Administrator.

Security Software Developer.

Cryptographer.

Cryptanalyst.

Security Consultant.

Some helpful terms:

Asset- Something of value to a person, business or organization.

Attack-  An attempt to gain unauthorized access to system services, resources, or information, or an attempt to compromise system integrity.

Firewall- Hardware or software designed to prevent unauthorised access to a computer or network from another computer or network.

Hacker- Someone who violates computer security for malicious reasons, kudos or personal gain.

Proxy server- Server that acts as an intermediary between users and others servers, validating user requests.

Risk-  Something that could cause an organization not to meet one of its objectives.

Security control- Something that modifies or reduces one or more security risks.

Threat- Something that could cause harm to a system or organization.

Vulnerability- A flaw or weakness that can be used to attack a system or organization.

Common Threats include:

Phishing

Trojans

Botnets

Ransomware

Distributed Denial of Service (DDoS)

Wiper Attacks

Spyware/Malware

Man in the Middle (MITM)

Drive-By Downloads

Malvertising

Rogue and Unpatched Software

Major Elements in Cybersecurity include:

Software security

Application Security

Information Security

Network Security

Up Next:. Ethical Hacking