GTU IT Sem 5 Cyber Security Notes For Revision

1. Vulnerability : A flaw or loophole in system that can be exploited by people with bad intentions.
2. Pen-testing : penetration testing is process of finding loopholes /Vulnerabilities in a system.
3. Total ports : 0 to 65535
4. Important port number and services associated with it.
   a. 21 - FTP
   b. 22 – SSH
   c. 23 - TELNET
   d. 25 – SMTP
   e. 53 – DNS
   f. 67 – DHCP
   g. 80 – HTTP
   h. 143 – IMAP
   i. 443 – HTTPS
5. Port states :
   a. Open – open for connections
   b. Closed – closed
   c. Filtered – filters are there; Only selected traffic
   
6. Port scanning techniques.
   a. TCP
   b. UDP
   c. Vanilla
   d. ARP
   e. TCP SYN
   f. TCP FIN
   g. TCP ACK
   h. ICMP
7. OpenVAS :
   a. Full form : OPEN Vulnerability Assessment Scanner
   b. Default Port : 9390
   c. Language : Nessus Attack Scripting Language(NASL)
   d. Work : scans website/host for possible vulnerabilities and suggests how to fix that.
   e. 35,000 + NVTs (Network Vulnerability Tests)
   f. Comes with a GUI (Graphical user interface)
   
8. Matasploit :
   a. Open source
   b. Used to prepare payloads for post exploitation.
   c. Source code language : Ruby
   d. Uses PostgreSQL database
   e. Pre-installed in most UNIX
   f. Commands:
   i. Connect
   ii. Search
   iii. Session
   iv. Show
9. Socket : endpoint of system used to communicate between same application or between two applications, useful for building API(Application Programming Interface)

10. Netcat : multi purpose tool
    a. Can be used as port scanner, backdoor creation, port redirector, port listener or file transfer.
    b. Pre-installed with mostly Linux distributions.
    c. Syntax : nc –[option] [host] [port]
    d. Main options :
    i. -v : verbose mode to display whatever is happening in background
    ii. -l : puts nc in listening mode
    iii. -p : specifies port number
    iv. -u : makes UDP scan
    

11. Datapipe : port redirection tool mainly for UNIX

12. Fpipe,winrelay : port redirection tool for windows
13. Nmap : Network Mapper
    a. Network reconnaissance tool
    b. Creator : Gorden Lyon(Fyodor)
    c. Features : port scanning, OS detection, service identification, host discovery
    d. Pre-installed in Linux
    e. GUI available as Zenmap
    f. Open-source
    g. Written in c, c++ & Python
    h. Basic options
    i. -v : verbose mode to output whatever is happening in background
    ii. -sP : ping scan
    iii. -Pn : basic port scanning
    iv. -sV : OS version detection
    v. -sU : UDP scan
    vi. -A : aggressive scan
14. Whois : Domain lookup tool; provides details about specific domain name.
15. TCPdump & windump : packet capturing tools
16. Wireshark : packet capturing tool
    a. Pre-installed in Linux
    b. Provides GUI
    c. Can apply different filters
    d. Released in 1998 as ethereal in 2006 named as wireshark.
    
17. Ettercap : used for MITM(Man In The Middle) attack on LAN
18. Hping : Packet generation tool; used to perform DOS attack
19. Kismat : wireless network detector and attacker tool; can be used as pen-testing purposes
20. Firewall : Network device used as protection from outside attacks.
    a. Packet filter : filters traffic on packet base, works on network layer, can use different protocols to filter e.g. allow SMTP or block FTP
    b. Circuit firewall : On transport layer, monitors connections also sets timeout if needed
    c. Application level : on Application level, most secure firewall, time consuming and slow, create proxy type environment.
    
21. NAT(Network Address Translation) : conversion of public IP from Private IP address, used IP pool, hides internal network from outside.
22. Snort : IDS(Intrusion Detection System) a. Network based : monitors whole networks and look for suspicious activity.
    b. Host-based : monitors internal computers for suspicious activity.
    c. Components : packet decoder, preprocessor, detection engine, alert system, output modules
    d. Free and open source.
23. Nikto : web security assessment tool
    a. In perl language
    b. Free and open source
    c. Supports openssl
24. W3af : web application attack and audit framework a. Free and open source
    b. Runs on python
    
25. CURL : used to fetch webpages and other online resources
26. OpenSSL : open source implementation of SSL(Secure Socket Layer) and TLS(Transport Layer Security)
    a. Used for
    i. generating keys for RSA/DSA
    ii. create X.509 certificates,
    iii. message digest calculations
    iv. SSL/TLS client – server tests
    v. Working with ciphers
    
27. Stunnel : secure tunnel; Provides SSL/TLS tunnel between applications
28. ZAP(Zed Attack Proxy) : penetration testing tool for web applications
    a. Supports HTTP and HTTPS
    b. Written in JAVA
    c. Free and open source
    d. Easy to install and use
    e. Cross platform
    f. Supports spidering
29. Sqlmap : detects SQL injection vulnerabilities from web applications.
    a. Written in Python
    b. Free and open source
    c. Support time-based, Union query-based, error-based and out-of-bound
    d. Easy to use
    e. Fully automated

30. DVWA : Damn Vulnerable Web Application
    

    a. Free and open source
    b. Used to simulate web application vulnerabilities to test skills
    c. Comes with database
    d. Supports
    i. Sql injection
    ii. Command injection
    iii. Bruteforce login
    iv. CSRF
    v. File injection
    vi. Cross site scripting
    e. Works with APACHE server

31. Webgoat : web application to teach security lessons
    a. Maintained by OWASP
    b. APACHE tomcat
    c. Default port 80
32. John the ripper : password cracking tool
    a. Pre-installed in Linux
    b. Supports many hash algorithms
    c. Fast
    d. Cracking modes
    i. Wordlist
    ii. Single crack mode
    iii. Incremental mode
    iv. External mode
33. L0phtcrack : password cracking tool; extracts passwords from local and remote computers.
34. Hydra : password cracking tool for online platforms.
35. Cyber crime : any type of crime done by using computers.
36. Cyberspace : work space created by attacker
37. Digital forensics : act of gathering information and data and analyzing them.
38. Steps in digital forensics :
    a. Preservation
    b. Collection
    c. Examination
    d. Analysis
39. Key loggers : software or hardware created to monitor every key stroke of keyboard.
40. Data acquisition : process of acquiring data from a computer
41. Virus : is a malicious code created to harm computer or computers.
    a. Need host to run it self
    b. Phases : dormant, propagation, triggering, Execution
    c. Types : boot sector, file infector, append, integrated, document, macro, memory resident, E-mail, stealth, multipart
42. Worm : created with intension of spreading only.
    a. Spreads it self in network itself
    b. Do not need host
    c. Create copies of self
    d. Mostly used to create botnets
43. Trojan horse : Legitimate looking software with malicious code that gets installed with software it self.
44. Backdoors : loop holes created by attacker to have access of the system later on that allows remote access.
45. Steganography : art of hiding information inside file, photos, videos, audios etc.
46. DOS &DDOS attacks : overwhelming victim with so many requests that it is unable to respond to legitimate user.
47. SQL injection : attack performed by taking advantage of SQL vulnerability in a website.
    a. Prevention
    i. Use prepared query
    ii. Validate inputs
    iii. Input limits
    iv. Limits database permission
48. Buffer overflow : attack performed by taking advantage of buffer overflow weakness in a website, e.g. stack(buffer) “A” stores integer value of 40 bytes if more than 40 bytes of data is given as input it will overflow and will try to overwrite the memory.