-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
2 changed files
with
131 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,130 @@ | ||
| <!DOCTYPE html> | ||
| <html lang="en"> | ||
| <head> | ||
| <meta charset="UTF-8"> | ||
| <meta name="viewport" content="width=device-width, initial-scale=1.0"> | ||
| <meta http-equiv="X-UA-Compatible" content="ie=edge"> | ||
|
|
||
| <title>Cyber Security Cheatsheet</title> | ||
|
|
||
| <!-- Bootstrap CDN --> | ||
| <link href="https://cdn.jsdelivr.net/npm/[email protected]/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-T3c6CoIi6uLrA9TneNEoa7RxnatzjcDSCmG1MXxSR1GAsXEV/Dwwykc2MPK8M2HN" crossorigin="anonymous"> | ||
| <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/[email protected]/font/bootstrap-icons.min.css"> | ||
|
|
||
| <!-- CSS --> | ||
| <link rel="stylesheet" href="assets/style.css"> | ||
| </head> | ||
|
|
||
| <body data-theme="light"> | ||
| <div class="container"> | ||
| <!-- Theme Toggle --> | ||
| <div class="button float-end"><i class="bi bi-circle-half"></i></div> | ||
|
|
||
| <h3 class="title">Cyber Security</h3> | ||
|
|
||
| <div class="section-list"> | ||
| <ul> | ||
| <li><a href="#terms">Terminologies</a></li> | ||
| </ul> | ||
| </div> | ||
|
|
||
|
|
||
| <div class="sections" id="terms"> | ||
| <h4 class="heading"># Terminologies</h4> | ||
| <div> | ||
| <ul class="justify"> | ||
| <li> | ||
| <b>Offensive Security (Red Team) :</b><br>Attacking - Offensive security is the process of breaking into computer systems, exploiting vulnerabilities, and finding loopholes in applications to gain unauthorized access to them. | ||
| </li> | ||
| <li> | ||
| <b>Defensive Security (Blue Team) :</b><br>Defending/Preventing - Defensive security is the process of protecting an organization's network and computer systems by analyzing and securing any potential threats. | ||
| </li> | ||
| <li> | ||
| <b>Security Operations Center (SOC) :</b><br>The Security Operations Center (SOC) is a team of IT security professionals tasked with monitoring, preventing, detecting, investigating, and responding to threats within a company’s network and systems. | ||
| </li> | ||
| <li> | ||
| <b>OSINT :</b><br>Open-Source Intelligence (OSINT) is the act of gathering and analyzing publicly available data for intelligence purposes. | ||
| </li> | ||
| <li> | ||
| <b>Threat Intelligence :</b><br>Threat intelligence aims to gather information to help the company better prepare against potential adversaries. | ||
| </li> | ||
| <li> | ||
| <b>Digital Forensics :</b><br>Digital Forensics is the application of science to investigate digital crimes and establish facts. | ||
| </li> | ||
| <li> | ||
| <b>Incident Response :</b><br><br>An incident usually refers to a data breach or cyber attack; however, in some cases, it can be something less critical, such as a misconfiguration, an intrusion attempt, or a policy violation. | ||
| </li> | ||
| <li> | ||
| <b>Malware Analysis :</b><br>Malware stands for malicious software. Software refers to programs, documents, and files that you can save on a disk or send over the network. | ||
| </li> | ||
| <li> | ||
| <b>OWASP :</b><br>The Open Web Application Security Project is a nonprofit foundation focused on understanding web technologies and exploitations and provides resources and tools designed to improve the security of software applications.</li> | ||
| <li> | ||
| <b>IDOR :</b><br>Insecure direct object references (IDOR) are a type of access control vulnerability that arises when an application uses user-supplied input to access objects directly. Broken access control means that an attacker can access information or perform actions not intended for them. | ||
| </li> | ||
| <li> | ||
| <b>Firewall :</b><br>A security system that monitors and controlls incoming an outgoing network traffic. | ||
| </li> | ||
| <li> | ||
| <b>Ethernet :</b><br>A standard way to connect devices in a wired network using cables and hubs. | ||
| </li> | ||
| <li> | ||
| <b>Virus :</b><br>Virus is a piece of code (part of a program) that attaches itself to a program. It is designed to spread from one computer to another; moreover, it works by altering, overwriting, and deleting files once it infects a computer. The result ranges from the computer becoming slow to unusable. | ||
| </li> | ||
| <li> | ||
| <b>Trojan Horse :</b>Trojan Horse is a program that shows one desirable function but hides a malicious function underneath. For example, a victim might download a video player from a shady website that gives the attacker complete control over their system.<br> | ||
| </li> | ||
| <li> | ||
| <b>Ransomware :</b>Ransomware is a malicious program that encrypts the user’s files. Encryption makes the files unreadable without knowing the encryption password. The attacker offers the user the encryption password if the user is willing to pay a “ransom.”<br> | ||
| </li> | ||
| <li> | ||
| <b>HTML Injection :</b>HTML Injection is a vulnerability that occurs when unfiltered user input is displayed on the page. If a website fails to sanitise user input (filter any "malicious" text that a user inputs into a website), and that input is used on the page, an attacker can inject HTML code into a vulnerable website.<br> | ||
| </li> | ||
| <li> | ||
| <b>SQLi (Structured Query Language Injection) :</b>SQLi is an attack on a web application database server that causes malicious queries to be executed. When a web application communicates with a database using input from a user that hasn't been properly validated, there runs the potential of an attacker being able to steal, delete or alter private and customer data and also attack the web application authentication methods to private or customer areas. - If web server of dbms throws sql error directly then it has sql injection vulnerability.<br> | ||
| </li> | ||
| <li> | ||
| <b>Proxy :</b>Proxy server is a system or router that provides a gateway between users and the internet. Therefore, it helps prevent cyber attackers from entering a private network. It is a server, referred to as an “intermediary” because it goes between end-users and the web pages they visit online.<br> | ||
| </li> | ||
| <li> | ||
| <b>Web Socket :</b><br> | ||
| </li> | ||
| <li> | ||
| <b>SSL/TLS :</b><br>Establishes a secure connection over public network, enabling secure remove access. | ||
| </li> | ||
| <li> | ||
| <b>VPN :</b><br> | ||
| </li> | ||
| <li> | ||
| <b>TOR (The Onion Router) :</b><br>TOR Network and Browser. | ||
| </li> | ||
| <li> | ||
| <b>Proxychains :</b><br> | ||
| </li> | ||
| </ul> | ||
| </div> | ||
| </div> | ||
|
|
||
| <!-- Navigation Buttons --> | ||
| <nav> | ||
| <a href="https://itspatkar.github.io/Cheatsheets/"><i class="bi bi-arrow-left-square-fill"></i></a> | ||
| <a href="#" class="float-end"><i class="bi bi-arrow-up-square-fill"></i></a> | ||
| </nav> | ||
| </div> | ||
|
|
||
| <!-- JavaScript --> | ||
| <script src="assets/script.js"></script> | ||
| </body> | ||
| </html> | ||
|
|
||
|
|
||
| ### Tools | ||
|
|
||
| - gobuster : Gobuster is a tool used in penetration testing and cybersecurity assessments. It's primarily designed for discovering web content, directories, and files on web servers. | ||
| - pdfinfo : Portable Document Format (PDF) document information extractor (poppler-utils) | ||
| - exiftool : ExifTool is used to read and write metadata in various file types, such as JPEG images. | ||
| - sqlmap : SQLMap is an open-source penetration testing tool that automates the process of detecting and exploiting SQL injection vulnerabilities in web applications. | ||
| - crunch : Crunch command generates wordlists based on specified character sets, minimum and maximum lengths, and specific patterns. These wordlists can be used for dictionary attacks. | ||
| - jSQL | ||
|
|
||
| - Burp Suite : Burp Suite is a Java-based framework designed to serve as a comprehensive solution for conducting web application penetration testing. Burp Suite captures and enables manipulation of all the HTTP/HTTPS traffic between a browser and a web server. This fundamental capability forms the backbone of the framework. The ability to intercept, view, and modify web requests before they reach the target server or even manipulate responses before they are received by our browser makes Burp Suite an invaluable tool for manual web application testing. It includes various tools for scanning, fuzzing, intercepting, and analyzing web traffic. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters