Today is my first day in the #FromZeroToHacker challenge!
I want to have a learning path clear, so I started my introduction to CyberSecurity with TryHackMe. Here’s what I have learnt.
| Table of contents |
| Introduction |
| What I have learnt today? |
| Stats |
| Resources |
Introduction
Today, as it was the first day, I started a bit light, mostly theory but with a bit of practice at the end.
What I have learnt today?
After a bit (or loads) of theory, where I had an introduction to offensive and defensive security, I did two virtual machines. Nothing too fancy, but good to start getting your feet wet.
Also, I learnt about different cybersecurity roles: From defender to attacker, but also digital forensics examiner and malware analyst. And more.
There are mainly 3 security concerns with attacks, and we use the CIA acronym:
- Confidentiality
- Integrity
- Availability
The main weaknesses are also three:
- Authentication and weak passwords
- Weak file permissions
- Malicious Programs
A few concepts such as:
A computer network is a group of computers and devices connected with each other.
Network security focuses on protecting the security of these devices and the links that connect them.
Network security consists of different hardware and software solutions to achieve the set security goals.
Hardware security solutions refer to the devices you set up to protect your network security. Examples of hardware appliances include a Firewall, an IDS (Intrusion Detection System), an IPS (Intrusion Prevention System) and VPN (Virtual Private Network).
There are also Software security solutions such as Anti-virus software and a Host firewall.
Every attack uses most (or all) steps of this image:
- Recon: Here is where the attacker tries to learn as much as possible about the target. Types of servers, OS, IP addresses, usernames, email addresses, etc.
- Weaponization: Preparing a file with the malicious component.
- Delivery: Sending the weaponized file to the target. It may be via email, USB, SSH, etc.
- Exploitation: When the user opens the malicious file, executing the virus.
- Installation: Sometimes the malware needs to be installed.
- Command & Control (C2): The successful installation of the malware, giving a command and control ability over the target to the hacker.
- Actions on objectives: After gaining control over the target, the attacker can use actions on the target, for example, extracting and/or modifying data.
I also used GoBuster, a tool to brute-force search files and directories in a site, and nmap (Network Mapper), to map a host and find services we can use to open an attack.
Stats
Being new, I started at 1.044.374th place on the TryHackMe ranking. I have more than one million hackers to pass! Not an easy task. At the end of the day, I was placed 619.584th, a good jump. Sadly, I reckon I won’t be climbing so fast in a few weeks đŸ™‚
Here is also the Skil Matrix:
Resources
As I started with TryHackMe, all the resources are from THM:
Path: Introduction to CyberSecurity
Introduction to Cybersecurity:
TryHackMe: Intro to Offensive Security
TryHackMe: Intro to Defensive Security
TryHackMe: Careers in Cybersecurity
Introduction to Offensive Cybersecurity:
Web Application Security
Operating System Security
Network Security
