Open in app

Sign in

Write

Sign in

Introduction to Cyber Security

Cyber Goddess
4 min readOct 12, 2022

--

What is Penetration Testing?

A penetration testing ,colloquially known as a pentest, is an authorized simulated cyberattack on a computer system, performed to evaluate the security of the system.

External network tests,which look for vulnerabilities and security issues in an organization’s servers,hosts,devices and network systems.

Internal network tests,which assess the damage,an attacker could do when they gain access to an organization’s internal systems.

Web application tests,which look for insecure development practices in the design coding and publishing of software or a website.

Wireless network tests,which assess vulnerabilities in wireless systems,including wi-fi,rogue access points to weak encryption algorithm.

Phishing penetration test,which assess employee’s susceptibility to scam emails.

Career Opportunities

Penetration Tester

Security Auditor

Cybersecurity Analyst

Vulnerability Assessor

Information Security Manager

What is Cyber Security?

The technique of protecting internet-connected systems such as computers,servers,mobile devices,electronic systems,networks and data from malicious attacks in known as cybersecurity.

We can divide cybersecurity into two parts is cyber,and the other is security.

Cyber refers to the technology that includes systems,network,programs and data.

Security is concerned with the protection of systems,networks,programs and information.

Types of Cyber Attacks

Cyber attacks can be classified into the following categories :

1. Web-Based Attacks

Injection Attacks

Session Attacks

Phishing

Brute force

Denial of Service(DOS)

Distributed Denial of Service(DDOS)

Spoofing

Man in the Middle Attack

Dictionary Attacks

URL Interpretation

2. System-Based Attacks

Virus

Worms

Trojan Horse

Backdoors

Bots

What is Ethical Hacking?

The goal of ethical hacking-like criminal hacking is to find security vulnerabilities in an organization’s systems.However as the word ‘ethical’ suggests,the person conducting the attacks must have the organization’s approval before proceeding.

Why would organization ask someone to hack them?

Simple!

They understands that the best way to identify the flaws that a cyber criminal might exploit is to think like a cyber criminal themselves.

Difference between Hackers & Attackers?

A hacker is a person who breaks into a computer system.The reason for hacking can be many:installing malware,stealing or destroying data,disrupting services,and more. Hacking can also be done for ethical reasons,such as trying to find software vulnerabilities so they can be fixed.Attackers can use any means to cause havoc.

For example,an attacker may be a disgruntled insider who deletes sensitives files or disrupts the business by any means to achieve their goals.They could simply unplug a key system.

Types of Hackers

Hackers can be classified into different categories:

Black hat hackers

Black hat hackers are also known as an unethical hackers or a security crackers.These people hack the system illegally to steal money or to achieve their own illegal goals.They find banks or other companies with weak security and steal money or credit card information.They can also modify or destroy that data as well.Black hat hacking is illegal.

White hat hackers

They are also known as Ethical hackers or a penetration tester.White hat hackers are the good guys of the hacker world.These people use the same technique used by the black hat hackers.They also hack the system,but hey can only hack the system that they’ve permission to hack in order to test the security of the system.They focus on security and protecting IT system.White hat hacking is illegal.

Script Kiddie

It is an unskilled person who uses scripts or downloaded tools available for hacking,which are provided by other hackers

Grey Hat Hackers

They are also amateurs in the world of hacking by they’re different from script kiddies. They care about hacking and strive to become full-blown hackers.

Blue hat hackers

They are much like the script kiddies;are beginners in the field of hacking.If anyone makes angry a script kiddie and he/she may take revenge,then they’re considered as the blue hat hackers.

Social Media hackers

They are the one who steals social media accounts.This can be done for revenge or gain any information about someone.

Hacktivist

These are also called the online version of activists.They are hackers or a group of anonymous hackers who gain unauthorized access to government’s computer files and network’s for further social or political ends.

Malicious insider/whistle blower

They could be an employee of a company or a government agency with a grudge or a strategic employee who becomes aware of any illegal activities happening within the organization and blackmail the organization for his/her personal gain.

Difference between Red Team and Blue Team?

Red Team

A red team plays the role of the attacker by trying to find vulnerabilities and break through cybersecurity defenses.

Their activities are:

Social Engineering

Penetration Testing

Intercepting communication

Card cloning

Making recommendation to blue team for security improvements

Red team skills:

Software development

Penetration testing

Social engineering

Threat intelligence

Reverse engineering

Red team jobs:

Vulnerability assessor($80,096)

Security Auditor($83,015)

Ethical Hacker($98,177)

Penetration tester($102,279)

Red team certifications:

CEH

LPT Master

CompTIA Pentest+

GPEN

GXPN

OSCP

CRTOP

Blue Team

They defends against attacks and responds to incidents when they occurs.

Their activities are:

Digital footprint analysis

DNS audits

Installing and configuring firewalls and endpoint security software

Monitoring network activities

Using least privilege access

Blue team skills:

Risk assessment

Threat intelligence

Hardening techniques

Monitoring and detection system

Blue team jobs:

Cybersecurity Analyst($80,003)

Incident responder($88,818)

Threat intelligence analyst($90,257)

Information Security Specialist($96,942)

Security Engineer($111,630)

Security Architect($153,160)

Blue team certifications:

CISSP

CISA

CompTIA Security+

GSEC

GCIH

SSCP

CASP+

What are black box,gray box,and white box penetration testing?

In black box testing assignment,the penetration tester is placed in the role of the average hacker,with no internal knowledge of the target system.

Gray box penetration tester typically have some knowledge of the network’s internals,potentially including design and architecture documentation and an account internal to the network.

White box penetration testers are given full access to source code,architecture ,documentation and so forth .

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

Pentesting
Cybersecurity
Hacking Tutorial
Taniya Rose

--

--

Cyber Goddess
Cyber Goddess

Written by Cyber Goddess

6 Followers
1 Following

Cyber Security Researcher | Vlogger

No responses yet

Write a response

What are your thoughts?

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams