30 DAYS OF CYBERSECURITY

DAY 1: INTRODUCTION TO OFFENSIVE SECURITY

Offensive security is the process of breaking into computer systems, exploiting software bugs,
and finding loopholes in applications to gain unauthorized access to them. The ultimate goal is
to help organizations identify and address vulnerabilities before malicious actors can exploit
them for malicious purposes.

1. Web Application Security & risks: A web application is like a “program” that we can use
without installation as long as we have a modern standard web browser. Consequently,
instead of installing every program you need, you only need to browse the related page.
Web application is a program that is running on a remote server. The web application
reads information from a database server. this database store informarion and is
responsible for many function. For instance, if a user search for something in a search bar,
thw web browser send the keyword tothe web application. The web application searches
the object in the database and return the matching result to the web application, which
then format as a web page and output it for the user.
A bug bounty program allows a company to offer a reward for anyone who
discovers a security vulnerability (weakness) in the company’s systems.
Web Aplication has some common security risks associated with it, Including;
• Identification and Authentication Failure: This refers to weaknesses in the processes
of identifying and authenticating users. For example, allowing brute force attacks
(repeated attempts to guess passwords) or storing passwords in plaintext can lead to
unauthorized access.
• Broken Access Control: Access control ensures that users can only access the data
and functionalities they are authorized to. Failure to enforce proper access control
can result in users accessing sensitive information or performing unauthorized
actions.
• Injection Attacks: Injection attacks occur when attackers inject malicious code (e.g.,
SQL queries, commands) into input fields of web applications. This can lead to data
breaches, data loss, or even complete system compromise.
• Cryptographic Failures: Weaknesses in cryptographic implementations can
undermine the security of data encryption and decryption processes. For example,
using weak encryption algorithms or storing encryption keys insecurely can expose
sensitive data to unauthorized access.
• Insecure Direct Object References (IDOR) occur when a web application exposes
internal object references (such as database keys or filenames) in its URLs or
parameters without proper authorization checks.
2. Operating System Security: The Operating System (OS) is the layer sitting between the
hardware and the applications and programs you are running. The application and programs can
not run directly onthe computer they need an operating system.
When we talk about security, we should think of protecting three things:
- Confidentiality: You want to ensure that secret and private files and information are only
available to intended persons.
- Integrity: It is crucial that no one can tamper with the files stored on your system or while
being transferred on the network.
- Availability: You want your laptop or smartphone to be available to use anytime you decide to
use it.

• Authentication and Weak Passwords: Authentication is the act of verifying your identity,
be it a local or a remote system. Authentication can be achieved via three main ways:
i. Something you know, such as a password or a PIN code.
ii. Something you are, such as a fingerprint.
iii. Something you have, such as a phone number via which you can receive
an SMS message.

• Weak File Permissions: Weak file permissions make it easy for the adversary to attack
confidentiality and integrity. They can attack confidentiality as weak
permissions allow them to access files they should not be able to access. Moreover,
they can attack integrity as they might modify files that they should not be able to edit.

• Access to Malicious Programs: Depending on the type of malicious program, it can attack
confidentiality, integrity, and availability. Some types of malicious programs, such as
Trojan horses, give the attacker access to your system. Some types of malicious
programs attack availability. One such example is ransomware.

3. Network Security: Network security refers to the devices, technologies, and processes to
protect the confidentiality, integrity, and availability of a computer network and the data on it.
Hardware solutions refer to the devices you set up in your network to protect your network
security. They are hardware, so you can literally hold them.

Examples of hardware appliances include:

- Firewall appliance: The firewall allows and blocks connections based on a predefined set of
rules. It restricts what can enter and what can
leave a network.
- Intrusion Detection System (IDS) appliance: An IDS detects system and network intrusions and
intrusion attempts. It tries to detect attackers’ attempts to break into your
network.
- Intrusion Prevention System (IPS) appliance: An IPS blocks detected intrusions and intrusion
attempts. It aims to prevent attackers from breaking into your network.
- Virtual Private Network (VPN) concentrator appliance: A VPN ensures that the network traffic
cannot be read nor altered by a third party. It protects the confidentiality (secrecy) and integrity
of the sent data.

we also have software security solutions. Common examples are:

- Antivirus software: You install an antivirus on your computer or smartphone to detect
malicious files and block them from executing.
- Host firewall: Unlike the firewall appliance, a hardware device, a host firewall is a program that
ships as part of your system, or it is a program that you install on your system.

Breaking into a target network usually includes a number of steps. According to Lockheed
Martin, the Cyber Kill Chain has seven steps:
1. Recon: Recon, short for reconnaissance, refers to the step where the attacker tries to learn as
much as possible about the target. Information such as the types of servers, operating system,
IP addresses, names of users, and email addresses, can help the attack’s success.
2. Weaponization: This step refers to preparing a file with a malicious component, for example,
to provide the attacker with remote access.
3. Delivery: Delivery means delivering the “weaponized” file to the target via any feasible
method.
4. Exploitation: When the user opens the malicious file, their system executes the malicious
component.
5. Installation: The previous step should install the malware on the target system.
6. Command & Control (C2): The successful installation of the malware provides the attacker
with a command and control ability over the target system.
7. Actions on Objectives: After gaining control over one target system, the attacker has achieved
their objectives. One example objective is Data Exfiltration (stealing target’s data).