Scribd
Upload
2 views34 pages

Introduction To CyberSec

Information Security (infosec) encompasses strategies to protect both digital and non-digital information from threats, while Cyber Security specifically focuses on safeguarding computer systems and networks. Companies often fall victim to hacking due to factors like naivety and overconfidence, and it is crucial to protect various assets including data and reputation. The document also discusses the roles of information security professionals, the nature of hackers, and the execution of cyber attacks.

Uploaded by

nourcherni985
Copyright
© All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
2 views34 pages

Introduction To CyberSec

Information Security (infosec) encompasses strategies to protect both digital and non-digital information from threats, while Cyber Security specifically focuses on safeguarding computer systems and networks. Companies often fall victim to hacking due to factors like naivety and overconfidence, and it is crucial to protect various assets including data and reputation. The document also discusses the roles of information security professionals, the nature of hackers, and the execution of cyber attacks.

Uploaded by

nourcherni985
Copyright
© All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

INTRODUCTION TO

INFORMATION SECURITY
WHAT IS INFORMATION SECURITY ?
What Is Information Security?
Information Security (infosec) is a set of strategies for
managing the processes, tools and policies necessary
to prevent, detect, document and counter threats to
digital and non-digital information.
WHAT IS CYBER SECURITY ?
What Is Cyber Security?
Cyber Security is the protection of computer systems
and networks from information disclosure, theft of,
or damage to their hardware or software, as well as
from the disruption or misdirection of the services
they provide
Stop
Hacking
HOW DO COMPANIES GET HACKED?
> NAIVETY
> CURIOSITY
> COMPLACENCY
> OVERCONFIDENCE
NAIVETY
CURIOSITY
COMPLACENCY
OVERCONFIDENCE

No fear, we are 100% secure


If you want to win the war, know what you are
fighting for.
- Slipknot, Custer

WHAT TO PROTECT ?
Assets
In information security, assets include data,
hardware, software, networks, employees,
physical facilities, financial resources,
intellectual property, reputation, partnerships,
regulatory compliance, and specialized
knowledge.
CIA TRIAD

1 Confidentiality:
All the information and
data are accessible only
by persons who are
authorized to have
access.

Integrity: 3 2 Availability:
Ensures that the
Maintains the accuracy information is available
and completeness of for authorized users
information. when needed.
WHO IS RESPONSIBLE?
Information Security Professional
Evaluate risks against critical assets.

Deploy safeguards to mitigate those risks.

Develop, implement, and enforce security


policies and procedures.
RED TEAM PURPLE TEAM BLUE TEAM
A Vulnerability A Threat
is a weakness or is anything that can
gap in our
protection exploit a
efforts. vulnerability.
WHO IS A HACKER?
Hackers in Movies
Hackers in Real Life

VS
I just hacked all of the 3-letter The Internet is slow,
agencies I'll just restart the router
A Hacker is
A skilled individual proficient in computer operations,
capable of both developing and navigating software and
hardware.

For certain hackers, hacking serves as a hobby to test


the extent of computers they can compromise.
They're seen as the good May have good Individuals with
guys because they stick intentions but might exceptional computing
to the rules when delay disclosing flaws for skills engage in malicious
hacking into systems and immediate fixes, or destructive activities
follow responsible prioritizing their personal without concern for
disclosure laws. sense of morality over legality or morality.
legal obligations.
WHAT DOES IT TAKE
TO BE A HACKER?
Online Platforms
CTFs
What Google says :
"Capture The Flag" (CTF) competitions, in the
cybersecurity sense, consist of a set of computer
security puzzles, or challenges, involving reverse-
engineering, memory corruption, cryptography, web
technologyes, and more. When players solve them
they get a "flag," a secret string that can be
exchanged for points.
CTF categories
Forensics
Cryptography
Web Exploitation
Reverse Engineering
Binary Exploitation
Hardware
HOW TO EXECUTE AN ATTACK ?
The Victim :
A windows machine running on a personal computer

The Attacker
Digispark ATTINY85 Module USB

A Webhook which we will send a POST request for data


exfiltration.
Digispark ATTINY85
Execution

The Digispark Runs commands on the victim


steals saved networks and sends them to the
attacker machine
THANK YOU
ANY QUESTIONS ?

You might also like