VA

• A vulnerability assessment is a systematic process of identifying, quantifying, and prioritizing weaknesses in an information system. It's essentially a security checkup for your digital assets.
• Vulnerability management is the ongoing process of identifying, assessing, prioritizing, and mitigating vulnerabilities in an organization's systems, applications, and networks. It's a proactive approach to security that aims to prevent cyberattacks by addressing weaknesses before they can be exploited.

1. Identify Vulnerabilities
2. Assess Vulnerabilities # Evaluating the potential impact of each vulnerability and assigning a risk score.
3. Treat Vulnerabilities

• 01 Scope out the Engagement

know what you want to do and how much will you go or do it.

02 Perform a Risk Assessment & Threat Modelling

Determine threats to the system, and find weaknesses that could be exploited by threats

03 Know the physical and logical assets in scope

Discovery phase e.g Identify hardware components like servers, routers, switches, and endpoint devices etc.

04 Scan the assets

05 Validate the findings 06 Prepare a Remediation Plan 07 Reporting to the Senior Management 08 Repeat the Cycle every three months or as per your business requirements or after every major change 09 Keep comparing the data and learn to measure your VA program and Follow CMMI

• Responsibilities

Hacking 101 & Incident Response + Network Pent:

• Incident Response (IR) is a structured approach to managing and mitigating the impact of a security breach or other disruptive event. It involves a series of coordinated actions to identify, contain, eradicate, recover from, and learn from security incidents.

  Key phases of incident response:

  • Preparation: Developing incident response plans, defining roles and responsibilities, conducting training, and establishing communication protocols.
  • Identification: Detecting and recognizing an incident, gathering initial information, and activating the incident response team.
  • Containment: Isolating the affected systems or networks to prevent further damage and data loss.
  • Eradication: Eliminating the root cause of the incident and removing any malicious components.
  • Recovery: Restoring systems and data to normal operations while implementing preventive measures.
  • Lessons Learned: Analyzing the incident to identify weaknesses, improve processes, and prevent future occurrences.

• IANA stands for Internet Assigned Numbers Authority

  It's essentially the global manager of the internet's address book.

  What does it do?

  IP Address Allocation: IANA oversees the distribution of IP addresses (both IPv4 and IPv6) to regional registries.

  Domain Name System (DNS) Root Zone Management: It manages the top level of the DNS hierarchy, ensuring that domain names resolve correctly to IP addresses.

• Computer Security Incident Response Team (CSIRT)

• Word Web Bugs are documents that can be used to track attackers by creating a callback when opened, which reveals the attacker's IP address. They can be used for cyber deception classes and don't require Microsoft Word to be open or macros to be enabled. There are two document templates for Word Web Bugs: web_bug.doc and web_bug.html.

• write blocker is a hardware or software device that prevents data from being written to a storage device. When you connect a storage device (like a hard drive or USB stick) to a system through a write blocker, the device can be read, but any attempts to write data back to it are blocked. It ensures that the original data remains intact during the forensic investigation process. This is crucial for maintaining the integrity of digital evidence. So, while write blockers primarily protect data, they also facilitate the creation of accurate and reliable copies for forensic investigations

• drive duplicator is a hardware device designed to create exact copies of data from one storage device to another. Unlike write blockers, drive duplicators allow data to be written to the target device.