Introduction to

Cyber Security
Dr. Mustafa Sadiq
What we will Introduction

learn in this
01
What is Cybersecurity?
General overview about Cybersecurity fields.
Where to start in this major?
course: Perimeter of the system
Anti viruses, Firewalls, IDS, IPS, and NGFW.
Cybersecurity Certification Path

Important Concepts to work in Cybersecurity

Web Security (HTTP Vs. HTTPS).

02 Securing your Browser.

Web Browsers forensic analysis.
Reverse Engineering and Assembly Language.
Digital Forensics and Network Security

Penetration Testing

03
Kali Linux as a penetration testing platform.
Installing Kali Linux.
Discovering Kali Linux Features and components
Wireshark.
Mustafa Sadiq Latief
Bsc, Msc, and PhD in Computer Engineering.

Www.mustafasadiq0.com
Www.youtube.com/mustafasadiq
Www.facebook.com/mustafasadiq85
Chapter-1: Introduction
to Cybersecurity
In Cybersecurity
world, there is
no such thing as
100% secured
system.
What is Cybersecurity?
Cyber security is the practice of defending
computers, servers, mobile devices, electronic OR:
systems, networks, and data from malicious attacks. Cyber Security is a set of principles and
It's also known as information technology security or practices designed to safeguard your
electronic information security. The term applies in a computing assets and online information
variety of contexts, from business to mobile against threats.
computing, and can be divided into a few common
categories.

- Network Security.
- Application Security.
- Information Security.
- Operational Security.
- Disaster Recovery and Business Continuity.
- End user Education and Awareness.
Why should we care about the Cybersecurity?
Being Online in any kind of business requires
protecting:
- Email
- Mobile devices
- Corporate website
- Social media
- E-commerce systems
- Online banking
- Bring your own device (BYOD) and office policy.
- Network management
- Backup and remote access
Cybersecurity Specialization Requirements
Qualifications of Cyber Security Specialist:
- Cyber/information/network security.
- Computer science.
- Computing and information systems.
- Software/electrical/network engineering.
- Mathematics.
- Physics.
- Other IT/security/network-related degrees.
Where should the Cybersecurity specialists work?

Internet

Internet Service Providers Hackers & Snoopers Governments

System Perimeter is no longer clear in today’s Cyber
world
Some Types of Cyber attacks (Cyber crimes)
Intrusion: Unauthorized individuals trying to
gain access to computer systems in order to
steal information.
Virus, Worm, Trojan Horse (Malware):
programs that infect your machine and carry
malicious codes to destroy the data on your
machine or allow an intruder to take control
over your machine.
Phishing: The practice of using email or fake
website to lure the recipient in providing
personal information.
Spyware: software that sends information from
your computer to a third party without your
consent
Spam: programs designed to send a message
to multiple users, mailing lists or email groups
Cyber Security Specialist Duties
- Safely manage your password
- Safely manage your email account
- Secure your computer
- Protect the data you are handling
- Avoid risky behavior online
- Be aware of security guidelines,
policies, and procedures.
- Developing strategies to combat
digital criminals
- Always keep an up to date
knowledge about the latest attacks
and protection against them.
- Developing and maintaining fellow
employees awareness
Your tools in the
fight against
cyber attacks
There are many hardware and software
tools that are very important in this field
and the most important ones are:
First Weapon in your
war against Cybercrime
is the antivirus

Antivirus is a software that is

created specifically to help detect,
prevent and remove malware
(malicious software).

Antivirus is a kind of software

used to prevent, scan, detect and
delete viruses from a computer.
Once installed, most antivirus
software runs automatically in the
background to provide real-time
protection against virus attacks.

!
A firewall is a network security device that monitors
incoming and outgoing network traffic and decides
whether to allow or block specific traffic based on a
defined set of security rules.

Firewall is a:
- Choke point of control and monitoring Interconnects networks
with differing trust
- Imposes restrictions on network services where only authorized
traffic is allowed
- Auditing and controlling access where it can implement alarms
for abnormal behavior.
- Itself immune to penetration
- Provides perimeter defence
Network Based Intrusion Detection Systems
(NIDS)
NIDS detects malicious traffic on a network. NIDS
usually require promiscuous network access in order
to analyze all traffic, including all uni-cast traffic. NIDS
are passive devices that do not interfere with the
traffic they monitor;
NIDS functions include:
Watches all passing traffic
Reviews the events
Looks for potential attacks
Can use signatures
Can also look for unexpected behavior
When an attack is suspected, triggers an
alert
- may include a packet capture
Network Based Intrusion Prevention Systems
(NIPS)
An Intrusion Prevention System (IPS) is a network security/threat prevention technology that examines
network traffic flows to detect and prevent vulnerability exploits. Vulnerability exploits usually come in the form
of malicious inputs to a target application or service that attackers use to interrupt and gain control of an
application or machine. Following a successful exploit, the attacker can disable the target application
(resulting in a denial-of-service state), or can potentially access to all the rights and permissions available to
the compromised application.
NIPS functions include:

- NIPS Attempts to prevent attacks, not just

detect them by resetting TCP connections
and/or dropping packets.
- Considered the marriage of firewall and
IDS
- Stateful inspection capability
- A true NIPS operates in-line
Next Generation Firewall (NGFW)

A next-generation firewall (NGFW) is a

network security device that provides
capabilities beyond a traditional, stateful
firewall. While a traditional firewall typically
provides stateful inspection of incoming
and outgoing network traffic, a
next-generation firewall includes additional
features like application awareness and
control, integrated intrusion prevention, and
cloud-delivered threat intelligence.
NGFW (Contd.)
An NGFW takes the network-protection job a step further
with additional features like:
NGFW is a software or hardware security
solution that protects a network via: An integrated intrusion detection and prevention system
- Stateful inspection of network traffic where (IDS, IPS) – it acts against threats before they gain
it monitors the state of active connections to help access to the network.
it determine what packets can pass through Application control – depending on the set
- Determining the access (or denial) of traffic configuration, an NGFW will block applications from
based on its state, port, and protocol being run on the network.
Web content filter – users on the network can be
- Application of administrator-set rules and
protected from malicious sites or they can be restricted
policies that determine what type of network from accessing certain content during office hours, for
traffic is allowed through and what is not example.
Anti-virus protection – an NGFW also has the
capability of thwarting attacks from within by stopping
malicious packets and loads while ensuring incoming
attacks are stopped before they enter the network.
Reputation-based defense – with malware distribution
becoming ever more sophisticated it became necessary
to change the way they are detected;
Cybersecurity Certification Path
Before thinking about specializing in this field, you need
to have the basics of many majors (as discussed before),
then, you can start as follows (from lower to higher):
- SANS Penetration Testing Courses
- Cybersecurity or Information Security University Degree.
- Certified Cloud Security Professional (CCSP) by ISC2.
- CompTIA Security+.
- Certified Chief Information Security Officer (CCISO) by
EC-Council.
- Cisco Certified Network Professional (CCNP) Security.
- Certified Ethical Hacker (CEH) by EC-Council.
- Certified Information Security Manager (CISM) by
ISACA.
- PWK OSCP by Offensive Security.
- Certified Information Security Professional (CISSP) by
ISC2

More details about each of these certifications can be

found in reference [10].
Chapter-2:
Important Concepts to work in Cybersecurity

“Cybersecurity is much more than a matter of

IT.” ― Stephane Nappo
Web Security
What is the Web?
Modern Way of securing the
web includes using
- A collection of application-layer
Secure socket Layer (SSL/TLS)
services used to distribute content
like Web content (HTML), Used to authenticate servers
Multimedia, Email, Instant – Uses certificates, “root” CAs
messaging (IM), ...etc. • Can authenticate clients
- It includes many applications like • Inclusive security protocol
the News outlets, entertainment, SECURITY • Security at the socket layer
education, research and technology, – Transport Layer Security (TLS)
Commercial, consumer and B2B. – Provides authentication,
- It is the largest distributed system
confidentiality, and integrity to web
in existence with threats that are as
diverse as applications and users users.
- So, it need to be thought out HTTP vs. HTTPS
carefully when it comes to security.
HTTPS=HTTP+SSL/TLS
Web Security (Contd.)

Where does the SSL/TLS works in Secure Shell (SSL) Handshake to secure
the TCP/IP stack? web pages
Securing your web browser

You can secure your web browser if you

follow these 6 steps all the time:
1. Configure your browser’s security and
privacy settings
2. Keep your browser updated
3. Sign up for alerts
4. Be cautious when installing plug-ins
5. Make sure you have an Anti-Virus installed
6. Install security plug-ins
Web Browser Forensic Analysis
An examiner can have the following difficulties when
analyzing web browsers:
- Many browsers, lots of data
- Different data
- Encryption used to protect user data
- User’s use of Private mode (or Incognito mode), in which the
examined computer does not have web browser artifacts.

Web browser forensic artifacts

- Each web browser leaves its own individual artifacts in the
operating system.
- Types of artifacts from the web browser can vary depending
on the version of the web browser.
- Typically, when researching artifacts of web browsers, you
can extract the following types of artifacts:
History, Cache, Cookies, Typed URLs, Sessions, Most visited
sites, Screenshots, Financial info, Form values (Searches,
Autofill), Downloaded files (Downloads), Favorites
Some Examples
Cookies are messages that web servers pass to
your web browser when you visit Internet sites.
Your browser stores each message in a small file,
called cookie. txt . When you request another
page from the server, your browser sends the
cookie back to the server.

For more examples:

Check this site
Reverse Engineering
The process of reverse engineering was originally
applied to hardware only, but it is now being applied
to software, databases and even human DNA as
well. In the field of cyber security, the reverse
engineering can be used to identify the details of a
breach that how the attacker entered the system,
and what steps were taken to breach the system.

Cyber criminals behind the attack, utilize the full

spectrum of computer intrusion techniques to
breach into corporate networks. They have a
specific objective and are skilled, motivated,
organized and well-funded. Here, reverse
engineering enables us to identify their techniques
to prevent it in future. There are some tools
available for reverse engineering in Kali Linux (The
most preferred operating system by ethical
hackers).
Some Reverse Engineering Tools
Here are some essential tools that are used to - JavaSnoop is an Aspect Security tool that allows
perform reverse engineering in Kali Linux: security testers to test the security of Java
- Apktool is a tool third party tool for reverse applications easily. JavaSnoop is an example of
engineering that can decode resources to nearly how Aspect is leading the industry in providing
original form and recreate them after making some Verification Services, and not just for your web
adjustments. applications.
- Dex2jar is a lightweight API designed to read the - OllyDbg is a 32-bit assembler level analyzing
Dalvik Executable (.dex/.odex) format. It is used to debugger for Microsoft Windows. Emphasis on
work with Android and Java .class files. binary code analysis makes it particularly useful in
- diStorm is a lightweight, easy-to-use and a fast cases where the source is unavailable.
decomposer library. It disassembles instructions in - Valgrind is a suite for debugging and profiling
16, 32 and 64-bit modes. It is also the fastest Linux programs. With its tool, we can automatically
disassembler library. identify memory management and threading bugs,
- edb-debugger is a Linux equivalent of the famous by eliminating hours of provoking bug-hunting and
“Olly debugger” on the Windows platform. One of the make programs more stable. We can also perform
main goals of this debugger is modularity. detailed profiling to help speed up program’s
- Jad Debugger: Jad has been the most popular processes and use Valgrind to build new tools.
Java decompiler ever written. It is a command line
utility written in C++.
Assembly Language
We saw that most reverse engineering tools
are considered as a de-assembler and their
goal is to reveal the secrets of the source
code or the algorithms behind any hardware
or software, but what is assembly?

An assembly language is a low-level

programming language designed for a
specific type of processor. It may be produced
by compiling source code from a high-level
programming language (such as C/C++) but
can also be written from scratch.

Assembly programming for the reverse

engineer is about learning how to write
assembly. On top of this, it’s also learning
how the computer works in order to
understand generated blocks of code and
how the operating system deals with the user
and the machine.
Digital Forensics and Network Security
People who work with digital forensics in
Cyber security are on the front lines in the
fight against Cybercrime They're the
people who collect, process, preserve,
and analyze computer-related evidence.

They help identify network vulnerabilities

and then develop ways to mitigate them.
They go deep inside networks, computers,
and smartphones in search of evidence of
criminal activity. And they run
counterintelligence against hackers,
criminals, and others with nefarious
intentions.
Network Security is the process of taking physical and software preventative measures
to protect the underlying networking infrastructure from unauthorized access, misuse,
malfunction, modification, destruction, or improper disclosure, thereby creating a secure
platform for computers, users and programs to perform their permitted critical functions
within a secure environment.
Chapter-3: Penetration Testing
Kali Linux as a Penetration Testing Tool
- Kali Linux is a Debian-based Linux distribution
aimed at advanced Penetration Testing and Security
Auditing.
- It contains several hundred tools which are geared
towards various information security tasks, such as
Penetration Testing, Security research, Computer
Forensics and Reverse Engineering.
- Kali Linux is developed, funded and maintained
by Offensive Security a leading information security
training company.
- Penetration Testing is also termed as pen-testing,
and is an authorized simulated attack on a computer
system, performed to evaluate the security of the
system.
- This is done to identify both the weaknesses /
vulnerabilities, including the potential of
unauthorized parties to access to the systems
features and data as well as strengths, enabling a
full risk assessment to be completed.
Why Kali Linux is used for penetration testing?
* Kali Linux has more than 600 penetration
testing tools.
* It is free and always will be
* Open source Git tree (A Git is a distributed
version control systems, it can be used as a
server out of the box. Git refers to dictionaries
as “ trees”.)
* Kali adheres to the File System Hierarchy
Standard, allowing Linux users to easily locate
binaries, support files, libraries, etc.
* Wide-ranging wireless device support.
* Custom kernel, patched for injection.
* Developed in a secure environment.
Kali Linux Download and Installation
Before thinking about installing Kali Linux in our
device, we have to make sure it has the minimum
requirements as:
Kali has some minimum suggested specifications for
hardware. Depending upon the intended use, more
may be desired. This guide will be assuming that the
reader will want to install Kali as the only operating
system on the computer.
• At least 10GB of disk space; strongly encouraged to
have more
• At least 512MB of RAM; more is encouraged
especially for graphical environments
• USB or CD/DVD boot support.
Then, it can be downloaded from
https://www.kali.org/downloads/

Then, once downloaded, it can be put on a boot-able

disk (CD, DVD, or thumb drive) as in:
https://www.youtube.com/watch?v=Wn4srsOF5TU
Kali Linux Installation and first time usage

When you put the bootable disk in your

device and boot the device from it, you
can just follow the steps in the installation
wizard with no special requirements.

Once installed, you can restart the PC and

a similar screen will be shown:

Where you have to choose whether to

boot from the bootable disk or the installed
version in the PC.
Here, you have to
enter the
password that you
entered during the
installation
process
Some well Known penetration testing software on Kali Linux:

• nmap – a port scanner.

• Wireshark – a packet analyzer.
• John The Ripper – a password cracker.
• Aircrack-ng - a software suite for penetration testing wireless LAN’s.
• iKat - a hacking tool
• Hydra – Brute force password cracking tool.
• Maltego - Information on visualization and relationship analysis tool.
• Metasloit - framework for developing and executing exploits.
• Owasp- Zap - Integrated pen-testing tool for web application.
• Sqlmap – finds SQL injection flaws for taking over of database servers.
Wireshark as a penetration testing tool
Wireshark is a network packet analyzer. A
network packet analyzer presents captured
packet data in as much detail as possible.

You could think of a network packet analyzer

as a measuring device for examining what’s
happening inside a network cable, just like an
electrician uses a voltmeter for examining
what’s happening inside an electric cable (but
at a higher level, of course).

In the past, such tools were either very

expensive, proprietary, or both. However, with
the advent of Wireshark, that has changed.
Wireshark is available for free, is open
source, and is one of the best packet
analyzers available today.
More about Wireshark can be found here:
https://www.youtube.com/playlist?list=PLHKTPL-jkzUpl2JnFxvfQaGECGK_2u9KZ
THANK YOU
You are ready now to start your real journey in the Cybersecurity World
References
1- https://www.kaspersky.com/resource-center/definitions/what-is-cyber-security
2- https://www.verizon.com/info/definitions/antivirus/
3- https://www.cisco.com/c/en/us/products/security/firewalls/what-is-a-firewall.html
4- https://www.paloaltonetworks.com/cyberpedia/what-is-an-intrusion-prevention-system-ips
5- https://blog.zonealarm.com/2014/05/6-ways-to-secure-web-browser/
6- https://resources.infosecinstitute.com/topic/top-8-reverse-engineering-tools-cyber-security-professionals/
7- https://hackfest.ca/en/trainings/asm/
8- https://www.sans.org/network-security
9- https://www.wireshark.org/docs/wsug_html_chunked/ChapterIntroduction.html
10- https://securityboulevard.com/2021/01/the-top-cybersecurity-certifications-in-2021/