DEV Community

kuroyukihime
kuroyukihime

Posted on

Introduction to the world of Cybersecurity.

Cybersecurity is the practice of protecting and recovering systems, networks, and programs from digital attacks which can Cybersecurity is the practice of protecting and recovering systems, networks, and programs from digital attacks which can cause widespread damage.
Without a good cybersecurity program, any organization can't defend itself against data breach campaigns, making it an irresistible target for malicious hackers. A single breach can have grave consequences for everyone. A successful cyber-attack on a major bank or social media outlet can cause disruption in the daily lives of millions if not billions of people. There are countless cases of virus attacks also, for example, the Wannacry ransomware attack of 2017.
Cybersecurity is a necessity in this day and age. And day-by-day demand for cybersecurity experts is only increasing. This is a golden time to start venturing into this field.

Below is a brief introduction to the domain, terminology, and various topics you can explore.

Topics -

Kali Linux -

Kali Linux is the most popular operating system used by Cyber Security experts all over the world.
It has several advantages -

  1. Very stable and is not prone to crashes.
  2. Comes preinstalled with software and tools for hackers.
  3. Maintaining the Linux OS is easy, as the user can centrally update the OS and all software installed very easily
  4. Users have tremendous flexibility in customizing the system as per their requirements.

There are two ways to install linux if you are a windows or apple user, the first is using a VM and second is dual booting your system( it allows a PC to have two or more operating systems). You can do a simple google search for more information or watch this video by CyberMentor!
https://www.youtube.com/watch?v=rZsJieGi8os

You can also check out this intro to linux commands by IIT-Goa's Cybersec club after installing linux.
https://www.youtube.com/watch?v=MgcH6sbbUow

Cryptography -

Cryptography is one of the most iconic parts of cybersecurity. It has been a field for centuries now. From the enigma code to modern hashes like SHA, we are close to providing a safe and secure future to all. Although this field might see a major change once quantum computers come to play, that's a talk for another day.
You can start by exploring simple crypts like Substitute ciphers, Transposition ciphers, and Rotor machines.
You can also visit the site below to explore modern ciphers.
https://www.dcode.fr/sha256-hash
(While we are all stuck at home you can also play a fun game. Pick out someone and start exchanging messages in various ciphers in your group chat and watch the others get confused! You and your friends can also create a new cipher all on your own. It's fun and helps hide secrets from nosy neighbors ( by my experience).

Forensics -

Forensic professionals specialize in gathering and analyzing data related to cyberattacks and other malicious cyber activities. As an expert, you will need to analyze various file formats in mp3, jpg, MPEG, etc.

To give a small example, sometimes you will encounter a common question in CTFs. A 1GB or so audio file you will need to analyze and extract information from. Sometimes you will need to change the file format using powerful offline tools to simply get a hint.
For now, I will be sharing this online, image analysis tool. You can play around with it.
https://29a.ch/photo-forensics/#forensic-magnifier

OhSINT -

OSINT, or "Open-source intelligence", is information that can be accessed without any skills or tools using publically available sources. Like cryptography, osint predates the internet and has been widely used by governments and organizations (Spy organizations!) to find information about suspicious individual groups, etc.
For example, you are given a photo and asked to find all that you can about the person ‌in that photo. Now, you will reverse image search with google likely try to find the individual's social media and stalk them. While I do not encourage or even tolerate stalking, sometimes it's a necessity (like for me, 5 years deep in Henry Cavill's instant feed).

These are a few interesting topics in the cybersec domain. Now we will be moving on to community and lingo used. Don't worry I have listed sources you can use to learn more about these domains and explore others below (aka, TryHackMe and Picogym).

Community and Lingo -

Red Team VS Blue Team -

Gamified learning is the future, but cybersecurity has always been competitive. Red teams simulate attacks against blue teams. Well, it might sound a bit like slags but this is how we refer to the two aspects of cybersecurity.
The red team and Blue team are basically two sides of the same coin.
Red teamers are offensive security professionals, experts in attacking systems and breaking into them, while blue teamers are defensive security experts responsible for maintaining internal network defenses against all cyber-attacks and threats.

By no means is it necessary to choose your team right from the start. There are various specializations within one team. Not to mention it takes time and practice to gain skills (don't go running into cybersec simply because you want to hack your ex's insta).

CTFs -

Capture the flag competitions are an extremely important part of our community. They help you to rate your skills as well as brush upon them.
Problems are generally divided on the basis of topics, sometimes levels as well. The more the points the tougher the challenge.
PS: CTFs typically offer a large cash reward so after learning the essentials hurry to them!

TryHackMe -

"TryHackMe is an online platform that teaches cyber security through short, gamified real-world labs. We have content for both complete beginners and seasoned hackers, incorporating guides and challenges to cater for different learning styles."
- TryHackMe
TryHackMe summary above completely explains the necessary.
I will not elaborate further except simply saying TryHackMe is the G.O.A.T. They have rooms on cryptography, forensics, osint, basically everything and anything cyber-sec related. Some of them required a paid subscription but the good news is that if you get a 7-day streak, paid rooms get unlocked!

https://tryhackme.com/dashboard

PicoGym -

PicoGym is a Gym you can use to practice CTF questions and build your skill set!

https://picoctf.org/

Now that we are done, I will encourage everyone to visit the resources(especially, TryHackMe and picogym) and start exploring.

Discussion (0)