🔓
PURPLEBYTEONE
  • main
  • Notes
    • Education
      • Base
        • Information Technology
          • OpenText
            • Courses
              • Security and Forensics
                • EnCaseâ„¢ eDiscovery Series
                  • ED290 - eDiscovery Training with EnCase Information Assurance
                • EnCaseâ„¢ Crossover Series
                  • DFIR450 - EnCase EnScript Programming
                  • DFIR370 - Host Intrusion Methodology and Investigation
                  • DFIR350 - Internet-based Investigations
                  • DFIR130 - EnCase Endpoint Investigator
                • EnCaseâ„¢ Incident Response Series
                  • IR280 - EnCase Endpoint Security
                  • IR250 - Incident Investigation
                • EnCaseâ„¢ Digital Forensics Series
                  • DF420 - Mac Examinations
                  • DF410 - NTFS Examinations
                  • DF320 - Advanced Analysis of Windows Artifacts
                  • DF310 - EnCase Certified Examiner
                  • DF210 - Building an Investigation
                  • DF125 - Mobile Device Examinations
                  • DF120 - Foundations in Digital Forensics
              • Business Network
              • Digital Process Automation
              • Platform Solutions
              • Discovery
              • Digital Experience
              • Analytics
              • Enterprise Content Management
          • Harvard University
            • CS 50
          • LPI
            • Courses
              • Essentials
                • Linux Essentials: 010
                • Security Essentials: 020
                • Web Development Essentials: 030
              • Professional
                • LPIC-1
                  • 101
                  • 102
                • LPIC-2
                  • 201
                  • 202
                • LPIC-3
                  • 300
                  • 303
                  • 305
                  • 306
          • Cloud Orchestration
            • Docker
            • Kubernetes
              • KCNA
              • CKA
              • CKS
          • Google Cloud
            • Path
              • Google Cloud Computing Foundations
              • Network Engineer Learning Path
              • Database Engineer Learning Path
              • Cloud Engineer Learning Path
              • Security Engineer Learning Path
              • Cloud Architect Learning Path
              • Cloud Developer Learning Path
          • VMware
            • Courses
              • Carbon Black
                • Professional
                  • Endpoint Security: Core Technical Skills
                  • App Control Administrator
                  • EDR Administrator
                • Advanced
                  • App Control Advanced Administrator
                  • Advanced Operations and Troubleshooting
                  • Audit and Remediation
                  • Endpoint Standard
                  • Enterprise EDR
                  • EDR Advanced Administrator
                  • EDR Advanced Analyst
          • Amazon
            • Courses
              • Foundation
                • AWS Certified Cloud Practitioner
              • Associate
                • AWS Certified Solutions Architect
              • Professional
                • AWS Certified Solutions Architect
              • Speciality
                • AWS Certified Advanced Networking
                • AWS Certified Security – Specialty
          • Microsoft
            • Courses
              • Azure
                • AZ - 900
                • AZ - 104
                • AZ - 305
                • SC - 900
                • SC - 200
                • SC - 300
                • AZ - 500
                • MS-500
                • SC - 400
                • SC - 100
          • The Code
            • Platform
              • FreeCodeCamp
              • W3
            • Language
              • Python
              • PowerShell
              • JavaScript
              • PHP
              • SQL
              • GO
              • Java
              • Perl
              • Ruby
              • Scala
              • C
              • C#
              • C++
              • Brainfuck
              • CSS
              • JSON
              • Kotlin
              • LOLCODE
              • MISP
              • MongoDB
              • Objective-C
              • Perl
              • Rust
              • SAAS
              • Scala
              • Solidity
              • SWIFT
              • TypeScript
              • WebAssembly
              • XML
              • YAML
              • AngularJS
              • Ansible
              • BASH
              • Docker
              • GIT
              • jQuery
              • VIM
          • OKTA
        • Purple Team
          • Splunk
            • Courses
              • Udemy
            • Notes
          • Security Team Blue
            • Courses
              • BTL v1
              • BTL v2
          • ISC2
            • CC
              • Introduction
              • Security Principles
                • Security Concepts of Information Assurance
                • Risk Management Process
                • Security Controls
                • Governance Elements and Processes
                • Terms and Definitions
              • Incident Response
                • Understand Incident Response
                • Business Continuity
                • Disaster Recovery
              • Access Control Concepts
                • Access Control Concepts
                • Physical Access Controls
                • Logical Access Controls
              • Network Security
                • Computer Networking
                • Threats and Attacks
                • Network Security Infrastructure
              • Security Operations
            • SSCP
            • CISSP
            • CCSP
          • TCM Security
            • Courses
              • Python 101
              • Python 201
              • Linux 101
              • External Pentest Playbook
              • Windows Privilege Escalation
              • Linux Privilege Escalation
              • Movement, Pivoting and Persistence
              • Practical Phishing Assessments
              • Practical Web Application Security
              • Practical Malware Analysis
              • Mobile
              • (OSINT) Fundamentals
              • PEH
            • Certification
              • PNPT
              • PJMR
          • Coursera
            • Courses
              • NYU
                • Introduction to Cyber Security Specialization
              • Google
                • Google Cybersecurity Professional
                  • Foundations of Cybersecurity
                  • Play It Safe: Manage Security Risks
                  • Connect and Protect: Networks and Network Security
                  • Tools of the Trade: Linux and SQL
                  • Assets, Threats, and Vulnerabilities
                  • Sound the Alarm: Detection and Response
                  • Automate Cybersecurity Tasks with Python
                  • Put It to Work: Prepare for Cybersecurity Jobs
          • ICSI Global
          • OccupyTheWeb
            • Courses
              • GSBMH
              • NBFH
              • LBFH
          • CompTIA
            • Courses
              • Core Base
                • A+
                  • Chapter 1
                • Network+
                  • Chapter 1
                • Linux+
                  • Chapter 1
                  • Chapter 2
                • Cloud+
                  • Chapter 1
              • Security
                • Security+
                  • Chapter 1
                    • Risk Terminology
                • Pentest+
                  • Chapter 1
                • CySA+
                  • Chapter 1
                • CSA+
                  • Defending Against Cybersecurity Threats
          • EC-Council
            • Courses
              • CEH
              • CHFI
              • CSA
          • Intel Techniques
            • Courses
              • OSINT Techniques
              • Privacy & Security
          • SANS
            • Courses
              • SEC
                • SEC 401 - Security Essentials
                • SEC 450 - Blue Team Fundamentals
                • SEC 502 - Perimeter Protection In-Depth
                • SEC 503 - Network Monitoring and Threat Detection In-Depth
                • SEC 504 - Hackers Tools, Techniques And Incident Handling
                • SEC 505 - Securing Windows and PowerShell Automation
                • SEC 506 - Securing Linux & UNIX
                • SANS 509 - Securing Oracle Database
                • SEC 511 - Continuous Monitoring and Security Operations
                • SEC 517 - Cutting Edge Hacking Techniques
                • SEC 524 - Cloud Security Fundamentals
                • SEC 531 - Windows Command Line Kung Fu
                • SEC 542 - Web App Penetration Testing
                • SEC 560 - Enterprise Penetration Testing
                • SEC 565 - Red Team Operations and Adversary Emulation
                • SEC 566 - Implementing and Auditing Security Frameworks
                • SEC 573 - Automating Information Security with Python
                • SEC 575: Mobile Device Security
                • SEC 580 - Metasploit for Enterprise Penetration Testing
                • SEC 587 - Advanced Open Source Intelligence
                • SEC 599 - Defeating Advanced Adversaries - Purple Team Tactics & Kill Chain Defenses
                • SEC 617 - Wireless Penetration Testing and Ethical Hacking
                • SEC 642 - Advanced Web App Penetration Testing
                • SEC 660 - Advanced Penetration Testing
                • SEC 760 - Advanced Exploit Development
                • SEC 554: Blockchain and Smart Contract Security
              • FOR
                • FOR 408 - Windows Forensic Analysis
                • FOR 500 - Windows Forensic Analysis
                • FOR 508 - Advanced Digital Forensics and Incident Response
                • FOR 518 - Mac and iOS Forensic Analysis
                • FOR 526 - Memory Forensics In-Depth
                • FOR 572 - Advanced Network Forensics
                • FOR 577 - Virtualization Security Fundamentals
                • FOR 578 - Cyber Threat Intelligence
                • FOR 610 - Reverse-Engineering Malware
                • FOR 710 - Reverse-Engineering Malware: Advanced Code Analysis
              • AUD
                • AUD 507 - Auditing Systems, Applications, and the Cloud
              • ICS
                • ICS 410 - ICS/SCADA Security Essentials
              • MGT
                • MGT 512 - Security Leadership Essentials for Managers
          • IBM
            • Courses
              • Cybersecurity Analyst Professional
                • Introduction to Cybersecurity Tools & Cyber Attacks
                  • Week 1
                  • Week 2
                  • Week 3
                  • Week 4
          • Cybrary
            • Courses
              • SOC L1
              • SOC L2
              • SOC L3
              • Become an Incident Handler
          • Zero Point Security
            • Courses
              • Red Team Ops [CRTO]
              • C2 Development in C#
          • Web Security Academy
            • Courses
              • Burp Suite Certified Practitioner
          • INE
            • Courses
              • eJPT
                • Blue Team
                  • ePND
                  • eCIR
                  • eCRE
                  • ePWD
                  • eCTHPv2
                  • eCDFP
                  • eCMAP
                • Red Team
                  • eMAPT
                  • eWPT
                  • eCPPTv2
                  • eCXD
                  • eWPTXv2
                  • eCPTXv2
          • Pentester Lab
          • Pentester Academy
            • Courses
              • Pentesting with Metasploit: Beginner Edition
              • Linux Privilege Escalation
          • Offensive Security
            • Courses
              • Fundamental
                • Introduction to Secure Software Development
                • Introduction to Cloud Security
                • Exploit Development Essentials
                • Web Application Assessment Essentials
                • Security Operations Essentials
                • Network Penetration Testing Essentials
              • Security Operations
                • SOC-200: Foundational Security Operations and Defensive Analysis (OSDA)
              • Penetration Testing
                • PEN - 200
                • PEN - 210
                • PEN - 300
              • Web Application
                • WEB-200: Foundational Web Application Assessments with Kali Linux (OSWA)
                • WEB-300: Advanced Web Attacks and Exploitation (OSWE)
              • Exploit Development
                • EXP-301: Windows User Mode Exploit Development (OSED)
                • EXP-312: Advanced macOS Control Bypasses (OSMR)
                • EXP-401: Advanced Windows Exploitation (OSEE)
          • Sektor7
            • Courses
              • Windows Privilege Escalation
              • Windows Persistence
              • Malware Development Essentials
              • Evasion Windows Red Team Ops
          • Black Hat
            • Courses
              • BlackHat - Malware Analysis And Memory Forensics
          • Fortinet
          • VHL
          • DFIRdiva
          • YouTube
            • Channels
          • Udemy
            • Certified in Cybersecurity (CC)
            • CompTIA Security+
          • AntiSyphon
          • THM
            • Room
              • SPLUNK
                • Introduction to SIEM
                • Basics
                • Incident handling
                • Investigating
                • Benign
                • ELK 101
                • PS Eclipse
                • New Hire Old Artifacts
                • Conti
                • BOTS
                  • v1
                  • v2
                  • v3
                • ItsyBitsy
            • Learning Paths
              • Introduction to Cyber Security
                • Introduction to Cyber Security
                  • Intro to Offensive Security
                  • Intro to Defensive Security
                • Introduction to Offensive Security
                • Introduction to Defensive Security
          • HTB
            • HTB Academy
              • Job Role Path
                • Penetration Tester
                  • Getting Started
                    • Infosec Overview
                    • Getting Started with a Pentest Distro
                    • Staying Organized
                    • Connecting Using VPN
                    • Common Terms
                  • Machines
                    • Nibbles
                • SOC Analyst
                  • Incident Handling Process
                    • Incident Handling
                    • Cyber Kill Chain
                    • Incident Handling Process Overview
                      • Preparation Stage
                      • Detection & Analysis Stage
                      • Containment, Eradication, & Recovery Stage
                      • Post-Incident Activity Stage
                  • Security Monitoring & SIEM Fundamentals
                  • Windows Event Logs & Finding Evil
                  • Introduction to Threat Hunting & Hunting With Elastic
                  • Understanding Log Sources & Investigating with Splunk
                  • Windows Attacks & Defense
                  • Intro to Network Traffic Analysis
                  • Intermediate Network Traffic Analysis
                  • Working with IDS/IPS
                  • Introduction to Malware Analysis
                  • JavaScript Deobfuscation
                  • YARA & Sigma for SOC Analysts
                  • Introduction to Digital Forensics
                  • Detecting Windows Attacks with Splunk
                  • Security Incident Reporting
            • Challenges
              • Retired
                • Challenges
                  • Hardware
                    • Very Easy
                      • Gawk
                      • Secure Digital
                  • Web
                    • Very Easy
                      • Trapped Source
                  • Mobile
                    • Very Easy
                      • Don't Overreact
                  • Pwn
                    • Very Easy
                      • Getting Started
                      • Questionnaire
                      • Vault-breaker
                  • Crypto
                    • Very Easy
                      • Ancient Encodings
                  • Reverse
                    • Very Easy
                      • WIDE
                      • Shattered Tablet
                      • Hunting License
                      • Gonna-Lift-Em-All
                  • Misc
                    • Very Easy
                      • Compressor
                  • Forensics
                    • Very Easy
                      • Extraterrestrial Persistence
                      • Alien Cradle
                      • Wrong Spooky Season
                  • OSINT
                  • GamePwn
                  • Blockchain
            • Machines
              • Retired
                • Windows
                  • Easy
                    • Blue
          • Blueteamlabs.online
          • LetsDefend.io
          • CyberDefenders.org
      • Infinity
        • c0//53
          • Leet Code
          • Hacker Rank
        • Tools
          • Red Team
            • OSINT
            • Enumeration
            • Web
            • Exploit Base
              • Linux
            • Post-exploitation
              • Backdoor
          • Blue Team
            • Forensics
            • My scripts
        • Bookmarks
          • Cybersecurity
            • Reverse Engineering
            • Telegram
          • MindHub
            • Job Boards
          • GitHub
          • AI
            • Free
          • Books
            • Cybersecurity
              • Linux
                • Linux Essentials For Cybersecurity
                • The Linux Command Line, 2nd Edition: A Complete Introduction
                • How Linux Works, 3rd Edition: What Every Superuser Should Know
              • OSINT
                • Deep Dive: Exploring the Real-world Value of Open Source Intelligence
              • Networking
                • Wireshark for Security Professionals
              • Social Engineering
                • Practical Social Engineering
          • Writeups
    • Carrier
      • Interview Questions
        • General HR questions
        • Cybersecurity
          • Junior Positions
            • SOC L1
            • Junior Malware Analyst
            • Junior Penetration Tester
            • Junior Red Teamer
            • Junior Forensic Analyst
            • Junior Incident responder
            • Junior Threat hunter
            • Junior Security Analyst
          • Specialist Positions
            • SOC L2
            • Malware Analyst
            • Penetration Tester
            • Red Teamer
            • Forensic Analyst
            • Incident responder
            • Threat hunter
            • Security Analyst
          • Senior Positions
            • SOC L3
            • Senior Malware Analyst
            • Senior Penetration Tester
            • Senior Red Teamer
            • Senior Forensic Analyst
            • Senior Incident responder
            • Senior Threat hunter
            • Senior Security Analyst
          • Random questions
            • PT.1
            • PT.2
            • PT.3
            • PT.4
            • PT.5
            • PT.6
    • Note
      • Read
      • Interview
      • Cheat Sheet
        • Penetration Testing
          • Enumeration
  • Roadmap
    • CTF Track
Powered by GitBook
On this page
  1. Notes
  2. Education
  3. Base
  4. Purple Team
  5. IBM
  6. Courses
  7. Cybersecurity Analyst Professional
  8. Introduction to Cybersecurity Tools & Cyber Attacks

Week 1

History of Cybersecurity

  • Threats continue to increase and it won't change

  • 1.8 mil. unfilled csec jobs + 200k layoff in IT. #layoff2023

  • Not enough skilled cybersec people

  • Skilled people go to find cool job in DarkWeb due

    • to better salary

    • WFH remote

    • No dumb ass management

    • No weird colleagues

  • SOC analyst reviews security incidents in SIEMs

    • Pivot data and triage it in different ways to understand is this an issue or not

    • Create IOC's

    • Find other internal Ip's that are potentially infected with same malware

    • Use

      • Thread feed

      • Search Engines

      • Virus Total

      • Favorite tools

    • Be curious to learn, research and investigate

    • Search more IOC's information for malware from the internet

  • Skills in cybersecurity are in high demand.

  • Kenneth Gonzalez, a penetration tester in Costa Rica from IBM's Explores Red Team

    • LinkedIn

  • IBM is a global company with subject matter experts in a range of job roles.

Interesting, is it possible to get hired by IBM for the Red or Blue team role?

  • CIA triad - protection of information systems from unauthorized activities in order to provide confidentiality, integrity and availability

  • Confidentiality - data must be restricted to only authorized subjects or entities

    • Data encryption is a common method of ensuring confidentiality

  • Integrity - maintaining the consistency and accuracy of data over its entire life cycle.

    • use hash values for data integrity verification as they must match to make sure that the integrity is accurate.

  • Availability - it is about keeping the business operations up and running, firewalls, proxies, computers everything has to be up and running 24 by 7, 365 days

    • business continuity plans

    • disaster recovery

    • redundancy

Key Terms

  • Vulnerability - is a flaw, loophole, oversight, or error that can be exploited to violate system security policy.

    • For example, a software or an application that has code vulnerable to a buffer or flow exploit.

  • Threat - is an event, natural or man-made, able to cause negative impact to an organization.

    • It could be a storm or a hurricane or a hacker, for instance.

  • Exploit - a way to breach the security of an IT system through a vulnerability.

    • Like the buffer overflow example.

Learn how to "buffer overflow" on practice via HTB and TCM

  • Risk - is the probability of an event or that an event could actually happen.

    • Likelihood of a vulnerability to be exploited.

Security Threats

  • We have internal factors and external threats.

  • Internal factors

    • former employees

    • current employees

  • External factors

    • Malicious events

  • Natural factors

    • Lightning

    • Hurricane

    • Tsunami

Vulnerability Assessments

  • Vulnerability assessment - is the process of identifying, analyzing, and ranking vulnerabilities in the specific environment

  • Many systems are shipped with known and unknown security holes and bugs

Roles in Security

  • Chief Information Security Officer - a head in charge of the Information Security Division to supervise, manage, and be the leader of the Information Security Tower.

  • Digital Forensic Analyst

  • SEM Engineer

  • Information security analyst - analyzing events, alerts, alarms, and any information that could be useful to identify any threats.

  • Information Security Auditor - in charge of testing the effectiveness of computer information systems to make sure that they follow best practices, they follow standards as specific regulations like the ISO27001 or 002 for instance.

From Ronald Reagan

  • US President Ronald Reagan to create the first national policy on cybersecurity

  • first policy for a cybersecurity field in United States that is called the National policy of telecommunication and automated Information Systems Security NSDD155.

Last updated 2 years ago

IBM

guys