# **General Summary: Cybersecurity - Concepts and Roles**

The document outlines the fundamental principles of Offensive and Defensive Security, introduces basic tools, and describes key professional roles in the field of cybersecurity.

---

### **1. Offensive Security**
- **Purpose**: To simulate hacker attacks to identify vulnerabilities, software bugs, and loopholes in systems, with the ultimate goal of strengthening defenses.
- **Practical Example (Finding Hidden Pages)**:
    - **Problem**: Publicly exposed administrative portals (e.g., `/bank-transfer`).
    - **Tool**: `gobuster` for directory brute-forcing.
    - **Command**: `gobuster -u http://fakebank.thm -w wordlist.txt dir`
    - **Output Interpretation**:
        - `Status: 200`: Accessible and potentially sensitive resource.
        - `Status: 301/302`: Redirect.
    - **Ethical Note**: Use these techniques only in authorized environments (labs, CTFs).

---

### **2. Defensive Security**
- **Approach**: Proactive, aimed at protecting networks and systems.
- **Main Objectives**:
    - Prevent intrusions.
    - Detect and respond quickly to incidents.
- **Key Activities**:
    - **Cyber Security Awareness**: Train users against threats like phishing.
    - **Asset Management**: Inventory all systems to be protected.
    - **Preventive Controls**: Firewalls, IPS, traffic rules.
    - **Logging & Monitoring**: Collecting and analyzing logs to identify anomalies.
    - **Policies & Procedures**: Define clear rules and processes.

---

### **3. Professional Roles in Cybersecurity**

#### **A. Security Operations Centre (SOC)**
- **Mission**: To continuously monitor networks and systems for malicious activity.
- **Areas of Work**:
    - Staying updated on threats and vulnerabilities.
    - Verifying violations of company policies.
    - Detecting unauthorized activities and intrusions.

#### **B. Security Analyst**
- **Function**: Bridge between business and technical teams.
- **Responsibilities**:
    - Analysis with stakeholders and continuous reporting.
    - Designing security plans.
    - Technical assessments and recommendations for improvement.

#### **C. Security Engineer**
- **Mission**: Security "builder." Designs and implements technical controls.
- **Activities**:
    - Testing, hardening, and patching systems.
    - Managing tools like WAF, EDR, SIEM.

#### **D. Incident Responder**
- **Mission**: Respond rapidly to breaches to minimize damage.
- **Key Metrics (KPIs)**:
    - **MTTD**: Mean Time To Detect.
    - **MTTA**: Mean Time To Acknowledge.
    - **MTTR**: Mean Time To Recover/Restore.
- **Process Phases (IR)**:
    1. **Preparation**: Prepare team, tools, and plans.
    2. **Detection & Analysis**: Detect and analyze the incident.
    3. **Containment, Eradication & Recovery**: Isolate, remove the threat, and restore services.
    4. **Post-Incident Activity**: Lessons learned and plan updates.

#### **E. Digital Forensics Investigator**
- **Mission**: "Digital detective" who collects and analyzes evidence.
- **Objectives**: Reconstruct what, when, how, and who, while maintaining evidence integrity (chain of custody).
- **Evidence Sources**: File systems, RAM memory, system and network logs.

#### **F. Malware Analyst / Reverse Engineer**
- **Purpose**: Understand the functionality of malicious programs.
- **Analysis Types**:
    - **Static**: Code analysis without execution (using disassemblers).
    - **Dynamic**: Execution in a controlled environment (sandbox) to observe behavior.
- **Output**: IOCs (Indicators of Compromise), detection rules (e.g., YARA), recommendations.

#### **G. Penetration Tester (Ethical Hacker)**
- **Purpose**: Find vulnerabilities through authorized, simulated testing.
- **Output**: Vulnerability reports with priorities and remediation recommendations.

#### **H. Red Teamer**
- **Purpose**: Simulate sophisticated, persistent attacks to test an organization's detection and response capabilities.
- **Difference from Pentesting**: Greater focus on persistence and evasion of defenses to test overall resilience.

---

### **4. Basic Networking Concepts**

#### **A. What is a Network**
- **Definition**: A set of connected devices that communicate with each other.
- **Protocols**: Rules governing communication.
- **Importance for Cybersecurity**: Fundamental for protecting data and infrastructure.

#### **B. What is the Internet**
- **Definition**: A global "network of networks."
- **History**: Originated from ARPANET, evolved with the invention of the Web (WWW) by Tim Berners-Lee.
- **Network Types**:
    - **Private**: Corporate/home LANs.
    - **Public**: The Internet.

#### **C. Tool: Ping**
- **Purpose**: Verify a host's reachability and network latency.
- **Protocol**: Uses ICMP (echo request/reply).
- **Syntax**: `ping <IP_or_hostname>`
- **Output**: Shows sent/received packets and the round-trip time (RTT).

#### **D. Host Definition**
- **What it is**: A device (PC, server, etc.) with an IP address, capable of sending and receiving data on the network. It is a communication "endpoint."

---
