Hello, aspiring ethical hackers. In our previous blogpost, you learnt about threat intelligence. In this article, you will learn about digital forensics. It plays an important role not only in investigating cyber attacks but also in solving crimes that have digital elements attached to it. This digital evidence is admissible in court proceedings. In Information security, unlike penetration testing, forensics comes after the cyber attack has already occurred.

What is digital forensics?

Digital forensics, a branch of forensic science is a process that includes identification collection, acquisition, analysis and reporting of any information or evidence from digital devices that were used as part of a crime or victims of cyber attacks.

Types of digital forensics

Digital forensics has different branches. They are,

1. Computer forensics:

Also known as cyber forensics, this branch deals with collecting digital evidence from computers.

2. Mobile forensics:

As you might have guessed by now, this branch deals with collection of digital evidence from mobile devices like smart phones, tablets etc.

3. Network forensics:

This branch deals with collection and analysis of digital evidence from network traffic.

4. Database forensics:

This branch deals with analyzing databases for digital evidence.

5. Cloud forensics:

This branch deals with collecting and analyzing digital evidence from the cloud.

Stages of digital forensics

Digital forensics has five stages. They are,

1. Identification of digital evidence:

The first stage is identifying where the digital evidence may be present after a cyber attack or cyber incident.

2. Acquisition and preservation:

After identifying where digital evidence may be present, the next step is to collect this evidence and more importantly preserve it from being contaminated. If the evidence gets contaminated, it will not be admissible in court.

3. Analysis:

In this stage, the collected and carefully preserved digital evidence is analyzed to reconstruct the events of the cyber attack or cyber crime.

4. Documentation:

After all the evidence related to the cyber crime or cyber attack has been analyzed, the next step is documenting all the evidence in a clean manner to be presented in a court.

5. Presentation:

The last stage is presenting all the documented evidence in court or to the affected and all other stakeholders for conviction and to help courts in decision making.

Next, learn how to respond in case of a cyber incident with incident response.

Hello, aspiring ethical hackers. In our previous blogpost, you learnt about about cybersecurity. In this article, you will learn everything you need to know about threat intelligence. Threat intelligence (TI) plays a very important role in enhancing cybersecurity. But first, let’s start with what actually is a threat.

What is a threat?

A threat is any action or event that can disrupt the organization’s activities. For example, these actions can be deleting the user accounts of employees of the organization, making their services unavailable to their customers etc.

What is threat intelligence?

TI is the collection, processing and analysis of data using various tools and techniques to gather meaningful information about existing and even emerging threats that can affect the security of the organization.

Why is Threat Intelligence important?

TI plays a proactive role in improving the security of the organization by understanding about emerging threats. It helps us to identify, prepare and prevent cyber attacks by providing information about the attacker, their motive and capabilities. A thorough understanding about the vulnerabilities, attacker motives and techniques allows us to prevent and mitigate cyberattacks.

Types of threat intelligence

There are three types of intelligence for threats. They are,

1. Tactical TI
2. Operation TI
3. Strategic TI

Let’s learn about each of them in detail.

1. Tactical threat intelligence (TTI):

As you can guess by its name, this type of intelligence identifies information like Indicators Of Compromise (IOC), other information such as IP addresses of listeners and Command & Control (C&C) servers, email subject lines etc.

This information is useful to Security Operation Center’s (SOC’s) to predict and detect future attacks correctly. It is also helpful in incident response, threat hunting and malware analysis.

2. Operational threat intelligence (OTI):

This type of intelligence focusses on understanding target adversary’s strengths and capabilities, their attack infrastructure, TTPs, etc. This information helps us to identify threat actors and APTs that are more likely to attack a particular organization. Obviously, it is more broader in scope than tactical intelligence. After gathering this intel, cybersecurity professionals of an organization can then determine security controls and mitigations to prevent that attacks.

3. Strategic threat intelligence (STI):

This type of intelligence focuses on understanding high level trends like global threat landscapes and the position of an organization inside that threat landscapes. It is less technical and more theoretical and mainly for executive level security professionals like CISO, CIO, CTO etc.

Threat intelligence Life cycle

The TI lifecycle is a continuous process and consists of five stages. They are,

1. Planning:

Before any organization even starts collecting data for TI, it should have a proper threat intelligence plan. This plan should include information about what intel an organization needs to collect to protect its sensitive resources.

2. Collection:

After preparing a TI plan, the next step is to collect new threat data. The data can be collected from systems in local network using tools like Security Information and Event Management (SIEM), EDR, XDR, ASM etc and also from sources like underground hacker forums, dark web, open source and commercial threat intelligence feeds and InfoSec community.

3. Processing:

Next, all the collected data is aggregated, standardized and corrected to make analysis of the data easier. Note that all the threat data collected doesn’t have the information we want. There may be false positives ,errors and even irrelevant data.

4. Analysis:

It is at this stage that the raw threat data becomes actual threat intelligence. Here the insights needed to meet TI requirements are extracted and then the next steps are planned.

5. Dissemination:

The threat intel team shows all the insights and recommendations to appropriate stakeholders to plan the next course of action.

Hello, aspiring ethical hackers. In our previous blogpost, you learnt about cybersecurity. In this blogpost, you will learn about Information security. The word Information security is often used interchangeably used with cybersecurity but they are different although not entirely. So, let’s begin with definition of Information security.

What is Information security?

Information security, also known as InfoSec is the name given to all the processes and procedures that are used to protect information (both digital and physical) from cyber threats in an organization.

Importance of Information security

Now, that you have understood what InfoSec is, let me explain to you it’s importance. As the world moves more towards digitization, humans increasingly depend on technology and internet for storing and transmitting information. This information is very important and faces both cyber and physical threats. With the difficulty of performing a hacking attack becoming simple day-by-day and threat actors and cybercriminals increasingly evolving their tactics, the role of information security has become all too important not only for organizations but also individuals.

Principles of Information security

InfoSec has there core principles. Popularly known as CIA triangle, they are Confidentiality, Integrity and Availability. Let’s learn about each of them in detail.

1.Confidentiality:

Confidentiality ensures that all the sensitive information is safe from unauthorized access.

2. Integrity:

Integrity ensures that the sensitive information is safe from destruction without proper authorization.

3. Availability:

Availability ensures that the information is available to authorized users whenever they need them.

Types of information security

Although InfoSec is a single word, it is a combination of different branches. Let’s learn about each of them in detail.

1.Network security:

Network security refers to protection of the network infrastructure both software and hardware, communication infrastructure, communication protocols etc. This includes all the devices in a network, communication between them and even between them and external assets.

2.Endpoint security:

Endpoint security deals with security of the endpoint devices in the network. These include Desktops, Laptops and other devices that act as access point to an organization’s network.

3. Web security:

This refers to protection of websites, web applications and the infrastructure coming with it.

4. Mobile security:

Mobile security is concerned with security of the mobile devices like mobiles and tablets which are increasingly being used in organizations.

5. Application security

Application security deals with protection of all the applications used in organization.

6. Cloud security:

Cloud security refers to protecting of data, applications and services hosted in private and public cloud environment.

7. IoT Security:

IOT security refers to protection of Internet Of Things (IOT) devices and networks from cyber attack and data breaches.

Information Security vs Cybersecurity

By now you should have clearly understood what InfoSec is. Let’s see what is the difference between InfoSec and cybersecurity. Cyber security is the entire practice of protecting computers, networks and data from cyber attacks. InfoSec is protection of all kinds of information from threats.

Hello, aspiring ethical hackers. In our previous blogpost, you learnt about ethical hacking. In this article, you will learn what is cybersecurity. Cybersecurity and ethical hacking can be confusing to people. That’s because they are closely related but yet they are different. But don’t worry by the end of this article, you will understand clearly the difference between them.

What is cybersecurity?

Cybersecurity is the name give to the complete process of protecting computer systems, network and data from cyber attacks and malware.

Importance of cybersecurity

Now, that you have understood what cybersecurity is, let me explain to you it’s importance. As the world moves more towards digitization, humans increasingly depend on technology and internet. With the difficulty of performing a hacking attack becoming simple day-by-day and threat actors and cybercriminals increasingly evolving their tactics, the role of cybersecurity has become all too important not only for organizations but also individuals.

Principles of Cybersecurity

There are three core principles for cybersecurity. Popularly known as CIA triangle, they are Confidentiality, Integrity and Availability. Let’s learn about each of them in detail.

1.Confidentiality:

Confidentiality ensures that all the sensitive information is safe from unauthorized access.

2. Integrity:

Integrity ensures that the sensitive information is safe from destruction without proper authorization.

3. Availability:

Availability ensures that the information is available to authorized users whenever they need them.

Types of Cybersecurity

Although cybersecurity is a single word, it is a combination of different branches. Let’s learn about each of them in detail.

1.Network security:

Network security refers to protection of the network infrastructure both software and hardware, communication infrastructure, communication protocols etc. This includes all the devices in a network, communication between them and even between them and external assets.

2.Endpoint security:

Endpoint security deals with security of the endpoint devices in the network. These include Desktops, Laptops and other devices that act as access point to an organization’s network.

3. Web security:

This refers to protection of websites, web applications and the infrastructure coming with it.

4. Mobile security:

Mobile security is concerned with security of the mobile devices like mobiles and tablets which are increasingly being used in organizations.

5. Application security

Application security deals with protection of all the applications used in organization.

6. Cloud security:

Cloud security refers to protecting of data, applications and services hosted in private and public cloud environment.

7. IoT Security:

IOT security refers to protection of Internet Of Things (IOT) devices and networks from cyber attack and data breaches.

Cybersecurity vs Ethical hacking

By now you should have clearly understood what cyber security is. Let’s see what is the difference between cybersecurity and ethical hacking. Ethical hacking, also known as penetration testing is a method used to identify security vulnerabilities in a network, software, applications etc by simulating hacking attacks. This is done to assess the security of an organization. Ethical hacking is part of cybersecurity.

Hello, aspiring ethical hackers. In our previous blogpost, you learnt what is a vulnerability and about vulnerability scanning. In this article, you will learn in detail about vulnerability management.

What is vulnerability management (VM)?

Vulnerability management is a continuous process of identifying, prioritizing, assessing, remediation, reporting and verification of vulnerabilities in an organization.

Stages of vulnerability management

There are fives stages in vulnerability management. They are ,

1. Identification:

To be able to effectively manage vulnerabilities in an organization and to prevent them from becoming a threat, first and foremost, the vulnerability needs to be identified. For this, vulnerability scanning needs to be performed on all the software, hardware, operating systems and services running in an organization.

2. Prioritizing:

After all the vulnerabilities are identified, they need to be prioritized based on the risk they pose to the security of organization and the impact its exploitation has on it. This stage includes vulnerability assessment and use of vulnerability scoring.

3. Acting on the vulnerabilities:

After all the detected vulnerabilities are classified and assessed based on the risk they pose, the next stage is to remediate or fix the vulnerabilities or at least mitigate the vulnerability. This can be done by patching the vulnerabilities, reducing its exposure etc.

4. Reporting:

The next stage is reporting the vulnerabilities. The reporting is not just limited to the heads of the organizations but also to all stakeholders like public CVE databases, partners or customers. The goal of vulnerability reporting is to bring awareness about the vulnerabilities to others before they become victim of a cyber attack.

5. Reassessing:

The last stage of VM is to once again start the entire process from the beginning. Note that vulnerability management is a cyclical or continuous process that is used to improve the security of the organization.

Vulnerability management vs vulnerability scanning vs Vulnerability assessment.

Although these terms are used interchangeably they are entirely different. Vulnerability scanning is the process of identifying the security vulnerabilities in a software or a network of the organization.  Vulnerability assessment is a systematical review of vulnerabilities or weaknesses in an organization. Vulnerability scanning and vulnerability assessment are part of vulnerability management.

Vulnerability management vs penetration testing

Many people often confuse VM with pen testing, if not in reading of the terms may be in their use. While VM is useful in finding out and managing the vulnerabilities in an organization, Pen testing is performed to find out and exploit the vulnerabilities and weakness in the applications, system, device and network. Both play equally important and different roles in protecting the organization from cyber attacks.

Next, learn what is threat intelligence.