The Complete Cyber Security Course.pdf - This page intentionaly left blank The Complete Cyber Security Course Volume I HACKERS Exposed Nathan House BSc

The Complete Cyber Security Course.pdf - This page...

This preview shows page 1 out of 282 pages.

You've reached the end of your free preview.

Want to read all 282 pages?

Unformatted text preview: This page intentionaly left blank. The Complete Cyber Security Course Volume I HACKERS Exposed Nathan House BSc. CISSP. CISM. CISA. SCF. ISO 27001 LA The Complete Cyber Security Course Volume I Hackers Exposed Copyright © 2016 StationX All right reserved. Permission granted to reproduce for personal educational use only. Commercial copying, hiring, lending is strictly prohibited. First edition: January 2017 Published by StationX Ltd. 48 White Lodge Close Isleworth London TW7 6TH Technical Editor: Tiron Andric About the Author Nathan House BSc. CISSP. CISM. CISA. SCF. ISO 27001 LA has over 24 years experience in cyber security, where he has advised many of the largest companies in the world, assuring the security on multi-million and multi-billion pound projects. He is the CEO and founder of Station X, a cyber security consultancy. More recently he acted as the lead security consultant on a number of the UKs mobile banking and payment solutions, helping secure to date over £71 billion in transactions. Over the years he has spoken at a number of conferences, developed free security tools, and discovered serious security vulnerabilities in leading applications. The Online Course If you don't have access to the full online course - Get access here Who this book is for This book is primarily intended for people taking our "The Complete Cyber Security Course Volume I Hacking Exposed". It was developed based on the transcripts of course itself and as such serves to help our students through the course and as a handy reminder for future use. Conventions Thorough this book you will find several styles of text that separate different kind of information presented. Code and terminal output is presented in Inconsolata font as follows: [email protected] ~& ls -lh New terms and important words are sometimes shown in bold. Reader feedback We always welcome feedback from our students. Let us know what you think, did you find the book usefull and if you liked or not. To send feedback simply send an email to [email protected] Errata While we have taken every care to make sure the text you are reading is accurate mistakes will and do happen. As the saying goes To err is human. If you do find mistakes we would welcome if you can report it to us. You will be saving future reader some frustration and help us improve the book. Please write to [email protected] Piracy Free flow of information on internet has, in addition to many benefits, brought it's share of problems, one of them is copyright infringement. We are well aware that we can not fight every unauthorized copy of this book. However if you have come upon a copy of this book somewhere on the internet we would like to invite you take a look at our courses. We are sure once you see the wealth of information and the knowledge you can gain you will support us by subscribing to a course. We often provide discount coupons, making our courses very affordable. This page intentionaly left blank. Table of Content Section 1 Introduction 1. Welcome and Introduction to the Instructor!....................................................7 2. Security Quick Win!.......................................................................................... 8 3. Goals and Learning Objectives - Volume 1........................................................8 4. Target Audience................................................................................................9 5. Study Recommendations.................................................................................. 10 6. The Forum - For Questions, Answers and Other Resources.............................. 12 7. Course Updates................................................................................................. 12 Section 2 Know Yourself - The Threat and Vulnerability Landscape 8. Goals and Learning Objectives.......................................................................... 13 9. Protect What You Value.................................................................................... 13 10. What is Privacy, Anonymity and Pseudonymity.............................................. 14 11. Security, Vulnerabilities, Threats and Adversaries.......................................... 15 12. Threat Modeling and Risk Assessments......................................................... 16 13. Security vs Privacy vs Anonymity - Can we have it all?.................................. 19 14. Defense In Depth............................................................................................ 20 15. The Zero Trust Model..................................................................................... 20 Section 3: Know Your Enemy - The Current Threat and Vulnerability Landscape 16. Goals and Learning Objectives........................................................................ 23 17. Why You Need Security – The Value Of A Hack..............................................23 18. The Top 3 Things You Need To Stay Safe Online........................................... 25 19. Security Bugs and Vulnerabilities - The Vulnerability Landscape................... 26 20. Hackers, crackers and cyber criminals............................................................ 27 21. Malware, viruses, rootkits and RATs...............................................................28 22. Spyware, Adware, Scareware, PUPs & Browser hijacking............................... 30 23. What is Phishing, Vishing and SMShing..........................................................31 24. Spamming & Doxing....................................................................................... 36 25. Social engineering - Scams, cons, tricks and fraud..........................................37 26. Darknets, Dark Markets and Exploit kits......................................................... 38 27. Governments, spies and secret stuff - part I.................................................... 44 28. Governments, spies and secret stuff - part II................................................... 46 29. Regulating encryption, mandating insecurity and legalizing spying............... 54 30. Trust & Backdoors.......................................................................................... 58 31. Censorship...................................................................................................... 60 32. Security News and Alerts - Stay Informed.......................................................61 Section 4 Encryption Crash Course 33. Goals and Learning ........................................................................................ 63 34. Symmetric Encryption.....................................................................................63 35. Asymmetric Encryption................................................................................... 67 36. Hash Functions............................................................................................... 71 37. Digital Signitures........................................................................................... 73 38. Secure Sockets Layer (SSL) and Transport layer security (TLS)..................... 76 39. SSL Stripping.................................................................................................. 82 40. HTTPS (HTTP Secure)................................................................................... 86 41. Digital Certificates.......................................................................................... 90 42. Certificate Authorities and HTTPS.................................................................. 94 43. End-to-End Encryption (E2EE)...................................................................... .98 44. Steganography................................................................................................ 99 45. How Security and Encryption is Really Attacked........................................... 102 Section 5 Setting up a Testing Environment using Virtual Machines 46. Goals and Learning Objectives...................................................................... 105 47. Introduction to Setting up a Testing Environment Using Virtual Machines.. 105 48. Vmware........................................................................................................ 110 49. Virtual box.................................................................................................... 114 50. Kali Linux 2016............................................................................................ 120 Section 6 Operating System Security & Privacy (Windows vs Mac OS X vs Linux) 51. Goals and Learning Objectives....................................................................... 123 52. Security Features and Functionality.............................................................. 123 53. Security Bugs and Vulnerabilities................................................................. 124 54. Usage Share................................................................................................... 126 55. Windows 10 - Privacy & Tracking.................................................................. 127 56. Windows 10 - Disable tracking automatically................................................ 129 57. Windows 10 - Tool Disable Windows 10 Tracking........................................131 58. Windows 10 – Cortana.................................................................................. 134 59. Windows 10 - Privacy Settings...................................................................... 136 60. Windows 10 - WiFi Sense.............................................................................. 138 61. Windows 7, 8 and 8.1 - Privacy & Tracking................................................... 140 62. Mac - Privacy & Tracking............................................................................... 143 63. Linux and Unix “like” Operating systems....................................................... 145 64. Linux – Debian.............................................................................................. 147 65. Linux - Debian 8 Jessie - Virtual box guest additions Issue............................ 148 66. Linux - OpenBSD and Archlinux.................................................................... 151 67. Linux – Ubuntu.............................................................................................. 152 Section 7 Security Bugs and Vulnerabilities 68. Goals and Learning Objectives....................................................................... 153 69. The Importance of Patching...........................................................................153 70. Windows 7 - Auto Update.............................................................................. 154 71. Windows 8 & 8.1 - Auto Update.................................................................... 155 72. Windows 10 - Auto Update............................................................................156 73. Windows - Criticality and Patch Tuesday.......................................................157 74. Windows 7, 8, 8.1 & 10 - Automate the pain away from patching.................158 75. Linux - Debian - Patching...............................................................................161 76. Mac - Patching............................................................................................... 166 77. Firefox - Browser and extension updates....................................................... 169 78. Chrome - Browser and extension updates..................................................... 171 79. IE and Edge - Browser and extention updates.............................................. 172 80. Auto updates - The Impact to privacy and anonymity................................... 173 Section 8 Reducing Threat Privilege 81. Goals and Learning Objectives + Removing Privilege................................... 175 82. Windows 7 - Not using admin....................................................................... 176 83. Windows 8 and 8.1 - Not using admin.......................................................... 177 84. Windows 10 - Not using admin..................................................................... 179 Section 9 Social Engineering and Social Media Offence and Defence 85. Goals and Learning Objectives....................................................................... 183 86. Information Disclosure and Identity Strategies for Social Media................... 183 87. Identity, Verification and Registration.......................................................... 189 88. Behavioral Security Controls Against Social Threats (Phishing, Spam) Part 1 ............................................................................... 192 89. Behavioral Security Controls Against Social Threats (Phishing, Spam) Part 2................................................................................ 195 90. Technical Security Controls Against Social Threats (Phishing, Spam, Scam & Cons).................................................................... 201 Section 10 Security Domains 91. Goals and Learning Objectives...................................................................... 203 92. Security Domains.......................................................................................... 203 Section 11 Security Through Isolation and Compartmentalization 93. Goals and Learning Objectives...................................................................... 207 94. Introduction to Isolation and Compartmentalization – Copy......................... 207 95. Physical and Hardware Isolation - How to change the Mac Address............. 208 96. Physical and Hardware Isolation - Hardware Serials..................................... 213 97. Virtual Isolation............................................................................................. 220 98. Dual Boot...................................................................................................... 223 99. Built-in Sandboxes and Application Isolation............................................... 224 100. Windows - Sandboxes and Application Isolation......................................... 226 101. Windows - Sandboxes and Application Isolation – Sandboxie..................... 228 102. Linux - Sandboxes and Appication Isolation............................................... 235 103. Mac - Sandboxes and Application Isolation................................................. 237 104. Virtual Machines......................................................................................... 240 105. Virtual Machine Weaknesses....................................................................... 246 106. Virtual Machine Hardening........................................................................ 250 107. Whonix OS - Anonymous Operating system............................................... 253 108. Whonix OS – Weaknesses........................................................................... 262 109. Qubes OS.................................................................................................... 263 110. Security Domains, Isolation and Compartmentalization............................. 271 1 Introduction Greetings, and welcome to the course. Let me give you a quick introduction as to who I am. My name is Nathan House and I'm the CEO and founder of the cyber security company Station X. I'll be your instructor throughout this comprehensive course. I have over 24 years' experience in cyber security and I've advised many of the largest companies in the world. I've assured security on multi-million and even multibillion pound projects. Introduction 1. Welcome and Introduction to the Instructor! 7 I've provided security guidance to companies such as Vodafone, BP, Visa, the London 2012 Olympics, and a number of banks and financial institutions, plus many others. I was the security lead on a number of the UK mobile banking apps, so if you live in the UK you may well have an app in your pocket, on your phone, that I've helped secure. I have many security qualifications including CISP, CISM, CISA, SCF, among many others. Over the years I've spoken at a number of conferences, developed free security tools, and discovered serious security vulnerabilities in leading applications. So, in theory, I should know what I'm talking about when it comes to security and privacy, unless I've just been somehow getting away with it all these years. It's never been more important than it is today to maintain good security, to enable privacy and anonymity. I am extremely passionate about helping you to learn and achieve your goals and I'm very excited to be here to teach you. If you have any questions, please just ask, I'm here to help. 2. Security Quick win Security Quick Win lesson is in constant development, for latest please visits 3. Goals and Learning Objectives - Volume 1 The Complete Cyber Security Course : VOLUME ONE Let's talk about the goals and learning objectives for Volume I. Volume I covers the fundamental building blocks of a required skillset to becoming a security and privacy expert. You will understand the online threat and vulnerability landscape through threat modeling and risk assessments. 8 This means you will understand in detail the threats and adversaries that we face, which is hackers, trackers, malware, zero days, exploit kits, and much more. You will understand how to determine the potential risk that they pose, then how to mitigate that risk through the selection, implementation and monitoring of appropriate security controls. You will learn how to set up test environments in VirtualBox and VMware using the guest operating system of your choice or host operating system of your choice, including Windows, Mac OS X, Linux, and Cali. After this course you will understand encryption from symmetric algorithms to asymmetric algorithms, hashes, SSH, SSL, TLS, and so on, how encryption works, how it can be bypassed and what you can do to mitigate the risk taught in an easy to follow way. After this course you will understand the security and privacy differences between Windows 7, Windows 8, Windows 10, Mac OS X, and Linux. We will cover how to make patching easier across those platforms then how to mitigate their security and privacy issues. Patching is very important, it has to be covered in the fundamentals. You will learn practical defenses against social engineering threats like phishing, SMiShing, vishing, identity theft, scams, cons, and others. You will learn how to use isolation and compartmentalization as a security control, covering sandboxes, application isolation, virtual machines, Whonix, and Qubes OS. This is Volume I of four of your Complete Guide to Internet Security, Privacy and Anonymity. If you want to know about the continuation of the course through the other volumes, check out the bonus lecture at the end to understand how they all fit together. The course is designed for technically minded people who want to protect themselves from hackers, cyber criminals, malware, viruses. It's for people who want to share information anonymously without endangering themselves or their family. It's for those who want to keep their accounts, email, communication, and personal information private from corporate or government tracking and spying. It's also for those with an interest in technology and the internet, like security professionals, students studying IT or security. Also for freedom fighters, political or religious dissidents operating in oppressive regimes, journalists, businessmen and women where security, privacy, and anonymity matters. Also law enforcement officers and other agents who need a better understanding of how criminals avoid detection. It's also for those who care about government spying on their internet usage and want to avoid i...
View Full Document

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture