Penetration Testing with Kali Linux OffSec
|
|
Trying Harder: The Challenge Labs
provides a set of instructions and some further detail on the Challenge Labs. We highly recommend completing all the Modules including Assembling the Pieces before beginning with the Challenge Labs! 2.4 Wrapping Up This introduction Module helped orient us to begin with PEN200. We’ve set up our attacking environment and connected to the PWK labs. We learned a little bit about the pedagogical design of the course, and reviewed a summary of each Module. Now it’s time to roll up our sleeves and get started! 16 (Rapid7, 2022), https://www.metasploit.com/ 17 (Microsoft, 2022), https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/get-started/virtual-dc/active-directory-domain- services-overview Penetration Testing with Kali Linux PWK - Copyright © 2023 OffSec Services Limited. All rights reserved. 30 3 Introduction To Cybersecurity We will cover the following Learning Units in this Learning Module: • The Practice of Cybersecurity • Threats and Threat Actors • The CIA Triad • Security Principles, Controls and Strategies • Cybersecurity Laws, Regulations, Standards, and Frameworks • Career Opportunities in Cybersecurity This Module is designed to provide learners, regardless of current proficiency or experience, a solid understanding of the fundamental principles of cybersecurity. It is intended for a wide range of individuals, from employees working adjacent to information technology or managing technical teams, to learners just getting started in the highly-dynamic information security field. Completing this Module will help learners build a useful base of knowledge for progressing onto more technical, hands-on Modules. An in-depth analysis of each concept is outside the scope of this Module. To learn more about the concepts introduced here, learners are encouraged to progress through the 100-level content in the OffSec Learning Library. Throughout this Module, we’ll examine some recent examples of cyber attacks and analyze their impact as well as potential prevention or mitigation steps. We’ll also supply various articles, references, and resources for future exploration in the footnotes sections. Please review these footnotes for additional context and clarity. 3.1 The Practice of Cybersecurity This Learning Unit covers the following Learning Objectives: • Recognize the challenges unique to information security • Understand how “offensive” and “defensive” security reflect each other • Begin to build a mental model of useful mindsets applicable to information security 3.1.1 Challenges in Cybersecurity Cybersecurity has emerged as a unique discipline and is not a sub-field or niche area of software engineering or system administration. There are a few distinct characteristics of cybersecurity that distinguish it from other technical fields. First, security involves malicious and intelligent actors (i.e. opponents). The problem of dealing with an intelligent opponent requires a different approach, discipline, and mindset compared to facing a naturally-occurring or accidental problem. Whether we are simulating an attack or defending against one, we will need to consider the perspective and potential actions of our opponent, and try to anticipate what they might do. Because our Penetration Testing with Kali Linux PWK - Copyright © 2023 OffSec Services Limited. All rights reserved. 31 opponents are human beings with agency , they can reason, predict, judge, analyze, conjecture, and deliberate. They can also feel emotions like happiness, sorrow, greed, fear, triumph, and guilt. Both attackers and defenders can leverage the emotions of their human opponents. For example, an attacker might rely on embarrassment when they hold a computer system hostage and threaten to publish its data. Defenders, meanwhile, might leverage fear to dissuade attackers from entering their networks. This reality means human beings are a Yüklə Dostları ilə paylaş:
|