gavin/developer-roadmap
1
0
Fork 0
mirror of https://github.com/kamranahmedse/developer-roadmap.git synced 2026-03-12 17:51:53 +08:00
Code Issues Packages Projects Releases Wiki Activity

chore: sync content to repo (#9688)

Browse Source 
Co-authored-by: kamranahmedse <4921183+kamranahmedse@users.noreply.github.com>
This commit is contained in:
github-actions[bot]
2026-03-05 10:43:18 +01:00
committed by GitHub
parent bbc4bbe00e
commit 6d86637f1f
151 changed files with 254 additions and 742 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/data/roadmaps/cyber-security/content/acl@35oCRzhzpVfitQPL4K9KC.md
View File

@@ -1,6 +1,6 @@
# ACL
# Access Control Lists (ACLs)
An Access Control List (ACL) is a security mechanism used to define which users or system processes are granted access to objects, such as files, directories, or network resources, and what operations they can perform on those objects. ACLs function by maintaining a list of permissions attached to each object, specifying the access rights of various entities—like users, groups, or network traffic—thereby providing fine-grained control over who can read, write, execute, or modify the resources. This method is essential in enforcing security policies, reducing unauthorized access, and ensuring that only legitimate users can interact with sensitive data or systems.
An Access Control List (ACL) is a set of permissions attached to an object (like a file, folder, or network resource) that specifies which users or groups have access to the object and what level of access they are granted (e.g., read, write, execute). Essentially, it's a table that tells a system who is allowed to do what.
Visit the following resources to learn more:

4
src/data/roadmaps/cyber-security/content/antimalware@9QtY1hMJ7NKLFztYK-mHY.md
View File

@@ -1,6 +1,6 @@
# Anti-malware
# Antimalware
Anti-malware is a type of software designed to detect, prevent, and remove malicious software, such as viruses, worms, trojans, ransomware, and spyware, from computer systems. By continuously scanning files, applications, and incoming data, anti-malware solutions protect devices from a wide range of threats that can compromise system integrity, steal sensitive information, or disrupt operations. Advanced anti-malware programs utilize real-time monitoring, heuristic analysis, and behavioral detection techniques to identify and neutralize both known and emerging threats, ensuring that systems remain secure against evolving cyber attacks.
Antimalware refers to software designed to detect, prevent, and remove malicious software (malware) from computer systems. This type of software typically includes features like real-time scanning, scheduled scans, and removal tools to protect against various threats such as viruses, worms, trojans, spyware, and ransomware.
Visit the following resources to learn more:

2
src/data/roadmaps/cyber-security/content/antivirus@3140n5prZYySsuBHjqGOJ.md
View File

@@ -1,6 +1,6 @@
# Antivirus
Antivirus software is a specialized program designed to detect, prevent, and remove malicious software, such as viruses, worms, and trojans, from computer systems. It works by scanning files and programs for known malware signatures, monitoring system behavior for suspicious activity, and providing real-time protection against potential threats. Regular updates are essential for antivirus software to recognize and defend against the latest threats. While it is a critical component of cybersecurity, antivirus solutions are often part of a broader security strategy that includes firewalls, anti-malware tools, and user education to protect against a wide range of cyber threats.
Antivirus software is a program designed to detect, prevent, and remove malicious software (malware) from a computer system. It works by scanning files, directories, or systems for known viruses, worms, trojans, spyware, and other types of malware. Antivirus programs use various techniques, such as signature-based detection, heuristic analysis, and behavior monitoring to identify and neutralize threats.
Visit the following resources to learn more:

4
src/data/roadmaps/cyber-security/content/anyrun@GZHFR43UzN0WIIxGKZOdX.md
View File

@@ -1,6 +1,6 @@
# ANY.RUN
# any.run
ANY.RUN is an interactive online malware analysis platform that allows users to safely execute and analyze suspicious files and URLs in a controlled, virtualized environment. This sandbox service provides real-time insights into the behavior of potentially malicious software, such as how it interacts with the system, what files it modifies, and what network connections it attempts to make. Users can observe and control the analysis process, making it a valuable tool for cybersecurity professionals to identify and understand new threats, assess their impact, and develop appropriate countermeasures. ANY.RUN is particularly useful for dynamic analysis, enabling a deeper understanding of malware behavior in real-time.
any.run is an interactive online platform used for analyzing suspicious files and URLs in a safe, isolated environment. It allows users to execute potentially malicious software or visit questionable websites without risking their own systems. The platform provides real-time visibility into the behavior of the analyzed item, capturing network traffic, process creation, file modifications, and other indicators of compromise. This helps security professionals quickly understand the nature and impact of a threat.
Visit the following resources to learn more:

2
src/data/roadmaps/cyber-security/content/apt@l0BvDtwWoRSEjm6O0WDPy.md
View File

@@ -1,6 +1,6 @@
# APT
Advanced Persistent Threats, or APTs, are a class of cyber threats characterized by their persistence over a long period, extensive resources, and high level of sophistication. Often associated with nation-state actors, organized cybercrime groups, and well-funded hackers, APTs are primarily focused on targeting high-value assets, such as critical infrastructure, financial systems, and government agencies.
Advanced Persistent Threats, or APTs, are a class of cyber threats characterized by their persistence over a long period, extensive resources, and a high level of sophistication. Often associated with nation-state actors, organized cybercrime groups, and well-funded hackers, APTs are primarily focused on targeting high-value assets, such as critical infrastructure, financial systems, and government agencies.
Visit the following resources to learn more:

6
src/data/roadmaps/cyber-security/content/arp@M52V7hmG4ORf4TIVw3W3J.md
View File

@@ -1,10 +1,6 @@
# ARP
Address Resolution Protocol (ARP) is a crucial mechanism used in networking that allows the Internet Protocol (IP) to map an IP address to a corresponding physical address, commonly known as a Media Access Control (MAC) address. This protocol is essential for enabling devices within a Local Area Network (LAN) to communicate by translating IP addresses into specific hardware addresses.
When one device on a LAN wants to communicate with another, it needs to know the MAC address associated with the target devices IP address. ARP facilitates this by sending out an ARP request, which broadcasts the target IP to all devices in the network. Each device checks the requested IP against its own. The device that recognizes the IP as its own responds with an ARP reply, which includes its MAC address.
Once the requesting device receives the MAC address, it updates its ARP cache—a table that stores IP-to-MAC address mappings—allowing it to send data directly to the correct hardware address.
Address Resolution Protocol (ARP) is a communication protocol used for discovering the link-layer address, such as a MAC address, associated with a given Internet layer address, typically an IPv4 address. In simpler terms, when a device wants to send data to another device on the same network, it uses ARP to find the physical hardware address (MAC address) of the destination device, so that the data can be correctly delivered. It works by sending a broadcast ARP request asking "Who has this IP address?" and the device with that IP address responds with its MAC address.
Visit the following resources to learn more:

2
src/data/roadmaps/cyber-security/content/arp@fzdZF-nzIL69kaA7kwOCn.md
View File

@@ -1,6 +1,6 @@
# ARP
ARP is a protocol used by the Internet Protocol (IP) to map an IP address to a physical address, also known as a Media Access Control (MAC) address. ARP is essential for routing data between devices in a Local Area Network (LAN) as it allows for the translation of IP addresses to specific hardware on the network. When a device wants to communicate with another device on the same LAN, it needs to determine the corresponding MAC address for the target IP address. ARP helps in this process by broadcasting an ARP request containing the target IP address. All devices within the broadcast domain receive this ARP request and compare the target IP address with their own IP address. If a match is found, the device with the matching IP address sends an ARP reply which contains its MAC address. The device that initiated the ARP request can now update its ARP cache (a table that stores IP-to-MAC mappings) with the new information, and then proceed to send data to the target's MAC address.
ARP, or Address Resolution Protocol, is a communication protocol used for discovering the link layer address (typically a MAC address) associated with a given internet layer address (typically an IPv4 address). It operates by sending an ARP request to all devices on a network, asking the device with the specific IP address to respond with its MAC address. This allows devices to communicate on the local network without needing to know each other's physical addresses beforehand.
Visit the following resources to learn more:

4
src/data/roadmaps/cyber-security/content/arp@hkO3Ga6KctKODr4gos6qX.md
View File

@@ -1,6 +1,6 @@
# ARP
# ARP Troubleshooting
ARP is a protocol used by the Internet Protocol (IP) to map an IP address to a physical address, also known as a Media Access Control (MAC) address. ARP is essential for routing data between devices in a Local Area Network (LAN) as it allows for the translation of IP addresses to specific hardware on the network. When a device wants to communicate with another device on the same LAN, it needs to determine the corresponding MAC address for the target IP address. ARP helps in this process by broadcasting an ARP request containing the target IP address. All devices within the broadcast domain receive this ARP request and compare the target IP address with their own IP address. If a match is found, the device with the matching IP address sends an ARP reply which contains its MAC address. The device that initiated the ARP request can now update its ARP cache (a table that stores IP-to-MAC mappings) with the new information, and then proceed to send data to the target's MAC address.
Address Resolution Protocol (ARP) is a protocol used to map an IP address to a physical machine address, also known as a Media Access Control (MAC) address, on a local network. When a device wants to communicate with another device on the same network, it uses ARP to find the MAC address associated with the destination's IP address. Problems with ARP can lead to communication failures and network connectivity issues, requiring specific tools and techniques for diagnosis and resolution.
Visit the following resources to learn more:

4
src/data/roadmaps/cyber-security/content/attck@auR7fNyd77W2UA-PjXeJS.md
View File

@@ -1,6 +1,6 @@
# ATT&CK
# MITRE ATT&CK Framework
MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. It provides a comprehensive matrix of attack methods used by threat actors, organized into tactics like initial access, execution, persistence, and exfiltration. This framework is widely used by cybersecurity professionals for threat modeling, improving defensive capabilities, and developing more effective security strategies. ATT&CK helps organizations understand attacker behavior, assess their security posture, and prioritize defenses against the most relevant threats.
The MITRE ATT&CK framework is a knowledge base and model for describing the tactics, techniques, and procedures (TTPs) that adversaries use when attacking computer systems. It's organized into matrices that outline common attack behaviors across various platforms and environments. Security professionals use ATT&CK to understand adversary behavior, develop threat models, improve defenses, and assess an organization's security posture.
Visit the following resources to learn more:

6
src/data/roadmaps/cyber-security/content/authentication-vs-authorization@WG7DdsxESm31VcLFfkVTz.md
View File

@@ -1,8 +1,6 @@
# Authentication vs Authorization
# Authentication vs. Authorization
**Authentication** is the process of validating the identity of a user, device, or system. It confirms that the entity attempting to access the resource is who or what they claim to be. The most common form of authentication is the use of usernames and passwords. Other methods include:
**Authorization** comes into play after the authentication process is complete. It involves granting or denying access to a resource, based on the authenticated user's privileges. Authorization determines what actions the authenticated user or entity is allowed to perform within a system or application.
Authentication verifies *who* a user is, confirming their identity using credentials like usernames and passwords. Authorization, on the other hand, determines *what* a user is allowed to access after they've been authenticated. In essence, authentication proves you are who you say you are, while authorization dictates what you can do.
Visit the following resources to learn more:

6
src/data/roadmaps/cyber-security/content/bash@tao0Bb_JR0Ubl62HO8plp.md
View File

@@ -4,7 +4,7 @@ Bash (Bourne Again Shell) is a widely-used Unix shell and scripting language tha
Visit the following resources to learn more:
- [@course@Beginners Guide To The Bash Terminal](https://www.youtube.com/watch?v=oxuRxtrO2Ag)
- [@course@Start learning bash](https://linuxhandbook.com/bash/)
- [@roadmap@Visit the Dedicated Shell/Bash Roadmap](https://roadmap.sh/shell-bash)
- [@official@Bash](https://www.gnu.org/software/bash/)
- [@video@Bash in 100 Seconds](https://www.youtube.com/watch?v=I4EWvMFj37g)
- [@course@Beginners Guide To The Bash Terminal](https://www.youtube.com/watch?v=oxuRxtrO2Ag)
- [@course@Start learning bash](https://linuxhandbook.com/bash/)

4
src/data/roadmaps/cyber-security/content/basics-and-concepts-of-threat-hunting@_x3BgX93N-Pt1_JK7wk0p.md
View File

@@ -1,6 +1,6 @@
# Basics and Concepts of Threat Hunting
# Threat Hunting Basics
Threat hunting is a proactive approach to cybersecurity where security professionals actively search for hidden threats or adversaries that may have bypassed traditional security measures, such as firewalls and intrusion detection systems. Rather than waiting for automated tools to flag suspicious activity, threat hunters use a combination of human intuition, threat intelligence, and advanced analysis techniques to identify indicators of compromise (IoCs) and potential threats within a network or system. The process involves several key concepts, starting with a **hypothesis**, where a hunter develops a theory about potential vulnerabilities or attack vectors that could be exploited. They then conduct a **search** through logs, traffic data, or endpoint activity to look for anomalies or patterns that may indicate malicious behavior. **Data analysis** is central to threat hunting, as hunters analyze vast amounts of network and system data to uncover subtle signs of attacks or compromises. If threats are found, the findings lead to **detection and mitigation**, allowing the security team to contain the threat, remove malicious entities, and prevent similar incidents in the future.
Threat hunting is a proactive security activity where security analysts actively search for malicious activities or threats that have evaded automated security defenses. Unlike reactive incident response, which begins after an alert, threat hunting assumes that threats are already present within the environment and seeks to identify them before they cause significant damage. It leverages data analysis, threat intelligence, and investigative techniques to uncover hidden or advanced attacks.
Visit the following resources to learn more:

14
src/data/roadmaps/cyber-security/content/basics-of-ids-and-ips@FJsEBOFexbDyAj86XWBCc.md
View File

@@ -1,16 +1,6 @@
# Basics of IDS and IPS
# Intrusion Detection and Prevention Systems
When it comes to cybersecurity, detecting and preventing intrusions is crucial for protecting valuable information systems and networks. In this section, we'll discuss the basics of Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) to help you better understand their function and importance in your overall cybersecurity strategy.
What is Intrusion Detection System (IDS)?
-----------------------------------------
An Intrusion Detection System (IDS) is a critical security tool designed to monitor and analyze network traffic or host activities for any signs of malicious activity, policy violations, or unauthorized access attempts. Once a threat or anomaly is identified, the IDS raises an alert to the security administrator for further investigation and possible actions.
What is Intrusion Prevention System (IPS)?
------------------------------------------
An Intrusion Prevention System (IPS) is an advanced security solution closely related to IDS. While an IDS mainly focuses on detecting and alerting about intrusions, an IPS takes it a step further and actively works to prevent the attacks. It monitors, analyzes, and takes pre-configured automatic actions based on suspicious activities, such as blocking malicious traffic, resetting connections, or dropping malicious packets.
Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) are security mechanisms designed to monitor network or system activities for malicious behavior or policy violations. An IDS primarily detects suspicious activity and alerts administrators, while an IPS goes a step further by actively blocking or preventing the detected intrusions. Both systems analyze network traffic, system logs, and other data sources to identify potential threats and help maintain the security and integrity of a network or system.
Visit the following resources to learn more:

6
src/data/roadmaps/cyber-security/content/basics-of-nas-and-san@umbMBQ0yYmB5PgWfY6zfO.md
View File

@@ -1,8 +1,6 @@
# Basics of NAS and SAN
# Network Attached Storage (NAS) and Storage Area Networks (SAN)
Network Attached Storage (NAS) and Storage Area Network (SAN) are both technologies used for storing and managing data, but they operate in different ways and serve different purposes. NAS is a dedicated file storage device that connects to a network, allowing multiple users and devices to access files over a shared network. It operates at the file level and uses standard networking protocols such as NFS or SMB/CIFS, making it easy to set up and manage, especially for small to medium-sized businesses. NAS devices are ideal for sharing files, providing backups, and enabling centralized data access across multiple users in a local network.
SAN, on the other hand, is a high-performance, specialized network designed to provide block-level storage, which means it acts as a direct-attached storage device to servers. SAN uses protocols such as Fibre Channel or iSCSI and is typically employed in large enterprise environments where fast, high-capacity, and low-latency storage is critical for applications like databases and virtualized systems. While NAS focuses on file sharing across a network, SAN is designed for more complex, high-speed data management, enabling servers to access storage as if it were directly connected to them. Both NAS and SAN are vital components of modern data storage infrastructure but are chosen based on the specific performance, scalability, and management needs of the organization.
Network Attached Storage (NAS) is a file-level data storage device that connects to a network, allowing multiple devices to access files from a central location. A Storage Area Network (SAN) is a dedicated, high-speed network that provides block-level access to storage devices, appearing to servers as locally attached disks.
Visit the following resources to learn more:

4
src/data/roadmaps/cyber-security/content/basics-of-reverse-engineering@uoGA4T_-c-2ip_zfEUcJJ.md
View File

@@ -1,6 +1,6 @@
# Basics of Reverse Engineering
# Reverse Engineering Fundamentals
Reverse engineering is the process of deconstructing a system, software, or hardware to understand its internal workings, design, and functionality without having access to its source code or original documentation. In cybersecurity, reverse engineering is often used to analyze malware or software vulnerabilities to uncover how they operate, allowing security professionals to develop defenses, patches, or detection methods. This involves breaking down the binary code, disassembling it into machine code, and then interpreting it to understand the logic, behavior, and intent behind the program. Reverse engineering can also be used in hardware to investigate a device's design or performance, or in software development for compatibility, debugging, or enhancing legacy systems. The process typically includes static analysis, where the code is examined without execution, and dynamic analysis, where the program is executed in a controlled environment to observe its runtime behavior. The insights gained through reverse engineering are valuable for improving security, fixing bugs, or adapting systems for different uses. However, its important to be aware of the legal and ethical boundaries, as reverse engineering certain software or hardware can violate intellectual property rights.
Reverse engineering is the process of dissecting a system, piece of hardware, or software program to understand its design, function, and operation without having access to the source code or blueprints. It involves analyzing the object's structure, components, and behavior to deduce how it was created and how it works. Essentially, it's like taking something apart to figure out how it was put together.
Visit the following resources to learn more:

4
src/data/roadmaps/cyber-security/content/basics-of-subnetting@E8Z7qFFW-I9ivr0HzoXCq.md
View File

@@ -1,6 +1,6 @@
# Basics of Subnetting
# Subnetting Fundamentals
Subnetting is a technique used in computer networking to divide a large network into smaller, more manageable sub-networks, or "subnets." It enhances network performance and security by reducing broadcast traffic and enabling better control over IP address allocation. Each subnet has its own range of IP addresses, which allows network administrators to optimize network traffic and reduce congestion by isolating different sections of a network. In subnetting, an IP address is split into two parts: the network portion and the host portion. The network portion identifies the overall network, while the host portion identifies individual devices within that network. Subnet masks are used to define how much of the IP address belongs to the network and how much is reserved for hosts. By adjusting the subnet mask, administrators can create multiple subnets from a single network, with each subnet having a limited number of devices. Subnetting is particularly useful for large organizations, allowing them to efficiently manage IP addresses, improve security by segmenting different parts of the network, and control traffic flow by minimizing unnecessary data transmissions between segments.
Subnetting is the practice of dividing a network into two or more smaller, logically isolated networks, called subnets. This is accomplished by manipulating the subnet mask, which defines the range of IP addresses that belong to a particular network. By carving up a larger network address space, you can improve network performance, security, and manageability by limiting broadcast domains and isolating traffic.
Visit the following resources to learn more:

4
src/data/roadmaps/cyber-security/content/basics-of-threat-intel-osint@wN5x5pY53B8d0yopa1z8F.md
View File

@@ -1,6 +1,6 @@
# Basics of Threat Intel, OSINT
# Threat Intelligence and Open-Source Intelligence (OSINT) Fundamentals
Threat Intelligence (Threat Intel) and Open-Source Intelligence (OSINT) are both critical components in cybersecurity that help organizations stay ahead of potential threats. Threat Intelligence refers to the collection, analysis, and dissemination of information about potential or current attacks targeting an organization. This intelligence typically includes details on emerging threats, attack patterns, malicious IP addresses, and indicators of compromise (IoCs), helping security teams anticipate, prevent, or mitigate cyberattacks. Threat Intel can be sourced from both internal data (such as logs or past incidents) and external feeds, and it helps in understanding the tactics, techniques, and procedures (TTPs) of adversaries. OSINT, a subset of Threat Intel, involves gathering publicly available information from open sources to assess and monitor threats. These sources include websites, social media, forums, news articles, and other publicly accessible platforms. OSINT is often used for reconnaissance to identify potential attack vectors, compromised credentials, or leaks of sensitive data. Its also a valuable tool in tracking threat actors, as they may leave traces in forums or other public spaces. Both Threat Intel and OSINT enable organizations to be more proactive in their cybersecurity strategies by identifying vulnerabilities, understanding attacker behavior, and implementing timely defenses based on actionable insights.
Threat intelligence involves gathering and analyzing information about potential threats and adversaries. OSINT, or Open-Source Intelligence, is a specific type of threat intelligence that focuses on collecting information from publicly available sources, such as news articles, social media, and public records. By combining and analyzing this data, security professionals can gain insights into attacker motivations, tactics, and infrastructure, enabling them to proactively defend against cyberattacks.
Visit the following resources to learn more:

8
src/data/roadmaps/cyber-security/content/basics-of-vulnerability-management@lcxAXtO6LoGd85nOFnLo8.md
View File

@@ -1,10 +1,6 @@
# Basics of Vulnerability Management
# Vulnerability Management
Vulnerability management is the process of identifying, evaluating, prioritizing, and mitigating security vulnerabilities in an organization's systems, applications, and networks. It is a continuous, proactive approach to safeguarding digital assets by addressing potential weaknesses that could be exploited by attackers. The process begins with **vulnerability scanning**, where tools are used to detect known vulnerabilities by analyzing software, configurations, and devices.
Once vulnerabilities are identified, they are **assessed and prioritized** based on factors such as severity, potential impact, and exploitability. Organizations typically use frameworks like CVSS (Common Vulnerability Scoring System) to assign risk scores to vulnerabilities, helping them focus on the most critical ones first.
Next, **remediation** is carried out through patching, configuration changes, or other fixes. In some cases, mitigation may involve applying temporary workarounds until a full patch is available. Finally, continuous **monitoring and reporting** ensure that new vulnerabilities are swiftly identified and addressed, maintaining the organization's security posture. Vulnerability management is key to reducing the risk of exploitation and minimizing the attack surface in today's complex IT environments.
Vulnerability management is a cyclical process aimed at identifying, classifying, remediating, and mitigating vulnerabilities in computer systems and software. It begins with vulnerability scanning to discover potential weaknesses. Assessment then involves analyzing these vulnerabilities to determine their impact and likelihood of exploitation. Prioritization ranks vulnerabilities based on risk to focus remediation efforts. Remediation involves implementing solutions such as patching, configuration changes, or mitigation strategies to address the identified weaknesses. Finally, ongoing monitoring and reporting tracks the effectiveness of remediation efforts and identifies new vulnerabilities as they emerge.
Visit the following resources to learn more:

4
src/data/roadmaps/cyber-security/content/blue--red--purple-teams@7tDxTcKJNAUxbHLPCnPFO.md
View File

@@ -1,6 +1,6 @@
# Blue Team vs Red Team vs Purple Team
# Blue / Red / Purple Teams
In the context of cybersecurity, Blue Team, Red Team, and Purple Team are terms used to describe different roles and methodologies employed to ensure the security of an organization or system. Let's explore each one in detail. In cybersecurity, Blue Team and Red Team refer to opposing groups that work together to improve an organization's security posture. The Blue Team represents defensive security personnel who protect systems and networks from attacks, while the Red Team simulates real-world adversaries to test the Blue Team's defenses. Purple Team bridges the gap between the two, facilitating collaboration and knowledge sharing to enhance overall security effectiveness. This approach combines the defensive strategies of the Blue Team with the offensive tactics of the Red Team, creating a more comprehensive and dynamic security framework that continuously evolves to address emerging threats and vulnerabilities.
Blue, Red, and Purple Teams are conceptual groups used to structure cybersecurity roles and responsibilities. A Blue Team is responsible for defending an organization's systems by identifying vulnerabilities and implementing security measures. A Red Team acts as an attacker, simulating real-world threats to test the effectiveness of the Blue Team and identify weaknesses in the security posture. A Purple Team facilitates communication and collaboration between the Blue and Red Teams to maximize learning and improve overall security.
Visit the following resources to learn more:

12
src/data/roadmaps/cyber-security/content/brute-force-vs-password-spray@Q0i-plPQkb_NIvOQBVaDd.md
View File

@@ -1,14 +1,6 @@
# Brute Force vs Password Spray
# Brute Force vs. Password Spraying
What is Brute Force?
--------------------
Brute Force is a method of password cracking where an attacker systematically tries all possible combinations of characters until the correct password is found. This method is highly resource-intensive, as it involves attempting numerous password variations in a relatively short period of time.
What is Password Spray?
-----------------------
Password Spray is a more targeted and stealthy method of password cracking where an attacker tries a small number of common passwords across many different accounts. Instead of bombarding a single account with numerous password attempts (as in brute force), password spraying involves using one or a few passwords against multiple accounts.
Brute force attacks attempt to crack a password by systematically trying every possible combination of characters until the correct one is found. Password spraying, conversely, uses a list of commonly used passwords and attempts them against many different user accounts. The goal of password spraying is to avoid account lockouts, which are often triggered by repeated failed login attempts from a single account.
Visit the following resources to learn more:

4
src/data/roadmaps/cyber-security/content/certificates@WXRaVCYwuGQsjJ5wyvbea.md
View File

@@ -1,8 +1,6 @@
# Certificates
Certificates, also known as digital certificates or SSL/TLS certificates, play a crucial role in the world of cybersecurity. They help secure communications between clients and servers over the internet, ensuring that sensitive data remains confidential and protected from prying eyes.
Digital certificates provide a crucial layer of security and trust for online communications. Understanding their role in cybersecurity, the different types of certificates, and the importance of acquiring certificates from trusted CAs can greatly enhance your organization's online security posture and reputation.
Certificates, also known as digital certificates or SSL/TLS certificates, are electronic documents used to establish trust and secure communication over networks. They function like digital IDs, verifying the identity of websites, servers, individuals, or devices. These certificates contain information about the entity they represent, a digital signature from a trusted Certificate Authority (CA), and the entity's public key, which is used for encryption and secure data exchange.
Visit the following resources to learn more:

6
src/data/roadmaps/cyber-security/content/cidr@PPIH1oHW4_ZDyD3U3shDg.md
View File

@@ -1,10 +1,6 @@
# CIDR
CIDR, or Classless Inter-Domain Routing, is a method of allocating IP addresses and routing Internet Protocol packets in a more flexible and efficient way, compared to the older method of Classful IP addressing. Developed in the early 1990s, CIDR helps to slow down the depletion of IPv4 addresses and reduce the size of routing tables, resulting in better performance and scalability of the Internet.
CIDR achieves its goals by replacing the traditional Class A, B, and C addressing schemes with a system that allows for variable-length subnet masking (VLSM). In CIDR, an IP address and its subnet mask are written together as a single entity, referred to as a _CIDR notation_.
A CIDR notation looks like this: `192.168.1.0/24`. Here, `192.168.1.0` is the IP address, and `/24` represents the subnet mask. The number after the slash (/) is called the _prefix length_, which indicates how many bits of the subnet mask should be set to 1 (bitmask). The remaining bits of the subnet mask are set to 0.
CIDR (Classless Inter-Domain Routing) is a method for allocating IP addresses and routing Internet Protocol packets. It replaces the older classful network addressing scheme. CIDR uses variable-length subnet masking (VLSM) to create subnets of different sizes, offering greater flexibility in address allocation and reducing address wastage compared to the rigid class-based system. It's represented using an IP address followed by a slash and a number (e.g., 192.168.1.0/24), where the number indicates the number of bits used for the network prefix.
Visit the following resources to learn more:

4
src/data/roadmaps/cyber-security/content/cisa@lqFp4VLY_S-5tAbhNQTew.md
View File

@@ -1,8 +1,6 @@
# CISA
The **Certified Information Systems Auditor (CISA)** is a globally recognized certification for professionals who audit, control, monitor, and assess an organization's information technology and business systems.
CISA was established by the Information Systems Audit and Control Association (ISACA) and is designed to demonstrate an individual's expertise in managing vulnerabilities, ensuring compliance with industry regulations, and instituting controls within the business environment.
CISA, or Certified Information Systems Auditor, is a globally recognized certification for professionals who audit, control, monitor, and assess an organization's information technology and business systems. It demonstrates expertise in assessing vulnerabilities, reporting on compliance, and instituting controls within an enterprise. Achieving CISA certification requires passing an exam, possessing relevant work experience in information systems auditing, control, assurance, or security, and adhering to ISACA's code of professional ethics.
Visit the following resources to learn more:

25
src/data/roadmaps/cyber-security/content/common-commands@WDrSO7wBNn-2jB8mcyT7j.md
View File

@@ -1,29 +1,6 @@
# Common Commands
Common operating system (OS) commands are essential for interacting with a system's shell or command-line interface (CLI). These commands allow users to perform a wide range of tasks, such as navigating the file system, managing files and directories, checking system status, and administering processes. Below are some commonly used commands across Unix/Linux and Windows operating systems:
1. **Navigating the File System:**
* Unix/Linux: `ls` (list files), `cd` (change directory), `pwd` (print working directory)
* Windows: `dir` (list files), `cd` (change directory), `echo %cd%` (print working directory)
2. **File and Directory Management:**
* Unix/Linux: `cp` (copy files), `mv` (move/rename files), `rm` (remove files), `mkdir` (create directory)
* Windows: `copy` (copy files), `move` (move/rename files), `del` (delete files), `mkdir` (create directory)
3. **System Information and Processes:**
* Unix/Linux: `top` or `htop` (view running processes), `ps` (list processes), `df` (disk usage), `uname` (system info)
* Windows: `tasklist` (list processes), `taskkill` (kill process), `systeminfo` (system details)
4. **File Permissions and Ownership:**
* Unix/Linux: `chmod` (change file permissions), `chown` (change file ownership)
* Windows: `icacls` (modify access control lists), `attrib` (change file attributes)
5. **Network Commands:**
* Unix/Linux: `ping` (test network connection), `ifconfig` or `ip` (network interface configuration), `netstat` (network statistics)
* Windows: `ping` (test network connection), `ipconfig` (network configuration), `netstat` (network statistics)
These commands form the foundation of interacting with and managing an OS via the command line, providing greater control over system operations compared to graphical interfaces.
Common operating system (OS) commands are essential for interacting with a system's shell or command-line interface (CLI). These commands allow users to perform a wide range of tasks, such as navigating the file system, managing files and directories, checking system status, and administering processes. They form the foundation to interact with and managing an OS via the command line, providing greater control over system operations compared to graphical interfaces.
Visit the following resources to learn more:

4
src/data/roadmaps/cyber-security/content/common-ports-and-their-uses@0tx2QYDYXhm85iYrCWd9U.md
View File

@@ -1,6 +1,6 @@
# Common Ports and their Uses
# Common Ports and Their Uses
Common ports are standardized communication endpoints used by various network protocols and services. In cybersecurity, understanding these ports is crucial for configuring firewalls, detecting potential threats, and managing network traffic. Some widely used ports include 80 and 443 for HTTP and HTTPS web traffic, 22 for SSH secure remote access, 25 for SMTP email transmission, and 53 for DNS name resolution. FTP typically uses port 21 for control and 20 for data transfer, while ports 137-139 and 445 are associated with SMB file sharing. Database services often use specific ports, such as 3306 for MySQL and 1433 for Microsoft SQL Server. Cybersecurity professionals must be familiar with these common ports and their expected behaviors to effectively monitor network activities, identify anomalies, and secure systems against potential attacks targeting specific services.
Ports are virtual endpoints where network connections start and end. They are numbered, and these numbers help identify specific applications or services running on a server. When data is sent over a network, it's directed to a specific port on the receiving device, ensuring that the correct application handles the data. Understanding these common ports and their corresponding services is crucial for diagnosing network issues, configuring firewalls, and identifying potential security vulnerabilities.
Visit the following resources to learn more:

4
src/data/roadmaps/cyber-security/content/common-protocols-and-their-uses@ViF-mpR17MB3_KJ1rV8mS.md
View File

@@ -1,6 +1,6 @@
# Common Protocols and their Uses
# Common Protocols and Their Uses
Networking protocols are essential for facilitating communication between devices and systems across networks. In cybersecurity, understanding these protocols is crucial for identifying potential vulnerabilities and securing data transmission. Common protocols include TCP/IP, the foundation of internet communication, which ensures reliable data delivery. HTTP and HTTPS are used for web browsing, with HTTPS providing encrypted connections. FTP and SFTP handle file transfers, while SMTP, POP3, and IMAP manage email services. DNS translates domain names to IP addresses, and DHCP automates IP address assignment. SSH enables secure remote access and management of systems. Other important protocols include TLS/SSL for encryption, SNMP for network management, and VPN protocols like IPsec and OpenVPN for secure remote connections. Cybersecurity professionals must be well-versed in these protocols to effectively monitor network traffic, implement security measures, and respond to potential threats targeting specific protocol vulnerabilities.
Networking protocols are standardized sets of rules that govern how data is transmitted between devices on a network. They define everything from how data is formatted and addressed to how errors are detected and corrected. Different protocols are designed for different purposes, allowing for a wide range of communication methods across various types of networks. Understanding these protocols is fundamental for analyzing network traffic, identifying vulnerabilities, and ensuring secure data transmission.
Visit the following resources to learn more:

4
src/data/roadmaps/cyber-security/content/computer-hardware-components@Ih0YZt8u9vDwYo8y1t41n.md
View File

@@ -1,8 +1,6 @@
# Computer Hardware Components
Computer hardware components are the physical parts of a computer system that work together to perform computing tasks. The key components include the **central processing unit (CPU)**, which is the "brain" of the computer responsible for executing instructions and processing data. The **motherboard** is the main circuit board that connects and allows communication between the CPU, memory, and other hardware. **Random Access Memory (RAM)** serves as the computer's short-term memory, storing data that is actively being used by the CPU for quick access.
The **storage device**, such as a hard disk drive (HDD) or solid-state drive (SSD), is where data is permanently stored, including the operating system, applications, and files. The **power supply unit (PSU)** provides the necessary electrical power to run the components. **Graphics processing units (GPU)**, dedicated for rendering images and videos, are important for tasks like gaming, video editing, and machine learning. Additionally, **input devices** like keyboards and mice, and **output devices** like monitors and printers, enable users to interact with the system. Together, these components make up the essential hardware of a computer, enabling it to perform various computing functions.
Computer hardware components are the physical parts that make up a computer system. These include the central processing unit (CPU), which executes instructions, memory (RAM) for temporary data storage, storage devices like hard drives and SSDs for permanent data storage, and input/output devices like keyboards, mice, and monitors that allow interaction with the system. Understanding these components and how they interact is crucial for anyone working with computers.
Visit the following resources to learn more:

18
src/data/roadmaps/cyber-security/content/connection-types-and-their-function@F1QVCEmGkgvz-_H5lTxY2.md
View File

@@ -1,20 +1,10 @@
# Connection Types and their function
# Connection Types
There are several types of network connections that enable communication between devices, each serving different functions based on speed, reliability, and purpose. **Ethernet** is a wired connection type commonly used in local area networks (LANs), providing high-speed, stable, and secure data transfer. Ethernet is ideal for businesses and environments where reliability is crucial, offering speeds from 100 Mbps to several Gbps.
**Wi-Fi**, a wireless connection, enables devices to connect to a network without physical cables. It provides flexibility and mobility, making it popular in homes, offices, and public spaces. While Wi-Fi offers convenience, it can be less reliable and slower than Ethernet due to signal interference or distance from the access point.
**Bluetooth** is a short-range wireless technology primarily used for connecting peripherals like headphones, keyboards, and other devices. It operates over shorter distances, typically up to 10 meters, and is useful for personal device communication rather than networking larger systems.
**Fiber-optic connections** use light signals through glass or plastic fibers to transmit data at very high speeds over long distances, making them ideal for internet backbones or connecting data centers. Fiber is faster and more reliable than traditional copper cables, but it is also more expensive to implement.
**Cellular connections**, such as 4G and 5G, allow mobile devices to connect to the internet via wireless cellular networks. These connections offer mobility, enabling internet access from almost anywhere, but their speeds and reliability can vary depending on network coverage.
Each connection type plays a specific role, balancing factors like speed, distance, and convenience to meet the varying needs of users and organizations.
Different devices connect to networks in various ways. **Ethernet** cables create a wired connection, often used for desktops and servers, providing a reliable and fast link. **Wi-Fi** offers wireless connectivity through radio waves, commonly found in laptops, smartphones, and IoT devices, allowing mobility within a network's range. **Bluetooth** is another wireless technology, primarily used for short-range connections between devices like headphones and smartphones. **Fiber-optic** connections utilize light to transmit data, offering very high bandwidth and are used for long-distance communication and backbone networks. **Cellular connections** use mobile networks to provide internet access to devices like smartphones and tablets, allowing connectivity virtually anywhere within cellular coverage.
Visit the following resources to learn more:
- [@article@Network connection types explained](https://nordvpn.com/blog/network-connection-types/)
- [@article@What is Ethernet?](https://www.techtarget.com/searchnetworking/definition/Ethernet)
- [@article@What is WiFi and how does it work?](https://computer.howstuffworks.com/wireless-network.htm)
- [@article@How bluetooth works](https://electronics.howstuffworks.com/bluetooth.htm)
- [@article@video@How bluetooth works](https://www.youtube.com/watch?v=1I1vxu5qIUM)
- [@article@How bluetooth works](https://electronics.howstuffworks.com/bluetooth.htm)

4
src/data/roadmaps/cyber-security/content/core-concepts-of-zero-trust@HavEL0u65ZxHt92TfbLzk.md
View File

@@ -1,6 +1,6 @@
# Core Concepts of Zero Trust
# Zero Trust
The core concepts of Zero Trust revolve around the principle of "never trust, always verify," emphasizing the need to continuously validate every user, device, and application attempting to access resources, regardless of their location within or outside the network perimeter. Unlike traditional security models that rely on a strong perimeter defense, Zero Trust assumes that threats could already exist inside the network and that no entity should be trusted by default. Key principles include strict identity verification, least privilege access, micro-segmentation, and continuous monitoring. This approach limits access to resources based on user roles, enforces granular security policies, and continuously monitors for abnormal behavior, ensuring that security is maintained even if one segment of the network is compromised. Zero Trust is designed to protect modern IT environments from evolving threats by focusing on securing data and resources, rather than just the network perimeter.
Zero Trust is a security framework based on the principle of "never trust, always verify." Instead of assuming that users or devices inside a network are automatically trustworthy, Zero Trust mandates that every user, device, and network flow is authenticated and authorized before being granted access to resources. This model minimizes the blast radius of a potential security breach by segmenting access and continuously validating security posture.
Visit the following resources to learn more:

2
src/data/roadmaps/cyber-security/content/csrf@pK2iRArULlK-B3iSVo4-n.md
View File

@@ -1,6 +1,6 @@
# Cross-Site Request Forgery (CSRF)
Cross-Site Request Forgery (CSRF) is a type of web security vulnerability that allows an attacker to trick a user into performing actions on a web application without their consent. It occurs when a malicious website or link causes a users browser to send unauthorized requests to a different site where the user is authenticated, such as submitting a form or changing account settings. Since the requests are coming from the users authenticated session, the web application mistakenly trusts them, allowing the attacker to perform actions like transferring funds, changing passwords, or altering user data. CSRF attacks exploit the trust that a web application has in the user's browser, making it critical for developers to implement countermeasures like CSRF tokens, same-site cookie attributes, and user confirmation prompts to prevent unauthorized actions.
Cross-Site Request Forgery (CSRF) is a web security vulnerability where an attacker tricks a user's browser into performing actions on a website while the user is authenticated. This happens without the user's knowledge or consent, leveraging the established trust between the user's browser and the targeted website. Essentially, the attacker crafts a malicious request that appears to originate from the legitimate user, potentially leading to unauthorized changes or actions on their account.
Visit the following resources to learn more:

6
src/data/roadmaps/cyber-security/content/dd@9xbU_hrEOUtMm-Q09Fe6t.md
View File

@@ -1,8 +1,6 @@
# dd
# `dd` for Incident Response and Discovery
`dd` is a powerful data duplication and forensic imaging tool that is widely used in the realm of cybersecurity. As an incident responder, this utility can assist you in uncovering important evidence and preserving digital details to reconstruct the event timelines and ultimately prevent future attacks.
This command-line utility is available on Unix-based systems such as Linux, BSD, and macOS. It can perform tasks like data duplication, data conversion, and error correction. Most importantly, it's an invaluable tool for obtaining a bit-by-bit copy of a disk or file, which can then be analyzed using forensic tools.
`dd` (data duplicator) is a command-line utility used primarily for copying and converting data. It operates at a low level, reading and writing data block by block. This makes it extremely useful for creating exact bit-by-bit copies of storage devices, such as hard drives or memory sticks, and creating forensic images in raw or other formats.
Visit the following resources to learn more:

4
src/data/roadmaps/cyber-security/content/dhcp@R5HEeh6jwpQDo27rz1KSH.md
View File

@@ -1,6 +1,6 @@
# Dynamic Host Configuration Protocol (DHCP)
# DHCP
The Dynamic Host Configuration Protocol (DHCP) is a network management protocol used to automatically assign IP addresses and other network configuration details, such as subnet masks, default gateways, and DNS servers, to devices on a network. When a device, such as a computer or smartphone, connects to a network, it sends a request to the DHCP server, which then dynamically assigns an available IP address from a defined range and provides the necessary configuration information. This process simplifies network management by eliminating the need for manual IP address assignment and reduces the risk of IP conflicts, ensuring that devices can seamlessly join the network and communicate with other devices and services.
DHCP, or Dynamic Host Configuration Protocol, is a network management protocol used on IP networks. It automates the process of assigning IP addresses, subnet masks, default gateways, and other network parameters to devices, allowing them to communicate on the network. Instead of manually configuring each device, DHCP servers dynamically "lease" IP addresses to clients for a specific period, streamlining network administration and preventing IP address conflicts.
Visit the following resources to learn more:

2
src/data/roadmaps/cyber-security/content/diamond-model@AY-hoPGnAZSd1ExaYX8LR.md
View File

@@ -1,6 +1,6 @@
# Diamond Model
The Diamond Model is a cybersecurity framework used for analyzing and understanding cyber threats by breaking down an attack into four core components: Adversary, Infrastructure, Capability, and Victim. The Adversary represents the entity behind the attack, the Infrastructure refers to the systems and resources used by the attacker (such as command and control servers), the Capability denotes the tools or malware employed, and the Victim is the target of the attack. The model emphasizes the relationships between these components, helping analysts to identify patterns, track adversary behavior, and understand the broader context of cyber threats. By visualizing and connecting these elements, the Diamond Model aids in developing more effective detection, mitigation, and response strategies.
The Diamond Model is a framework for understanding and analyzing cyber threat activity. It visualizes an intrusion event as a diamond shape with four core features: adversary, capability, infrastructure, and victim. Analyzing these elements and the relationships between them provides valuable insights into the nature of the attack, helping security professionals attribute, track, and defend against malicious campaigns.
Visit the following resources to learn more:

30
src/data/roadmaps/cyber-security/content/different-versions-and-differences@yXOGqlufAZ69uiBzKFfh6.md
View File

@@ -1,29 +1,3 @@
# Different Versions and Differences
# Operating System Versions and Differences
In the field of cyber security, it is essential to stay up-to-date with different versions of software, tools, and technology, as well as understanding the differences between them. Regularly updating software ensures that you have the latest security features in place to protect yourself from potential threats.
Importance of Versions
----------------------
* **Security**: Newer versions of software often introduce patches to fix security vulnerabilities. Using outdated software can leave your system exposed to cyber attacks.
* **Features**: Upgrading to a newer version of software can provide access to new features and functionalities, improving the user experience and performance.
* **Compatibility**: As technology evolves, staying up-to-date with versions helps ensure that software or tools are compatible across various platforms and devices.
Understanding Differences
-------------------------
When we talk about differences in the context of cybersecurity, they can refer to:
* **Software Differences**: Different software or tools offer different features and capabilities, so it's crucial to choose one that meets your specific needs. Additionally, open-source tools may differ from proprietary tools in terms of functionalities, licensing, and costs.
* **Operating System Differences**: Cybersecurity practices may differ across operating systems such as Windows, Linux, or macOS. Each operating system has its own security controls, vulnerabilities, and potential attack vectors.
* **Protocol Differences**: Understanding the differences between various network protocols (HTTP, HTTPS, SSH, FTP, etc.) can help you choose the most secure method for your purposes.
* **Threat Differences**: Various types of cyber threats exist (e.g., malware, phishing, denial-of-service attacks), and it is crucial to understand their differences in order to implement the most effective countermeasures.
Learn more from the following resources:
Operating systems (OS) evolve over time, leading to different versions of the same OS (like Windows 10 vs. Windows 11) and different OS families altogether (like Windows vs. Linux). Each version introduces new features, performance improvements, security updates, and sometimes, architectural changes. Understanding these differences is crucial because older versions might be vulnerable to exploits that have been patched in newer releases, and different operating systems have inherently different security models and capabilities.

6
src/data/roadmaps/cyber-security/content/directory-traversal@L0ROYh2DNlkybNDO2ezJY.md
View File

@@ -1,8 +1,6 @@
# Directory Traversal
# Directory Traversal Attacks
Directory Traversal, also known as Path Traversal, is a vulnerability that allows attackers to read files on a system without proper authorization. These attacks typically exploit unsecured paths using "../" (dot-dot-slash) sequences and their variations, or absolute file paths. The attack is also referred to as "dot-dot-slash," "directory climbing," or "backtracking."
While Directory Traversal is sometimes combined with other vulnerabilities like Local File Inclusion (LFI) or Remote File Inclusion (RFI), the key difference is that Directory Traversal doesn't execute code, whereas LFI and RFI usually do.
Directory traversal, also known as path traversal, is a web security vulnerability that allows attackers to access files and directories stored outside of the intended web server's root directory. It exploits insufficient security validation of user-supplied filenames, enabling attackers to navigate the file system and potentially gain access to sensitive information, execute arbitrary code, or compromise the entire server.
Visit the following resources to learn more:

4
src/data/roadmaps/cyber-security/content/dns@r1IKvhpwg2umazLGlQZL1.md
View File

@@ -1,6 +1,6 @@
# Domain Name System (DNS)
# DNS
The Domain Name System (DNS) is a fundamental protocol of the internet that translates human-readable domain names, like `www.example.com`, into IP addresses, such as `192.0.2.1`, which are used by computers to locate and communicate with each other. Essentially, DNS acts as the internet's phonebook, enabling users to access websites and services without needing to memorize numerical IP addresses. When a user types a domain name into a browser, a DNS query is sent to a DNS server, which then resolves the domain into its corresponding IP address, allowing the browser to connect to the appropriate server. DNS is crucial for the functionality of the internet, as it underpins virtually all online activities by ensuring that requests are routed to the correct destinations.
The Domain Name System (DNS) is like the internet's phonebook. It translates human-readable domain names, like "google.com," into IP addresses, like "172.217.160.142," which computers use to identify each other on the network. Without DNS, we'd have to remember and type in long strings of numbers to access websites, making the internet much less user-friendly.
Visit the following resources to learn more:

4
src/data/roadmaps/cyber-security/content/dnssec@LLGXONul7JfZGUahnK0AZ.md
View File

@@ -1,6 +1,6 @@
# DNS Security Extensions (DNSSEC)
# DNSSEC
DNS Security Extensions (DNSSEC) is a suite of protocols designed to add a layer of security to the Domain Name System (DNS) by enabling DNS responses to be authenticated. While DNS itself resolves domain names into IP addresses, it does not inherently verify the authenticity of the responses, leaving it vulnerable to attacks like cache poisoning, where an attacker injects malicious data into a DNS resolvers cache. DNSSEC addresses this by using digital signatures to ensure that the data received is exactly what was intended by the domain owner and has not been tampered with during transit. When a DNS resolver requests information, DNSSEC-enabled servers respond with both the requested data and a corresponding digital signature. The resolver can then verify this signature using a chain of trust, ensuring the integrity and authenticity of the DNS response. By protecting against forged DNS data, DNSSEC plays a critical role in enhancing the security of internet communications.
DNSSEC, or Domain Name System Security Extensions, is a security protocol suite that adds cryptographic signatures to DNS data. It verifies that DNS responses originate from the authoritative DNS server and haven't been tampered with during transit. This helps prevent DNS spoofing and cache poisoning attacks by ensuring the authenticity and integrity of DNS information.
Visit the following resources to learn more:

4
src/data/roadmaps/cyber-security/content/dos-vs-ddos@IF5H0ZJ72XnqXti3jRWYF.md
View File

@@ -1,6 +1,6 @@
# Denial of Service (DoS) vs Distributed Denial of Service (DDoS)
# DoS vs DDoS
Denial of Service (DoS) and Distributed Denial of Service (DDoS) are both types of cyber attacks aimed at disrupting the normal functioning of a targeted service, typically a website or network. A DoS attack involves a single source overwhelming a system with a flood of requests or malicious data, exhausting its resources and making it unavailable to legitimate users. In contrast, a DDoS attack amplifies this disruption by using multiple compromised devices, often forming a botnet, to launch a coordinated attack from numerous sources simultaneously. This distributed nature makes DDoS attacks more challenging to mitigate, as the traffic comes from many different locations, making it harder to identify and block the malicious traffic. Both types of attacks can cause significant downtime, financial loss, and reputational damage to the targeted organization.
A Denial-of-Service (DoS) attack is a type of cyberattack where an attacker attempts to make a machine or network resource unavailable to its intended users by overwhelming it with malicious traffic or requests, originating from a *single* source. A Distributed Denial-of-Service (DDoS) attack is similar, but the attack traffic comes from *multiple* compromised systems, creating a larger and more difficult-to-mitigate disruption.
Visit the following resources to learn more:

6
src/data/roadmaps/cyber-security/content/eap-vs-peap@1jwtExZzR9ABKvD_S9zFG.md
View File

@@ -1,8 +1,6 @@
# Extensible Authentication Protocol (EAP) vs Protected Extensible Authentication Protocol (PEAP)
# EAP vs PEAP
EAP and PEAP are both authentication frameworks used in wireless networks and Point-to-Point connections to provide secure access. EAP is a flexible authentication framework that supports multiple authentication methods, such as token cards, certificates, and passwords, allowing for diverse implementations in network security. However, EAP by itself does not provide encryption, leaving the authentication process potentially vulnerable to attacks.
PEAP, on the other hand, is a version of EAP designed to enhance security by encapsulating the EAP communication within a secure TLS (Transport Layer Security) tunnel. This tunnel protects the authentication process from eavesdropping and man-in-the-middle attacks. PEAP requires a server-side certificate to establish the TLS tunnel, but it does not require client-side certificates, making it easier to deploy while still ensuring secure transmission of credentials. PEAP is widely used in wireless networks to provide a secure authentication mechanism that protects user credentials during the authentication process.
EAP (Extensible Authentication Protocol) is an authentication framework providing a general method for transport and authentication, supporting various authentication methods. PEAP (Protected EAP) is an EAP protocol that encapsulates EAP within an encrypted and authenticated TLS tunnel. This protects the EAP authentication process, making it more secure than standard EAP.
Visit the following resources to learn more:

4
src/data/roadmaps/cyber-security/content/edr@QvHWrmMzO8IvNQ234E_wf.md
View File

@@ -1,6 +1,6 @@
# EDR
# Endpoint Detection and Response (EDR)
Endpoint Detection and Response (EDR) is a cybersecurity technology that provides continuous monitoring and response to threats at the endpoint level. It is designed to detect, investigate, and mitigate suspicious activities on endpoints such as laptops, desktops, and mobile devices. EDR solutions log and analyze behaviors on these devices to identify potential threats, such as malware or ransomware, that have bypassed traditional security measures like antivirus software. This technology equips security teams with the tools to quickly respond to and contain threats, minimizing the risk of a security breach spreading across the network. EDR systems are an essential component of modern cybersecurity strategies, offering advanced protection by utilizing real-time analytics, AI-driven automation, and comprehensive data recording.
EDR is a security technology that continuously monitors endpoints (like computers, laptops, and servers) for suspicious activity and threats. It collects data from these endpoints, analyzes it in real-time, and automatically responds to detected threats to prevent or minimize damage. The goal of EDR is to provide better visibility into what is happening on endpoints, allowing security teams to quickly identify, investigate, and remediate security incidents.
Visit the following resources to learn more:

2
src/data/roadmaps/cyber-security/content/endpoint-security@LEgJtu1GZKOtoAXyOGWLE.md
View File

@@ -1,6 +1,6 @@
# Endpoint Security
Endpoint security focuses on protecting individual devices that connect to a network, such as computers, smartphones, tablets, and IoT devices. It's a critical component of modern cybersecurity strategy, as endpoints often serve as entry points for cyberattacks. This approach involves deploying and managing security software on each device, including antivirus programs, firewalls, and intrusion detection systems. Advanced endpoint protection solutions may incorporate machine learning and behavioral analysis to detect and respond to novel threats. Endpoint security also encompasses patch management, device encryption, and access controls to mitigate risks associated with lost or stolen devices. As remote work and bring-your-own-device (BYOD) policies become more prevalent, endpoint security has evolved to include cloud-based management and zero-trust architectures, ensuring that security extends beyond the traditional network perimeter to protect data and systems regardless of device location or ownership.
Endpoint security focuses on protecting networks by securing the devices that connect to them, such as desktops, laptops, smartphones, and servers. It involves implementing security measures directly on these endpoints to prevent malicious activities, data breaches, and unauthorized access. This approach aims to create a defensive layer at each point of network entry, rather than solely relying on perimeter security.
Visit the following resources to learn more:

2
src/data/roadmaps/cyber-security/content/eradication@N17xAIo7sgbB0nrIDMWju.md
View File

@@ -1,6 +1,6 @@
# Eradication
Eradication in cybersecurity refers to the critical phase of incident response that follows containment, focusing on completely removing the threat from the affected systems. This process involves thoroughly identifying and eliminating all components of the attack, including malware, backdoors, and any alterations made to the system. Security teams meticulously analyze logs, conduct forensic examinations, and use specialized tools to ensure no traces of the threat remain. Eradication may require reimaging compromised systems, patching vulnerabilities, updating software, and resetting compromised credentials. It's a complex and often time-consuming process that demands precision to prevent reinfection or lingering security gaps. Successful eradication is crucial for restoring system integrity and preventing future incidents based on the same attack vector. After eradication, organizations typically move to the recovery phase, rebuilding and strengthening their systems with lessons learned from the incident.
Eradication in the context of incident response involves completely removing the root cause of a security incident to prevent its recurrence. This phase goes beyond just containing the immediate effects of an attack; it focuses on identifying and eliminating the vulnerability, malware, or other underlying factors that allowed the incident to happen in the first place. This might include patching vulnerable systems, removing malicious software, resetting compromised credentials, or reconfiguring network devices.
Visit the following resources to learn more:

2
src/data/roadmaps/cyber-security/content/event-logs@KbFwL--xF-eYjGy8PZdrM.md
View File

@@ -1,6 +1,6 @@
# Event Logs
Event logs are digital records that document activities and occurrences within computer systems and networks. They serve as a crucial resource for cybersecurity professionals, providing a chronological trail of system operations, user actions, and security-related events. These logs capture a wide range of information, including login attempts, file access, system changes, and application errors. In the context of security, event logs play a vital role in threat detection, incident response, and forensic analysis. They help identify unusual patterns, track potential security breaches, and reconstruct the sequence of events during an attack. Effective log management involves collecting logs from various sources, securely storing them, and implementing tools for log analysis and correlation. However, the sheer volume of log data can be challenging to manage, requiring advanced analytics and automation to extract meaningful insights and detect security incidents in real-time.
Event logs are records of activities that occur within a computer system or network. These logs capture various events, such as system startups and shutdowns, application errors, security alerts, and user login/logout activities. They provide a chronological history of these occurrences, offering valuable insights into the system's operational status and potential security incidents.
Visit the following resources to learn more:

8
src/data/roadmaps/cyber-security/content/false-negative--false-positive@XwRCZf-yHJsXVjaRfb3R4.md
View File

@@ -1,10 +1,6 @@
# False Negative / False Positive
# False Negatives and False Positives
A false positive happens when the security tool mistakenly identifies a non-threat as a threat. For example, it might raise an alarm for a legitimate user's activity, indicating a potential attack when there isn't any. A high number of false positives can cause unnecessary diverting of resources and time, investigating false alarms. Additionally, it could lead to user frustration if legitimate activities are being blocked.
A false negative occurs when the security tool fails to detect an actual threat or attack. This could result in a real attack going unnoticed, causing damage to the system, data breaches, or other negative consequences. A high number of false negatives indicate that the security system needs to be improved to capture real threats effectively.
To have an effective cybersecurity system, security professionals aim to maximize true positives and true negatives, while minimizing false positives and false negatives. Balancing these aspects ensures that the security tools maintain their effectiveness without causing undue disruptions to a user's experience.
False positives and false negatives are common occurrences when evaluating security systems and tools. A false positive is when a system incorrectly identifies a normal activity as malicious, raising an alert when there's actually no threat. Conversely, a false negative occurs when a system fails to detect a genuine malicious activity, allowing a threat to slip through unnoticed. Effectively managing and minimizing both types of errors is crucial for maintaining a robust and reliable security posture.
Visit the following resources to learn more:

6
src/data/roadmaps/cyber-security/content/firewall--nextgen-firewall@tWDo5R3KU5KOjDdtv801x.md
View File

@@ -1,8 +1,6 @@
# Firewalls & Next-Generation Firewalls
# Firewalls and Next-Generation Firewalls
Firewalls are network security devices that monitor and control incoming and outgoing traffic based on predetermined security rules. Traditional firewalls operate at the network layer, filtering traffic based on IP addresses, ports, and protocols. They provide basic protection by creating a barrier between trusted internal networks and untrusted external networks.
Next-generation firewalls (NGFWs) build upon this foundation, offering more advanced features to address modern cyber threats. NGFWs incorporate deep packet inspection, application-level filtering, and integrated intrusion prevention systems. They can identify and control applications regardless of port or protocol, enabling more granular security policies. NGFWs often include additional security functions such as SSL/TLS inspection, antivirus scanning, and threat intelligence integration. This evolution allows for more comprehensive network protection, better visibility into network traffic, and improved defense against sophisticated attacks in today's complex and dynamic threat landscape.
A firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules. It acts as a barrier between a trusted internal network and untrusted external networks, such as the internet. Next-Generation Firewalls (NGFWs) extend traditional firewall capabilities by adding advanced features like intrusion prevention, application control, and advanced threat detection, offering deeper inspection and more granular control over network traffic.
Visit the following resources to learn more:

2
src/data/roadmaps/cyber-security/content/firewall-logs@np0PwKy-EvIa_f_LC6Eem.md
View File

@@ -1,6 +1,6 @@
# Firewall Logs
Firewall logs are detailed records of network traffic and security events captured by firewall devices. These logs provide crucial information about connection attempts, allowed and blocked traffic, and potential security incidents. They typically include data such as source and destination IP addresses, ports, protocols, timestamps, and the action taken by the firewall. Security professionals analyze these logs to monitor network activity, detect unusual patterns, investigate security breaches, and ensure policy compliance. Firewall logs are essential for troubleshooting network issues, optimizing security rules, and conducting forensic analysis after an incident. However, the volume of log data generated can be overwhelming, necessitating the use of log management tools and security information and event management (SIEM) systems to effectively process, correlate, and derive actionable insights from the logs. Regular review and analysis of firewall logs are critical practices in maintaining a robust security posture and responding promptly to potential threats.
Firewall logs are records generated by a firewall that detail network traffic passing through it. These logs typically contain information such as source and destination IP addresses, ports, timestamps, and the actions taken by the firewall (e.g., allowing or blocking connections). Analyzing these logs helps to understand network activity, identify potential security threats, and troubleshoot connectivity issues.
Visit the following resources to learn more:

4
src/data/roadmaps/cyber-security/content/ftp-vs-sftp@9Z6HPHPj4escSVDWftFEx.md
View File

@@ -1,6 +1,6 @@
# File Transfer Protocol (FTP) vs Secure File Transfer Protol (SFTP)
# FTP vs SFTP
File Transfer Protocol (FTP) and Secure File Transfer Protocol (SFTP) are both used for transferring files over networks, but they differ significantly in terms of security. FTP is an older protocol that transmits data in plain text, making it vulnerable to interception and unauthorized access. It typically uses separate connections for commands and data transfer, operating on ports 20 and 21. SFTP, on the other hand, is a secure version that runs over the SSH protocol, encrypting both authentication credentials and file transfers. It uses a single connection on port 22, providing better firewall compatibility. SFTP offers stronger authentication methods and integrity checking, making it the preferred choice for secure file transfers in modern networks. While FTP is simpler and may be faster in some scenarios, its lack of built-in encryption makes it unsuitable for transmitting sensitive information, leading many organizations to adopt SFTP or other secure alternatives to protect their data during transit.
File Transfer Protocol (FTP) is a standard network protocol used to transfer files between a client and a server on a computer network. Secure File Transfer Protocol (SFTP), on the other hand, is a more secure method that transfers files over a secure SSH connection, encrypting both commands and data being transferred.
Visit the following resources to learn more:

6
src/data/roadmaps/cyber-security/content/ftp@ftYYMxRpVer-jgSswHLNa.md
View File

@@ -1,8 +1,6 @@
# File Transfer Protocol (FTP)
# FTP
FTP is a standard network protocol used to transfer files from one host to another host over a TCP-based network, such as the Internet. Originally developed in the 1970s, it's one of the earliest protocols for transferring files between computers and remains widely used today.
FTP operates on a client-server model, where one computer acts as the client (the sender or requester) and the other acts as the server (the receiver or provider). The client initiates a connection to the server, usually by providing a username and password for authentication, and then requests a file transfer.
File Transfer Protocol (FTP) is a standard network protocol used for transferring files between a client and a server over a TCP/IP network, such as the internet. It operates using a client-server model, where a client initiates a connection to an FTP server to upload, download, delete, or rename files. FTP requires authentication, usually with a username and password, and establishes separate control and data connections for managing commands and transferring data, respectively.
Visit the following resources to learn more:

2
src/data/roadmaps/cyber-security/content/google-suite@IOK_FluAv34j3Tj_NvwdO.md
View File

@@ -1,6 +1,6 @@
# Google Workspace (Formerly G Suite)
Google Workspace, formerly known as G Suite, is a collection of cloud-based productivity and collaboration tools developed by Google. It includes popular applications such as Gmail for email, Google Drive for file storage and sharing, Google Docs for document creation and editing, Google Sheets for spreadsheets, and Google Meet for video conferencing. From a cybersecurity perspective, Google Workspace presents both advantages and challenges. It offers robust built-in security features like two-factor authentication, encryption of data in transit and at rest, and advanced threat protection. However, its cloud-based nature means organizations must carefully manage access controls, data sharing policies, and compliance with various regulations. Security professionals must be vigilant about potential phishing attacks targeting Google accounts, data leakage through improper sharing settings, and the risks associated with third-party app integrations. Understanding how to properly configure and monitor Google Workspace is crucial for maintaining the security of an organization's collaborative environment and protecting sensitive information stored within these widely-used tools.
Google Workspace, formerly known as G Suite, is a collection of cloud-based productivity and collaboration tools developed by Google. It includes popular applications such as Gmail for email, Google Drive for file storage and sharing, Google Docs for document creation and editing, Google Sheets for spreadsheets, and Google Meet for video conferencing. From a cybersecurity perspective, Google Workspace presents both advantages and challenges. It offers robust built-in security features like two-factor authentication, encryption of data in transit and at rest, and advanced threat protection. However, its cloud-based nature means organizations must carefully manage access controls, data sharing policies, and compliance with various regulations.
Visit the following resources to learn more:

6
src/data/roadmaps/cyber-security/content/group-policy@FxuMJmDoDkIsPFp2iocFg.md
View File

@@ -1,10 +1,6 @@
# Group Policy
_Group Policy_ is a feature in Windows operating systems that enables administrators to define and manage configurations, settings, and security policies for various aspects of the users and devices in a network. This capability helps you to establish and maintain a consistent and secure environment, which is crucial for organizations of all sizes.
Group Policy works by maintaining a hierarchy of _Group Policy Objects_ (GPOs), which contain multiple policy settings. GPOs can be linked to different levels of the Active Directory (AD) structure, such as domain, site, and organizational unit (OU) levels. By linking GPOs to specific levels, you can create an environment in which different settings are applied to different groups of users and computers, depending on their location in the AD structure.
When a user logs in or a computer starts up, the relevant GPOs from the AD structure get evaluated to determine the final policy settings. GPOs are processed in a specific order — local, site, domain, and OUs, with the latter having the highest priority. This order ensures that you can have a baseline set of policies at the domain level, with more specific policies applied at the OU level, as needed.
Group Policy is a feature within Microsoft Windows operating systems that provides centralized management and configuration of computer and user settings in an Active Directory environment. It allows administrators to define and enforce specific rules and policies for users and computers, controlling aspects like password complexity, software installation, security settings, and access rights. These policies are applied to groups of users or computers, streamlining administration and ensuring consistent configurations across the network.
Visit the following resources to learn more:

4
src/data/roadmaps/cyber-security/content/guestos@LocGETHz6ANYinNd5ZLsS.md
View File

@@ -1,6 +1,6 @@
# GuestOS
# Guest Operating Systems
A Guest Operating System (Guest OS) refers to an operating system that runs within a virtual machine (VM) environment, managed by a hypervisor or virtual machine monitor. In virtualization technology, the Guest OS operates as if it were running on dedicated physical hardware, but it's actually sharing resources with the host system and potentially other guest systems. This concept is crucial in cybersecurity for several reasons. It allows for isolation of systems, enabling secure testing environments for malware analysis or vulnerability assessments. Guest OSes can be quickly deployed, cloned, or reset, facilitating rapid incident response and recovery. However, they also introduce new security considerations, such as potential vulnerabilities in the hypervisor layer, escape attacks where malware breaks out of the VM, and resource contention issues. Properly configuring, patching, and monitoring Guest OSes is essential for maintaining a secure virtualized infrastructure, balancing the benefits of flexibility and isolation with the need for robust security measures.
A Guest Operating System (GuestOS) is an operating system installed within a virtual machine. Think of it as an operating system running inside another operating system (the host). This allows you to run multiple operating systems on a single physical machine, each isolated from the others. This isolation provides a contained environment for software, allowing for testing, development, and running applications in different environments simultaneously.
Visit the following resources to learn more:

2
src/data/roadmaps/cyber-security/content/hashing@0UZmAECMnfioi-VeXcvg8.md
View File

@@ -1,6 +1,6 @@
# Hashing
Hashing is a cryptographic process that converts input data of any size into a fixed-size string of characters, typically a hexadecimal number. This output, called a hash value or digest, is unique to the input data and serves as a digital fingerprint. Unlike encryption, hashing is a one-way process, meaning it's computationally infeasible to reverse the hash to obtain the original data. In cybersecurity, hashing is widely used for password storage, data integrity verification, and digital signatures. Common hashing algorithms include MD5 (now considered insecure), SHA-256, and bcrypt. Hashing helps detect unauthorized changes to data, as even a small alteration in the input produces a significantly different hash value. However, the strength of a hash function is crucial, as weak algorithms can be vulnerable to collision attacks, where different inputs produce the same hash, potentially compromising security measures relying on the uniqueness of hash values.
Hashing is a fundamental concept in computer science involving the use of a mathematical function (a hash function) to map data of arbitrary size to a fixed-size value, known as a hash or a hash code. This transformation is typically one-way, meaning it is computationally infeasible to reverse the process and recover the original data from the hash value alone. Hash functions are designed to be deterministic, ensuring that the same input always produces the same output.
Visit the following resources to learn more:

2
src/data/roadmaps/cyber-security/content/head@VNmrb5Dm4UKUgL8JBfhnE.md
View File

@@ -1,6 +1,6 @@
# head
`head` is a versatile command-line utility that enables users to display the first few lines of a text file, by default it shows the first 10 lines. In case of incident response and cyber security, it is a useful tool to quickly analyze logs or configuration files while investigating potential security breaches or malware infections in a system.
`head` is a versatile command-line utility that enables users to display the first few lines of a text file; by default, it shows the first 10 lines. In the case of incident response and cybersecurity, it is a useful tool to quickly analyze logs or configuration files while investigating potential security breaches or malware infections in a system.
Visit the following resources to learn more:

4
src/data/roadmaps/cyber-security/content/hips@l5EnhOCnkN-RKvgrS9ylH.md
View File

@@ -1,8 +1,6 @@
# Host Intrusion Prevention System (HIPS)
A Host Intrusion Prevention System (HIPS) is a security solution designed to monitor and protect individual host devices, such as servers, workstations, or laptops, from malicious activities and security threats. HIPS actively monitors system activities and can detect, prevent, and respond to unauthorized or anomalous behavior by employing a combination of signature-based, behavior-based, and heuristic detection methods.
HIPS operates at the host level, providing a last line of defense by securing the individual endpoints within a network. It is capable of preventing a wide range of attacks, including zero-day exploits, malware infections, unauthorized access attempts, and policy violations.
A Host Intrusion Prevention System (HIPS) is a software application installed on a single host (like a computer or server) that monitors the activities taking place on that host. It analyzes events for malicious or suspicious behavior, based on predefined rules and signatures, and takes action to block or mitigate threats targeting that specific system.
Visit the following resources to learn more:

2
src/data/roadmaps/cyber-security/content/honeypots@bj5YX8zhlam0yoNckL8e4.md
View File

@@ -1,6 +1,6 @@
# Honeypots
Honeypots are decoy systems or networks designed to attract and detect unauthorized access attempts by cybercriminals. These intentionally vulnerable resources mimic legitimate targets, allowing security professionals to study attack techniques, gather threat intelligence, and divert attackers from actual critical systems. Honeypots can range from low-interaction systems that simulate basic services to high-interaction ones that replicate entire network environments. They serve multiple purposes in cybersecurity: early warning systems for detecting new attack vectors, research tools for understanding attacker behavior, and diversions to waste hackers' time and resources. However, deploying honeypots requires careful consideration, as they can potentially introduce risks if not properly isolated from production environments. Advanced honeypots may incorporate machine learning to adapt to evolving threats and provide more convincing decoys. While honeypots are powerful tools for proactive defense, they should be part of a comprehensive security strategy rather than a standalone solution.
A honeypot is a decoy system or resource designed to attract and trap potential attackers. It mimics a real target, such as a server or application, but contains fabricated vulnerabilities. By monitoring the honeypot, security professionals can gather information about attacker techniques, motives, and tools, without putting genuine systems at risk. This information can then be used to improve overall security posture and incident response capabilities.
Visit the following resources to learn more:

4
src/data/roadmaps/cyber-security/content/host-based-firewall@jWl1VWkZn3n1G2eHq6EnX.md
View File

@@ -1,6 +1,6 @@
# Host-based Firewall
# Host-Based Firewall
A host-based firewall is a software application that runs directly on individual devices, such as computers, servers, or mobile devices, to control network traffic to and from that specific host. It acts as a security barrier, monitoring and filtering incoming and outgoing network connections based on predefined rules. Host-based firewalls provide an additional layer of protection beyond network firewalls, allowing for more granular control over each device's network activities. They can block unauthorized access attempts, prevent malware from communicating with command and control servers, and restrict applications from making unexpected network connections. This approach is particularly valuable in environments with mobile or remote workers, where devices may not always be protected by corporate network firewalls. However, managing host-based firewalls across numerous devices can be challenging, requiring careful policy configuration and regular updates to maintain effective security without impeding legitimate user activities.
A host-based firewall is a software application that resides on a single computer (the "host") and controls network traffic in and out of that machine. It acts as a barrier, examining incoming and outgoing network connections based on pre-configured rules. These rules dictate which connections are allowed or blocked, providing a layer of protection specifically tailored to the individual host system.
Visit the following resources to learn more:

4
src/data/roadmaps/cyber-security/content/hostos@p7w3C94xjLwSMm5qA8XlL.md
View File

@@ -1,6 +1,6 @@
# Host OS
# Host Operating System
A Host Operating System (Host OS) refers to the primary operating system installed directly on a computer's hardware, managing the physical resources and providing a platform for running applications and, in virtualized environments, supporting virtual machines. In cybersecurity, the Host OS plays a critical role as it forms the foundation of the system's security posture. It's responsible for implementing core security features such as access controls, system hardening, and patch management. The Host OS often runs the hypervisor software in virtualized environments, making its security crucial for protecting all guest operating systems and applications running on top of it. Vulnerabilities in the Host OS can potentially compromise all hosted virtual machines and services. Therefore, securing the Host OS through regular updates, proper configuration, and robust monitoring is essential for maintaining the overall security of both physical and virtualized IT infrastructures.
A Host Operating System (HostOS) is the operating system installed directly onto the physical hardware of a computer. It manages the hardware resources, such as the CPU, memory, storage, and network interfaces, and provides a platform for running other operating systems within virtual machines. Think of it as the foundation upon which virtualized environments are built.
Visit the following resources to learn more:

4
src/data/roadmaps/cyber-security/content/hr@05tH6WhToC615JTFN-TPc.md
View File

@@ -1,6 +1,6 @@
# Human Resources (HR)
# Human Resources in Cybersecurity
Human Resources (HR) plays a crucial role in an organization's cybersecurity efforts, bridging the gap between people and technology. HR is responsible for developing and implementing policies that promote a security-conscious culture, including acceptable use policies, security awareness training, and insider threat prevention programs. They manage the employee lifecycle, from secure onboarding processes that include background checks and security clearances, to offboarding procedures that ensure proper revocation of access rights. HR collaborates with IT and security teams to define job roles and responsibilities related to data access, helping to enforce the principle of least privilege. They also handle sensitive employee data, making HR systems potential targets for cyber attacks. As such, HR professionals need to be well-versed in data protection regulations and best practices for safeguarding personal information. By fostering a security-minded workforce and aligning human capital management with cybersecurity objectives, HR significantly contributes to an organization's overall security posture.
Human Resources (HR) is the department within a company responsible for managing employees. This includes recruiting, hiring, training, and handling employee relations, as well as administering compensation and benefits. When it comes to cybersecurity, HR plays a critical role in establishing and enforcing policies, training employees on security awareness, and managing the risks associated with insider threats or security breaches involving employees.
Visit the following resources to learn more:

2
src/data/roadmaps/cyber-security/content/http--https@3Awm221OJHxXNLiL9yxfd.md
View File

@@ -1,6 +1,6 @@
# HTTP / HTTPS
HTTP (Hypertext Transfer Protocol) and HTTPS (HTTP Secure) are fundamental protocols for web communication. HTTP is the foundation for data exchange on the World Wide Web, allowing browsers to request resources from web servers. However, HTTP transmits data in plain text, making it vulnerable to eavesdropping and man-in-the-middle attacks. HTTPS addresses these security concerns by adding a layer of encryption using SSL/TLS (Secure Sockets Layer/Transport Layer Security). This encryption protects the confidentiality and integrity of data in transit, securing sensitive information such as login credentials and financial transactions. HTTPS also provides authentication, ensuring that users are communicating with the intended website. In recent years, there has been a significant push towards HTTPS adoption across the web, with major browsers marking HTTP sites as "not secure." This shift has greatly enhanced overall web security, though it's important to note that HTTPS secures the connection, not necessarily the content of the website itself.
HTTP (Hypertext Transfer Protocol) is the foundation of data communication on the web. It defines how messages are formatted and transmitted between a web server and a browser. HTTPS (HTTP Secure) is the secure version of HTTP, where the communication is encrypted using Transport Layer Security (TLS) or Secure Sockets Layer (SSL). This encryption protects the data being transferred from eavesdropping and tampering.
Visit the following resources to learn more:

4
src/data/roadmaps/cyber-security/content/hybrid@ywRlTuTfh5-NHnv4ZyW1t.md
View File

@@ -1,6 +1,6 @@
# Hybrid
# Hybrid Cloud Model
Hybrid cloud architecture combines elements of both public and private cloud environments, allowing organizations to leverage the benefits of each while maintaining flexibility and control. This model enables businesses to keep sensitive data and critical applications in a private cloud or on-premises infrastructure while utilizing public cloud resources for less sensitive operations or to handle peak demand. From a cybersecurity perspective, hybrid clouds present unique challenges and opportunities. They require careful management of data flow between environments, robust identity and access management across multiple platforms, and consistent security policies. The complexity of hybrid setups can increase the attack surface, necessitating advanced security tools and practices such as cloud access security brokers (CASBs) and multi-factor authentication. However, hybrid clouds also offer advantages like the ability to implement data residency requirements and maintain greater control over critical assets. Effective security in hybrid environments demands a holistic approach, encompassing cloud-native security tools, traditional security measures, and strong governance to ensure seamless protection across all infrastructure components.
A hybrid cloud model combines on-premises infrastructure (a private cloud) with third-party public cloud services. This setup allows organizations to leverage the benefits of both environments. For example, sensitive data might remain in a private cloud for security and compliance reasons, while compute-intensive tasks can be offloaded to the public cloud for scalability and cost-effectiveness. The key is interoperability between these cloud environments, enabling data and applications to be shared.
Visit the following resources to learn more:

4
src/data/roadmaps/cyber-security/content/iaas@1nPifNUm-udLChIqLC_uK.md
View File

@@ -1,6 +1,6 @@
# IaaS
# Infrastructure as a Service (IaaS)
Infrastructure as a Service (IaaS) is a type of cloud computing service that offers virtualized computing resources over the internet. Essentially, it enables you to rent IT infrastructure—such as virtual machines (VMs), storage, and networking—on a pay-as-you-go basis instead of buying and maintaining your own physical hardware.
Infrastructure as a Service (IaaS) is a type of cloud computing service that provides on-demand access to fundamental computing resources servers, networking, storage, and virtualization over the internet. Instead of owning and managing physical hardware in an on-premises data center, users can rent these resources from a cloud provider. This allows businesses to build and run applications without the upfront investment and ongoing maintenance costs associated with traditional infrastructure.
Visit the following resources to learn more:

2
src/data/roadmaps/cyber-security/content/icloud@E7yfALgu9E2auOYDOTmex.md
View File

@@ -1,6 +1,6 @@
# iCloud
iCloud is a cloud storage and cloud computing service provided by Apple Inc. It allows users to store data, such as documents, photos, and music, on remote servers and synchronize them across their Apple devices, including iPhones, iPads, and MacBooks.
iCloud is Apple's cloud storage and cloud computing service. It allows users to store data like documents, photos, music, and contacts on remote servers and wirelessly synchronize it to their iOS, macOS, or Windows devices. iCloud also provides services like Find My (to locate lost devices) and Keychain (for password management), integrated directly into Apple's operating systems.
Visit the following resources to learn more:

40
src/data/roadmaps/cyber-security/content/installation-and-configuration@02aaEP9E5tlefeGBxf_Rj.md
View File

@@ -1,39 +1,3 @@
# Installation and Configuration
# Operating System Installation and Configuration
To effectively protect your systems and data, it is vital to understand how to securely install software and configure settings, as well as assess the implications and potential vulnerabilities during installation and configuration processes.
Importance of Proper Installation and Configuration
---------------------------------------------------
Improper installation or configuration of software can lead to an array of security risks, including unauthorized access, data breaches, and other harmful attacks. To ensure that your system is safeguarded against these potential threats, it is essential to follow best practices for software installation and configuration:
* **Research the Software**: Before installing any software or application, research its security features and reputation. Check for any known vulnerabilities, recent patches, and the software's overall trustworthiness.
* **Use Official Sources**: Always download software from trusted sources, such as the software vendor's official website. Avoid using third-party download links, as they may contain malicious code or altered software.
* **Verify File Integrity**: Verify the integrity of the downloaded software by checking its cryptographic hash, often provided by the software vendor. This ensures that the software has not been tampered with or corrupted during the download process.
* **Install Updates**: During the installation process, ensure that all available updates and patches are installed, as they may contain vital security fixes.
* **Secure Configurations**: Following the installation, properly configure the software by following the vendor's documentation or industry best practices. This can include adjusting settings related to authentication, encryption, and access control, among other important security parameters.
Configuration Considerations
----------------------------
While software configurations will vary depending on the specific application or system being utilized, there are several key aspects to keep in mind:
* **Least Privilege**: Configure user accounts and permissions with the principle of least privilege. Limit user access to the minimal level necessary to accomplish their tasks, reducing the potential attack surface.
* **Password Policies**: Implement strong password policies, including complexity requirements, minimum password length, and password expiration periods.
* **Encryption**: Enable data encryption to protect sensitive information from unauthorized access. This can include both storage encryption and encryption of data in transit.
* **Firewalls and Network Security**: Configure firewalls and other network security measures to limit the attack surface and restrict unauthorized access to your systems.
* **Logging and Auditing**: Configure logging and auditing to capture relevant security events and allow for analysis in the event of a breach or security incident.
* **Disable Unnecessary Services**: Disable any unused or unnecessary services on your systems. Unnecessary services can contribute to an increased attack surface and potential vulnerabilities.
Learn more from the following resources
Installing and configuring an operating system involves setting up the core software that manages computer hardware and resources. This process includes partitioning drives, selecting user accounts, defining network settings, and installing necessary drivers. A secure installation should minimize default services, apply the latest patches, and configure access controls to restrict unauthorized usage. Proper configuration ensures the operating system functions efficiently while also minimizing vulnerabilities.

34
src/data/roadmaps/cyber-security/content/installing-software-and-applications@Ot3LGpM-CT_nKsNqIKIye.md
View File

@@ -1,35 +1,3 @@
# Installing Software and Applications
In the realm of cyber security, installing apps safely and securely is vital to protect your devices and personal information. In this guide, we'll cover some essential steps to follow when installing apps on your devices.
Choose trusted sources
----------------------
To ensure the safety of your device, always choose apps from trusted sources, such as official app stores (e.g., Google Play Store for Android or Apple's App Store for iOS devices). These app stores have strict guidelines and often review apps for malicious content before making them available for download.
Research the app and its developer
----------------------------------
Before installing an app, it is essential to research the app and its developer thoroughly. Check for app reviews from other users and look for any red flags related to security or privacy concerns. Investigate the developer's web presence and reputation to ensure they can be trusted.
Check app permissions
---------------------
Before installing an app, always review the permissions requested. Be aware of any unusual permissions that do not correspond with the app's functionality. If an app is asking for access to your contacts, GPS, or microphone, and there isn't a reasonable explanation for why it needs this information, it could be a potential security risk.
Keep your device and apps updated
---------------------------------
To maintain your device's security, always install updates as soon as they become available. This applies not only to the apps but also to the operating system of your device. Updates often include security patches that fix known vulnerabilities, so it is essential to keep everything up to date.
Install a security app
----------------------
Consider installing a security app from a reputable company to protect your device against malware, viruses, and other threats. These apps can monitor for suspicious activity, scan for malicious software, and help keep your device secure.
Uninstall unused apps
---------------------
Regularly review the apps on your device and uninstall any that are no longer being used. This will not only free up storage space but also reduce potential security risks that might arise if these apps are not maintained or updated by their developers.
By following these guidelines, you can significantly increase your device's security and protect your valuable data from cyber threats.
Installing software and applications is more than just clicking "next, next, finish." When adding new programs to your system, think about where you're getting them from. Stick to official app stores or the developer's website for the best security. Before installing, spend a few minutes learning about the app and the company behind it. Pay close attention to the permissions the app asks for; does it really need access to your contacts or location? Regularly update both your operating system and installed apps to patch security holes. Consider installing a reputable security app to scan for malware. Finally, remove any apps you no longer use to reduce your system's attack surface.

2
src/data/roadmaps/cyber-security/content/joe-sandbox@h__KxKa0Q74_egY7GOe-L.md
View File

@@ -1,6 +1,6 @@
# Joe Sandbox
Joe Sandbox is an advanced malware analysis platform that allows security professionals to analyze suspicious files, URLs, and documents in a controlled and isolated environment known as a sandbox. This platform provides in-depth behavioral analysis by executing the potentially malicious code in a virtualized environment to observe its actions, such as file modifications, network communications, and registry changes, without risking the integrity of the actual network or systems. Joe Sandbox supports a wide range of file types and can detect and analyze complex, evasive malware that may attempt to avoid detection in less sophisticated environments. The insights generated from Joe Sandbox are crucial for understanding the nature of the threat, aiding in the development of countermeasures, and enhancing overall cybersecurity defenses.
Joe Sandbox is a system used to automatically analyze potentially malicious files or URLs within an isolated environment. It executes these samples and observes their behavior, generating detailed reports on their activities, including network communication, system modifications, and attempts to evade detection. This information helps security professionals understand the nature and severity of threats.
Visit the following resources to learn more:

2
src/data/roadmaps/cyber-security/content/key-exchange@rmR6HJqEhHDgX55Xy5BAW.md
View File

@@ -1,6 +1,6 @@
# Key Exchange
Key exchange is a cryptographic process through which two parties securely share encryption keys over a potentially insecure communication channel. This process is fundamental in establishing a secure communication session, such as in SSL/TLS protocols used for internet security. The most widely known key exchange method is the Diffie-Hellman key exchange, where both parties generate a shared secret key, which can then be used for encrypting subsequent communications. Another common method is the RSA key exchange, which uses public-key cryptography to securely exchange keys. The goal of key exchange is to ensure that only the communicating parties can access the shared key, which is then used to encrypt and decrypt messages, thereby protecting the confidentiality and integrity of the transmitted data.
Key exchange refers to the processes and protocols used to securely share cryptographic keys between parties. This allows them to then use those keys for encrypting and decrypting messages, ensuring confidentiality and integrity of their communication. Without a secure method for sharing keys, the strength of any encryption algorithm is compromised, as an attacker could simply intercept the key and decrypt the messages.
Visit the following resources to learn more:

14
src/data/roadmaps/cyber-security/content/kill-chain@7Bmp4x6gbvWMuVDdGRUGj.md
View File

@@ -1,16 +1,6 @@
# Cyber Kill Chain
# Kill Chain
The **Cyber Kill Chain** is a model that was developed by Lockheed Martin, a major aerospace, military support, and security company, to understand and prevent cyber intrusions in various networks and systems. It serves as a framework for breaking down the stages of a cyber attack, making it easier for security professionals to identify, mitigate, and prevent threats.
The concept is based on a military model, where the term "kill chain" represents a series of steps needed to successfully target and engage an adversary. In the context of cybersecurity, the model breaks down the stages of a cyber attack into seven distinct phases:
* **Reconnaissance**: This initial phase involves gathering intelligence on the target, which may include researching public databases, performing network scans, or social engineering techniques.
* **Weaponization**: In this stage, the attacker creates a weapon such as a malware, virus, or exploit and packages it with a delivery mechanism that can infiltrate the target's system.
* **Delivery**: The attacker selects and deploys the delivery method to transmit the weapon to the target. Common methods include email attachments, malicious URLs, or infected software updates.
* **Exploitation**: This is the phase where the weapon is activated, taking advantage of vulnerabilities in the target's systems or applications to execute the attacker's code.
* **Installation**: Once the exploit is successful, the attacker installs the malware on the victim's system, setting the stage for further attacks or data exfiltration.
* **Command and Control (C2)**: The attacker establishes a communication channel with the infected system, allowing them to remotely control the malware and conduct further actions.
* **Actions on Objectives**: In this final phase, the attacker achieves their goal, which may involve stealing sensitive data, compromising systems, or disrupting services.
The Kill Chain is a framework that breaks down a cyberattack into distinct stages, from initial reconnaissance to achieving the attacker's objective. It provides a structured approach to understanding and disrupting malicious activity by identifying specific points where security controls can be implemented to interrupt the attack sequence. It allows defenders to understand the attackers process so they can counter it.
Visit the following resources to learn more:

8
src/data/roadmaps/cyber-security/content/known-vs-unknown@HPlPGKs7NLqmBidHJkOZg.md
View File

@@ -1,10 +1,6 @@
# Known vs Unknown
# Known vs. Unknown Threats
"known" and "unknown" refer to the classification of threats based on the visibility and familiarity of the attack or vulnerability.
* **Known Threats** are those that have been previously identified and documented, such as malware signatures, vulnerabilities, or attack patterns. Security solutions like antivirus software and intrusion detection systems typically rely on databases of known threats to recognize and block them. These threats are easier to defend against because security teams have the tools and knowledge to detect and mitigate them.
* **Unknown Threats**, on the other hand, refer to new, emerging, or sophisticated threats that have not been previously encountered or documented. These can include zero-day vulnerabilities, which are software flaws not yet known to the vendor or the public, or advanced malware designed to evade traditional defenses. Unknown threats require more advanced detection techniques, such as behavioral analysis, machine learning, or heuristic-based detection, to identify anomalies and suspicious activities that don't match known patterns.
Known threats are security risks that have been previously identified, analyzed, and documented, often with established signatures or patterns. Unknown threats, on the other hand, are novel attacks or vulnerabilities that have not been seen before and lack readily available defenses or signatures. This distinction is critical for cybersecurity professionals because it dictates the strategies and tools used for detection and mitigation.
Visit the following resources to learn more:

4
src/data/roadmaps/cyber-security/content/lan@xWxusBtMEWnd-6n7oqjHz.md
View File

@@ -1,6 +1,6 @@
# LAN
# Local Area Networks (LANs)
A Local Area Network (LAN) is a computer network that interconnects computers and devices within a limited area, such as a home, office, school, or small group of buildings. LANs typically use Ethernet or Wi-Fi technologies to enable high-speed data communication among connected devices. They allow for resource sharing, including files, printers, and internet connections. LANs are characterized by higher data transfer rates, lower latency, and more direct control over network configuration and security compared to wide area networks (WANs). Common LAN applications include file sharing, collaborative work, local hosting of websites or services, and networked gaming. The advent of software-defined networking and cloud technologies has expanded LAN capabilities, enabling more flexible and scalable local network infrastructures.
A Local Area Network (LAN) is a network that connects computers and other devices within a limited area, such as a home, school, office, or small group of buildings. It allows devices to share resources like files, printers, and internet access, enabling communication and collaboration within that confined space. LANs are typically privately owned and managed.
Visit the following resources to learn more:

2
src/data/roadmaps/cyber-security/content/ldap@lV3swvD6QGLmD9iVfbKIF.md
View File

@@ -1,6 +1,6 @@
# LDAP
LDAP (Lightweight Directory Access Protocol) is a standardized application protocol for accessing and maintaining distributed directory information services over an IP network. It's primarily used for querying and modifying directory services, such as user authentication and information lookup. LDAP organizes data in a hierarchical tree structure and is commonly used in enterprise environments for centralized user management, authentication, and authorization. It supports features like single sign-on and can integrate with various applications and services. LDAP is widely used in conjunction with Active Directory and other directory services to provide a centralized repository for user accounts, groups, and other organizational data, facilitating efficient user and resource management in networked environments.
LDAP (Lightweight Directory Access Protocol) is a software protocol for enabling anyone to locate data about organizations, individuals, and other resources, such as files and devices on a network. It is a "directory service" that structures information in a hierarchical, tree-like structure, allowing for efficient searching and retrieval of information. Think of it like a phone book for networks, but instead of just names and numbers, it can store a wide range of information about network users and resources.
Visit the following resources to learn more:

6
src/data/roadmaps/cyber-security/content/ldaps@z_fDvTgKw51Uepo6eMQd9.md
View File

@@ -1,8 +1,6 @@
# Lightweight Directory Access Protocol Secure (LDAPS)
# LDAPS
LDAPS (Lightweight Directory Access Protocol Secure) is a secure version of the Lightweight Directory Access Protocol (LDAP), which is used to access and manage directory services over a network. LDAP is commonly employed for user authentication, authorization, and management in environments like Active Directory, where it helps manage access to resources such as applications and systems. LDAPS adds security by encrypting LDAP traffic using SSL/TLS (Secure Sockets Layer/Transport Layer Security) protocols, protecting sensitive information like usernames, passwords, and directory data from being intercepted or tampered with during transmission. This encryption ensures data confidentiality and integrity, making LDAPS a preferred choice for organizations that require secure directory communication.
By using LDAPS, organizations can maintain the benefits of LDAP while ensuring that sensitive directory operations are protected from potential eavesdropping or man-in-the-middle attacks on the network.
LDAPS (Lightweight Directory Access Protocol Secure) is a method of securing LDAP communications by using SSL (Secure Sockets Layer) or TLS (Transport Layer Security) to encrypt the data transmitted between a client and a directory server. This encryption prevents eavesdropping and tampering with sensitive information like usernames, passwords, and other directory attributes during transit, ensuring a more secure directory service environment.
Visit the following resources to learn more:

46
src/data/roadmaps/cyber-security/content/learn-how-malware-works-and-types@v7CD_sHqLWbm9ibXXESIK.md
View File

@@ -1,45 +1,3 @@
# Learn how Malware Operates and Types
# Malware Analysis and Types
Malware, short for malicious software, refers to any software intentionally created to cause harm to a computer system, server, network, or user. It is a broad term that encompasses various types of harmful software created by cybercriminals for various purposes. In this guide, we will delve deeper into the major types of malware and their characteristics.
Virus
-----
A computer virus is a type of malware that, much like a biological virus, attaches itself to a host (e.g., a file or software) and replicates when the host is executed. Viruses can corrupt, delete or modify data, and slow down system performance.
Worm
----
Worms are self-replicating malware that spread through networks without human intervention. They exploit system vulnerabilities, consuming bandwidth and sometimes carrying a payload to infect target machines.
Trojan Horse
------------
A trojan horse is a piece of software disguised as a legitimate program but contains harmful code. Users unknowingly download and install it, giving the attacker unauthorized access to the computer or network. Trojans can be used to steal data, create a backdoor, or launch additional malware attacks.
Ransomware
----------
Ransomware is a type of malware that encrypts its victims' files and demands a ransom, typically in the form of cryptocurrency, for the decryption key. If the victim refuses or fails to pay within a specified time, the encrypted data may be lost forever.
Spyware
-------
Spyware is a type of malware designed to collect and relay information about a user or organization without their consent. It can capture keystrokes, record browsing history, and access personal data such as usernames and passwords.
Adware
------
Adware is advertising-supported software that automatically displays or downloads advertising materials, often in the form of pop-up ads, on a user's computer. While not always malicious, adware can be intrusive and open the door for other malware infections.
Rootkit
-------
A rootkit is a type of malware designed to hide or obscure the presence of other malicious programs on a computer system. This enables it to maintain persistent unauthorized access to the system and can make it difficult for users or security software to detect and remove infected files.
Keylogger
---------
Keyloggers are a type of malware that monitor and record users' keystrokes, allowing attackers to capture sensitive information, such as login credentials or financial information entered on a keyboard.
Learn more from the following resources:
Malware, short for malicious software, refers to any program or code designed to harm, disrupt, or gain unauthorized access to computer systems, networks, or devices. This encompasses various forms like viruses that replicate themselves, worms that self-propagate across networks, Trojans disguised as legitimate software, ransomware that encrypts data for extortion, spyware that secretly monitors user activity, and adware that displays unwanted advertisements. Understanding the mechanisms and characteristics of different malware types is essential for effective detection, prevention, and mitigation of cyber threats.

4
src/data/roadmaps/cyber-security/content/legal@C5bCIdPi0gGkY_r4qqoXZ.md
View File

@@ -1,6 +1,6 @@
# Legal
# Legal Departments and Cybersecurity
A legal department within an organization is responsible for handling all legal matters that affect the business, ensuring compliance with laws and regulations, and providing advice on various legal issues. Its primary functions include managing contracts, intellectual property, employment law, and regulatory compliance, as well as addressing disputes, litigation, and risk management. The legal department also plays a crucial role in corporate governance, ensuring that the company operates within the boundaries of the law while minimizing legal risks. In some cases, they work with external legal counsel for specialized legal matters, such as mergers and acquisitions or complex litigation.
A legal department in a company handles all legal matters, including contracts, compliance with laws and regulations, and dealing with potential lawsuits. Regarding cybersecurity, their role involves ensuring the company follows data privacy laws, managing legal risks related to data breaches, creating policies for data handling and security, and advising on legal aspects of incident response and digital forensics. They also work with other departments to ensure that security measures are legally sound and compliant.
Visit the following resources to learn more:

29
src/data/roadmaps/cyber-security/content/lessons-learned@ErRol7AT02HTn3umsPD_0.md
View File

@@ -1,30 +1,3 @@
# Lessons Learned
The final and vital step of the incident response process is reviewing and documenting the "lessons learned" after a cybersecurity incident. In this phase, the incident response team conducts a thorough analysis of the incident, identifies key points to be learned, and evaluates the effectiveness of the response plan. These lessons allow organizations to improve their security posture, making them more resilient to future threats. Below, we discuss the main aspects of the lessons learned phase:
Post-Incident Review
--------------------
Once the incident has been resolved, the incident response team gathers to discuss and evaluate each stage of the response. This involves examining the actions taken, any issues encountered, and the efficiency of communication channels. This stage helps in identifying areas for improvement in the future.
Root Cause Analysis
-------------------
Understanding the root cause of the security incident is essential to prevent similar attacks in the future. The incident response team should analyze and determine the exact cause of the incident, how the attacker gained access, and what vulnerabilities were exploited. This will guide organizations in implementing proper security measures and strategies to minimize risks of a reoccurrence.
Update Policies and Procedures
------------------------------
Based on the findings of the post-incident review and root cause analysis, the organization should update its security policies, procedures, and incident response plan accordingly. This may involve making changes to access controls, network segmentation, vulnerability management, and employee training programs.
Conduct Employee Training
-------------------------
Sharing the lessons learned with employees raises awareness and ensures that they have proper knowledge and understanding of the organization's security policies and procedures. Regular training sessions and awareness campaigns should be carried out to enhance employee cybersecurity skills and reinforce best practices.
Document the Incident
---------------------
It's crucial to maintain accurate and detailed records of security incidents, including the measures taken by the organization to address them. This documentation serves as evidence of the existence of an effective incident response plan, which may be required for legal, regulatory, and compliance purposes. Furthermore, documenting incidents helps organizations to learn from their experience, assess trends and patterns, and refine their security processes.
In conclusion, the lessons learned phase aims to identify opportunities to strengthen an organization's cybersecurity framework, prevent similar incidents from happening again, and continuously improve the incident response plan. Regular reviews of cybersecurity incidents contribute to building a robust and resilient security posture, mitigating risks and reducing the impact of cyber threats on the organization's assets and operations.
The final step in incident response focuses on solidifying what was gained from the experience. It starts with a post-incident review, where the team dissects the incident timeline, actions taken, and overall effectiveness. A root cause analysis identifies the underlying vulnerabilities or weaknesses that allowed the incident to occur. The findings then inform updates to existing security policies and procedures to prevent similar incidents in the future. Employee training is updated to reflect these changes and improve awareness. Finally, the entire incident, including its root cause, response actions, and lessons learned, is thoroughly documented for future reference and continuous improvement.

4
src/data/roadmaps/cyber-security/content/local-auth@vYvFuz7lAJXZ1vK_4999a.md
View File

@@ -1,6 +1,6 @@
# Local Auth
# Local Authentication
Local authentication refers to the process of verifying a user's identity on a specific device or system without relying on external servers or networks. It typically involves storing and checking credentials directly on the device itself. Common methods include username/password combinations, biometrics (fingerprint, face recognition), or PIN codes. Local authentication is often used for device access, offline applications, or as a fallback when network-based authentication is unavailable. While it offers quick access and works without internet connectivity, it can be less secure than centralized authentication systems and more challenging to manage across multiple devices. Local authentication is commonly used in personal devices, standalone systems, and scenarios where network-based authentication is impractical or unnecessary.
Local authentication is the process of verifying a user's identity directly against a database or security mechanism housed on the same system or network they are trying to access. This typically involves checking credentials, like usernames and passwords, against locally stored information to grant or deny access to resources. It contrasts with methods that rely on external authentication servers or services.
Visit the following resources to learn more:

4
src/data/roadmaps/cyber-security/content/localhost@0TWwox-4pSwuXojI8ixFO.md
View File

@@ -1,6 +1,6 @@
# localhost
# Localhost
**Localhost** refers to the standard hostname used to access the local computer on which a network service or application is running. It resolves to the loopback IP address `127.0.0.1` for IPv4 or `::1` for IPv6. When you connect to `localhost`, you're effectively communicating with your own machine, allowing you to test and debug network services or applications locally without accessing external networks.
Localhost is a hostname that refers to the current computer being used to access it. It's essentially a way for your computer to communicate with itself over a network connection. Typically, it resolves to the IP address 127.0.0.1, which is reserved for loopback addresses. This allows programs and services running on your machine to interact with each other without needing to connect to an external network.
Visit the following resources to learn more:

2
src/data/roadmaps/cyber-security/content/lolbas@10qbxX8DCrfyH7tgYexxQ.md
View File

@@ -1,6 +1,6 @@
# LOLBAS
**LOLBAS** (Living Off the Land Binaries and Scripts) refers to a collection of legitimate system binaries and scripts that can be abused by attackers to perform malicious actions while evading detection. These tools, which are often part of the operating system or installed software, can be leveraged for various purposes, such as executing commands, accessing data, or modifying system configurations, thereby allowing attackers to carry out their activities without deploying custom malware. The use of LOLBAS techniques makes it harder for traditional security solutions to detect and prevent malicious activities since the binaries and scripts used are typically trusted and deemed legitimate.
Living Off The Land Binaries and Scripts (LOLBAS) refers to the use of legitimate, pre-installed operating system tools and programs for malicious purposes. Instead of introducing new malware, attackers leverage these existing, trusted binaries to perform actions such as downloading files, executing code, or gathering information, often evading traditional security defenses that focus on detecting malicious software.
Visit the following resources to learn more:

4
src/data/roadmaps/cyber-security/content/loopback@W_oloLu2Euz5zRSy7v_T8.md
View File

@@ -1,6 +1,6 @@
# loopback
# Loopback
**Loopback** refers to a special network interface used to send traffic back to the same device for testing and diagnostic purposes. The loopback address for IPv4 is `127.0.0.1`, while for IPv6 it is `::1`. When a device sends a request to the loopback address, the network data does not leave the local machine; instead, it is processed internally, allowing developers to test applications or network services without requiring external network access. Loopback is commonly used to simulate network traffic, check local services, or debug issues locally.
A loopback is a mechanism where network traffic is routed back to the originating device. It's essentially a shortcut for a device to talk to itself over a network. This is achieved using a special IP address (typically 127.0.0.1 for IPv4 or ::1 for IPv6) and a designated network interface (the loopback interface). The data never actually leaves the host, instead being internally redirected.
Visit the following resources to learn more:

4
src/data/roadmaps/cyber-security/content/mac-based@OAukNfV5T0KTnIF9jKYRF.md
View File

@@ -1,6 +1,6 @@
# MAC-based
# Mandatory Access Control (MAC)
**Mandatory Access Control (MAC)** is a security model in which access to resources is governed by predefined policies set by the system or organization, rather than by individual users. In MAC, access decisions are based on security labels or classifications assigned to both users and resources, such as sensitivity levels or clearance levels. Users cannot change these access controls; they are enforced by the system to maintain strict security standards and prevent unauthorized access. MAC is often used in high-security environments, such as government or military systems, to ensure that data and resources are accessed only by individuals with appropriate authorization.
Mandatory Access Control (MAC) is a security model where the operating system enforces strict rules on access to resources. Unlike discretionary access control (DAC), where users control access to their own files, MAC uses a centralized authority to define access policies. These policies are based on labels or classifications assigned to both users and data. Access is granted only if the user's label matches or dominates the data's label, ensuring a rigid and consistent security posture.
Visit the following resources to learn more:

4
src/data/roadmaps/cyber-security/content/man@LrwTMH_1fTd8iB9wJg-0t.md
View File

@@ -1,6 +1,6 @@
# MAN
# Metropolitan Area Network (MAN)
A **Metropolitan Area Network (MAN)** is a type of network that spans a city or large campus, connecting multiple local area networks (LANs) within that geographic area. MANs are designed to provide high-speed data transfer and communication services to organizations, institutions, or businesses across a city. They support a variety of applications, including internet access, intranet connectivity, and data sharing among multiple locations. Typically, MANs are faster and cover a broader area than LANs but are smaller in scope compared to wide area networks (WANs).
A Metropolitan Area Network (MAN) is a computer network that connects computers and other devices within a geographical area larger than a local area network (LAN) but smaller than a wide area network (WAN). It's essentially a scaled-up version of a LAN, designed to serve a city or metropolitan area. MANs are often used to connect multiple LANs together, allowing devices in different locations to communicate with each other.
Visit the following resources to learn more:

2
src/data/roadmaps/cyber-security/content/management@s9tHpzYRj2HCImwQhnjFM.md
View File

@@ -1,6 +1,6 @@
# Management
The Management Department in a company is responsible for overseeing the organization's overall operations, strategy, and performance. It typically consists of senior executives and managers who make critical decisions, set goals, and provide leadership across various functional areas. This department focuses on planning, organizing, directing, and controlling resources to achieve organizational objectives. Key responsibilities include developing business strategies, managing budgets, overseeing human resources, ensuring regulatory compliance, and driving organizational growth. The Management Department also plays a crucial role in fostering company culture, facilitating communication between different departments, and adapting the organization to changing market conditions and internal needs.
Management departments within companies are generally responsible for planning, organizing, and directing the operations of an organization to achieve its goals. Their role in cybersecurity involves setting security policies, allocating resources for security initiatives, and ensuring compliance with relevant regulations. They also play a key role in risk management, incident response planning, and overall security awareness training for employees.
Visit the following resources to learn more:

4
src/data/roadmaps/cyber-security/content/mesh@PYeF15e7iVB9seFrrO7W6.md
View File

@@ -1,6 +1,6 @@
# Mesh
# Mesh Network Topology
Mesh topology is a network architecture where devices or nodes are interconnected with multiple direct, point-to-point links to every other node in the network. This structure allows data to travel from source to destination through multiple paths, enhancing reliability and fault tolerance. In a full mesh topology, every node is connected to every other node, while in a partial mesh, only some nodes have multiple connections. Mesh networks are highly resilient to failures, as traffic can be rerouted if a link goes down. They're commonly used in wireless networks, IoT applications, and critical infrastructure where redundancy and self-healing capabilities are crucial. However, mesh topologies can be complex and expensive to implement, especially in large networks due to the high number of connections required.
A mesh network topology is a network setup where devices are interconnected with each other through multiple redundant paths. Unlike traditional networks where devices are connected to a central node, in a mesh network, each node can act as a router and forward data to other nodes. This creates a web-like structure, increasing reliability and resilience because if one connection fails, data can be rerouted through alternative paths.
Visit the following resources to learn more:

4
src/data/roadmaps/cyber-security/content/mfa--2fa@pnfVrOjDeG1uYAeqHxhJP.md
View File

@@ -1,6 +1,6 @@
# MFA and 2FA
# Multi-Factor Authentication (MFA) and Two-Factor Authentication (2FA)
**Multi-Factor Authentication (MFA)** and **Two-Factor Authentication (2FA)** are security methods that require users to provide two or more forms of verification to access a system. **2FA** specifically uses two factors, typically combining something the user knows (like a password) with something they have (like a phone or token) or something they are (like a fingerprint). **MFA**, on the other hand, can involve additional layers of authentication beyond two factors, further enhancing security. Both methods aim to strengthen access controls by making it harder for unauthorized individuals to gain access, even if passwords are compromised.
Multi-factor authentication (MFA) is an authentication method that requires the user to present multiple pieces of evidence (factors) to verify their identity. Two-factor authentication (2FA) is a specific type of MFA that uses only two factors. These factors typically fall into categories like something you know (password), something you have (security token or code sent to your phone), or something you are (biometrics).
Visit the following resources to learn more:

36
src/data/roadmaps/cyber-security/content/navigating-using-gui-and-cli@MGitS_eJBoY99zOR-W3F4.md
View File

@@ -1,35 +1,3 @@
# Navigating using GUI and CLI
# GUI vs. CLI Navigation
Graphical User Interface (GUI)
------------------------------
A Graphical User Interface (GUI) is a type of user interface that allows users to interact with a software program, computer, or network device using images, icons, and visual indicators. The GUI is designed to make the user experience more intuitive, as it enables users to perform tasks using a mouse and a keyboard without having to delve into complex commands. Most modern operating systems (Windows, macOS, and Linux) offer GUIs as the primary means of interaction.
**Advantages of GUI:**
* User-friendly and visually appealing
* Easier for beginners to learn and navigate
* Reduces the need to memorize complex commands
**Disadvantages of GUI:**
* Consumes more system resources (memory, CPU) than CLI
* Some advanced features might not be available or accessibly as quickly compared to CLI
Command Line Interface (CLI)
----------------------------
A Command Line Interface (CLI) is a text-based interface that allows users to interact with computer programs or network devices directly through commands that are entered via a keyboard. CLIs are used in a variety of contexts, including operating systems (e.g., Windows Command Prompt or PowerShell, macOS Terminal, and Linux shell), network devices (such as routers and switches), and some software applications.
**Advantages of CLI:**
* Faster and more efficient in performing tasks once commands are known
* Requires fewer system resources (memory, CPU) than GUI
* Provides more control and advanced features for experienced users
**Disadvantages of CLI:**
* Steeper learning curve for beginners
* Requires memorization or reference material for commands and syntax
By understanding how to navigate and use both GUI and CLI, you will be better equipped to manage and secure your computer systems and network devices, as well as perform various cyber security tasks that may require a combination of these interfaces. It is essential to be familiar with both methods, as some tasks may require the precision and control offered by CLI, while others may be more efficiently performed using a GUI.
Navigating an operating system can be done in two primary ways: using a Graphical User Interface (GUI) or a Command Line Interface (CLI). A GUI presents visual elements like windows, icons, and menus that you interact with using a mouse or touch. Conversely, a CLI relies on text-based commands that you type into a terminal or console to instruct the system to perform specific actions.

11
src/data/roadmaps/cyber-security/content/networking-knowledge@gSLr-Lc119eX9Ig-kDzJ2.md
View File

@@ -1,15 +1,6 @@
# Networking Knowledge
**Networking knowledge** encompasses understanding the principles, technologies, and protocols involved in connecting and managing networks. Key areas include:
* **Network Protocols**: Familiarity with protocols like TCP/IP, DNS, DHCP, and HTTP, which govern data transmission and communication between devices.
* **Network Topologies**: Knowledge of network architectures such as star, ring, mesh, and hybrid topologies, which influence how devices are interconnected.
* **IP Addressing and Subnetting**: Understanding IP address allocation, subnetting, and CIDR notation for organizing and managing network addresses.
* **Network Devices**: Knowledge of routers, switches, firewalls, and access points, and their roles in directing traffic, providing security, and enabling connectivity.
* **Network Security**: Awareness of security measures like VPNs, firewalls, IDS/IPS, and encryption to protect data and prevent unauthorized access.
* **Troubleshooting**: Skills in diagnosing and resolving network issues using tools like ping, traceroute, and network analyzers.
This knowledge is essential for designing, implementing, and maintaining effective and secure network infrastructures.
Networking, in its simplest form, is how devices connect and communicate with each other. It involves understanding concepts like IP addresses, protocols (like TCP/IP and HTTP), network topologies (such as star or mesh), and devices that facilitate communication, like routers, switches, and firewalls. Understanding how data packets are routed, how network security protocols work, and how different network architectures function is crucial for any professional working to protect computer systems and data.
Visit the following resources to learn more:

2
src/data/roadmaps/cyber-security/content/nist@SOkJUTd1NUKSwYMIprv4m.md
View File

@@ -1,6 +1,6 @@
# NIST
**NIST (National Institute of Standards and Technology)** is a U.S. federal agency that develops and promotes measurement standards, technology, and best practices. In the context of cybersecurity, NIST provides widely recognized guidelines and frameworks, such as the **NIST Cybersecurity Framework (CSF)**, which offers a structured approach to managing and mitigating cybersecurity risks. NIST also publishes the **NIST Special Publication (SP) 800 series**, which includes standards and guidelines for securing information systems, protecting data, and ensuring system integrity. These resources are essential for organizations seeking to enhance their security posture and comply with industry regulations.
The National Institute of Standards and Technology (NIST) is a non-regulatory agency of the U.S. Department of Commerce. Its mission is to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life. NIST develops and maintains a wide range of standards, guidelines, and frameworks that are used by organizations to improve their cybersecurity posture and manage risk. These resources provide a common language and set of best practices that can be adopted across different industries and sectors.
Visit the following resources to learn more:

4
src/data/roadmaps/cyber-security/content/ntp@tf0TymdPHbplDHvuVIIh4.md
View File

@@ -1,6 +1,6 @@
# NTP
# Network Time Protocol (NTP)
**Network Time Protocol (NTP)** is a protocol used to synchronize the clocks of computers and network devices over a network. It ensures that all systems maintain accurate and consistent time by coordinating with a hierarchy of time sources, such as atomic clocks or GPS, through network communication. NTP operates over UDP port 123 and uses algorithms to account for network delays and adjust for clock drift, providing millisecond-level accuracy. Proper time synchronization is crucial for applications requiring time-sensitive operations, logging events, and maintaining the integrity of security protocols.
Network Time Protocol (NTP) is a networking protocol designed to synchronize the clocks of computers over a network. It uses a hierarchical system of time servers to distribute accurate time information, enabling devices to maintain consistent and reliable timestamps. This protocol operates by exchanging time data between a client and one or more time servers to calculate the network delay and clock offset, allowing the client to adjust its clock to match the server's time.
Visit the following resources to learn more:

43
src/data/roadmaps/cyber-security/content/os-independent-troubleshooting@pJUhQin--BGMuXHPwx3JJ.md
View File

@@ -1,47 +1,6 @@
# OS-Independent Troubleshooting
Understanding Common Symptoms
-----------------------------
In order to troubleshoot effectively, it is important to recognize and understand the common symptoms encountered in IT systems. These can range from hardware-related issues, such as overheating or physical damage, to software-related problems, such as slow performance or unresponsiveness.
Basic Troubleshooting Process
-----------------------------
Following a systematic troubleshooting process is critical, regardless of the operating system. Here are the basic steps you might follow:
* **Identify the problem**: Gather information on the issue and its symptoms, and attempt to reproduce the problem, if possible. Take note of any error messages or unusual behaviors.
* **Research and analyze**: Search for potential causes and remedies on relevant forums, web resources, or vendor documentation.
* **Develop a plan**: Formulate a strategy to resolve the issue, considering the least disruptive approach first, where possible.
* **Test and implement**: Execute the proposed solution(s) and verify if the problem is resolved. If not, repeat the troubleshooting process with a new plan until the issue is fixed.
* **Document the process and findings**: Record the steps taken, solutions implemented, and results to foster learning and improve future troubleshooting efforts.
Isolating the Problem
---------------------
To pinpoint the root cause of an issue, it's important to isolate the problem. You can perform this by:
* **Disabling or isolating hardware components**: Disconnect any peripherals or external devices, then reconnect and test them one by one to identify the defective component(s).
* **Checking resource usage**: Utilize built-in or third-party tools to monitor resource usage (e.g., CPU, memory, and disk) to determine whether a bottleneck is causing the problem.
* **Verifying software configurations**: Analyze the configuration files or settings for any software or applications that could be contributing to the problem.
Networking and Connectivity Issues
----------------------------------
Effective troubleshooting of network-related issues requires an understanding of various protocols, tools, and devices involved in networking. Here are some basic steps you can follow:
* **Verify physical connectivity**: Inspect cables, connectors, and devices to ensure all components are securely connected and functioning correctly.
* **Confirm IP configurations**: Check the system's IP address and related settings to ensure it has a valid IP configuration.
* **Test network services**: Use command-line tools, such as `ping` and `traceroute` (or `tracert` in Windows), to test network connections and diagnose potential problems.
Log Analysis
------------
Logs are records of system events, application behavior, and user activity, which can be invaluable when troubleshooting issues. To effectively analyze logs, you should:
* **Identify relevant logs**: Determine which log files contain information related to the problem under investigation.
* **Analyze log content**: Examine events, error messages, or patterns that might shed light on the root cause of the issue.
* **Leverage log-analysis tools**: Utilize specialized tools or scripts to help parse, filter, and analyze large or complex log files.
Troubleshooting IT systems involves a systematic approach to identify and resolve issues, regardless of the operating system. This process includes recognizing common symptoms such as slow performance or hardware failures and following a structured plan to isolate the problem. Key techniques include checking physical connections, monitoring resource usage, verifying software configurations, analyzing logs, and testing network services with tools such as `ping` and `traceroute`.
Visit the following resources to learn more:

4
src/data/roadmaps/cyber-security/content/paas@PQ_np6O-4PK2V-r5lywQg.md
View File

@@ -1,6 +1,6 @@
# PaaS
# Platform as a Service (PaaS)
Platform as a Service, or **PaaS**, is a type of cloud computing service that provides a platform for developers to create, deploy, and maintain software applications. PaaS combines the software development platform and the underlying infrastructure, such as servers, storage, and networking resources. This enables developers to focus on writing and managing their applications, without worrying about the underlying infrastructure's setup, maintenance, and scalability. PaaS simplifies the application development and deployment process by providing a platform and its associated tools, saving developers time and resources. By leveraging PaaS, organizations can focus on their core competencies and build innovative applications without worrying about infrastructure management.
Platform as a Service (PaaS) is a cloud computing model that delivers a complete platform—hardware, software, and infrastructure—for developing, running, and managing applications without the complexity of building and maintaining the underlying infrastructure typically associated with developing and launching an app. Think of it as providing the tools and resources needed for software development, all hosted in the cloud.
Visit the following resources to learn more:

2
src/data/roadmaps/cyber-security/content/penetration-testing-rules-of-engagement@NkAAQikwH-A6vrF8fWpuB.md
View File

@@ -1,6 +1,6 @@
# Penetration Testing Rules of Engagement
**Penetration Testing Rules of Engagement** define the guidelines and boundaries for conducting a penetration test. They establish the scope, objectives, and constraints, including the systems and networks to be tested, the testing methods allowed, and the times during which testing can occur. These rules ensure that the testing is conducted ethically and legally, minimizing disruptions and protecting sensitive data. They also include communication protocols for reporting findings and any necessary approvals or permissions from stakeholders to ensure that the testing aligns with organizational policies and compliance requirements.
Rules of Engagement (RoE) in penetration testing define the boundaries, scope, and limitations of the test. It's a documented agreement between the penetration tester and the client that outlines what systems are in scope, what testing techniques are permitted, a detailed schedule, and communication protocols during the engagement. This agreement ensures that the penetration test is conducted ethically, legally, and with minimal disruption to the client's business operations, preventing accidental damage or unintended consequences.
Visit the following resources to learn more:

4
src/data/roadmaps/cyber-security/content/performing-crud-on-files@zRXyoJMap9irOYo3AdHE8.md
View File

@@ -1,6 +1,6 @@
# Performing CRUD on Files
# File CRUD Operations in Operating Systems
Performing CRUD operations on files involves creating new files (using write mode), reading file contents (using read mode), updating files (by appending or overwriting existing content), and deleting files (using commands or functions like `os.remove()` in Python). These basic operations are fundamental for managing file data in various applications.
Creating, reading, updating, and deleting (CRUD) files are fundamental operations within any operating system. These actions allow users and programs to interact with data stored on a computer, enabling everything from saving documents to managing configuration settings. Understanding how these operations work at a lower level provides insights into data management and system security.
Visit the following resources to learn more:

13
src/data/roadmaps/cyber-security/content/perimiter-vs-dmz-vs-segmentation@PUgPgpKio4Npzs86qEXa7.md
View File

@@ -1,15 +1,6 @@
# Perimeter vs DMZ vs Segmentation
# Perimeter, DMZ, and Segmentation
In network security, **perimeter**, **DMZ (Demilitarized Zone)**, and **segmentation** are strategies for organizing and protecting systems:
1. **Perimeter** security refers to the outer boundary of a network, typically protected by firewalls, intrusion detection systems (IDS), and other security measures. It acts as the first line of defense against external threats, controlling incoming and outgoing traffic to prevent unauthorized access.
2. **DMZ** is a subnet that sits between an internal network and the external internet, hosting public-facing services like web servers and mail servers. The DMZ isolates these services to minimize the risk of attackers gaining access to the internal network by compromising a public-facing server.
3. **Segmentation** divides a network into smaller, isolated sections or zones, each with its own security controls. This limits the spread of attacks, enhances internal security, and enforces access control between different parts of the network, reducing the potential impact of a breach.
Together, these strategies create a layered defense, protecting sensitive resources by managing traffic flow and access points across the network.
These are network security concepts that define how a network is structured to protect its assets. The perimeter is the outer defense line, controlling traffic entering and exiting the network. A DMZ (Demilitarized Zone) hosts publicly accessible services, isolating them from the internal network. Segmentation divides the network into smaller, isolated zones to limit the impact of a security breach.
Visit the following resources to learn more:

2
src/data/roadmaps/cyber-security/content/phishing@7obusm5UtHwWMcMMEB3lt.md
View File

@@ -1,6 +1,6 @@
# Phishing
The technique where scammers pretend to be trusted organizations like your _bank_, _online retailers_ or a _government office_ in order to trick you into sharing your personal information like bank passcode, credit card number, Paypal password etc.
Phishing is a type of social engineering attack where malicious actors attempt to deceive individuals into revealing sensitive information, such as usernames, passwords, credit card details, or other personal data. This is often done by disguising oneself as a trustworthy entity in an electronic communication, like an email, message, or website, to trick the recipient into clicking a malicious link or providing the requested information. The goal is to steal data or install malware on the victim's device.
Visit the following resources to learn more:

4
src/data/roadmaps/cyber-security/content/pki@fxyJxrf3mnFTa3wXk1MCW.md
View File

@@ -1,6 +1,6 @@
# PKI
# Public Key Infrastructure (PKI)
**Public Key Infrastructure (PKI)** is a framework that manages digital certificates and public-private key pairs, enabling secure communication, authentication, and data encryption over networks. PKI supports various security services such as confidentiality, integrity, and digital signatures. It includes components like **Certificate Authorities (CAs)**, which issue and revoke digital certificates, **Registration Authorities (RAs)**, which verify the identity of certificate requestors, and **certificates** themselves, which bind public keys to individuals or entities. PKI is essential for secure online transactions, encrypted communications, and identity verification in applications like SSL/TLS, email encryption, and code signing.
Public Key Infrastructure (PKI) is a system that uses digital certificates to verify and authenticate the identity of users, devices, and services. It relies on cryptographic keys a public key for encrypting data and a corresponding private key for decrypting it. PKI establishes a trusted environment for secure electronic transactions and communication by managing digital certificates that bind a public key to an identity, ensuring that the communication is from a trusted party.
Visit the following resources to learn more:

4
src/data/roadmaps/cyber-security/content/power-shell@paY9x2VJA98FNGBFGRXp2.md
View File

@@ -1,6 +1,6 @@
# Power Shell
# PowerShell
**PowerShell** is a task automation and configuration management framework from Microsoft, consisting of a command-line shell and an associated scripting language. It is widely used for system administration, enabling administrators to automate tasks, manage systems, and configure services both on-premises and in cloud environments. PowerShell supports complex scripting with its access to .NET libraries, making it powerful for automating processes, managing network configurations, and interacting with APIs. It also plays a critical role in cybersecurity, as attackers can use PowerShell for malicious purposes, while defenders use it for forensic analysis and system management.
PowerShell is a command-line shell and scripting language developed by Microsoft. It's designed for system administrators to automate tasks and manage operating systems. Built on the .NET framework, PowerShell uses cmdlets (pronounced "command-lets") to perform specific actions and can interact with various system components and applications.
Visit the following resources to learn more:

11
src/data/roadmaps/cyber-security/content/private-vs-public-keys@7svh9qaaPp0Hz23yinIye.md
View File

@@ -1,13 +1,6 @@
# Private Key vs Public Key
# Private vs Public Keys
**Public keys** and **private keys** are cryptographic components used in asymmetric encryption.
* **Public Key:** This key is shared openly and used to encrypt data or verify a digital signature. It can be distributed widely and is used by anyone to send encrypted messages to the key owner or to verify their digital signatures.
* **Private Key:** This key is kept secret by the owner and is used to decrypt data encrypted with the corresponding public key or to create a digital signature. It must be protected rigorously to maintain the security of encrypted communications and authentication.
Together, they enable secure communications and authentication, where the public key encrypts or verifies, and the private key decrypts or signs.
Private and public keys are fundamental components of modern cryptography. A private key is a secret, known only to the owner, used for encrypting data and creating digital signatures. A public key, mathematically related to the private key, can be shared openly and is used to decrypt messages encrypted with the corresponding private key or to verify digital signatures created with the private key. The security relies on the difficulty of deriving the private key from the public key.
Visit the following resources to learn more:

2
src/data/roadmaps/cyber-security/content/public-vs-private-ip-addresses@2nQfhnvBjJg1uDZ28aE4v.md
View File

@@ -1,6 +1,6 @@
# Public vs Private IP Addresses
Public addresses are IP addresses assigned to devices directly accessible over the internet, allowing them to communicate with external networks and services. In contrast, private addresses are used within local networks and are not routable over the internet, providing a way for devices within a private network to communicate with each other while conserving public IP address space. Public addresses are unique across the internet, whereas private addresses are reused across different local networks and are typically managed by network address translation (NAT) to interface with public networks.
Public addresses are IP addresses assigned to devices directly accessible over the internet, allowing them to communicate with external networks and services. In contrast, private addresses are used within local networks and are not routable over the Internet, providing a way for devices within a private network to communicate with each other while conserving public IP address space. Public addresses are unique across the internet, whereas private addresses are reused across different local networks and are typically managed by network address translation (NAT) to interface with public networks.
Visit the following resources to learn more:

4
src/data/roadmaps/cyber-security/content/public@ZDj7KBuyZsKyEMZViMoXW.md
View File

@@ -1,6 +1,6 @@
# Public
# Public Cloud
A **public cloud** is a computing service offered by third-party providers over the internet, where resources such as servers, storage, and applications are shared among multiple users or organizations. It is typically managed by the cloud service provider and offers scalability, cost-effectiveness, and ease of access, with users paying only for the resources they consume. Public clouds are ideal for businesses and individuals who need flexible, on-demand computing resources without the overhead of managing physical infrastructure. Popular examples include Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP).
Public cloud refers to computing services offered by a third-party provider over the public internet, available to anyone who wants to use or purchase them. These services include servers, storage, databases, networking, software, analytics, and intelligence. Users typically pay only for the resources they consume, allowing for scalability and cost-effectiveness.
Visit the following resources to learn more:

2
src/data/roadmaps/cyber-security/content/python@XiHvGy--OkPFfJeKA6-LP.md
View File

@@ -5,5 +5,5 @@
Visit the following resources to learn more:
- [@roadmap@Visit Dedicated Python Roadmap](https://roadmap.sh/python)
- [@course@Python Full Course 2024](https://www.youtube.com/watch?v=ix9cRaBkVe0)
- [@course@Python Full Course for Beginners](https://www.youtube.com/watch?v=K5KVEU3aaeQ)
- [@video@Python in 100 Seconds](https://www.youtube.com/watch?v=x7X9w_GIm1s)

11
src/data/roadmaps/cyber-security/content/rmf@fjEdufrZAfW4Rl6yDU8Hk.md
View File

@@ -1,13 +1,6 @@
# RMF
# Risk Management Framework (RMF)
A **Risk Management Framework (RMF)** is a structured approach that organizations use to identify, assess, manage, and mitigate risks. It provides a systematic process to ensure that risks are effectively controlled and aligned with the organization's objectives. Key components include:
1. **Risk Identification:** Identifying potential internal and external risks that could impact the organization.
2. **Risk Assessment:** Evaluating the likelihood and impact of identified risks.
3. **Risk Mitigation:** Developing strategies to reduce or eliminate risks, such as controls, policies, and contingency plans.
4. **Risk Monitoring:** Continuously tracking risks and the effectiveness of mitigation measures.
5. **Communication and Reporting:** Regularly updating stakeholders on the risk status and actions taken.
6. **Review and Improvement:** Periodically reassessing the framework and adapting to changes in the business or regulatory environment.
The Risk Management Framework (RMF) is a structured, comprehensive process for managing security and privacy risk for information systems, organizations, and individuals. It provides a unified framework to identify, assess, and mitigate risks throughout the system development lifecycle. The RMF involves selecting security controls, implementing them, assessing their effectiveness, authorizing system operation, and continuously monitoring the implemented controls.
Visit the following resources to learn more:

Some files were not shown because too many files have changed in this diff Show More