| Term | Definition | Example |
|---|---|---|
| OSI Model (7 Layers) | Conceptual model . | |
| Layers: 1οΈβ£ Physical (Cables, NICs) 2οΈβ£ Data Link (Ethernet, MAC) | ||
| 3οΈβ£ Network (IP, Routing) | ||
| 4οΈβ£ Transport (TCP/UDP) | ||
| 5οΈβ£ Session (Communication mgmt.) | ||
| 6οΈβ£ Presentation (Data translation, SSL/TLS, Encoding) | ||
| 7οΈβ£ Application (HTTP, FTP, SMTP). | When you browse a website: | |
| β’ App Layer β HTTP request | ||
| β’ Trans Layer β TCP segments | ||
| β’ Network β IP packets | ||
| β’ Data Link β Ethernet frames | ||
| β’ Physical β bits over cable. | ||
| TCP/IP Model (4 Layers) | Practical model used in the internet. | |
| Layers: | ||
| 1οΈβ£ Network Interface (Ethernet, Wi-Fi) | ||
| 2οΈβ£ Internet (IP, ICMP) | ||
| 3οΈβ£ Transport (TCP, UDP) | ||
| 4οΈβ£ Application (HTTP, FTP, DNS). | Sending an email β SMTP over TCP (Application), | |
| TCP segments (Transport), IP packets (Internet), Ethernet (Network Interface). | ||
| HTTP Methods | Four main methods used in web requests: GET β retrieve data. POST β send data to server. PUT β update existing resource. DELETE β remove a resource. | Example: |
GET /profile β view profile |
||
POST /login β submit credentials |
||
PUT /user/123 β update user info |
||
DELETE /user/123 β delete user. |
||
| Common Ports | Network services listen on specific ports. Examples: 21 (FTP), 22 (SSH), 23 (Telnet), 25 (SMTP), 53 (DNS), 80 (HTTP), 110 (POP3), 143 (IMAP), 443 (HTTPS), 3306 (MySQL), 3389 (RDP), 445 (SMB). | Access command examples: |
ftp 192.168.1.10 (port 21) |
||
ssh [email protected] (port 22) |
||
telnet 192.168.1.10 23 nc -nv 192.168.1.10 445 |
| Term | Definition | Example |
|---|---|---|
| Encoding | Converting data into a different format for compatibility, not security. Reversible. Common Types: β’ Base64 β’ ASCII β’ URL Encoding (%20 = space). | String "Hello" β Base64 = "SGVsbG8=". |
| ASCII β 7 bit encoding (english only) | ||
| UTF-8 β standard encoding for web | ||
| UTF16/32 β unicode encoding (used internally in windows, java) | ||
| Encryption | Securing data so only authorized parties can read it. Reversible with a key. | |
| Types: β’ Symmetric (same key for encrypt/decrypt) β AES, DES, 3DES. | ||
| β’ Asymmetric (public/private key) β RSA, ECC(elliptic curve cryptography). | ||
| β’ Hybrid (TLS uses RSA + AES). | If Alice encrypts with Bobβs public key, only Bob can decrypt with his private key (RSA). | |
| Hashing | One-way transformation of data into a fixed-length digest. Not reversible. Algorithms: | |
| β’ MD5 (128-bit, outdated) | ||
| β’ (secure hash algorithm) SHA-1 (160-bit, weak) | ||
| β’ SHA-256 (secure, widely used). | Password "admin123" β SHA256 = c7ad44cbad.... |
| Model | Definition | Example |
|---|---|---|
| STRIDE | Categorizes threats: | |
| S β Spoofing | ||
| T β Tampering | ||
| R β Repudiation | ||
| I β Information Disclosure | ||
| D β Denial of Service | ||
| E β Elevation of Privilege. | Web app login β Spoofing = fake login Tampering = modifying DB entries DoS = login brute-force. | |
| DREAD | Risk scoring model (0β10 each): | |
| D β Damage potential | ||
| R β Reproducibility | ||
| E β Exploitability | ||
| A β Affected users | ||
| D β Discoverability. | SQL Injection: Damage=10, Reproducibility=10, Exploitability=9, Users=10, Discoverability=9 β Very High Risk. |
| Step | Definition | Example |
|---|---|---|
| 1. Pre-engagement | Define scope, rules of engagement. | Decide if test is black-box/white-box. |
| 2. Intelligence Gathering | Reconnaissance, scanning. | Subdomain discovery using subfinder. |
| 3. Threat Modeling | Identify potential attack vectors. | Login form β risk of SQLi, brute-force. |
| 4. Vulnerability Analysis | Find flaws in systems. | Run nmap --script=vuln. |
| 5. Exploitation | Actively exploit vulnerabilities. | Use sqlmap to dump DB. |
| 6. Post-Exploitation | Maintain access, privilege escalation. | Use Meterpreter session. |
| 7. Reporting | Document findings with impact + fixes. | Write risk report with screenshots. |
| Term | Definition | Example |
|---|---|---|
| SQL Injection (SQLi) | Injecting SQL queries to manipulate DB. Types: β’ In-band (direct results shown) β’ Blind (Boolean/Time-based) β’ Error-based (error messages leak info). | Login bypass: admin' OR '1'='1. |
| Cross-Site Scripting (XSS) | Injecting malicious JS into a site. Types: β’ Reflected (in URL params) β’ Stored (saved in DB) β’ DOM-based (client-side). | <script>alert(1)</script>. |
| CSRF | Tricks a user into performing actions on another site without consent. | Attacker sends <img src="<http://bank.com/transfer?amt=1000&to=attacker>">. |
| IDOR (Insecure Direct Object Ref.) | Accessing objects by changing identifiers without proper authorization. | URL: /user/123/profile β change to /user/124/profile. |
| Tool | Use Case | Example |
|---|---|---|
| Burp Suite | Proxy for intercepting/modifying HTTP requests, scanning vulnerabilities. | Use βRepeaterβ to test SQLi on login form. |
| OWASP ZAP | Open-source web scanner. Scan Types: Quick, Active, Passive. Can generate SSL certs to decrypt HTTPS traffic. | Use ZAP as a proxy to see HTTPS requests. |
| Postman | API testing tool. Send requests, test auth (OAuth/JWT), validate responses. | Send POST /api/login with JSON payload. |
| OpenVAS | Vulnerability scanner. 4 Functions: Scanning, Reporting, False-positive mgmt, Asset discovery. | Scan 192.168.1.10 for missing patches. |