Cybersecurity & Awareness

Common cyber attacks

• Phishing and spear phishing: social engineering campaigns crafted to steal credentials or trigger malware.
• Business Email Compromise (BEC): impersonation attacks that redirect payments or request sensitive data.
• Ransomware: encryption and extortion operations that often include data theft before detonation.
• DDoS and application-layer flooding: traffic exhaustion attacks that disrupt service availability.
• Credential stuffing and password spraying: automated login abuse using reused or weak credentials.
• Man-in-the-middle (MitM): interception attacks on unsafe networks or compromised endpoints.
• SQL injection and web exploit chains: abuse of input validation flaws in applications and APIs.
• Supply-chain compromise: attackers pivot through vendors, dependencies, or software update paths.
• Insider threat incidents: deliberate abuse or negligent handling of privileged access and data.

Types of hackers and threat actors

• White-hat (ethical) hackers: authorized security professionals who test and improve defenses.
• Black-hat hackers: unauthorized attackers pursuing financial gain, disruption, or espionage.
• Gray-hat actors: unauthorized testing without explicit permission, sometimes disclosing flaws later.
• Script kiddies: low-skill actors using public exploit tools without deep technical understanding.
• Hacktivists: ideology-driven groups targeting organizations for political or social messaging.
• Organized cybercrime groups: structured teams running ransomware, fraud, and data-theft operations.
• State-sponsored/APT groups: persistent actors focused on espionage, strategic disruption, or IP theft.
• Insider adversaries: employees/contractors abusing access intentionally or under coercion.

Malware categories teams should know

• Virus: attaches to legitimate files and spreads when infected content is executed.
• Worm: self-replicates across systems and networks without user interaction.
• Trojan horse: appears legitimate while creating hidden attacker access.
• Ransomware: encrypts systems/files and demands payment for decryption or data non-disclosure.
• Spyware and keyloggers: covertly monitor activity and capture credentials or sensitive data.
• Adware and malvertising payloads: inject unwanted ads and may chain into deeper compromise.
• Rootkits: stealth tools that hide malicious activity and maintain privileged persistence.
• Botnets: compromised device fleets controlled for DDoS, spam, or credential attacks.
• Fileless malware: memory-resident techniques using native tooling to evade signature detection.

Penetration testing lifecycle

1. Planning and scoping: define targets, rules of engagement, legal authorization, and success criteria.
2. Reconnaissance: collect external and internal intelligence on domains, hosts, identities, and tech stack.
3. Scanning and enumeration: identify open services, software versions, trust relationships, and weaknesses.
4. Exploitation: validate vulnerabilities using controlled attack paths and documented evidence.
5. Post-exploitation and lateral movement analysis: measure blast radius and privilege escalation paths.
6. Reporting and remediation workshop: deliver findings by severity, business impact, and clear fixes.
7. Retest and closure: verify remediation effectiveness and track unresolved residual risk.