Cyber Security

100 DAYS CHALLENGE TEAM

 100 Days Job Prep Challenge

Cyber Security

EEE CSE

ICT ECE
©
100 DAYS
CHALLENGE
TEAM
SE ETE

IT CS

Enroll Now: CSE/IT Job Preparation Course

100 Days Job Prep Challenge
 Preface
সরকারর চাকরর যেন যসানার হররণ সহজে ধরা রিজে চায়না। সরকারর চাকররর প্ররেজোরিো অজনক যেরি। একটিমাত্র পজির
েনয হাোর হাোর প্রার্থী প্ররেজোরিো কজর র্াজক। প্ররেজোরিোয় টিকজে হজে আপনাজক অেিযই যকৌিেথ হজে হজে, প্রচু র
প্রাকটিস করজে হজে, সজেীাচ্চ যোিযোর অরধকারথ হজে হজে।

আমাদের সমসযা

সাককী োর আজস, চজে োয় রকন্তু কারষিে েে রমজে না। এর রপছজন রকছু কারণ আমরা প্রার্রমক ভাজে রচরিে কজররছ ।
প্রর্মে এক্সাম যেি পরজে প্রস্তুরে যনওয়া শুরু করা এিা আমাজির একটি েড় প্রেজেম। আমাজির ২য় সেজচজয় েড় সমসযা
হয় পারজেক্ট ররজসাসী না পাওয়া । এর পজর যে সমসযা গুজো আজস যসগুজো হজো রপ্রপাজরিন প্লান, স্ট্রাজিরে, রররভিন, িাইম
মযাজনেজমন্ি ইেযারি।
“The first step in solving a problem is admitting there is a problem to be solved.”—
Pete Seeger
সমসযা সমাধান

সাককী োর যেসে রপ্রপাজরিন না রনজয় সকে CSE/IT েে এর েনয একটি সেীেনথন রপ্রপাজরিন আমাজির ১ম সমসযা যর্জক
মকক্ত করজে। পরথিার রপ্রপাজরিজনর েনয পাজেী ক্ট ররজসাসী এর েজিয আমরা যচষ্টা কররছ একটি রপ্ররময়াম ররজসাসী যসি তেরর
করার। আমরা রেশ্বাস করর এই ররজসাসী োোজর প্রচরেে যেজকান েই/ররজসাসী যর্জক যসরা হজে। একটি পাজেী ক্ট ররজসাসী
আমাজির োরক সকে সমসযা রপ্রপাজরিন প্লান, স্ট্রাজিরে, রররভিন, িাইম মযাজনেজমন্ি ইেযারি সমাধান কজর যেেজে ইনিা
আল্লাহ .

100 days job Preparation

CSE/IT েে এর েনয গুরুত্বপূণী িরপক আমরা সোই োরন। রকন্তু রপ্রপাজরিন রনজে আপনাজক হজে হজে যকৌিেথ এেং
স্মািী । আমাজির ১০০ রিজনর রপ্রপাজরিন প্লান টি আপনাজক একটি Efficient & Effective রপ্রপাজরিন রনজে সাহােয
করজে। ১৪ সপ্তাজহর এই রপ্রপাজরিন প্লান টি সাোজনা হজয়জছ এমন ভাজে োজে কজর আপরন একটি চাকক রথর পািাপারিও
প্রস্তুরে রনজে পারজেন।

“এই ই-েকক/রপ্ররময়াম ররজসাসী টি এর স্বত্বারধকারথ একমাত্র ©100 DAYS CHALLENGE TEAM সংরিণ কজর।“
এই ররজসাসী টি এেথি করা, রেরি করা, যিয়ার করা(যেজকান মাধযজম) সম্পূণী রনজেধ

যকান ভু ে যচাজে পরজে আমাজির োনাজনার েনয অনকজরাধ রইে। ই-েকক/রপ্ররময়াম ররজসাসী টি আমরা রনয়রমে আপজেি
করজো । পরেেথী সংস্করণ আপজেি যপজে আমাজির গ্রুজপ েজয়ন করুন এেং রনয়রমে ক্লাস, অনকিথেন, রেস্কািজন
অংিগ্রহন করুন। ধনযোি।

Click Here to Join

 Our Premium Resource

Computer Computer Computer Analog

Architecture Operating Network Communicati
System on

Digital Optical Database Linux

Communication & & Command
Telecommunication SQL

Data Programming Cyber Digital

Structure Security Logic
& Algorithm Circuit

Basic Advance
Electrical and Engineering
Electronics Technology

Click Icon to Join with Us

Collect All Resources: 01521331257
 Gift and Bonus
আমাজির যকাজসী এনজরাে করার েনয ধনযোি৷ োরা আমাজির যকাসী টিজে েকক্ত হজয়জছন োজির েনযই আমাজির এই হযান্ড
যনাি/ ররজসাসী উপহার। আপনাজির েনয র্াকজে যরোজরন্স কযািেযাক ১০%। যসজিজত্র নেু ন যকও যররেজস্ট্রিন এর সময়
যরোজরন্স পারসন এর ঘজর আপনার নাম এেং যমাোইে নাম্বার রিজে হজে।

Click Icon to Join with Us

 To Those Who are Enrolled the Course 

আমাজির যকাজসী এনজরাে করার েনয ধনযোি। এিা একটি যপইে ররজসাসী। হযান্ডজনাি/ ররজসাসী উপহার িা আপনাজির কাজছ
আমানে স্বরুপ। এই ররজসাসী টি এেথি করা, রেরি করা, যিয়ার করা(যেজকান মাধযজম) আমানজের যেয়ানে হজে। যসজিজত্র
আপনার যর্জক প্রাপ্ত প্ররে েন রহজসজে 5০০ িাকা হাজর ঋনথ হজয় র্াকজেন। আিা করর যোনাজসর সকজোি টি রনজেন এেং এই
অসৎ কাে যর্জক রেরে র্াকজেন। ধনযোি।

 To Those Who are not Enrolled the Course 

আমাজির যকাজসী এনজরাে না কজরও ররজসাসী টি পড়ার েনয ধনযোি। আপনার প্ররে আহোন আমাজির গ্রুজপ রি েজয়ন যহান।
যকাজসী এনজরাে হজয় রনন আপজেজিে ররজসাসী হযান্ডজনাি/ ররজসাসী িা েকজে রনন। নেু ো আপরনও 5০০ িাকা ঋনথ হজয় র্াকজেন।

ঋন পরিশ োধ কিোি উপোয়: 01521331257 (রিকো /নগদ)

Copyright ©100 Days Challenge Join Our Group Study Platform

Module 1: Security Concepts of Information Assurance

Confidentiality: protect Availability: ensure

Integrity: Ensure
the data that needs the data is accessible
the data has not
protection and permit to authorized users
been altered in
access to authorized when and where it is
an unauthorized
individuals while needed, and in the
manner.
preventing access to form and format that
unauthorized. is required.

Disclosure: having Alteration: Changing Destruction/Denial:

sensitive data or data or information Making a system
information leave from its original form. unreachable. A
the organization. This can be in the form common example
This is more of encrypting would be a denial-
commonly called a information or of-service attack.
data breach. completely deleting it.

রিসর্োর্সটি এরিি কিো, কোি করি কিো, রিরিিং কিো, রিরি কিো, শেয়োি কিো (সেসকোন মোধ্যসম) রনসেধ্। শর্সেসে আিনোি শেসক প্রোপ্ত প্ররিজন রিসর্সি 500 িোকো
িোসি ঋনী িসয় েোকসিন 100 Days Challenge Team এি কোসে।
Copyright ©100 Days Challenge Join Our Group Study Platform

• Locks, fences. badge reader

Physical controls: Measures implemented to
• Surveillance cameras, biometric access systems
physically secure assets, facilities, or
• Mantrap portal, airlock
resources.
• Security Guards

• Passwords
Technical controls (also called logical
• Data encryption
controls): security controls that computer
• firewalls.
systems and networks directly implement.
• Logging and Auditing

Administrative controls (also known as • Policies, procedures, and guidelines.

managerial controls): directives, guidelines • Disaster recovery, Incident response planning
or advisories aimed at the people within the • “under surveillance, warning” signs
organization. • security awareness training

• Employing only qualified personnel

Preventive Control: Prevent an error,
• Segregation of duties
omission or malicious act from occurring.
• Access controls, Authentication mechanisms
Attempt to predict potential problems
• Standard Operating procedures SOP/EOP
before they occur and make adjustments
• Use of encryption software

• Error messages/ Warning messages

Detective Control: Use controls that detect
• Periodic performance review
and report the occurrence of an error,
• Internal audit/ quality assurance functions
omission or malicious act
• Review of activity logs/Audit trails

Corrective Control: Identify the cause of a • Continuity of operations planning

problem. Minimize the impact of a threat, • Disaster recovery planning
Modify the processing system(s) to minimize • Incident response planning
future occurrences of the problem • Backup procedures

রিসর্োর্সটি এরিি কিো, কোি করি কিো, রিরিিং কিো, রিরি কিো, শেয়োি কিো (সেসকোন মোধ্যসম) রনসেধ্। শর্সেসে আিনোি শেসক প্রোপ্ত প্ররিজন রিসর্সি 500 িোকো
িোসি ঋনী িসয় েোকসিন 100 Days Challenge Team এি কোসে।
Copyright ©100 Days Challenge Join Our Group Study Platform

Threat:
Vulnerability: Risk:
Threat is a potential
Vulnerability is a weakness in Risk is the potential
cause of an unwanted
your infrastructure, for loss, damage or
incident which may
networks or applications destruction of assets
result in harm to a
that potentially exposes you or data caused by a
system or
to threats. cyber threat.
organization.

❖ Asset: Asset is Anything of value that is owned by an organization. Physical or electronical

রিসর্োর্সটি এরিি কিো, কোি করি কিো, রিরিিং কিো, রিরি কিো, শেয়োি কিো (সেসকোন মোধ্যসম) রনসেধ্। শর্সেসে আিনোি শেসক প্রোপ্ত প্ররিজন রিসর্সি 500 িোকো
িোসি ঋনী িসয় েোকসিন 100 Days Challenge Team এি কোসে।
Copyright ©100 Days Challenge Join Our Group Study Platform

Exposure: Exposure means an identified Exploit: An exploit is a program, or piece of

vulnerability that may be utilized to code, designed to find and take advantage
compromise Fund Confidential Information. of a security flaw or vulnerability

Incident Intrusion Breach

An event that actually or A security event, or The loss of control,
potentially jeopardizes combination of security compromise,
the confidentiality, events, that constitutes a unauthorized
integrity or availability security incident in which an disclosure,
of an information intruder gains, or attempts to unauthorized
system gain, access to a system or
system resource without
acquisition or any
authorization. similar occurrence

• Regulations: commonly issued in the form of laws, usually from government (not to be confused with
governance) and typically carry financial penalties for non-compliance.

• Standards: often used by governance teams to provide a framework to introduce policies and procedures
in support of regulations.

• Policies: put in place by organizational governance, such as executive management, to provide guidance
to all activities to ensure that the organization supports industry standards and regulations.

• Procedures: the detailed steps to complete a task that support departmental or organizational policies.

রিসর্োর্সটি এরিি কিো, কোি করি কিো, রিরিিং কিো, রিরি কিো, শেয়োি কিো (সেসকোন মোধ্যসম) রনসেধ্। শর্সেসে আিনোি শেসক প্রোপ্ত প্ররিজন রিসর্সি 500 িোকো
িোসি ঋনী িসয় েোকসিন 100 Days Challenge Team এি কোসে।
Copyright ©100 Days Challenge Join Our Group Study Platform

1. Identify Vulnerabilities: Identifying details such as operating systems, applications, services, and
configurations when searching for vulnerabilities. These include network scans and
authentication-based scans. This is often performed regularly through automated schedules.

2. Prioritize Remediation Tasks: Identified vulnerabilities need to be categorized and assigned risk-
based prioritization based on company-specific risk context.

3. Assess Improvement: Establishing a risk baseline for point of references as vulnerabilities are
remediated. Assessments allow ongoing baseline over time, and create proof of value
conversations with intuitive reporting and understandable metrics.

4. Remediate Vulnerabilities, Threats: Vulnerabilities need to be fixed. Controls should be in place

for remediation to be successfully completed while documenting progress.

5. Verify Remediation: Remediation effectiveness can be validated through post remediation

scanning, scoring, and reporting.

6. Secure Posture Reporting: Executives and teams need to understand the risks associated with
every vulnerability. IT needs to report on vulnerabilities identified and remediated, so executives
can provide a summary of a vulnerability’s state.

রিসর্োর্সটি এরিি কিো, কোি করি কিো, রিরিিং কিো, রিরি কিো, শেয়োি কিো (সেসকোন মোধ্যসম) রনসেধ্। শর্সেসে আিনোি শেসক প্রোপ্ত প্ররিজন রিসর্সি 500 িোকো
িোসি ঋনী িসয় েোকসিন 100 Days Challenge Team এি কোসে।
Copyright ©100 Days Challenge Join Our Group Study Platform

RISK IDENTIFICATION RISK ASSESSMENT

Identify and document potential risks that may Identify and document potential risks that may
affect the system quality, performance, and affect the system quality, performance, and
compliance as well as could affect your compliance as well as could affect your
organization. This can include: organization. This can include:
❑ Physical Risk ❑ Physical Risk
❑ Logical risk ❑ Logical risk
❑ Data integrity ❑ Data integrity
❑ Internal risks ❑ Internal risks
❑ External risks ❑ External risks

RISK ANALYSIS RISK EVALUATION

Analyze the causes and effects of each risk. After A numeric assessment of risk scenario in which
identifying risk scenario, determine the team assigns each failure mode numeric values
likelihood, probability of the hazard occurring per that quantify likelihood of occurrence. Prioritize
number of transactions and assigns a value to and Evaluate risks based on their potential
that estimate. This can include: impact and risk tolerance or acceptable level.
❑ Threat Analysis This Can be:
❑ Impact Analysis ❑ HIGH
❑ Probability Analysis ❑ MEDIUM
❑ Severity Analysis ❑ LOW
❑ Detection Analysis

RISK MITIGATION
Develop and implement strategies to mitigate or control risks. These strategies may include
❑ Risk accepts: Taking no action to reduce the likelihood of a risk occurring.
❑ Risk avoids: Decision to attempt to eliminate the risk entirely.
❑ Risk reduction: Taking actions to prevent or reduce the possibility of a risk event or its impact.
❑ Risk transfer: Passing the risk to another party

রিসর্োর্সটি এরিি কিো, কোি করি কিো, রিরিিং কিো, রিরি কিো, শেয়োি কিো (সেসকোন মোধ্যসম) রনসেধ্। শর্সেসে আিনোি শেসক প্রোপ্ত প্ররিজন রিসর্সি 500 িোকো
িোসি ঋনী িসয় েোকসিন 100 Days Challenge Team এি কোসে।
Copyright ©100 Days Challenge Join Our Group Study Platform

An incident is an event that could lead to loss of, or disruption to, an organization's operations, services,
information or functions. Incident management is a term describing the activities of an organization to
identify, analyze, and correct hazards to prevent a future re-occurrence. The Steps are below.

Preparation: Select people, assign rules, define tools to handle the incident.

Detection & Analysis: Determine an incident has occurred (IDS, SIEM, AV, someone
reporting, etc.).

Classification and Prioritization: Classify Determined incident as major, minor etc

Notification: Identify minor and major incident; who and how to notify an incident.

Containment: Limit the damage; Isolate hosts; Contact system owners.

Forensic Investigation: Investigate the root cause of the incident using forensic tools;
System logs, real-time memory, network device logs, application logs, etc;

Eradicate & Recovery: Remove the cause of incident; Patch if needed. Recovery: get back
into production; Monitor affected systems.

Post-incident Activities: Document what happened and why; Transfer knowledge.

রিসর্োর্সটি এরিি কিো, কোি করি কিো, রিরিিং কিো, রিরি কিো, শেয়োি কিো (সেসকোন মোধ্যসম) রনসেধ্। শর্সেসে আিনোি শেসক প্রোপ্ত প্ররিজন রিসর্সি 500 িোকো
িোসি ঋনী িসয় েোকসিন 100 Days Challenge Team এি কোসে।
 যেভাবে প্রস্তুতি তিবেি
এই সপ্তাবে আপতি এই চাপ্টার টি পড়বেি টিক কবর যেবেি। সপ্তাবের ৫ তিবি ৫ টি মতিউে যেষ কবর
যেবেি। সপ্তাবের োতক ২ তিি তেতভন্ন যকাবেি আন্সার সেভ করুি। তরতভেি তিি ।

Inviting You to Join Our Group Study Platform

“We believe these resources will be unparalleled”

Click Icon to Join with Us

Open Your Camera → Select QR code Scanner

◼◼◼ Let’s Start the Module!!!

Copyright ©100 Days Challenge Join Our Group Study Platform

Module 2: System based Cyber Attacks

A threat in cybersecurity is a malicious activity by an individual or organization to corrupt or steal data,

gain access to a system, network, or disrupts digital life in general. We categorized security threats in 3
categories.

System based Web Application based Network based

Cyber Attacks and Cyber Attacks and Cyber Attacks and
Threats Threats Threats

System-based cyber-attacks and threats are those that specifically target the individual computer systems,
servers, devices or individual person. Example: Malware, Phishing etc.

Malware: Malware is any software intentionally designed to cause disruption to a computer,

server, client, or computer network, leak private information, gain unauthorized access to
information or systems, deprive access to information, or which unknowingly interferes with
the user's computer security and privacy.

রিসর্োর্টি
স এরিি কিো, কোি করি কিো, রিরিিং কিো, রিক্রি কিো, শেয়োি কিো (শেসকোন মোধ্যসম) রনসেধ্। শর্সেসে আিনোি শেসক প্রোপ্ত প্ররিজন
রিসর্সি 500 িোকো িোসি ঋনী িসয় েোকসিন 100 Days Challenge Team এি কোসে।
Copyright ©100 Days Challenge Join Our Group Study Platform

1. Viruses:
• Self-replicating malware that attaches to legitimate files and spreads when those files are
executed.
2. Worms:
• Self-replicating malware that spreads autonomously across networks and systems.
3. Trojans:
• Deceptive malware disguised as legitimate programs to trick users into installing and
executing them.
4. Ransomware:
• Malware that encrypts files and demands payment for decryption, often in cryptocurrency.
5. Spyware:
• Covert software that monitors and collects user activities without their knowledge.
6. Adware:
• Unwanted software displaying advertisements on a user's device, often with tracking
features.
7. Keyloggers:
• Malicious software recording keystrokes, capturing sensitive information like passwords.
8. Rootkits:
• Malware concealing its presence by subverting or disabling security software.
9. Bootkit:
• Malware infecting a computer's boot process, often in the master boot record (MBR).
10. Gootkit:
• Advanced banking Trojan designed to steal sensitive financial information.
11. Botnets:
• Networks of compromised computers controlled by a central server for malicious activities.
12. Droppers:
• Malware delivering and installing additional malicious payloads onto a system.
13. RAM Scrapers:
• Malware targeting sensitive data stored in a computer's random-access memory (RAM).
14. Backdoors:
• Hidden entry points allowing unauthorized access and control to a system.
15. Scareware:
• Deceptive software that presents false security alerts to trick users into taking specific
actions.

রিসর্োর্টি
স এরিি কিো, কোি করি কিো, রিরিিং কিো, রিক্রি কিো, শেয়োি কিো (শেসকোন মোধ্যসম) রনসেধ্। শর্সেসে আিনোি শেসক প্রোপ্ত প্ররিজন
রিসর্সি 500 িোকো িোসি ঋনী িসয় েোকসিন 100 Days Challenge Team এি কোসে।
Copyright ©100 Days Challenge Join Our Group Study Platform

Features Virus Worm Trojan horse

Viruses are computer
programs that connect to
Definition
other software or programs to
harm the system.
A worm is similar to a virus that A Trojan Horse disguised as
multiplies and executes itself to legitimate programs to trick users
slow down and harm the into installing and executing
system's performance. them.

Replication It replicates itself. It also replicates itself. It doesn't replicate itself.

Execution It relies on the transfer. It relies on the replication. It relies on the installation.

Rate of Viruses spread at a moderate Worms spread quicker rate Trojan horses is slower than that
Spreading rate. than viruses and Trojan. of viruses and worms.

These are utilized to excessive It may be utilized to steal user

It is primarily utilized to
Purpose using system resources and data to obtain access to the user's
modify or erase system data.
slow it down. computer system.

Content Rootkit Bootkit Gootkit

Rootkit is a secret computer
software designed to perform
Definition
a wide range of malicious
activities.
Disable security software,
record information as you type,
What it
simplifying the process of
done
stealing information for cyber
criminals.
There are five types of rootkits:
1. Hardware or firmware
rootkit;
Module and
2. Bootloader rootkit;
Classification
3. Memory rootkit;
4. Application rootkit
5. Kernel-mode rootkit.
Bootkit is an advanced form of
Rootkit that targets the Master
Boot Record located on the
physical motherboard of the
computer.
Bootkit can cause system
instability and result in Blue
Screen warning. Some bootkit
infections may display a
warning and demand a ransom
to restore the computer to
operational capacity.
The malicious software usually
spreads via
1. bootable floppy disks
2. other bootable media.
However, recently, it is
distributed via
1. harmless software program
2. phishing emails or
3. free downloads.
Gootkit is a trojan horse, has the
ability to hack into bank accounts,
steal login information and
manipulate online transactions.
Its capabilities include infiltration
of banking accounts, stealing
credentials and manipulating
online banking sessions.
The malware uses three main
modules:
1. The Loader,
2. The Main Module and
3. The Web Injection Module. The
Loader module is the first stage of
the trojan which sets up the
persistent environment. The main
module creates a proxy server
that works in conjunction with the
new browser injection module.

রিসর্োর্টি
স এরিি কিো, কোি করি কিো, রিরিিং কিো, রিক্রি কিো, শেয়োি কিো (শেসকোন মোধ্যসম) রনসেধ্। শর্সেসে আিনোি শেসক প্রোপ্ত প্ররিজন
রিসর্সি 500 িোকো িোসি ঋনী িসয় েোকসিন 100 Days Challenge Team এি কোসে।
Copyright ©100 Days Challenge Join Our Group Study Platform

No. ADWARE SPYWARE RANSOMWARE

Adware is similar to a Spyware is a form of Ransomware is a form of
spyware and it can be both malware designed to collect malware designed to block
1
intrusive and difficult to your personal information. access from system until a
eradicate. ransom fee is paid.
The main objective of The main objective of the The main objective of
adware is to monitor your spyware is to monitor the ransomware is to take money
2
interests and display activity of the system. by gaining access.
relevant ads.
It is unknowingly attached It is unknowingly install the It is generally spread through
with free to use software, product when they install phishing emails having
3
distributed through pop-up some other software or malicious attachments.
windows. freeware.
Adware is less harmful than Spyware is more harmful as Ransomware is more harmful
4 spyware. compared. among all the malware

Fireball, Appearch, Gator Bonzibuddy, Cydore and Crypto, Wanna Cry, Cerber and
and dollarrevenue are some Downloadware are some locker are some of the
5
of the examples of adware. examples of spyware. examples of Ransomwares.

রিসর্োর্টি
স এরিি কিো, কোি করি কিো, রিরিিং কিো, রিক্রি কিো, শেয়োি কিো (শেসকোন মোধ্যসম) রনসেধ্। শর্সেসে আিনোি শেসক প্রোপ্ত প্ররিজন
রিসর্সি 500 িোকো িোসি ঋনী িসয় েোকসিন 100 Days Challenge Team এি কোসে।
Copyright ©100 Days Challenge Join Our Group Study Platform

Phishing:

Spear Phishing Vishing Email Phishing

Targeted phishing attacks Phishing attacks conducted Deceptive emails that trick
directed at specific via voice or phone calls. users into revealing sensitive
individuals or organizations. information.

Zero-Day Exploits:

A zero-day is a vulnerability or security hole in a computer system unknown to its owners,

developers or anyone capable of mitigating it. Attacks that target software vulnerabilities
before the developer releases a fix or patch.

Foot printing

It involves scanning open ports, mapping network topologies, and collecting information about
hosts, their operating systems, IP addresses, and user accounts. This gathered data helps to
generate a comprehensive technical blueprint of the target organization.

Drive-By Downloads:

Malicious software downloads that occur without the user's knowledge when visiting a website.

আমাদের ককাদসে এনদরাল করার জনয ধনযবাে। এটি একটি কেইড ককাসে। এই ককাদসের ককান হ্যান্ড কনাি/ ররদসাসে এরডি করা, কাি করে করা, রিরেিং
করা, রবরি করা, কেয়ার করা (দেদকান মাধযদম) রনদেধ। কসদেদে আেনার কেদক প্রাপ্ত প্ররিজন রহ্দসদব 500 িাকা হ্াদর ঋনী হ্দয় োকদবন।

Update Resource ◼ WhatsApp: 01521331257 ◼ Question solution

রিসর্োর্টি
স এরিি কিো, কোি করি কিো, রিরিিং কিো, রিক্রি কিো, শেয়োি কিো (শেসকোন মোধ্যসম) রনসেধ্। শর্সেসে আিনোি শেসক প্রোপ্ত প্ররিজন
রিসর্সি 500 িোকো িোসি ঋনী িসয় েোকসিন 100 Days Challenge Team এি কোসে।
 যেভাবে প্রস্তুতি তিবেি
এই সপ্তাবে আপতি এই চাপ্টার টি পড়বেি টিক কবর যেবেি। সপ্তাবের ৫ তিবি ৫ টি মতিউে যেষ কবর
যেবেি। সপ্তাবের োতক ২ তিি তেতভন্ন যকাবেি আন্সার সেভ করুি। তরতভেি তিি ।

Inviting You to Join Our Group Study Platform

“We believe these resources will be unparalleled”

Click Icon to Join with Us

Open Your Camera → Select QR code Scanner

◼◼◼ Let’s Start the Module!!!

রিসর্োর্সটি এরিি কিো, কোি করি কিো, রিরিিং কিো, রিরি কিো, শেয়োি কিো (সেসকোন মোধ্যসম) রনসেধ্। শর্সেসে আিনোি শেসক প্রোপ্ত প্ররিজন রিসর্সি 500 িোকো
িোসি ঋনী িসয় েোকসিন 100 Days Challenge Team এি কোসে।

Module 3: Web Application Cyber Attacks and Threats

web application is software that runs in your web browser. Web application-based cyber-attacks and
threats focus on exploiting vulnerabilities in web-based applications, websites, and their underlying
technologies. These attacks aim to compromise the confidentiality, integrity, or availability of web
applications and the data they handle. Examples are given.

1. SQL Injection (SQLi)

Description Prevention
SQL Injection involves manipulating a web • Use parameterized queries or prepared
application's database by injecting malicious statements.
SQL code into user-input fields. Attackers • Implement proper input validation and sanitize
can extract, modify, or delete data from the user inputs.
database. • Least privilege principle: Limit database user
permissions.

2. Cross-Site Scripting (XSS)

Description Prevention
When a website is vulnerable to an XSS attack, an • Validate and sanitize user inputs.
attacker can inject malicious scripts to the server. • Use Content Security Policy (CSP)
The malicious scripts is then executed on other client headers.
browsers. These scripts can steal information or • Encode output data before rendering it in
perform actions on behalf of the user. web pages.

Copyright ©100 Days Challenge Join Our Group Study Platform

রিসর্োর্সটি এরিি কিো, কোি করি কিো, রিরিিং কিো, রিরি কিো, শেয়োি কিো (সেসকোন মোধ্যসম) রনসেধ্। শর্সেসে আিনোি শেসক প্রোপ্ত প্ররিজন রিসর্সি 500 িোকো
িোসি ঋনী িসয় েোকসিন 100 Days Challenge Team এি কোসে।

3. CSRF Attacks
Description Prevention
Cross-site Request Forgery (CSRF / • Use anti-CSRF tokens.
XSRF) occurs when a victim’s web • Implement same-origin policy.
browser is forced to perform an • Validate and sanitize user inputs.
• Developers should enforce User Interaction based CSRF Defense:
unwanted action, on a trusted site.
o Re-Authentication
The attacker typically uses social o One-time Token
engineering to send a malicious link. o CAPTCHA
When the user clicks the link, it
executes the commands as the
attacker sets, an unintended action
performed without their consent.

4. Server-side Request Forgery (SSRF):

Description Prevention
As the attacker’s request is blocked by the firewall, he cannot send • Validate and sanitize user
a direct request to the victim’s server, so in order to attack the inputs.
target server the attacker has to: Send a request to the vulnerable • Restrict the server's ability
web server that abuses the SSRF vulnerability. The web server to make requests to
makes a request to the victim’s server which is situated behind the internal resources.
firewall. The victim’s server responds with the data. If the specific • Implement proper access
SSRF vulnerability permits it, the data is sent back to the attacker. controls.

Copyright ©100 Days Challenge Join Our Group Study Platform

রিসর্োর্সটি এরিি কিো, কোি করি কিো, রিরিিং কিো, রিরি কিো, শেয়োি কিো (সেসকোন মোধ্যসম) রনসেধ্। শর্সেসে আিনোি শেসক প্রোপ্ত প্ররিজন রিসর্সি 500 িোকো
িোসি ঋনী িসয় েোকসিন 100 Days Challenge Team এি কোসে।

5. Cryptographic Failures:
Description Prevention
Cryptographic failures involve weaknesses or misuse • Ensure all sensitive data encrypted
of cryptographic algorithms, Use of old or weak • Use strong cryptographic algo.
cryptographic algorithms, Use of weak or default • Keep crypto libraries and tools up to
encryption keys or re-use of compromised keys, Data date.
stored or transfer in clear-text. These causes are • Regularly audit and update
potentially leading to data breaches or unauthorized cryptographic configurations.
access.

6. Directory Traversal (Path Traversal):

Description Prevention
Directory traversal, also known as “path traversal,” is a • Implement proper input validation.
web application vulnerability that enables attackers to • Use whitelists to validate user input.
access unintended files on the underlying filesystem. This • Restrict file system permissions.
access could enable attackers to read sensitive data or • Prevent building file paths with user
files, modify application data, or take full control of the input
web server.

Copyright ©100 Days Challenge Join Our Group Study Platform

রিসর্োর্সটি এরিি কিো, কোি করি কিো, রিরিিং কিো, রিরি কিো, শেয়োি কিো (সেসকোন মোধ্যসম) রনসেধ্। শর্সেসে আিনোি শেসক প্রোপ্ত প্ররিজন রিসর্সি 500 িোকো
িোসি ঋনী িসয় েোকসিন 100 Days Challenge Team এি কোসে।

7. Broken Access Control:

Description Prevention
Broken access control occurs when attackers gain unauthorized access to • Implement proper
resources or perform actions beyond their privileges. IDOR or BOLA access controls.
vulnerability is the cause of BAC. Insecure Direct Object Reference (IDOR) • Use the principle of
is a vulnerability that arises when attackers can access or modify objects least privilege.
by manipulating identifiers used in a web application's URLs or • Regularly audit and
parameters. monitor access logs.

8. Broken Authentication:
Description Prevention
Broken authentication involves vulnerabilities in user • Implement strong password
authentication. Improper configuration and poor implementation policies.
of authentication mechanisms cause authentication vulnerabilities • Use multi-factor
to arise. Insufficient protection against brute-force attacks and authentication.
Improper configuration to allow attackers to bypass the entire • Regularly audit and monitor
authentication process. user accounts.

Copyright ©100 Days Challenge Join Our Group Study Platform

রিসর্োর্সটি এরিি কিো, কোি করি কিো, রিরিিং কিো, রিরি কিো, শেয়োি কিো (সেসকোন মোধ্যসম) রনসেধ্। শর্সেসে আিনোি শেসক প্রোপ্ত প্ররিজন রিসর্সি 500 িোকো
িোসি ঋনী িসয় েোকসিন 100 Days Challenge Team এি কোসে।

9. Buffer Overflow:
Description Prevention
Computers often use buffers to improve performance. These buffers
usually reside in RAM. If attackers know the memory layout of a • Implement bounds
program, they can intentionally feed input that the buffer cannot store, checking.
• Use secure coding
and overwrite areas that hold executable code, replacing it with their own
practices.
code. Buffer overflow attacks involve overloading a program's buffer,
• Regularly update and
leading to unintended behavior and potential execution of malicious
patch software.
code.

10. Session Hijacking (Session Side jacking):

Description Prevention

When a user authenticates himself to a web server, the session is • Use secure, random
maintained with an HTTP cookie. The cookie is placed on the user's session IDs.
• Encrypt session data.
computer. Session hijacking is an attack in which an attacker exploits a
• Implement secure
valid session of a user and gets unauthorized access to the web server
communication
for malicious purposes.
(HTTPS).

Copyright ©100 Days Challenge Join Our Group Study Platform

রিসর্োর্সটি এরিি কিো, কোি করি কিো, রিরিিং কিো, রিরি কিো, শেয়োি কিো (সেসকোন মোধ্যসম) রনসেধ্। শর্সেসে আিনোি শেসক প্রোপ্ত প্ররিজন রিসর্সি 500 িোকো
িোসি ঋনী িসয় েোকসিন 100 Days Challenge Team এি কোসে।

11. Brute Force Attacks:

Description Prevention
Brute force attacks involve repeated attempts to gain • Implement account lockout policies.
unauthorized access by systematically trying all possible • Use strong password policies.
password combinations. • Use multi-factor authentication.

12. Security Misconfigurations:

Description Prevention
Security misconfigurations occur when systems or applications • Regularly audit and review
are improperly configured, potentially exposing sensitive configurations.
information. Default usernames and passwords, Unnecessary • Follow secure coding practices.
features enabled or installed, disabled security features etc. • Use automated tools to check
for misconfigurations.

13. HTTP Response Splitting:

Description Prevention
HTTP Response Splitting involves manipulating HTTP • Validate and sanitize user inputs.
responses to insert additional content, potentially • Use secure coding practices.
leading to security vulnerabilities or unauthorized • Employ security mechanisms like Web
actions. Application Firewalls (WAFs).

Copyright ©100 Days Challenge Join Our Group Study Platform

রিসর্োর্সটি এরিি কিো, কোি করি কিো, রিরিিং কিো, রিরি কিো, শেয়োি কিো (সেসকোন মোধ্যসম) রনসেধ্। শর্সেসে আিনোি শেসক প্রোপ্ত প্ররিজন রিসর্সি 500 িোকো
িোসি ঋনী িসয় েোকসিন 100 Days Challenge Team এি কোসে।

14. XML External Entity (XXE) Attacks:

Description Prevention

XXE attacks exploit vulnerabilities in XML processors, allows an • Disable XML external entity
parsing.
attacker to interfere with an application's processing of XML data.
• Use up-to-date XML
It often allows an attacker to view files on the application server
processors.
filesystem, potentially access sensitive information and to interact
• Validate and sanitize XML
with any back-end or external systems.
inputs.
15. Content Spoofing (Content Manipulation):

Description Prevention
Content Spoofing is a type of web attack where an • Ensure website uses HTTPS to encrypt
attacker manipulates the content displayed on a data.
website to deceive users. The goal is to present false or • Conduct regular security audits.
misleading information, often with the intention of • Implement monitoring solutions to
tricking users into taking malicious actions. detect unusual or unexpected changes
in website content.

আমাদের ককাদসে এনদরাল করার জনয ধনযবাে। এটি একটি কেইড ককাসে। এই ককাদসের ককান হ্যান্ড কনাি/ ররদসাসে এরডি করা, কাি করে করা, রিরেিং
করা, রবরি করা, কেয়ার করা (দেদকান মাধযদম) রনদেধ। কসদেদে আেনার কেদক প্রাপ্ত প্ররিজন রহ্দসদব 500 িাকা হ্াদর ঋনী হ্দয় োকদবন।

Update Resource ◼ WhatsApp: 01521331257 ◼ Question solution

Copyright ©100 Days Challenge Join Our Group Study Platform

 যেভাবে প্রস্তুতি তিবেি
এই সপ্তাবে আপতি এই চাপ্টার টি পড়বেি টিক কবর যেবেি। সপ্তাবের ৫ তিবি ৫ টি মতিউে যেষ কবর
যেবেি। সপ্তাবের োতক ২ তিি তেতভন্ন যকাবেি আন্সার সেভ করুি। তরতভেি তিি ।

Inviting You to Join Our Group Study Platform

“We believe these resources will be unparalleled”

Click Icon to Join with Us

Open Your Camera → Select QR code Scanner

◼◼◼ Let’s Start the Module!!!

Copyright ©100 Days Challenge Join Our Group Study Platform

Module 4: Network based Cyber Attacks and Threats

Network-based cyber-attacks and threats focus on compromising the integrity, confidentiality,
or availability of the entire network infrastructure.

1. Man-in-the-Middle (MitM) Attack:

Description: MITM attacks most often occur after a hacker gains control of a Wi-Fi
network or creates a free unencrypted Wi-Fi connection. This way, the hacker is able to
intercept data between two parties. These attacks are essentially a digital form of
eavesdropping.
Prevention: Use encryption for sensitive communications (e.g., HTTPS), implement secure
channels (VPN), and utilize strong authentication mechanisms to detect and prevent
unauthorized access.

2. DoS (Denial of Service) and DDoS (Distributed Denial of Service) Attacks:

Description: DoS attacks overload a system or network, causing it to become
unavailable. DDoS attacks involve multiple sources to amplify the impact.
Prevention: Employ firewalls, load balancers, and content delivery networks (CDNs).
Implement rate limiting, intrusion prevention systems, and cloud-based DDoS protection
services.

রিসর্োর্সটি এরিি কিো, কোি করি কিো, রিরিিং কিো, রিরি কিো, শেয়োি কিো (সেসকোন মোধ্যসম) রনসেধ্। শর্সেসে আিনোি শেসক প্রোপ্ত প্ররিজন রিসর্সি 500 িোকো
িোসি ঋনী িসয় েোকসিন 100 Days Challenge Team এি কোসে।
Copyright ©100 Days Challenge Join Our Group Study Platform

3. DNS Tunneling:
Description: The cybercriminal registers a domain, for example malsite.com. The domain’s
name server directs to the cybercriminal’s server, where the tunneling malware software
is installed. A Private Network Host is infected and DNS changed with Attacker’s server.
DNS requests are always permitted to move in and out of the firewall, so the infected
computer is permitted to send queries to the DNS resolver. The DNS resolver routes
queries to the cybercriminal’s server, where the tunneling program is implemented. A DNS
tunnel is thus created between the cybercriminal and the victim via the DNS resolver.
Prevention: Monitor DNS traffic for anomalies, use DNS filtering, and deploy intrusion
detection and prevention systems to detect and block tunneling attempts.

4. DNS Spoofing:
Description: DNS Spoofing appears when the IP address (IPv4 or IPv6) of a domain name
is masked and falsified. The information is replaced with a faked one, from a host that has
no authority to give it. It occurs and disturbs the normal process of DNS resolution. As a
result, the user’s device is connecting with a bogus IP address, and all of the traffic is
directed to a malicious website.
Prevention: Monitor DNS traffic for anomalies, use DNS filtering, and deploy intrusion
detection and prevention systems to detect and block tunneling attempts.

রিসর্োর্সটি এরিি কিো, কোি করি কিো, রিরিিং কিো, রিরি কিো, শেয়োি কিো (সেসকোন মোধ্যসম) রনসেধ্। শর্সেসে আিনোি শেসক প্রোপ্ত প্ররিজন রিসর্সি 500 িোকো
িোসি ঋনী িসয় েোকসিন 100 Days Challenge Team এি কোসে।
Copyright ©100 Days Challenge Join Our Group Study Platform

5. IP Spoofing:
Description: IP Spoofing involves manipulating the source IP address in packets to
impersonate a trusted source and gain unauthorized access. IP spoofing is the creation
of Internet Protocol (IP) packets which have a modified source address in order to either
hide the identity of the sender, to impersonate another computer system, or both.
Prevention: Implement network ingress and egress filtering, use anti-spoofing measures,
and deploy packet filtering rules to detect and block spoofed traffic.

6. ARP Spoofing:
Description: hacker will access the targeted network and scan it extensively so that IP
address-related information can be extracted. Once the IP address details are obtained,
the hacker uses a tools like Driftnet or Arp spoof so that the actual ARP protocol can be
forged or altered. This altered or forged IP address makes others believe that the
unaltered MAC address is linked with both (compromised/actual and forged/fake)
addresses. This way, it misleads both the workstation and the routers, allowing the hacker
to intrude into the network.
Prevention: IP addresses hidden (VPN), Network Segmentation. Using static ARP,
Implementing packet filtering.

রিসর্োর্সটি এরিি কিো, কোি করি কিো, রিরিিং কিো, রিরি কিো, শেয়োি কিো (সেসকোন মোধ্যসম) রনসেধ্। শর্সেসে আিনোি শেসক প্রোপ্ত প্ররিজন রিসর্সি 500 িোকো
িোসি ঋনী িসয় েোকসিন 100 Days Challenge Team এি কোসে।
Copyright ©100 Days Challenge Join Our Group Study Platform

7. DHCP Spoofing:
Description: When an attacker operates a rogue DHCP server, a user can blindly start a
DHCP communication with the attacker instead of the legitimate DHCP server on the
network. This could easily happen when the rogue DHCP server is closer to the DHCP client
and replies before the legitimate DHCP server does.
Prevention: Deploy DHCP snooping, use port security, and implement DHCP
authentication mechanisms to detect and prevent rogue DHCP servers.

8. MAC Flooding:
Description: A MAC spoofing attack is when a hacker mimics your MAC address to
redirect data sent to your device to another device. It allows the attacker to gain
unauthorized access to a network to launch a man-in-the-middle attack.
Prevention: Use port security features on switches, implement dynamic ARP inspection,
and use MAC address filtering to detect and block MAC flooding attempts.

রিসর্োর্সটি এরিি কিো, কোি করি কিো, রিরিিং কিো, রিরি কিো, শেয়োি কিো (সেসকোন মোধ্যসম) রনসেধ্। শর্সেসে আিনোি শেসক প্রোপ্ত প্ররিজন রিসর্সি 500 িোকো
িোসি ঋনী িসয় েোকসিন 100 Days Challenge Team এি কোসে।
Copyright ©100 Days Challenge Join Our Group Study Platform

9. MAC Flooding or MAC table overflow attack:

Description: A MAC flooding attack, also known as a MAC table overflow attack, is a type
of network security attack that targets network switches. It involves overwhelming a
switch’s MAC address table by flooding it with a massive amount of spoofed Ethernet
frames, each containing a unique source MAC address.
Prevention: Use port security features on switches, implement dynamic ARP inspection,
and use MAC address filtering to detect and block MAC flooding attempts.

10. Bandwidth Flooding:

Description: Bandwidth Flooding overloads a network with excessive traffic, causing
network congestion and disruption of service.
Prevention: Implement rate limiting, use Quality of Service (QoS) mechanisms, and
deploy intrusion prevention systems to detect and mitigate bandwidth flooding.
11. Amplification Attacks:
Description: Amplification attacks exploit systems to magnify traffic directed towards a
target, causing network congestion and disruption.
Prevention: Configure network devices to limit amplification, disable unnecessary
services, and use rate limiting to prevent and mitigate amplification attacks.
12. Privilege Escalation:
Description: A privilege escalation attack is a cyberattack to gain illegal access of higher
rights, permissions, entitlements, or privileges beyond what is assigned for an identity,
account, user, or machine. This attack can involve an external threat actor or an insider
threat.
Prevention: Apply the principle of least privilege, regularly audit and monitor user
accounts, and patch software vulnerabilities to prevent and detect privilege escalation
attempts.

রিসর্োর্সটি এরিি কিো, কোি করি কিো, রিরিিং কিো, রিরি কিো, শেয়োি কিো (সেসকোন মোধ্যসম) রনসেধ্। শর্সেসে আিনোি শেসক প্রোপ্ত প্ররিজন রিসর্সি 500 িোকো
িোসি ঋনী িসয় েোকসিন 100 Days Challenge Team এি কোসে।
Copyright ©100 Days Challenge Join Our Group Study Platform

Packet Sniffer:
Description: Packet Sniffers capture and analyze network traffic to eavesdrop on
sensitive information, posing a serious threat to data confidentiality.
Prevention: Encrypt sensitive data in transit, use secure communication protocols (e.g.,
TLS/SSL), and implement network segmentation to minimize the impact of packet
sniffing.

13. Packet Mistreating Attacks (PMA):

Description: PMA involves manipulating or altering packets in transit to disrupt
communication or gain unauthorized access.
Prevention: Use encryption, implement integrity checks on transmitted data, and
monitor for unusual packet behavior to detect and prevent packet mistreating attacks.
14. Routing Table Poisoning (RTP):
Description: RTP involves injecting false routing information to redirect traffic to
malicious destinations, compromising network integrity.
Prevention: Use routing protocols with authentication, implement route filtering, and
monitor for suspicious route changes to detect and mitigate routing table poisoning.
15. Hit and Run (HAR):
Description: Hit and Run attacks involve quickly launching stealthy attacks to achieve
specific objectives and evade detection.
Prevention: Employ intrusion detection systems, monitor for unusual activity, and
conduct regular security audits to detect and respond to hit and run attacks.
16. Persistent Attacks (PA):
Description: Persistent attacks are sustained and prolonged attempts to compromise a
system or network over an extended period.
Prevention: Implement continuous monitoring, regularly update and patch systems, and
conduct thorough security assessments to detect and mitigate persistent attacks.

আমাদের ককাদসে এনদরাল করার জনয ধনযবাে। এটি একটি কেইড ককাসে। এই ককাদসের ককান হ্যান্ড কনাি/ ররদসাসে এরডি করা, কাি করে করা, রিরেিং করা,
রবরি করা, কেয়ার করা (দেদকান মাধযদম) রনদেধ। কসদেদে আেনার কেদক প্রাপ্ত প্ররিজন রহ্দসদব 500 িাকা হ্াদর ঋনী হ্দয় োকদবন।

রিসর্োর্সটি এরিি কিো, কোি করি কিো, রিরিিং কিো, রিরি কিো, শেয়োি কিো (সেসকোন মোধ্যসম) রনসেধ্। শর্সেসে আিনোি শেসক প্রোপ্ত প্ররিজন রিসর্সি 500 িোকো
িোসি ঋনী িসয় েোকসিন 100 Days Challenge Team এি কোসে।
 যেভাবে প্রস্তুতি তিবেি
এই সপ্তাবে আপতি এই চাপ্টার টি পড়বেি টিক কবর যেবেি। সপ্তাবের ৫ তিবি ৫ টি মতিউে যেষ কবর
যেবেি। সপ্তাবের োতক ২ তিি তেতভন্ন যকাবেি আন্সার সেভ করুি। তরতভেি তিি ।

Inviting You to Join Our Group Study Platform

“We believe these resources will be unparalleled”

Click Icon to Join with Us

Open Your Camera → Select QR code Scanner

◼◼◼ Let’s Start the Module!!!

 Module 5: Cyber Defense

Cyber Kill-Chain: Offensive and Defensive Layered Framework

Stage 1: Reconnaissance
Goal: To identify the target’s weakness and gather information actively and passively.

Adversarial Approach:
➢ Planning phase of their operation.
➢ Conduct passive research through social media, company websites, conference, WHOIS, Google,
Shodan, other internet facing servers
➢ Active recon through Nmap, port scanning, banner grabbing and other vulnerability scanners.
➢ Provides knowledge about the potential target which helps them understand which targets will enable
them to meet their objectives so that they can plan further.

Defensive Approach:
• Limit Public Information
• Use social media to the acceptable level exposing limited information
• Remove and modify public server error messages
• Disable unused ports and services to reduce the entry points for attackers
• Use of Honeypots, Firewalls, IPS, TOR, VPN
• Monitor for suspicious network traffic
• Detecting reconnaissance when it happens can be difficult, but when the defenders discover the recon
attacks, it can reveal the intent of the adversaries.

আমাদের ককাদসে এনদরাল করার জনয ধনযবাে। এটি একটি কেইড ককাসে। এই ককাদসের ককান হ্যান্ড কনাি/ ররদসাসে এরডি করা, কাি করে করা, রিরেিং করা, রবরি
করা, কেয়ার করা (দেদকান মাধযদম) রনদেধ। কসদেদে আেনার কেদক প্রাপ্ত প্ররিজন রহ্দসদব 500 িাকা হ্াদর ঋনী হ্দয় োকদবন।
Stage 2: Weaponization
Goal: To prepare the operation by designing a backdoor and a penetration plan to exploit the
weakness.

Adversarial Approach:
➢ Preparation and staging phase of their operation.
➢ Use of automated tools like Metasploit, Veil Framework, Social engineering Toolkit, Exploit-DB,
Burpsuit, Aircrack, SQLMAP, Wapiti, etc.
➢ Generate malware, create deliverable payloads, select the backdoor implant and appropriate
command and control infrastructure for operation.

Defensive Approach:
▪ Administrative control like Patch Management
▪ Disable office macros, Browser plugins and Java script to reduce vulnerability exposure
▪ End point security, Antivirus and IDS for protection against exploit attempts
▪ Email security like antivirus and anti-spam
▪ Audit logging and monitoring
▪ Though weaponization can’t be detected as it happens, they can be inferred by collecting and
analyzing malware artifacts which is the most durable & resilient defenses.

Stage 3: Delivery

Goal: Launch the operation by transmitting weapon to the target

Adversarial Approach:
Convey the malware to the target through various mediums and interactions like social engineering
techniques, malicious websites, malicious email attachments, USB stick, social media interactions,
watering hole websites or direct web servers.

Defensive Approach:
• The first step for defenders to block the operation or reduce the effectiveness attempts.
• User awareness on good security practices
• Anti-social engineering campaigns
• Endpoint security, Intrusion prevention and detection systems
• Email authentication methods like DKIM and SPF to detect spoof emails
• Web filtering and DNS filtering
• No provision of ‘Admin’ right to the users
• Disabling USB by administrator

আমাদের ককাদসে এনদরাল করার জনয ধনযবাে। এটি একটি কেইড ককাসে। এই ককাদসের ককান হ্যান্ড কনাি/ ররদসাসে এরডি করা, কাি করে করা, রিরেিং করা, রবরি
করা, কেয়ার করা (দেদকান মাধযদম) রনদেধ। কসদেদে আেনার কেদক প্রাপ্ত প্ররিজন রহ্দসদব 500 িাকা হ্াদর ঋনী হ্দয় োকদবন।
Stage 4: Exploitation
Goal: Attack execution to gain access to the targeted system or network

Adversarial Approach:
➢ Takes an advantage of weakness in an application or a system
➢ Buffer overflow, SQL injection and JAVA script hijacking
➢ Trigger the program code of malware to exploit the target’s vulnerability
➢ The phrase “zero day” refers to the exploit code used in just this step.

Defensive Approach:
▪ Hardening endpoint devices
▪ Data execution prevention feature in both software and hardware systems
▪ Anti-exploit feature in anti-virus solutions
▪ Regular vulnerability scanning and penetration testing, user awareness training, secure coding
training, etc. to stop zero-day exploits at this stage.
▪ Use of sandbox as a post-infection tool to detect exploit after execution. It helps to find the first
point of infection (Patient zero) and then block the malicious file to protect rest of the users and
devices in the network.

Stage 5: Installation
Goal: To gain Persistence access
Adversarial Approach:
➢ Installs a persistent backdoor like a web shell on a web server or implant in the victim
environment to maintain access for an extended time period
➢ DLL Hijacking, injecting Meterpreter and similar payloads
➢ Install Remote access tools (RATs)
➢ Execute PowerShell commands and perform Registry changes
Defensive Approach:
▪ Use CHROOT in Linux based system to isolate processes
▪ Disable PowerShell when not required
▪ Maintain Endpoint instrumentation like UBA and EDR to detect and log the installation of any
unauthorized program as well as monitor any changes to registries and system processes.
▪ Follow the Incident response SOPs such as severity identification, infected system isolation,
wiping out infected devices from the network, making changes to the credentials used, etc. after
the detection of adversary installation.
▪ Perform malware analysis and look at the installation process to come up with new endpoint
mitigations
▪ Restore the system to the good state after responding to the incident

আমাদের ককাদসে এনদরাল করার জনয ধনযবাে। এটি একটি কেইড ককাসে। এই ককাদসের ককান হ্যান্ড কনাি/ ররদসাসে এরডি করা, কাি করে করা, রিরেিং করা, রবরি
করা, কেয়ার করা (দেদকান মাধযদম) রনদেধ। কসদেদে আেনার কেদক প্রাপ্ত প্ররিজন রহ্দসদব 500 িাকা হ্াদর ঋনী হ্দয় োকদবন।
Stage 6: Command and control (C&C)
Goal: Remote control of the system by the attacker
Adversarial Approach:
➢ Malware opens a two-way communications channel to C2 infrastructure and enables the
adversary to give remote covert instructions to the compromised devices.
➢ C2 server acts as the place where all the data can be exfiltrated
➢ Most common C2 channels are over web, DNS, and email protocols
Defensive Approach:
▪ Limiting the possible damage with Network segmentation and Micro segmentation as it makes it
harder for adversarial lateral movements, makes it easy to detect using audit logs and isolate the
infected user until verified as clean and authenticated.
▪ C2 infrastructure discovery thorough malware analysis.
▪ Customizing blocks of C2 protocols on web proxies, DNS sink holing, etc. can assist in blocking the
channel.
▪ Look for known bad C&C servers in NGFW database and Threat Intelligence platform
▪ Use of layer 7 Application control firewall to block commonly known remote access tools like
telnet, SSH, PowerShell, netcat, RDP, and other protocols.
▪ For post-detection, observe IOCs collected from endpoint devices or SIEM devices with an IOC
feeds

Stage 7: Actions on Objective

Goal: To execute the action for achieving the desired goal
Adversarial Approach:
➢ Take an action to fulfill their mission’s purpose
➢ Might be sensitive data exfiltration, Encryption for ransom, Internal reconnaissance, political
reasons, lateral movement to go after more important system in the network or even data
destruction.
Defensive Approach:
▪ Detect this stage as quickly as possible by using forensic evidence and incident response playbook
▪ Immediate analyst response to all cyber kill chain alerts and network packet captures for damage
assessment.
▪ Use of Endpoint tools like Data Leakage Prevention (DLP) and User Behavior Analysis (UBA) as
they have complementary features to detect and prevent specific files from moving off the
network
▪ Network segmentation is important to make it harder for lateral movement in the internal
network
▪ Follow the ‘Zero Trust Security Model’ and treat everyone as untrusted until proven otherwise.
This is very effective at detecting infected machine, further assessment, control, and recovery
operations.

আমাদের ককাদসে এনদরাল করার জনয ধনযবাে। এটি একটি কেইড ককাসে। এই ককাদসের ককান হ্যান্ড কনাি/ ররদসাসে এরডি করা, কাি করে করা, রিরেিং করা, রবরি
করা, কেয়ার করা (দেদকান মাধযদম) রনদেধ। কসদেদে আেনার কেদক প্রাপ্ত প্ররিজন রহ্দসদব 500 িাকা হ্াদর ঋনী হ্দয় োকদবন।
Here's a list of software and hardware commonly used for security prevention

Software:

1. Antivirus Software: Detects and removes malware, such as viruses, worms, and Trojans, from
computer systems.

2. Firewall: A firewall employs rules to monitor and control incoming and outgoing network traffic.
It uses IP addresses and port numbers to filter traffic.

3. Intrusion Detection System (IDS): Monitors network or system activities for malicious behavior or
policy violations and alerts administrators.

4. Encryption Software: Protects sensitive data by converting it into a coded form that can only be
deciphered with the appropriate decryption key.

5. Virtual Private Network (VPN) Software: Establishes a secure, encrypted connection over a public
network, such as the internet, to ensure privacy and confidentiality.

Hardware:

1. Unified Threat Management (UTM) Appliance: Combines multiple security features, such as
firewall, antivirus, intrusion detection, and content filtering, into a single hardware device.

2. Network Access Control (NAC) Appliance: Enforces security policies and controls access to
network resources based on the identity and security posture of devices.

3. Security Information and Event Management (SIEM) Appliance: Collects, analyzes, and correlates
security event data from various sources to identify and respond to security threats.

4. Biometric Access Control Systems: Uses unique physical characteristics, such as fingerprints or
iris patterns, to authenticate and authorize access to devices or premises.

5. Hardware Security Modules (HSMs): Safeguards cryptographic keys and performs cryptographic
operations in a tamper-resistant hardware device to protect sensitive data.

আমাদের ককাদসে এনদরাল করার জনয ধনযবাে। এটি একটি কেইড ককাসে। এই ককাদসের ককান হ্যান্ড কনাি/ ররদসাসে এরডি করা, কাি করে করা, রিরেিং
করা, রবরি করা, কেয়ার করা (দেদকান মাধযদম) রনদেধ। কসদেদে আেনার কেদক প্রাপ্ত প্ররিজন রহ্দসদব 500 িাকা হ্াদর ঋনী হ্দয় োকদবন।

আমাদের ককাদসে এনদরাল করার জনয ধনযবাে। এটি একটি কেইড ককাসে। এই ককাদসের ককান হ্যান্ড কনাি/ ররদসাসে এরডি করা, কাি করে করা, রিরেিং করা, রবরি
করা, কেয়ার করা (দেদকান মাধযদম) রনদেধ। কসদেদে আেনার কেদক প্রাপ্ত প্ররিজন রহ্দসদব 500 িাকা হ্াদর ঋনী হ্দয় োকদবন।
 Firewall Antivirus

Firewall is implemented in both hardware and

Antivirus is implemented in software only.
software.

Antivirus deals with both external threats and

Firewall deals with external threats only.
internal threats.

In firewall counter attacks are possible such as IP In antivirus no counter attacks are possible after
Spoofing and routing attacks. removing the malware.

Antivirus works on Scanning of infected files and

Firewall works on monitoring and filtering.
software.

Firewall checks the threat from incoming packets. Antivirus checks the threat from malicious software.

Firewall saves the system from all kinds of threats

Antivirus saves the system only from viruses.
to the system.

Antivirus’s programming is simpler as comparison to

Firewall’s programming is complex than antivirus.
firewall.

আমাদের ককাদসে এনদরাল করার জনয ধনযবাে। এটি একটি কেইড ককাসে। এই ককাদসের ককান হ্যান্ড কনাি/ ররদসাসে এরডি করা, কাি করে করা, রিরেিং করা, রবরি
করা, কেয়ার করা (দেদকান মাধযদম) রনদেধ। কসদেদে আেনার কেদক প্রাপ্ত প্ররিজন রহ্দসদব 500 িাকা হ্াদর ঋনী হ্দয় োকদবন।
SIEM - Security Information and Event Management: Collects data points from network, including log
files, traffic captures, SNMP messages, and so on, from every host on the network. SIEM can collect all
this data into one centralized location and correlate it for analysis to look for security and performance
issues, as well negative trends all in real time. Work steps:

1. Data Collection:
• SIEM collects security event data from diverse sources such as network devices, servers,
endpoints, applications, and security controls like firewalls and antivirus systems.
• Data sources include logs, alerts, and network traffic.
2. Normalization:
• Collected data is normalized to ensure uniformity and consistency in format and
structure.
• Normalization involves converting raw event data into a common format for easier
analysis and correlation.
3. Aggregation:
• The normalized data is aggregated into a central repository or database for storage and
analysis.
• Aggregation helps in consolidating data from multiple sources for comprehensive
visibility.
4. Correlation:
• SIEM correlates data from different sources to identify patterns, trends, and potential
security incidents.
• Correlation involves comparing events and identifying relationships to detect complex
threats that may span multiple systems or occur over time.
5. Alerting:
• When a security event matches predefined correlation rules or thresholds, SIEM
generates alerts or notifications.
• Alerts are sent to security analysts or administrators for further investigation and
response.
6. Analysis and Investigation:
• Security analysts analyze the alerts generated by SIEM to determine the severity and
impact of security incidents.
• They investigate the root cause of incidents, gather additional context, and assess the
potential risk to the organization.
7. Response and Remediation:
• Based on the analysis, security teams take appropriate action to mitigate security threats
and vulnerabilities.
• Response actions may include blocking malicious traffic, quarantining infected devices,
applying patches, or updating security policies.
8. Reporting and Compliance:
• SIEM generates reports and dashboards to provide insights into security events, trends,
and compliance posture.
• Reports help organizations demonstrate compliance with regulatory requirements and
internal security policies.
আমাদের ককাদসে এনদরাল করার জনয ধনযবাে। এটি একটি কেইড ককাসে। এই ককাদসের ককান হ্যান্ড কনাি/ ররদসাসে এরডি করা, কাি করে করা, রিরেিং করা, রবরি
করা, কেয়ার করা (দেদকান মাধযদম) রনদেধ। কসদেদে আেনার কেদক প্রাপ্ত প্ররিজন রহ্দসদব 500 িাকা হ্াদর ঋনী হ্দয় োকদবন।
A a data security management policy that is appropriate to the purpose of data security objectives.

Data Classification
A well-defined process for data classification where it mentions how it classifies and labels data.

Data Retention
Retention period for each data asset shall be clearly defined. Delete the data that no longer
serves a purpose to the Organization or has been held for the required retention period.

Data Custodianship
Data Custodian shall maintain physical security, system security and safeguard appropriate to
the classification level of the data in their custody

Data Loss Prevention (DLP)

Data Loss Prevention (DLP) is the practice of detecting and preventing data breaches,
exfiltration or unwanted destruction of sensitive data. Data backup plays a crucial role in DLP.

Data backup plays a crucial role in maintaining business continuity by helping org. recover from IT
disasters, security breaches, application failures, human error, etc. All regulatory compliance such as
COBIT, SSAE, SOCII, PCI-DSS, HIPPA, SOX, FINRA, FISMA, GDPR, etc. require business to maintain data
backups of critical data for specified duration.

Backup Strategies/Method
1. Cold backup
2. Warm backup
3. Hot backup

আমাদের ককাদসে এনদরাল করার জনয ধনযবাে। এটি একটি কেইড ককাসে। এই ককাদসের ককান হ্যান্ড কনাি/ ররদসাসে এরডি করা, কাি করে করা, রিরেিং করা, রবরি
করা, কেয়ার করা (দেদকান মাধযদম) রনদেধ। কসদেদে আেনার কেদক প্রাপ্ত প্ররিজন রহ্দসদব 500 িাকা হ্াদর ঋনী হ্দয় োকদবন।
1. Cold backup

• Empty site, no hardware, no data, no people

• It takes weeks to bring online
• Basic office spaces (e.g building, chairs, AC...)
• No operational equipment
• Cheapest recovery site

2. Warm backup

• Somewhere between cold and hot - Just enough

to get going (Big room with rack space, you
bring the hardware)
• Hardware is ready and waiting - you bring the
software and data
• It takes days to bring online
• Operational equipment but little or no data

3. Hot backup

• Exact replica of production systems

• Applications and software are constantly
updated
• Flip a switch and everyting moves
• It take hours to bring online
• Real-time synchronization
• Almost all data ready to go - often just a quick
update
• Very expensive

আমাদের ককাদসে এনদরাল করার জনয ধনযবাে। এটি একটি কেইড ককাসে। এই ককাদসের ককান হ্যান্ড কনাি/ ররদসাসে এরডি করা, কাি করে করা, রিরেিং করা, রবরি
করা, কেয়ার করা (দেদকান মাধযদম) রনদেধ। কসদেদে আেনার কেদক প্রাপ্ত প্ররিজন রহ্দসদব 500 িাকা হ্াদর ঋনী হ্দয় োকদবন।
Penetration testing (pentest) is a simulated cyberattack on a computer system or network to identify
vulnerabilities and assess its security posture. Here's an overview of how a penetration test typically
occurs, along with descriptions of each step:
Obtain Authorization: Obtain
Define Objectives: Clearly
Pre-engagement outline the goals and scope of
the penetration test, including
written permission from
relevant stakeholders to
conduct the penetration test
Phase: the systems, applications, and
networks to be tested.
to avoid legal issues or
disruptions.

Passive Information Gathering:

Active Information Gathering:
Collect publicly available
Use tools and techniques to
information about the target
actively scan the target
Reconnaissance: organization, such as domain
names, IP addresses, email
network for live hosts, open
ports, and services running on
addresses, and employee
them.
names.

Identify Target Systems: Gather Additional Information:

Enumerate and identify Enumerate users, groups,
Enumeration: specific systems, services, and
applications that are potential
shares, and other resources to
gather insights into the target
targets for exploitation. environment.

Identify Vulnerabilities: Use

Prioritize Vulnerabilities:
Vulnerability automated scanning tools and
manual techniques to identify
Assess the severity and
potential impact of identified
security vulnerabilities in
Analysis: target systems and
vulnerabilities to prioritize
remediation efforts.
applications.

Exploit Vulnerabilities:
Use Known Exploits: Utilize
Attempt to exploit identified
known exploits, custom
vulnerabilities to gain
Exploitation: unauthorized access, escalate
scripts, or social engineering
techniques to penetrate target
privileges, or execute arbitrary
systems.
code on target systems.

Perform Lateral Movement:

Maintain Access: Establish
Post- persistence on compromised
systems to maintain access for
Move laterally within the
network to escalate privileges,
access sensitive data, or
Exploitation: future exploitation or data
exfiltration.
compromise additional
systems.

Prepare Report: Compile

Record Findings: Document all
findings into a comprehensive
steps performed during the
report that includes an
penetration test, including
Documentation: vulnerabilities discovered,
executive summary, technical
details, risk ratings, and
exploits used, and
recommendations for
compromised systems.
remediation.

আমাদের ককাদসে এনদরাল করার জনয ধনযবাে। এটি একটি কেইড ককাসে। এই ককাদসের ককান হ্যান্ড কনাি/ ররদসাসে এরডি করা, কাি করে করা, রিরেিং করা, রবরি
করা, কেয়ার করা (দেদকান মাধযদম) রনদেধ। কসদেদে আেনার কেদক প্রাপ্ত প্ররিজন রহ্দসদব 500 িাকা হ্াদর ঋনী হ্দয় োকদবন।
Cryptography The art or science encompassing the principles and methods of transforming an intelligible
message into one that is unintelligible, and then retransforming that message back to its original form

There are several ways of classifying cryptographic algorithms.

Secret Key Cryptography Public Key Cryptography Hash Functions

(SKC) (PKC)

•Uses a single key for both •Uses one key for •Uses a mathematical
encryption and decryption encryption and another for transformation to irreversibly
decryption "encrypt" information

• cipher text - the coded message

• Cipher - algorithm for transforming plaintext to cipher text

• Key - info used in cipher known only to sender/receiver

• encipher (encrypt) - converting plaintext to cipher text

• decipher (decrypt) - recovering cipher text from plaintext

• Cryptography - study of encryption principles/methods

আমাদের ককাদসে এনদরাল করার জনয ধনযবাে। এটি একটি কেইড ককাসে। এই ককাদসের ককান হ্যান্ড কনাি/ ররদসাসে এরডি করা, কাি করে করা, রিরেিং করা, রবরি
করা, কেয়ার করা (দেদকান মাধযদম) রনদেধ। কসদেদে আেনার কেদক প্রাপ্ত প্ররিজন রহ্দসদব 500 িাকা হ্াদর ঋনী হ্দয় োকদবন।
Secret Key Cryptography: With secret key cryptography, a single key is used for both encryption and
decryption. As shown in Figure, the sender uses the key (or some set of rules) to encrypt the plaintext and
sends the ciphertext to the receiver. The receiver applies the same key (or ruleset) to decrypt the message
and recover the plaintext. Because a single key is used for both functions, secret key cryptography is also
called symmetric encryption.

Example Description

Data Encryption Standard The most common SKC scheme used today.
(DES): Two important variants: Triple-DES (3DES), DESX

Advanced Encryption New secure cryptosystem for U.S. government applications. The official
Standard (AES): successor to DES in December 2001

Electronic Codebook (ECB), Cipher Block Chaining (CBC), Cipher Feedback (CFB),
Others:
Output Feedback (OFB), Blowfish, Twofish, Camellia, KASUMI, SEED

It is very fast. It is especially useful for encrypting data that is not going anywhere.
If sender and recipient are in different physical locations, they must trust a courier, the Bat
Phone, or some other secure communication medium to prevent the disclosure of the
secret key during transmission. Anyone who overhears or intercepts the key in transit can
later read, modify, and forge all information encrypted or authenticated with that key.

আমাদের ককাদসে এনদরাল করার জনয ধনযবাে। এটি একটি কেইড ককাসে। এই ককাদসের ককান হ্যান্ড কনাি/ ররদসাসে এরডি করা, কাি করে করা, রিরেিং করা, রবরি
করা, কেয়ার করা (দেদকান মাধযদম) রনদেধ। কসদেদে আেনার কেদক প্রাপ্ত প্ররিজন রহ্দসদব 500 িাকা হ্াদর ঋনী হ্দয় োকদবন।
Public key cryptography is an asymmetric scheme that uses a pair of keys for encryption: a public key,
which encrypts data, and a corresponding private, or secret key for decryption. You publish your public
key to the world while keeping your private key secret. Anyone with a copy of your public key can then
encrypt information that only you can read.

Example Description
The first, and still most common, PKC implementation, named for the three
RSA: MIT mathematicians who developed it — Ronald Rivest, Adi Shamir, and
Leonard Adleman.

Digital Signature The algorithm specified in NIST's Digital Signature Standard (DSS), provides
Algorithm (DSA): digital signature capability for the authentication of messages.

Diffie-Hellman, ElGamal, Key Exchange Algorithm (KEA), Cramer-Shoup,

Others:
LUC,

The primary benefit of public key cryptography is that it allows people who have no preexisting
security arrangement to exchange messages securely. The need for sender and receiver to share
secret keys via some secure channel is eliminated; all communications involve only public keys, and
no private key is ever transmitted or shared.

আমাদের ককাদসে এনদরাল করার জনয ধনযবাে। এটি একটি কেইড ককাসে। এই ককাদসের ককান হ্যান্ড কনাি/ ররদসাসে এরডি করা, কাি করে করা, রিরেিং করা, রবরি
করা, কেয়ার করা (দেদকান মাধযদম) রনদেধ। কসদেদে আেনার কেদক প্রাপ্ত প্ররিজন রহ্দসদব 500 িাকা হ্াদর ঋনী হ্দয় োকদবন।
A one-way hash function takes variable-length input—in this case, a message of any length, even
thousands or millions of bits—and produces a fixed-length output; say, 160-bits. The hash function
ensures that, if the information is changed in any way—even by just one bit—an entirely different output
value is produced.

Example Description

A series of byte-oriented algorithms that produce a 128-bit hash value from

an arbitrary-length message.
MD2 (RFC 1319): Designed for systems with limited memory, such as smart
Message Digest (MD) cards.
algorithms: MD4 (RFC 1320): similar to MD2 but designed specifically for fast processing
in software.
MD5 (RFC 1321): Also developed by Rivest after potential weaknesses were
reported in MD4;

Algorithm for NIST's Secure Hash Standard (SHS). SHA-1 produces a 160-bit
hash value and was originally published as FIPS 180-1 and RFC 3174.
Secure Hash Algorithm
FIPS 180-2 describes five algorithms in the SHS: SHA-1 plus SHA-224, SHA-
(SHA):
256, SHA-384, and SHA-512 which can produce hash values that are 224, 256,
384, or 512 bits in length.

Others: HAVAL (Hash of Variable Length), Whirlpool, Tiger

আমাদের ককাদসে এনদরাল করার জনয ধনযবাে। এটি একটি কেইড ককাসে। এই ককাদসের ককান হ্যান্ড কনাি/ ররদসাসে এরডি করা, কাি করে করা, রিরেিং করা, রবরি
করা, কেয়ার করা (দেদকান মাধযদম) রনদেধ। কসদেদে আেনার কেদক প্রাপ্ত প্ররিজন রহ্দসদব 500 িাকা হ্াদর ঋনী হ্দয় োকদবন।
 “Resources Will be updated Regularly”

Click Join

Get Update Resources and Join with Us

Open Your Camera → Select QR code Scanner