1.

Introduction to Cybersecurity

Define what is cybersecurity – Cybersecurity is the art and practice of protecting systems,
networks, and data from cyberattacks, damage, and unauthorized access.

Understand various terminologies:

• Vulnerability – A flaw or weakness in the system that could be exploited by an attacker.

• Threat – A potential cause of an unwanted incident, which could result in harm to a
system or organization (e.g., hacker, malware).
• Threat Actor – An entity (person, group, organization, or nation) that exploits
vulnerabilities to perform malicious actions.
• Exploit – The action of taking advantage of a vulnerability to gain unauthorized access or
cause harm.
• Risk – The potential for a threat to exploit a vulnerability and cause harm, often
quantified in terms of impact and likelihood.

Cybersecurity mindset – Involves being vigilant, proactive, and thinking like an attacker to
defend against potential security risks.

CIA Triad:

• Confidentiality – Ensures that data is accessible only to those who have authorized
access (e.g., encryption).
• Integrity – Ensures that the data has not been altered or tampered with (e.g., hashing).
• Availability – Ensures that the data and systems are accessible and functional when
needed by authorized users.

Cybersecurity challenges – Includes evolving vulnerabilities, increasing sophistication of

attackers, and rapid technological advancements that create new threats.

Linux Access Control – Linux provides greater user control than other operating systems. It
allows fine-grained access control to system resources and the kernel, especially for privileged
users (root).

2. Penetration Testing Phases

Define what is penetration testing – Penetration testing (or ethical hacking) is a process where
security professionals simulate cyberattacks to identify vulnerabilities within a system or
network.

Penetration Testing Phases:

 1. Reconnaissance and Scanning – Gathering background information on the target
system, including IP addresses, services, and vulnerabilities.
2. Vulnerability Detection – Using vulnerability scanners or manual techniques to detect
weaknesses or flaws in the system.
3. Exploitation – Exploiting the identified vulnerabilities to gain unauthorized access to the
system.
4. Privilege Escalation – Gaining higher-level access or administrative rights to the system
once access is achieved.
5. Post-Exploitation – Identifying further weaknesses, pivoting to other systems, gathering
sensitive information, and covering tracks to avoid detection.
6. Reporting – Documenting the findings, including exploited vulnerabilities, their impact,
and mitigation strategies.

3. Cryptography

Define cryptography, encryption, and decryption – Cryptography is the practice of securing

communication and data by transforming readable information (plaintext) into an unreadable
format (ciphertext) using encryption algorithms, and vice versa using decryption.

Why cryptography – To ensure confidentiality, integrity, and authenticity of messages, so that

only authorized individuals can access or interpret the information.

Symmetric Encryption, Diffusion, Confusion:

• Symmetric encryption uses the same key for both encryption and decryption.
• Diffusion spreads the plaintext’s statistical structure into the ciphertext, making it harder
to predict.
• Confusion aims to make the relationship between the plaintext and ciphertext as complex
as possible.

Encryption Modes (ECB, CBC, etc.):

• ECB (Electronic Codebook) – Each block of plaintext is encrypted independently,

which makes it less secure for large data.
• CBC (Cipher Block Chaining) – Each plaintext block is XORed with the previous
ciphertext block before encryption, offering better security.
• CFB (Cipher Feedback) – Works in a similar way to CBC but encrypts smaller blocks.

Public Key Cryptography – A cryptographic system that uses a pair of keys: a public key (for
encryption) and a private key (for decryption). It enables secure communication without the need
for exchanging secret keys in advance.

Diffie-Hellman Key Exchange – A method for securely exchanging cryptographic keys over a
public channel.

RSA Algorithm – A widely-used public-key encryption algorithm:

 • Encryption: C=Memod nC = M^e \mod nC=Memodn
• Decryption: M=Cdmod nM = C^d \mod nM=Cdmodn

Where:

• eee and ddd are the public and private exponents.

• nnn is the modulus.

4. Set-UID Privileged Programs

What is Set-UID? – Set-UID (Set User ID) allows a program to run with the privileges of the
program's owner, often root, regardless of the user running it.

Usage of Set-UID – It’s used to grant temporary elevated privileges for specific tasks. For
example, the sudo command in Unix/Linux systems uses Set-UID to allow users to perform
administrative actions.

Attacking Set-UID – If a program with Set-UID is vulnerable, an attacker can exploit it to gain
elevated privileges (e.g., root access).

5. Environment Variables

Define Environment Variables – These are dynamic values in the operating system that
provide information to running processes. For example, the PATH variable specifies directories
where executable files are located.

Ways to create a process – Processes can be created via:

• fork() – Creates a child process that is a copy of the parent.

• exec() family – Replaces the current process with a new program.

How a process gets its environment variables – When a process is created using fork(), the
child process inherits the environment variables of the parent process.

Attack Surfaces Caused by Environment Variables – Attackers may exploit environment

variables to influence the behavior of programs, especially if the program relies on dynamic
libraries or system paths. It’s important to sanitize inputs and use full paths when invoking
external programs to mitigate these risks.
Additional Notes:

• Static vs. Dynamic Linking: Static linking combines the program and library code into a
single executable, while dynamic linking references shared libraries at runtime.
• Buffer Overflow: This occurs when data overflows a buffer and overwrites adjacent
memory, potentially allowing attackers to execute malicious code.
• Race Condition: Occurs when two processes access shared resources concurrently,
leading to unpredictable outcomes that attackers can exploit.

Corrections Based on Exam Guide:

• Cybersecurity – Correct the definition: Cybersecurity is about securing systems and

networks, not just protecting data.
• CIA Triad – Integrity refers to ensuring the data has not been altered, so “message being
received is the same as the message being communicated” should reflect this principle
more clearly.
• Penetration Testing Phases – "Privilege exploit" should be renamed to "Privilege
Escalation," as this terminology is more commonly used.
• Cryptography – Diffusion and confusion should be clearly explained in relation to their
roles in cryptographic security. The exam guide gives a basic explanation but needs to
make the connection clearer between the concepts and the purpose of the encryption
algorithm.

Exam Guide:
1-Introduction to cybersecurity

a. Define what is cybersecurity – cyber security is the art of protecting data

b. Understand various terminologies: vulnerability, threat, threat actor, exploit and risk – potential
flaws in the system a hacker could exploit, threat- a outside source that could posses an attacko
nteh system, exploit – hackers using the information thatve found to get into the system, risk –
what data could be exploited
c. Cybersecurity mindset - being constant viligant and thinking like a hacker to protect agaissnt
threats
d. CIA Triad – confidentitality – privacy of a conversion, intergrity- the message being recievd is the
same as the message being communicat3ed, availabkity – the message make it to the intended
user
e. Cybersecurity challenges – many vulnerbilityes, hackwer and technogoly is consitently improving
f. Linux Access Control - linux is open source and provided more user control thn other os, allows
more control and access to the kernel with privalged premissions

2- Penetration testing phases

a. Define what is penetration testing - a compnay or internal test to act like a hacker
b. Have an overall view on each phase of the penetration testing process - scanning and reconnise
– backgrounf info, vulnerbily dection – using detectors to find what the vulnerabilities are,
 explorition – exploit the vulnerablities found in the prevous step, privialge exploit – use the
vulnerbility to gain access to system, post exploit – how can we pivot and attack other servers,
what other info can we get, cover tracks, report

3- Cryptography

a. Define cryptography, encryption, decryption – the art of protecting a message so only a person
with the key can understand, encrytion, using a key to encode a message, decode
b. Why cryptography - protect a message t only the writer and anyone with hte key can
understand it
c. Symmetric encryption, diffusion, confusion – uses the same key to encrypt and decrypt, spread
the plaintext statistics into long range statistics of the ciphertext, This is usually done by intricate
methods of substitution, by replacing one piece of data with another in a disorderly disordered
way
d. Encryption modes (ECB, CBC,...) - Electronic Codebook, cyther code block, cipher feedback
e. Public key cryptography -
a. Diffie-Hellman Key exchange - generating a symmetric key over a public channel
b. RSA Algorithm -
i. Selct a p q , p and q btoh prime and not equal
ii. N = p*q
iii. P(n) = (p-1)(q-1)
iv. Select e, gcd(p(n),e = 1; 1< e< p(n)
v. Calc d – de mod p(n) = 1
vi. Public key KU = {e,n}
vii. Private key KR = {d,n}
viii. Encryption – plaintext M<n , ciphertext C =M^e(mod n
ix. Decryption – plaintext C , ciphertext M = C^d(mod n)
c. Digital Signature - an electronic signature that authenticates digital info, used to confirm
info from signer hasn’t changed
f. Public key infrastructure - PKI – framework for managing digital cerifacate and public key to
enable secure digital communication
g. One-Way Hash functions - mathmatical function to take input of any length and output a hash
which is fixed length and very difficult to decode, used to store passwords, examples bveing sha
– 256, md5, sha –3
4- Set-UID Privileged Programs

a. What is SETUID – linux permission that lets users run programs with same privileges as file’s
owner
b. Usage of SETUID - grant temporary elevated permission to preform specific task, such as sudo
c. Attacking SETUID – if a vulnerable process uses setiud bit to run as root, code will excute in root
privilges, giving the attacker root access

5- Environment Variables

a. Define the environment variables - a set of dynamtically named values, part of operating
envirmount is which the process runs,
b. Ways to create a process - fork(), family of exec()
 c. How a process gets its environment variables - fork() child shares the environment varibles

d. Shell variables - When a shell program starts, it copies the environment variables into its own
shell variables. Changes made to the shell variable will not reflect on the environment variables
e. Attack surfaces caused by environment variables - attacker can attack through dynamic libary,
dynamic meaning link during runtime, Static linking results in a binary file that contains both the
program code and the library code, This can be accomplished with the -static flag in C
compiling, Dynamic linking includes a linker in the library that the OS uses to look
up the required library.attack caused by envirmental varibles, external programs,
exec() or system()
f. To fix vulnerabilities used full path to external prgam, and avoid uncertain value in
path
Note: Labs and homework contents are included as well

Here is a practice exam based on the provided information, with solutions at the end.

Practice Exam: Cybersecurity Fundamentals

Part 1: Multiple Choice (1 Point Each)

1. What is the main purpose of cybersecurity?

a. A. To prevent unauthorized access to physical systems.
b. B. To protect systems, networks, and data from cyberattacks, damage, and
unauthorized access.
c. C. To provide encryption to data only.
d. D. To eliminate all types of computer viruses.
2. Which of the following best defines a threat actor in cybersecurity?
a. A. A system that is being attacked.
b. B. A software tool used to exploit vulnerabilities.
c. C. An entity that exploits vulnerabilities to perform malicious actions.
d. D. A protection mechanism against unauthorized access.
3. Which phase of penetration testing focuses on gathering background information about the
target system?
a. A. Exploitation
b. B. Privilege Escalation
c. C. Reconnaissance and Scanning
d. D. Reporting
4. In the CIA Triad, which component ensures that data is only accessible to authorized users?
a. A. Integrity
b. B. Confidentiality
 c. C. Availability
d. D. Risk
5. What is the primary function of Set-UID in Linux?
a. A. It allows a program to run with the privileges of the program's owner.
b. B. It prevents unauthorized access to files.
c. C. It is used to execute shell commands in the background.
d. D. It allows the program to bypass encryption.

Part 2: Short Answer (5 Points Each)

6. Define and explain the role of "risk" in cybersecurity. How is it quantified?

7. Describe how symmetric encryption works and provide an example of its use.
8. Explain the concept of a buffer overflow. How might it be exploited by an attacker?
9. What is the purpose of the RSA algorithm in cryptography? Explain the basic working
principles of RSA encryption and decryption.
10. What are environment variables, and why are they considered a potential attack surface?
How can they be exploited?

Part 3: Practical Application (10 Points Each)

11. You are tasked with performing a penetration test on a web application. How would you go
about identifying SQL injection vulnerabilities in the system? Write the steps you would
follow.
12. Given the following code snippet, explain how an attacker could exploit it using environment
variables to execute malicious code:

$ cat vulnerable_script.sh
#!/bin/bash
echo "Executing task..."
/usr/local/bin/$TASK

What steps would you take to mitigate this risk?

Solutions:
Part 1: Multiple Choice Solutions

1. B. To protect systems, networks, and data from cyberattacks, damage, and unauthorized
access.

Explanation: Cybersecurity is about protecting the overall system, not just focusing on data or specific
components.

2. C. An entity that exploits vulnerabilities to perform malicious actions.

Explanation: A threat actor is a person, group, or entity that causes harm by exploiting system
vulnerabilities.

3. C. Reconnaissance and Scanning

Explanation: This phase involves gathering information about the target system, such as IP addresses,
services, and vulnerabilities.

4. B. Confidentiality

Explanation: Confidentiality ensures that sensitive data is accessible only to those authorized to view it.

5. A. It allows a program to run with the privileges of the program's owner.

Explanation: Set-UID allows a program to execute with the privileges of the program’s owner, often
root, to perform tasks that require elevated permissions.

Part 2: Short Answer Solutions

6. Risk in Cybersecurity
a. Definition: Risk refers to the potential for a threat to exploit a vulnerability and cause
harm. It is a combination of the likelihood of the threat occurring and the impact it
could have.
b. Quantification: Risk is often quantified by assessing the likelihood (probability) of an
attack occurring and the potential impact it would have on the organization or system. A
risk assessment matrix is commonly used.
7. Symmetric Encryption
a. Definition: Symmetric encryption uses the same key for both encryption and decryption
of data.
b. Example: AES (Advanced Encryption Standard) is a commonly used symmetric
encryption algorithm. Both the sender and the receiver need to have the same key for
secure communication.
8. Buffer Overflow
a. Definition: A buffer overflow occurs when a program writes more data to a buffer than
it can hold, leading to the overwriting of adjacent memory.
 b. Exploitation: Attackers can exploit a buffer overflow by injecting malicious code into the
overflowed buffer, potentially gaining control of the system.
9. RSA Algorithm
a. Purpose: RSA is a public-key encryption algorithm that secures communication by using
a pair of keys (public and private).
b. Working:
i. Encryption: The sender encrypts the message (M) using the recipient’s public
key (e, n) to create ciphertext (C).
ii. Decryption: The recipient decrypts the ciphertext (C) using their private key (d,
n) to retrieve the original message (M).
iii. RSA is based on the mathematical properties of large prime numbers and
modular arithmetic.
10. Environment Variables
• Definition: Environment variables are dynamic values used by processes to store information
like system paths, configuration settings, and user-specific variables.
• Attack Surface: Attackers can exploit environment variables to manipulate the behavior of
programs, especially if the program relies on paths or dynamic libraries.
• Exploitation: An attacker can modify environment variables to redirect a program to malicious
libraries or alter its behavior.

Part 3: Practical Application Solutions

11. Identifying SQL Injection Vulnerabilities

• Step 1: Identify user input fields (e.g., login forms, search boxes, URL parameters).
• Step 2: Manually input common SQL injection payloads, such as ' OR 1=1 --, into these fields
and observe the application’s behavior.
• Step 3: Use automated tools like SQLmap to detect SQL injection vulnerabilities.
• Step 4: Analyze the responses to determine if the application is susceptible to SQL injection
(e.g., by receiving unauthorized data or system errors).
• Step 5: Report findings and suggest mitigation strategies such as parameterized queries.
12. Exploiting Environment Variables in a Script
• Explanation: The code snippet dynamically constructs a command by inserting the $TASK
environment variable into the path /usr/local/bin/$TASK. If an attacker sets the TASK
variable to a malicious script (e.g., /tmp/malicious_script), the program would execute
that malicious code.
• Mitigation:
o Use full paths for the execution of programs to prevent the reliance on environment
variables.
o Sanitize and validate all environment variable inputs to ensure they contain safe values.
o Implement security policies such as disabling the use of environment variables in certain
contexts or applying strict control over script execution paths.

This practice exam includes a range of questions to help solidify understanding of cybersecurity
fundamentals, penetration testing, cryptography, and system vulnerabilities.