Cyber Security

A hacker is someone who uses their technical knowledge and skills to solve problems, often by exploring and manipulating computer systems, networks, or software. The term can have both positive and negative meanings depending on the context.

Attacker attacks the victim through vulnerabilities to cause threats.

• Strong curiosity: Deeply understanding how systems and applications work, which make them stronger than white hackers mostly

• Problem-solving and challenge seeking: Finding vulnerabilities or unconventional ways to achieve goals

• Creativity and innovation: Using non-traditional methods to hack or protect systems

• Analysis and deconstruction: Breaking down software or networks to find weaknesses

• Persistence: Trying repeatedly until success

• Challenge: Never forgive, and repeat trials

• Self-starter: No one should onboard or help him

02- Hackers Technical skills

1. Networking & Protocols – TCP/IP, DNS, HTTP(S), VPN, NAT

2. Operating Systems – Deep understanding of Linux, Windows internals

3. Programming – Python, Bash, JavaScript, C/C++

4. Web Technologies – HTML, JS, cookies, sessions, REST APIs

5. Exploitation Techniques – XSS, SQLi, buffer overflow, privilege escalation

6. Tools Mastery – Nmap, Wireshark, Metasploit, Burp Suite, Aircrack-ng

7. Cryptography Basics – Hashing, symmetric/asymmetric encryption

8. Reverse Engineering – Decompiling, debugging, malware analysis

9. Cloud & Container Security – AWS, Azure, Docker, Kubernetes

10. Security Frameworks – OWASP, MITRE ATT&CK, NIST, ISO 27001

11. Business understanding: Can understand business and lifecycle

Hacker, we call him also MITM: Man-in-the-Middle attack — intercepting communications, you should have End-to-end encryption, HTTPS, and VPN.

We have different types of hackers as follows:

• White Hat

  1. 1. Ethical hackers who test security

     2. Help improve security

     3. Penetration testers, security researchers

• Black Hat

  1. 1. Malicious hackers who exploit systems

     2. Financial gain, disruption

     3. Cybercriminals, ransomware attackers

• Red Hat:

  1. 1. Anti Black-Hat Hackers

• Gray Hat

  1. 1. Between white and black — may hack without permission, but not for harm

     2. Often curiosity or “hacktivism”

     3. Hackers who disclose vulnerabilities publicly

• Green Hat:

  1. 1. New to hacking 

     2. Willing to learn

• Blue Hat:

  1. 1. Looking for revenge

• Script Kiddies

  1. 1. Inexperienced hackers using tools made by others

     2. Thrill, notoriety

     3. Novice attackers using public exploits

• Hacktivists

  1. 1. Hackers driven by political/social causes

     2. Protest, activism

     3. Anonymous group

• State-Sponsored

  1. 1. Hackers working for governments

     2. Espionage, sabotage

     3. APT groups (e.g., Fancy Bear)

• Insiders

  1. 1. Employees or contractors abusing access

     2. Revenge, financial gain

     3. Disgruntled employees

• Cyber Terrorists

  1. 1. Use hacking to cause terror or fear

     2. Political or ideological

     3. Attacks on critical infrastructure

• Red team

  1. 1. Ethical hackers who test security

     2. Help improve security

     3. Penetration testers, security researchers

• Blue team

  1. 1. Malicious hackers who exploit systems

     2. Financial gain, disruption

     3. Cybercriminals, ransomware attackers

• Purple team

  1. 1. Anti Black-Hat Hackers

     2. Thrill, notoriety

     3. Novice attackers using public exploits

• Hacktivists

  1. 1. Hackers driven by political/social causes

     2. Protest, activism

     3. Anonymous group

• State-Sponsored

  1. 1. Hackers working for governments

     2. Espionage, sabotage

     3. APT groups (e.g., Fancy Bear)

• Insiders

  1. 1. Employees or contractors abusing access

     2. Revenge, financial gain

     3. Disgruntled employees

• Cyber Terrorists

  1. 1. Use hacking to cause terror or fear

     2. Political or ideological

     3. Attacks on critical infrastructure

• Virus

  1. 1. Attaches to files and activates when user runs the file

     2. Auto-Spread

     3. Does not steal data (sometimes)

     4. Cause Damage

     5. Downloading/executing infected files or macros

• Worm

  1. 1. Self-replicating, spreads via networks

     2. Auto-Spread

     3. Steal data

     4. Cause Damage

     5. Exploiting network/system vulnerabilities

• Trojan

  1. 1. Masquerades as legitimate software

     2. Not Auto Spread

     3. Steal data

     4. Cause Damage

     5. User installs fake or malicious app

• Ransomware

  1. 1. Encrypts data and demands ransom

     2. Auto-spread(often via Trojan)

     3. Steal data

     4. Cause Damage (critical)

     5. Phishing emails, malicious links, file downloads

• Spyware

  1. 1. Secretly monitors and collects user data

     2. Not auto-spread

     3. Steal data

     4. Does not Cause Damage

     5. Bundled with software, phishing, browser exploits

• APT

  1. 1. Long-term stealthy attack by organized group

     2. Not auto-spread

     3. Steal data(targeted)

     4. Cause Damage (strategic)

     5. Spear-phishing, zero-day exploits, social engineering

• Storm

  1. 1. Famous worm that created a botnet (Storm Worm, 2007)

     2. Auto-Spread

     3. Steal data

     4. Cause Damage

     5. Email attachments (“Storm alert” subject lines)

Persona Development:

• Values

  • • Steal sensitive data:

      • • Target: Personally Identifiable Information (PII), financial records, intellectual property.

        • Motivation: Sell on dark web, leverage for blackmail, or use for competitive advantage.

    • Steal assets

      • • Target: Digital transactions, proprietary code, operational technology.

        • Motivation: Direct monetary gain or disruption of competitor operations.

    • Impact reputation

      • • Target: Public trust, brand credibility, shareholder confidence.

        • Motivation: Cause market damage, incite public backlash, or force compliance with demands.

• Characteristics

  • • Tech expert: Deep knowledge in exploit development, reverse engineering, and security bypass techniques.

    • Patient: Willing to remain undetected for weeks or months to maximize exploitation opportunities.

    • Multi-Vector capabilities: 

      • • OS: Privilege escalation, kernel exploits, persistence mechanisms. 

        • Infra: Network pivoting, VPN compromise, lateral movement 

        • DB: SQL injection, privilege abuse, backup theft 

        • Dev: Supply chain attacks, code repository poisoning, build process compromise.

How to use this persona:

Requirement Development Process

• Translate each value into mandatory security requirements.

• Example: “Steal Sensitive Data” → encryption-at-rest, data classification, access reviews.

• Integrate security acceptance criteria for every functional requirement.

Architecture

• Design layered defenses mapped to each characteristic.

• OS: Harden builds, enable least privilege, enforce patch management.

• Infra: Network segmentation, zero-trust authentication.

• DB: Dedicated DB firewalls, query whitelisting.

• Dev: Signed commits, secure CI/CD pipelines, dependency scanning.
  
  

Testing

• Simulate persona’s multi-vector methods in red team exercises.

• OS layer: Privilege escalation tests.

• Infra layer: Lateral movement detection.

• DB layer: Injection testing.

• Dev layer: Supply chain penetration testing.