1.

Types of Firewalls & Vendors of Firewalls

○ Various types of firewalls include packet-filtering, stateful inspection, proxy,
and next-generation firewalls. Popular vendors are Cisco, Palo Alto Networks,
Fortinet, and Check Point.
2. HTTP/HTTPS Requests
○ HTTP (unsecured) and HTTPS (secured with SSL/TLS) are protocols for
sending and receiving information on the web.
3. Security Onion
○ An open-source platform for network security monitoring, intrusion detection,
and log management. It's commonly used in cybersecurity labs.
4. Data Loss Prevention (DLP)
○ DLP solutions prevent sensitive data from being accessed or leaked outside
the organization, ensuring compliance with data protection policies.
5. Types of Attacks
○ Covers various cyber attacks, such as phishing, ransomware, SQL injection,
and Distributed Denial of Service (DDoS).
6. MITRE ATT&CK Framework (Tactics & Techniques)
○ A structured framework to help understand and categorize the behaviors and
techniques used by cyber adversaries.
7. Difference Between NIST and MITRE
○ NIST focuses on cybersecurity standards and frameworks (like NIST
Cybersecurity Framework), while MITRE provides knowledge bases like
ATT&CK for threat intelligence.
8. Mimikatz (Malware)
○ A tool often used by attackers to steal Windows credentials, such as
passwords, from a system's memory.
9. Kerberos Authentication
○ A secure method for authenticating users and services over networks,
primarily used in Windows environments.
10. Vulnerability Scanning
○ Scanning systems to detect known vulnerabilities that could be exploited,
typically done using tools like Nessus or OpenVAS.
11. Windows Event Logs & Log Types
○ Windows event logs store data about system events, such as security logs,
application logs, and system logs, which are crucial for monitoring and
detecting threats.
12. Splunk Architecture
○ Splunk is a popular tool for log analysis, SIEM, and big data analytics. Its
architecture includes components like forwarders, indexers, and search
heads.
13. Types of Alerts
○ Different types of alerts in cybersecurity, such as informational, warning, and
critical alerts, which indicate varying levels of threat severity.
14. Windows Security Log Events
○ Specific events logged by Windows, especially in the security log, which are
used to monitor user activity, system events, and potential security breaches.
15. Incident Response Life Cycle
 ○ Phases in handling incidents: Preparation, Detection, Containment,
Eradication, Recovery, and Lessons Learned.
16. Cyber Kill Chain
○ Describes the steps of a cyber attack, including Reconnaissance,
Weaponization, Delivery, Exploitation, Installation, Command & Control, and
Actions on Objectives.
17. Sub-netting
○ Subnetting divides a network into smaller subnetworks, helping manage IP
addresses more efficiently and enhancing security by isolating network
segments.

Additional Points from Right Side of Notes:

● DNS, SMTP, SFTP, SQL, RDP, Telnet

○ Protocols for different functions like Domain Name System (DNS) for domain
resolution, Simple Mail Transfer Protocol (SMTP) for emails, Secure File
Transfer Protocol (SFTP), SQL for databases, Remote Desktop Protocol
(RDP) for remote access, and Telnet for command-line access.
● OSI Model with Layered Attacks
○ Attacks can target different OSI model layers, such as DDoS on the Network
layer or MITM (Man-In-The-Middle) attacks on the Data Link layer.
● Nmap Commands
○ Nmap is a network scanning tool used to discover devices and services on a
network. Key commands allow for different types of scans, such as ping
scans, service detection, and OS detection.
● CIA Triad
○ The foundation of information security: Confidentiality, Integrity, and
Availability. It represents key principles for securing information and systems.
● Detection of DDoS and DoS Attacks, Phishing and Its Mitigation
○ Techniques to detect Denial of Service (DoS) and Distributed Denial of
Service (DDoS) attacks, as well as methods to identify and mitigate phishing
attempts.
● Cybersecurity Labs & Malware Deletion
○ Practical cybersecurity labs often focus on malware detection, analysis, and
removal, but for security professionals rather than end users.

1. DNS, SMTP, SFTP, SQL, RDP, Telnet

○ DNS (Domain Name System): Translates domain names (like
[Link]) to IP addresses. DNS attacks, like DNS poisoning, can
redirect users to malicious sites.
 ○ SMTP (Simple Mail Transfer Protocol): The standard protocol for sending
emails. Often targeted in email spoofing or phishing attacks.
○ SFTP (Secure File Transfer Protocol): Provides a secure way to transfer
files over a network, protecting data from interception.
○ SQL (Structured Query Language): Used for managing data in databases.
SQL injection attacks exploit vulnerabilities to manipulate databases.
○ RDP (Remote Desktop Protocol): Allows remote access to Windows
systems. RDP brute force attacks try to gain unauthorized access.
○ Telnet: A protocol for command-line access to remote devices. Generally
considered insecure because it sends data in plaintext, making it vulnerable
to interception.
2. OSI Model with Layered Attacks
○ Each layer of the OSI (Open Systems Interconnection) model can be targeted
by specific attacks:
■ Application Layer (Layer 7): Attacks like SQL injection or DDoS.
■ Presentation Layer (Layer 6): SSL stripping or encryption-based
attacks.
■ Session Layer (Layer 5): Session hijacking attacks.
■ Transport Layer (Layer 4): SYN flood (DDoS) attacks.
■ Network Layer (Layer 3): IP spoofing, ICMP flood attacks.
■ Data Link Layer (Layer 2): MAC flooding, ARP spoofing.
■ Physical Layer (Layer 1): Physical attacks on hardware or
infrastructure, like cable tampering.
3. Nmap Commands
○ Basic Scan: nmap [IP/hostname] - Performs a simple scan to discover
open ports.
○ Aggressive Scan: nmap -A [IP/hostname] - Provides detailed
information, including OS detection, service versions, and script scanning.
○ Service Version Detection: nmap -sV [IP/hostname] - Identifies
versions of services running on open ports.
○ OS Detection: nmap -O [IP/hostname] - Attempts to determine the
operating system of the target.
○ Vulnerability Scan: nmap --script vuln [IP/hostname] - Runs
vulnerability detection scripts.
4. CIA Triad (Confidentiality, Integrity, Availability)
○ Confidentiality: Ensures data is accessible only to authorized users.
Encryption and access controls help maintain confidentiality.
○ Integrity: Ensures data is accurate and unaltered. Hashing and checksums
are used to verify data integrity.
○ Availability: Ensures systems and data are accessible when needed.
Techniques like redundancy and DDoS mitigation support availability.
5. Detection of DDoS and DoS Attacks, Phishing and Its Mitigation
○ DDoS Detection: Using network monitoring tools to detect unusual traffic
patterns, like spikes in requests from multiple IPs.
○ Phishing Detection: Email filtering systems analyze email content for
phishing indicators like suspicious links or spoofed addresses.
○ Mitigation Techniques:
 ■ For DDoS: Rate limiting, IP blacklisting, and load balancing.
■ For Phishing: User training, email authentication (like SPF, DKIM),
and URL filtering.
6. Cybersecurity Labs & Malware Deletion
○ Cybersecurity Labs: Hands-on labs allow cybersecurity professionals to
practice detecting, analyzing, and mitigating cyber threats in a controlled
environment. Labs may cover malware analysis, network monitoring, incident
response, and penetration testing.
○ Malware Deletion: Focuses on identifying and safely removing malware from
systems, often using antivirus software or specialized malware removal tools.
Cyber labs provide safe practice environments for testing malware removal
strategies without affecting real systems.