******Caution*********
Khmercertified nor anyone will be responsible for your own actions. Please do not hack anything if you don’t have permission to do so! You can get into a lot of trouble.
Because computer is a tool and it can keep logs of every actions. This web site are for entertainment only and please do seek professional advise!
***********************
Cyber Security intro:
How to protect computer software against another computer software? This other software are also known as: worm or virus or trojan. They are all design to take advantage of the weakness in coding and hardware. It is also to learn more about how a particular software or hardware put together, to reverse engineer it.
The protection steps are:
Step 1: Patching by staying update on all of software and hardware use.
Do not use any unsupported software or discontinue software and hardware.
Because if the software or hardware are discontinue the old code will be available some how and once it is available, people will find way to learn more about the software and hardware. To reverse engineer or to learn more about it. Soon, they will find away to trick that software or hardware over time to do what they wanted to do.
Example, a programmer dream of create another version of Microsoft operating system. And by examine and reading the old code of window XP or Window 7 then accidentally found a way to trick the code and once this found it could only lead to security issue for people who still use old software or hardware.
Step 2: Change your password more often, because it is part of the software the longer it stay the same the most vulnerably it will be.
Step 3: Programmer need to do a better coding by using encryption technique in the coding itself such as using the latest: SSL connections, or HTTPS for web site, use the encryption protocol.
Step 4: Install Firewall and enable the latest TLS on the firewall side.
A firewall job is block or allow network ports and computer software “service” between system.
Step 5: Install antivirus software, is software that Help detect those reverse engineer software that try to gain access to the system.
Step 6. Again the old the stuff are the most likely it will be reverse engineer. This can especially true to most Microsoft software, because the mission to make computer easy to be use for everyone come with a price.
Step 7. The most protect system are the system that are the disconnected offline and power off.
And that is impossible of today age! Computer are connected to the internet for sure…
Step 8. Remove out of not used: Software, Hardware, Services, Block Ports and assigned limited right to the system, etc…Limiting access from a location only or hour available to system.
Step 9: Disable or only allow a certain commands to run within that system.
Step 10: Browser are the gateway for the hacker, you must keep them update and keep an eyes on add-on or website script running, the foreground and background running: services, ports are all need to be exam closely and monitor.
Step 11. The bad new is that Unix base system has a built in: help /?
Which allow hacker to learn easily on how to run those commands perfectly while learning how to hack into your system.
Step 12: Again, by adding 1 single program to the system. It will potentially expose or compromise the whole PC, if that added program is outdate or no longer supported by the vendor.
By tracking every program / service / ports that running within the PC into the database is the key to keep that PC secured.
The lesser the program installed on that PC, the more secure it will be. Also, by installing a security software to protect that PC. It can also lead to compromise that PC, if that security software has been hacked.
Lets talk about some of the Offensive Tools use to gain access to a system. And most of the system are UNIX base system, a command line base system: Parrot OS, Ubuntu.
The most popular one is Kali-Linux
Kali-Linux is a command base which mean. You must know the function or commands or program name in order to run it and IT IS CASE SENSITIVE!
Below are some of the beginner commands and how to use them.
Type the command first, then follow by more action as example below:
enter root password:
sudo su
copy:
CTRL+SHIFT+C
Paste:
CTRL+SHIFT+V
installing an application call Tilix:
apt-get install Tilix
uninstall an application call Tilix:
sudo apt remove tilix
change to another folder call home:
cd home
go to root folder, similar as in Window cmd:
cd /root
go back a folder:
cd ..
clear the screen:
clear
go to folder: etc
cd etc
go to folder: apt
cd apt
download application from that url:
wget http://
searching:
search
grep
cat /
ftp
run ftp://
open an application call msfconsole
msfconsole
open a service: postgresqul
sudo service postgresqul start
show all installed packages:
apt-cache search nmap | wc -1
Launch a program call: nmap
nmap
show path of where you at:
pwd
show what username you’re login as:
whoami
show ip configuration:
ifconfig
ping to test connection:
ping
show a folder:
ls
ls -al
make a new folder call: Cisco2
mkdir /home/tommy/Desktop/Cisco2
create a new file or view file content:
cat Cisco.txt
copy a file cisco.txt to the desktop:
cp Cisco.txt /home/tommy/Desktop/Cisco.txt
Rename And Moving a file or folder:
mv /home/tommy/Desktop/Cisco.txt /home/tommy/Downloads/
delete file or folder:
rm -rf /home/tommy/Desktop/Cisco.txt
view a text file in another terminal:
less /home/tommy/Desktop/Cisco.txt
view a text file within the same terminal:
more /home/tommy/Desktop/Cisco.txt
sorting a text file type:
sort file.txt
view Linux version running:
uname -a
view how long the system been running:
uptime -p
view a list of commands had been ran:
history
—-
History command is the same as in: Cisco IOS, and IBM AS400 also.
:::What is the next steps after you installed Kali-Linux from the CD:::
Step 1: after downloaded and install Kali-Linux into VMware machine and the set the VMware to use NAT.
Step 2: The next step is to update all the packages (applications) in Kali to have the latest.
Step 3: Check to see if you have the URL to download the latest packages:
cat /etc/apt/sources.list
*It should show something similar to step 4, if you don’t have the URL then go to step 4-B
Step 4-a
sudoedit /etc/apt/sources.list
Step 4-b copy and paste the bottom 3 code of line:
deb http://http.kali.org/kali kali-rolling main non-free contrib
deb http://http.kali.org/kali kali-last-snapshot main non-free contrib
deb http://http.kali.org/kali kali-experimental main non-free contrib
Step 5:
Save the setting after entered the deb url link in the sources.list files by:
ctrl s
Step 6: verify to see that has been saved:
cat /etc/apt/sources.list
step 7: Then run the update:
sudo apt update
sudo apt full-upgrade -y
*It will take a while for the update to finish!
Step 8: Learn Unix/Linux commands
Ok, what about the tool to detect the offensive tool that are attempting to gain access to the system. This is know as Defensive Tools. The defensive tool are taking a snap shot of every day activity of the system and report or alert any unusual activity to your attentions. Example, why suddenly so much traffic happen on this day on this system.
You can install and check out:
security onion
Khmer Certified 
One thought on “Cyber Security intro:”