Learning Objectives
Ground Rules / Ethics / Legal
Quick Cybersecurity Primer
Threat Actor Profiling
Reconnaissance
POV of a Threat Actor
POV of a Threat Actor
OSINT — What it is & why it matters
Have you done transactions via Social Media?
Are you familiar with FB Marketplace?
Social Media Impersonation is rampant even for ordinary people.
Have you encountered an enticing article (probably too good to be true) then you are redirected elsewhere when clicked?
Have you received an SMS from Maya asking you to click on a link? Sender says Maya.
NCAP is trending. Have you received an SMS like this?
“Globe” also sends suspicious links
Legitimate-looking domains and website!
Tasks:
Scanning
Port Scan. What for?
Port Range | Numbers | Purpose |
Well-Known Ports | 0 to 1,023 | Reserved for common, well-established internet services (e.g., HTTP on port 80, FTP on port 21, DNS on port 53). |
Registered Ports | 1,024 to 49,151 | Can be registered by applications or vendors for specific services, but they are not as tightly controlled as well-known ports. |
Dynamic/ Private Ports | 49,152 to 65,535 | Used by client programs when they initiate a connection. These are temporary or "ephemeral" ports assigned by the client's operating system. |
Tasks
Gaining Access
Metasploit Fundamentals
Server and App VAPT | J. Pineda | © All Rights Reserved 2020
36
Server and App VAPT | J. Pineda | © All Rights Reserved 2020
38
Tasks
Realizations
Cyber attacks are becoming more and more creative.
Regular security awareness is not enough… we need to go further than that.
Evaluate, scrutinize and analyze!
Defensive Controls
Policies & Incident Reporting
Knowledge Check # 1
Knowledge Check # 2
Knowledge Check # 3
Key Takeaways
1. The Cyber Battlefield
2. How Attacks Begin
3. Our Defensive Mindset
Exercise