{"id":28339977,"url":"https://github.com/santosh-baliarsingh/cybersecurity-notes","last_synced_at":"2026-02-09T13:32:29.139Z","repository":{"id":288303390,"uuid":"967575176","full_name":"Santosh-Baliarsingh/CyberSecurity-Notes","owner":"Santosh-Baliarsingh","description":"This repository is a curated collection of concepts, explanations, real-world examples, and best practices related to cybersecurity.","archived":false,"fork":false,"pushed_at":"2025-04-17T17:17:01.000Z","size":15,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-08-15T23:38:31.680Z","etag":null,"topics":["cyberkillchain","cybersecurity","cybersecurity-tools","governance-risk-compliance"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Santosh-Baliarsingh.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-04-16T17:03:04.000Z","updated_at":"2025-08-14T12:22:21.000Z","dependencies_parsed_at":"2025-04-17T02:04:06.107Z","dependency_job_id":"b7453a24-5144-4337-b57b-4ed17c55eaac","html_url":"https://github.com/Santosh-Baliarsingh/CyberSecurity-Notes","commit_stats":null,"previous_names":["santosh-baliarsingh/cybersecurity-notes"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/Santosh-Baliarsingh/CyberSecurity-Notes","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Santosh-Baliarsingh%2FCyberSecurity-Notes","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Santosh-Baliarsingh%2FCyberSecurity-Notes/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Santosh-Baliarsingh%2FCyberSecurity-Notes/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Santosh-Baliarsingh%2FCyberSecurity-Notes/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Santosh-Baliarsingh","download_url":"https://codeload.github.com/Santosh-Baliarsingh/CyberSecurity-Notes/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Santosh-Baliarsingh%2FCyberSecurity-Notes/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29266965,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-09T12:53:16.161Z","status":"ssl_error","status_checked_at":"2026-02-09T12:52:30.244Z","response_time":56,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cyberkillchain","cybersecurity","cybersecurity-tools","governance-risk-compliance"],"created_at":"2025-05-27T02:17:39.008Z","updated_at":"2026-02-09T13:32:29.123Z","avatar_url":"https://github.com/Santosh-Baliarsingh.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003c!-- markdownlint-disable MD033 --\u003e\n# Cyber Security Notes\n\n**Welcome to My personal CyberSecurity Notes! This repository is a curated collection of `concepts`, `explanations`, `real-world examples`, and `best practices` related to `cybersecurity`.**\n\n## 📜 Legal \u0026 Disclaimer\n\n- **Please read the [DISCLAIMER.md](/DISCLAIMER.md) before using or referencing this content.**\n\n## Table of Content\n\n| No | Section | Sub-Section |\n|----|---------------------------------------------|-------------|\n| 1 | [**Governance \u0026 Regulation in Cybersecurity**](#governance--regulation-in-cybersecurity) | a. [**Important Terminologies**](#important-terminologies)\u003cbr\u003e b. [**What is Cybersecurity Governance?**](#what-is-cybersecurity-governance)\u003cbr\u003e c. [**Key Components of Cybersecurity Governance**](#key-components-of-cybersecurity-governance)\u003cbr\u003e d. [**Cybersecurity Regulations \u0026 Laws**](#cybersecurity-regulations--laws)\u003cbr\u003e e. [**Real-World Example of Governance \u0026 Regulation**](#real-world-example-of-governance--regulation)\u003cbr\u003e f. [**Tools \u0026 Frameworks for Governance**](#tools--frameworks-for-governance)\u003cbr\u003e g. [**Summary Notes**](#summary-notes) |\n| 2 | [**Cyber Kill Chain**](#cyber-kill-chain) | a. [**Reconnaissance**](#1-reconnaissance-target-identification)\u003cbr\u003e b. [**Weaponization**](#2-weaponization-creating-payload)\u003cbr\u003e c. [**Delivery**](#3-delivery-delivering-the-payload)\u003cbr\u003e d. [**Exploitation**](#4-exploitation-triggering-the-exploit)\u003cbr\u003e e. [**Installation**](#5-installation-installing-malware)\u003cbr\u003e f. [**Command and Control**](#6-command-and-control-c2)\u003cbr\u003e g. [**Actions on Objectives**](#7-actions-on-objectives-final-goal-achieved)\u003cbr\u003e h. [**Kill Chain Summary Table**](#kill-chain-summary-table)\u003cbr\u003e i. [**Realistic Scenario in Flow**](#realistic-scenario-in-flow) |\n| 3 | [**Cybersecurity Principles**](#cybersecurity-principles) | a. [**CIA Triad**](#1-cia-triad-core-security-principles)\u003cbr\u003e b. [**DAD Triad**](#2-dad-triad-attackers-goals)\u003cbr\u003e c. [**Defense-in-Depth**](#3-defense-in-depth)\u003cbr\u003e d. [**Fundamental Concepts of Security Models**](#4-fundamental-concepts-of-security-models)\u003cbr\u003e e. [**ISO/IEC 19249**](#5-isoiec-19249)\u003cbr\u003e f. [**Zero Trust vs Trust but Verify**](#6-zero-trust-vs-trust-but-verify)\u003cbr\u003e g. [**Threat vs Risk**](#7-threat-vs-risk)\u003cbr\u003e h. [**Summary Notes (Quick Reference Table)**](#summary-notes-quick-reference-table) |\n\n## Governance \u0026 Regulation in Cybersecurity\n\n### Important Terminologies\n\n- **`Governance`:**\n \n - Managing and directing an organisation or system to achieve its objectives and ensure compliance with laws, regulations, and standards.\n\n- **`Regulation`:**\n \n - A rule or law enforced by a governing body to ensure compliance and protect against harm.\n\n- **`Compliance`:**\n \n - The state of adhering to laws, regulations, and standards that apply to an organisation or system.\n\n### What is Cybersecurity Governance?\n\n- Cybersecurity governance is the `framework` used by organizations to manage and direct their security efforts. It ensures that:\n\n - Cybersecurity aligns with business goals\n\n - Risks are identified and managed\n\n - Policies, roles, and responsibilities are clearly defined\n\n - Legal and regulatory compliance is maintained\n\n## Key Components of Cybersecurity Governance\n\n| **Component** | **Description** |\n|------------------------|-----------------------------------------------------------------------------|\n| **`Policies` \u0026 `Standards`** | Define how the organization protects data and systems (e.g., password policies, encryption standards). |\n| **`Risk Management`** | Identifies, assesses, and prioritizes cybersecurity risks. |\n| **`Roles` \u0026 `Responsibilities`** | Assigns responsibilities (CISO, IT Admin, Security Analyst, etc.). |\n| **`Monitoring` \u0026 `Reporting`** | Ensures continuous oversight and improvement of security controls. |\n| **`Incident Response Plan`** | Guides how to respond to cyber incidents effectively. |\n\n## Cybersecurity Regulations \u0026 Laws\n\n### Global Regulations\n\n| **Law/Framework** | **Purpose** |\n|-----------------------|---------------------------------------------------------------------------------------------|\n| **`GDPR` (`EU`)** | General Data Protection Regulation: Protects personal data and privacy of EU citizens. Heavy fines for data breaches. |\n| **`HIPAA` (`USA`)** | Protects health information in the healthcare sector. |\n| **`PCI-DSS`** | For organizations handling credit card data (banks, payment processors). |\n| **`NIST Framework` (`USA`)** | National Institute of Standards and Technology: A security guideline followed by government and private companies. |\n\n### Indian Cybersecurity Regulations\n\n| **Law/Policy** | **Description** |\n|---------------------------|---------------------------------------------------------------------------------|\n| **`IT Act 2000`** | Main cyber law in India. Covers hacking, identity theft, cyber terrorism, etc. |\n| **`CERT-In Guidelines` (`2022`)** | Indian Computer Emergency Response Team mandates breach reporting within 6 hours.|\n| **`Data Protection Act` (`2023`)**| Aims to safeguard personal data and privacy of Indian citizens (inspired by GDPR).|\n| **`Digital India Initiatives`** | Promotes cybersecurity in e-Governance, digital banking, and Aadhaar systems. |\n\n## Real-World Example of Governance \u0026 Regulation\n\n- Let’s say **`\"SecureBank Ltd.\"`** is a digital bank in India.\n\n- 👨‍💼 **`Governance`:**\n\n - The **`CISO`** sets a policy: All customer data must be encrypted and stored in India.\n\n - A risk assessment shows their mobile app backend is vulnerable.\n\n - Security team is assigned responsibility to fix it within 30 days.\n\n- 📜 **`Regulation`:**\n\n - They follow **`CERT-In rules`** and must report any data breach within **`6 hours`**.\n\n - They must comply with **`Data Protection Act 2023`** ensuring customers can delete or correct their data.\n\n - Their credit card processing must meet **`PCI-DSS standards`**.\n\n## Tools \u0026 Frameworks for Governance\n\n| **Tool/Framework** | **Usage** |\n|-------------------------|---------------------------------------------------------------------------------------------|\n| **`ISO/IEC 27001`** | International standard for managing information security |\n| **`NIST CSF`** | Risk management and cybersecurity best practices |\n| **`COBIT`** | Governance framework for IT management |\n| **`SOC 2`** | Audit standard for service providers handling data |\n\n### Summary Notes\n\n- **`Cybersecurity governance`** = Strategy + policies + roles for secure operations.\n\n- **`Regulation`** = Laws enforced by governments to protect user data and systems.\n\n- Real-world organizations must follow both internal policies (governance) and external laws (regulation).\n\n- Non-compliance can result in **`hefty fines`**, **`loss of reputation`**, or even **`legal action`**.\n\n## Cyber Kill Chain\n\n- The **`Cyber Kill Chain`** — a concept developed by **`Lockheed Martin`** in `2011`.\n\n- The **`Cyber Kill Chain`** is a **`framework`** that outlines the steps adversaries follow to launch and execute a `cyberattack`. It helps defenders identify and stop attackers at various stages.\n\n### **1. `Reconnaissance` (`Target Identification`)**\n\n- **`What happens`:**\n\n - The attacker gathers information about the target organization (**`OSINT`**, **`social media`**, **`employee info`**, **`tech stack`**)\n\n- **`Real-World Example`:**\n\n - Attacker searches for examplecorp.com on:\n\n - LinkedIn (employee names, job titles)\n\n - Shodan (open servers and devices)\n\n - Google Dork:\n \n ```bash\n site:examplecorp.com filetype:pdf\n ```\n\n - Finds exposed `PDF documents` with `employee emails` and `internal IPs`.\n\n- **`Defender Tip`:** Monitor for unauthorized scanning and public exposure of internal docs.\n\n### **2. `Weaponization` (`Creating Payload`)**\n\n- **`What happens`:**\n\n - The attacker crafts a **`weaponized payload`** using an exploit + a backdoor or malware.\n\n- **`Real-World Example`:**\n\n - Attacker creates a malicious **`PDF file`** that uses an old Adobe Reader vulnerability to run a reverse shell.\n\n- **`Defender Tip`:** Use `sandboxing` and `antivirus` to detect crafted payloads before they execute.\n\n### **3. `Delivery` (`Delivering the Payload`)**\n\n- **`What happens`:**\n \n- The attacker delivers the payload via:\n\n - Email (phishing)\n\n - USB drops\n\n - Malicious websites\n\n - Drive-by downloads\n\n- **`Real-World Example`:**\n\n - A **`phishing email`** is sent to an employee pretending to be HR with a subject: **`\"Salary Hike Details - March 2025\"`**\n\n - Attached **`PDF`** has the exploit from **`Step 2`**.\n\n- **`Defender Tip`:** Train employees to recognize phishing. Use email filters and spam protection.\n\n### **4. `Exploitation` (`Triggering the Exploit`)**\n\n- **`What happens`:**\n \n - Once the victim opens the payload, the exploit runs and executes the attacker's code.\n\n- **`Real-World Example`:**\n\n - Employee opens the malicious `PDF`.\n\n - **`Exploit triggers`**, runs a **`reverse shell`**:\n\n - Attacker gets **`low-privileged access`** to the **`user’s system`**.\n\n- **`Defender Tip`:** Keep software patched. Use **`endpoint detection` (`EDR`)**.\n\n### **5. `Installation` (`Installing Malware`)**\n\n- **`What happens`:**\n \n - Attacker installs **`malware` (`backdoor`, `keylogger`, `trojan`)** to maintain access.\n\n- **`Real-World Example`:**\n\n - Attacker installs **`Cobalt Strike Beacon`** or **`Netcat listener`** for **`persistence`**:\n \n ```bash\n nc -nlvp 4444\n ```\n\n- **`Defender Tip`:** Monitor `registry changes`, `startup scripts`, and use `behavior-based detection`.\n\n### **6. `Command and Control` (`C2`)**\n\n- **`What happens`:**\n \n - The attacker establishes communication with the victim's system to send commands and receive stolen data.\n\n- **`Real-World Example`:**\n\n - Infected system pings a remote `C2` server every 10 seconds via HTTP.\n\n - Attacker sends command to **`escalate privileges`** or **`download more malware`**.\n\n- **`Defender Tip`:** Monitor `outbound traffic` for connections to `unusual domains` or `IPs`.\n\n### **7. `Actions on Objectives` (`Final Goal Achieved`)**\n\n- **`What happens`:**\n \n- Attacker performs the intended objective:\n\n - **`Data theft`**\n\n - **`Destroy systems`**\n\n - **`Ransomware attack`**\n\n - **`Lateral movement`**\n\n- **`Real-World Example`:**\n\n - Attacker uses stolen credentials to access the `finance department server`.\n\n - `Exfiltrates` payroll data and sends to external server.\n\n- **`Defender Tip`:** Use file `integrity monitoring`, `DLP systems`, and `role-based access control`.\n\n### Kill Chain Summary Table\n\n| **Stage** | **Attacker's Action** | **Real-World Example** | **Defense** |\n|--------------------------------|----------------------------|------------------------------------------|--------------------------------------|\n| **`1. Reconnaissance`** | **`Gather info`** | **`Google`, `LinkedIn`, `Shodan`** | **`OSINT monitoring`** |\n| **`2. Weaponization`** | **`Create payload`** | **`Malicious PDF with exploit`** | **`Sandbox`, `signature detection`** |\n| **`3. Delivery`** | **`Send payload`** | **`Phishing email`** | **`Email filters`, `training`** |\n| **`4. Exploitation`** | **`Trigger exploit`** | **`PDF opens reverse shell`** | **`Patching`, `EDR`** |\n| **`5. Installation`** | **`Install malware`** | **`Cobalt Strike beacon`** | **`Behavior detection`** |\n| **`6. Command \u0026 Control`** | **`Remote control`** | **`C2 via HTTP to attacker server`** | **`Monitor outbound traffic`** |\n| **`7. Actions on Objectives`** | **`Final impact`** | **`Data exfiltration`** | **`DLP`, `logging`, `SIEM`** |\n\n### Realistic Scenario in Flow\n\n- Attacker identifies target `John@company.com` on LinkedIn (`Recon`).\n\n- Crafts a PDF with an exploit and backdoor (`Weaponization`).\n\n- Sends a phishing email (`Delivery`).\n\n- John opens it, exploit runs (`Exploitation`).\n\n- Malware installs, persists (`Installation`).\n\n- Machine connects to attacker’s C2 server (`C2`).\n\n- Attacker steals sensitive internal financial reports (`Objectives`).\n\n## Cybersecurity Principles\n\n### **1. `CIA Triad` (`Core Security Principles`)**\n\n- **`What is it?`**\n \n- A foundational model for ensuring information security. It stands for:\n\n - **`C`onfidentiality**\n \n - **`I`ntegrity**\n\n - **`A`vailability**\n\n- **`Real-World Examples`:**\n\n### CIA Triad Table\n\n| **Principle** | **Meaning** | **Example** |\n|-----------------------|--------------------------------------------------|-----------------------------------------------------------------------------|\n| **`Confidentiality`** | Only authorized people can access data | Bank encrypts your account details; attacker cannot read your ATM PIN |\n| **`Integrity`** | Data should not be tampered with | Tamper-proof logs in a healthcare system; no one can alter patient records |\n| **`Availability`** | Systems/data should be accessible when needed | Google services (Gmail, Drive) must be available 24/7; DDOS protection ensures this |\n\n### **2. `DAD Triad` (`Attacker’s Goals`)**\n\n- While **`CIA`** is from the **`defender’s side`**, **`DAD`** is from the **`attacker’s view`**:\n\n - **`D`isclosure (`breaking confidentiality`)**\n\n - **`A`lteration (`breaking integrity`)**\n\n - **`D`estruction/`D`enial (`breaking availability`)**\n\n- **`Example`:**\n\n - Attacker `leaks passwords` → **`Disclosure`**\n\n - `Modifies` a company invoice → **`Alteration`**\n\n - Launches `DDoS` on a website → **`Denial`**\n\n### **3. `Defense-in-Depth`**\n\n- **`What is it?`**\n \n- A layered security strategy where multiple controls are in place so if one fails, others still protect the system.\n\n- **`Real-World Example`:**\n \n - Let’s say you're protecting a data center:\n\n - **`Physical Security`** – **`Security guards`, `keycards`**\n\n - **`Network Security`** – **`Firewalls`, `IDS`/`IPS`**\n\n - **`System Security`** – **`Antivirus`, `EDR tools`**\n\n - **`Access Control`** – **`Role-based access`**\n\n - **`Encryption`** – **`For stored and transmitted data`**\n\n - **`Monitoring`** – **`SIEM`, `alert systems`**\n\n- Even if an attacker breaks in at one level, other levels still stop or detect the threat.\n\n### **4. `Fundamental Concepts of Security Models`**\n\n- Security models are theoretical frameworks used to design secure systems\n\n### Security Models Table\n\n| **Model** | **Focus** | **Real-Life Example** |\n|--------------------------------------|-------------------------------|----------------------------------------------------------------------------|\n| **`Bell-LaPadula`** | Confidentiality only | Military systems where data classification matters (Top Secret, Secret, Confidential) |\n| **`Biba Model`** | Integrity | Medical databases to prevent doctors from altering lab results |\n| **`Clark-Wilson`** | Commercial integrity | Banking systems ensuring only approved transactions are allowed |\n| **`Brewer-Nash (Cinderella Model)`** | Prevent conflict of interest | Legal firms can't let lawyers access two competing client cases |\n\n### **5. `ISO/IEC 19249`**\n\n- **`What is it?`**\n \n- This standard defines **`five architectural design principles`** for secure systems:\n\n 1. Security Policy Enforcement\n\n 2. Security Function Isolation\n\n 3. Least Privilege\n\n 4. Secure Defaults\n\n 5. Open Design\n\n- **`Example`:**\n \n- A `banking app` following these principles:\n\n - Gives minimum access to each user role (e.g., teller vs manager)\n\n - Logs every transaction (Policy Enforcement)\n\n - Runs critical functions in isolated containers (Isolation)\n\n### **6. `Zero Trust vs Trust but Verify`**\n\n- **`Trust but Verify` (`Old Model`):**\n \n - Once you’re inside the network, you're `trusted`.\n\n- **`Example`:**\n\n - **`Employee connects to company Wi-Fi`** → **`Gets access to file servers without re-authentication`**.\n\n- **`Problem`:** If attacker gains internal access, they can move laterally without being stopped.\n\n- **`Zero Trust` (`Modern Model`):**\n\n- **`“Never trust, always verify.”`**\n \n- Even inside the network, you must authenticate and authorize every time.\n\n- **`Real-World Example`:**\n \n - **`Google`** uses **`BeyondCorp` (`Zero Trust model`)**.\n\n- If you access `Gmail` on your work laptop, it checks:\n\n - **`Device health`**\n\n - **`User identity`**\n\n - **`Geo-location`**\n\n - **`Then allows access`**\n\n- **`Zero Trust`** = **`Verification at every layer`**\n\n### **7. `Threat vs Risk`**\n\n### Threat vs Risk Table\n\n| **Term** | **Definition** | **Real-Life Example** |\n|--------------|----------------------------------------------------|--------------------------------------------------------------|\n| **`Threat`** | Potential danger (attacker or event) | Phishing email, malware, disgruntled employee |\n| **`Risk`** | The impact if a threat exploits a vulnerability | If phishing succeeds, attacker gets access to finance system |\n\n- **`Formula`:**\n \n- **`Risk`** = **`Threat`** × **`Vulnerability`** × **`Impact`**\n\n- **`So`:**\n\n - **`No vulnerability`** = **`No risk` (`even if threat exists`)**\n\n - **`No threat`** = **`No risk` (`even if you have a vulnerability`)**\n\n### Summary Notes (Quick Reference Table)\n\n| **Principle** | **Description** | **Example** |\n|-------------------------|------------------------------------------------------------------------|-----------------------------------------------|\n| **`CIA`** | **`Core principles` (`Confidentiality`, `Integrity`, `Availability`)** | **`Bank account info`** |\n| **`DAD`** | **`Attacker goals` (`Disclosure`, `Alteration`, `Denial`)** | **`Data leak`, `tampering`, `DDoS`** |\n| **`Defense-in-Depth`** | **`Layered security model`** | **`Physical` + `network` + `access control`** |\n| **`Security Models`** | **`Theoretical security designs`** | **`Bell-LaPadula`, `Biba`, `Clark-Wilson`** |\n| **`ISO/IEC 19249`** | **`Design principles for secure architecture`** | **`Least Privilege`, `Secure Defaults`** |\n| **`Zero Trust`** | **`Never trust`, `always verify`** | **`Google BeyondCorp`** |\n| **`Threat vs Risk`** | **`Threat = attacker/event`, `Risk` = `damage`** | **`Phishing email` vs `stolen credentials`** |\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsantosh-baliarsingh%2Fcybersecurity-notes","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsantosh-baliarsingh%2Fcybersecurity-notes","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsantosh-baliarsingh%2Fcybersecurity-notes/lists"}