SlideShare a Scribd company logo

Introduction to Cybersecurity | IIT(BHU)CyberSec

Y
YashSomalkar

This is going to be series of Events around Cybersecurity, If you are lucky enough try to witness it live on our GDSC chapter. Link of todays Event : https://gdsc.community.dev/events/details/developer-student-clubs-indian-institute-of-technology-varanasi-presents-introduction-to-cybersecurity-learn-to-hack-series/ Socials : Website: https://copsiitbhu.co.in LinkedIn : https://linkedin.com/company/cops-iitbhu Instagram : https://instagram/cops.iitbhu/ Facebook : https://facebook.com/cops.iitbhu/ GitHub : https://github.com/COPS-IITBHU

Technology
1 of 33
Download to read offline
Introduction to Security Learn to Hack - I Yuval Goyal (0xkn1gh7)
About the speakers Hello everyone! We are Yuval, Arnav and Abhinav from CSE second year and are core members of the IIT(BHU)Cybersec team. We regularly play CTFs (basically cybersecurity contests but we’ll talk about them in detail later in this session) and these are some of our performances this year: 1. PearlCTF - Globally 5th 2. BITSCTF - Globally 12th 3. VishwaCTF - Globally 14th 4. CodefestCTF - Nationally 2nd #
Before we begin Above all, this workshop series has been designed to get you interested and give you an overview of what an interesting world of security is! By the end of this series, you will have a good understanding of all basic concepts you need to know. The topics covered in this series are just the tip of iceberg, but it will give you a strong foundation for more advanced concepts. To make things more interesting, tasks will be given after every workshop and a leaderboard will be maintained. The workshop series will conclude with an exciting event, which will be launched on 4th of April as part of COPS Week. Concepts covered in the series with some creativity of yours will be enough to top the leaderboard. #
What is Security? Security (cybersecurity) refers to any technology, measure or practice for preventing cyber attacks or mitigating their impact. It aims to protect individuals’ and organizations’ systems, applications, computing devices, sensitive data and financial assets against computer viruses, sophisticated and costly ransomware attacks, and more. #
Why Security? Cyberattacks have the power to disrupt, damage or destroy businesses, and the cost to victims keeps rising. For example, according to IBM's Cost of a Data Breach 2023 report, ➔ The average cost of a data breach in 2023 was USD 4.45 million, up 15% over the last three years; ➔ The average cost of a ransomware-related data breach in 2023 was even higher, at USD 5.13 million. This number does not include the cost of the ransom payment, which averaged an extra USD 1,542,333, up 89% from the previous year. By one estimate, cybercrime might cost the world economy USD 10.5 trillion per year by 2025. #
Why should you care? According to a study by IBM, human error is the main cause of 95% of cyber security breaches. In other words, if human error was somehow eliminated entirely, 19 out of 20 cyber breaches may not have taken place at all! Moreover, cybercrime is not limited to organizations only. Phishing, identity theft, ransomware, malware, cyberstalking, social media stalking, web jacking and much more are increasing against individuals every day. Basically, being not aware of cybersecurity make YOU susceptible to cyberattacks, causing damage to your organization or even worse your personal life! #
Other Incentives? First of all, security gives you some exciting career paths to explore - Penetration Tester, Ethical Hacker, SOC analyst, Security Consultant, Security Auditor, Security Researcher, Security Engineer, IR analyst and so on. However, apart from this it also gives you an opportunity to be better at whatever role you want to pursue. Security is always required in every tech product, be it a web based, mobile based, LLM model, CV model or even a modern day car. More and more companies are trying to incorporate security in their products from the very beginning of the development phase (called the ‘left shift development’) - Extra edge for your internships and placement if you knowledge of security! #
More? With appropriate knowledge, you can start with your side income in college by Bug Bounty Programs (reward you $100-$10M based on the criticality of bug found). Can win cash rewards and other rewards by winning CTFs that keep on going literally every week! Be “cool” and show off in front of others :) #
Capture the Flags (CTFs) All hackers and security researchers need a place to practice their craft. However, attacking real targets is not always feasible and legal. So CTFs provide a platform for them to practice, learn and showcase their skills. CTFs consists of various challenges with points. Each challenge is uniquely designed for the participants to get creative and find the “flag” - a secret string by using their skills. Getting the correct flag gives you points, giving you a position on leaderboard. Top leaderboard scorers get exciting awards and sometimes even job offers! #
Categories CTFs comprise of various different domains to make you learn different aspects of a cyberattack. Broadly speaking, these are ➔ Web exploitation ➔ Open Source Intelligence (OSINT) ➔ Cryptography ➔ Forensics ➔ Mobile exploitation ➔ Reverse engineering ➔ Binary exploitation ➔ Web3 exploitation The topics marked in bold are ones you will see most often, and we will be covering in the series and the CTF #
Web Exploitation Websites all around the world are programmed using various programming languages. While there are specific vulnerabilities in each programming language that the developer should be aware of, there are issues fundamental to the internet that can show up regardless of the chosen language or framework. These vulnerabilities often show up in CTFs as web security challenges where the user needs to exploit a bug to gain some kind of higher level privilege or sometimes directly the flag. #
Open Source Intelligence (OSINT) OSINT is the collection and analysis of data gathered from open sources (covert sources and publicly available information) to produce actionable intelligence. Although this may seem as useless in practical life, it is in fact the most fundamental skill to get the information on the target, before an attack can be performed. This involves gathering information about previous data leaks, employee history, leaked emails/passwords, doxing individuals etc. #
Cryptography The word “cryptography” technically means the art of writing codes. Cryptography is the reason we can use banking apps, transmit sensitive information over the web, and in general protect our privacy. It is used everywhere and thus a flaw in its implementation can cause serious issues. A large part of CTFs is breaking such improper implementations of widely used encryption schemes. The math may seem daunting, but more often than not, a simple understanding of the underlying principles will allow you to find flaws and crack the code. #
Forensics Forensics is the art of recovering the digital trail left on a computer. There are plenty of methods to find data which is seemingly deleted, not stored, or worse, covertly recorded. Digital Forensics is usually connected with Incident Response and together called DFIR. This covers gathering information about a system that has been attacked by a malware, tracing the origin of the malware, dissecting the malware to understand how it works etc. These challenges usually contain real malware samples are its advised to use them carefully in an isolated environment. Another domain, “Steganography” is usually seen together with Forensics. Steganography is hiding and recovering hidden messages in plain sight (usually images/audio/text) #
Challenge 1.1 A message was hidden in plain sight in the poster for this workshop also. Did you see it? The answer to the challenge can be submitted at https://ctf.copsiitbhu.co.in/ after the workshop ends. Register with your institute email address, and an alias you would like. The scoreboard first sorts on the basis of score (highest first) and then same score users are sorted with time of last submission (lowest first). *Although this is not exactly steganography, but you can see how easy it is to miss things that are in front of you. This will happen a lot in CTFs and you would develop a lot of presence of mind while tackling challenges (another incentive xD) #
Reverse Engineering Reverse Engineering is typically the process of taking a compiled program and converting it back into a more human readable format. Very often the goal of Reverse Engineering is to understand the functionality of a given program and get desired functionality. Most related real world application of Reverse Engineering can be seen when using cracked software and games. The keygen programs are built by reverse engineering the authentication systems of these paid products. #
Binary Exploitation Binary Exploitation is the process of finding a vulnerability in the program and exploiting it to gain control of a shell or modifying the program's functions. These usually happens by passing inputs that the program cannot handle. This domain requires a good understanding of assembly language and the function stack. “Big words” hehe. Don’t worry, we’ll cover everything in detail :) #
Do I need programming? The answer to this question is debated in the security industry, even at professional level! The reason is you can do a lot of stuff by using appropriate tools, hit and trial and manual work. However, in our experience, having knowledge of basic programming will give you a much better experience of hacking. Being able to read and understand code is an essential skill required many times. You can also use LLMs like ChatGPT and Bard to assist you in this. If you have zero knowledge of coding, don’t worry as there are categories like OSINT and Forensics, that would need programming skills only at a much later stage. However, there are also other categories which do require programming. So, you can start from here: Python (MOOC, FreeCodeCamp) C(Jacob Sorber, Beej’s Guide) OR any other #
What do you need? Although, all you actually need is enthusiasm and interest, some things would make it much smoother to sail ahead. ➔ A Laptop ➔ Internet Connection ➔ Linux (in detail later) ◆ VM/Dual Boot/WSL/Docker container all suffice ➔ Hacker Mindset (more on this later) ➔ Loads of enthusiasm! #
Hacker Mindset Undoubtedly, the most demanded skill is that of having the right attitude and mindset while you learn and apply your skills. ➔ Be curious ◆ Always try to play with apps/devices you use in everyday life ➔ Be creative ◆ Think of different ways to solve the problem ➔ Don’t be too rigorous on your approach ◆ Always welcome new ideas ➔ Have Patience and don’t give up ◆ Good things take time :) #
Linux As a tech student, linux is something that you would use on a daily basis in your career. You don’t need to be a pro, but being comfortable with using a command line is very important (increases efficiency). First and foremost, linux is a kernel and not an operating system (you don’t need to understand this). There are many different distros available for linux. The choice of which distro to use depends entirely on you. The answer to which is best is different for everyone. You can try all and settle for the one that suits you best. #
Distros Ubuntu is one of the most used linux distro and has a large community support available on internet. Kali is another distro specially suited for hacking due to pre installed tools, although it doesn’t provide anything you can’t install on your own in other distros. Other options worth having a look at are Debian, Mint, Pop OS, Fedora, Arch. #
Why Linux? ➔ Lightweight and fast ➔ Privacy focused ➔ Less prone to malware ➔ Portable ➔ Compatible with a lot of tools # Linus Torvalds (creator of linux)
Trivia 1.1 Just a few days ago, a backdoor was discovered in one the core linux utils packaged with almost all major distributions. Created a havoc in the tech industry due to its large supply chain effect. Can you name the utils package? # xz utils v5.6.0-5.6.1 Many of you who have linux installed, may have got this backdoor in their system. It is advised to downgrade the package to v5.4.6. Anyways, an important thing to remember is that nothing is completely safe from malicious actors. One benefit of being aware of latest security news is that you remain safe, contrary to an average user who would get the news much later, probably after the damage is done. Constantly following security researchers on Twitter and reading blogs etc. will keep you in the loop.
How to install? You can install linux in anyway you like ➔ Virtual Machine (NetworkChuck, David Bombal) ◆ Runs on top of your existing OS. You can use both at the same time. Performance may slightly be reduced on a low spec machine. ➔ Dual Boot (DorianDotSlash, David Bombal) ◆ Runs one OS at a time. Best performance with graphical interface. ➔ WSL (Fireship, TechHut) ◆ Runs linux terminal on Windows. Very fast and good integration but no graphical interface by default. ➔ Docker (NetworkChuck) ◆ Runs a “container” on your host OS. Similar idea to WSL but for mac and linux also. #
Basic Commands ➔ pwd : Print current working directory (path) ➔ man <name> : Open man page for the command ➔ ls [-l] [-a] : List files ➔ cat <path> : Print the contents of a file ➔ cd <path> : Change current location to the path ➔ mkdir <path> : Make a new directory at the given path ➔ touch <path> : Make a new file at the given path ➔ rm [-r] <path> : Remove a file ➔ echo <text> : Print the text #
Other useful commands ➔ grep ◆ Grep is a useful command to search for matching patterns in a file ➔ find ◆ find a file using given parameter ➔ ln ◆ create symbolic link To learn and practice Linux commands - Linux Journey, Over The Wire Bandit The only way to get good at something is to do it! So start using linux from the command line and you will be comfortable within days. You can always take help from ChatGPT among other things as its good at stuff like helping with docs and standard commands. #
STDIN, STDOUT and Pipe By default all linux commands take in input from STDIN, which is your terminal screen and shows output on STDOUT, which is also your terminal screen (buffer to be exact). However, many times you would wish this to be a file. This is where file redirectors come into play. Output to a file: command > file Take input from a file: command < file Now what if you want the input of one command to be the output of another? This is where pipe comes into play. It makes the STDOUT of the first command as the STDIN of the second. Using this you can chain multiple commands. Chaining commands using pipe: command_1 | command_2 | command_3 #
Hands on Demos The website we’ll be using for today’s demos is picoCTF. This has a really good collection of beginner problems and is recommended to be solved in the community. If you don’t have an account, it is recommended that you make one right now, so you follow along as well. Problems we will solve: 1. Magikarp Ground Mission 2. First Grep #
#
Before we come to doubts 1. Are all years eligible to participate in COPS week? a. Yes 2. Will there be selections in the club based on this? a. Yes 3. Does attending sessions matter? a. Your presence in the sessions is only way for us to know how dedicated you are. So yes, we are recording attendance. 4. Is this going to be tough? a. We wouldn’t say that it will be smooth, but it is too interesting and exciting to be left due to some obstacles. Some things might seem more difficult than others but with time everything will become natural. Just don’t lose enthusiasm or patience, remember Rome wasn’t built in a day :) #
Questions?
That’s all for today! In the next session we will be starting with actual stuff and deep dive into the world of OSINT and Forensics. It will be good if you setup linux on your laptop before the next session. If you have zero programming experience, it is recommended you start learning today itself. One dedicated week is more than enough for learning things in depth! Hope to see you in next session! Bye :) #

Recommended

New text document
New text documentNew text document
New text documentsleucwnq
 
New text document
New text documentNew text document
New text documentsleucwnq
 
So... you want to be a security consultant
So... you want to be a security consultant So... you want to be a security consultant
So... you want to be a security consultant abnmi
 
Ethical Hacking, Its relevance and Its Prospects
Ethical Hacking, Its relevance and Its ProspectsEthical Hacking, Its relevance and Its Prospects
Ethical Hacking, Its relevance and Its ProspectsRwik Kumar Dutta
 
Cyber Security Workshop Presentation.pptx
Cyber Security Workshop Presentation.pptxCyber Security Workshop Presentation.pptx
Cyber Security Workshop Presentation.pptxYashSomalkar
 
How Cyber Security Courses Opens Up Amazing Career Opportunities?
How Cyber Security Courses Opens Up Amazing Career Opportunities?How Cyber Security Courses Opens Up Amazing Career Opportunities?
How Cyber Security Courses Opens Up Amazing Career Opportunities?Robert Smith
 
What Is Ethical Hacking and How Does It Work?
What Is Ethical Hacking and How Does It Work?What Is Ethical Hacking and How Does It Work?
What Is Ethical Hacking and How Does It Work?Careervira
 
Intro to INFOSEC
Intro to INFOSECIntro to INFOSEC
Intro to INFOSECSean Whalen
 

Recommended

New text document
New text documentNew text document
New text documentsleucwnq
 
New text document
New text documentNew text document
New text documentsleucwnq
 
So... you want to be a security consultant
So... you want to be a security consultant So... you want to be a security consultant
So... you want to be a security consultant abnmi
 
Ethical Hacking, Its relevance and Its Prospects
Ethical Hacking, Its relevance and Its ProspectsEthical Hacking, Its relevance and Its Prospects
Ethical Hacking, Its relevance and Its ProspectsRwik Kumar Dutta
 
Cyber Security Workshop Presentation.pptx
Cyber Security Workshop Presentation.pptxCyber Security Workshop Presentation.pptx
Cyber Security Workshop Presentation.pptxYashSomalkar
 
How Cyber Security Courses Opens Up Amazing Career Opportunities?
How Cyber Security Courses Opens Up Amazing Career Opportunities?How Cyber Security Courses Opens Up Amazing Career Opportunities?
How Cyber Security Courses Opens Up Amazing Career Opportunities?Robert Smith
 
What Is Ethical Hacking and How Does It Work?
What Is Ethical Hacking and How Does It Work?What Is Ethical Hacking and How Does It Work?
What Is Ethical Hacking and How Does It Work?Careervira
 
Intro to INFOSEC
Intro to INFOSECIntro to INFOSEC
Intro to INFOSECSean Whalen
 
Data Privacy for Activists
Data Privacy for ActivistsData Privacy for Activists
Data Privacy for ActivistsGreg Stromire
 
Caputre the flag
Caputre the flagCaputre the flag
Caputre the flagUIT
 
A Beginner’s Guide to Capture the flag (CTF) Hacking
A Beginner’s Guide to Capture the flag (CTF) HackingA Beginner’s Guide to Capture the flag (CTF) Hacking
A Beginner’s Guide to Capture the flag (CTF) Hackinginfosec train
 
How To Become an Ethical Hacker?
How To Become an Ethical Hacker?How To Become an Ethical Hacker?
How To Become an Ethical Hacker?Srashti Jain
 
Security in the enterprise - Why You Need It
Security in the enterprise - Why You Need ItSecurity in the enterprise - Why You Need It
Security in the enterprise - Why You Need ItSlick Cyber Systems
 
linkedin brainies
linkedin brainieslinkedin brainies
linkedin brainiesVincent lefebvre
 
Should i study cyber security
Should i study cyber securityShould i study cyber security
Should i study cyber securityVishal Singh
 
Cyber security with ai
Cyber security with aiCyber security with ai
Cyber security with aiBurhan Ahmed
 
Who's that knocking on my firewall door?
Who's that knocking on my firewall door?Who's that knocking on my firewall door?
Who's that knocking on my firewall door?Bruce Wolfe
 
AI and Machine Learning In Cybersecurity | A Saviour or Enemy?
AI and Machine Learning In Cybersecurity | A Saviour or Enemy?AI and Machine Learning In Cybersecurity | A Saviour or Enemy?
AI and Machine Learning In Cybersecurity | A Saviour or Enemy?SahilRao25
 
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)Avansa Mid- en Zuidwest
 
Capture the flag
Capture the flagCapture the flag
Capture the flagKachkad Narender
 
Five Reasons to Look Beyond Math-based Next-Gen Antivirus
Five Reasons to Look Beyond Math-based Next-Gen AntivirusFive Reasons to Look Beyond Math-based Next-Gen Antivirus
Five Reasons to Look Beyond Math-based Next-Gen AntivirusSarah Vanier
 
Webinar Security: Apps of Steel transcription
Webinar Security: Apps of Steel transcriptionWebinar Security: Apps of Steel transcription
Webinar Security: Apps of Steel transcriptionService2Media
 
Whitepaper Avira about Artificial Intelligence to cyber security
Whitepaper Avira about Artificial Intelligence to cyber securityWhitepaper Avira about Artificial Intelligence to cyber security
Whitepaper Avira about Artificial Intelligence to cyber securityGopiRajan4
 
CYBERSECURITY TRACK.pptx
CYBERSECURITY TRACK.pptxCYBERSECURITY TRACK.pptx
CYBERSECURITY TRACK.pptxlevimax2
 
Network Security and Spoofing Attacks
Network Security and Spoofing AttacksNetwork Security and Spoofing Attacks
Network Security and Spoofing AttacksPECB
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 

More Related Content

Similar to Introduction to Cybersecurity | IIT(BHU)CyberSec

Data Privacy for Activists
Data Privacy for ActivistsData Privacy for Activists
Data Privacy for ActivistsGreg Stromire
 
Caputre the flag
Caputre the flagCaputre the flag
Caputre the flagUIT
 
A Beginner’s Guide to Capture the flag (CTF) Hacking
A Beginner’s Guide to Capture the flag (CTF) HackingA Beginner’s Guide to Capture the flag (CTF) Hacking
A Beginner’s Guide to Capture the flag (CTF) Hackinginfosec train
 
How To Become an Ethical Hacker?
How To Become an Ethical Hacker?How To Become an Ethical Hacker?
How To Become an Ethical Hacker?Srashti Jain
 
Security in the enterprise - Why You Need It
Security in the enterprise - Why You Need ItSecurity in the enterprise - Why You Need It
Security in the enterprise - Why You Need ItSlick Cyber Systems
 
Should i study cyber security
Should i study cyber securityShould i study cyber security
Should i study cyber securityVishal Singh
 
Cyber security with ai
Cyber security with aiCyber security with ai
Cyber security with aiBurhan Ahmed
 
Who's that knocking on my firewall door?
Who's that knocking on my firewall door?Who's that knocking on my firewall door?
Who's that knocking on my firewall door?Bruce Wolfe
 
AI and Machine Learning In Cybersecurity | A Saviour or Enemy?
AI and Machine Learning In Cybersecurity | A Saviour or Enemy?AI and Machine Learning In Cybersecurity | A Saviour or Enemy?
AI and Machine Learning In Cybersecurity | A Saviour or Enemy?SahilRao25
 
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)Avansa Mid- en Zuidwest
 
Five Reasons to Look Beyond Math-based Next-Gen Antivirus
Five Reasons to Look Beyond Math-based Next-Gen AntivirusFive Reasons to Look Beyond Math-based Next-Gen Antivirus
Five Reasons to Look Beyond Math-based Next-Gen AntivirusSarah Vanier
 
Webinar Security: Apps of Steel transcription
Webinar Security: Apps of Steel transcriptionWebinar Security: Apps of Steel transcription
Webinar Security: Apps of Steel transcriptionService2Media
 
Whitepaper Avira about Artificial Intelligence to cyber security
Whitepaper Avira about Artificial Intelligence to cyber securityWhitepaper Avira about Artificial Intelligence to cyber security
Whitepaper Avira about Artificial Intelligence to cyber securityGopiRajan4
 
CYBERSECURITY TRACK.pptx
CYBERSECURITY TRACK.pptxCYBERSECURITY TRACK.pptx
CYBERSECURITY TRACK.pptxlevimax2
 
Network Security and Spoofing Attacks
Network Security and Spoofing AttacksNetwork Security and Spoofing Attacks
Network Security and Spoofing AttacksPECB
 

Similar to Introduction to Cybersecurity | IIT(BHU)CyberSec (17)

Data Privacy for Activists
Data Privacy for ActivistsData Privacy for Activists
Data Privacy for Activists
 
Caputre the flag
Caputre the flagCaputre the flag
Caputre the flag
 
A Beginner’s Guide to Capture the flag (CTF) Hacking
A Beginner’s Guide to Capture the flag (CTF) HackingA Beginner’s Guide to Capture the flag (CTF) Hacking
A Beginner’s Guide to Capture the flag (CTF) Hacking
 
How To Become an Ethical Hacker?
How To Become an Ethical Hacker?How To Become an Ethical Hacker?
How To Become an Ethical Hacker?
 
Security in the enterprise - Why You Need It
Security in the enterprise - Why You Need ItSecurity in the enterprise - Why You Need It
Security in the enterprise - Why You Need It
 
linkedin brainies
linkedin brainieslinkedin brainies
linkedin brainies
 
Should i study cyber security
Should i study cyber securityShould i study cyber security
Should i study cyber security
 
Cyber security with ai
Cyber security with aiCyber security with ai
Cyber security with ai
 
Who's that knocking on my firewall door?
Who's that knocking on my firewall door?Who's that knocking on my firewall door?
Who's that knocking on my firewall door?
 
AI and Machine Learning In Cybersecurity | A Saviour or Enemy?
AI and Machine Learning In Cybersecurity | A Saviour or Enemy?AI and Machine Learning In Cybersecurity | A Saviour or Enemy?
AI and Machine Learning In Cybersecurity | A Saviour or Enemy?
 
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
 
Capture the flag
Capture the flagCapture the flag
Capture the flag
 
Five Reasons to Look Beyond Math-based Next-Gen Antivirus
Five Reasons to Look Beyond Math-based Next-Gen AntivirusFive Reasons to Look Beyond Math-based Next-Gen Antivirus
Five Reasons to Look Beyond Math-based Next-Gen Antivirus
 
Webinar Security: Apps of Steel transcription
Webinar Security: Apps of Steel transcriptionWebinar Security: Apps of Steel transcription
Webinar Security: Apps of Steel transcription
 
Whitepaper Avira about Artificial Intelligence to cyber security
Whitepaper Avira about Artificial Intelligence to cyber securityWhitepaper Avira about Artificial Intelligence to cyber security
Whitepaper Avira about Artificial Intelligence to cyber security
 
CYBERSECURITY TRACK.pptx
CYBERSECURITY TRACK.pptxCYBERSECURITY TRACK.pptx
CYBERSECURITY TRACK.pptx
 
Network Security and Spoofing Attacks
Network Security and Spoofing AttacksNetwork Security and Spoofing Attacks
Network Security and Spoofing Attacks
 

Recently uploaded

SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 

Recently uploaded (20)

SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 

Introduction to Cybersecurity | IIT(BHU)CyberSec

  • 1. Introduction to Security Learn to Hack - I Yuval Goyal (0xkn1gh7)
  • 2. About the speakers Hello everyone! We are Yuval, Arnav and Abhinav from CSE second year and are core members of the IIT(BHU)Cybersec team. We regularly play CTFs (basically cybersecurity contests but we’ll talk about them in detail later in this session) and these are some of our performances this year: 1. PearlCTF - Globally 5th 2. BITSCTF - Globally 12th 3. VishwaCTF - Globally 14th 4. CodefestCTF - Nationally 2nd #
  • 3. Before we begin Above all, this workshop series has been designed to get you interested and give you an overview of what an interesting world of security is! By the end of this series, you will have a good understanding of all basic concepts you need to know. The topics covered in this series are just the tip of iceberg, but it will give you a strong foundation for more advanced concepts. To make things more interesting, tasks will be given after every workshop and a leaderboard will be maintained. The workshop series will conclude with an exciting event, which will be launched on 4th of April as part of COPS Week. Concepts covered in the series with some creativity of yours will be enough to top the leaderboard. #
  • 4. What is Security? Security (cybersecurity) refers to any technology, measure or practice for preventing cyber attacks or mitigating their impact. It aims to protect individuals’ and organizations’ systems, applications, computing devices, sensitive data and financial assets against computer viruses, sophisticated and costly ransomware attacks, and more. #
  • 5. Why Security? Cyberattacks have the power to disrupt, damage or destroy businesses, and the cost to victims keeps rising. For example, according to IBM's Cost of a Data Breach 2023 report, ➔ The average cost of a data breach in 2023 was USD 4.45 million, up 15% over the last three years; ➔ The average cost of a ransomware-related data breach in 2023 was even higher, at USD 5.13 million. This number does not include the cost of the ransom payment, which averaged an extra USD 1,542,333, up 89% from the previous year. By one estimate, cybercrime might cost the world economy USD 10.5 trillion per year by 2025. #
  • 6. Why should you care? According to a study by IBM, human error is the main cause of 95% of cyber security breaches. In other words, if human error was somehow eliminated entirely, 19 out of 20 cyber breaches may not have taken place at all! Moreover, cybercrime is not limited to organizations only. Phishing, identity theft, ransomware, malware, cyberstalking, social media stalking, web jacking and much more are increasing against individuals every day. Basically, being not aware of cybersecurity make YOU susceptible to cyberattacks, causing damage to your organization or even worse your personal life! #
  • 7. Other Incentives? First of all, security gives you some exciting career paths to explore - Penetration Tester, Ethical Hacker, SOC analyst, Security Consultant, Security Auditor, Security Researcher, Security Engineer, IR analyst and so on. However, apart from this it also gives you an opportunity to be better at whatever role you want to pursue. Security is always required in every tech product, be it a web based, mobile based, LLM model, CV model or even a modern day car. More and more companies are trying to incorporate security in their products from the very beginning of the development phase (called the ‘left shift development’) - Extra edge for your internships and placement if you knowledge of security! #
  • 8. More? With appropriate knowledge, you can start with your side income in college by Bug Bounty Programs (reward you $100-$10M based on the criticality of bug found). Can win cash rewards and other rewards by winning CTFs that keep on going literally every week! Be “cool” and show off in front of others :) #
  • 9. Capture the Flags (CTFs) All hackers and security researchers need a place to practice their craft. However, attacking real targets is not always feasible and legal. So CTFs provide a platform for them to practice, learn and showcase their skills. CTFs consists of various challenges with points. Each challenge is uniquely designed for the participants to get creative and find the “flag” - a secret string by using their skills. Getting the correct flag gives you points, giving you a position on leaderboard. Top leaderboard scorers get exciting awards and sometimes even job offers! #
  • 10. Categories CTFs comprise of various different domains to make you learn different aspects of a cyberattack. Broadly speaking, these are ➔ Web exploitation ➔ Open Source Intelligence (OSINT) ➔ Cryptography ➔ Forensics ➔ Mobile exploitation ➔ Reverse engineering ➔ Binary exploitation ➔ Web3 exploitation The topics marked in bold are ones you will see most often, and we will be covering in the series and the CTF #
  • 11. Web Exploitation Websites all around the world are programmed using various programming languages. While there are specific vulnerabilities in each programming language that the developer should be aware of, there are issues fundamental to the internet that can show up regardless of the chosen language or framework. These vulnerabilities often show up in CTFs as web security challenges where the user needs to exploit a bug to gain some kind of higher level privilege or sometimes directly the flag. #
  • 12. Open Source Intelligence (OSINT) OSINT is the collection and analysis of data gathered from open sources (covert sources and publicly available information) to produce actionable intelligence. Although this may seem as useless in practical life, it is in fact the most fundamental skill to get the information on the target, before an attack can be performed. This involves gathering information about previous data leaks, employee history, leaked emails/passwords, doxing individuals etc. #
  • 13. Cryptography The word “cryptography” technically means the art of writing codes. Cryptography is the reason we can use banking apps, transmit sensitive information over the web, and in general protect our privacy. It is used everywhere and thus a flaw in its implementation can cause serious issues. A large part of CTFs is breaking such improper implementations of widely used encryption schemes. The math may seem daunting, but more often than not, a simple understanding of the underlying principles will allow you to find flaws and crack the code. #
  • 14. Forensics Forensics is the art of recovering the digital trail left on a computer. There are plenty of methods to find data which is seemingly deleted, not stored, or worse, covertly recorded. Digital Forensics is usually connected with Incident Response and together called DFIR. This covers gathering information about a system that has been attacked by a malware, tracing the origin of the malware, dissecting the malware to understand how it works etc. These challenges usually contain real malware samples are its advised to use them carefully in an isolated environment. Another domain, “Steganography” is usually seen together with Forensics. Steganography is hiding and recovering hidden messages in plain sight (usually images/audio/text) #
  • 15. Challenge 1.1 A message was hidden in plain sight in the poster for this workshop also. Did you see it? The answer to the challenge can be submitted at https://ctf.copsiitbhu.co.in/ after the workshop ends. Register with your institute email address, and an alias you would like. The scoreboard first sorts on the basis of score (highest first) and then same score users are sorted with time of last submission (lowest first). *Although this is not exactly steganography, but you can see how easy it is to miss things that are in front of you. This will happen a lot in CTFs and you would develop a lot of presence of mind while tackling challenges (another incentive xD) #
  • 16. Reverse Engineering Reverse Engineering is typically the process of taking a compiled program and converting it back into a more human readable format. Very often the goal of Reverse Engineering is to understand the functionality of a given program and get desired functionality. Most related real world application of Reverse Engineering can be seen when using cracked software and games. The keygen programs are built by reverse engineering the authentication systems of these paid products. #
  • 17. Binary Exploitation Binary Exploitation is the process of finding a vulnerability in the program and exploiting it to gain control of a shell or modifying the program's functions. These usually happens by passing inputs that the program cannot handle. This domain requires a good understanding of assembly language and the function stack. “Big words” hehe. Don’t worry, we’ll cover everything in detail :) #
  • 18. Do I need programming? The answer to this question is debated in the security industry, even at professional level! The reason is you can do a lot of stuff by using appropriate tools, hit and trial and manual work. However, in our experience, having knowledge of basic programming will give you a much better experience of hacking. Being able to read and understand code is an essential skill required many times. You can also use LLMs like ChatGPT and Bard to assist you in this. If you have zero knowledge of coding, don’t worry as there are categories like OSINT and Forensics, that would need programming skills only at a much later stage. However, there are also other categories which do require programming. So, you can start from here: Python (MOOC, FreeCodeCamp) C(Jacob Sorber, Beej’s Guide) OR any other #
  • 19. What do you need? Although, all you actually need is enthusiasm and interest, some things would make it much smoother to sail ahead. ➔ A Laptop ➔ Internet Connection ➔ Linux (in detail later) ◆ VM/Dual Boot/WSL/Docker container all suffice ➔ Hacker Mindset (more on this later) ➔ Loads of enthusiasm! #
  • 20. Hacker Mindset Undoubtedly, the most demanded skill is that of having the right attitude and mindset while you learn and apply your skills. ➔ Be curious ◆ Always try to play with apps/devices you use in everyday life ➔ Be creative ◆ Think of different ways to solve the problem ➔ Don’t be too rigorous on your approach ◆ Always welcome new ideas ➔ Have Patience and don’t give up ◆ Good things take time :) #
  • 21. Linux As a tech student, linux is something that you would use on a daily basis in your career. You don’t need to be a pro, but being comfortable with using a command line is very important (increases efficiency). First and foremost, linux is a kernel and not an operating system (you don’t need to understand this). There are many different distros available for linux. The choice of which distro to use depends entirely on you. The answer to which is best is different for everyone. You can try all and settle for the one that suits you best. #
  • 22. Distros Ubuntu is one of the most used linux distro and has a large community support available on internet. Kali is another distro specially suited for hacking due to pre installed tools, although it doesn’t provide anything you can’t install on your own in other distros. Other options worth having a look at are Debian, Mint, Pop OS, Fedora, Arch. #
  • 23. Why Linux? ➔ Lightweight and fast ➔ Privacy focused ➔ Less prone to malware ➔ Portable ➔ Compatible with a lot of tools # Linus Torvalds (creator of linux)
  • 24. Trivia 1.1 Just a few days ago, a backdoor was discovered in one the core linux utils packaged with almost all major distributions. Created a havoc in the tech industry due to its large supply chain effect. Can you name the utils package? # xz utils v5.6.0-5.6.1 Many of you who have linux installed, may have got this backdoor in their system. It is advised to downgrade the package to v5.4.6. Anyways, an important thing to remember is that nothing is completely safe from malicious actors. One benefit of being aware of latest security news is that you remain safe, contrary to an average user who would get the news much later, probably after the damage is done. Constantly following security researchers on Twitter and reading blogs etc. will keep you in the loop.
  • 25. How to install? You can install linux in anyway you like ➔ Virtual Machine (NetworkChuck, David Bombal) ◆ Runs on top of your existing OS. You can use both at the same time. Performance may slightly be reduced on a low spec machine. ➔ Dual Boot (DorianDotSlash, David Bombal) ◆ Runs one OS at a time. Best performance with graphical interface. ➔ WSL (Fireship, TechHut) ◆ Runs linux terminal on Windows. Very fast and good integration but no graphical interface by default. ➔ Docker (NetworkChuck) ◆ Runs a “container” on your host OS. Similar idea to WSL but for mac and linux also. #
  • 26. Basic Commands ➔ pwd : Print current working directory (path) ➔ man <name> : Open man page for the command ➔ ls [-l] [-a] : List files ➔ cat <path> : Print the contents of a file ➔ cd <path> : Change current location to the path ➔ mkdir <path> : Make a new directory at the given path ➔ touch <path> : Make a new file at the given path ➔ rm [-r] <path> : Remove a file ➔ echo <text> : Print the text #
  • 27. Other useful commands ➔ grep ◆ Grep is a useful command to search for matching patterns in a file ➔ find ◆ find a file using given parameter ➔ ln ◆ create symbolic link To learn and practice Linux commands - Linux Journey, Over The Wire Bandit The only way to get good at something is to do it! So start using linux from the command line and you will be comfortable within days. You can always take help from ChatGPT among other things as its good at stuff like helping with docs and standard commands. #
  • 28. STDIN, STDOUT and Pipe By default all linux commands take in input from STDIN, which is your terminal screen and shows output on STDOUT, which is also your terminal screen (buffer to be exact). However, many times you would wish this to be a file. This is where file redirectors come into play. Output to a file: command > file Take input from a file: command < file Now what if you want the input of one command to be the output of another? This is where pipe comes into play. It makes the STDOUT of the first command as the STDIN of the second. Using this you can chain multiple commands. Chaining commands using pipe: command_1 | command_2 | command_3 #
  • 29. Hands on Demos The website we’ll be using for today’s demos is picoCTF. This has a really good collection of beginner problems and is recommended to be solved in the community. If you don’t have an account, it is recommended that you make one right now, so you follow along as well. Problems we will solve: 1. Magikarp Ground Mission 2. First Grep #
  • 30. #
  • 31. Before we come to doubts 1. Are all years eligible to participate in COPS week? a. Yes 2. Will there be selections in the club based on this? a. Yes 3. Does attending sessions matter? a. Your presence in the sessions is only way for us to know how dedicated you are. So yes, we are recording attendance. 4. Is this going to be tough? a. We wouldn’t say that it will be smooth, but it is too interesting and exciting to be left due to some obstacles. Some things might seem more difficult than others but with time everything will become natural. Just don’t lose enthusiasm or patience, remember Rome wasn’t built in a day :) #
  • 33. That’s all for today! In the next session we will be starting with actual stuff and deep dive into the world of OSINT and Forensics. It will be good if you setup linux on your laptop before the next session. If you have zero programming experience, it is recommended you start learning today itself. One dedicated week is more than enough for learning things in depth! Hope to see you in next session! Bye :) #