Understanding Ethical Hacking

Quick Summary

Ethical hacking involves using the same techniques as malicious hackers, but with the intent of identifying and addressing security vulnerabilities to improve an organization’s overall security posture.

Who

  • Ethical hacking is relevant for cybersecurity professionals, penetration testers, and IT security teams.
  • Key stakeholders include CISOs, IT managers, and developers responsible for securing systems and applications.
  • Organizations of all sizes and industries can benefit from ethical hacking to proactively identify and fix security weaknesses.

What

  • Ethical hacking involves legally and consensually exploiting systems and networks to uncover vulnerabilities.
  • Common ethical hacking techniques include network scanning, vulnerability assessment, social engineering, and exploitation.
  • Ethical hackers use a variety of specialized tools and frameworks like Kali Linux, Metasploit, and OWASP ZAP.
  • The goal is to provide detailed reports with actionable recommendations to improve an organization’s security posture.

When

  • Ethical hacking should be performed regularly as part of an organization’s security testing and compliance efforts.
  • It is typically conducted before major system changes, software releases, or after a security breach.
  • Ethical hacking has been used since the 1970s, but has become increasingly important as cyber threats have evolved.
  • Ongoing monitoring and periodic re-assessments are required to keep up with new vulnerabilities and attack vectors.

Where

  • Ethical hacking is typically performed within an organization’s internal network and systems, with the full knowledge and consent of the owners.
  • Resources and training for ethical hacking can be found online, through certification programs, and at security conferences.
  • Ethical hacking skills are in high demand and the practice is widely adopted across industries.

Why

  • Ethical hacking helps organizations proactively identify and address security vulnerabilities before they can be exploited.
  • It provides valuable insights that inform an organization’s security strategy and investments.
  • Ethical hacking supports compliance with industry standards and regulations like PCI-DSS, HIPAA, and GDPR.
  • Addressing vulnerabilities found through ethical hacking can significantly reduce the risk of data breaches and cyber attacks.

How

  • Ethical hacking typically follows a structured methodology: reconnaissance, scanning, gaining access, maintaining access, and covering tracks.
  • Penetration testers use a variety of tools and techniques to ethically exploit systems and uncover vulnerabilities.
  • Findings are carefully documented, and remediation steps are provided to the organization.
  • Ethical hackers collaborate closely with security teams to ensure vulnerabilities are patched effectively.

Best Practices

  • Obtain written authorization and scope agreement before conducting ethical hacking activities.
  • Ensure ethical hacking efforts comply with all relevant laws and regulations.
  • Establish clear rules of engagement and communication protocols with the organization.
  • Maintain detailed documentation of the process and findings.
  • Provide comprehensive reports with prioritized remediation recommendations.

Examples

  • Uncovering SQL injection vulnerabilities in a web application.
  • Exploiting misconfigured firewall rules to gain unauthorized access to internal servers.
  • Tricking employees into revealing login credentials through a phishing campaign.

References

Updates and Revisions

  • Last updated: November 8, 2024
  • No major changes yet

SpL 2

Is a search language that supports both spl + sql

Powerful language to dev and script

This is used by

Dev – script and develop

Admin – data prepare

End user – search

Internships

Anyone looking for the internships please share 👍

  1. Apple internships & graduates roles: https://lnkd.in/gNVdicpN
  2. Google Associate Product Manager (APM) program: https://lnkd.in/gqF_QEqA
  3. PayPal internships and university hiring: https://lnkd.in/gkwqH-2W
  4. Lyft internships and early talent: https://lnkd.in/gBHDuhCM
  5. Google internships: https://lnkd.in/gNuQzbY3
  6. Tesla internships: https://lnkd.in/gaHx8_kE
  7. Juniper Networks university hiring: https://lnkd.in/gRhXh9Pw
  8. Coinbase APM program: https://lnkd.in/gbPPBrtc
  9. Meta internships and graduate roles: https://lnkd.in/gCp4i79b
  10. LinkedIn internships & early talent roles: https://lnkd.in/gGgZ6PfZ
  11. Amazon internships: https://lnkd.in/gyEtYUum
  12. IBM internships: https://lnkd.in/g2-gc-iP
  13. United Airlines student & early career roles: https://lnkd.in/gZFxt-Pd
  14. Hilton Hotels & Resorts internships & graduates: https://lnkd.in/gpmkbaMn
  15. Federal Reserve Board internships: https://lnkd.in/ga89V8TK
  16. Federal Reserve Bank of San Francisco: https://lnkd.in/gCkUH3tu
  17. Microsoft students & graduates: https://lnkd.in/gD43H2Ee
  18. Goldman Sachs interns & graduates: https://lnkd.in/g9nBaaWv
  19. NASA Jet Propulsion Laboratory https://lnkd.in/gj6rbReT
  20. NASA’s internship programs: https://intern.nasa.gov/
  21. Kaiser Permanente interns & new graduates: https://lnkd.in/gNBHcsFg
  22. Lawrence Livermore National Laboratory (LLNL): https://lnkd.in/g586h-UP
  23. Stripe internships & early career roles: https://lnkd.in/gxCZ7ZDM
  24. NVIDIA internships & early grads: https://lnkd.in/gbwvVhaW

How to verify a website is new or old or scam or safe?

The websites provided are excellent resources for checking the safety of a link before clicking it. Here’s a breakdown of what each one offers:

1. Online Tech Tips: This website provides a user-friendly guide on identifying suspicious links. They recommend using Norton Safe Web, a free tool that scans URLs for malware, phishing attempts, and other security risks.

2. BacklinkManager.io: This website goes beyond simply checking a link. It allows you to analyze an entire website’s spam score. This can be helpful for identifying low-quality websites that might engage in spammy practices.

3. Scamvoid.net: This website offers a WHOIS lookup tool. WHOIS is a database that stores information about a domain name’s registration, including the owner’s contact details and the creation date. While not a definitive indicator of safety, a suspicious WHOIS record with hidden ownership details can raise red flags.

4. Norton Blog:  Norton, a well-known security software company, offers a comprehensive blog post on website safety. This resource provides general guidelines to remember when evaluating a website’s legitimacy. These might include checking for typos in the URL, unrealistic promises, and pressure tactics.

By combining the insights from these resources, you can develop a strong strategy for checking link safety:

  1. Suspicious Link? – If a link looks suspicious, don’t click it straight away.
  2. Scan the URL: – Use a tool like Norton Safe Web to scan the URL for potential threats.
  3. Analyze the Website: – If you must visit the website, consider using BacklinkManager to check its spam score.
  4. Check WHOIS: – Use Scamvoid’s WHOIS lookup to see if the website’s registration details raise any concerns.
  5. General Guidelines: – Refer to Norton’s blog post for additional tips like checking for typos in the URL and avoiding websites with unrealistic promises.

Remember, exercising caution when clicking on links is essential for protecting yourself from online threats. These resources can empower you to make informed decisions about your web browsing safety.

 

AI Websites to check on for

https://youtube.com/shorts/rjVTe_5HXow?si=Pkc7Z5QidlaUmS2Q

https://dev.to/m4rri4nne/automating-your-api-tests-using-python-and-pytest-23cc

Lexica.art – images to a animated

https://www.marktechpost.com/2024/03/31/top-data-science-books-to-read-in-2024/

https://247wallst.com/technology-3/2024/03/31/nvidia-vs-broadcom-stock-split-rivals-battling-for-the-future-of-ai/

https://www.psypost.org/kids-outsmart-leading-artificial-intelligence-models-in-a-simple-creativity-test/

https://www.thestreet.com/investing/stocks/1-billion-fund-manager-favors-several-big-tech-stocks

https://www.firstpost.com/tech/megalomaniac-difficult-to-work-with-why-silicon-valley-vcs-are-now-avoiding-sam-altman-13753301.html

https://techcrunch.com/2024/03/26/ai-and-data-infrastructure-drives-demand-for-open-source-startups/

https://www.marktechpost.com/2024/03/26/meet-quivr-an-open-source-rag-framework-with-38k-github-stars/

https://www.theguardian.com/technology/2024/mar/27/anthropic-amazon-ai-startup

https://www.forbes.com/sites/jodiecook/2024/03/27/5-chatgpt-prompts-to-build-your-personal-brand-from-zero-start-today/

https://www.theregister.com/2024/03/27/nvidia_blackwell_efficiency/

https://techcrunch.com/2024/03/26/fireworks-ai-open-source-api-puts-generative-ai-in-reach-of-any-developer/

https://www.tomsguide.com/ai/google-gemini/7-google-gemini-prompts-to-try-this-weekend

https://www.youtube.com/watch?v=-dJPoLm_gtE MLOps Course – Build Machine Learning Production Grade Projects – YouTube

https://www.businesstoday.in/technology/news/story/project-gr00t-nvidia-ceo-jensen-huang-announces-new-project-to-help-build-human-like-robots-422506-2024-03-22

https://www.techlearning.com/how-to/8-ways-to-create-ai-proof-writing-prompts

https://www.youtube.com/watch?v=4fdZwKg9IbU Run ANY Open-Source LLM Locally (No-Code LMStudio Tutorial)

https://hackaday.com/2024/03/22/generative-ai-now-encroaching-on-music/

Ai powered e-bikes https://insideevs.com/news/698006/eclair-ai-powered-ebike/

Amazon Reinvent- code whisperer

Q chathttps://www.pymnts.com/news/artificial-intelligence/2024/this-week-in-ai-human-like-reasoning-robots-and-open-source/

https://m.economictimes.com/industry/healthcare/biotech/healthcare/genai-has-potential-to-completely-transform-indias-healthcare-system-pwc-india/articleshow/108706508.cms

https://youtube.com/shorts/XgfHQBfRB5o?si=DsM5Ow9yghYoQkpR co rover

Claude

Moon valley https://youtube.com/shorts/NupAwJqra58?si=KIICbtvOtIlQ1tP4

Bing chat / copilot vs chat gpt

Chat gpt 3.5, j4 and 5

https://www.openculture.com/2023/11/generative-ai-for-everyone-a-free-course-from-ai-pioneer-andrew-ng.html

Einstein ai https://www.youtube.com/watch?v=ug_fkLFPhMw Our data cloud is an ‘incredible new product’, says Salesforce CEO Marc Benioff – YouTube

https://www.kdnuggets.com/5-free-courses-to-master-data-science

https://www.entrepreneur.com/starting-a-business/20-ways-to-master-your-brand-on-linkedin-in-2024/464619

https://cloud.google.com/blog/topics/training-certifications/new-skills-badges-help-train-cloud-skilled-professionals

https://hackaday.com/2023/11/12/data-science-the-stanford-way/

https://www.marktechpost.com/2023/11/12/google-deepmind-researchers-propose-a-framework-for-classifying-the-capabilities-and-behavior-of-artificial-general-intelligence-agi-models-and-their-precursors/

https://www.youtube.com/watch?v=1wPbZaQtSkA NEW ChatGPT Update: Create Your Own GPT’s! (Full Guide) – YouTube

https://thenewstack.io/new-ai-dev-platform-allows-you-to-customize-open-source-llms/

https://hbr.org/2023/11/the-skills-your-employees-need-to-work-effectively-with-ai

https://venturebeat.com/ai/forget-chatgpt-why-llama-and-open-source-ai-win-2023/

humata AI –  upload school or any any syllabus and ask questions- helps for studying

kaiber.ai – converts video to animation from young to old

https://venturebeat.com/ai/microsoft-unveils-lema-a-revolutionary-ai-learning-method-mirroring-human-problem-solving/

https://analyticsindiamag.com/5-new-ai-courses-launched-by-andrew-ng/

https://www.moneycontrol.com/news/technology-startup/newsletters/MCTech3/tech3-10-trouble-for-founders-accenture-s-guidance-hits-indian-it-stocks-and-more/

https://www.youtube.com/watch?v=DtpA7hgy6_w Microsoft AI Copilot Now Included in Windows 11’s Major Update + More AI Features – YouTube

https://www.cnbc.com/2023/11/02/the-most-in-demand-ai-job-of-2023-can-pay-over-200000-and-offers-remote-opportunities.html

https://inc42.com/startups/how-portkey-ai-is-steering-indian-enterprises-through-the-genai-maze/

https://neurosciencenews.com/machine-learning-peace-language-25137/

https://the-decoder.com/anthropics-prompt-optimizer-turns-short-prompts-into-detailed-templates/

https://interestingengineering.com/innovation/neural-network-ai-outperforms-chatgpt

 

ISTQB – FAQ

  1. ISTQB foundation level exam –Certified Tester Foundation Level (CTFL) v4.0 [NEW!] (istqb.org)
  2. Cost of the exam: around 5000INR (ISTQB.in), In Canada the cost is around 300$ (CSTB.ca)
  3. Total chapters of ISTQB foundations exam; six
  4. Latest version of the exam update: June 5, 2018
  5. Does the certificate expire on a specific date: no, its lifetime
  6. Various levels of certifications – Managing the Test Team (istqb.org)
  7. ISTQB foundations syllabus –ISTQB Certified Tester – Foundation Level Syllabus v4.0 (istqb-main-web-prod.s3.amazonaws.com)
  8. Are there any AI ISTQB certifications –AI Testing (istqb.org)

Splunk Overview on User roles

Splunk user roles decide what the user can see, do, interact with Splunk with the access. Three General roles are mentioned below:

    1. Administrator: role is the powerful role in the list of roles; – install app- ingest data- create knowledge objects for all users
    2. Power User: create and share knowledge objects for users of an app and do real time searches. – this is in general people get to create alert and dashboards.
    3. User role – can see only their own knowledge objects and those shared with them.

Each Organization has a config on having the types of user roles based on the hierarchy, billing, usage and may not be same across!