<style>
.slides img{background-color:grey!important}
.slides img[title^='"']{filter:invert(100%)}
hr, .slides [title^='*']{display:none}
summary h1{display:inline;border-bottom:0!important}
</style>
###### [Introductory Cybersecurity Course Tutorial/](/@NCHUIT/infosec)
# Introduction to Cybersecurity
###### @muyue
###### 10/2 1900-2100 online ~~@Library B1 Butterfly Classroom~~
----
## Preface
- [Republic of China Penal Code Chapter 36 Computer Offenses §358-§363](https://law.moj.gov.tw/LawClass/LawParaDeatil.aspx?pcode=C0000001&bp=54)
- The objective of this course series is to enhance students' awareness and skills in cybersecurity, fostering their interest in the field, without promoting or inciting illegal activities.
- Ahh, I use chatgpt to translate this. If somewhere u don't understand plz let me know
----
## Overview of This Course
Basically, we'll introduce everyone to the field of cybersecurity.
And next time, we hope everyone will have their environments prepared.
And **maybe** we'll end early.
----
### Before We Start Class
If I speak too fast, please let me know directly.
~~Because the previous environment requires a faster pace.~~
----
## What Is Information Security
----
![](https://hackmd.io/_uploads/HkhSY-4eT.png)
----
### Types of Hackers
- Black Hat: Essentially illegal activities
- White Hat: Legal and beneficial for companies or individuals
- Grey Hat: Individuals who act based on their interests
----
### Why Do Hacking
- Research or Testing: [2019 NTU CEIBA 87-point Incident](https://news.ltn.com.tw/news/life/breakingnews/2971370)
- Political Relations: [Ukraine-Russia War](https://www.taiwannews.com.tw/en/news/4860493)
- Just for fun
----
### Attack Methods
- People
- Computers / Systems / Servers
----
### Attacks on People?
![](https://hackmd.io/_uploads/SJgZa0UeT.png)
----
#### Phishing Websites
```mermaid
graph LR;
A[Hacker creates a malicious website] --> B[Victim visits the website] --> C[Victim enters information on the fake website] --> D[Background executes code] --> E[Password is stolen]
```
----
#### How to Avoid Phishing
- Enable two-factor authentication: [FB Two-Factor Authentication](https://www.facebook.com/help/148233965247823)
- Check if the URL looks suspicious: [dQw4w9WgXcQ](https://www.youtube.com/watch?v=dQw4w9WgXcQ)
- Confirm message accuracy: Bus vs. Coach / Activate vs. Enable
----
### Viruses
Often disguised as regular websites and commonly named zip files
(Because they are not easily detected by antivirus software)
![](https://hackmd.io/_uploads/ByhTtCLl6.png)
----
#### [VIRUSTOTAL](https://www.virustotal.com/gui/home/upload)
Check files or URLs for issues
*Rickroll is safe (quietly)
----
### Attacks on Computers
![](https://hackmd.io/_uploads/SyZ4a0LlT.png)
----
### CIA Triad (Confidentiality, Integrity, Availability)
- Confidentiality: Unauthorized access is not allowed
- Integrity: Data will not be tampered with
- Availability: Authorized users can use it
----
### The Story of Alice and Bob
Today, Alice wants to confess her love to Bob, so she sends "I love U" to Bob
----
#### Normal Situation
```mermaid
graph LR;
Alice --I love U--> Bob
```
----
#### Confidentiality
```mermaid
graph LR;
Alice --I love U by Alice--> Bob
Charlie
```
Charlie sees it all, which lacks confidentiality
----
#### Integrity
```mermaid
graph LR;
Alice --I love U by Alice--> Charlie
Charlie --I hate U by Alice--> Bob
```
Nasty Charlie intercepts the message and alters it before sending it to Bob, which lacks integrity
----
#### Availability
Alice finds out that Charlie can see the message
So, she decides to encrypt the message, but forgets to tell Bob
```mermaid
graph LR;
Alice --V ybir H by Alice--> Bob
Charlie
```
Now even Bob doesn't know what the content is, which lacks availability
----
### Google Hacking
- Retrieving unauthorized data or websites through advanced Google searches
----
### So, What Is Cybersecurity?
> Cybersecurity is the practice and principles of protecting data, systems, and information from unauthorized access, damage, and alteration.
> - ChatGPT GPT3.5
----
### How to Practice Cybersecurity Skills
- Practical Experience
- Attending Classes (Join our society class)
- Reading Materials
----
### Practical Experience? Does That Mean Breaking the Law OAO
Apart from actually attacking others (please don't do this, thank you), you can also play CTF.
Our course will revolve around the various skills required for CTF, oh~uo
----
### CTF?
> Cybersecurity CTF (Capture the Flag) competitions are contests that test participants' information security skills, with the primary goal of finding and capturing specific flags.
> - ChatGPT GPT3.5
----
### CTF Skill Categories Look Something Like This
Bold items are what you'll encounter this semester
- **Web Exploitation**
- **Cryptography**
- Reverse Engineering
- **Forensics**
- Binary Exploitation
- Pwnable
- Mobile Security
----
### To Play CTF, Besides a Computer, You Need...
- Linux system
- Some programming skills
----
### How to Set Up a Linux System
1. Reinstalling your computer (X)
2. Using a virtual machine (O)
Virtual Machine Tutorial: [YouTube Link](https://www.youtube.com/watch?v=YBn7FCTM6lE)
Tool Bundle: [GitHub Link](https://github.com/fdff87554/Security-Resources/blob/main/install-tools.sh)
----
### Before the Next Class, You Need
- A [PicoCTF](https://play.picoctf.org/practice) account
- A Linux VM on your computer
----
![](https://hackmd.io/_uploads/B17SMmPea.jpg)
Please join our LINE group (Yes, the community is gradually phasing out)
----
{"title":"Introduction to Cybersecurity","description":"tags: Introductory Cybersecurity Coursedescription: Introductory Cybersecurity Course - Theme 112-1 - National Chung Hsing University Information Science Study Society","contributors":"[{\"id\":\"96036b7f-aff1-4d9d-8e70-d6b1bec1655c\",\"add\":5824,\"del\":117}]"}