🔒 Cybersecurity Cheat Sheet
Complete guide to cybersecurity fundamentals, tools, threats, and best practices
CIA Triad
Integrity: Data remains accurate and unaltered
Availability: Systems and data are accessible when needed
Defense in Depth
• Perimeter Security – Firewalls, IDS/IPS
• Network Security – Segmentation, VPNs
• Endpoint Security – Antivirus, EDR
• Application Security – WAF, code review
• Data Security – Encryption, DLP
Zero Trust Model
• Verify every user and device
• Minimize access privileges
• Assume breach mentality
• Continuous monitoring
• Micro-segmentation
Phishing Attacks
• Email phishing – Fake emails
• Spear phishing – Targeted attacks
• Whaling – Executive targeting
• Vishing – Voice phishing
• Smishing – SMS phishing
Malware
• Viruses – Self-replicating code
• Trojans – Disguised malicious software
• Ransomware – Data encryption attacks
• Spyware – Information stealing
• Rootkits – Deep system access
DDoS Attacks
• Volumetric – Bandwidth exhaustion
• Protocol – TCP/UDP layer attacks
• Application – Layer 7 attacks
• Botnet-based – Distributed sources
• Amplification – DNS/NTP reflection
Network Scanning
- Nmap: Network discovery and port scanning
- Masscan: High-speed port scanner
- Nessus: Vulnerability scanner
- OpenVAS: Open-source vulnerability scanner
- Angry IP Scanner: Network IP scanner
Web Security Testing
- Burp Suite: Web application security testing
- OWASP ZAP: Web application scanner
- Nikto: Web server scanner
- SQLmap: SQL injection testing
- Gobuster: Directory/file brute-forcer
Forensics & Analysis
- Wireshark: Network protocol analyzer
- Volatility: Memory forensics framework
- Autopsy: Digital forensics platform
- YARA: Malware identification rules
- Sleuth Kit: File system analysis
nmap -sS -O target_ip # SYN scan with OS detection
nmap -sV -p- target_ip # Version scan all ports
nmap –script vuln target_ip # Vulnerability scripts
# Network discovery
nmap -sn 192.168.1.0/24 # Ping sweep
netdiscover -r 192.168.1.0/24 # ARP discovery
gobuster dir -u http://target -w wordlist.txt
dirb http://target /usr/share/wordlists/dirb/common.txt
# Subdomain enumeration
sublist3r -d target.com
amass enum -d target.com
hydra -l admin -P passwords.txt ssh://target
hydra -L users.txt -P pass.txt http-post-form
# John the Ripper
john –wordlist=rockyou.txt hashes.txt
john –show hashes.txt
ps aux | grep suspicious
netstat -tulpn | grep LISTEN
lsof -i :port_number
# Log analysis
grep “Failed password” /var/log/auth.log
tail -f /var/log/syslog
A01: Injection
Prevention: Use parameterized queries, input validation, least privilege principle
cursor.execute(“SELECT * FROM users WHERE id = %s”, (user_id,))
# Unsafe – DO NOT USE
query = f”SELECT * FROM users WHERE id = {user_id}”
A02: Broken Authentication
Prevention: MFA, secure session management, strong password policies, account lockout
A03: Sensitive Data Exposure
Prevention: Encrypt data at rest and in transit, use HTTPS, proper key management
Identify, Protect, Detect, Respond, Recover – Comprehensive cybersecurity framework
International standard for information security management systems (ISMS)
Payment Card Industry Data Security Standard for handling cardholder data
Health Insurance Portability and Accountability Act for healthcare data protection
General Data Protection Regulation for EU data privacy and protection
Sarbanes-Oxley Act for corporate financial reporting and internal controls
1. Preparation
• Create response procedures
• Implement monitoring tools
• Conduct training and simulations
• Prepare communication templates
2. Detection & Analysis
• Analyze suspicious activities
• Determine incident scope
• Collect initial evidence
• Document findings
3. Containment & Recovery
• Implement containment strategy
• Eradicate threats
• Restore systems and data
• Validate system integrity
User Security
• Enable multi-factor authentication
• Keep software updated
• Be cautious with email attachments
• Use reputable antivirus software
• Regular security awareness training
Organization Security
• Regular vulnerability assessments
• Network segmentation
• Backup and recovery procedures
• Access control and monitoring
• Vendor security assessments
Technical Security
• Use firewalls and IDS/IPS
• Implement secure coding practices
• Regular security testing
• Patch management program
• Log monitoring and analysis
Security Checklist
□ Monitor security alerts and logs
□ Review failed login attempts
□ Check system resource usage
□ Verify backup completion
✅ WEEKLY TASKS:
□ Update security tools and signatures
□ Review user access permissions
□ Analyze security metrics
□ Test incident response procedures
✅ MONTHLY TASKS:
□ Conduct vulnerability scans
□ Review and update security policies
□ Security awareness training
□ Vendor security assessments
✅ QUARTERLY TASKS:
□ Penetration testing
□ Disaster recovery testing
□ Security control assessments
□ Update incident response plan
Critical Incident
• IT Management: [Your Number]
• Legal Department: [Your Number]
• External Security Firm: [Your Number]
Government Resources
• FBI IC3: ic3.gov
• Local Law Enforcement: [Your Area]
• Industry CERT: [Your Industry]
Threat Intelligence
• CVE Database: cve.mitre.org
• NIST NVD: nvd.nist.gov
• OWASP: owasp.org