📖 Introduction to Ethical Hacking – Study Guide
🔍
⚠️ تمت ترجمة هذه الصفحة باستخدام الذكاء الاصطناعي وقد توجد بعض الأخطاء البسيطة في الترجمة.

Introduction to Ethical Hacking

A clear, memorable study guide covering everything you need to know — with mnemonics, real-life examples, and exam tips.

What is information security?

Information security means protecting data and systems from unauthorized access, disclosure, use, or modification. Think of it as a digital lock on everything valuable you own online.

🧠 Big Picture Mnemonic
S.F.U. — "Security For Users"

Every security decision balances Security, Functionality, and Usability. You'll see this as the Security Triangle later — memorize these three words first.

🌍 Real-life example
Your phone's lock screen is a security control. A 20-digit random PIN is super secure (S) but almost impossible to use quickly (F, U). Face ID tries to balance all three.

Key Terminology

These terms appear on exams constantly. Learn the definition AND a mental image for each.

  • Hack Value How attractive a target is to a hacker. High-value targets = banks, government servers. Low-value = an empty blog. Think of it as a "prize score."
  • Zero-Day Attack Exploiting a vulnerability before the developer even knows it exists — so there's zero days of warning. Like finding a hole in a fence before the owner does.
  • Vulnerability A weakness or flaw that can be exploited. Imagine a cracked window in a house — it's not broken in yet, but it's a risk.
  • Exploit The actual act of taking advantage of a vulnerability. The crack becomes a break-in.
  • Daisy Chaining A sequence of attacks where info from one hack is used to get into the next system — like using a stolen key to unlock a cabinet to find another key.
  • Doxing Publishing someone's personal information collected from public sources (social media, databases). It's legal data made harmful by combining it.
  • Payload The "damage-doing" part of malicious code. Like a package — the packaging is the delivery method, but the payload is what's inside.
  • Bot / Botnet A bot is automated malware controlling your device. A botnet is an army of bots. Imagine zombie computers doing a hacker's bidding without their owners knowing.
  • Non-repudiation Proof that a message was sent and received — neither party can deny it. Like a signed receipt. Used via digital signatures.
🧠 Terminology Mnemonic
"Happy Zebras Venture Extremely Deep, Doing Perfectly Beautiful Naps"

Hack Value · Zero-Day · Vulnerability · Exploit · Daisy Chaining · Doxing · Payload · Bot · Non-repudiation

The CIA Triad

The foundation of all information security. Every control, policy, and attack relates back to one of these three pillars.

🧠 Core Mnemonic
C · I · A — "Can I Access?"

Ask yourself: Can I keep it secret? Is it accurate? Are people able to reach it when needed?

Confidentiality
Only authorized people see the data
Integrity
Data is accurate & unmodified
Availability
Systems work when you need them
Pillar If it fails… How to protect it Real-life analogy
Confidentiality Privacy breach, identity theft Encryption, access control, authentication Bank vault — only authorized staff can enter
Integrity Data unreliable, fraud Audit logs, checksums, maker/checker controls Tamper-proof seal on medicine bottles
Availability Business disruption, lost revenue Backups, redundancy, disaster recovery plans Hospital generator — power must never go out

Non-repudiation — the 4th pillar

Non-repudiation ensures neither the sender nor receiver can deny a transaction occurred. It uses digital signatures and encryption. Think of it as a digital notary. It's sometimes called the 4th element of the CIA triad in exams — don't forget it!

🌍 Real-life examples
Confidentiality: Your WhatsApp messages are encrypted — only you and the recipient can read them.
Integrity: When you download software, a hash checksum confirms the file wasn't tampered with.
Availability: Netflix uses multiple servers so one failure doesn't take the whole service down.
Non-repudiation: An email with a digital signature proves you sent it — you can't later claim you didn't.
⚠️ Common student mistake
Confusing Confidentiality with Privacy — they're related but not identical. Confidentiality is a security property (technical control). Privacy is a legal/ethical right. Also, students often forget Non-repudiation exists — always mention it when listing CIA elements in exams.

The Security, Functionality & Usability Triangle

Security is never absolute — it's a trade-off between three competing forces.

🔒 Security
Strength of protection. More security = harder to use.
⚙️ Functionality
What the system can do. More features = more attack surface.
🧑‍💻 Usability
How easy it is to use. Too hard = users work around it.
Key insight: If you move the "ball" toward Security, Functionality and Usability suffer — and vice versa. The goal is to keep the ball in the center. A bank ATM is a good example — it's secure (PIN + card), functional (withdrawals, transfers), and usable (big buttons, screen).
🌍 Real-life example
Over-secured: A government system that requires 5 passwords, a USB key, and a face scan — so difficult that employees write passwords on sticky notes (breaking security!).
Over-functional: A smart TV with a camera, microphone, and internet — many features, many vulnerabilities.
Balanced: Google's 2-step verification — adds security without destroying usability.

Cyber Attack Components

Every attack has three building blocks. Remember: M.M.V.

🧠 Mnemonic
M · M · V — "Motivated Men Vulnerabilize"

Motive (why?) · Method (how?) · Vulnerability (where?)

Motive (Objective)
WHY does the attacker target the system? Financial gain, espionage, revenge, political disruption.
Method
HOW does the attack happen? Phishing, malware, SQL injection, social engineering.
Vulnerability
WHERE is the weak spot? Unpatched software, weak passwords, misconfigured settings.
🌍 Real-life scenario
A hacker wants money (Motive = financial gain). They send a fake bank email (Method = phishing). The victim uses an outdated browser with a known flaw (Vulnerability = unpatched software). All three conditions are met → attack succeeds.
⚠️ Common student mistake
Students often think "vulnerability = attack." Wrong! A vulnerability is just the potential weak spot. An exploit is what turns it into an actual attack. You need all 3 elements — no motive, no attack. No vulnerability, no entry point.

Modern Cyber Threats

Know each type, its defining feature, and a real-world example.

☁️ Cloud Computing Threats

As organizations move to the cloud (AWS, Azure, Google Cloud), attackers follow. Key risks: data breaches, misconfigured cloud settings, insecure APIs, unauthorized access.

Real-life example
A company leaves an AWS S3 storage bucket set to "public" by accident. Millions of customer records are exposed. This is a misconfigured cloud setting — not a hack in the traditional sense.
Unique risk
Cloud uses a shared responsibility model — the provider secures the infrastructure; YOU secure your data and configurations.
🎯 Advanced Persistent Threats (APT)

A long-term, stealthy attack by a highly skilled attacker who stays hidden for months or years, silently monitoring and stealing data.

Memory trick
APT = "A Patient Thief"

Unlike a smash-and-grab robbery, an APT is like a spy who moves in quietly, watches everything, and leaves only when they have everything they need.

Real-life example
A nation-state hacker infiltrates a defense contractor's network and quietly copies blueprints over 18 months — nobody notices until a routine audit.
🦠 Viruses and Worms

Virus: Malicious code that attaches to a file and spreads when that file is shared. Needs human action to spread.
Worm: Self-replicating malware that spreads automatically across networks — no human needed.

Memory trick: A virus needs a host (like a biological virus needs a body). A worm is independent and wiggles through networks on its own.
Real-life example
You download a cracked video game. It contains a virus. When you share the game with a friend — you spread the virus. Later, WannaCry worm spread on its own across hospitals worldwide with no user interaction.
📱 Mobile Threats

Smartphones are mini-computers in our pockets — they're prime targets. The 6 main mobile threats:

Phishing attacks Spyware Broken cryptography Data leakage Unsecured Wi-Fi Network spoofing
🧠 Mnemonic
"Please Stop Being Dangerous, Unsafe Networks"

Phishing · Spyware · Broken Cryptography · Data Leakage · Unsecured Wi-Fi · Network Spoofing

Real-life example
You connect to "Free Airport WiFi" at the airport. An attacker set up that hotspot — now they can intercept all your unencrypted traffic (unsecured Wi-Fi + data leakage).
🕵️ Insider Threats

An attack from within the organization — employees, contractors, or partners who misuse their legitimate access. Can be intentional (malicious) or unintentional (negligent).

Insider threats are the hardest to detect because the attacker already has authorized access — no need to "break in." Normal security tools don't flag them.
Real-life examples
Intentional: A fired employee deletes the customer database before leaving.
Unintentional: An HR manager accidentally emails payroll data to the wrong address.
🤖 Botnets

A botnet is a network of infected devices (called bots or zombies) controlled remotely by an attacker (the botmaster). Used for DDoS attacks, spam, cryptomining, and data theft.

Real-life example
Your home computer is infected by malware. Without knowing it, your PC is now part of a botnet with 500,000 other computers. At 3 AM, they all simultaneously flood a bank's servers — causing a DDoS attack.
Tip: Signs your device might be in a botnet: unusually slow performance, high internet usage when idle, fans running for no reason.

Threat Categories

Threats are organized by where they attack: Network → Host → Application. Think of it as layers of a building.

🧠 Layer Mnemonic
"Neat Houses Are layered" (Network → Host → Application)

Just like a building has perimeter security (walls/guards), room-level security (locks), and item-level security (safes), systems have three layers of threat.

Network Level Threats

Attacks targeting routers, switches, and firewalls — the building's perimeter.

Scanning Sniffing & Eavesdropping Spoofing Session Hijacking Man-in-the-Middle DNS & ARP Poisoning
🌍 Real-life example
Man-in-the-Middle: You're at a café. A hacker intercepts your connection and sits "in the middle" between you and your bank — reading everything you type. Like a spy who intercepts letters between two people.

Host Level Threats (Operating System)

Attacks on the operating system or local machine — breaking into a specific room.

Malware Password Attacks Arbitrary Code Execution Login Bypass Privilege Escalation Backdoors
🌍 Real-life example
Privilege Escalation: You log into a school computer as a student. You find a bug that lets you switch to an admin account — now you can change grades. That's privilege escalation (going from low-privilege to high-privilege access).

Application Level Threats

Attacks on the apps running on a system — breaking into the safe inside the room.

SQL Injection Broken Authentication Security Misconfiguration Buffer Overflow Cryptography Failures Broken Session Mgmt Improper Input Validation Improper Error Handling
🌍 Real-life example
SQL Injection: A login form that asks for username/password. You type admin' OR '1'='1 as the username. The database sees this as "always true" and logs you in without a password.
⚠️ Common student mistake
Mixing up threat levels. Sniffing = network level (capturing traffic). Malware = host level (infecting the OS). SQL injection = application level (attacking the app's database). They're related but distinct layers.

Software Exploitation Techniques

Shrink-Wrap Code Exploits

Off-the-shelf software (Windows, Adobe, Office) often has known vulnerabilities that are publicly documented. Attackers target systems that haven't been patched.

Targets: Unpatched operating systems · COTS (commercial off-the-shelf) software · Poorly designed or outdated apps

Why "shrink-wrap"? It refers to the plastic wrap on boxed software sold in stores — generic, mass-produced, widely known. Because millions use the same software, one discovered flaw affects millions.
🌍 Real-life example
Microsoft releases a security patch for Windows. A company delays installing it for 3 months because "it takes time to test." In those 3 months, attackers exploit that exact vulnerability to breach the company. This is a shrink-wrap exploit.
Lesson: Always update your software. "I'll do it later" is how most real breaches happen.

Information Warfare

Using information and information systems as weapons to gain strategic advantage over an opponent.

🛡️ Defensive
Protecting your own systems from attack. Includes security controls, monitoring, and incident response.
Example
A government monitors its critical infrastructure 24/7 and has a CERT (Computer Emergency Response Team) ready to respond.
⚔️ Offensive
Proactively attacking adversaries' systems to disrupt, manipulate, or destroy their operations.
Example
The Stuxnet worm reportedly destroyed Iranian nuclear centrifuges — classic offensive information warfare.
🧠 Memory shortcut
D.O. — "Defend Or Offend"

Information warfare is binary: you're either Defending your own systems or Offensively attacking the enemy's. Ethical hacking is usually on the defensive side (authorized testing to find weaknesses before attackers do).

Common Student Mistakes — Exam Alert!

❌ Mistake 1
Saying CIA stands for just 3 things. Exams often include Non-repudiation as the 4th element — don't leave it out when listing elements of information security.
❌ Mistake 2
Confusing Virus (needs a host file, spreads via human action) and Worm (self-replicating, spreads automatically). These are often confused in MCQs.
❌ Mistake 3
Thinking insider threats are always malicious. They can be unintentional (negligent) — an employee who clicks a phishing link by accident is still an insider threat.
❌ Mistake 4
Mixing up Vulnerability and Exploit. Vulnerability = the weakness. Exploit = the act of using it. One is passive, one is active.
❌ Mistake 5
Forgetting the Security Triangle trade-off. More security always means less usability/functionality. If an exam question sounds like "why don't we just maximize security?" — the answer is: because it would cripple functionality and usability.
❌ Mistake 6
APT = "Advanced Permanent Threat." Wrong! It stands for Advanced Persistent Threat. The word "persistent" is key — it's a long-term stealthy campaign, not a one-time attack.

Quick Review — All Mnemonics at a Glance

Topic Mnemonic
CIA Triad "Can I Access?" — Confidentiality · Integrity · Availability
Security Triangle S.F.U. — "Security For Users"
Attack Components M.M.V. — "Motivated Men Vulnerabilize"
Mobile Threats "Please Stop Being Dangerous, Unsafe Networks"
Threat Layers "Neat Houses Are layered" (Network → Host → Application)
Info Warfare D.O. — "Defend Or Offend"
Key Terminology "Happy Zebras Venture Extremely Deep, Doing Perfectly Beautiful Naps"
Exam strategy: For any scenario question, first identify: (1) which CIA pillar is threatened, (2) which threat layer (network/host/app), and (3) the M.M.V. of the attack. This framework answers 90% of scenario questions.