Cybersecurity Analyst x Pentester

Cybersecurity Analyst x Pentester

November 4, 2022 Off By Evelyn

Security professionals are responsible for protecting information assets within an organization. They typically view their responsibilities in three areas: confidentiality, integrity, availability (CIA). The adversaries/attackers, seeking to disrupt an organization’s security, have three corresponding goals in mind: disclosure, alteration, and denial (DAD). These models are also known as the DAD Figure-1 triads or the CIA. They are used by many security professionals all over the world.

The DAD triads and the CIA are two classic examples of information security principles.
To describe the goals of information security, cybersecurity professionals use a well-known model. Figure-1 shows the CIA triad. These are the three main characteristics of information that cybersecurity programs aim to protect.
Confidentiality measures are designed to prevent unauthorized access or modification to information or systems.
Integrity measures are designed to prevent the unauthorised modification of information or systems.
Availability measures are designed to ensure that legal use of information systems and systems is possible.
Attackers, Pentester and penetration testers seek to undermine these goals and attain three corresponding goals. Figure-1 shows the DAD Trilogy, which is the attacker’s goal.
It is important to remember that Cybersecurity professionals must have knowledge of security concepts, technicals, tools, and techniques that are used every day for attack and defense. This professional must have the mindset of an attacker or pentester. They should also be able to comprehend many types of attacks such as SQL Injection, Cross-Site Scripting, Cross-Site Scripting, Stored, Man-In-The-Middle, Brute-Force and Remote Code Execution. The role each actor plays in an environment is what makes them different.
Below are infographics that show the roles of each team.

Here are some tools that can be used by both professionals and students:
Scanners
Nikto
OpenVAS
SQLmap
Nessus
Nmap
OSINT
WHOIS
Nslookup
FOCA
theHarvester
Shodan
Maltego
Recon-ng
Censys
Remote Access Tools
Secure Shell (SSH).
Ncat
Netcat
Proxychains
Credential Testing Tools
Hashcat
Medusa
Hydra
CeWL
John the Ripper
Cain and Abel
Mimikatz
Patator
DirBuster
W3AF
Wireless
Aircrack-ng
Kismet
WiFite
Networking Tools
Wireshark
Hping
Debuggers
OllyDbg
Immunity Debugger
GDB
WinDbg
IDA
Web Proxies
OWASP ZAP
Burp Suite
Mobile Tools
Drozer
APKX
APK Studio
Software Assurance
FindBugs/find-sec-bugs
Peach
AFL
SonarQube
YASCA
Social Engineering Tools
SET
BeEF
Miscellaneous Tools
SearchSploit
PowerSploit
Responder
Impacket
Empire
Metasploit framework
Script Language
Bash
Powershell
Python
Ruby

CategoryUncategorized