How to learn
You should google every term/topic by yourself and check multiple different sources. It is not needed to go super deep but fundamental understanding is necessary. Youtube is your best friend, you can find most of the things there and visuals are easier to remember. If you are bored or exhausted from all the theory, give yourself a break and check the talks/documentaries linked at the end of the Security section.
Security
Get familiar with different types of malware/viruses/attacks - Worm, DDOS, Brute Force, Man in the Middle, Adware, Browser Hijacker, Phishing, Spearphishing, Spyware, Polymorphic virus, Trojan, Backdoor, Rootkit, Ransomware, SQL injection, Cross Site Scripting…
Read on some most known stuff - WannaCry, Stuxnet, Petya
You have to know what these are:
CIA Triad
Confidentiality - Keeping the information secret
Integrity - Keeping the information unaltered
Availability - Information is available to the authorised parties at all times
Vulnerability and Exploit - https://www.upguard.com/blog/vulnerability
Zeroday - https://en.wikipedia.org/wiki/Zero-day_(computing)
False Positive - When the device generated an alert for an intrusion which has actually not happened
False Negative - if the device has not generated any alert and the intrusion has actually happened
SIEM - https://www.logsign.com/blog/what-does-a-siem-solution-do/
OWASP - https://owasp.org/www-project-top-ten/
MITRE ATT&CK Framework - https://attack.mitre.org/
EDR - monitoring agent (similar to AV) with enhanced capabilities like process monitoring and response functions (remote qurantine/deleting files and processes)
CC/C2/Command&Control - centralized server or computer that online criminals use to issue commands to control malware and bots as well as to receive reports from them.
Tools to check
virustotal.com - https://www.youtube.com/watch?v=MZQFtW6stUE
NMAP - https://www.youtube.com/watch?v=5MTZdN9TEO4
Wireshark - https://www.youtube.com/watch?v=M8yoYmiL7rA
tcpdump - https://www.youtube.com/watch?v=1lDfCRM6dWk
Phishing and Ransomware questions are very common:
How to verify if email is phishing?
Check for urgency words (help, payments, invoice, expiration etc), hover over sender and links to verify they are legitimate and not spoofed. You can check email header for real sender. Analyse links and attachements in virustotal or sandbox(virtual machine).
How to respond to phishing incident?
Email team can delete the emails from user mailboxes. Network team can block the malicious URLs. You can check Firewall/Proxy logs to see who accessed malicious links - we need to force password reset for these users and recommend awareness training.
How to protect against ransomware?
Network segmentation, regular backups, regular updates for systems and applications, network and endpoint protection - nextgen firewalls, AV, EDR.
Disconnect devices infected by ransoware from the network to avoid spreading of the malware to other hosts.
Cryptography
File hash - unique digital fingerprint of the file generated by math algorithm (md5/sha1/sha256)
Salted hash - https://en.wikipedia.org/wiki/Salt_(cryptography)
Symetric / Asymetric encryption
Documentaries and Talks
Stuxnet documentary
WannaCry documentary
Myspace hack
Social engineering
Physical Pentesting
