Null Mentoring

Briefing

The syllabus for Part I of the Null Consolidated Mentoring Program provides a comprehensive foundation in cybersecurity, covering essential topics from hardware security to web forensics, information security, and anti-phishing practices. Participants will gain practical skills and knowledge to protect themselves and their organizations from cyber threats. Chapter V will delve deeper into these scopes, detailing the point system for graduation, success stories, and a preview of Part II.

CHAPTER I: INTRODUCTION & BEGINNERS GUIDE

Objective
To introduce participants to the basics of cybersecurity, emphasizing foundational practices and secure setup of hardware and software.

Topics Covered
1. Hardware Guide
> Selecting secure phones and laptops.
> Ensuring anonymous purchases and usage.

2. Setup Guide
> Deactivating BIOS features for security.
> Digital shredding of storage devices.
> Installing and configuring Windows 10 Pro N.
> Installing and using Veracrypt for disk encryption.
> Hardening Windows with ReviOS.
> Installing and configuring Keyscrambler for keystroke protection.
> Using Mullvad VPN for secure internet access.
> Managing passwords securely with KeePassXC.
> Configuring Firefox for privacy and security.
> Setting up virtual machines for isolated and secure operations.
> Using TailsOS for high-security tasks.

Purpose
To ensure participants are equipped with secure hardware and software setups, enhancing their privacy and protecting against common threats.

Format
This chapter is theoretical and self-paced, with no scheduled mentoring session. Participants are expected to study the materials independently.

CHAPTER II: WEB FORENSICS

Objective
To introduce participants to web forensics, focusing on the collection, analysis, and preservation of digital evidence found on the internet.

Topics Covered
1. Overview of Web Forensics
> The role and importance of web forensics in cybersecurity.

2. Key Topics in Web Forensics
> Open-Source Intelligence (OSINT): Techniques for gathering data from publicly available sources.
> Web Intelligence (WEBHINT): Advanced methods for analyzing web data.
> Linguistic Forensics: Identifying digital identities through language analysis.

Purpose
To provide participants with the skills to support investigations into cybercrimes data breaches, and other digital threats through effective web forensic practices.

CHAPTER III: INFORMATION SECURITY FOR COMPANIES & GOVERNMENTS

Objective
To educate participants on the essential components of operational and information security within companies and government entities.

Topics Covered
1. Overview of Operational Security (Opsec) and Information Security (Infosec)
> Differences and importance of Opsec and Infosec.

2. Common Opsec and Infosec Failures in Companies
> Weak or reused passwords.
> Lack of two-factor authentication.
> Insufficient employee training.
> Inadequate access controls.
> Outdated software.

3. Importance of Secure Information and Communication Practices
> Protecting sensitive data and intellectual property.

4. Service Offerings to Improve Security Practices
> Security assessments.
> Employee training programs.
> Policy development and implementation.
> Incident response planning.
> Managed security services.

5. Case Study
> A critical email communication vulnerability that allowed the takeover of existing email addresses from more than 100 governments worldwide.

Purpose
To help participants understand and implement robust security measures to protect company and government data from cyber threats.

CHAPTER IV: ANTI-PHISHING DOMAIN BEST PRACTICES

Objective
To educate participants on best practices for preventing phishing attacks and protecting intellectual property from exploitation.

Topics Covered
1. Phishing Tactics
> Typosquatting Exploitation: Registering deceptive domains with typographical errors.
> Punycode (IDN) Exploitation: Creating visually similar but deceptive domain names.
> Homograph Exploitation: Using characters visually similar to standard ASCII characters to create fraudulent URLs.

2. Launching an Anti-Phishing Service
> Steps to deploy an anti-phishing service from scratch.

3. Real-Time Case Studies
> Exploring cases where malicious actors exploit a company’s domain to drive traffic or distribute malware.
> Dissecting their methods and profit mechanisms using a “red-team approach”.
> Learning how to counter these tactics using a “blue-team approach.

Purpose
To equip participants with the knowledge to identify, prevent, and combat phishing attacks, thereby enhancing the cybersecurity posture of organizations.

Additional Insights
> Understanding how malicious entities exploit intellectual property for phishing campaigns.
> Equipping participants to offer valuable cybersecurity solutions immediately.