The CIA Triad represents Confidentiality, Integrity, and Availability—the core principles of cyber security. It ensures that data remains protected, accurate, and available to authorized users.

• Confidentiality → Prevent unauthorized access
• Integrity → Ensure data is not altered
• Availability → Ensure systems remain accessible

This model helps ethical hackers understand what must be protected during security assessments.

Cyber Security focuses on protecting systems, while Ethical Hacking focuses on finding weaknesses before attackers do.

This table clearly shows why both fields are essential and connected.

Malware refers to malicious software designed to damage, steal, or misuse data.
Common types include:

• Virus – attaches to files and spreads
• Worm – spreads automatically through networks
• Trojan – looks legitimate but contains malicious code
• Ransomware – locks files until ransom is paid
• Spyware – collects hidden information

Understanding malware types helps beginners identify real attack patterns.

An IP address uniquely identifies a device on a network. Ethical hackers use IP addresses to:

• Identify the target machine
• Perform scanning and enumeration
• Detect open ports and services
• Understand the network structure

Without IP addresses, no network-based attack or test can begin.

Port scanning is the process of checking which network ports are open and what services run on them. Open ports can reveal vulnerabilities like:

• Outdated services
• Weak configurations
• Unauthorized applications

Tools like Nmap help hackers identify potential attack vectors.

The OSI Model is a 7-layer framework that describes how data moves across a network. It helps ethical hackers pinpoint vulnerabilities at each layer—such as ARP attacks at Layer 2 or TCP hijacking at Layer 4.

Layers include Physical, Data Link, Network, Transport, Session, Presentation, and Application.

Subnetting divides a larger network into smaller, efficient sub-networks.
It helps ethical hackers:

• Understand scanning ranges
• Analyze network architecture
• Identify reachable hosts
• Reduce unnecessary noise during recon

Subnetting is essential for accurate penetration testing.

Reconnaissance involves gathering information about the target passively and actively.
Ethical hackers use:

• Google Dorks
• WHOIS
• Shodan
• DNS lookup tools
• Port scanners

Good recon reduces mistakes and improves attack accuracy.

WHOIS is a query tool that reveals domain ownership details, registrar information, DNS records, email contacts, and hosting details.
Ethical hackers use it during passive reconnaissance to identify the structure and ownership of a website without interacting with the system.

This comparison helps beginners quickly understand malware behavior differences.

A firewall is a security device/software that filters incoming and outgoing traffic based on predefined rules.
It prevents:

• Unauthorized access
• Malware communication
• DDoS at basic levels
• Packet spoofing

Firewalls are the first line of defense in networks.

ARP (Address Resolution Protocol) maps IP addresses to MAC addresses.
ARP Spoofing is when attackers send fake ARP messages to redirect traffic through their machine.

It allows:

• Man-in-the-middle attacks
• Packet sniffing
• Data manipulation

Tools used: Ettercap, Arpspoof

Password cracking is attempting to recover passwords using:

• Brute Force – tries every combination
• Dictionary Attacks – uses a wordlist
• Hybrid Attacks – mix of both
• Rainbow Tables – precomputed hash lookup

Ethical hackers perform cracking to test password strength.

SQL Injection is a web attack where attackers insert malicious SQL code into input fields to access or modify database data.

It can:

• Reveal usernames/passwords
• Delete or modify data
• Bypass login systems
• Control the database server

SQL Injection is one of the most critical OWASP vulnerabilities.

A honeypot is a decoy system designed to attract attackers and study their tactics.
Organizations use honeypots to:

• Identify attack origins
• Capture malware
• Study new hacking methods
• Distract attackers from real systems

It acts like a trap to mislead and monitor intruders.

Encryption converts readable data into unreadable ciphertext.
It helps protect:

• Passwords
• Payment data
• Personal information
• Business secrets

Even if hackers intercept encrypted data, they cannot read it without the decryption key.

Social Engineering manipulates people into revealing confidential information.
Examples include:

• Phishing emails
• Fake login pages
• Impersonation
• Pretexting

Human weaknesses are often easier to exploit than technical vulnerabilities.

A Distributed Denial of Service attack floods a server with massive traffic from multiple compromised devices (botnets), making it unavailable for legitimate users.

Attackers aim to:

• Crash services
• Cause downtime
• Damage reputation
• Interrupt business operations

Ethical hackers simulate DDoS tests under strict authorization.

Sniffing is capturing network traffic to analyze data packets.
Hackers use sniffing to read:

• Username/passwords
• Session cookies
• Network protocols
• API calls

Tools: Wireshark, Tcpdump

Sniffing helps identify insecure communication channels in a network.