HxD is a fast hex editor with a simple interface that allows you to edit raw disks and modify RAM for files of any size. Features include search/replace, export, checksums/digests, insertion of byte patterns, file shredding, concatenate/split files, statistics and more.
Katacoda is a training platform that offers a large library of free, interactive training courses using real environments in your browser. You’ll also find “playgrounds” for VS Code, Kubernetes, Docker Swarm and Ubuntu.
Redmine is a web-based, open-source project management application that can be excellent for tracking issues and bugs. It is customizable, cross-platform, and cross-database, but it does require someone who can work with an application based on Ruby on Rails to do the somewhat-complex configuration and maintenance.
Microsoft-365 Scripts is a collection of scripts and resources to help with the configuration of Microsoft 365, “Hit github repo also has a handful of scripts to do what is outlined in the checklists.”
Folder2Iso is a tiny, portable app that allows you to create an ISO from any folder, with no software to install. The root folder can contain sub-folders. For Windows XP, Vista, 7, 8, 10, and Linux.
Knowledge of terms to know
What is Normalization?
Normalization is the process of reorganizing data in a database so that it meets two basic requirements:
- There is no redundancy of data, all data is stored in only one place.
- Data dependencies are logical,all related data items are stored together.
Normalization is important for many reasons, but chiefly because it allows databases to take up as little disk space as possible, resulting in increased performance.
Normalization is also known as data normalization.
What is Query?
A query is a request for data or information from a database table or combination of tables. This data may be generated as results returned by Structured Query Language (SQL) or as pictorials, graphs or complex results, e.g., trend analyses from data-mining tools.
One of several different query languages may be used to perform a range of simple to complex database queries. SQL, the most well-known and widely-used query language, is familiar to most database administrators (DBAs).
For a machine to understand a request for information in the first place, the query must be written according to a code known as query language. For example, if you go to a bank and ask “Can I have an espresso?” the teller might be puzzled.
SQL represents one of the standard languages used for database management purposes, while MySQL, instead, is the software using that specific language. Although SQL is a fairly universal query language, other commonly used ones include DMX, Datalog and AQL.
The query database feature is equal in necessity to data storage capability. Thus, a number of query languages have been developed for different database engines and purposes, but SQL is by far the most ubiquitous and well-known. In fact, rookie database administrators often are surprised when they learn about the existence of other query languages.
Query languages generate different data types according to function. For example, SQL returns data in neat rows and columns and is very similar to Microsoft Excel in appearance.
Other query languages generate data as graphs or other complex data manipulations, e.g., data mining, which is the deep analysis of information that uncovers previously-unknown trends and relationships between distinct or divergent data. For example, a SQL manufacturing company query may reveal that monthly sales peak in June and July, or that female sales representatives continually outperform male counterparts during holiday months.
A database can be queried by less experienced users who are not trained in a specific query language. Using a pre-defined query written in a special query language to make a request isn’t the only way to request information from a database.
A user might choose available parameters from a default menu that will guide him or her through the search. This is a simple but less flexible method. The system can also provide the user with a default record where a few blank areas can be filled with the fields and value defining the query. This method is called “query by example” (QBE).
What is Client/Server Architecture?
Client/server architecture is a computing model in which multiple components work in strictly defined roles to communicate. The server hosts, delivers and manages most of the resources and services to be consumed by the client. This type of shared resources architecture has one or more client computers connected to a central server over a network or internet connection.
Client/server architecture is also known as a networking computing model or client/server network because all the requests and services are delivered over a network. It’s considered a form of distributed computing system because the components are doing their work independently of one another.
What is Read-only memory (ROM)?
Read-only memory (ROM) is a type of storage medium that permanently stores data on personal computers (PCs) and other electronic devices.
It contains the programming needed to start a PC, which is essential for boot-up; it performs major input/output tasks and holds programs or software instructions. This type of memory is often referred to as “firmware”—how it is altered has been a source of design consideration throughout the evolution of the modern computer.
What is Refactoring?
Refactoring is “the process of changing a software system in such a way that it does not alter the external behavior of the code yet improves its internal structure,” according to Martin Fowler, the “father” of refactoring. The concept of refactoring covers practically any revision or cleaning up of source code, but Fowler consolidated many best practices from across the software development industry into a specific list of “refactorings” and described methods to implement them in his book, Refactoring: Improving the Design of Existing Code.
One approach to refactoring is to improve the structure of source code at one point and then extend the same changes systematically to all applicable references throughout the program. The result is to make the code more efficient, scalable, maintainable or reusable, without actually changing any functions of the program itself. In his book, Fowler describes a methodology for cleaning up code while minimizing the chance of introducing bugs.
While refactoring can be applied to any programming language, the majority of refactoring current tools were originally developed for the Java language. In 2001, automated refactoring tools began to appear in earnest, including the IntelliJ IDEA Java IDE (Integrated Development Environment), the X-ref plug-in tool for the Emacs editor and the Instantiations jFactor stand-alone refactoring tool.
Many basic editing environments support simple refactorings like renaming a function or variable across an entire code base. Eric Raymond, a leading philosopher about program development, maintains that the concept of refactoring is consistent with the idea of get-something-working-now-and-perfect-it-later approach long familiar to Unix and open source programmers and hackers. The idea is also embodied in the approach known as extreme programming.
Today, refactoring plays an important role in application modernization and moving legacy apps from a monolithic structure to microservices.
What is Attribute?
In general, an attribute is a characteristic. In a database management system (DBMS), an attribute refers to a database component, such as a table.
It also may refer to a database field. Attributes describe the instances in the column of a database.
In relational databases, attributes are the describing characteristics or properties that define all items pertaining to a certain category applied to all cells of a column.
The rows, instead, are called tuples, and represent data sets applied to a single entity to uniquely identify each item. Attributes are, therefore, the characteristics of every individual tuple that help describe its unique properties.
Think of a table in a relational database as being analogous to an electronic spreadsheet. An attribute is simply one non-null cell in the spreadsheet, or the conjunction of a column and row.
It stores only one piece of data about the object represented by the table in which the attribute belongs. For example, the tuple can be an Invoice entity. The attributes of an invoice might be Price, Number, Date or Paid/unpaid.
Beyond the self-explanatory simple or single-valued attributes, there are several types of attributes available.
- Composite attribute: is an attribute composed of several other simple attributes. For example, the Address attribute of an Employee entity could consist of the Street, City, Postal code and Country attributes.
- Multivalued attribute: is an attribute where more than one description can be provided. For example, an Employee entity may have more than one Email ID attributes in the same cell.
- Key attribute or primary attribute: is an ID, key, letter or number that uniquely identifies that item. For example, it can be the number of a certain invoice (e.g. the individual ID of that invoice). A table that contains a single key attribute is considered a strong entity. However, a table might contain more than one key attribute if it’s derived from other tables.
- Derived attribute: as the name implies, these are derived from other attributes, either directly or through specific formula results. For example, the Age attribute of an Employee could be derived from the Date of Birth attribute. In other instances, a formula might calculate the VAT of a certain payment, so that whenever the cell with the attribute Payment is filled, the cell with the derived attribute VAT automatically calculates its value.
What is Hybrid Application (Hybrid App)?
A hybrid app is a software application that combines elements of both native and web applications.
Native apps are developed for specific mobile platforms and devices. They must be downloaded from an app store and installed locally before they can be used. A disadvantage of native apps is that they require developers to write multiple versions of the same app in order to accomodate each platform. An advantage of native apps is that because they are installed locally, they can take advantage of whatever capabilities the mobile platform provides — including access to the mobile device’s camera, GPS or accelerometer.
In contrast, web applications are simply websites that have been optimized for mobile device use. Web apps are accessed through a browser instead of being downloaded and installed locally. An advantage of web apps is that they are platform agnostic. A disadvantage is that a web app is restricted to whatever capabilities the device’s browser has.
What is Database Management System (DBMS)?
A database management system (DBMS) is a software package designed to define, manipulate, retrieve and manage data in a database. A DBMS generally manipulates the data itself, the data format, field names, record structure and file structure. It also defines rules to validate and manipulate this data.
Database management systems are set up on specific data handling concepts, as the practice of administrating a database evolves. The earliest databases only handled individual single pieces of specially formatted data. Today’s more evolved systems can handle different kinds of less formatted data and tie them together in more elaborate ways.
What is Unified communications as a service (UCaaS)?
Unified communications as a service (UCaaS) is a cloud delivery model that offers a variety of communication and collaboration applications and services.
UCaaS features include enterprise messaging, presence technology, online meetings, team collaboration, telephony and video conferencing. UCaaS is known for providing flexibility and scalability for core business tasks. Many UCaaS vendors also offer contact-center capabilities, including auto-attendant, interactive voice response, call routing and customer relationship management integrations.
UCaaS vendors are increasingly adding communications platform as a service (CPaaS) capabilities and application programming interfaces (APIs) to their cloud platforms. Customers can use CPaaS capabilities and APIs to embed cloud-based communication features into their business applications and workflows.
UCaaS vendors range from providers that sell directly to organizations, such as RingCentral, 8×8 Inc. and Microsoft, to third-party cloud service providers, such as Verizon, AT&T and BT.
What is Cybercrime?
In general, cybercrime is defined as either a crime involving computing against a digital target or a crime in which a computing system is used to commit criminal offenses.
As a broad category of crime, cybercrime includes such disparate sorts of activities as illegal access of data, use of computer communications to commit fraud, or the ransoming of systems via digital means.
Cybercrime may also be referred to as computer crime.
In a very general sense, cybercrime can be split into two fundamental types—the type in which criminals target networks, and the type in which people commit criminal acts by using computing systems.
Another way to talk about this is that the complexity of cybercrime has grown along with the complexity of computing systems. In the 1980s, cybercrime would most likely involve representing fraudulent data on a workstation or simple network, or hacking a network to achieve criminal outcomes.
Nowadays, the scenery of the cybercrime world is much more complex. One type of cybercrime involves data breaches where hackers and black hat operators compromise the privacy of sensitive data assets. Then there are various types of crimes where cyberattacks target networks to shut down various mission-critical computing operations maintained by governments or businesses. The phenomenon of cyberwarfare applies wherever a nation targets another nation’s networks or their proxies.
In the “other world” of cybercrime, where computers are used to pursue criminal activities, there’s a wide gamut of criminal operations that apply, ranging from using computers for sex trafficking or fraud to using computers to direct systems that can harm people physically. Because the power of computers has become so broad, the nature of cybercrime has evolved accordingly.
Another broad area of cybercrime is relatively new. Cryptocurrency cybercrime happens when computers are used to illegally obtain or manipulate digital assets.
This type of cybercrime is as new as the practice of using cryptocurrency or tokenized assets that are represented in digital form.
In the old days, cybercrime did not include the fraudulent or illegal handling or theft of these digital assets, because the digital assets themselves didn’t exist. Now, by contrast, there are all sorts of electronic assets sitting in digital wallets, and cyber-thieves trying to steal them.
There’s also a new kind of cryptocurrency cybercrime in which operators are targeted for misleading investors or misrepresenting digital assets themselves in a fraudulent way.
All of this means that the world of cybercrime is sufficiently vast to require many different kinds of law enforcement. Security professionals increasingly wear many “hats” in the world of law enforcement and use more evolved models to target cybercriminals.
One prime example of this is a major kind of cybercrime that is called ransomware. In ransomware operations, the cybercriminal uses a computing system to hold some asset “ransom” for payment. The cryptocurrency angle usually comes into play when ransomware scheme operators often use Bitcoin or another cryptocurrency for payment, because it is less traceable than fiat currencies. There’s even the emergence of ransomware-as-a-service, in which criminals web deliver ransomware equipment to other criminals.
As shown, the world of cybercrime has become diverse, and relevant to many types of modern business as well as consumer and citizen safety.
Simple Static IP is a few-clicks method for enabling users to set their IP address to static for occasions when that’s useful, like when employing port forwarding.
ITProMentor Best Practices Checklists is a compilation of best practices and implementation guides for Azure Active Directory, Microsoft Endpoint Manager (Intune), Office 365 (Exchange Online, SharePoint Online, OneDrive for Business, Teams) and Windows 10 (Business edition).
Advanced Renamer enables you to rename multiple files and folders simultaneously. Provides 14 different methods to change the names, attributes and timestamps of files as well as copying or moving files to new locations based on information in the files. You can construct new file names by adding, removing, replacing, changing case or giving the file a brand new name based on known information about the file. Lets you verify your settings in advance and undo the batch if you’re unhappy with the results.
RBTray allows almost any window to be minimized to the system tray by right-clicking its minimize button, shift-right-clicking on its title bar or using the Windows-Alt-Down hotkey.
jiq is jid combined with jq that allows you to drill down interactively using jq filtering queries.
Knowledge of terms to know
What is Site reliability engineering (SRE)?
Site reliability engineering (SRE) is the application of scripting and automation to IT operations tasks such as maintenance and support. The goal of SRE is to swiftly fix bugs and remove manual work in rote tasks. In some information technology (IT) departments that use site reliability engineering as a job title, the development team is split into developers and SREs. A site reliability engineer may work with the developers to design and engineer software, and work with IT operations team members to manage and support the software.
Site reliability engineering seeks to improve the reliability of currently operating software, while minimizing the work involved in its upkeep. Automating as many tasks as possible allows operations experts to provide strategic, higher-level work, such as planning a new deployment or creating a pipeline for faster product feedback.
A service level agreement (SLA) may be enacted for the SRE team that specifies a certain level of reliability required of the software — for example, 99% uptime. This gives the SRE team a 1% threshold for errors, bugs or downtime. While this SLA structure seems similar to that in any operations team at first glance, the primary difference lies in the role of SRE professionals: If the code written to automate ops tasks allows software services to operate at the agreed upon level, SREs are free to continue developing more code to further improve the software stack. If, however, services and applications experience outages, or lagging performance, then the SREs are required to fix the issues immediately before tackling other projects.
SRE and DevOps share the same core principles — keep a diversely skilled team involved in each phase of software development from design through operation, automate any repetitive tasks, use of engineering tools in operations. While DevOps is a cultural framework that applies to positions both within and outside of IT, SRE occurs specifically to support IT operations during software development and deployment in production. Business leaders are involved in DevOps, but not in SRE.
What is Storage Device?
A storage device is any type of computing hardware that is used for storing, porting, or extracting data files and objects. Storage devices can hold and store information both temporarily and permanently. They may be internal or external to a computer, server, or computing device.
A storage device may also be known as a storage medium or storage media depending on whether it is seen as discrete in nature (for example, “a hard drive” versus “some hard drive space.”)
Storage devices are one of the core components of any computing device. They store virtually all of the data and applications on a computer, except for hardware firmware which is generally managed through separate read-only memory or ROM.
Storage devices are available in different forms, depending on the type of underlying device. For example, a standard computer has multiple storage devices including RAM, a cache, and a hard disk. The same device may also have optical disk drives and externally connected USB drives.
What is the Shared Responsibility Model?
A shared responsibility model is a cloud security framework that dictates the security obligations of a cloud computing provider and its users to ensure accountability.
When an enterprise runs and manages its own IT infrastructure on-premises, within its own data center, it is responsible for the security of that infrastructure, as well as the applications and data that run on it. When an organization moves to a public cloud computing model, it hands off some, but not all, of these IT security responsibilities to its cloud provider. Each party — the cloud provider and cloud user — is accountable for different aspects of security and must work together to ensure full coverage.
The type of cloud service model — infrastructure as a service (IaaS), platform as a service (PaaS), and software as a service (SaaS) — dictates who is responsible for which security tasks. According to the Cloud Standards Customer Council (CSCC), an advocacy group for cloud users, users’ responsibilities generally increase as they move from SaaS to PaaS to IaaS.
For example, in IaaS, the cloud provider supplies and is responsible for securing basic cloud infrastructure components, such as virtual machines, disks, and networks, according to the CSCC. The provider is also responsible for the physical security of the data centers that house its infrastructure. IaaS users, on the other hand, are generally responsible for the security of the operating system and software stack required to run their applications, as well as their data.
Conversely, in a SaaS model, the provider is primarily responsible for the infrastructure and software stack, as the user has less control over these components, according to the CSCC.
Amazon Web Services (AWS), a major IaaS provider, explains its shared responsibility model as users being responsible for security in the cloud — including their data — while AWS is responsible for the security of the cloud, meaning the compute, storage, and networks that support the AWS public cloud.
Because user responsibilities differ depending on the cloud service model and provider, there is no standard shared responsibility model. To understand their cloud security responsibilities, users should reference the service-level agreements they have with their providers.
