How a VPN Works: A Technical and Practical Guide

Why Do We Need a VPN?

When you browse the internet, your device connects directly to websites. Without protection:

  • Your Internet Service Provider (ISP) can see the websites you visit.
  • Hackers on public Wi-Fi can intercept your data.
  • Websites can track your real IP address, revealing your location.

A VPN solves these issues by creating a secure and private connection.

What Is a VPN and What Does It Do?

A Virtual Private Network (VPN) is a service that encrypts your internet connection and routes it through a remote server, hiding your IP address and protecting your data.

What Happens When You Use a VPN?

Without a VPN:
šŸ“ Your real IP is visible ā†’ Websites know your location.
šŸ”“ Your traffic is readable ā†’ Your ISP or hackers can intercept your data.

With a VPN:
šŸ”’ Your traffic is encrypted ā†’ No one can read it.
šŸŒ Your IP is hidden ā†’ Websites see the VPN server’s IP, not yours.
šŸš€ You can bypass restrictions ā†’ You appear as if browsing from another country.

šŸ”Ž Try this experiment:
1ļøāƒ£ Search “What is my IP” on Google.
2ļøāƒ£ Turn on a VPN and refresh the page.
3ļøāƒ£ Notice the IP address change!

How Does a VPN Work Technically?

Letā€™s break down what happens when you connect to a VPN.

The VPN Tunnel

When you activate a VPN:

  1. Your device establishes a secure connection with the VPN server.
  2. The connection is encrypted using security protocols.
  3. All data you send and receive passes through the VPN tunnel.
  4. The website sees the VPN server’s IP, not your real IP.

šŸ“Œ Analogy:
Imagine writing a letter, but instead of sending it directly, you put it in a sealed envelope and send it to a trusted intermediary, who then forwards it.

The recipient gets the letter without knowing who really wrote it (because they only see the “intermediary” sender ā€“ the VPN server).

VPN Protocols: How Encryption Works

A VPN protects data using encryption protocols to secure the connection.

4.1 Common VPN Protocols

šŸ›” OpenVPN ā€“ Secure, open-source, widely used.
šŸš€ WireGuard ā€“ Faster and more modern than OpenVPN.
šŸ“± IKEv2/IPSec ā€“ Great for mobile devices, stable on network changes.

šŸ’” Practical exercise: If you use a VPN, check the settings to see which protocol it uses!

How Does a VPN Encrypt Data?

Once the VPN tunnel is active, all your data is encrypted, meaning itā€™s converted into an unreadable format unless decrypted with the right key.

šŸ”‘ Encryption methods used by VPNs:

  • AES-256 ā€“ Used by governments and banks for top security.
  • ChaCha20 ā€“ A faster alternative used in WireGuard.

āš ļø Without a VPN: A hacker on public Wi-Fi could read your data.
āœ… With a VPN: Even if someone intercepts your traffic, theyā€™ll see unreadable, encrypted data.

How Data Travels Through a VPN

1ļøāƒ£ Without a VPN

  • Your PC connects directly to a website.
  • The website sees your real IP.
  • Your ISP can track your activity.

2ļøāƒ£ With a VPN

  • Your PC connects first to the VPN server.
  • The VPN server encrypts the data and forwards it to the website.
  • The website sees the VPNā€™s IP, not yours.

šŸ“Œ Analogy:
Imagine calling a friend, but instead of using your real phone number, you route the call through a middleman who relays the message. The recipient never knows your real identity.

VPN Limitations and Downsides

While VPNs are useful, they are not a perfect solution.

āš ļø VPN Limitations
ā³ Slower connection speeds ā€“ Your data must travel through an extra server.
šŸš« Some sites block VPNs ā€“ Netflix and banking sites may detect and restrict VPN access.
šŸ” Not 100% anonymous ā€“ The VPN provider can still see your traffic unless they have a “no-log” policy.

šŸ’” Solution: Choose a reliable VPN provider with a strict no-logs policy and select nearby servers to reduce latency.

šŸ“ Knowledge Check: Test Your Understanding

1ļøāƒ£ What is the main purpose of a VPN, and how does it protect your internet connection?
a) It speeds up your internet connection.
b) It hides your IP address and encrypts your traffic.
c) It blocks all ads and pop-ups.
d) It prevents websites from collecting cookies.

2ļøāƒ£ How does a VPN tunnel work, and what happens to your IP address when you use a VPN?
a) Your real IP address is replaced with the VPN serverā€™s IP.
b) Your real IP address is still visible to websites.
c) Your device connects directly to the internet without encryption.
d) The VPN tunnel allows websites to track you more easily.

3ļøāƒ£ Which encryption protocols do VPNs use, and why is encryption important?
a) OpenVPN, WireGuard, and IKEv2/IPSec, because they secure data in transit.
b) VPNs do not use encryption; they only change your IP address.
c) VPNs use basic passwords to encrypt data.
d) Encryption is unnecessary because the internet is already secure.

4ļøāƒ£ What are some common limitations of VPNs, and in which cases might a VPN not be useful?
a) VPNs can slow down connection speeds.
b) VPNs make you completely anonymous online.
c) VPNs are always free and have no security risks.
d) VPNs work perfectly on all streaming platforms without restrictions.

5ļøāƒ£ If you activate a VPN and visit a website, what does the website seeā€”your real IP address or the VPN serverā€™s IP? Why?
a) The website sees your real IP because VPNs donā€™t hide it.
b) The website sees the VPN serverā€™s IP, because your traffic is routed through the VPN server.
c) The website sees a combination of both your real and VPN IPs.
d) The website is blocked because VPNs prevent access to all websites.

1-b , 2 – a, 3 – a, 4 – a, 5, b

zeroday
Zero-Day Exploits: What They Are and Why You Should Care

In cybersecurity, zero-day exploits are one of the most dangerous threats. If you work in IT or are starting to explore this world, itā€™s important to know what they are and how they can affect you.

What Is a Zero-Day Exploit?

A zero-day exploit is a security weakness in software or a system that even the developers donā€™t know about.
The term “zero-day” means thereā€™s zero time to fix it before attackers can use it. In simple words, hackers discover and take advantage of this flaw before anyone can fix it.

A Market for Zero-Day Vulnerabilities

You might not expect it, but thereā€™s a market for selling zero-day vulnerabilities.

On the legal side, companies like Google, Microsoft, and Facebook offer bug bounty programs. These programs reward people who find and report security issues.

For example, Googleā€™s Vulnerability Reward Program pays anyone who reports a security bug in their services, like Chrome or Android. This helps Google improve security and gives ethical hackers recognition and rewards.

On the dark web instead, hackers sell these exploits to cybercriminals or groups for money.

Famous Zero-Day Exploits

Here are some real-world examples:

  • Stuxnet (2010): A malware that attacked industrial systems, causing serious damage (USA + Israel vs Iran Nuclear program).
  • Heartbleed (2014): A security flaw that exposed millions of sensitive data records (using a breach in the SSL protocol).
  • Pegasus (2021): Spyware used to track journalists and activists through their phones (it’s a mix of different exploit for mobile OSs, probably still used …) .

Why Are They So Dangerous?

  • They canā€™t be stopped immediately: Thereā€™s no update available until the flaw is found and fixed.
  • Huge impact: They can affect entire companies and millions of users.

How to (try to) Protect Yourself

Here are some tips to reduce the risk and the damage:

  • Keep everything updated: Software updates often include important security fixes.
  • Use modern security tools: Firewalls, antivirus software, and intrusion detection systems help a lot.
  • Backup your data regularly: If something goes wrong, you wonā€™t lose everything.
  • Stay informed: Learn about new threats and teach your team to recognize suspicious behavior.
The Heart of Scrum: People

Projects are done by people, for people. The agile philosophy emphasizes close collaboration between two key groups:

  • The project team, who builds the product.
  • The project clients, who benefit from it.

One of the most crucial roles in this collaboration is the Product Owner.

The Product Owner: A Central Role in Scrum

The Product Owner holds the responsibility for managing the product backlog and making all key decisions related to it. This role is critical for the success of the project.

What does the Product Owner do?

  1. Defines and Validates Requirements:
    • Gathers and documents user stories and epics.
    • Ensures the backlog reflects all necessary functionalities and priorities.
  2. Prioritizes the Product Backlog:
    • Decides which user stories should be built first and which can wait.
    • Adjusts priorities as the project evolves, ensuring the most valuable tasks come first.
  3. Reviews and Validates Outputs:
    • At the end of each sprint, the Product Owner checks the deliverables to ensure they meet the agreed requirements.
    • Provides constructive feedback if something doesnā€™t meet the expected standards.
  4. Approves the Final Product:
    • At the end of the project, the Product Owner gives the final approval, ensuring the product is ready for release.

Who Can Be a Product Owner?

Usually, the Product Owner represents the organization for which the product is being createdā€”essentially, the project client. This person needs a strategic vision and domain expertise.

Common roles that might act as Product Owner include:

  • Head of Sales
  • Head of Marketing
  • Head of IT, etc.

The Product Owner needs to be hands-on throughout the entire project, working closely with the team, reviewing progress, and adapting to changes when necessary.

The Power to Adapt

In Agile, requirements can change. The Product Owner plays a key role in approving changes and adjusting priorities between sprints. If a high-value user story emerges, itā€™s the Product Ownerā€™s job to bring it forward, ensuring the project remains focused on delivering value.

Undo unsaved changes in Git

If you did a git checkout on a branch and found conflicts or, in general, you did some changes in your local repo, you can undo everything and go back to the previous state with these steps:

git reset --hard HEAD

This command reverts everything to the state of the last commit and discards local changes, including conflicting ones.

or better

git reset --hard origin/nome-del-branch

If there are any untracked files that are causing problems, you can delete them with:

git clean -df

Just a tricky, if you want to go back to the previous branch, just do this:

git checkout -
From User Stories to the Product Backlog

After gathering user stories and epics, they are structured into the product backlog, forming a detailed “to-do list” for the development team. User stories are rephrased to sound more task-oriented.

  • Example:
    • User Story: “As a user, I want to see the ingredient list for each pizza.”
    • Task: “Add ingredients box next to each menu item.”

These work items may also be referred to as Product Backlog Items (PBIs).

Product Backlog and Increments in Scrum

The Product Backlog is a comprehensive, ordered list of all tasks needed to build or enhance the product.
It serves as the foundation for the development teamā€™s work, broken down into sprints.

An Increment is a completed, functional piece of the product that delivers value to users.
Each sprint produces one or more increments that are tested and ready for use in the real world.
Increments are like building blocks, adding functionality to the product step by step.

Early Value Delivery

Early Releases: Once a significant portion of the product (e.g., an epic or a group of functionalities) is complete, it can be released for users to start benefiting from itā€”even if the rest of the product is still in development.

This reduces the time to marketā€”the time between the ideaā€™s conception and its introduction to users.

Users can test and provide feedback on the most critical functionalities first, allowing for real-world adjustments before further features are developed.

Important functionalities are programmed and released first, enabling users to start working with the product early. Additional features are incrementally added and released, enhancing the product over time.

Epics and User Stories in Scrum

Epic

In Scrum, an epic is a large set of product requirements that can be broken down into smaller pieces. It represents a broad and complex functionality.

Example: The online payment functionality for an order is an epic.

Ā It can be formulated similarly to a user story, for example:Ā “As a user, I want to pay online to avoid exchanging cash with the delivery person.”

User Stories

These are smaller, more specific parts of an epic. Each epic includes several related user stories.

Example: Paying with a credit card, PayPal, cash, or Bitcoin are user stories under the “Online Payment” epic.

Relationship Between Epics and User Stories

Itā€™s hierarchical. User stories are grouped under an epic, or an epic is broken down into user stories.

  • If a functionality can be completed within a single sprint, itā€™s aĀ user story.
  • If it requires multiple sprints, itā€™s anĀ epic.

Organizations may adapt these definitions to suit their specific needs, so interpretations can vary.

Through user stories and epics, the project team defines the entire scope and requirements of the product.

What Are User Stories?

A user story is a short, one-sentence description of what a user wants to achieve with a system or product.

They provide a simple, user-focused way to define requirements that are easy for both users and technical teams to understand.

Format:

“As a user, I want to [do something] in order to [achieve a goal].

The ā€œin order toā€ part explains why the user needs this feature, offering valuable context for the development team.

Examples of User Stories (Pizza Website)

  1. “As a user, I want to scroll through the menu in order to quickly see all the options I can choose from.”
  2. “As a user, I want to see the ingredients of each pizza.”
  3. “As a user, I want to pay for my order using Bitcoin.”

These stories:

  • Help open communication between users and the technical team.
  • Allow developers to understand the user’s perspective and reduce misunderstandings.
  • Provide flexibility for developers to suggest better ways to achieve the same goal.

How Are User Stories Created?

  • When: Theyā€™re typically gathered during initial project planning.
  • Who Creates Them:
    • Future users or their representatives (e.g., during brainstorming workshops).
    • The Product Owner, who manages the productā€™s scope in Scrum.
    • Business Analyst
  • How:
    • Often collected in workshop sessions using sticky notes (hence their iconic association).
    • Later documented in electronic format for organization and future reference.

Benefits of User Stories

Focus on the userā€™s needs: They prioritize what the user values most.

Encourage collaboration: Involve both users and developers in the process.

Reduce misunderstandings: Developers can better visualize user expectations and propose alternative solutions if necessary.

Of course, these are all theoriesā€”practice is often a different story. There are many challenges to face, starting with clients who often donā€™t know exactly what they want. This is why Agile is, above all, a mindsetā€”a way of thinking and organizing projects. Itā€™s about embracing uncertainty, fostering collaboration, and adapting to change in real time. Agile isnā€™t just a process; itā€™s a philosophy for navigating complexity.

The Three Pillars of Scrum

Transparency

Open communication is key in Scrum. Everyoneā€”team members and stakeholdersā€”needs to have the same understanding of the work and its current status.

The goal is to avoid surprises and ensure that everyone is on the same page.

Inspection

Scrum encourages regular check-ins to make sure the work is progressing as expected.

By identifying any issues early, the team can address problems before they grow and potentially derail the project.

Adaptation

If somethingā€™s not workingā€”whether itā€™s the product, the process, or the progressā€”itā€™s time to adapt.

Changes should happen quickly to ensure the project stays aligned with its goals.

Key Elements of Scrum

Artifacts
These are the tools that guide the team and define the scope of the work:

  • Product Backlog: A list of everything that needs to be done to achieve the project goals. Think of it as the projectā€™s to-do list.
  • Sprint Backlog: A smaller, more focused list of tasks the team plans to tackle during a specific sprint.
  • Increment: The finished, usable product thatā€™s delivered at the end of a sprint.

The Scrum Team
The Scrum team works as one cohesive unit, with three main roles:

  • Product Owner: Manages the backlog and ensures the team is working on what brings the most value to the customer.
  • Development Team: A cross-functional group of professionals who build and deliver the product.
  • Scrum Master: A facilitator who helps the team follow Scrum principles and remove any obstacles they might face.
Thereā€™s no hierarchy hereā€”just collaboration. Teams are usually kept small (up to 10 people) to maintain efficiency and flexibility.

Scrum Events
These events keep the team organized and moving forward:

  • The Sprint: The core of Scrum, a time-boxed period (usually 1-4 weeks) during which the team works on delivering a usable increment.
  • Inside the Sprint:
    • Sprint Planning: A meeting where the team decides what theyā€™ll accomplish during the sprint.
    • Daily Scrum: A quick, daily check-in (often called a stand-up) to ensure everyone is aligned.
    • Sprint Review: A meeting to showcase the completed work to stakeholders and gather feedback.
    • Sprint Retrospective: A session to reflect on what went well, what didnā€™t, and how the team can improve in the next sprint.

    Scrum is all about being lean, transparent, and adaptable. Itā€™s designed to help teams handle complex challenges by breaking work into manageable chunks, focusing on delivering value, and constantly improving.

    The 12 Agile principles

    User satisfaction

    Satisfy the customer through early and continuous delivery of valuable software.

    Welcoming change

    Accept and integrate changes, even in advanced stages of development, to ensure a competitive advantage for the customer.

    Frequent delivery

    Frequent delivery of working software (preferably within short timeframes, days, or weeks).

    Continuous collaboration

    Business and developers must work together daily throughout the project.

    Motivated people support

    Build projects around motivated individuals, providing them with the support, tools, and autonomy to get the job done.

    Face to face communication

    The most effective method of conveying information within a team is direct conversation.

    Working software

    Progress is measured through working software.

    Agile focuses on operational and customer-usable functionality as an indicator of progress.
    Avoid false perceptions of progress (e.g., only code developed but not tested or integrated).

    Keep a steady pace

    Agile promotes sustainable development, where sponsors, developers, and users can maintain a constant pace indefinitely.

    Excessive pace leads to burnout, reducing quality and morale.
    Realistic goals ensure consistent, high-quality productivity.

    Technical excellence

    Continuous attention to technical excellence and good design improves agility.

    Avoid shortcuts that can cause errors or require additional work in the future.
    Design and technical quality are key to ensuring long-term success.

    Simplicity

    Focus only on activities that add value.
    Avoid unnecessary complexity.
    Simplicity improves efficiency and value, working smarter.

    The art of maximizing undone work is essential.

    Self-organized teams

    The best requirements and designs emerge from self-organizing teams.

    Autonomous and motivated teams produce better solutions.
    Agile promotes horizontal management, promoting autonomy and collective ownership.
    This approach speeds up decisions and increases effectiveness.

    Reflect and Adapt

    The team reflects regularly to become more effective and adapts its behavior accordingly.

    Continuously reviewing processes and priorities improves flexibility and efficiency.
    Analyzing situations such as Billā€™s unmet expectations can improve management of future requirements.

    Cyber Kill Chain methodology

    The “Cyber Kill Chain” methodology is a framework developed by Lockheed Martin to describe the stages of a cyberattack, from initial reconnaissance to data exfiltration.

    Basically the author applied the structure of a military kill chain (F2T2EA) to information security

    It helps organizations understand and detect malicious activities at various stages to improve their defensive measures. Here are the seven stages of the Cyber Kill Chain:

    1. Reconnaissance:
      • The attacker gathers information about the target organization. This can include identifying potential vulnerabilities, researching employee roles, and understanding the network structure. Footprinting
      • Social media profiling, website analysis, dns reconnaissance, phishing target identification, open source intelligence
    2. Weaponization:
      • The attacker creates a deliverable payload (e.g., malware, exploit) by coupling malicious code with a legitimate file or software. This stage involves create or obtain the actual attack tools.
      • Developing malware, embedding malware in documents, setting up exploit kits, preparing command and control servers, packaging payloads with droppers, creating delivery mechanisms (phishing email, drive-by download, malicious link…)
    3. Delivery:
      • The attacker sends the weaponized payload to the target.
      • sending phishing emails, deploying malicious link and attachments, compromised websites, delivering (for free also) USB and physical media, and so on
    4. Exploitation:
      • Once the payload reaches the target, it exploits a vulnerability to execute the malicious code.
      • exploiting software vulnerabilities, leveraging social engineering, executing malicious code (the one downloaded previously or installed with the USB or similar) or using zero-day exploits.
    5. Installation:
      • The malicious payload installs a backdoor or other persistent mechanism on the victim’s system, allowing the attacker to maintain access.
      • installing a backdoor, setting up a remote access trojans, creating a scheduled task or service, adding new user account,…
    6. Command and Control (C2):
      • The attacker establishes a communication channel with the compromised system. This enables them to issue commands, exfiltrate data, or download additional tools.
    7. Actions on Objectives:
      • The attacker achieves their goals, which can include data theft, system disruption, financial gain, or espionage. This stage involves executing the final intent of the attack, such as exfiltrating data or causing damage.

    By understanding these stages, organizations can develop more effective detection, prevention, and response strategies to disrupt the attacker’s progress at various points along the kill chain.