Attacks, Threats, and Vulnerabilities for CompTIA Security+

سرفصل های دوره

This course will teach you the fundamentals and key concepts around the threats, attacks, and vulnerabilities your organization is likely to face. More importantly you’re learn how to mitigate those risks and protect your organization.

1. Course Overview

1. Course Overview

2. Comparing Different Types of Social Engineering Techniques

01. Module Overview

02. What Is Social Engineering-

03. Phishing

04. Types of Phishing

05. Vishing

06. SPAM

07. Dumpter Diving

08. Shoulder Surfing

09. Pharming

10. Tailgating

11. Hoaxes

12. Prepending

13. Impersonation

14. Identity Fraud

15. Invoice Scam

16. Credential Harvesting

17. Watering Hole Attack

18. Typo Squatting - URL Hijacking

19. Hybrid Warfare

20. Social Media and Influence Campaigns

21. Reasons for Effectiveness - Authority and Intimidation

22. Consensus and Social Proof

23. Familiarity - Liking

24. Trust

25. Scarcity - Urgency

26. Module Review

3. Analyzing Malware and Other Attacks

01. Module Overview

02. Indicators of Compromise (IOC)

03. Virus

04. Crypto-malware - Ransomware

05. Trojan

06. Worms

07. Potentially Unwanted Programs (PUP)

08. Fileless Virus

09. Botnets

10. Logic Bomb

11. Spyware

12. Keylogger

13. Rootkits

14. Backdoors

15. Spraying

16. Brute Force and Dictionary Attacks

17. Rainbow Tables

18. Known Plain Text - Ciphertext

19. Birthday Attack

20. Downgrade Attack

21. Physical Attacks, Malicious USB, and Skimming

22. Adversarial Artificial Intelligence (AI)

23. Supply Chain Attacks

24. Supply Chain Attack Example

25. Cloud-Based vs. On-prem Attacks

26. Module Review

4. Recognizing Application Attacks

01. Module Overview

02. Privilege Escalation

03. Cross Site Scripting (XSS)

04. SQL Injection

05. DLL Injection

06. LDAP Injection

07. XML Injection

08. Pointer Dereference

09. Directory Traversal - Command Injection

10. Buffer Overflow

11. Race Conditions

12. Time of Check

13. Secure Coding Concepts, Error Handling, and Input Validation

14. Replay Attacks

15. Integer Overflow

16. Cross Site Request Forgery (XSRF)

17. API Attacks

18. Resource Exhaustion

19. Memory Leak

20. SSL Stripping

21. Shimming

22. Refactoring

23. Pass the Hash

24. Module Review

5. Identifying Network Attacks

01. Module Overview

02. Rogue Access Points and Evil Twin

03. Bluejack and Bluesnarfing

04. Dissociation

05. Jamming

06. RFID

07. Near Field Communication (NFC)

08. IV Attack

09. On-path Attacks (Formerly MiTM)

10. On-path Attacks (Formerly MiTB)

11. ARP Poisoning

12. IP-MAC Spoofing

13. MAC Flooding

14. MAC Cloning

15. DNS Poisoning

16. Typo Squatting - URL Hijacking

17. Distributed Denial of Service (DDoS)

18. Smurf Attack (Amplification)

19. DDoS Attack Vectors

20. Malicious Code Execution

6. Distinguishing Threat Actors, Vectors, and Intelligence Sources

01. Module Review

02. Script Kiddies

03. Hacktivists

04. Organized Crime

05. Nation States - APT

06. Insiders

07. Competitors

08. Threat Actor Attributes

09. Attack Vectors

10. Use of Open Source Intelligence

11. Closed - Proprietary Intelligence

12. Vulnerability Databases

13. Public and Private Information Sharing

14. Dark Web

15. Indicators of Compromise (IOC)

16. Automate Indicator Sharing (AIS)

17. TAXII Layout

18. MITRE

19. Gathering and Correlating Information

20. Predictive Analysis

21. Threat Maps

22. Live Cyber Threat Map

23. File - Code Repositories

24. Research Sources

7. Understanding Vulnerabilities and Security Risks

01. Module Overview

02. Cloud-based vs. On-premise

03. New Threats - Zero Days

04. Mis-configuration - Weak Configuration

05. Shared Accounts (Improperly Configured)

06. Weak Configuration Considerations

07. Weak Cipher Suites and Implementations

08. Improper Certificate and Key Management

09. Secure Protocols

10. Default Configurations

11. Third-party Risks

12. Vendor Management

13. Vulnerable Business Processes

14. Outsourced Code Mangement

15. Improper or Weak Patch Management

16. Legacy Platforms

17. Impact Areas

18. Effects of Impacts

8. Defining Security Assessment Techniques

01. Module Overview

02. Specific Types of Threats

03. What Is Cyber Threat Intelligence-

04. Importance of Cyber Threat Intelligence

05. Threat Intelligence Classification

06. Strategic, Operational, and Tactical Intelligence

07. Gathering and Correlating Information

08. Stages of Risk Management

09. Risk Management Data Sources

10. Vulnerability Scanning

11. False Positive

12. False Positive Audits

13. False Negatives

14. Intrusive vs. Non-intrusive

15. Passively Test Security Controls

16. Credentialed vs. Non-credentialed

17. Identify Vulnerabilities and Lack of Security Controls

18. Identify Common Misconfigurations

19. Things to Remember

20. Common Vulnerabilities and Exposures (CVE)

21. CVSS

22. Security Information and Event Management (SEIM)

23. Security Orchestration, Automation, and Response

9. Defining Penetration Testing

01. Module Intro

02. Penetration Testing

03. Penetration Testing Steps

04. Known, Unknown, and Partially Known Environments

05. Rules of Engagement

06. Lateral Movement

07. Escalation of Privilege

08. Methods of Privilege Escalation

09. Persistence

10. Cleanup

11. Bug Bounty

12. Pivoting

13. Types of Reconnaissance

14. War Flying

15. War Driving

16. Red, Blue, Purple, and White Security Teams

17. Module Review

439,000 تومان

افزودن به سبد خرید

خرید دانلودی فوری

در این روش نیاز به افزودن محصول به سبد خرید و تکمیل اطلاعات نیست و شما پس از وارد کردن ایمیل خود و طی کردن مراحل پرداخت لینک های دریافت محصولات را در ایمیل خود دریافت خواهید کرد.

تولید کننده: PluralSight