2015
Pluralsight
Christopher Rees
3:44
English

This course covers the material that comprises Domain 3.0 of the CompTIA Security+ SY0-401 certification exam. Topics include types of malware, adware, viruses, spyware and backdoors, along with various types of attacks, including man-in-the-middle attacks, DDoS, Smurf attacks, phishing, xmas attacks, bluesnarfing, bluejacking, dumpster diving, etc. Also covered are various types of application attacks including XSS, XSRF, LDAP injection, SQL injection attacks and the privacy concerns created by cookies, evercookies, LSO, and Flash cookies. Penetration testing and vulnerability scanning is also covered, along with ways to calculate risk when doing security assessments, code, design, and architecture reviews.

Types of Malware
Course Overview and Adware
Virus
Spyware
Trojans and Remote Access Tools (RAT)
Rootkits
Backdoors
Logic Bombs
Botnets and Ransomware
Polymorphic Malware and Armored Virus
Types of Attacks
Overview
Man-in-the-Middle
DDoS
Spoofing
Spam
Phishing
Spim
Vishing
Spear Phishing
Xmas Attack
Pharming
Privilege Escalation
Malicious Insider Threat
Transitive Access
Client-Side Attacks
Password Attacks
Typo Squatting/URL Hijacking
Watering Hole Attack
Module Review
Effectiveness of Social Engineering Attacks
Module Overview
What Is Social Engineering?
Shoulder Surfing
Dumpster Diving
Tailgating
Impersonation
Hoaxes
Whaling
Vishing
Principles (Reasons for Effectiveness)/Authority
Intimidation
Consensus/Social Proof
Familiarity/Liking
Trust
Scarcity/Urgency
Module Review
Wireless Attacks
Rogue Access Points and Captive Portals
War Driving and War Chalking
Bluejacking and Bluesnarfing
IV Attacks
Packet Sniffing
Near Field Communication
Replay Attacks
WPS Attacks
WEP and WPA Attacks
Application Attacks
Module Overview
Cross-Site Scripting
Cross-Site Request Forgery
SQL and XML injection Attacks
Directory Traversal/Command Injection
Buffer Overflow Attacks
Integer Overflow Attacks
Zero-Day Attacks
Cookies and Attachments
Locally Shared Objects (LSO)
Flash Cookies
Malicious Add-ons
Session Hijacking
Header Manipulation
Arbitrary/Remote Code Execution
Mitigation and Deterrent Techniques
Module Overview
Monitoring System Logs
Hardening Systems and Applications
Network Security
Disabling Unused Interfaces and Services
Rogue Machine Detection
Security Posture
Reporting
Detection vs. Prevention Controls
Module Review
Discovering Security Threats and Vulnerabilities
Module Overview and Interpreting Assessment Tools Results
Protocol Analyzers and Vulnerability Scanners
Honeypots and Honeynets
Port Scanners
Banner Grabbing
Passive vs. Active Tools
Risk Calculations
Assessment Types
Assessment Techniques and Baseline Reporting
Code Review
Determine Attack Surface
Review Architecture
Review Designs
Module Review
Penetration Testing vs. Vulnerability Scanning
Module Overview
Verifying Threats and Bypassing Security Controls
Actively Testing Security Controls
Exploiting Vulnerabilities
Vulnerability Scanning
Testing Security Controls and Identifying Vulnerabilities
Identify Common Misconfigurations
Intrusive vs. Non-intrusive and Credentialed vs. Non-credentialed
False Positive
Black, White, and Gray Box Testing
Things to Remember
Module Review

Download File Size:418.12 MB

---