This course covers the material that comprises Domain 3.0 of the CompTIA Security+ SY0-401 certification exam. Topics include types of malware, adware, viruses, spyware and backdoors, along with various types of attacks, including man-in-the-middle attacks, DDoS, Smurf attacks, phishing, xmas attacks, bluesnarfing, bluejacking, dumpster diving, etc. Also covered are various types of application attacks including XSS, XSRF, LDAP injection, SQL injection attacks and the privacy concerns created by cookies, evercookies, LSO, and Flash cookies. Penetration testing and vulnerability scanning is also covered, along with ways to calculate risk when doing security assessments, code, design, and architecture reviews.
Chris is a lifelong learner and professional information technologist, trainer and IT Manager. Married with 3 children, Chris is interested in martial arts, working out, spending time with family and friends and being creative whenever possible.
Types of Attacks Hey, welcome back to Pluralsight. I'm your instructor, Christopher Rees, and in this module we're going to cover types of attacks. Now in this module we have a lot to cover. All of this is very important because these are the types of things that are going to be attacking, or you'll find attacking your networks, both internally and externally. Whether a small shop, medium or large corporate enterprise, all of these things you see here, in some form or fashion, at one point or another will more than likely come into your network or at least try to pierce the periphery of your network. Alright, so such things as man-in-the middle, replay attacks, kind of go hand-in-hand, distributed denial-of-service, or DDoS and DoS attacks, Smurf attacks can become internal as we'll talk about in just a moment. We'll talk about spoofing, spam, phishing, and spim, and vishing, spear phishing, okay, all of these different types of variations on targeted email campaigns and then some voice campaigns as well, all kind of centered around social engineering. We'll talk about Xmas attacks, pharming, DNS poisoning and ARP poisoning, okay, some things we've talked about before and some things that are new. We'll talk about privilege escalation, malicious insider threat, again, these things can come from internal to your network or external to your network. We'll talk about transitive access, we'll talk about client-side attacks and the different between a client and server. We talked about server-side attacks before, we're going to cover client-side attacks here. We'll talk about various types of password attacks such as brute force, dictionary attacks, hybrid, birthday attacks, and then rainbow tables. Okay, all of these different things are different methods that can be used to crack passwords. We'll also talk about typosquatting and URL hijacking, and then we'll talk about watering hole attacks, which is kind of a sneaky end around to get into either a large corporate enterprise or even some small shops. So let's go ahead and get started.
Effectiveness of Social Engineering Attacks Hey, welcome back to Pluralsight. I'm your instructor, Christopher Rees, and in this module we're going to cover the effectiveness of social engineering attacks. Now in this module we're going to cover the things that are kind of the intangibles, not the things we can patch and the systems that we can actually physically touch and make sure they're secure, this is the human element. This is always going to be, more or less, the weakest link in our security chain, because human beings are unpredictable, they can act in different ways in different situations, and obviously there is no patch we can go around and start patching people within our network. So in this module we're going to talk about types of social engineering attacks. We'll talk about shoulder surfing, dumpster diving, tailgating, impersonation, hoaxes, whaling, and something called vishing, which we talked about in a previous video, but all of these types of things kind of comprise a social engineering toolset, if you will, that an attacker can use to gain access to sensitive information with inside of a company. So we'll also talk about the reasons or the principles why these are so effective, and they have to deal with such things as authority, intimidation, consensus or social proof, familiarity or liking, scarcity, urgency, and then trust. So these are all of the things that you may already know cause people to act, whether they think someone is in a position of power or they're scared into doing something or they think they have to act quickly before they risk losing something. So we'll talk about all of these things, and why it's important, especially as a security professional, to make sure that we train our corporate citizens to make sure that they're aware of these types of attacks as they come into the company. So let's go ahead and get started.
Application Attacks Hey, welcome back to Pluralsight. I'm your instructor, Christopher Rees, and in this module we're going to cover application attacks. Now, again, this is another important module for a number of reasons, not the least of which is, these types of attacks are the ones you will encounter within your environments more than likely, so it's important that you have a deep understanding of what they are conceptually. The test is not going to test you specifically on how to implement these things, but it's important to understand at a high level what they are, and have a deep understanding of how they fit in within your security response and just your overall posture when you're devising and implementing your security strategies. So we're going to cover such things as cross-site scripting, we'll cover SQL injection, along with LDAP injection and XML injection, so three different ways to actually inject code when we're interacting with a website to gain access to certain parts of a system. We'll talk about directory traversal and command injection. We'll also talk about a couple of overflow attacks including buffer overflow and integer overflow attacks, along with zero-day vulnerabilities or zero-day exploits. We'll talk about cookies and attachments and the security risks or potential risks that they impose. We'll also talk about LSO and Flash Cookies, which are basically, give or take, the same thing, alright, Locally Shared Objects dealing with Flash Cookies. We'll talk about malicious add-ons, and again, why they should definitely factor in to your security mindset. We'll talk about session hijacking and header manipulation along with arbitrary code and remote code execution. So let's go ahead and get started.
Penetration Testing vs. Vulnerability Scanning Welcome back to Pluralsight. I'm your instructor, Christopher Rees, and in this module we're going to cover penetration testing vs. vulnerability scanning. So, basically, why one versus the other, where one is appropriate and where one's not, and there are some important things to consider at the end of this module that you really need to take into consideration if and when you're going to decide on doing penetration testing or vulnerability scanning in your own environment. So the main areas that we're going to cover are basically penetration testing, we'll talk about verifying, bypassing, testing, and exploiting. We'll talk about vulnerability scanning, and what that is and comparing and contrasting the two. And that consists of identifying, assessing, and then potentially remediating what's found. And then we'll talk about three areas that a specific penetration tester or a vulnerability scanning person would fit into, depending upon what level of assessment, what level of penetration testing they want to simulate, and that is black box testing, white box testing, and then grey box testing. So let's go ahead and get started and talk about, what is penetration testing. Well pen-testing, as it's otherwise known as, is basically attacking a computer system with the intention of finding its weaknesses and its security vulnerabilities. So as you can kind of gather, vulnerability testing or vulnerability scanning is a subcomponent of penetration testing, and we'll touch on that more in just a moment. In essence, we are an attacker, but we're not a malicious attacker, right, we're acting in the best interests of the company, and we're trying to penetrate that company's defenses and security mechanisms that are in place, we're going to attack that computer system, whether it's a single device or an entire network or an entire corporation, and we're going to attack that computer system with the intention of finding its weaknesses and also its security vulnerabilities.