Threats, Attacks, and Vulnerabilities for CompTIA Security+

Comparing & Contrasting Attacks Types
Hey everybody. Welcome back to Pluralsight. I'm your instructor Christopher Rees. And in this module, we're going to be covering, comparing, and contrasting attack types. Now let's go and take a look at the overview of the module. This is a big module. Lots of really important information in here. So it's important to kind of hang with me. I promise we'll get through it. It's going to be packed full of information. So the six main areas we'll be covering will be social engineering. We'll be talking about the principles, like basically why are these different types of attacks so effective. We'll also talk about application and service attacks. And then we'll talk about wireless attacks, cryptographic attacks, and then offline versus online attacks. Alright the different types and why one is more effective than the other in a given situation. So to give you an overview of everything we're going to cover in this module, again I'm not going to read through all of this, you can pause it for a second if you want to take a peek, but there's a lot of information, so let's go ahead and dive right in.

Exploring Threat Actor Types and Attributes
Hey, welcome back to Pluralsight, I'm your instructor, Christopher Rees and in this module, we're going to be covering Exploring Threat Actor Types and Attributes. So a few main areas that we want to cover, let's take a look at the various types of actors, alright, the types of criminals or cyber criminals, hackers and so forth, that we'll come in contact with, the attributes of those actors, okay, what are their targets, what kind of motivates them and then take a look at some of the open source tools, that are available. Okay, so types of actors, well, understand that threat actors can range from beginners, people that are relatively new and just want to probe around, see what they can get to, to highly organized nation states, alright, so we have Script Kiddies, again going to be pretty much the you know, quote unquote newbies, they're learning, they just want to poke around and just basically see if they can get there to see if they can get there, no real agenda per se or actual underlying motivation, it's more so out of a curiosity, then we have Hacktivists and they are typically driven by some type of ideology or political motivation, we have Organized Crime, which as you might guess is motivated primarily financially and we'll cover each of these in more detail here in just a moment and then we have Nation States or Advanced Persistent Threats or APTs, these are much more severe in nature and are typically very well funded, China, Russia and a few others are relatively well known in the fact that they support these types of activities, then we have Insiders, which can be potentially one of the most dangerous for companies, because it's hard to guard against those individual insiders, especially when they have specialized knowledge of the environment and then we have Competitors, who are driven typically by competition, trying to get the leg up on their competitors in the hope of competitive advantage, if you will, so all of these have different motivations, different skill levels, different levels of funding and so forth, so let's take a look at each of these in a little more detail.

Defining the Penetration Testing Process
Hey everyone welcome back to Pluralsight. I am your instructor, Christopher Rees, and in this module we're going to be covering Defining the Penetration Testing Process. So let's look at what we're going to cover here in this module. We're going to talk about the pen testing process, basically, what is pen testing? We'll talk about the two types, active reconnaissance and passive reconnaissance. We'll talk about the initial exploration and what we're doing when we're very first targeting a specific company. We'll talk about persistence and why that's so very valuable. We'll talk about escalation of privilege, which is what we really want to do once we get in, escalate that privilege so we can move laterally within the network. And we'll also talk about the various types of pen testing, we'll talk about black box testing, white box, and then gray box. Then we'll also talk about pen testing versus vulnerability scanning. So let's go ahead and get started.

Defining the Vulnerability Scanning Process
Hey, welcome back to Pluralsight. I'm your instructor, Christopher Rees, and in this module we're going to be talking about defining the vulnerability scanning process. In this module, we'll cover a few things relating to vulnerability scanning and that process in general. We'll talk about passively testing security controls. Talk about identifying the vulnerability. We'll also cover identifying lack of security controls. And also identify common misconfigurations. Again, this is scanning for vulnerabilities so this is a passive process. We'll talk about intrusive versus non-intrusive. We'll also talk about credentialed versus non-credentialed, again, in this scanning process. And then we'll also talk about false positives. Let's go ahead and get started.

Impacts Associated with Types of Vulnerabilities
Hey, welcome back to Pluralsight. I'm your instructor, Christopher Rees, and in this module, we're going to talk about the impacts associated with various types of vulnerabilities. So, in this module, a couple main categories of vulnerabilities. We have hardware and software related vulnerabilities. We have configuration or user error. We also have business processes, and then planning and architecture. So, these are the four high level views of what we're going to cover. Here, you can see a little more detail. There's a lot to cover in this module as well, so I won't go through all of these individually. We'll cover these one by one as we go through this. Feel free, obviously, to pause the video for a few seconds, but let's go ahead and just dive right in.