Attacks, Threats, and Vulnerabilities for CompTIA Security+
This course will teach you the fundamentals and key concepts around the threats, attacks, and vulnerabilities your organization is likely to face. More importantly you’re learn how to mitigate those risks and protect your organization.
What you'll learn
In this course, you’ll learn about the various threats faced by social engineering techniques like phishing, pharming, and identity fraud. First, you’ll learn about potential indicators of compromise used to determine the types of attack to systems, applications, and networks. Next, you’ll discover the various intelligence sources used to identify and combat these threats. Finally, you’ll become familiar with various penetration testing tools and techniques. When you’re finished with this course, you’ll have the skills and knowledge needed to pass the Threats, Attacks, and Vulnerabilities section of Security+, along with the skills needed to help protect your company from attacks both internal and external.
Table of contents
- Module Overview 2m
- What Is Social Engineering? 2m
- Phishing 2m
- Types of Phishing 4m
- Vishing 3m
- SPAM 3m
- Dumpter Diving 1m
- Shoulder Surfing 3m
- Pharming 2m
- Tailgating 2m
- Hoaxes 3m
- Prepending 2m
- Impersonation 1m
- Identity Fraud 1m
- Invoice Scam 1m
- Credential Harvesting 3m
- Watering Hole Attack 2m
- Typo Squatting / URL Hijacking 2m
- Hybrid Warfare 3m
- Social Media and Influence Campaigns 1m
- Reasons for Effectiveness - Authority and Intimidation 2m
- Consensus and Social Proof 1m
- Familiarity / Liking 1m
- Trust 1m
- Scarcity / Urgency 1m
- Module Review 1m
- Module Overview 1m
- Indicators of Compromise (IOC) 2m
- Virus 3m
- Crypto-malware / Ransomware 2m
- Trojan 4m
- Worms 1m
- Potentially Unwanted Programs (PUP) 2m
- Fileless Virus 2m
- Botnets 3m
- Logic Bomb 1m
- Spyware 2m
- Keylogger 1m
- Rootkits 1m
- Backdoors 1m
- Spraying 1m
- Brute Force and Dictionary Attacks 2m
- Rainbow Tables 2m
- Known Plain Text / Ciphertext 1m
- Birthday Attack 2m
- Downgrade Attack 1m
- Physical Attacks, Malicious USB, and Skimming 4m
- Adversarial Artificial Intelligence (AI) 2m
- Supply Chain Attacks 2m
- Supply Chain Attack Example 1m
- Cloud-Based vs. On-prem Attacks 3m
- Module Review 1m
- Module Overview 1m
- Privilege Escalation 2m
- Cross Site Scripting (XSS) 3m
- SQL Injection 1m
- DLL Injection 2m
- LDAP Injection 1m
- XML Injection 1m
- Pointer Dereference 1m
- Directory Traversal / Command Injection 2m
- Buffer Overflow 1m
- Race Conditions 2m
- Time of Check 1m
- Secure Coding Concepts, Error Handling, and Input Validation 4m
- Replay Attacks 1m
- Integer Overflow 1m
- Cross Site Request Forgery (XSRF) 3m
- API Attacks 2m
- Resource Exhaustion 2m
- Memory Leak 2m
- SSL Stripping 2m
- Shimming 1m
- Refactoring 1m
- Pass the Hash 2m
- Module Review 0m
- Module Overview 1m
- Rogue Access Points and Evil Twin 3m
- Bluejack and Bluesnarfing 3m
- Dissociation 1m
- Jamming 1m
- RFID 1m
- Near Field Communication (NFC) 1m
- IV Attack 3m
- On-path Attacks (Formerly MiTM) 1m
- On-path Attacks (Formerly MiTB) 3m
- ARP Poisoning 1m
- IP/MAC Spoofing 1m
- MAC Flooding 2m
- MAC Cloning 2m
- DNS Poisoning 1m
- Typo Squatting / URL Hijacking 2m
- Distributed Denial of Service (DDoS) 2m
- Smurf Attack (Amplification) 3m
- DDoS Attack Vectors 1m
- Malicious Code Execution 2m
- Module Review 1m
- Script Kiddies 1m
- Hacktivists 1m
- Organized Crime 1m
- Nation States / APT 1m
- Insiders 1m
- Competitors 1m
- Threat Actor Attributes 1m
- Attack Vectors 8m
- Use of Open Source Intelligence 3m
- Closed / Proprietary Intelligence 1m
- Vulnerability Databases 2m
- Public and Private Information Sharing 1m
- Dark Web 2m
- Indicators of Compromise (IOC) 2m
- Automate Indicator Sharing (AIS) 1m
- TAXII Layout 1m
- MITRE 2m
- Gathering and Correlating Information 2m
- Predictive Analysis 1m
- Threat Maps 1m
- Live Cyber Threat Map 1m
- File / Code Repositories 1m
- Research Sources 3m
- Module Overview 1m
- Cloud-based vs. On-premise 3m
- New Threats / Zero Days 2m
- Mis-configuration / Weak Configuration 1m
- Shared Accounts (Improperly Configured) 1m
- Weak Configuration Considerations 3m
- Weak Cipher Suites and Implementations 2m
- Improper Certificate and Key Management 1m
- Secure Protocols 3m
- Default Configurations 1m
- Third-party Risks 3m
- Vendor Management 2m
- Vulnerable Business Processes 2m
- Outsourced Code Mangement 1m
- Improper or Weak Patch Management 2m
- Legacy Platforms 2m
- Impact Areas 2m
- Effects of Impacts 2m
- Module Overview 1m
- Specific Types of Threats 1m
- What Is Cyber Threat Intelligence? 1m
- Importance of Cyber Threat Intelligence 1m
- Threat Intelligence Classification 2m
- Strategic, Operational, and Tactical Intelligence 1m
- Gathering and Correlating Information 2m
- Stages of Risk Management 3m
- Risk Management Data Sources 2m
- Vulnerability Scanning 1m
- False Positive 1m
- False Positive Audits 1m
- False Negatives 1m
- Intrusive vs. Non-intrusive 1m
- Passively Test Security Controls 1m
- Credentialed vs. Non-credentialed 2m
- Identify Vulnerabilities and Lack of Security Controls 2m
- Identify Common Misconfigurations 2m
- Things to Remember 2m
- Common Vulnerabilities and Exposures (CVE) 3m
- CVSS 2m
- Security Information and Event Management (SEIM) 2m
- Security Orchestration, Automation, and Response 2m
- Module Intro 1m
- Penetration Testing 1m
- Penetration Testing Steps 2m
- Known, Unknown, and Partially Known Environments 1m
- Rules of Engagement 2m
- Lateral Movement 1m
- Escalation of Privilege 1m
- Methods of Privilege Escalation 2m
- Persistence 1m
- Cleanup 1m
- Bug Bounty 1m
- Pivoting 2m
- Types of Reconnaissance 3m
- War Flying 1m
- War Driving 1m
- Red, Blue, Purple, and White Security Teams 2m
- Module Review 1m
About the author
Chris is a professional information technologist, trainer, manager and lifelong learner. He is married with 3 beautiful children and interested in martial arts, working out, spending time with family and friends and being creative whenever possible. He has created a number of IT Certification training courses over the past 10 years and really enjoys helping people advance their careers through training and personal development.