Course Overview |
Basic computer skills (not just MS Word but
using the command line, editing the registry, and setting up a network |
||
Course Objectives |
|||
Course Learning Outcomes |
|||
CompTIA Certification |
Security + |
Associate Level |
|
Contents |
|||
Module 1Module 2Module 3Module 4 |
• Introduction to Ethical Hacking. • Foot printing and Reconnaissance. • Scanning Networks. • Enumeration. • System Hacking. • Trojans and Backdoors. • Viruses and Worms. • Sniffers and Session Hijacking. • Social Engineering. • Denial of Service. • Webservers and Applications. • Hacking Wireless Networks. • IDS, Firewalls, and Honeypots. • Buffer Overflows. • Cryptography. • Penetration Testing. |
||
Course Learning Syllabus |
Introduction Lecturer Introduction Importance of this course What you will learn in this course Assessing Information Security Risk Topic 1: Networking skills (for example, understanding routers and switches, internet protocols, and advanced TCP/IP) Understanding OSI Module Understanding Switches & Routers IP Address segmentation DNS, MAC Addresses Network Infrastructure Layer 3 Vulnerabilities Topic 2: Linux skills (these are non-negotiable) Command Line Fundamentals of Linux Environment OS vulnerabilities - Windows - Mac OS - Linux - Android - iOS Unsecure service and protocol configurations Privilege escalation - Linux-specific - SUID/SGID programs - Unsecure SUDO - Ret2libc - Sticky bits - Windows-specific System-Specific Risk Analysis Risk Determinations Documentation of Assessment Results Guidelines for Assessing Risk Topic 3: Database skills& CIA (starting with SQL) Classes of Information Classification of Information Types into CIA Levels Security Control Categories Technical Controls (Template) Technical Controls (Example Answer) Aggregate CIA Score Common Vulnerability Scoring System Common Vulnerabilities and Exposures Demo - Common Vulnerability Scoring System Extreme Scenario Planning and Worst Case Common host-related symptoms - Processor consumption Memory consumption - Drive capacity consumption Unauthorized software - Malicious processes Unauthorized changes - Unauthorized privileges - Data exfiltration Topic 4: Integrate Documentation into Risk Management From Policy to Procedures Policy Development Process and Procedure Development Demo - Finding a Policy Template Topics to Include in Security Policies and Procedures Best Practices to Incorporate in Security Policies and Procedures Business Documents That Support Security Initiatives Guidelines for Integrating Documentation into Risk Management Review Analyzing the Threat Landscape Topic 5: Classify Threats and Threat Profiles Threat Actors Threat Motives Threat Intentions Attack Vectors Attack Technique Criteria Qualitative Threat and Impact Analysis Guidelines for Classifying Threats and Threat Profiles Topic 6: Perform Ongoing Threat Research Ongoing Research Situational Awareness Commonly Targeted Assets The Latest Vulnerabilities The Latest Threats and Exploits The Latest Security Technologies Resources Aiding in Research Demo - Resources that Aid in Research of Threats The Global Cybersecurity Industry and Community Trend Data Trend Data and Qualifying Threats Guidelines for Performing Ongoing Threat Research Review Analyzing Reconnaissance Threats to Computing and Network Environments Topic 7: Implement Threat Modeling The Diverse Nature of Threats The Anatomy of a Cyber Attack Threat Modeling Reasons to Implement Threat Modeling Threat Modeling Process Attack Tree Threat Modeling Tools Threat Categories Topic 8: Assess the Impact of Reconnaissance Incidents Footprinting, Scanning, and Enumeration Footprinting Methods Network and System Scanning Methods Enumeration Methods Evasion Techniques for Reconnaissance Reconnaissance Tools Packet Trace Analysis with Wireshark Demo - Performing Reconnaissance on a Network Demo - Examining Reconnaissance Incidents
Review Analyzing Attacks on Computing and Network Environments Topic 9: Assess the Impact of System Hacking Attacks System Hacking Password Sniffing Password Cracking Demo - Cracking Passwords Using a Password File Privilege Escalation Social Engineering for Systems Hacking System Hacking Tools and Exploitation Frameworks Topic 10: Assess the Impact of Web-Based Attacks Client-Side vs. Server-Side Attacks XSS XSRF SQL Injection Directory Traversal File Inclusion Additional Web Application Vulnerabilities and Exploits Web Services Exploits Web-Based Attack Tools Demo - Assessing the Impact of Web-Based Threats Topic 11: Assess the Impact of Malware Malware Categories Trojan Horse Polymorphic Virus Spyware Supply Chain Attack Malware Tools Demo - Malware Detection and Removal Topic 12: Assess the Impact of Hijacking and Impersonation Attacks Spoofing, Impersonation, and Hijacking ARP Spoofing DNS Poisoning ICMP Redirect DHCP Spoofing NBNS Spoofing Session Hijacking Hijacking and Spoofing Tools Topic 13: Assess the Impact of DoS Incidents DoS Attacks DoS Attack Techniques DDoS DoS Evasion Techniques DoS Tools Demo - Assessing the Impact of DoS Attacks Topic: Assess the Impact of Threats to Cloud Security Cloud Infrastructure Challenges Threats to Virtualized Environments Threats to Big Data Example of a Cloud Infrastructure Attack Cloud Platform Security Review
Analyzing Post-Attack Techniques Topic: Assess Command and Control Techniques Command and Control IRC HTTP/S DNS ICMP Additional Channels Demo - Assessing Command and Control Techniques
Anti-Forensics Golden Ticket and Anti-Forensics Demo - Assessing Anti-Forensics Buffer Overflows Memory Residents Program Packers VM and Sandbox Detection ADS Covering Tracks Review Evaluating the Organization’s Security Posture Topic: Conduct Vulnerability Assessments Vulnerability Assessment Penetration Testing Vulnerability Assessment vs. Penetration Testing Vulnerability Assessment Implementation Vulnerability Assessment Tools Specific Assessment Tools Port Scanning and Fingerprinting Sources of Vulnerability Information Operating System and Software Patching Systemic Security Issues Demo - Perform a Vulnerability Scan with Nessus Demo - Perform a Vulnerability Scan with MBSA Topic: Conduct Penetration Tests on Network Assets ROE Pen Test Phases Pen Test Scope External vs. Internal Pen Testing Pen Testing Techniques Pen Testing Tools of the Trade Kali Linux Data Mining Attack Surface Scanning and Mapping Packet Manipulation for Enumeration Simulated Attacks Password Attacks Penetration Test Considerations Topic: Follow Up on Penetration Testing Effective Reporting and Documentation Target Audiences Information Collection Methods Penetration Test Follow-Up Report Classification and Distribution Review Topic: Deploy a Security Intelligence Collection and Analysis Platform Security Intelligence The Challenge of Security Intelligence Collection Security Intelligence Collection Lifecycle Security Intelligence Collection Plan CSM What to Monitor Security Monitoring Tools Data Collection Potential Sources of Security Intelligence Guidelines for Determining Which Data to Collect for Security Intelligence Guidelines for Determining Which Fields You Should Log Guidelines for Configuring Logging Systems Based on Their Impact Guidelines for Determining Which Events Should Prompt an Alert Information Processing External Data Sources Publicly Available Information Collection and Reporting Automation Data Retention
Topic C: Collect Data from Host-Based Intelligence Sources Operating System Log Data Windows Event Logs Syslog Data Application Logs DNS Event Logs SMTP Logs HTTP Logs FTP Logs SSH Logs SQL Logs Demo - Collecting Host-Based Security Intelligence Demo - Parsing Log Files Review Review Performing Active Asset and Network Analysis Topic: Analyze Incidents with Windows-Based Tools Registry Editor (regedit) Analysis with Registry Editor File System Analysis Tools for Windows Process Explorer Process Monitor Service Analysis Tools for Windows Volatile Memory Analysis Tools for Windows Active Directory Analysis Tools Network Analysis Tools for Windows Demo - Windows-Based Incident Analysis Tools Topic: Analyze Incidents with Linux-Based Tools File System Analysis Tools for Linux Process Analysis Tools for Linux Volatile Memory Analysis Tools for Linux Session Analysis Tools for Linux Network Analysis Tools for Linux Demo - Linux-Based Incident Analysis Tools Topic: Analyze Malware Malware Sandboxing Crowd-Sources Signature Detection VirusTotal Malware Entry Reverse Engineering Disassemblers Disassembly of Malware in IDA Malware Strings Anti-Malware Solutions MAEC Guidelines for Analyzing Malware Demo - Analyzing Malware Topic: Analyze Indicators of Compromise IOCs Unauthorized Software and Files Suspicious Emails Suspicious Registry Entries Unknown Port and Protocol Usage Excessive Bandwidth Usage Service Disruption and Defacement Rogue Hardware Suspicious or Unauthorized Account Usage Guidelines for Analyzing Indicators of Compromise Demo - Analyzing Indicators of Compromise Review Responding to Cybersecurity Incidents
Topic: Prepare for Forensic Investigation as a CSIRT The Duties of a Forensic Analyst Communication of CSIRT Outcomes to Forensic Analysts Guidelines for Conducting Post-Incident Tasks Review Investigating Cybersecurity Incident Topic: Apply a Forensic Investigation Plan A Day in the Life of a Forensic Analyst Forensic Investigation Models Forensic Investigation Preparation Investigation Scope Timeline Generation and Analysis Authentication of Evidence Chain of Custody Communication and Interaction with Third Parties Forensic Toolkits Guidelines for Preparing for a Forensic Investigation Topic: Securely Collect and Analyze Electronic Evidence Order of Volatility File Systems File Carving and Data Extraction Persistent Data Data Preservation for Forensics Forensic Analysis of Compromised Systems Demo - Securely Collecting Electronic Evidence Demo - Analyzing Forensic Evidence Topic: Follow Up on the Results of an Investigation Cyber Law Technical Experts and Law Enforcement Liaisons Documentation of Investigation Results Review Conclusion Wrap-Up |