Chapter 1: Introduction
Chapter 1 introduces the course and discusses the associatedTestOut and CompTIA certifications. It also shows students how to use the simulated lab environment and explores relevant job roles.
Chapter 2: Vulnerability Response, Handling, and Management
Chapter 2 focuses on how to effectively manage and respond to vulnerabilities in cybersecurity. It covers understanding regulations, standards, risk management principles, threat modeling, security controls, managing attack surfaces, and securing mobile devices. It also discusses patch management, including software patching, host protections, configuration management, and password policies, as well as security testing through various attack frameworks.
Chapter 3: Threat Intelligence and Threat Hunting
Chapter 3 delves into different types of threat actors, their tactics, techniques, and procedures, and how to develop a network threat model.The chapter then moves on to discuss open-source intelligence (OSINT),reconnaissance with tools like TheHarvester and Nmap, and various types of threat intelligence. It also covers the role of Information Sharing andAnalysis Centers (ISACs) and the importance of threat intelligence sharing. The latter part of the chapter focuses on threat hunting, including analyzing indicators of compromise (IoC) and threat research. The chapter concludes by discussing honeypots, including their creation, evasion, and use in detecting malicious network traffic.
Chapter 4: System and Network Architecture
Chapter 4 focuses on secure architectures, covering operating systems, network infrastructure analysis, system hardening, and process management. It explores virtualization and cloud computing, serverless computing, network architectures, and software-defined networking. The chapter also discusses identity and access management, federation, service-oriented architectures, and authentication mechanisms. It further covers data protection, including data loss prevention and public key infrastructure. Lastly, it provides an overview of logging, including log review, centralized logging configuration, event logging, and evaluation of log files.
Chapter 5: Vulnerability Assessments
Chapter 5 explores vulnerability assessments, covering reconnaissance processes and tools like Nmap, internal scanning, web server information extraction, and SYN flood attacks. It discusses scanning processes, tools, and firewall bypass methods, and explores enumeration of operating systems using tools like NetBIOS Enumerator and Metasploit. It explores the vulnerability management life cycle, discussing its stages and key facts.The chapter then moves on to vulnerability reporting, discussing the process of validating vulnerabilities and reporting best practices. The chapter concludes with a focus on classifying vulnerability information, covering the vulnerability management life cycle, vulnerability reporting and validation, best practices, key performance indicators, action plans, and inhibitors to vulnerability remediation.
Chapter 6: Network Security
Chapter 6 provides a comprehensive exploration of network security, discussing security monitoring, wireless security, web server security, SQL injection, and sniffing. It covers intrusion detection systems, prevention methods, and web server attacks, including session hijacking and cross-site scripting vulnerabilities. The chapter also explores wireless hacking, detecting rogue devices, and discovering hidden networks. It delves into SQL injection exploitation and detection, network traffic analysis, DoSand DDoS attacks, and their countermeasures. The chapter concludes with a discussion on industrial computer systems.
Chapter 7: Host Based Attacks
Chapter 7 instructs students on host-based attacks, covering device security, unauthorized changes, malware, command and control, social engineering, scripting and programming, and application vulnerabilities. It discusses device hardening, data encryption, disk wiping, forensic drive imaging, privilege escalation, malicious processes, user account control, and malware countermeasures. It also explores URL blocking, malware analysis, signs of malware infection, memory dump analysis, mobile device attacks, beaconing intrusion, DNS tunneling, phishing, URL obfuscation, and the Social EngineerToolkit. The chapter further covers scripting languages, the SoftwareDevelopment Life Cycle (SDLC), secure coding practices, reverse engineering, and overflow attacks. It concludes with application vulnerabilities and provides mitigation strategies checklists.
Chapter 8: Security Management
Chapter 8 delves into Security Management, focusing on SecurityInformation and Event Management (SIEM), Security Orchestration, Automation, and Response (SOAR), and the exploration of abnormal activity. It provides an overview of SIEM, discussing its use and evaluation through tools like SecurityOnion v2 – Hunter and Kibana. The chapter then explores SOAR, discussing automation technologies, DevSecOps, workflow orchestration, and the SecurityContent Automation Protocol. It also covers the detection and response to abnormal activity, discussing endpoint detection and response, identifying malicious activity through analysis, interpreting suspicious commands, suspicious protocol and port usage, and application-related indicators of compromise.
Chapter 9: Post-Attack
Chapter 9 focuses on post-attack procedures, incident response, and post-incident activities. It begins with containment strategies, eradication methods, and recovery processes. It then delves into incident response, discussing training, testing, preparation, detection, and analysis.The chapter also covers the components of an incident response plan, triage, stakeholder communication, and reporting requirements. It concludes with post-incident activities, discussing lessons learned, legal process requirements, incident summary reports, business continuity, disaster recovery, and digital forensics.
Chapter 2: Vulnerability Response, Handling, and Management
Standards and Frameworks
- Regulations and Standards
- Policy and Governance
- Industry Standard Publishers
- Attack Frameworks
- Exploring the Kill Chain
- MITRE ATT&CK Framework
- Diamond Model of Intrusion Analysis
- Open-Source Security Testing Methodology Manual
Risk Management
- Risk Management Principles
- Applying the Appropriate Risk Strategies
- Threat Modeling
Security Controls
- Security Control Categories and Types
- Physical Security Countermeasures
Attack Surfaces
- Managing Attack Surfaces
- Security Appliance
- Captive Portals
- Vulnerable Bluetooth Devices
- Securing Mobile Devices
Patch Management
- Software Patching and Host Protections
- Configuration Management
- Configure Password Policies
- Manage Certificates
- Maintenance Windows
Chapter 3: Threat Intelligence and Threat Hunting
Threat Actors
- Threat Actor Types
- Threat Classifications
- Developing a Network Threat Model
- Tactics, Techniques, and Procedures
Threat Intelligence
- Open-Source Intelligence (OSINT)
- Reconnaissance with TheHarvester
- Reconnaissance with Nmap
- Threat Intelligence Types
- Information Sharing and Analysis Centers(ISACs)
- Threat Intelligence Sharing
- Performing Threat Intelligence
Threat Hunting
- Manage User Rights
- Threat Hunting Overview
- Analyzing Indicators of Compromise (IoC)
- Threat Research
Honeypots
- Evade Honeypots
- Anti-Malware Software
- Detect Malicious Network Traffic with aHoneypot
- Scan for Open Ports with Netstat
- Track Port Usage with TCPView
Chapter 4: System andNetwork Architecture
Operating System Concepts
- Analyzing Network Infrastructures
- View Windows Services
- View Linux Services
- System Hardening and Configuration Files
- Scanning and Terminating Processes
Network Architecture
- Virtualization Management
- Cloud Computing
- Serverless Computing
- Network Architectures
- Software Defined Networking (SDN)
- Zero Trust Architectures
Identity and Access Management (IAM)
- Federation
- Service-Oriented Architectures
- Authentication Mechanisms Facts
- Cloud Access Security Broker
Data Protection
- Data Loss Prevention (DLP)
- Risk Identification Process
- Public Key Infrastructure (PKI)
Logging
- Log Review
- Configure Centralized Logging with Cisco Devices
- Use pfSense to Log Events
- Evaluate Event Logs in pfSense
- Configure Collector-Initiated Subscriptions
- Configure Source-Initiated Subscriptions
- Log Events with Event Viewer
Chapter 5:Vulnerability Assessments
Reconnaissance
- Reconnaissance Processes
- Reconnaissance Tools
- Perform a Scan with Nmap
- Perform a Scan with Nmap Scripts
- NMAP Fingerprint
- Scan for IoT with Nmap
- Using NMAP Scripts
- Disable DNS Zone Transfers
- Perform an Internal Scan with Nmap
- Extract Web Server Information
- Detect Promiscuous Mode
- Perform a SYN Flood
- Disable IIS Banner Broadcasting
Scanning
- Scanning Overview
- Scanning Process
- Scanning Tools
- Scanning Considerations
- Configure a Perimeter Firewall
- Avoid Firewall Detection
- Bypass Windows Firewall with Metasploit
Enumeration
- Enumerate Operating Systems
- Vulnerability Analysis
- Enumerate Windows
- Enumerate a Linux System
- Enumerate with NetBIOS Enumerator
- Enumerate with SoftPerfect
- Enumerate with Metasploit
Vulnerability Assessments
- Vulnerability Assessment Tools
- Vulnerability Scan Analysis
- Configure a Nessus Scan
- Analyze Scan Results from a Nessus Report
- Inspect HTTP Requests with Tamper Data
- Navigate the DVWA Website
- Test a Web Application with Burp Suite
Vulnerability Scoring Systems
- Vulnerability Scoring Systems
- CVSS Scoring Considerations
Classifying Vulnerability Information
- Storage Spaces Direct
- Vulnerability Management Life Cycle
- Vulnerability Reporting Overview
- Validating Vulnerabilities
- Vulnerability Management Reporting
- Vulnerability Report Best Practices
- Key Performance Indicators
- Action Plans
- Action Plan Outcomes
- Inhibitors to Vulnerability Remediation
Chapter 6: NetworkSecurity
Security Monitoring
- Security Monitoring
- Segmentation
- Intrusion Detection System (IDS)
- Evade IDS
- Intrusion Detection and Prevention with Snort
- Intrusion Detection and Prevention with Suricata
Wireless Security
- Wireless Hacking
- Detect a Rogue Device
Web Server Security
- Web Server Attacks
- Scan a Website with Acunetix
- Web Application Hacking
- Web Application Countermeasures
- Set Up a Web Session Hijack
- Exploit Cross-Site ScriptingVulnerabilities
SQL Injection
- SQL Injection Attack Types
- Exploit SQL on a Web Page
- Find SQL Injection Flaws with sqlmap
- Hidden Field Manipulation Attacks
Sniffing
- Sniff Network Traffic with Wireshark
- Sniff Network Traffic with TShark
- Capture Traffic with TCPDump
- Use SMAC to Spoof MAC Addresses
- Poison ARP
- Poison DNS
Authentication Attacks
- Identity and Access Management Threats
- Client-Side and Network Attacks
- Perform aMan-in-the-Middle DHCP Attack
Cloud Security
- Use ScoutSuite to Analyze a CloudInfrastructure
- Data Exfiltration
- Google Hacking for Office Documents
Email Security
- Email Analysis
- Email Message Internet Header Analysis
Denial of Service Attacks
- DoS Attack
- DoS Countermeasures
- DDoS Attack Types
- Signs of a DDoS Attack
- Launch a DoS and DDoS Attack
Industrial Computer Systems
- Controller Systems
Chapter 7: Host Based Attacks
Device Security
- Device Hardening
- Verify MD5 Hash Integrity
- Create a Forensic Drive Image with FTK
- Create a Forensic Drive Image with Guymager
- Create a Forensic Drive Image with DC3DD
- Examine a Forensic Drive Image with Autopsy
- Change File Permissions with icacls
- Encrypt Data
- Encrypt a Hard Disk
- Wipe Disk Space
- Wipe an Entire Disk with Darik’s Nuke
- Recover Deleted Files with Recuva
Unauthorized Changes
- Privilege Escalation in Windows
- Unauthorized Changes
- Malicious Processes
- Use Bootable Media to Modify User Accounts
- Crack the SAM Database
- Change a Windows Password
- Configure User Account Control
- Use Fail2Ban
- Escalate Privileges with Curl
- Explore Privilege Creep
Malware
- Windows Server Migration
- Use Windows Defender Application Control
- Set Up URL Blocking
- Malware Analysis
- Signs of Malware Infection
- Search Memory Dump for Malware
- Create a Virus
- Create a HTTP Trojan
- Use ProRat to Create a Trojan
- Mobile Device Attacks
Command and Control
- Beaconing Intrusion
- Create a DNS Tunnelwith dnscat2
Social Engineering
- Social Engineering Overview
- Social Engineering Motivation
- Social Engineering Techniques
- URL Obfuscation Techniques
- Phishing and Internet-Based Techniques
- Use the Social Engineer Toolkit
Scripting and Programming
- Programming and Scripting Overview
- Shell Scripting Commands
- Bash Shell Variables and Loops
- Metacharacters, Quotes, and Redirection
- Windows PowerShell
- JavaScript Object Notation (JSON)
- Extensible Markup Language (XML)
- Additional Scripting Tools
- Software Development Life Cycle (SDLC) Integration
- Assessment and Coding Practices
- Reverse Engineering
Application Vulnerabilities
- Overflow Attacks
- Application Attack Mitigation Checklists
Chapter 8: SecurityManagement
Security Information and Event Management (SIEM)
- SIEM Review
- Use Security Onion v2 – Hunter
- Use Security Onion v2 – Kibana
Security Orchestration, Automation, andResponse (SOAR)
- Automation Overview
- SOAR Facts
- DevSecOps
- Workflow Orchestration
- Automation Technologies
- Security Content Automation Protocol
Exploring Abnormal Activity
- Abnormal Activity
- Endpoint Detection and Response
- Identifying Malicious Activity
- Interpreting Suspicious Commands
- Suspicious Protocol and Port Usage
- Application-RelatedIndicators of Compromise
Chapter 9: Post-Attack
Containment
- Containment
- Eradication
- Recovery
Incident Response
- Incident Response Training and Testing
- Incident Response Overview
- Incident Response Preparation
- Incident Response Plan Components
- Triage and Incident Response
- Stakeholder Communication
- Reporting Requirements
- Detection and Analysis
Post-Incident Activities
- Lessons Learned
- Legal Process Requirement
- Incident Summary Report
- Business Continuity and Disaster Recovery
- Digital Forensics