Training Video Course

SY0-601: CompTIA Security+ 2021

PDFs and exam guides are not so efficient, right? Prepare for your CompTIA examination with our training course. The SY0-601 course contains a complete batch of videos that will provide you with profound and thorough knowledge related to CompTIA certification exam. Pass the CompTIA SY0-601 test with flying colors.

Rating
4.36rating
Students
91
Duration
23:58:00 h
$16.49
$14.99

Curriculum for SY0-601 Certification Video Course

Name of Video Time
Play Video: SY0-501 vs. SY0-601
1. SY0-501 vs. SY0-601
1:00
Play Video: Exam Information
2. Exam Information
6:00
Play Video: Building a lab
3. Building a lab
8:00
Name of Video Time
Play Video: CIA Triade
1. CIA Triade
5:00
Play Video: IAAA
2. IAAA
5:00
Play Video: Basic security controls
3. Basic security controls
2:00
Name of Video Time
Play Video: Phishing, Smishing, Vishing, Spear phishing, Whaling
1. Phishing, Smishing, Vishing, Spear phishing, Whaling
11:00
Play Video: Dumpster diving and Shoulder surfing
2. Dumpster diving and Shoulder surfing
5:00
Play Video: Eliciting information and the principles of social engineering
3. Eliciting information and the principles of social engineering
9:00
Play Video: Pharming
4. Pharming
7:00
Play Video: Spam
5. Spam
4:00
Play Video: Tailgating
6. Tailgating
3:00
Play Video: Other types Social Engineer techniques
7. Other types Social Engineer techniques
15:00
Name of Video Time
Play Video: Introduction to Malware
1. Introduction to Malware
2:00
Play Video: Ransomeware and Cryptomalware
2. Ransomeware and Cryptomalware
7:00
Play Video: Trojans and RAT's
3. Trojans and RAT's
6:00
Play Video: Bot and Command and control
4. Bot and Command and control
4:00
Play Video: Fileless Virus, Logic bombs, spyware, rootkit, backdoor
5. Fileless Virus, Logic bombs, spyware, rootkit, backdoor
5:00
Play Video: Adversarial artificial intelligence (AI)
6. Adversarial artificial intelligence (AI)
6:00
Play Video: Malicious USB cables, drives and Card Cloning
7. Malicious USB cables, drives and Card Cloning
4:00
Play Video: Supply chain attacks
8. Supply chain attacks
4:00
Play Video: Keyloggers
9. Keyloggers
16:00
Play Video: How passwords are stored
10. How passwords are stored
5:00
Play Video: Using hashcat to crack passwords
11. Using hashcat to crack passwords
7:00
Play Video: Using a brute force and rainbow tables to attack passwords
12. Using a brute force and rainbow tables to attack passwords
11:00
Name of Video Time
Play Video: Privilege escalation, (SSL) stripping, Pass the hash
1. Privilege escalation, (SSL) stripping, Pass the hash
11:00
Play Video: Cross-site scripting (XSS) and Injections
2. Cross-site scripting (XSS) and Injections
16:00
Play Video: Pointer Dereference, directory traversal, buffer overflows, and tocttou
3. Pointer Dereference, directory traversal, buffer overflows, and tocttou
12:00
Play Video: Replay attacks
4. Replay attacks
4:00
Play Video: Request forgeries
5. Request forgeries
9:00
Play Video: API Attacks
6. API Attacks
7:00
Play Video: Driver manipulation
7. Driver manipulation
5:00
Play Video: Integer overflow, Resource exhaustion, Memory leak
8. Integer overflow, Resource exhaustion, Memory leak
6:00
Name of Video Time
Play Video: Evil Twin and Rouge Access Point
1. Evil Twin and Rouge Access Point
6:00
Play Video: Bluesnarfing and Bluejacking
2. Bluesnarfing and Bluejacking
3:00
Play Video: Cracking WEP
3. Cracking WEP
10:00
Play Video: Disassociation and Jamming
4. Disassociation and Jamming
7:00
Play Video: Man in the Middle, browser, and APR Poisoning
5. Man in the Middle, browser, and APR Poisoning
19:00
Play Video: IV, RFID, NFC Attacks
6. IV, RFID, NFC Attacks
6:00
Play Video: MAC Flooding and Cloning
7. MAC Flooding and Cloning
6:00
Play Video: DDOS Attacks
8. DDOS Attacks
8:00
Play Video: Malicious Code
9. Malicious Code
4:00
Name of Video Time
Play Video: Actors and threats
1. Actors and threats
13:00
Play Video: Threat intelligence sources
2. Threat intelligence sources
17:00
Play Video: Research sources
3. Research sources
11:00
Name of Video Time
Play Video: Cloud-based vs. on-premises, Zero Day
1. Cloud-based vs. on-premises, Zero Day
10:00
Play Video: Weak configurations
2. Weak configurations
9:00
Play Video: Third-party risks, Improper or weak patch, legacy platforms
3. Third-party risks, Improper or weak patch, legacy platforms
10:00
Play Video: Impacts
4. Impacts
6:00
Name of Video Time
Play Video: Threat hunting
1. Threat hunting
4:00
Play Video: Vulnerability scans
2. Vulnerability scans
18:00
Play Video: SIEM and SOAR
3. SIEM and SOAR
13:00
Name of Video Time
Play Video: Penetration testing
1. Penetration testing
14:00
Play Video: Passive and active reconnaissance
2. Passive and active reconnaissance
4:00
Play Video: Exercise types
3. Exercise types
4:00
Name of Video Time
Play Video: Configuration management
1. Configuration management
12:00
Play Video: Data Sovereignty and Protection
2. Data Sovereignty and Protection
12:00
Play Video: Other Security Consideration
3. Other Security Consideration
13:00
Play Video: Site Resiliency, Hot, Warm, Cold
4. Site Resiliency, Hot, Warm, Cold
6:00
Play Video: Deception and disruption
5. Deception and disruption
6:00
Name of Video Time
Play Video: IaaS
1. IaaS
11:00
Play Video: PaaS
2. PaaS
5:00
Play Video: SaaS, XaaS
3. SaaS, XaaS
5:00
Play Video: Cloud Deployment
4. Cloud Deployment
2:00
Play Video: Cloud Application terms
5. Cloud Application terms
21:00
Play Video: IaC
6. IaC
13:00
Play Video: Virtualization Issues
7. Virtualization Issues
5:00
Name of Video Time
Play Video: Software Development Environment
1. Software Development Environment
3:00
Play Video: Secure Coding Techniques
2. Secure Coding Techniques
19:00
Play Video: DevOps and Automation
3. DevOps and Automation
9:00
Name of Video Time
Play Video: Authentication methods
1. Authentication methods
11:00
Play Video: Biometrics
2. Biometrics
9:00
Play Video: MFA
3. MFA
5:00
Play Video: Authentication, authorization, and accounting
4. Authentication, authorization, and accounting
3:00
Name of Video Time
Play Video: Redundancy
1. Redundancy
9:00
Play Video: Replication and storages
2. Replication and storages
9:00
Play Video: Backup Types
3. Backup Types
14:00
Play Video: Non-persistence, high availability, diversity
4. Non-persistence, high availability, diversity
6:00
Play Video: RAID
5. RAID
16:00
Name of Video Time
Play Video: Embedded Systems
1. Embedded Systems
4:00
Play Video: Industrial control system
2. Industrial control system
4:00
Play Video: IoT
3. IoT
4:00
Play Video: IoT Communication and considerations
4. IoT Communication and considerations
7:00
Name of Video Time
Play Video: Physical Security Controls
1. Physical Security Controls
9:00
Play Video: Other physical security controls
2. Other physical security controls
7:00
Play Video: Locks and Fencings
3. Locks and Fencings
7:00
Play Video: Fire Suppression
4. Fire Suppression
3:00
Play Video: Secure data destruction
5. Secure data destruction
6:00
Name of Video Time
Play Video: Introduction to cryptography
1. Introduction to cryptography
4:00
Play Video: Goals of cryptography
2. Goals of cryptography
6:00
Play Video: Algorithm and Keys
3. Algorithm and Keys
20:00
Play Video: Block and stream ciphers
4. Block and stream ciphers
4:00
Play Video: Symmetric Ciphers
5. Symmetric Ciphers
9:00
Play Video: Asymmetric Ciphers
6. Asymmetric Ciphers
10:00
Play Video: Hashing
7. Hashing
13:00
Play Video: Hybrid cryptography
8. Hybrid cryptography
9:00
Play Video: Digital signatures
9. Digital signatures
6:00
Play Video: Block Chain
10. Block Chain
7:00
Play Video: Steganography
11. Steganography
8:00
Play Video: Key stretching
12. Key stretching
2:00
Play Video: Salting
13. Salting
6:00
Play Video: Quantum
14. Quantum
3:00
Play Video: Ephemeral, PFS, Homomorphic
15. Ephemeral, PFS, Homomorphic
3:00
Play Video: Cipher Modes
16. Cipher Modes
5:00
Play Video: Lightweight cryptography
17. Lightweight cryptography
3:00
Play Video: Elliptic-curve cryptography
18. Elliptic-curve cryptography
3:00
Play Video: Cipher suites
19. Cipher suites
2:00
Play Video: Common use cases
20. Common use cases
3:00
Play Video: Limitations of encryptions
21. Limitations of encryptions
4:00
Name of Video Time
Play Video: DNSSEC
1. DNSSEC
4:00
Play Video: Email security with S/MIME and PMP
2. Email security with S/MIME and PMP
5:00
Play Video: Installing Wireshark on Windows 10
3. Installing Wireshark on Windows 10
8:00
Play Video: Install and setup an FTP Server and Client
4. Install and setup an FTP Server and Client
10:00
Play Video: Using Wireshark to capture an FTP Password and securing FTP Server
5. Using Wireshark to capture an FTP Password and securing FTP Server
9:00
Play Video: Lightweight Directory Access Protocol Over SSL
6. Lightweight Directory Access Protocol Over SSL
5:00
Play Video: SRPT, FTPS, SFTP, SNMP, IMAP
7. SRPT, FTPS, SFTP, SNMP, IMAP
6:00
Play Video: SSH
8. SSH
5:00
Play Video: VPN and IPSEC
9. VPN and IPSEC
21:00
Play Video: Use Cases for secure protocols
10. Use Cases for secure protocols
5:00
Name of Video Time
Play Video: Endpoint Protection
1. Endpoint Protection
5:00
Play Video: Boot integrity
2. Boot integrity
3:00
Play Video: Databases
3. Databases
2:00
Play Video: Application Security
4. Application Security
10:00
Play Video: Hardening systems
5. Hardening systems
6:00
Play Video: Drive Encryption and sandboxing
6. Drive Encryption and sandboxing
9:00
Name of Video Time
Play Video: Load Balancing
1. Load Balancing
7:00
Play Video: Network segmentation
2. Network segmentation
7:00
Play Video: How to download and install packet tracer
3. How to download and install packet tracer
9:00
Play Video: VLAN's and Port Security
4. VLAN's and Port Security
18:00
Play Video: Firewalls
5. Firewalls
13:00
Play Video: Configuring firewall rules
6. Configuring firewall rules
11:00
Play Video: Jump and Proxy servers
7. Jump and Proxy servers
4:00
Play Video: IDS and IPS
8. IDS and IPS
9:00
Play Video: Other network secure concepts
9. Other network secure concepts
8:00
Name of Video Time
Play Video: Wireless Security
1. Wireless Security
17:00
Play Video: Wireless Installation Considerations
2. Wireless Installation Considerations
5:00
Name of Video Time
Play Video: Mobile Connection methods and receivers
1. Mobile Connection methods and receivers
3:00
Play Video: Mobile device management (MDM)
2. Mobile device management (MDM)
5:00
Play Video: UEM and MAM
3. UEM and MAM
4:00
Play Video: Enforcement and monitoring of mobile devices
4. Enforcement and monitoring of mobile devices
7:00
Play Video: Mobile Deployment Models
5. Mobile Deployment Models
4:00
Name of Video Time
Play Video: Cloud Solutions controls
1. Cloud Solutions controls
3:00
Play Video: Cloud Network and computing
2. Cloud Network and computing
5:00
Play Video: Cloud Security terms
3. Cloud Security terms
7:00
Name of Video Time
Play Video: Identity and account types
1. Identity and account types
5:00
Play Video: Account policies
2. Account policies
12:00
Name of Video Time
Play Video: Authentication management
1. Authentication management
4:00
Play Video: Authentication Protocols
2. Authentication Protocols
19:00
Play Video: Access control schemes
3. Access control schemes
14:00
Name of Video Time
Play Video: Introduction to PKI
1. Introduction to PKI
5:00
Play Video: Process of getting a certificate
2. Process of getting a certificate
7:00
Play Video: PKI Setup
3. PKI Setup
16:00
Play Video: Fields on a certificate
4. Fields on a certificate
7:00
Play Video: Certificate formats
5. Certificate formats
2:00
Play Video: Certificate types
6. Certificate types
6:00
Name of Video Time
Play Video: Introductions to commands
1. Introductions to commands
2:00
Play Video: ARP and Route
2. ARP and Route
3:00
Play Video: hping
3. hping
6:00
Play Video: Curl
4. Curl
4:00
Play Video: IP scanner
5. IP scanner
3:00
Play Video: ipconfig, ping, tracert
6. ipconfig, ping, tracert
4:00
Play Video: Linux file manipulation, head, tail, cat
7. Linux file manipulation, head, tail, cat
5:00
Play Video: Log
8. Log
3:00
Play Video: Cuckoo
9. Cuckoo
1:00
Play Video: thehavester
10. thehavester
2:00
Play Video: Nslookup and Dig
11. Nslookup and Dig
2:00
Play Video: tcpdump
12. tcpdump
4:00
Play Video: NetCat
13. NetCat
2:00
Play Video: Sniper
14. Sniper
5:00
Play Video: scanless
15. scanless
2:00
Play Video: nmap
16. nmap
4:00
Play Video: Managing Linux Permissions
17. Managing Linux Permissions
16:00
Play Video: Shell and script environments
18. Shell and script environments
2:00
Play Video: Exploitation frameworks
19. Exploitation frameworks
4:00
Play Video: Forensics tools
20. Forensics tools
7:00
Name of Video Time
Play Video: Incident response process
1. Incident response process
8:00
Play Video: Attack Frameworks
2. Attack Frameworks
5:00
Play Video: Incidents plans and exercises
3. Incidents plans and exercises
6:00
Name of Video Time
Play Video: Log Files
1. Log Files
7:00
Play Video: Capture log files
2. Capture log files
7:00
Name of Video Time
Play Video: Incident mitigation techniques
1. Incident mitigation techniques
8:00
Name of Video Time
Play Video: Documentation and evidence
1. Documentation and evidence
6:00
Name of Video Time
Play Video: Control Types and category
1. Control Types and category
6:00
Name of Video Time
Play Video: Regulations, standards, and legislation
1. Regulations, standards, and legislation
5:00
Play Video: Key frameworks
2. Key frameworks
15:00
Play Video: Secure configuration guides
3. Secure configuration guides
2:00
Name of Video Time
Play Video: Personnel Controls
1. Personnel Controls
15:00
Play Video: Third-party risk management
2. Third-party risk management
6:00
Play Video: Credential and organizations policies
3. Credential and organizations policies
7:00
Name of Video Time
Play Video: Risk types, terms, and Process
1. Risk types, terms, and Process
12:00
Play Video: Risk management strategies
2. Risk management strategies
6:00
Play Video: Risk Assessments
3. Risk Assessments
9:00
Play Video: Business impact analysis
4. Business impact analysis
8:00
Name of Video Time
Play Video: Privacy breaches
1. Privacy breaches
4:00
Play Video: Data types
2. Data types
6:00
Play Video: Privacy technologies and roles
3. Privacy technologies and roles
7:00
Name of Video Time
Play Video: Performance Based Questions Introduction
1. Performance Based Questions Introduction
1:00
Play Video: PBQ - Attack Types and Response
2. PBQ - Attack Types and Response
2:00
Play Video: PBQ - Incident Response
3. PBQ - Incident Response
2:00
Play Video: PBQ - Social Engineering
4. PBQ - Social Engineering
2:00
Play Video: PBQ - Firewalls
5. PBQ - Firewalls
4:00

CompTIA Security+ SY0-601 Exam Dumps, Practice Test Questions

100% Latest & Updated CompTIA Security+ SY0-601 Practice Test Questions, Exam Dumps & Verified Answers!
30 Days Free Updates, Instant Download!

CompTIA SY0-601 Premium Bundle
$54.98
$44.99

SY0-601 Premium Bundle

  • Premium File: 307 Questions & Answers. Last update: Jan 31, 2023
  • Training Course: 201 Video Lectures
  • Latest Questions
  • 100% Accurate Answers
  • Fast Exam Updates

SY0-601 Premium Bundle

CompTIA SY0-601 Premium Bundle
  • Premium File: 307 Questions & Answers. Last update: Jan 31, 2023
  • Training Course: 201 Video Lectures
  • Latest Questions
  • 100% Accurate Answers
  • Fast Exam Updates
$54.98
$44.99

Free SY0-601 Exam Questions & SY0-601 Dumps

File Name Size Votes
File Name
comptia.pass4sureexam.sy0-601.v2022-11-18.by.zoe.215q.vce
Size
1.91 MB
Votes
1
File Name
comptia.examcollection.sy0-601.v2021-12-09.by.isabelle.140q.vce
Size
1.37 MB
Votes
1
File Name
comptia.examlabs.sy0-601.v2021-08-27.by.finley.107q.vce
Size
835.74 KB
Votes
1
File Name
comptia.certkey.sy0-601.v2021-07-30.by.adam.97q.vce
Size
390.13 KB
Votes
1
File Name
comptia.passit4sure.sy0-601.v2021-04-16.by.millie.104q.vce
Size
497.42 KB
Votes
2
File Name
comptia.certkey.sy0-601.v2021-02-19.by.lexi.97q.vce
Size
509.92 KB
Votes
2
File Name
comptia.examlabs.sy0-601.v2021-01-28.by.molly.92q.vce
Size
509.53 KB
Votes
2
File Name
comptia.train4sure.sy0-601.v2020-11-24.by.james.42q.vce
Size
431.29 KB
Votes
2

CompTIA SY0-601 Training Course

Want verified and proven knowledge for CompTIA Security+ 2021? Believe it's easy when you have ExamSnap's CompTIA Security+ 2021 certification video training course by your side which along with our CompTIA SY0-601 Exam Dumps & Practice Test questions provide a complete solution to pass your exam Read More.

1.5 Different threat actors, vectors, and intelligence sources

1. Actors and threats

In this video, we're going to talk about actors' threats and their attributes. So what is this video going to be about? Who are the threats to your network? Like, who are the people that are trying to destroy your network, trying to hack your network? So let's go through some terms that are on your exam. Objectives that you should be familiar with are those that are trying to break your network. The number one term you should know is "Apt." An advanced persistent threat So you may be saying, "Well, who is this apt?" But here in the United States, anapt would be like Russia or China. So, for example, Russia is considering Aptand, and you may be wondering why. Because they're advanced, they're pretty persistent and they're a threat to the United States. So we call these apts. Apts are generally really advanced organisations or government agencies other than yours that they view as a threat. So just remember, for your exam, that apts are generally government threats. Now I will tell you guys this. The most important threat to your organisation is not outsiders. The most important threat to an organisation is actually insiders or insider threats. Insider threats can stem from disgruntled employees or people working in your organisation that's not happy or it's just out to destroy it. Remember, these insider threats already have access to all of the information. They can already cause chaos without trying to break through a firewall or crack someone's password. So keep that in mind. The other term here you should know is what's known as state actors. State actors are basically hackers working for other governments within your country. They're there to create disruptions to infrastructure. Another term that's interesting is "hacktivists." So hacktivists are basically hackers for political causes. So let's say a hacker doesn't like a particular political party or doesn't like a particular policy. They tend to go and hack that particular party, causing chaos within the party, maybe DDoSing their service. So this person would be known as a hacktivist. One term that hackers, in particular, do not like to be called is "crony." And the term you should be familiar with, once again, is called a script. Kitty script kitties are basically wannabe hackers. They're not technological advances. When I started out doing pen testing many years ago, I was a script kiddie. I didn't know any Python programs. I didn't know any Bash programs. In fact, all I did was run other people's scripts. A script kiddie is someone who doesn't know a programming language. They only run other people's scripts. And this is probably not a good thing because they could probably get themselves infected. Script kiddies are considered insulting to really good hackers. The other thing you should know is about criminal syndicates, or mobs Cybercrime is definitely on the rise throughout the world. Organized crime is what's doing it. Now, if you recall from the 1930s, you had Al Capone. Was he around back then or something like that? I'm talking about organised crime, the mafia, and syndicated crimes, right? criminal syndicates Except now they're not doing racketeering and opening up casinos to launder money. Now what they're doing is actually creating malware. A lot of the malware that traverses the world and a lot of the stealing of data againstcompanies in ransomware is actually done by organised crime. Assume it's the same mafia that was selling drugs and racketeering many years ago. They're basically doing computer crime now because that's where the money lies now. So when it comes to hackers, you have a white hat, a black hat, and a grey hat. First of all, a white hat hacker is known as a pen tester. White hat hackers are hackers that have permission. We hack businesses because we get permission to test the boundaries of their network. We'll cover pen testing later in the class. But just remember, pen testers are also known as white hat hackers. You don't want to be a black hat hacker. Black hat hackers are hackers that do it for malicious reasons. You see, the term "hack" actually means just to find vulnerabilities. Black hat hackers are criminals. They basically hack your organisation and hold you hostage. They may hack your organisation and start a ransomware and then say you have to pay them a lot of money to get the decryption keys for that particular ransomware. So black-hat hackers are the bad ones. Then you have another one called "grey hat hackers." Gray hat hackers are basically folks that maybe by day they are a white hat and then at night they're a black hat. So they may work as a pen tester during the day and then use the same pen testing skills to commit crime, such as ransomware, and hold companies hostage at night. Another term that you should be familiar with is something called "shadow it." So in an organization, you're going to have a pretty large IT department, especially if the company is really large. You can have a decently large IT department. And what happens is that sometimes there's another IT department that's not managed by it, called a shadow IT department. Sometimes the shadow IT departments are run by folks that don't have technology skills. It has pros and cons. First of all, it could lead to innovation within the IT department because people have different perspectives and maybe they come up with different ways to improve IT services. But what can happen is that the lack of skills in this shadow IT department, also known as fake IT departments, can create loopholes within the organization, causing the organisation to become more vulnerable. And finally, competitors. Who is going to be the target of threats to your organization? competitors. You work in a particular industry. Let's say you sell widgets. Well, whoever your competitors are, selling widgets is going to be one of the biggest threats to competitors, especially between businesses. Sometimes that's espionage. They send spies to work for each other. They commit sabotage against each other, sabotaging each other's businesses. So one business makes more money than the other. Now the other thing here is the attributes of these actors. There are some attributes of these particular types of actors, like APts hacktivists, different types of black hat or grey hat hackers, criminalsyndicates, script kiddies, and so on. What are the attributes of these particular hackers? Well, number one, the attributes can be either internal or external. Most of your security incidents are going to come from internal security incidents or internal problems. Remember something; people like insider threats within an organisation already have access to your data. All they have to do is basically just commit the crime. They already have access to it. If they want to steal it, they just have to steal it. If they want to manipulate it, change it, delete it, edit it for malicious reasons, they could just do that. External threats are going to be hackers from the outside world and maybe even state-sponsored actors. It is possible that your external competitors will be competitors. Now the level of sophistication among hackers really matters. For example, a script kiddie's level of sophistication and capability to hack you is very low. If you think just by running scripts, other people'sscripts, you're going to get hacker company, you may get away with some, but not all. As a result, your level of sophistication or capability is actually quite low. But if you come across a blackhat hacker or state spa, state actor, these are people that are highly trained. So their level is very high and their capabilities are high, so they could probably hack the hell out of you. Script kiddies and standalone hackers may not have a lot of resources and funding, but appropriate state actors, and even some types of activists, do. Especially criminal syndicates. also organised crime and really, really wants to make money. So they're going to have a lot of resources and a lot of funding to commit this particular crime. And then comes the intent and the motivation. So intent and motivation are important. Now you have to ask yourself, why are they doing this? What is the intent? What motivates them? Generally, it's going to come down to a couple of reasons. Number one, money. They're going to hack you to acquire money.Criminal syndicates, for example, or organised crime. Certain types of black hat hackers will actually hack you. The intent is to extort money out of you. This whole concept of ransomware is very popular now and billions of dollars are being lost because of it. Why? The intent, or the motivation, is to acquire money. The other thing that you're going to find is just pure maliciousness. And they're not actually hacking you for money; they're hacking you because they find enjoyment in watching other people suffer. There are certain people in this world whose objective is to find happiness in the misery of others. Think of hackers that write programmes that just delete your operating system, corrupt your files, and send them out. They get absolutely no money back from this.

The only thing they're getting back from this is the misery of you. So, when it comes to apt, their motivation and intent are to bring down that government or create havoc within that government in order to witness the demise of that particular country. Now, the other part of this video we're going to talk about is what's known as the vectors. How would these threats get into you? Well, there are a few ways. First of all, Direct Access Insider Threathas direct access to your information. Spies operating between competitors. I'm going to be a competitor with you. I'm going to spy on your organization. I'm going to have direct access to your information. The other thing is called "wireless." So you've got people standing outside your network scanning the wireless airways, confining your wireless network. If you have a poor passcode on it or you're using things like WDP, which is crackable, they'll be able to crack into your network, steal your data, and even corrupt your information. Email Now, email is without a doubt the best way to steal information or get malware into a business. You can also steal information from the emails and documents. Now let me explain.

The number one way to send malware to an organisation is through phishing attempts. And, as we discussed earlier in this class, phishing attempts are likely the best way to get actual data to people, particularly malicious payloads. Send someone an email with some kind of link. If you craft it right, if you know what you're saying, if they trust it, if you spoof the email address, they will actually click the link and you'll be able to get the payload in. The other thing is the supply chain. This is a newer vector that is getting exploited a lot more. Let's not say newer, let's just say it's getting exploited a lot more. Now what they're doing is they're infecting the different supply chains that organisations are using to build components in order to get malicious software into that particular business. Another way they can do social media, social media and promotion For example, state actors may create fake news and push it throughout social media, thus creating havoc within a particular country. Another thing they can do now is they have USB sticks, removable media, and they have USB sticks that contain malicious software on them. You plug it in and it affects your machine and allows people to control your machine. So this should be another vector. And the last one here is Cloud. The cloud is a good vector because a lot of organisations already store their data in the cloud. So using this as a vector to attack you, for example, because purchasing cloud services and getting a lot of cloud servers can then be used by DDoSattack in order to attack your company. Your company is down. Okay, in this video, we covered a lot of stuff, right? We talked with different actors and threats, the attributes of these actors, and the vectors that they may come after you with.

2. Threat intelligence sources

In this video we're going to talk about threat intelligence sources. So where would you get information that you could use in order to help identify threats to your organization? Also, this can be used in an ethical hack way or in a pen testing way. How would you get information about businesses and use it to pentest a business? Of course, this can also be used by hackers and bad guys in order to commit crimes or find out information about a company. So in this video, what I'm going to becover are these threat intelligence sources. These sources we can go to to get information about threats that are out there, to get information about businesses and people, and stuff like that. They have a footprint in them. So we've got a lot to go through in this video, a lot of different things.

There's a lot of different links in this video that I'm going to be going through different sources for threat intelligence sources and I'm going to be sharing them with you. Don't forget to check the description in the video to get all the different links about it. So let's get started on this particular one. So let's go here to my desktop because I have a lot of notes here for us. So the first term you're going to need to know is Osync. This is an acronym for open source. Open source intelligence. Open source intelligence is basically using public information in order to footprint or to gain information about whether it's a threat or a victim. Because you're an ethical hacker, it's going to be about using public information to gather data about businesses, to gather data about threats, and to gather data to do your pen testing. This is one of the best websites for this, and I can't tell you how this is a gossip. I use it so much when I'm doing footprinting for an organisation to do a pen test on visiocentframework.com. I have a link here to it. So I'm going to click this and let's take a look at what this is. Now this basically combines and gives you links to all of the different public data when it comes to doing intelligence work or finding information about businesses and stuff like that. About businesses So let's take a look. For example, if I want to look at domain names, I'm going to click on this. Then it gives me all the different tools that I can do. So maybe I want to find information about domain blacklists.

So I would click that. Then it would give me some different websites that I could check out for that. If I want to do a discovery scan, it will tell me different websites I can use for that. If I want to take a look at subdomains, it will tell me different websites that I can go to for that. And by clicking on these things, this can just keep going on and on, like finding subdomains. It could take me to where I can find subdomains of different people or different websites. Now I'm not going to click on a lot of these things because sometimes they take you to different links. That is probably not appropriate for me to show you. For example, if you wanted to look up telephone numbers, you can go here and it gives you different websites that can give you that type of information. Spy dial, that's what that is. Use free phone numbers and addresses to search for people. So interesting on that one. So this here really allows you to refresh it quickly. You always have to do a quick refresh of this. Now I could go on and on and show you so many different tools. Please, after this video, go here and check out this website, Osinkframework.com. Check it out. You're going to be on here for hours. All right, trust me on this. For hours, you're going to find so much information about so much stuff. Okay, so that's the first one we're taking a look at. The next term here we should understand is proprietary software. So just keep in mind about something. When a software is set to be closed-source or proprietary, it means that the source code is not available to the users.

The opposite of closed proprietary software is open source software, where the sourcecode is available to users. Now, Windows is proprietary software. Now what that means is that we can't see the source code. So, any threats that affect this particular operating system can only be fixed by Microsoft. Since we don't have the source code, we can't fix it and recompile it to fix Windows. Okay, the other thing here is that we have our vulnerability databases. A vulnerability database is generally a database of vulnerabilities that are out there that can affect your organization. If I have one here, click on this link. This is called this particular one, the National Vulnerability Database. This is maintained by NIST (andnotice it's NVD NIST gov here). Now this is going to maintain some of the most recent vulnerabilities that are out there and it's going to give you a score on these particular vulnerabilities. So the last 20 scored vulnerabilities and summaries are what it's showing. You can explore this thing like crazy. There's so much information hereabout different vulnerabilities that are out there. So here we go with releases of different maps. This gives you a scoring system. So, for example, they're saying that this particular thing we're going to talk about comes up later in the class, right? We're going to talk about common vulnerabilities and exposures. As a security person, you need to know what that is. We'll talk about that coming up later in the class, and they're giving you a score on it. So like this particular one is a Windows remote access, elevation of privilege, vulnerability. And this one is pretty high up there. So it's a 7.8, which is the current vulnerability scoring system on it. It's very interesting stuff. Check this out.

Okay, the other thing you were looking for is public-private information sharing centers. Now there's two things here. Let's take a look at what this is. So the public-private information sharing centers, well, these are basically sharing centres between organisations and government entities. Government entities gather information about threats that are out there and newer or emerging threats that are out there. We have to have a place to share this information. So, for example, if my organisation finds out about a new threat that is out there, do I just keep it to myself? No, I'm going to share it with different centers. right? And there are a whole bunch of these centres that are out there. Now, this here is the CISSA gov. This is a cybersecurity infrastructure security agency as part of the government here. And they have information about these particular sharing centres that are out there. I gave you guys a link here. You guys can check this out. Here's one of the centres that I gave you a link to. Now remember, with these links, you're just exploring them, right? You don't need to be a master in any of this for your exam. All it's doing is that they just want you to know that these things exist. Okay? Again, don't go and spend hours and hours studying for your exams. Just know that these things exist. That's all it is. Here's a term that a lot of people have heard of, something called the dark Web. So what is that? Well, first of all, the dark web is a small part of the deep web. Now, what exactly is the deep Web? The deep well, the deep web, is a part of the Internet that is not indexed by any search engine such as Google. So there's no index. You can't find it. You can't go to Google and find webpages that are on the deep web. The dark web is now primarily used for illegal activity. And this is going to be trading illegal files, trading up like child pornography. Now what they do is in order to connect to these networks, you're going to have to have things like Tor or another one called I two P.Basically, an invisible network is used to access these dark nets. Now, one famous thing that I want to mention is something called Tor.

Tor is used not just for accessing the dark web but also by people using it to anonymize themselves. In other words, when you're surfing the internet and you want to be anonymous, you can use Tor. So I'm going to show you guys here how to download Tor. It's famous for the Tor browser, and a lot of people have this on their computers, and Tor basically anonymizes you. So when you go out and you're looking for things, you use the Tor browser. Now, I have it installed on this computer. Here's the Tor browser. You could download this. I've downloaded this and I've installed it, and I'll show you what I mean. So look, it's starting up in the Tor network, and it looks like a normal browser. So if I go to Google, the thing is that sometimes it's very slow. So Tor goes through a series of proxies, and what it does is that it hides your IP address. So I'm here in New York City. Now, let's see. I don't even know where I am because I'm in this Tor hidden network. So I don't know where I am. So Tor put me through a variety of different servers throughout the network. So I have to select English there, and I don't know where I am. So I'm going to type what my IP is. And let's see where I am right now. Okay, so it wants me to know I have to be careful when doing this. This computer has nothing on it. Raise a crosswalk. There is a crosswalk. I hope the computer might not be sent. Okay, so this year, let's see if it will do a search here for me.

No, it does not. So the Tor network, sometimes it's a little tricky to use it correctly. So I'm going to try to use the Tor network and see if I can get this thing here to work. unusual traffic from your computer's network. This page, Google of itself, is detected. There's something unusual with my network. So you know what? Let's try Yahoo! It's always fun to use our network. Before I did this video, I tried this. This didn't happen. Okay, so it's telling me something here is going on. And let me see what I get here. Okay, so what is my IP address? So I'm going to go here. So again, I'm still in the Tor browser. It says I'm in Australia. Obviously, I'm not. I don't even know what I'm looking at; it's putting me on some ISP. It knows it's some kind of network sharing device. It's got me. This is not my IP address. This is just going through the term browser. If you close it and reopen it, you might even get a different IP address. Notice Google was like, "Hey, man, I don't know who you are." So why do we use this? Why are we using Tor? Let me close this out. So the Tor browser, or the Tor network, is used to anonymize yourself, and it is not used to look for illegal things like illegal software. It is used in indifferent countries where people are suppressed. They can use it to get out of the country with a different IP address.

Okay, moving on. Here the next thing we have is what's known as indicators of compromise. So what exactly is that indicator of compromise? It is basically part of the forensics data. This is going to be like log files orlogging through the files themselves that can indicate that a system or network has been maliciously compromised. So this is when you go through the logfiles on a computer or system and you start to find that these systems have been compromised. Maybe because you're looking at log files and you're seeing that it has weird IP addresses like from Australia showing up in system log files or outgoing traffic on an anetwork when you know this person was in New York. OK, the other one here we're going to talk about is the automated indicator share, in particular your examination, something called "Structured Threat Information Expression," trusted automated exchange of indicator information, or taxitaxii. Now this here is the exchange of cyber threat indicators. So there is a website for this one also. And basically, this is an automated sharing of threat information. That's all this is. We have to exchange information with cyberthreats as their current in automated fashion. We shouldn't have to wait for threat information to circulate throughout the entire globe before organisations are alerted or government agencies are alerted of potential threats that are out there. So there's a link here for this and also the automated indicator sharing. So we want to exchange cyberthreat information between the federal government and private sector machine speech. So as threat information as threat indicators are taking place, maybe there's a new type of Dos attack or some kind of new crypto malware that is out there.

We want to be able to indicate whether it's government agencies or public companies as quickly as possible in automated real time. In other words, So we need to have a system for this, and this is what this is. OK, the next thing here is something called predictive analysis. Predictive analysis refers to statistical techniques from data mining and machine learning that analyse data to make threats predictions. So what this means is that predictive analysis is going through different data within a system to determine if there is a threat taking place. Now this is important because of zero-day vulnerabilities. A zero-day vulnerability is when a threat comes and there is no permanent fix for it, there is no patch for it. And what happens if the system has to determine if it's a real threat or not? So predictive analysis can make a prediction that this is actually a valid threat and stop the threat before it proceeds. The next one we have is something called threat maps. Now I have shown you one of these before, and this is basically when I think we did the DDoS video. I showed you one of these threat maps, which basically show you youth threats in real time as they occur. I think I'd show you one. The one from Checkpoint. Here's the one from FireEye. And FireEye is a maker of ID systems and so on. maker of security software. And here's their version of it. I like the Checkpoint one. That one was pretty good. The Checkpoint system, so it's showing you threats as they're happening in particular in real time.

And you can also use the ones from checkpoints. Just go to Google and type in "threat maps" and you'll see them. Okay? And finally, file code repositories. code repositories, where source codes for programmes are archived in an ordered way. Code repositories are where programmers basically store codes. For example, GitHub is a famous place to store codes. And also, GitHub is where we can share codes. So this becomes a way of transferring information about different threats that are out there. Okay, so quite a lot looking atquite a lot of different ways there. Now I will push you guys to please follow up with the links here. I didn't want to go into depth on all these links. You don't need to know it for your exam in-depth with all those links or all these things. Just understand what they are. But as your security career progresses, you're going to want to know these things. So you're going to want to know these things, especially if you work in organizations or big businesses. Your security career is progressing. Things like knowing threat maps, things like knowing the automated indicator, sharing that Osak framework. Amazing. You guys have got to try that out. Things like knowing these types of things really help you to keep your organisation secure.

3. Research sources

In this video, I'm going to be going over some research sources that you can use to research different threats that can affect your organization. So let's talk about this. You're a security person. You're working as a security professional in an organisation and your job is to secure them. But part of working in security is knowing who your threats are and what vulnerabilities are out there. So you have to now know, OK, where do I look, where do I find all these different threats or vulnerabilities that can affect my organization? So I have a list of things here that we can take a look at, and this comes right off of your exam, so we should know about them.

And I've got a few links here, so you guys can check out the links. They'll be in the description of this video also. All right, so let's take a look at this. Right, so you're doing research on the different vulnerabilities that are out there. Let's take a look. So the first place to look when it comes to research and threats to your organisation or finding vulnerabilities is vendor websites. All right, that's one of the first places you can look. And depending on the technology that you're using, all vendors are going to publish different threats or vulnerabilities to different technologies or software that they created. Like, Cisco is going to have a part of their website that's going to show all vulnerabilities to certain devices or software that they have.

So this is Microsoft and I have a link from even a small company like Asus, which is not that small compared to some of the big technology companies they are. And I have a link here, and I'll show you what I mean. And again, you could find this on any vendor's web page. You just have to look for it. They'll tell you, they'll show you their security advisory or security issues, and they'll say, hey, download this to fix this. So take, for example, if I go down here, notice the latest security updates that they're telling you. They're telling you that these were security issues and they're telling you how to fix it and problems that you may encounter in there. But you notice this thing keeps popping up called CVE. All right, so we'll come down in a minute. Vulnerability feeds the next one. So do we have a list of current vulnerabilities that we can keep an eye on? Imagine something pops up that says, "Here's the latest vulnerability." You say, "Oh, that can affect my organization." One of those is here, metric, which is maintained by something called the common vulnerabilities and exposure database. And now I'd like to discuss CVE. You need to know CVE for your exam. So what exactly is it? Let me just go to it and then we'll come back to that data feed. So I just clicked on this here. It takes me to the CVE metrimitri.org index. So this is the most updated list of vulnerabilities for technology products right now. Basically, this is maintained by the Department of Homeland Security and the Cybersecurity Infrastructure Security Agency, United States Federal Government. Here.

And what this means is that as vulnerabilities for various technologies become public, They're posted here and they're giving you descriptions of them, and they're giving you ways to fix them, with links back to the vendor. So this is the feed right here. Notice the latest entries that are coming in. This thing is going to be serious. Like 2 hours ago, they had... I don't even know what these are. Some kind of reflective cross-site scripting I don't know what that is. X on IPS. I really don't know what that is. Maybe some network protection systems—I'm not sure what that is. But the technologies are all listed here. So you can find different technologies that are here and you can even search for them. So you would go in here and you could search the CVE for different technologies. You can go in here and use whatever technology that you were using. I was looking for Palo Alto devices. And look at this. So, Palo Alto is a firewall. I was teaching a pen testing class, and I was showing them how to use CVE. That's why it's there. And you can see that the CVE 2020 notes are all 2020.

And this is CBE 2020, the CVE number. This is something that you should be familiar with whenever you see something like CVE, because different vendors, different websites, different places you're going to go, they're going to say CVE, and they're going to give you a number that generally tells you the year and the number is for that particular attack. So notice they're saying that on this Palo Alto device, an authentication bypass vulnerability exists in their global VPN client. They go in to tell you about it, then they give you links to fix it. So they're going to give you a link that says, "Okay, here's the URL that talks about this attack." This is Palo Alto themselves, the actual firewall vendor, telling you about this attack, knowing that this is a CVE, and it's telling you it's a pretty high one. And then they tell you how to fix it, right? They're saying, hey, upgrade. If you're running an older operating system, it's going to be affected. The answer was just to upgrade the OS. So as your career progresses, you're going to see this thing called CVE. Anytime you see it, you can always come back here and you can search for the CVE number. Sometimes the vendors themselves say CVE 2021, CVEDash 2021, let's say it's next year. And then it will give you a number. And that number will specify what type of attack that is. And then you could come, you could search for it, pull it up, and tell you what it is and how to fix it. So they have a feed here called CVE Datafeeds. And this year, we'll just keep you updated on the latest ones that come out.

So very interesting. You guys are going to get to know CVE as your security career progresses. You're going to get to know CVE very well. Another place you can go to get research on different threats that are out there is going to be different security conferences. Defcon is one of the most famous security conferences. They always display some of the newest threats that pentesters or ethical hackers have found. It is always a good place to find them. Academic journals can publish different findings that they can see. They may say there's a major vulnerability and you shouldn't use software in this way. So this is going to be used by the Internet Engineering Task Force in order to make internet standards in there. You can also do research to see if there are any threats that can affect your technology. This will happen in your communities. This can be a particular group of people within an industry that may work to advance a profession, like, for example, a school industry security advisory board that looks at school management systems to ensure that they are secure. On social media, I don't think I have to mention much here. Social media Social media could be a virusitself, but with social media going through different postings, you could see people posting about the latest threats that are out there. Maybe there's a major vulnerability out thereaffecting a particular type of firewall and people are posting about it on different social media websites such as Twitter. So generally, there is a major hack going around the world. Twitter will have some information about it. Then you have threat feeds.

Threat feeds are basically the same as vulnerability feeds. There are going to be holes in your network. Threats are new intelligence information that is out there. You know, there are different forms of this. Here's some more vulnerability information that is out here. They're telling you the latest Zero D exploit. This is from Talos.Talosintelligence.com. This is maintained by Cisco. The other one here is for enemy tactics, techniques, and procedures. This is another one here. So this is interesting. You guys have to check this one out. This one is the last one on the list because I wanted to go through this here with you. Attack Metry.org This is such a great tool as a pen tester. This thing maintains a giant knowledge base of different adversary tactics and techniques that they can use against you. But we, as pen testers, use this a lot. Any time I want to do something with an organisation or I want to find out information, I have students in different classes or when I'm doing a pen test, they'll say to me, "Andrew, how do I do this?" I come right here and I say, okay, this is the attack you want to do, and this is how we would go about doing it. And it tells you the tools and how to do it much. So let's say so much stuff. This is a rabbit hole.

If you go here, you're going to be here for days. Let me teach you guys something. So let's say reconnaissance, right? Getting information about your client So let's say you want active scanning. You click on this. It'll give you ways of doing it right. Gathering victims, network information You click on this, and it starts to tell you DNS network topologies. How do we gather information on people's IP addresses? It goes in, and it gives you descriptions of it. And then they go in and tell you they can do active scanning. And then you click on that, and it takes you down more of a rabbit hole. This just keeps on going and going, and eventually it will come, and it will tell you some of the tools that they may use. It will tell you some of the different forms of access that they can use.

And it gets really interesting when you start to get to the execution part. Privilege escalations. For example, they go in and say "boot or log on to auto start," and then they tell you different things about it. So this website has so much information. I mean, if I'm trying to learn to do an attack and I'm trying to learn how I can do an aptitude test on this, I come right here. This is my number one stop for that. This is something that you guys should be exploring a whole lot. This video isn't long enough for me to go through this, but you guys click on it. You'll see what I mean? Lots of interesting information here. Okay, so a lot of good information in this section of the class. You guys learned about all the different threats and how they come and get you. You learned about different places we can go. I've given you guys a lot of links in this section. Please follow up with these links because you're going to be using a lot of them throughout your entire IT security career.

Prepared by Top Experts, the top IT Trainers ensure that when it comes to your IT exam prep and you can count on ExamSnap CompTIA Security+ 2021 certification video training course that goes in line with the corresponding CompTIA SY0-601 exam dumps, study guide, and practice test questions & answers.

Comments (0)

Add Comment

Please post your comments about SY0-601 Exams. Don't share your email address asking for SY0-601 braindumps or SY0-601 exam pdf files.

Add Comment

Only Registered Members can View Training Courses

Please fill out your email address below in order to view Training Courses. Registration is Free and Easy, You Simply need to provide an email address.

  • Trusted by 1.2M IT Certification Candidates Every Month
  • Hundreds Hours of Videos
  • Instant download After Registration

Already Member? Click here to Login

A confirmation link will be sent to this email address to verify your login

UP

LIMITED OFFER: GET 30% Discount

This is ONE TIME OFFER

ExamSnap Discount Offer
Enter Your Email Address to Receive Your 30% Discount Code

A confirmation link will be sent to this email address to verify your login. *We value your privacy. We will not rent or sell your email address.

Download Free Demo of VCE Exam Simulator

Experience Avanset VCE Exam Simulator for yourself.

Simply submit your e-mail address below to get started with our interactive software demo of your free trial.

Free Demo Limits: In the demo version you will be able to access only first 5 questions from exam.