Showname: Security+ (SY0-601)

Topic: Threats, Attacks and Vulnerabilities

Episode: Social Engineering
Compare and contrast different types of social engineering techniques

Description: In this episode, we discuss the methods used by bad actors to deceptively
manipulate individuals into divulging confidential information through social engineering. We
will compare and contrast different types of social engineering techniques like phishing,
whaling, spam, spear phishing and more.

 Principles of Security
 Vulnerability
 Threat
 Attack
 Social Engineering
o Phishing (Authority, Trust, Urgency)
 Vishing
 Smishing
 Spear phishing
 Whaling
o Spam
o Spam over Internet messaging (SPIM)
o Pharming
 Redirection to a bogus site
 DNS poisoning
 Malware
o Watering hole attack
 Usually starts with reconnaissance
 Determine what website a target group frequent
 Inject malicious code into the website
 Targets get infected as they visit the website
o Credential harvesting
 Scraping usernames and password from a website clone (Familiarity)
o Typo squatting
 URL Hijacking
 Physical Techniques
o Dumpster diving
o Shoulder surfing
o Tailgating
o Pretexting
 Creating a fabricated scenario
  Outliers
o Invoice scams
o Hoax
o Prepending
 Most social engineering
o Impersonation (Urgency)
 All social engineering
o Identity fraud
 All social engineering
o Eliciting information
 All social Engineering

Showname: Security+ (SY0-601) Topic: Threats, Attacks and Vulnerabilities Episode: Password
Attacks Learner Objectives: Given a scenario, analyze potential indicators to determine the
type of attack. Description: In this episode, the viewer will identify various types of password-
based attacks such as spraying, brute force, dictionary attacks, and rainbow tables.

 Guessing
 Password Attacks * Brute Force
 Dictionary
 Rainbow Tables
 Spraying: And in a spraying attack is where you're like, for instance, let's say taking a single
password trying against multiple accounts,

Episode: Password Attack Tools Learner Objectives: Given a scenario, analyze potential

indicators to determine the type of attack. Description: In this episode, the viewer will identify
various types of password attack tools such as hashcat, Hydra, John the Ripper, PACK, CeWL,
statsprocessor, Burp Suite as well as online vs. offline attacks.

 Online Attacks
 Offline Attacks
 Tools
o hashcat
o Hydra
o John the Ripper
o PACK
o CeWL
o Statsprocessor
o Burp Suite
Topic: Threats, Attacks and Vulnerabilities
Episode: Application Attacks
Learner Objectives:
Given a scenario, analyze potential indicators associated with application attacks.
Description: In this episode, the viewer will analyze the characteristics of injection attacks.

 Injections
o Been around for a long time
o Very dangerous
o Impact
 Loss of data
 Theft of Data
 Corruption of data
 DoS

 Injections
o Structured query language (SQL)
o Lightweight directory access protocol (LDAP)
o Extensible markup language (XML) or XXE attack
o Dynamic link library (DLL)
 Command Injection
o Inject commands into the web app that are then executed by the OS.

Episode: Vulnerabilties
Learner Objectives:

Explain the security concerns associated with various types of vulnerabilities.

Description: In this episode, the viewer will identify situations that lead IT infrastructure
into vulnerable positions such as weak configurations, third-party risk, weak patch
management and legacy platforms.

 Weak configurations
o Open permissions
o Unsecure root accounts
o Weak encryption
o Unsecure protocols
o Default settings
o Open ports and services
 Third-party risks
o Increase risk for
  Intellectual Property Theft
 Identity/credential theft
 Network Intrusion
 Reputation damage (Think Target)
 Lack of vendor support
 Data storage/Data Breach/Data Theft
 Cloud-based risk
o Vendor management
 Problems
 Compliance risk
 Vendor Reputation
 Lack of Visibility
 Benefits
 Screening
 Risk Management
 Compliance
o System integration
 Social Networks (Facebook)
 Delivery Systems (USPS,UPS,FedEx)
 Online payment systems (Paypal)
 Video streaming services (YT, Vimeo)
o Outsourced code development
 Improper or weak patch management
o Firmware
 Current Firmware 2.0.2.188405
 CVE-2019-7579
o Operating system (OS)
o Applications
 Legacy platforms
 Zero-day

Episode: Threat Intelligence - OSINT Learner Objectives:

Explain different threat actors, vectors, and intelligence sources.

Description: In this episode, the viewer will identify what Open Source Intelligence is,
what it is used for as well as examples like Shodan, Censys and ICANN domain
lookups.

 What is Threat Intelligence?

o Gathering of data to be analyzed to identify potential or actual threats to
an organization's IT infrastructure.
 OSINT
 Open Source
  Resource Examples
 Why use it?
 Double-edged sword
 Examples
o Shodan.io
o Censys.io
o https://lookup.icann.org/lookup (Facebook)
 Dan tee up a examples of OSINT
o Show Shodan and Censys
o Show Maltego and recon-ng

 (SY0-601) Topic: Threats, Attacks and Vulnerabilities Episode: Threat Maps and Feeds
Learner Objectives:

Explain different threat actors, vectors, and intelligence sources.

Description: In this episode, the viewer will identify various components and attributes of
threat feeds as well as threat feeds. The viewer will identify examples of threat maps as
well as threat feeds.

 Mitigating Threats
 Threat Maps
o Real time or near real-time map of various attacks around the globe
 Sources
o Kaspersky's Threat Map
o FireEye
o Fortinet
 (Dan - How are the maps builts)
o Retrieving data from numerous sources
 (Dan - could you show us an example?)
o Kaspersky's Threat Map
 On-access scans - detection based on copy, run, access
operations
 On-Demand Scan - detection based on user-based or manual
scans
 Web Anti-virus Scans - html pages opening, downloading files
 Mail Antivirus Scans - when objects appear in emails
 Intrusion Detection Scans - network detection activity
 Vulnerability Scans - vulnerability detection scans
 Botnet Activity Scans
 Kaspersky's Anti-spam - unwanted/suspicious emails detected by
Kaspersky's email filtering engine
 Threat Feeds
 o Real-time data streams of data providing information on potential cyber
threats and risks
 Information Examples
o Domains with poor reputation
o Known Malware
o IP addresses known for malicious activity
o Machine readable data that can be feed into security information and
event management (SIEM systems).

 IoC - pieces of data that identify malicious activity

o STIX and TAXII standardize IoC documentation and reporting
o FireEye - Redline (free IoC monitoring tools)
https://www.fireeye.com/services/freeware/redline.
o Automated Indicator Sharing (AIS) enables the exchange of cyber threat
indicators between the Federal Government, SLTT(State, Local, Tribal
and Territorial) governments, and the private sector at machine speed.

 (Dan - can we see some example of these Threat Feeds)

 Threat feed examples
o DHS - AIS participants connect to a DHS-managed system in the
Department’s National Cybersecurity and Communications Integration
Center (NCCIC) that allows bidirectional sharing of cyber threat indicators.
o FBI's Infragard.org
o SANs Internet Storm Center
o Cisco's Talos Intelligence

Cisco's Talos Intelligence: https://talosintelligence.com/ DHS AIS -

https://www.cisa.gov/automated-indicator-sharing-ais FBI's Infragard.org -
https://www.infragard.org/ SANS Internet Storm - https://isc.sans.edu/

Episode: Vulnerability Databases and Feeds Learner Objectives:

Explain different threat actors, vectors, and intelligence sources.

Description:In this episode, the viewer will identify and be able to explain the purpose of
vulnerability databases and vulnerability feeds.

 What are vulnerability databases?

o A collection of information related to security flaws in information systems
o Thousands of data sources
 Software vendors
 Software users
 Researchers
  MITRE
o MITRE ATT&CK (Adversarial tactics, techniques and common knowledge)
(also adversary tactics, techniques, and procedures (TTP))
o CVE (Common Vulnerabilities and Exposures)
 List of publicly known vulnerabilities
 ID Number, description, one public reference
 https://cve.mitre.org/
 National Vulnerability Database
o US government repository of standards based vulnerability using SCAP
o Security Content Automation Protocol
 Enumerates software flaws and security configuration issues
 Automated configuration
 Patch and Vulnerability checking
 Security compliance measurement scanning
 Additional SCAP Components
o Common Configuration Enumeration (CCE)
 CCE provides unique identifiers to system configuration issues in
order to facilitate fast and accurate correlation of configuration data
across multiple information sources and tools.
 https://nvd.nist.gov/config/cce/index
 https://nvd.nist.gov/config/cce
o Common Platform Enumerations (CPE)
 Common Platform Enumeration (CPE) is a standardized method of
describing and identifying classes of applications, operating
systems, and hardware devices present among an enterprise's
computing assets.
 Identifying the presence of XYZ Visualizer Enterprise Suite could
trigger a vulnerability management tool to check the system for
known vulnerabilities in the software, and also trigger a
configuration management tool to verify that the software is
configured securely in accordance with the organization's policies.
o NVD Threat Data Feed
 https://nvd.nist.gov/vuln/data-feeds
 US Computer Emergency Response Team (US-CERT)
o https://www.kb.cert.org/vuls/
 Threat Feeds
o Mitre Threat Feed
 https://cve.mitre.org/cve/data_feeds.html
o NVD Threat Feed
 https://nvd.nist.gov/vuln/data-feeds

Episode: Threat Actors and Attack Vectors

Learner Objectives:

Given a scenario, analyze potential indicators associated with wireless attacks.

Description:In this episode, the viewer will identify the types of threat actors within the
cybersecurity landscape as well as the attributes or characteristics of these threat
actors. The viewer will also be able to explain the attack vectors that threat actor's use
in order to accomplish their goals.

 Threat Actor Types

o Script Kiddies
o Insider threats
 Tesla Insider threat
 Google insider threat
o Hacktivist
o Advanced persistent threat (APT)
 Fireeye
 Crowdstrike
 https://apt.securelist.com/
o State actors
o Criminal syndicates
o Shadow IT
 The use of information technology systems, devices, software,
applications, and services without explicit IT department approval.
 Using Dropbox or Google drive instead of company authorized
storage
o Competitors
 Hackers vs. Attackers
 Hackers
o White hat
o Black hat
o Gray hat
 Vectors
o Direct access
 Insider Threat
o Wireless
 Mobile, WiFi, RFID
o Email
 APTs
 Hacktivists
 Criminal Syndicate
o Supply chain
 DarkReading
o Social media
 Twitter and DDoDSecrets
o Cloud
 [Microsoft Security]
 Attributes of threat actors No Slide
o Internal/external
  Insider vs. all the others
o Level of sophistication/capability
 APTs vs Script Kiddies
o Resources/funding
 Hacktivists vs Nation States
o Intent/motivation
 Political