1.0 Threats, Attacks, and Vulnerabilites

1.1 Compare and contrast different types of social engineering techniques.

Phishing
Prepending
--- Social media
Smishing
Identity fruad
Principles (reasons for effectiveness)
Vishing
Invoice scams
--- Authority
Spam
Credential havesting
--- Intimidation
Spam over instant messaging (SPIM)
Reconnaissance
--- Consensus
Spear phishing
Hoax
--- Scarcity
Dumpster diving
Impersonation
--- Familiarity
Shoulder surfing
Watering hole attack
--- Trust
Pharming
Typosquatting
--- Urgency
Tailgating
Pretexting
Eliciting information
Influence campaign
Whaling
--- Hybrid warefare

1.2 Given a scenario, analyze potential indicators to derermine the type of attack.

Malware
Password attacks
Adversarial Artificial Intelligence (AI)
--- Ransomware
--- Spraying
--- Tainted training data for machine learning (ML)
--- Trojans
--- Dictionary
--- Security of machine learning algorithms
--- Worms
--- Brute force
Supply-chain attacks
--- Potentially unwanted prorams (PUPs)
     --- Offline
Cloud-based vs. on-premises attacks
--- Fileless virus
     --- Online
Cryptographic
--- Command and control
--- Rainbow table
--- Birthday
--- Bots
--- Plaintext/unencrypted
--- Collision
--- Cryptomalware
Physical attacks
--- Downgrade
--- Logic Bombs
--- Malicious universal
--- Spyware
--- Serial bus (USB) cable
--- Keyloggers
--- Malicious flash drive
--- Remote access trojan (RAT)
--- Card cloning
--- Rootkit
--- Skimming
--- Backdoor

1.3 Given a scenario, analyze potential indicators associated with application attacks.

Privilege escalation
Race conditions
Application programming interface (API) attacks
Cross-site scripting
--- Time of check/time of use
--- Resource exhaustion
Injections
Error handling
--- Memory leak
--- Structured query language (SQL)
Improper input handling
Secure Sockets Layer (SSL) stripping
--- Dynamic link library (DLL)
Replay attacks
Driver manipulation
--- Lightweight Directory Access Protocol (LDAP)
--- Session replays
--- Shimming
--- Extensible Markup Language (XML)
Integer overflow
--- Refactoring
Pointer/object dereference
Request forgeries
Pass the hash
Directory traversal
--- Server-side
Buffer overflows
--- Cross-site

1.4 Given a scenario, analyze potential indicators associated with network attacks.

Wireless
Layer 2 attacks
--- Application
--- Evil twin
--- Address Resolution Protocol (ARP) Poisoning
--- Operational technology (OT)
--- Rogue access point
--- Media access control (MAC) flooding
Malicious code or script execution
--- Blue snarfing
--- MAC cloning
--- Powershell
--- Bluejacking
Domain name system (DNS)
--- Python
--- Disassociation
--- Domain hijacking
--- Bash
--- Jamming
--- DNS poisoning
--- Macros
--- Radio frequency identification (RFID)
--- Uniform Resource Locator (URL) redirection
--- Visual Basic for Applications (VBA)
--- Near-field communication (NFC)
--- Domain reputation
--- Initialization vector (IV)
Distributed denial-of-service (DDoS)
On-path attack (previously man-in-the-middle attack/man-in-the-browser attack)
--- Network

1.5 Explain the different threat actors, vectors, and intelligence sources.

Actors and threats
Vectors
--- Automated Indicator Sharing (AIS)
--- Advanced persistent threat (APT)
--- Direct access
     --- Structured Threat Information eXpression (STIX)/Trusted Automated eXchange of Intelligence Information (TAXII)
--- Insider threats
--- Wireless
--- Predictive analysis
--- State actors
--- Email
--- Threat maps
--- hacktivists
--- Supply chain
--- File/code repositories
--- Script kitties
--- Social media
Research sources
--- Criminal syndicates
--- Removable media
--- Vendor websites
--- Hackers
--- Cloud
--- Vulnerability feeds
     --- Authorized
Threat intelligence sources
--- Conferences
     --- Unauthorized
--- Open-source intelligence (OSINT)
--- Academic journals
     --- Semi-authorized
--- Closed/proprietary
--- Request for Comments (RFC)
--- Shadow IT
--- Vulnerability databases
--- Local Industry Groups
--- Competitors
--- Public/private information sharing centers
--- Social media
Attributes of actors
--- Dark web
--- Threat feeds
--- Internal external
--- Indicators of compromise
--- Adversarial tactics, techniques, and procedures (TTP)
--- Level of sophistication/capability
--- Resources/funding
--- Intent motivation

1.6 Explain the security concerns associated with various types of vulnerabilities.

Cloud-based vs on-premises vulnerabilities
Third-party risks
Legacy platforms
Zero-day
--- Vendor management
Impacts
Weak configurations
     --- System integration
--- Data loss
--- Open permissions
     --- Lack of vendor support
--- Data breaches
--- Unsecure root accounts
--- Supply chain
--- Data exfiltration
--- Errors
--- Outsourced code development
--- Identity theft
--- Weak encryption
--- Data storage
--- Financial
--- Unsecure protocols
Improper patch management
--- Reputation
--- Default settings
--- Firmaware
--- Availability loss
--- Open ports and services
--- Operating System (OS)
--- Applications

1.7 Summarize the techniques used in security assessments.

Threat hunting
Syslog/Security information and event management (SIEM)
--- Intelligence fusion
--- Review reports
--- Threat feeds
--- Packet capture
--- Advisories and bulletins
--- Data inputs
--- Maneuver
--- User behavior analysis
Vulnerability scans
--- Sentiment analysis
--- False positives
--- Security monitoring
--- False negatives
--- Log aggregation
--- Log reviews
--- Log collectors
--- Credentialed vs. non-credentialed
--- Security orchestration automation, and response (SOAR)
--- Intrusive vs non-intrusive
--- Application
--- Web application
--- Network
--- Common Vulnerabilities and Exposures (CVE)/Common Vulnerability Scoring System (CVSS)
--- Configuration review

1.8 Explain the techniques used in penetration testing.

Penetration testing
Passive and active reconnaissance
--- Known environmnet
--- Drones
--- Unknown Environment
--- War flying
--- Partially known environment
--- War driving
--- Rules of Engagement
--- Footprinting
--- Lateral movement
--- OSINT
--- Privilege escalation
Exercise types
--- Persistence
--- Red team
--- Cleanup
--- Blue team
--- Bug bounty
--- White team
--- Pivoting
--- Purple team