1.0 Threats, Attacks, and Vulnerabilites

1.1 Compare and contrast different types of social engineering techniques.

--- Social media

Principles (reasons for effectiveness)

Credential havesting

--- Intimidation

Spam over instant messaging (SPIM)

Dumpster diving

--- Familiarity

Shoulder surfing

Watering hole attack

Eliciting information

Influence campaign

--- Hybrid warefare

1.2 Given a scenario, analyze potential indicators to derermine the type of attack.

Password attacks

Adversarial Artificial Intelligence (AI)

--- Tainted training data for machine learning (ML)

--- Security of machine learning algorithms

--- Brute force

Supply-chain attacks

--- Potentially unwanted prorams (PUPs)

--- Offline

Cloud-based vs. on-premises attacks

--- Fileless virus

--- Online

--- Command and control

--- Rainbow table

--- Bots

--- Plaintext/unencrypted

--- Cryptomalware

Physical attacks

--- Logic Bombs

--- Malicious universal

--- Serial bus (USB) cable

--- Malicious flash drive

--- Remote access trojan (RAT)

--- Card cloning

1.3 Given a scenario, analyze potential indicators associated with application attacks.

Privilege escalation

Race conditions

Application programming interface (API) attacks

Cross-site scripting

--- Time of check/time of use

--- Resource exhaustion

--- Memory leak

--- Structured query language (SQL)

Improper input handling

Secure Sockets Layer (SSL) stripping

--- Dynamic link library (DLL)

Driver manipulation

--- Lightweight Directory Access Protocol (LDAP)

--- Session replays

--- Extensible Markup Language (XML)

Integer overflow

--- Refactoring

Pointer/object dereference

Request forgeries

Directory traversal

--- Server-side

Buffer overflows

1.4 Given a scenario, analyze potential indicators associated with network attacks.

Layer 2 attacks

--- Application

--- Address Resolution Protocol (ARP) Poisoning

--- Operational technology (OT)

--- Rogue access point

--- Media access control (MAC) flooding

Malicious code or script execution

--- Blue snarfing

--- MAC cloning

--- Bluejacking

Domain name system (DNS)

--- Disassociation

--- Domain hijacking

--- Bash

--- DNS poisoning

--- Radio frequency identification (RFID)

--- Uniform Resource Locator (URL) redirection

--- Visual Basic for Applications (VBA)

--- Near-field communication (NFC)

--- Domain reputation

--- Initialization vector (IV)

Distributed denial-of-service (DDoS)

On-path attack (previously man-in-the-middle attack/man-in-the-browser attack)

1.5 Explain the different threat actors, vectors, and intelligence sources.

Actors and threats

--- Automated Indicator Sharing (AIS)

--- Advanced persistent threat (APT)

--- Direct access

--- Structured Threat Information eXpression (STIX)/Trusted Automated eXchange of Intelligence Information (TAXII)

--- Insider threats

--- Predictive analysis

--- State actors

--- Threat maps

--- hacktivists

--- Supply chain

--- File/code repositories

--- Script kitties

--- Social media

Research sources

--- Criminal syndicates

--- Removable media

--- Vendor websites

--- Vulnerability feeds

--- Authorized

Threat intelligence sources

--- Conferences

--- Unauthorized

--- Open-source intelligence (OSINT)

--- Academic journals

--- Semi-authorized

--- Closed/proprietary

--- Request for Comments (RFC)

--- Vulnerability databases

--- Local Industry Groups

--- Competitors

--- Public/private information sharing centers

--- Social media

Attributes of actors

--- Threat feeds

--- Internal external

--- Indicators of compromise

--- Adversarial tactics, techniques, and procedures (TTP)

--- Level of sophistication/capability

--- Resources/funding

--- Intent motivation

1.6 Explain the security concerns associated with various types of vulnerabilities.

Cloud-based vs on-premises vulnerabilities

Third-party risks

Legacy platforms

--- Vendor management

Weak configurations

--- System integration

--- Open permissions

--- Lack of vendor support

--- Data breaches

--- Unsecure root accounts

--- Supply chain

--- Data exfiltration

--- Outsourced code development

--- Identity theft

--- Weak encryption

--- Data storage

--- Unsecure protocols

Improper patch management

--- Default settings

--- Availability loss

--- Open ports and services

--- Operating System (OS)

--- Applications

1.7 Summarize the techniques used in security assessments.

Syslog/Security information and event management (SIEM)

--- Intelligence fusion

--- Review reports

--- Threat feeds

--- Packet capture

--- Advisories and bulletins

--- Data inputs

--- User behavior analysis

Vulnerability scans

--- Sentiment analysis

--- False positives

--- Security monitoring

--- False negatives

--- Log aggregation

--- Log reviews

--- Log collectors

--- Credentialed vs. non-credentialed

--- Security orchestration automation, and response (SOAR)

--- Intrusive vs non-intrusive

--- Application

--- Web application

--- Common Vulnerabilities and Exposures (CVE)/Common Vulnerability Scoring System (CVSS)

--- Configuration review

1.8 Explain the techniques used in penetration testing.

Penetration testing

Passive and active reconnaissance

--- Known environmnet

--- Unknown Environment

--- Partially known environment

--- War driving

--- Rules of Engagement

--- Footprinting

--- Lateral movement

--- Privilege escalation

--- Persistence

--- Purple team