Live virtual machine lab 1.2: module 01 gathering intelligence on threat actors and vectors

Live Virtual Machine Lab 2.1: Module 02 Penetration TestingTechniquesExercise 1 - Explain Penetration Testing and its TypesTask 1 - Penetration TestingA penetration test is often called a pen-test and is conducted to uncover, exploit and understandthe severity of security loopholes in applications, network devices and infrastructurecomponents like web servers, application servers, database servers etc.Penetration TestingIf an application is developed in an insecure manner, the network and infrastructurecomponents are not hardened or secured, meaning it will cause weaknesses, which can also becalled loopholes or vulnerabilities. The vulnerability assessment is a technique that uncoversthese loopholes in a system.Penetration Testing follows the following process:Discovery, Enumeration, Vulnerability Mapping, Exploitation and ReportingTypes of penetration testingBlackbox testing is conducted without prior knowledge about the information system,infrastructure component or the application against which the testing is carried out.Credentials to authenticate into the systems are not shared and need to be uncovered aspart of the assessment. This type of testing closely simulates a real-world attack by anexternal party. Blackbox testing is also called a zero-knowledge test.A commondisadvantage of this type of testing is that it will probably not detect all vulnerabilities.Another disadvantage is that the testing team may inadvertently impact another system.Whitebox testing is conducted with full knowledge of the information system,infrastructure component or application under test. For example, in the case ofapplication white-box penetration testing, the complete details of the applicationincluding the URL, credentials for authentication, data flow and other test information, isprovided in advance for conducting the test. In extreme cases, the complete source codeof the application or the complete network topology is shared with the tester to identifyexploits.A Whitebox testing allows the tester or the test team to target specific internalcontrols and features. It may yield better results but does not simulate a real-worldattack.

The Domain Name System, commonly known as DNS, is often referred to as the "phone book" of the Internet. Every time we access the Internet to visit our favorite websites, shop and pay bills online, or access online portals for healthcare or banking, we depend on DNS infrastructure to securely route us to our intended destinations. While this shared infrastructure is incredibly powerful and useful, it also presents a rich attack surface for threat actors: allowing them to shut down websites and online services, replace legitimate website content with threats and extortion attempts, or even route traffic to a carbon copy of a legitimate website to steal any information entered by users intending to conduct business as usual. "Understanding DNS Attacks" provides key information you need to know to protect yourself and your organization from DNS infrastructure tampering including common vulnerabilities, how to identify a potential attack, and guidance and best practices to mitigate the likelihood and impact of a successful DNS attack.

Table of Contents Show

  • Domain 1.0 Threats, Attacks and Vulnerabilities
  • Domain 2.0 Technologies and Tools
  • Domain 3.0 Architecture and Design
  • Domain 4.0 Identity and Access Management
  • Domain 5.0 Risk Management
  • Domain 6.0 Cryptography and PKI

This webinar is accessible to non-technical learners including managers and business leaders, and offers an organizational perspective useful to technical specialists.

Learning Objectives:
Enable learners to prevent, flag, and protect themselves and their organizations from DNS infrastructure attacks through awareness of common attack schemes, best practices, CISA guidance, and resources.

  • Define DNS Tampering and explain common attack methods
  • Identify signs of a DNS attack
  • Learn mitigation steps for DNS attacks
  • Understand the process to recover from a DNS attack
  • Explore impacts of DNS attacks through case studies

Date: 2021

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Analyze All-Source Analysis Mission Assessment Specialist
Collect and Operate Collection Operations All-Source Collection Manager, All-Source Collection Requirements Manager
Operate and Maintain Customer Service and Technical Support Technical Support Specialist
Operate and Maintain Data Administration Data analyst, database administrator
Operate and Maintain Knowledge Management Knowledge Manager
Operate and Maintain Network Services Network Operation Specialist
Operate and Maintain Systems Administration System Administrator
Oversee and Govern Cybersecurity Management Communications security manager; information systems security manager
Oversee and Govern Program Management and Acquisition IT investment manager, IT program auditor, IT project manager, product support manager, program manager
Oversee and Govern Strategic Planning and Policy Cyber policy and strategy planner; cyber workforce developer and manager
Oversee and Govern Training, Education, and Awareness Cyber Instructional Curriculum Developer
Protect and Defend Cyber Defense Infrastructure Support Cyber Defense Infrastructure Support Specialist
Protect and Defend Incident Response Cyber Defense Incident Responder
Protect and Defend Vulnerability Assessment and Management Vulnerability Assessment Analyst
Securely Provision Risk Management Authorizing official; security control assessor
Securely Provision Systems Architecture Enterprise Architect, Security Architect
Securely Provision Systems Requirements Planning Systems Requirements Planner
Securely Provision Test and Evaluation System Testing and Evaluation Specialist

Lesson 1: Explaining the OSI and TCP/IP Models

Lesson 2: Explaining Properties of Network Traffic

Lesson 3: Installing and Configuring Switched Networks

Lesson 4: Configuring IP Networks

Lesson 4: Configuring IP Networks

Lesson 5: Installing and Configuring Routed Networks

Lesson 6: Configuring and Monitoring Ports and Protocols

Lesson 7: Explaining Network Application and Storage Services

Lesson 8: Monitoring and Troubleshooting Networks

Lesson 9: Explaining Networking Attacks and Mitigations

Lesson 10: Installing and Configuring Security Devices

Lesson 11: Explaining Authentication and Access Controls

Lesson 12: Deploying and Troubleshooting Cabling Solutions

Lesson 13: Implementing and Troubleshooting Wireless Technologies

Lesson 14: Comparing and Contrasting WAN Technologies

Lesson 15: Using Remote Access Methods

Remedial Review of lessons covered.

Remedial Review of lessons

Remedial Review of lessons covered.

Remedial Review of lessons covered.

The Security+ course is five (5) weeks long with 45 hours of Live Instructor led course and hands-on Instructor led Labs plus and Q and A sessions. The course is led by knowledgeable Instructors and include the online course of instruction, eBook and Hard cover book, Instructor led Labs as well as Instructor/SME led question and answer sessions.

Domain 1.0 Threats, Attacks and Vulnerabilities

1.1 Given a scenario, analyze indicators of compromise and determine the type of malware.
1.2 Compare and contrast types of attacks1.2.1 Social Engineering1.2.2 Application / Service attacks1.2.3 Cryptographic attacks1.2.4 Hijacking1.2.5 Network / Wireless attacks

1.3 Explain threat actor types and attributes

1.3.1 Types of actors1.3.2 Attributes of actors

1.4 Explain penetration testing concepts

1.4.1 Penetration testing process1.4.1.1 Reconnaissance1.4.1.2 Initial exploitation1.4.1.3 Persistence1.4.1.4 Pivot1.4.1.5 Escalation of privilege1.4.2 Penetration testing vs. Vulnerability scanning1.4.3 Black box vs. Gray box vs. White box

1.5 Explain vulnerability scanning concepts

1.5.1 Identifying1.5.1.1 Vulnerability / Unpatched system or application1.5.1.2 Lack of security controls1.5.1.3 common misconfigurations1.5.2 Intrusive vs. non-intrusive1.5.3 Credentialed vs. non-credentialed

1.6 Explain the impact associated with types of vulnerabilities

1.6.1 Configuration issues1.6.2 Access control1.6.3 Cryptography, certificate and key management1.6.4 Application vulnerabilities

1.6.5 Application input handling

Domain 2.0 Technologies and Tools

2.1 Install and configure network components, both hardware and software-based, to support
organizational security2.1.1 Network equipment: Router, Switch, Bridge, Load Balancer, Proxy2.1.2 Gateways: Email, Media2.1.3 Access Points2.1.4 Firewall2.1.5 NAC2.1.6 VPN / SSL/TLS accelerators & decryptors2.1.7 NIPS/ NIDS2.1.8 DLP2.1.9 SIEM

2.2 Given a scenario, use appropriate software tools to assess the security posture of an organization

2.2.1 Network scanners2.2.2 Protocol analyzer2.2.3 Wireless scanners / crackers2.2.4 Exploitation frameworks2.2.5 Passive vs Active2.2.6 Scanners: Vulnerability, Configuration compliance and inventory2.2.7 Password crackers2.2.8 Backup Utilities2.2.9 Honeypot / Honeynet2.2.10 Steganography2.2.11 Command line tools: Unix/Linux and Windows

2.3 Given a scenario, troubleshoot common security issues

2.3.1 Personnel2.3.2 Asset Management / Misconfigured devices2.3.3 Identity, Access, Authentication, Authorization and Audit (IAAAA)2.3.4 Encryption

2.4 Given a scenario, analyze and interpret output from security technologies

2.4.1 Network security technologies2.4.2 Host security technologies2.4.3 Data security technologies

2.5 Given a scenario, deploy mobile devices securely

2.5.1 Connection methods2.5.2 Mobile device management concepts2.5.3 Enforcement and monitoring2.5.4 Deployment models

2.6 Given a scenario, implement secure protocols

2.6.1 Protocols

2.6.2 Use cases

Domain 3.0 Architecture and Design

3.1 Explain use cases and purpose for frameworks, best practices and secure configuration guides3.1.1 Industry-standard frameworks and reference architectures3.1.2 Benchmarks/secure configuration guides3.1.3 Defense-in-depth/layered security

3.2 Given a scenario, implement secure network architecture concepts.

3.2.1 Zones/topologies3.2.2 Segregation/segmentation/isolation3.2.3 VPN / Tunneling3.2.4 Security device/technology placement3.2.5 Software Defined Networks (SDN)

3.3 Given a scenario, implement secure systems design

3.3.1 Hardware/firmware security3.3.2 Operating System Security3.3.3 Peripherals

3.4 Explain the importance of secure staging deployment concepts

3.4.1 Secure baseline3.4.2 Sandboxing3.4.3 Environment3.4.4 Integrity measurement

3.5 Explain the security implications of embedded systems.

3.5.1 ICS / SCADA3.5.2 IoT / Smart Devices3.5.3 Printers / MFDs3.5.4 Camera systems3.5.5 Special purpose

3.6 Summarize secure application development and deployment concepts

3.6.1 Development life-cycle models3.6.2 Secure DevOps / SecDevOps3.6.3 Version control and change management3.6.4 Provisioning and deprovisioning3.6.5 Secure coding techniques3.6.6 Code quality and testing

3.7 Summarize cloud and virtualization concepts

3.7.1 Hypervisor3.7.2 Virtual Machine (VM)3.7.3 Cloud computing3.7.3.1 Deployment models3.7.3.2 Storage3.7.3.3 Access

3.8 Explain how resiliency and automation strategies reduce risk

3.8.1 Automation/scripting3.8.2 Master image3.8.3 Non-persistence3.8.4 Forms and functions

3.9 Explain the importance of physical security controls

Domain 4.0 Identity and Access Management

4.1 Compare and contrast identity and access management concepts.4.1.1 Identification, authentication, authorization and accounting (AAA)4.1.2 Multifactor authentication4.1.3 Single Sign-On (SSO) / Federation

4.2 Given a scenario, install and configure identity and access services


4.3 Given a scenario, implement identity and access management controls4.3.1 Access Control Models4.3.2 Physical Access Control4.3.3 Biometrics4.3.4 Tokens4.3.5 Certificate-based authentication4.3.6 Authorization: file-system and database4.4 Given a scenario, differentiate common account management practices.4.4.1 General concepts4.4.2 Account types

4.4.3 Account policy enforcement

Domain 5.0 Risk Management

5.1 Explain the importance of policies, plans and procedures related to organizational security5.1.1 Standard operating procedures5.1.2 Agreement types5.1.3 Personnel management5.1.4 General security policies

5.2 Summarize business impact analysis concepts


5.3 Explain risk management processes and concepts5.3.1 Threat assessment5.3.2 Risk assessment5.3.3 Change management

5.4 Given a scenario, follow incident response procedures

5.4.1 Incident response plan5.4.2 Incident response process

5.5 Summarize basic concepts of forensics

5.5.1 Data acquisition5.5.2 Preservation / Order of volatility5.5.3 Chain of custody5.5.4 Legal hold5.5.5 Recovery

5.6 Explain disaster recovery and continuity of operations concepts

5.6.1 Backup concepts5.6.2 Geographic considerations5.6.3 Continuity of operations planning5.6.4 Recovery sites5.6.5 Order of restoration

5.7 Compare and contrast various types of controls

5.7.1 Administrative5.7.2 Technical5.7.3 Physical5.7.4 Corrective5.7.5 Preventive5.7.6 Detective5.7.7 Deterrent5.7.8 Compensating

5.8 Given a scenario, carry out data security and privacy practices

5.8.1 Data sensitivity labeling and handling5.8.2 Data roles5.8.3 Data destruction and media sanitization

5.8.4 Legal and compliance

Domain 6.0 Cryptography and PKI

6.1 Compare and contrast basic concepts of cryptography6.1.1 Symmetric algorithms6.1.2 Asymmetric algorithms6.1.3 Hashing6.1.4 Keys and key exchange6.1.5 Digital signatures6.1.6 Common use cases

6.2 Explain cryptography algorithms and their basic characteristics

6.2.1 Symmetric algorithms6.2.2 Cipher modes6.2.3 Asymmetric algorithms6.2.4 Hashing algorithms

6.3 Given a scenario, install and configure wireless security settings

6.3.1 Cryptographic protocols6.3.2 Authentication protocols6.3.3 Methods

6.4 Given a scenario, implement public key infrastructure

6.4.1 Components6.4.2 Concepts6.4.3 Types of certificates

6.4.4 Certificate formats

The Certified Ethical Hacker (CEH) credential is the most trusted ethical hacking certification and accomplishment recommended by employers globally. It is the most desired information security certification and represents one of the fastest-growing cyber credentials required by critical infrastructure and essential service providers. Since the introduction of CEH in 2003, it is recognized as a standard within the information security community. CEH v11 continues to introduce the latest hacking techniques and the most advanced hacking tools and exploits used by hackers and information security professionals today. The Five Phases of Ethical Hacking and the original core mission of CEH remain valid and relevant today: “To beat a hacker, you need to think like a hacker.”

Course Outline:

Module 01: Introduction to Ethical Hacking
Module 02: Footprinting and Reconnaissance
Module 03: Scanning Networks
Module 04: Enumeration
Module 05: Vulnerability Analysis
Module 06: System Hacking
Module 07: Malware Threats
Module 08: Sniffing
Module 09: Social Engineering
Module 10: Denial-of-Service
Module 11: Session Hijacking
Module 12: Evading IDS, Firewalls, and Honeypots
Module 13: Hacking Web Servers
Module 14: Hacking Web Applications
Module 15: SQL Injection
Module 16: Hacking Wireless Networks
Module 17: Hacking Mobile Platforms
Module 18: IoT Hacking
Module 19: Cloud Computing
Module 20: Cryptography

Fundamentals of Information Technology  

  • IT Concepts and Terminology 
  • Infrastructure Setup 
  • Applications & Software 
  • Software Development 
  • Database Fundamentals 
  • Security Essentials 

Fundamentals and intermediate skills of Software and Hardware support  

  • Hardware 
  • Operating Systems 
  • Software Troubleshooting 
  • Networking 
  • Hardware & Network Troubleshooting 
  • Security 
  • Mobile Devices 
  • Virtualization & Cloud Computing 
  • Operational Procedures 

End User Awareness 

  • Information Protection 
  • Cyber Terrorism 
  • Social Engineering 
  • Remote Worker Security 
  • Virus Protection 
  • Password Security 
  • Web Browser Security 
  • Email Security 
  • Instant Messaging Security 
  • Telephone Security 
  • Mobile Security 

Intermediate Network Concepts 

  • Networking Concepts 
  • Infrastructure 
  • Network Operations 
  • Network Security 
  • Network Troubleshooting & Tools 

Intermediate Security Concepts 

  • Attacks, Threats and Vulnerabilities 
  • Architecture and Design 
  • Implementation 
  • Operations and Incident Response 
  • Governance, Risk and Compliance

Fundamentals of Information Technology 

  • IT Concepts and Terminology 
  • Infrastructure Setup 
  • Applications & Software 
  • Software Development 
  • Database Fundamentals 
  • Security Essentials 

Intermediate Network Concepts 

  • Networking Concepts 
  • Infrastructure 
  • Network Operations 
  • Network Security 
  • Network Troubleshooting & Tools 

Intermediate Security Concepts 

  • Attacks, Threats and Vulnerabilities 
  • Architecture and Design 
  • Implementation 
  • Operations and Incident Response 
  • Governance, Risk and Compliance 

Cloud Computing  

  • Cloud Architecture & Design 
  • Cloud Security 
  • Cloud Deployment 
  • Operations & Support 
  • Troubleshooting 

Operating System and Server and Workstation Concepts   

  • Vulnerability Assessment and Risk Management 
  • Students will learn how to address issues including: 
  • Vulnerability Assessment Frameworks 
  • Vulnerability Assessment Techniques 
  • Vulnerability Assessment Tools 
  • Detect and Respond to Vulnerabilities 
  • Preform a Vulnerability Assessment 

Cyber Policy and Compliance 

  • Risk Assessment Fundamentals 
  • Steps to Risk Assessment Process 
  • Risk Assessment Procedures 
  • Risk Reduction and Management 

Critical Controls 

Security and Network Operations Center Concepts

  • Fundamentals of Security and Network Operations Center 
  • Incident Detection and Response 
  • Security Event and Information Management (SEIM) or 
  • Security information and event management (SIEM) 
  • SEIM Deployment and Operations 

Intermediate Network Concepts 

  • Networking Concepts
  • Infrastructure 
  • Network Operations 
  • Network Security 
  • Network Troubleshooting & Tools 

Intermediate Security Concepts 

  • Attacks, Threats and Vulnerabilities 
  • Architecture and Design 
  • Implementation 
  • Operations and Incident Response 
  • Governance, Risk and Compliance 

Vulnerability Assessment 

  • Vulnerability Assessment Frameworks 
  • Vulnerability Assessment Techniques 
  • Vulnerability Assessment Tools 
  • Detect and Respond to Vulnerabilities 
  • Preform a Vulnerability Assessment 

Fundamentals of Ethical Hacking and Penetration Testing 

  • Emerging Attack Vectors 
  • Enumeration 
  • Malware and Reverse Engineering 
  • Cloud Computing 
  • Hacking Web Applications 
  • Operation Technologies 
  • WIFI Cracking 
  • Penetration testing Labs 

Intermediate Ethical Hacking and Penetration Testing 

  • Planning & Scoping 
  • Information Gathering & Vulnerability Identification 
  • Attacks & Exploits 
  • Penetration Testing Tools 
  • Reporting & Communication 
  • Ethical Hacking Labs 

Advanced Ethical Hacking and Penetration Testing 

  • Penetration Testing: What You Should Know 
  • Getting Comfortable with Kali Linux 
  • Command Line Fun 
  • Practical Tools 
  • Bash Scripting 
  • Passive Information Gathering 
  • Active Information Gathering 
  • Vulnerability Scanning 
  • Web Application Attacks 
  • Introduction to Buffer Overflows 
  • Windows Buffer Overflows 
  • Linux Buffer Overflows 
  • Client-Side Attacks 
  • Locating Public Exploits 
  • Fixing Exploits 
  • File Transfers 
  • Antivirus Evasion 
  • Privilege Escalation 
  • Password Attacks 
  • Port Redirection and Tunneling 
  • Active Directory Attacks 
  • The Metasploit Framework 
  • PowerShell Empire 
  • Penetration Testing Labs

Which type of phishing is conducted over the voice?

Voice phishing, these are calls from attackers claiming to be government agencies such as the IRS, software vendors like Microsoft, or services offering to help with benefits or credit card rates. Attackers will often appear to be calling from a local number close to yours.

Which type of phishing is conducted over the Voice over IP lines where the attacker pretends to be a legitimate caller from a bank?

Vishing, sometimes called cyber vishing, is a form of phishing that uses a traditional telephone or voice over internet protocol (VoIP) call with either an actual person talking, a text or other vishing tools.

Which method of threat hunting includes disrupt deny destroy and degrade actions?

Kill Chains are a military concept; in the original paper, the authors create a very clever matrix relating courses of actions to the DoD's IO actions: Detect, Deny, Disrupt, Degrade, Deceive, and Destroy.

Which of the following is considered as the root of the Active Directory hierarchy?

An Active Directory always begins with a forest root domain, which is automatically the first domain you install. This root domain becomes the foundation for additional directory components.