Live Virtual Machine Lab 2.1: Module 02 Penetration TestingTechniquesExercise 1 - Explain Penetration Testing and its TypesTask 1 - Penetration TestingA penetration test is often called a pen-test and is conducted to uncover, exploit and understandthe severity of security loopholes in applications, network devices and infrastructurecomponents like web servers, application servers, database servers etc.Penetration TestingIf an application is developed in an insecure manner, the network and infrastructurecomponents are not hardened or secured, meaning it will cause weaknesses, which can also becalled loopholes or vulnerabilities. The vulnerability assessment is a technique that uncoversthese loopholes in a system.Penetration Testing follows the following process:Discovery, Enumeration, Vulnerability Mapping, Exploitation and ReportingTypes of penetration testingBlackbox testing is conducted without prior knowledge about the information system,infrastructure component or the application against which the testing is carried out.Credentials to authenticate into the systems are not shared and need to be uncovered aspart of the assessment. This type of testing closely simulates a real-world attack by anexternal party. Blackbox testing is also called a zero-knowledge test.A commondisadvantage of this type of testing is that it will probably not detect all vulnerabilities.Another disadvantage is that the testing team may inadvertently impact another system.Whitebox testing is conducted with full knowledge of the information system,infrastructure component or application under test. For example, in the case ofapplication white-box penetration testing, the complete details of the applicationincluding the URL, credentials for authentication, data flow and other test information, isprovided in advance for conducting the test. In extreme cases, the complete source codeof the application or the complete network topology is shared with the tester to identifyexploits.A Whitebox testing allows the tester or the test team to target specific internalcontrols and features. It may yield better results but does not simulate a real-worldattack.
The Domain Name System, commonly known as DNS, is often referred to as the "phone book" of the Internet. Every time we access the Internet to visit our favorite websites, shop and pay bills online, or access online portals for healthcare or banking, we depend on DNS infrastructure to securely route us to our intended destinations. While this shared infrastructure is incredibly powerful and useful, it also presents a rich attack surface for threat actors: allowing them to shut down websites and online services, replace legitimate website content with threats and extortion attempts, or even route traffic to a carbon copy of a legitimate website to steal any information entered by users intending to conduct business as usual. "Understanding DNS Attacks" provides key information you need to know to protect yourself and your organization from DNS infrastructure tampering including common vulnerabilities, how to identify a potential attack, and guidance and best practices to mitigate the likelihood and impact of a successful DNS attack.
Table of Contents Show
- Domain 1.0 Threats, Attacks and Vulnerabilities
- Domain 2.0 Technologies and Tools
- Domain 3.0 Architecture and Design
- Domain 4.0 Identity and Access Management
- Domain 5.0 Risk Management
- Domain 6.0 Cryptography and PKI
This webinar is accessible to non-technical learners including managers and business leaders, and offers an organizational perspective useful to technical specialists.
Learning Objectives:
Enable learners to prevent, flag, and protect themselves and their organizations
from DNS infrastructure attacks through awareness of common attack schemes, best practices, CISA guidance, and resources.
- Define DNS Tampering and explain common attack methods
- Identify signs of a DNS attack
- Learn mitigation steps for DNS attacks
- Understand the process to recover from a DNS attack
- Explore impacts of DNS attacks through case studies
Date: 2021
Training Proficiency Area: Level 1 - Beginner
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Analyze | All-Source Analysis | Mission Assessment Specialist |
Collect and Operate | Collection Operations | All-Source Collection Manager, All-Source Collection Requirements Manager |
Operate and Maintain | Customer Service and Technical Support | Technical Support Specialist |
Operate and Maintain | Data Administration | Data analyst, database administrator |
Operate and Maintain | Knowledge Management | Knowledge Manager |
Operate and Maintain | Network Services | Network Operation Specialist |
Operate and Maintain | Systems Administration | System Administrator |
Oversee and Govern | Cybersecurity Management | Communications security manager; information systems security manager |
Oversee and Govern | Program Management and Acquisition | IT investment manager, IT program auditor, IT project manager, product support manager, program manager |
Oversee and Govern | Strategic Planning and Policy | Cyber policy and strategy planner; cyber workforce developer and manager |
Oversee and Govern | Training, Education, and Awareness | Cyber Instructional Curriculum Developer |
Protect and Defend | Cyber Defense Infrastructure Support | Cyber Defense Infrastructure Support Specialist |
Protect and Defend | Incident Response | Cyber Defense Incident Responder |
Protect and Defend | Vulnerability Assessment and Management | Vulnerability Assessment Analyst |
Securely Provision | Risk Management | Authorizing official; security control assessor |
Securely Provision | Systems Architecture | Enterprise Architect, Security Architect |
Securely Provision | Systems Requirements Planning | Systems Requirements Planner |
Securely Provision | Test and Evaluation | System Testing and Evaluation Specialist |
Lesson 1: Explaining the OSI and TCP/IP Models
Lesson 2: Explaining Properties of Network Traffic
Lesson 3: Installing and Configuring Switched Networks
Lesson 4: Configuring IP Networks
Lesson 4: Configuring IP Networks
Lesson 5: Installing and Configuring Routed Networks
Lesson 6: Configuring and Monitoring Ports and Protocols
Lesson 7: Explaining Network Application and Storage Services
Lesson 8: Monitoring and Troubleshooting Networks
Lesson 9: Explaining Networking Attacks and Mitigations
Lesson 10: Installing and Configuring Security Devices
Lesson 11: Explaining Authentication and Access Controls
Lesson 12: Deploying and Troubleshooting Cabling Solutions
Lesson 13: Implementing and Troubleshooting Wireless Technologies
Lesson 14: Comparing and Contrasting WAN Technologies
Lesson 15: Using Remote Access Methods
Remedial Review of lessons covered.
Remedial Review of lessons
Remedial Review of lessons covered.
Remedial Review of lessons covered.
The Security+ course is five [5] weeks long with 45 hours of Live Instructor led course and hands-on Instructor led Labs plus and Q and A sessions. The course is led by knowledgeable Instructors and include the online course of instruction, eBook and Hard cover book, Instructor led Labs as well as Instructor/SME led question and answer sessions.
Domain 1.0 Threats, Attacks and Vulnerabilities
1.1 Given a scenario, analyze indicators of compromise and determine
the type of malware.
1.2 Compare and contrast types of attacks1.2.1 Social Engineering1.2.2 Application / Service attacks1.2.3 Cryptographic attacks1.2.4 Hijacking1.2.5 Network / Wireless attacks
1.3 Explain threat actor types and attributes
1.3.1 Types of actors1.3.2 Attributes of actors1.4 Explain penetration testing concepts
1.4.1 Penetration testing process1.4.1.1 Reconnaissance1.4.1.2 Initial exploitation1.4.1.3 Persistence1.4.1.4 Pivot1.4.1.5 Escalation of privilege1.4.2 Penetration testing vs. Vulnerability scanning1.4.3 Black box vs. Gray box vs. White box1.5 Explain vulnerability scanning concepts
1.5.1 Identifying1.5.1.1 Vulnerability / Unpatched system or application1.5.1.2 Lack of security controls1.5.1.3 common misconfigurations1.5.2 Intrusive vs. non-intrusive1.5.3 Credentialed vs. non-credentialed1.6 Explain the impact associated with types of vulnerabilities
1.6.1 Configuration issues1.6.2 Access control1.6.3 Cryptography, certificate and key management1.6.4 Application vulnerabilities1.6.5 Application input handling
Domain 2.0 Technologies and Tools
2.1 Install and configure network components, both hardware and software-based, to support
organizational security2.1.1 Network equipment: Router, Switch, Bridge, Load Balancer,
Proxy2.1.2 Gateways: Email, Media2.1.3 Access Points2.1.4 Firewall2.1.5 NAC2.1.6 VPN / SSL/TLS accelerators & decryptors2.1.7 NIPS/ NIDS2.1.8 DLP2.1.9 SIEM
2.2 Given a scenario, use appropriate software tools to assess the security posture of an organization
2.2.1 Network scanners2.2.2 Protocol analyzer2.2.3 Wireless scanners / crackers2.2.4 Exploitation frameworks2.2.5 Passive vs Active2.2.6 Scanners: Vulnerability, Configuration compliance and inventory2.2.7 Password crackers2.2.8 Backup Utilities2.2.9 Honeypot / Honeynet2.2.10 Steganography2.2.11 Command line tools: Unix/Linux and Windows2.3 Given a scenario, troubleshoot common security issues
2.3.1 Personnel2.3.2 Asset Management / Misconfigured devices2.3.3 Identity, Access, Authentication, Authorization and Audit [IAAAA]2.3.4 Encryption2.4 Given a scenario, analyze and interpret output from security technologies
2.4.1 Network security technologies2.4.2 Host security technologies2.4.3 Data security technologies2.5 Given a scenario, deploy mobile devices securely
2.5.1 Connection methods2.5.2 Mobile device management concepts2.5.3 Enforcement and monitoring2.5.4 Deployment models2.6 Given a scenario, implement secure protocols
2.6.1 Protocols2.6.2 Use cases
Domain 3.0 Architecture and Design
3.1 Explain use cases and purpose for frameworks, best practices and secure configuration guides3.1.1 Industry-standard frameworks and reference architectures3.1.2 Benchmarks/secure configuration guides3.1.3 Defense-in-depth/layered security
3.2 Given a scenario, implement secure network architecture concepts.
3.2.1 Zones/topologies3.2.2 Segregation/segmentation/isolation3.2.3 VPN / Tunneling3.2.4 Security device/technology placement3.2.5 Software Defined Networks [SDN]3.3 Given a scenario, implement secure systems design
3.3.1 Hardware/firmware security3.3.2 Operating System Security3.3.3 Peripherals3.4 Explain the importance of secure staging deployment concepts
3.4.1 Secure baseline3.4.2 Sandboxing3.4.3 Environment3.4.4 Integrity measurement3.5 Explain the security implications of embedded systems.
3.5.1 ICS / SCADA3.5.2 IoT / Smart Devices3.5.3 Printers / MFDs3.5.4 Camera systems3.5.5 Special purpose3.6 Summarize secure application development and deployment concepts
3.6.1 Development life-cycle models3.6.2 Secure DevOps / SecDevOps3.6.3 Version control and change management3.6.4 Provisioning and deprovisioning3.6.5 Secure coding techniques3.6.6 Code quality and testing3.7 Summarize cloud and virtualization concepts
3.7.1 Hypervisor3.7.2 Virtual Machine [VM]3.7.3 Cloud computing3.7.3.1 Deployment models3.7.3.2 Storage3.7.3.3 Access3.8 Explain how resiliency and automation strategies reduce risk
3.8.1 Automation/scripting3.8.2 Master image3.8.3 Non-persistence3.8.4 Forms and functions3.9 Explain the importance of physical security controls
Domain 4.0 Identity and Access Management
4.1 Compare and contrast identity and access management concepts.4.1.1 Identification, authentication, authorization and accounting [AAA]4.1.2 Multifactor authentication4.1.3 Single Sign-On [SSO] / Federation
4.2 Given a scenario, install and configure identity and access services
4.3 Given a scenario, implement identity and access management controls4.3.1 Access Control Models4.3.2 Physical Access Control4.3.3 Biometrics4.3.4 Tokens4.3.5 Certificate-based authentication4.3.6 Authorization: file-system and database4.4 Given a scenario, differentiate common account management practices.4.4.1 General concepts4.4.2 Account types
4.4.3 Account policy enforcement
Domain 5.0 Risk Management
5.1 Explain the importance of policies, plans and procedures related to organizational security5.1.1 Standard operating procedures5.1.2 Agreement types5.1.3 Personnel management5.1.4 General security policies
5.2 Summarize business impact analysis concepts
5.3 Explain risk management processes and concepts5.3.1 Threat assessment5.3.2 Risk assessment5.3.3 Change management
5.4 Given a scenario, follow incident response procedures
5.4.1 Incident response plan5.4.2 Incident response process5.5 Summarize basic concepts of forensics
5.5.1 Data acquisition5.5.2 Preservation / Order of volatility5.5.3 Chain of custody5.5.4 Legal hold5.5.5 Recovery5.6 Explain disaster recovery and continuity of operations concepts
5.6.1 Backup concepts5.6.2 Geographic considerations5.6.3 Continuity of operations planning5.6.4 Recovery sites5.6.5 Order of restoration5.7 Compare and contrast various types of controls
5.7.1 Administrative5.7.2 Technical5.7.3 Physical5.7.4 Corrective5.7.5 Preventive5.7.6 Detective5.7.7 Deterrent5.7.8 Compensating5.8 Given a scenario, carry out data security and privacy practices
5.8.1 Data sensitivity labeling and handling5.8.2 Data roles5.8.3 Data destruction and media sanitization5.8.4 Legal and compliance
Domain 6.0 Cryptography and PKI
6.1 Compare and contrast basic concepts of cryptography6.1.1 Symmetric algorithms6.1.2 Asymmetric algorithms6.1.3 Hashing6.1.4 Keys and key exchange6.1.5 Digital signatures6.1.6 Common use cases
6.2 Explain cryptography algorithms and their basic characteristics
6.2.1 Symmetric algorithms6.2.2 Cipher modes6.2.3 Asymmetric algorithms6.2.4 Hashing algorithms6.3 Given a scenario, install and configure wireless security settings
6.3.1 Cryptographic protocols6.3.2 Authentication protocols6.3.3 Methods6.4 Given a scenario, implement public key infrastructure
6.4.4 Certificate formats
The Certified Ethical Hacker [CEH] credential is the most trusted ethical hacking certification and accomplishment recommended by employers globally. It is the most desired information security certification and represents one of the fastest-growing cyber credentials required by critical infrastructure and essential service providers. Since the introduction of CEH in 2003, it is recognized as a standard within the information security community. CEH v11 continues to introduce the latest hacking techniques and the most advanced hacking tools and exploits used by hackers and information security professionals today. The Five Phases of Ethical Hacking and the original core mission of CEH remain valid and relevant today: “To beat a hacker, you need to think like a hacker.”
Course Outline:
Module 01: Introduction to Ethical Hacking |
Module 02: Footprinting and Reconnaissance |
Module 03: Scanning Networks |
Module 04: Enumeration |
Module 05: Vulnerability Analysis |
Module 06: System Hacking |
Module 07: Malware Threats |
Module 08: Sniffing |
Module 09: Social Engineering |
Module 10: Denial-of-Service |
Module 11: Session Hijacking |
Module 12: Evading IDS, Firewalls, and Honeypots |
Module 13: Hacking Web Servers |
Module 14: Hacking Web Applications |
Module 15: SQL Injection |
Module 16: Hacking Wireless Networks |
Module 17: Hacking Mobile Platforms |
Module 18: IoT Hacking |
Module 19: Cloud Computing |
Module 20: Cryptography |
Fundamentals of Information Technology
- IT Concepts and Terminology
- Infrastructure Setup
- Applications & Software
- Software Development
- Database Fundamentals
- Security Essentials
Fundamentals and intermediate skills of Software and Hardware support
- Hardware
- Operating Systems
- Software Troubleshooting
- Networking
- Hardware & Network Troubleshooting
- Security
- Mobile Devices
- Virtualization & Cloud Computing
- Operational Procedures
End User Awareness
- Information Protection
- Cyber Terrorism
- Social Engineering
- Remote Worker Security
- Virus Protection
- Password Security
- Web Browser Security
- Email Security
- Instant Messaging Security
- Telephone Security
- Mobile Security
Intermediate Network Concepts
- Networking Concepts
- Infrastructure
- Network Operations
- Network Security
- Network Troubleshooting & Tools
Intermediate Security Concepts
- Attacks, Threats and Vulnerabilities
- Architecture and Design
- Implementation
- Operations and Incident Response
- Governance, Risk and Compliance
Fundamentals of Information Technology
- IT Concepts and Terminology
- Infrastructure Setup
- Applications & Software
- Software Development
- Database Fundamentals
- Security Essentials
Intermediate Network Concepts
- Networking Concepts
- Infrastructure
- Network Operations
- Network Security
- Network Troubleshooting & Tools
Intermediate Security Concepts
- Attacks, Threats and Vulnerabilities
- Architecture and Design
- Implementation
- Operations and Incident Response
- Governance, Risk and Compliance
Cloud Computing
- Cloud Architecture & Design
- Cloud Security
- Cloud Deployment
- Operations & Support
- Troubleshooting
Operating System and Server and Workstation Concepts
- Vulnerability Assessment and Risk Management
- Students will learn how to address issues including:
- Vulnerability Assessment Frameworks
- Vulnerability Assessment Techniques
- Vulnerability Assessment Tools
- Detect and Respond to Vulnerabilities
- Preform a Vulnerability Assessment
Cyber Policy and Compliance
- Risk Assessment Fundamentals
- Steps to Risk Assessment Process
- Risk Assessment Procedures
- Risk Reduction and Management
Critical Controls
Security and Network Operations Center Concepts
- Fundamentals of Security and Network Operations Center
- Incident Detection and Response
- Security Event and Information Management [SEIM] or
- Security information and event management [SIEM]
- SEIM Deployment and Operations
Intermediate Network Concepts
- Networking Concepts
- Infrastructure
- Network Operations
- Network Security
- Network Troubleshooting & Tools
Intermediate Security Concepts
- Attacks, Threats and Vulnerabilities
- Architecture and Design
- Implementation
- Operations and Incident Response
- Governance, Risk and Compliance
Vulnerability Assessment
- Vulnerability Assessment Frameworks
- Vulnerability Assessment Techniques
- Vulnerability Assessment Tools
- Detect and Respond to Vulnerabilities
- Preform a Vulnerability Assessment
Fundamentals of Ethical Hacking and Penetration Testing
- Emerging Attack Vectors
- Enumeration
- Malware and Reverse Engineering
- Cloud Computing
- Hacking Web Applications
- Operation Technologies
- WIFI Cracking
- Penetration testing Labs
Intermediate Ethical Hacking and Penetration Testing
- Planning & Scoping
- Information Gathering & Vulnerability Identification
- Attacks & Exploits
- Penetration Testing Tools
- Reporting & Communication
- Ethical Hacking Labs
Advanced Ethical Hacking and Penetration Testing
- Penetration Testing: What You Should Know
- Getting Comfortable with Kali Linux
- Command Line Fun
- Practical Tools
- Bash Scripting
- Passive Information Gathering
- Active Information Gathering
- Vulnerability Scanning
- Web Application Attacks
- Introduction to Buffer Overflows
- Windows Buffer Overflows
- Linux Buffer Overflows
- Client-Side Attacks
- Locating Public Exploits
- Fixing Exploits
- File Transfers
- Antivirus Evasion
- Privilege Escalation
- Password Attacks
- Port Redirection and Tunneling
- Active Directory Attacks
- The Metasploit Framework
- PowerShell Empire
- Penetration Testing Labs