Skip to content

Commit

Permalink
WIP
Browse files Browse the repository at this point in the history
  • Loading branch information
@aaronshaf
aaronshaf committed Jul 6, 2020
1 parent 25f15e6 commit 0e1f247
Showing 1 changed file with 65 additions and 62 deletions.
127 changes: 65 additions & 62 deletions README.md
View file
Expand Up @@ -25,12 +25,12 @@

#### 1.2 Compare and contrast types of attacks.

- Social engineering ([Jason Dion](https://www.udemy.com/program/comptia-security/learn/2015076/lecture/13219886#overview))
- Phishing ([Jason Dion](https://www.udemy.com/program/comptia-security/learn/2015076/lecture/13219898#overview))
- Spear phishing
- Whaling
- Vishing
- Tailgating
- Social engineering ([Jason Dion](https://www.udemy.com/program/comptia-security/learn/2015076/lecture/13219886#overview), [Keith Barker](https://www.cbtnuggets.com/learn/it-training/playlist/nrn:playlist:certification:5b5b6ecb4c71f356450e6ad1/41?autostart=1))
- Phishing ([Jason Dion](https://www.udemy.com/program/comptia-security/learn/2015076/lecture/13219898#overview))
- Spear phishing
- Whaling
- Vishing
- Tailgating
- Impersonation
- Dumpster diving ([Jason Dion](https://www.udemy.com/program/comptia-security/learn/2015076/lecture/13219900#overview))
- Shoulder surfing ([Jason Dion](https://www.udemy.com/program/comptia-security/learn/2015076/lecture/13219900#overview))
Expand All @@ -45,52 +45,55 @@
- Trust
- Urgency
- Application/service attacks
- DoS ([James Messer](https://www.youtube.com/watch?v=Y9LFN4Ajw6c&list=PL5ysgoFoCpZEM8cboeHdRDePc2bOU9CN1&index=18&t=3s))
- DDoS
- Man-in-the-middle ([James Messer](https://www.youtube.com/watch?v=EHCN1uzac_w&list=PL5ysgoFoCpZEM8cboeHdRDePc2bOU9CN1&index=19))
- Buffer overflow ([James Messer](https://www.youtube.com/watch?v=TSeqEN-ZXe4&list=PL5ysgoFoCpZEM8cboeHdRDePc2bOU9CN1&index=20]))
- Injection ([James Messer](https://www.youtube.com/watch?v=81yiRyGG29Y&list=PL5ysgoFoCpZEM8cboeHdRDePc2bOU9CN1&index=21))
- Cross-site scripting ([James Messer](https://www.youtube.com/watch?v=AjsYOMatAcg&list=PL5ysgoFoCpZEM8cboeHdRDePc2bOU9CN1&index=22))
- Cross-site request forgery ([James Messer](https://www.youtube.com/watch?v=rbP2jwEDlBM&list=PL5ysgoFoCpZEM8cboeHdRDePc2bOU9CN1&index=23))
- Privilege escalation ([James Messer](https://www.youtube.com/watch?v=KDIfL6meNQs&list=PL5ysgoFoCpZEM8cboeHdRDePc2bOU9CN1&index=24))
- ARP poisoning
- Amplification
- DNS poisoning ([James Messer](https://www.youtube.com/watch?v=c76GbfM_QsI&list=PL5ysgoFoCpZEM8cboeHdRDePc2bOU9CN1&index=25))
- Domain hijacking ([James Messer](https://www.youtube.com/watch?v=c76GbfM_QsI&list=PL5ysgoFoCpZEM8cboeHdRDePc2bOU9CN1&index=25))
- Man-in-the-browser
- Zero day ([James Messer](https://www.youtube.com/watch?v=0zeEGYENgoo&list=PL5ysgoFoCpZEM8cboeHdRDePc2bOU9CN1&index=27))
- Replay ([James Messer](https://www.youtube.com/watch?v=jy8USm8pIYM&list=PL5ysgoFoCpZEM8cboeHdRDePc2bOU9CN1&index=28))
- Pass the hash
- Hijacking and related attacks ([James Messer](https://www.youtube.com/watch?v=f2VK7jq-s5A&list=PL5ysgoFoCpZEM8cboeHdRDePc2bOU9CN1&index=29))
- Clickjacking
- Session hijacking
- URL hijacking
- Typo squatting
- Driver manipulation ([James Messer](https://www.youtube.com/watch?v=yQb2A-KoA6Y&list=PL5ysgoFoCpZEM8cboeHdRDePc2bOU9CN1&index=26))
- Shimming
- Refactoring
- MAC spoofing ([James Messer](https://www.youtube.com/watch?v=Esqo90Lg4PQ&list=PL5ysgoFoCpZEM8cboeHdRDePc2bOU9CN1&index=30))
- IP spoofing ([James Messer](https://www.youtube.com/watch?v=Esqo90Lg4PQ&list=PL5ysgoFoCpZEM8cboeHdRDePc2bOU9CN1&index=30))
- DoS ([James Messer](https://www.youtube.com/watch?v=Y9LFN4Ajw6c&list=PL5ysgoFoCpZEM8cboeHdRDePc2bOU9CN1&index=18&t=3s))
- DDoS
- Man-in-the-middle ([James Messer](https://www.youtube.com/watch?v=EHCN1uzac_w&list=PL5ysgoFoCpZEM8cboeHdRDePc2bOU9CN1&index=19), [Keith Barker](https://www.cbtnuggets.com/learn/it-training/playlist/nrn:playlist:certification:5b5b6ecb4c71f356450e6ad1/38?autostart=1))
- Buffer overflow ([James Messer](https://www.youtube.com/watch?v=TSeqEN-ZXe4&list=PL5ysgoFoCpZEM8cboeHdRDePc2bOU9CN1&index=20]))
- Injection ([James Messer](https://www.youtube.com/watch?v=81yiRyGG29Y&list=PL5ysgoFoCpZEM8cboeHdRDePc2bOU9CN1&index=21), [Keith Barker](https://www.cbtnuggets.com/learn/it-training/playlist/nrn:playlist:certification:5b5b6ecb4c71f356450e6ad1/44?autostart=1))
- Cross-site scripting ([James Messer](https://www.youtube.com/watch?v=AjsYOMatAcg&list=PL5ysgoFoCpZEM8cboeHdRDePc2bOU9CN1&index=22), [Keith Barker](https://www.cbtnuggets.com/learn/it-training/playlist/nrn:playlist:certification:5b5b6ecb4c71f356450e6ad1/44?autostart=1))
- Cross-site request forgery ([James Messer](https://www.youtube.com/watch?v=rbP2jwEDlBM&list=PL5ysgoFoCpZEM8cboeHdRDePc2bOU9CN1&index=23))
- Privilege escalation ([James Messer](https://www.youtube.com/watch?v=KDIfL6meNQs&list=PL5ysgoFoCpZEM8cboeHdRDePc2bOU9CN1&index=24))
- ARP poisoning
- Amplification
- DNS poisoning ([James Messer](https://www.youtube.com/watch?v=c76GbfM_QsI&list=PL5ysgoFoCpZEM8cboeHdRDePc2bOU9CN1&index=25))
- Domain hijacking ([James Messer](https://www.youtube.com/watch?v=c76GbfM_QsI&list=PL5ysgoFoCpZEM8cboeHdRDePc2bOU9CN1&index=25))
- Man-in-the-browser
- Zero day ([James Messer](https://www.youtube.com/watch?v=0zeEGYENgoo&list=PL5ysgoFoCpZEM8cboeHdRDePc2bOU9CN1&index=27))
- Replay ([James Messer](https://www.youtube.com/watch?v=jy8USm8pIYM&list=PL5ysgoFoCpZEM8cboeHdRDePc2bOU9CN1&index=28))
- Pass the hash
- Hijacking and related attacks ([James Messer](https://www.youtube.com/watch?v=f2VK7jq-s5A&list=PL5ysgoFoCpZEM8cboeHdRDePc2bOU9CN1&index=29))
- Clickjacking
- Session hijacking
- URL hijacking
- Typo squatting
- Driver manipulation ([James Messer](https://www.youtube.com/watch?v=yQb2A-KoA6Y&list=PL5ysgoFoCpZEM8cboeHdRDePc2bOU9CN1&index=26))
- Shimming
- Refactoring
- MAC spoofing ([James Messer](https://www.youtube.com/watch?v=Esqo90Lg4PQ&list=PL5ysgoFoCpZEM8cboeHdRDePc2bOU9CN1&index=30))
- IP spoofing ([James Messer](https://www.youtube.com/watch?v=Esqo90Lg4PQ&list=PL5ysgoFoCpZEM8cboeHdRDePc2bOU9CN1&index=30))
- Wireless attacks
- Replay ([James Messer](https://www.youtube.com/watch?v=1Mx4Ld7PF0s&list=PL5ysgoFoCpZEM8cboeHdRDePc2bOU9CN1&index=31))
- IV
- Evil twin ([James Messer](https://www.youtube.com/watch?v=XqAn2iR9Cc0&list=PL5ysgoFoCpZEM8cboeHdRDePc2bOU9CN1&index=32))
- Rogue AP ([James Messer](https://www.youtube.com/watch?v=XqAn2iR9Cc0&list=PL5ysgoFoCpZEM8cboeHdRDePc2bOU9CN1&index=32))
- Jamming ([James Messer](https://www.youtube.com/watch?v=wqq_uWVqFso&list=PL5ysgoFoCpZEM8cboeHdRDePc2bOU9CN1&index=33))
- WPS ([James Messer](https://www.youtube.com/watch?v=drHyM--ZY5c&list=PL5ysgoFoCpZEM8cboeHdRDePc2bOU9CN1&index=34))
- Bluejacking ([James Messer](https://www.youtube.com/watch?v=ofTKPoLOxnA&list=PL5ysgoFoCpZEM8cboeHdRDePc2bOU9CN1&index=35))
- Bluesnarfing ([James Messer](https://www.youtube.com/watch?v=ofTKPoLOxnA&list=PL5ysgoFoCpZEM8cboeHdRDePc2bOU9CN1&index=35)) _ RFID ([James Messer](https://www.youtube.com/watch?v=GXck1pf7-KE&list=PL5ysgoFoCpZEM8cboeHdRDePc2bOU9CN1&index=36)) _ NFC ([James Messer](https://www.youtube.com/watch?v=GXck1pf7-KE&list=PL5ysgoFoCpZEM8cboeHdRDePc2bOU9CN1&index=36)) \* Disassociation ([James Messer](https://www.youtube.com/watch?v=nRIND-GNiLM&list=PL5ysgoFoCpZEM8cboeHdRDePc2bOU9CN1&index=37))
- Replay ([James Messer](https://www.youtube.com/watch?v=1Mx4Ld7PF0s&list=PL5ysgoFoCpZEM8cboeHdRDePc2bOU9CN1&index=31))
- IV
- Evil twin ([James Messer](https://www.youtube.com/watch?v=XqAn2iR9Cc0&list=PL5ysgoFoCpZEM8cboeHdRDePc2bOU9CN1&index=32))
- Rogue AP ([James Messer](https://www.youtube.com/watch?v=XqAn2iR9Cc0&list=PL5ysgoFoCpZEM8cboeHdRDePc2bOU9CN1&index=32))
- Jamming ([James Messer](https://www.youtube.com/watch?v=wqq_uWVqFso&list=PL5ysgoFoCpZEM8cboeHdRDePc2bOU9CN1&index=33))
- WPS ([James Messer](https://www.youtube.com/watch?v=drHyM--ZY5c&list=PL5ysgoFoCpZEM8cboeHdRDePc2bOU9CN1&index=34))
- Bluejacking ([James Messer](https://www.youtube.com/watch?v=ofTKPoLOxnA&list=PL5ysgoFoCpZEM8cboeHdRDePc2bOU9CN1&index=35))
- Bluesnarfing ([James Messer](https://www.youtube.com/watch?v=ofTKPoLOxnA&list=PL5ysgoFoCpZEM8cboeHdRDePc2bOU9CN1&index=35))
- RFID ([James Messer](https://www.youtube.com/watch?v=GXck1pf7-KE&list=PL5ysgoFoCpZEM8cboeHdRDePc2bOU9CN1&index=36))
- NFC ([James Messer](https://www.youtube.com/watch?v=GXck1pf7-KE&list=PL5ysgoFoCpZEM8cboeHdRDePc2bOU9CN1&index=36))
- Disassociation ([James Messer](https://www.youtube.com/watch?v=nRIND-GNiLM&list=PL5ysgoFoCpZEM8cboeHdRDePc2bOU9CN1&index=37))
- Cryptographic attacks ([James Messer](https://www.youtube.com/watch?v=wjcT1A2CGJo&list=PL5ysgoFoCpZEM8cboeHdRDePc2bOU9CN1&index=38))
- Birthday
- Known plain text/cipher text
- Rainbow tables
- Dictionary
- Brute force
- Online vs. offline
- Collision
- Downgrade
- Replay
- Weak implementations
- Birthday
- Known plain text/cipher text
- Rainbow tables
- Dictionary
- Brute force
- Online vs. offline
- Collision
- Downgrade
- Replay
- Weak implementations

#### 1.3 Explain threat actor types and attributes.

Expand All @@ -102,10 +105,10 @@
- Insiders
- Competitors
- Attributes of actors
- Internal/external
- Level of sophistication
- Resources/funding
- Intent/motivation
- Internal/external
- Level of sophistication
- Resources/funding
- Intent/motivation
- Use of open-source intelligence

#### 1.4 Explain penetration testing concepts. ([James Messer](https://www.youtube.com/watch?v=AbVbqF-UmHc&list=PL5ysgoFoCpZEM8cboeHdRDePc2bOU9CN1&index=40))
Expand Down Expand Up @@ -135,9 +138,9 @@

- Race conditions
- Vulnerabilities due to:
- End-of-life systems
- Embedded systems
- Lack of vendor support
- End-of-life systems
- Embedded systems
- Lack of vendor support
- Improper input handling
- Improper error handling
- Misconfiguration/weak configuration
Expand All @@ -148,11 +151,11 @@
- Vulnerable business processes
- Weak cipher suites and implementations
- Memory/buffer vulnerability
- Memory leak
- Integer overflow
- Buffer overflow
- Pointer dereference
- DLL injection
- Memory leak
- Integer overflow
- Buffer overflow
- Pointer dereference
- DLL injection
- System sprawl/undocumented assets
- Architecture/design weaknesses
- New threats/zero day
Expand Down

0 comments on commit 0e1f247

Please sign in to comment.