Level

Attacks, Threats, and Vulnerabilities for CompTIA Security+

By Christopher Rees

This course will teach you the fundamentals and key concepts around the threats, attacks, and vulnerabilities your organization is likely to face. More importantly you’ll learn how to mitigate those risks and protect your organization.

See Pricing

5.2 hours

179 Lessons

About the course

In this course, you’ll learn about the various threats you’ll face from social engineering techniques like phishing, pharming, and identity fraud. First, you’ll learn about potential indicators of compromise used to identify the types of attack occurring to systems, applications, and networks. Next, you’ll discover the various intelligence sources used to identify and combat these threats. Finally, you’ll become familiar with various penetration testing tools and techniques. When you’re finished with this course, you’ll have the skills and knowledge needed to pass the Threats, Attacks, and Vulnerabilities section of Security+, along with the skills needed to help protect your company from attacks both internal and external.

Recommended order of completion:

Attacks, Threats, and Vulnerabilities for CompTIA Security+
Architecture and Design for CompTIA Security+
Implementation of Secure Solutions for CompTIA Security+
Operations and Incident Response for CompTIA Security+
Governance, Risk, and Compliance for CompTIA Security+
CompTIA Security+: Exam Briefing

Contact Sales See Pricing

Chapter 1 1 Lesson Course Overview 1:45

Course Overview
1:45
Chapter 2 26 Lessons Comparing Different Types of Social Engineering Techniques 48:45

Module Overview
1:37

What Is Social Engineering?
1:47

Phishing
1:54

Types of Phishing
3:47

Vishing
2:37

SPAM
3:00

Dumpster Diving
1:12

Shoulder Surfing
2:39

Pharming
2:28

Tailgating
2:21

Hoaxes
3:11

Prepending
1:45

Impersonation
1:11

Identity Fraud
1:13

Invoice Scam
1:30

Credential Harvesting
2:31

Watering Hole Attack
1:50

Typo Squatting/URL Hijacking
2:19

Hybrid Warfare
2:53

Social Media and Influence Campaigns
1:13

Reasons for Effectiveness - Authority and Intimidation
1:52

Consensus and Social Proof
0:51

Familiarity/Liking
0:48

Trust
0:45

Scarcity / Urgency
0:33

Module Review
0:58
Chapter 3 26 Lessons Analyzing Malware and Other Attacks 49:27

Module Overview
0:45

Indicators of Compromise (IOC)
2:13

Virus
2:53

Crypto-malware / Ransomware
2:17

Trojan
3:51

Worms
0:51

Potentially Unwanted Programs (PUP)
1:42

Fileless Virus
2:15

Botnets
2:36

Logic Bomb
1:14

Spyware
1:42

Keylogger
0:59

Rootkits
1:21

Backdoors
1:28

Spraying
1:19

Brute Force and Dictionary Attacks
2:08

Rainbow Tables
1:55

Known Plain Text / Ciphertext
0:53

Birthday Attack
2:28

Downgrade Attack
0:57

Physical Attacks, Malicious USB, and Skimming
3:57

Adversarial Artificial Intelligence (AI)
1:58

Supply Chain Attacks
2:15

Supply Chain Attack Example
1:27

Cloud-Based vs. On-prem Attacks
3:27

Module Review
0:36
Chapter 4 24 Lessons Recognizing Application Attacks 39:38

Module Overview
0:42

Privilege Escalation
2:19

Cross Site Scripting (XSS)
2:55

SQL Injection
1:17

DLL Injection
1:58

LDAP Injection
0:44

XML Injection
1:12

Pointer Dereference
1:21

Directory Traversal / Command Injection
1:39

Buffer Overflow
1:06

Race Conditions
1:38

Time of Check
1:15

Secure Coding Concepts, Error Handling, and Input Validation
4:28

Replay Attacks
1:04

Integer Overflow
1:08

Cross Site Request Forgery (XSRF)
2:33

API Attacks
2:04

Resource Exhaustion
1:53

Memory Leak
1:42

SSL Stripping
2:07

Shimming
1:06

Refactoring
1:00

Pass the Hash
1:57

Module Review
0:30
Chapter 5 20 Lessons Identifying Network Attacks 37:13

Module Overview
0:45

Rogue Access Points and Evil Twin
3:22

Bluejack and Bluesnarfing
3:17

Dissociation
1:24

Jamming
1:05

RFID
1:09

Near Field Communication (NFC)
1:29

IV Attack
3:04

On-path Attacks (Formerly MiTM)
0:58

On-path Attacks (Formerly MiTB)
2:31

ARP Poisoning
1:25

IP/MAC Spoofing
0:52

MAC Flooding
2:10

MAC Cloning
1:56

DNS Poisoning
1:04

Typo Squatting / URL Hijacking
2:20

Distributed Denial of Service (DDoS)
2:17

Smurf Attack (Amplification)
3:00

DDoS Attack Vectors
1:06

Malicious Code Execution
1:59
Chapter 6 24 Lessons Distinguishing Threat Actors, Vectors, and Intelligence Sources 40:38

Module Review
1:08

Script Kiddies
1:00

Hacktivists
1:00

Organized Crime
1:13

Nation States / APT
1:19

Insiders
1:27

Competitors
1:26

Threat Actor Attributes
0:39

Attack Vectors
7:34

Use of Open Source Intelligence
2:33

Closed / Proprietary Intelligence
0:45

Vulnerability Databases
1:31

Public and Private Information Sharing
1:17

Dark Web
2:22

Indicators of Compromise (IOC)
1:43

Automate Indicator Sharing (AIS)
1:05

TAXII Layout
1:02

MITRE
2:27

Gathering and Correlating Information
1:58

Predictive Analysis
1:07

Threat Maps
0:44

Live Cyber Threat Map
0:42

File / Code Repositories
1:30

Research Sources
3:06
Chapter 7 18 Lessons Understanding Vulnerabilities and Security Risks 34:29

Module Overview
0:54

Cloud-based vs. On-premises
2:44

New Threats / Zero Days
2:01

Mis-configuration / Weak Configuration
1:14

Shared Accounts (Improperly Configured)
1:16

Weak Configuration Considerations
2:37

Weak Cipher Suites and Implementations
1:57

Improper Certificate and Key Management
1:23

Secure Protocols
3:07

Default Configurations
1:19

Third-party Risks
2:36

Vendor Management
1:56

Vulnerable Business Processes
2:28

Outsourced Code Management
1:06

Improper or Weak Patch Management
2:25

Legacy Platforms
1:44

Impact Areas
1:49

Effects of Impacts
1:53
Chapter 8 23 Lessons Defining Security Assessment Techniques 35:58

Module Overview
0:59

Specific Types of Threats
0:49

What Is Cyber Threat Intelligence?
1:28

Importance of Cyber Threat Intelligence
0:53

Threat Intelligence Classification
1:45

Strategic, Operational, and Tactical Intelligence
1:18

Gathering and Correlating Information
2:07

Stages of Risk Management
2:58

Risk Management Data Sources
2:28

Vulnerability Scanning
0:47

False Positive
0:52

False Positive Audits
0:38

False Negatives
0:43

Intrusive vs. Non-intrusive
0:32

Passively Test Security Controls
0:40

Credentialed vs. Non-credentialed
2:22

Identify Vulnerabilities and Lack of Security Controls
1:41

Identify Common Misconfigurations
1:47

Things to Remember
2:25

Common Vulnerabilities and Exposures (CVE)
3:06

CVSS
1:45

Security Information and Event Management (SEIM)
1:58

Security Orchestration, Automation, and Response
1:57
Chapter 9 17 Lessons Defining Penetration Testing 24:03

Module Intro
0:35

Penetration Testing
1:05

Penetration Testing Steps
2:28

Known, Unknown, and Partially Known Environments
0:55

Rules of Engagement
1:43

Lateral Movement
1:17

Escalation of Privilege
0:40

Methods of Privilege Escalation
1:32

Persistence
0:37

Cleanup
1:16

Bug Bounty
1:27

Pivoting
2:06

Types of Reconnaissance
2:32

War Flying
1:16

War Driving
1:19

Red, Blue, Purple, and White Security Teams
2:09

Module Review
1:06

Practice alongside courses in Cloud Playground

What is Cloud Playground? Cloud Playground lets you build skills in real-world AWS, Google Cloud, and Azure environments. Spin up risk-free Sandboxes, Servers and Terminals and follow along with courses, test a new idea or prepare for exams.

Attacks, Threats, and Vulnerabilities for CompTIA Security+

About the course

Course Overview

Module Overview

What Is Social Engineering?

Phishing

Types of Phishing

Vishing

SPAM

Dumpster Diving

Shoulder Surfing

Pharming

Tailgating

Hoaxes

Prepending

Impersonation

Identity Fraud

Invoice Scam

Credential Harvesting

Watering Hole Attack

Typo Squatting/URL Hijacking

Hybrid Warfare

Social Media and Influence Campaigns

Reasons for Effectiveness - Authority and Intimidation

Consensus and Social Proof

Familiarity/Liking

Trust

Scarcity / Urgency

Module Review

Module Overview

Indicators of Compromise (IOC)

Virus

Crypto-malware / Ransomware

Trojan

Worms

Potentially Unwanted Programs (PUP)

Fileless Virus

Botnets

Logic Bomb

Spyware

Keylogger

Rootkits

Backdoors

Spraying

Brute Force and Dictionary Attacks

Rainbow Tables

Known Plain Text / Ciphertext

Birthday Attack

Downgrade Attack

Physical Attacks, Malicious USB, and Skimming

Adversarial Artificial Intelligence (AI)

Supply Chain Attacks

Supply Chain Attack Example

Cloud-Based vs. On-prem Attacks

Module Review

Module Overview

Privilege Escalation

Cross Site Scripting (XSS)

SQL Injection

DLL Injection

LDAP Injection

XML Injection

Pointer Dereference

Directory Traversal / Command Injection

Buffer Overflow

Race Conditions

Time of Check

Secure Coding Concepts, Error Handling, and Input Validation

Replay Attacks

Integer Overflow

Cross Site Request Forgery (XSRF)

API Attacks

Resource Exhaustion

Memory Leak

SSL Stripping

Shimming

Refactoring

Pass the Hash

Module Review

Module Overview