CompTIA Security+, Part 6 of 8: Attacks and Mitigation
Interactive

CompTIA Security+, Part 6 of 8: Attacks and Mitigation

LearnNow Online
Updated Aug 21, 2018

Course description

In this course, certified technical trainer Ryan Hendricks delves into the multitude of ways an attacker can compromise an organization. Hendricks will discuss how session hacking is used to compromise Web servers and e-mail servers and also examine the security concerns regarding wireless and Bluetooth devices. This course will also reveal the tools that should be in every security professional’s tool belt as well as the latest mitigation, discovery, penetration and vulnerability testing techniques.

Each LearnNowOnline training course is made up of Modules (typically an hour in length). Within each module there are Topics (typically 15-30 minutes each) and Subtopics (typically 2-5 minutes each). There is a Post Exam for each Module that must be passed with a score of 70% or higher to successfully and fully complete the course.


Prerequisites

This course assumes that the user has working knowledge of networks and networking. Ideally, the user should have their CompTIA Network+ certification, but can be replaced with networking experience.


Meet the expert

Ryan Hendricks

Ryan Hendricks is an experienced instructor who teaches networking and security courses to IT professionals throughout the nation. He currently has the CompTIA Certified Technical Trainer (CTT+ Classroom) and the Cisco Certified Academy Instructor (CCAI) credentials. He holds certifications from (ISC)2, EC-Council, CompTIA, and Cisco. When not on the podium instructing, he delves into IT books, always looking to learn more and keep up with the latest security topics.

Video Runtime

108 Minutes

Time to complete

148 Minutes

Course Outline

Wireless & Application Threats

Wireless Attacks (16:53)

  • Introduction (00:28)
  • Rogue Access Points (01:24)
  • Jamming/Interference (01:21)
  • Evil Twin (01:29)
  • War Driving (00:59)
  • War Chalking (00:57)
  • Bluejacking (00:42)
  • Bluesnarfing (00:47)
  • IV Attack (01:27)
  • Packet Sniffing (01:38)
  • Near Field Communication (00:42)
  • Replay Attacks (00:34)
  • WEP/WPA Attacks (02:31)
  • WPS Attack (01:22)
  • Summary (00:25)

Application Attacks (08:47)

  • Introduction (00:17)
  • Zero-Day Attack (01:20)
  • Cookies and Attachements (02:07)
  • Locally-Shared Objects (00:23)
  • Malicious Add-Ons (00:55)
  • Session Hijacking (01:44)
  • Header Manipulation (00:39)
  • Arbitrary Code Execution (00:51)
  • Summary (00:27)

More Application Attacks (35:19)

  • Introduction (00:29)
  • Cross-Site Scripting (00:54)
  • Cross-Site Request Forgery (01:17)
  • Demo: Cross-Site Scripting (05:55)
  • SQL Injection (01:29)
  • Demo: SQL Injection (05:44)
  • Demo: Bypass Authentication (03:28)
  • XML Injection (00:28)
  • Directory Traversal (00:57)
  • Demo: Directory Traversal (04:17)
  • Command Injection (00:52)
  • Demo: Command Injection (04:49)
  • Buffer Overflow (00:44)
  • Integer Overflow (03:22)
  • Summary (00:26)
Mitigation Techniques

Mitigation Techniques (19:12)

  • Introduction (00:17)
  • Event Logs (00:47)
  • Audit Logs (01:08)
  • Security Logs (00:40)
  • Access Logs (00:30)
  • Hardening (04:13)
  • Network Security (04:10)
  • Security Posture (03:30)
  • Reporting (01:53)
  • Detection vs. Prevention (01:35)
  • Summary (00:26)

Discovery (15:43)

  • Introduction (00:23)
  • Security Assessment Results (00:57)
  • Tools (00:32)
  • Protocol Analyzer (01:17)
  • Vulnerability Scanner (00:56)
  • Honeypots (00:54)
  • Honeynets (00:28)
  • Port Scanner (02:22)
  • Passive vs. Active Tools (01:05)
  • Banner Grabbing (00:43)
  • Assessment Techniques (00:25)
  • Baseline Reporting (00:44)
  • Code Review (01:47)
  • Determine Attack Surface (01:04)
  • Review Architecture (01:07)
  • Review Designs (00:30)
  • Summary (00:23)

Penetration Testing (12:39)

  • Introduction (00:24)
  • Penetration Testing (01:02)
  • Identify Vulnerability (00:30)
  • Verify a Threat Exists (00:34)
  • Bypass Security Controls (00:49)
  • Actively Test Security Control (00:27)
  • Exploit Vulnerabilities (00:42)
  • Vulnerability Scanning (00:42)
  • Passively Testing Security (00:42)
  • Identify Lack of Security (00:37)
  • Identify Common Misconfigs (01:10)
  • Intrusive vs. Non-Intrusive (01:19)
  • Credentialed vs. Non (00:53)
  • Black Box (01:11)
  • White Box (00:28)
  • Gray Box (00:27)
  • Summary (00:35)