Security + Certification-Threats and Vulnerabilities Domain – Chad Russell

Salepage link: At HERE. Archive: https://archive.is/wip/Og7qA

This course is for beginners and IT pros looking to get certified and land an entry level Cyber Security position paying upwards of six figures! There are currently over a million Cyber Security job openings global and demand is greatly outpacing supply which means more opportunity, job security and higher pay for you!

The Security+ exam covers six domains and this course focuses on the third domain which is ‘Threats and Vulnerabilities” domain.

• Malware
• Cyber attacks
• DNS Security
• Social engineering
• Wireless attacks
• Advanced wireless attacks
• XSS – Cross-Site Scripting attacks
• Buffer overflows
• Security testing tools
• SIEM – security information and events management
• Platform hardening and baselining
• Honeypots and honey nets
• Vulnerability scanning and pen testing
• Threat modeling

In Malware section we will define Malware categories and characteristics and talk through protective countermeasures to keep networks, systems, and data safe from compromise.

There are so many different types of attacks sometimes it can be challenging to address them all within the context of our various lessons. So in the Cyber Attacks lesson, I’ve pulled together some attack types that haven’t necessarily been covered in the other sections. When the internet was originally architected services such as DNS weren’t necessarily designed with security in mind. You will learn about DNS vulnerabilities, attacks and DNS Security protocols as part of the DNS Security lesson

Understand social engineering in the context of information security, which refers to psychological manipulation of people into performing actions or divulging confidential information. You will learn the basics of modern wireless security protocols, vulnerabilities, attacks and defense mechanisms in the wireless attacks lesson. Wireless networks represent the softest and most common entry point for hackers. We will talk about advanced wireless attacks and how to prevent them.

XSS and Injection are some of the top techniques used by attackers to compromise websites and user data. Learn how to test for XSS vulnerabilities, identify exploits and protect against them. Attack applications using buffer overflow techniques in order to execute arbitrary malicious code and we will also identify ways to mitigate these attacks.

There is practically an infinite number of security testing tools available both free and paid. In the security testing tools lesson, we will begin to scratch the surface of some of these common tools and identify how we categorize them and their uses. Management of logs is a key component of operational security. These days the velocity, variety, and volume of data collected via logs have catapulted log management into the realm of Big Data. You will learn how to effectively manage these logs and derive useful security information from them in the lesson on SIEM.

Minimizing the attack surface area of operating systems, databases and applications is a key tenet of operational security. I will show you techniques for OS/DB and App hardening. Luring attackers away from critical data and studying their behavior can help us to protect the data that matters most. You will learn how to use honeypots to tie up attackers and find out what they are up to.

Vulnerability Assessment and Pen Testing are often terms that are used interchangeably. In this section, we will walk through some of the differences and commonalities between the two.

What are the requirements?

• Students should have basic knowledge of operating systems such as Windows and Linux.
• No special software is needed for this course.

What am I going to get from this course?

• Comprehend Cyber Security
• Gain an in-depth understanding of the ‘Threats and Vulnerabilities’ Domain of the Security+ Exam.

What is the target audience?

• This course is intended for absolute beginners and IT professionals looking to make the move into the Cyber Security field. No programming experience or prior security knowledge is required. A basic understanding of networking and TCP/IP is helpful. This course is intended for anyone who is interested in a career in Cyber Security

Course Curriculum

Security Threats and Attacks

• 01 – Course Introduction (5:00)
• 02 – Malware (14:27)
• 03 – Cyber Attacks (17:56)
• 04 – Social Engineering (9:29)
• 05 – XSS – Cross-Site Scripting Attacks (9:12)
• 06 – DNS Security (4:47)
• 07 – Buffer Overflows – Part 1 (12:40)
• 08 – Buffer Overflows – Part 2 (11:17)
• 09 – Threat Modeling (8:31)
• 10 – Hands-On Creating Your Own Virus Using JPS Virus Maker (3:37)

Proactive Security

• 11 – Vulnerability Scanning and Pen Testing (9:27)
• 12 – Platform Hardening and Baselining (8:22)
• 13 – Hands-On Scanning with OpenVAS (1:30)

Wireless Security

• 14 – Wireless Attacks (8:20)
• 15 – Advanced Wireless Attacks (14:48)
• 16 – Hands-On Hacking Wireless with Aircrack and Reaver (8:30)

Incident Response

• 17 – Honeypots and Honeynets (6:38)
• 18 – Security Information and Event Management (12:31)
• 19 – Hands-On Honeypots with Kippo (6:52)
• 20 – Course Summary (1:50)