SCORCertification Path Link
New Cert Track CCNP Feb 2020 Link New Cert Track CCNA Feb 2020 Link New Re-certification Policy Link General Links18 Biggest data breaches of the 21st Century Link
Good PFS Link June 2020 Amazon DDOS Attack Link Top 50 Product List (os) vulnerabilities List Top Ten most common passwords (123456) Link How Does a Botnet Work Link Dyn DNS Link Cisco CTA cloud (Login) Stealthwatch Link IPFIX & Netflow Link Dyre Malware Banking Link Malvertising Link TLS 1.3 MITM Decryption myth Link DDNS Providers Link DNS Servers WorldWide Link 10 Most Vulnerable OS's 2017 Link TACACS+ Uses MD5 to hash the secret and XOR Link Cisco Cognitive Threat Analytics Link OpenSOC Community Link OpenSOC Link SSL 3.0 POODLE Vulnerability Link DOM based XSS in DVWA Link Verizon 2019 Data Breach Report Link Email MX record lookup Link Cisco CTA Login Link "Dyre" Banking Trojan Link Useful information on how to drive hping3 Kali Link Useful Files
White Board Files
ASA Flow Pre 8.3
Security ThreatsHacktivist, Anonymous Link
The Deep Web and Dark Web Link Public Web Site for Hacking Link Bluejacking/Bluesnarfing/Bluebugging Link Evil Twin Attack using Starbuks WiFi and Raspberry Pie Link WEP IV Attack Video Link WPA Attacks Video Link , WPA Explained Video Link TKIP and CCMP Video Link Wi-Fi Protected Setup (WPS) Video Link RFID Vs NFC Link Fukushima Nuclear Plant Documentary Link Attacking ToolsBest Hacking Tools Link
Wordlist Password File Link Obtaining Windows Password Link hping3 Kali Linux Link (ICMP/SYN?etc) Online HASH generator NT/NTLM etc Link DNSChef Kali Link DNS Tunneling Kali Link Buffer Overflow Attack DVWA Link Pass The Hash Kali Link Firewalk Kali Linux Link Link2 Mimikatz Link List of useful tools Link General ToolsPlaybooks Link
Free Online Sandboxing/ Anti Malware Link Public Web Site for Hacking Link CVSS 3.0 Online Scoring Calculator Link Windows sysinternal tool download link URL Encoder/Decoder Link Swiss Knife of on-line conversion tool Link Epoch time converter Link !!! Some Great Attacks !!!!Bronze Soldier attack Estonia,
Human rights attacks and China, HM Revenue & Customs lost accounts. Mafia Boy DOS attack Feb/2000. Anonymous attack against the Home Office. Stuxnet attacks against atomic plants in IRAN. Turkish Web site Hacking. Spamming 350 million and the result = 28 E,T, A are the most common English letters in order of frequency What is Phishing, redirection to malicious website, via email. Vishing is as Phishing except via Phone. Smishing is Phishing via SMS What is Pharming, redirection to malicious website unknown (DNS/HOSTs) Nimda Code Red 1999-2004, Conficker worm 2008, Stuxnet 2010, NHS Attack May 2017 WannaCry Link Admin/Tech/Physical Link Common Vulnerabilities & Exposures CVE EU-US Agreement re data transfer (Safe Harbour) DNS DDOS attack. it almost broke the Internet 3/2013 (New Amplification) NTP Attack Feb 2014 (Amplification) Morris Worm first Internet -based worm 1988 Hacking Tools, sectools.org, Kali Linux, Metasploit Basic Security Requirements CIA Salted Password Hashing MD5 Avalanche effect Hello World hash will be totally different to Hello World1, and MD5 Collision Demo Simon Singh Web Site Information Security Policies RUSECURE |
Course Content
The SCOR course is an 8 day course with a combination of Instructor-Led Training (ILT) and Self Study.
Legend Green = ILT Red = Self Study Describing Information Security Concepts
Inland Revenue lose 25 million records in post 2007 Link
CVSS 3.0 Online Scoring Calculator Link Difference between MAC/DAC/RBAC Link CVE Mitre org Link CVE Details top 50 Link Open-source intelligence (OSINT) Link Link2 OpenSOC Link Personal Data with regard to GDPR Link Safe Harbour to GDPR Link COBIT & ITIL Link DMCA Digital Millennium Copyright Act Link Describing Common TCP/IP AttacksICMP Redirects and Routing tables (Scapy) Link
Scapy ICMP Tunneling Link ICMPTX Explained Link ICMP OS Fingerprinting Link Smurf (ICMP)/Fraggle (UDP)/Land.C (TCP ports) Link Teredo Tunneling Tool Link MaxMind GeoIP Link PII Link SQL Injection Attack (1=1) Link SQL Slammer UDP 2003 Link Teardrop DOS attack (Fragmentation) Link DDOS attack against DNS "Dyn" Link Botnets using HTTP for CnC Link Firewalk Kali Linux Link Link2 robots.txt Link Reconnaissance web site Shodan Link OSINT Great reconnaissance tool Link DNS DDOS attack. it almost broke the Internet 3/2013 (New Amplification) NTP Attack Feb 2014 (Amplification) Wiper 2013 Korea Link Top 10 Botnets Link Zeus MITM App attack (Banking) Link What this website reveals about you webkay.robinlinus.com Gather information from a website robots.txt Link DDOS Cisco Solution (Arbor) ASR9000 Link Describing Common Network Application Attacks
Public Web Site for Hacking Link
Pass The Hash Attack Video Link How STRONG is your password DNS Tunneling Kali Link DNS Changer Link DNSSEC Link Fast Flux/Double Flux Link Sammy KamKar Link Youtube cros-site scripting Link Pharming, DNS Cache Poisoning Link DNSSEC Link DNSSEC and RRSIG Link Dyn DNS Link DNSSEC Link URI and URL difference Link HTTP Methods Link HTTP Status Codes Link Secure IMAP and SMTP ports Link NetBIOS Link1 Link2 NetBIOS over TCP/IP Youtube Link Cross-Site Scripting XSS Video Link Cookies, Session Hijacking, and XCRF Video Link SQL Injection / XML Injection Video Link Buffer Overflow Video Link Buffer Overflow Youtube Link Man-in-the-Browser (Pivoting) Video Link PERL/Python and PHP(Hypertext Preprocessor ) Link originally Personal Home Page Describing Common Endpoint AttacksDescribing Network Security Technologies
Virtualisation.
VLANS and VxLANS VRF's VRF-Lite Stateful Firewall Link Security Intelligence Link Talos Link Cisco Threat Intelligence Director (part of FMC) Link Structured Threat Information Expression (STIX) Link Trusted Automated Exchange of Intelligence Info (TAXII) Link IPS NGFW ESA WSA CTA - Cognitive Threat Analytics (now known as CI) Link DNS Security Link CASB (CloudLock) Link AAA (ISE) Link VPN Network Device Form Factors (Physical/Virtual) Deploying Cisco ASA FirewallVPN & Routing support with Contexts Rel 9.0
Cisco AnyConnect ordering Guide/License is two tier "AnyConnect Plus" & "AnyConnect Apex" Link Remote Access VPNs rel 9.5(2) COA Support, 16 Active Links Ether/Chan Rel 9.2 Traffic Zones Rel 9.3 Local Lan Access "Profile Editor" Link Local Lan Access via split tunneling, Cisco Link (not the best) License Details 8.2 Product Details DNS Resolution of ACL's names in Object groups Configuring management access over a VPN to another interface Exemption NAT V8.3 Reset RDP sessions Managing feature licenses for V9.14 an below How does Proxy ARP work on an ASA Deploying Cisco Next-Generation Firewall
Excellent link to clarify FTD flows Link
A great link explaining the order of prefilter/ACP processing link Excellent PDF all comms ports including 443 to the internet Link DAQ (Data Acquisition) Troubleshooting Link QOS Option on FTD is to Rate Limit Link QOS 6.3 and above priority Q fudge Link QOS FMC Guide V6.5 Link Lina Code (ASA) before and after SNORT Process Link Hardware by-pass fail-to-wire Link Fail to Wire Hardware Modules Link ACP Offloads, fastpath etc SmartNIC Link Flow Offload (V6.3 now supports Snort) Link ThreatGrid and Data Protection Link FlexConfig replaced by Service Policies 6.30 onwards Link FlexConfig still present in 6.3 to config features outside GUI ie EIGRP, however connections limits created in adv area in ACP under "threat defense service policy" Configuring TCP state bypass using FlexConfig Link elephant/fat flow Link Deploying Email Content Security
Notes:
1. Generally any dynamic updates are normally 5 minutes 2. If Message already in work queue changes to Antispam/Virus and Outbreak filters have no effect. 3. In Outgoing emails antispam/outbreak filters turned off be default can be enabled. 4. ESA has Data 1 initially configured (mangement enabled on this interface) Data 2 remains disconnected. 5. LDAP queries bypassed (RAT) ie employee in support@example.com 6. By pass throttling (RAT) ie postmaster@domain.com many recpts. 7. All messages that are processed by AV engine have "X-IronPort-AV" added to messages 8. Asynchronous: service or application does not require a constant bit rate. Examples are file transfer, email and the World Wide Web. Synchronous: service, is realtime streaming media, for example IP telephony, IP-TV and video conferencing. 9. Both SPAM engines can be enabled (IronPort/Cisco) only one used per policy, DKIM (DomainKeys Identified Mail) & DMARC (Domain Message Authentication Reporting) Link
SIO/CIS/TOC/Talos?VRT differences Link ESA Appliances Link ESA Data Sheet Link CES Cloud Email Security Link Security updates from the cloud to the ESA Link Updates from the cloud Link Malicious code in PDFs Link Cisco SMA (Security Management Appliance) Link Average daily spam volume 307.5 billion (6/2018) Talo Link Between 65% to 80% malicious threats via email Talos Whitepaper Link Three Pillars of Talos--SenderBase--Threat Operatsions--Dynamic updates Embed URL's (as I do on this website) Link DNS PTR Record Link MX Records Priority Link DNS Basic (Google) MX records with multiple priority Link You can CLuster ESA's to make sure all ESA members of a Group recieve the same config (Important when using DNS priority. HAT--Host Access Table and Pipeline Flow Link RAT-Recipient Access Table Link Advanced Network Config (Vlan's/Etherchannel) Link SBRS--SenderBase(Sensorbase) reputation score Link External Threat Feeds (new v12) STIX/TAXI Link Configure Local Spam Quarantine on the ESA Link Graymail -- Link Polymorphic Virus -- Link Able to parse attachment--read and process text stored inside e-mail attachments Link =/= is --- does not equal CASE-- Context Adaptive Scanning Engine Link Applies over 100000 adaptive message attributes Cisco solution replaces RSA for DLP on ESA Link SIO/CIS/TOC/talos/VRT Link Deploying Web Content Security
!!!Excellent Cisco Live WSA Presentation!!! Link
Notes: Generally any dynamic updates are normally 5 minutes Thread Grid analysis can take 15-20 minutes SIO/CIS/TOC/Talos?VRT differences Link
WSA Data Sheet Appliances Link What types of FTP proxy does WSA support Link Cisco SMA (Security Management Appliance) Link Web 2.0 (social content user generated input) Link PAC Files (Proxy Auto-Configuration) Link WCCP - Web Cache Communication Protocols Link Uses Service Groups for Load Sharing WCCP Platform Support Link WPAD - Web Proxy Auto-Discovery Link Browser Support Link CARP- Common Address Redundancy Protocol Link DCA - Dynamic Content Analysis Link (Invoked for uncategorised URL's typically <5%) The Deep Web and Dark Web Link DVS- Dynamic Vectoring and Streaming Link DVS--Webroot Link L4TM--Cisco Community Video Link L4TM--Layer 4 Traffic Monitor inspects all ports Link Not in-line mostly monitoring, can send TCP reset. WSA Load balancing (DNS/PAC/AUto discovery/WCCP) Link DNS Rotation WPAD Web Proxy Auto-Discovery using DHCP/DNS Link Configuring WCCP Link Good document covering Identity Profile config Link Authentication PDF Link NTLMSSP--Link Difference between NTLM and LDAP Link Difference between NTLM and Kerberos Link Cisco Web Security Reporting Link Linka Cisco Web Security Monitor (Old) Link NTLMSSP - NT Lan Manager Security Support Provider Link HTTP Authentication (Basic/NTLM/Digest) Link End-User Acknowledgement Page Link HTTPS Decryption Flow and use of Monitor Link ISE Integration SGT/IP to name supported Link Safesearch Link CTA - Cognitive Threat Analytics (now known as CI) Link Deploying Cisco Umbrella
Explaining VPN Technologies and Cryptographic ConceptsASA Anyconnect Double Authentication Link
Broker Applet Java/ActiveX (2018) link IKE/IKEv2 Rekey Link FlexVPN "Enrollment Terminal or URL" Link FlexVPN Per-Peer Configration Link NHRP Holdtime and Cache refresk Link Using Hostname in IPsec Site to Site VPNs Link Delete default ISAKMP Policies "no cry isakmp default polic" VPN Authentication CRACK (Public keys/radius) Link Supported Cisco VPN Platforms Link GET PPT (2006) Link CCIE Tutorial Link Online Diffie Hellman Calculator DMVPN Phase 1/2/3 Link Certificate Authority Link "Identity Sent to Peer" Link PFS and Y/N = N in IKE2, (Child SA created at time of Main SA) DMVPNs Cisco Proprietary but a Draft RFC has been produced Link The reasons for creating an empty IPsec profile (defaults) Link "aaa authorization group cert list" explained Using ASA Packet Trace to bring up VPN Link Dead Peer Detection Link Default Transform Set Link DMVPN Explained including NHRP Timeouts Link "ip nhrp map multicast" Link Selecting the profile xml from the Anyconnect window Link FlexVPN correct configuration examples for Spoke to Spoke (Shortcut) "crypto ipsec profile" explained Next Generation and legacy algorithms DMVPNS with PSKs and wildcarding on the IP address HUB config NHRP in FlexVPN and short cutting Spoke-to-Spoke IKEV1 and IKEV2 rekeying Link Controlling traffic within site to site VPN (ACLs and vpn-filter) Wild carding Pre-shared keys for IPSEC "ip flow ingress" explained VTIs and identifying interesting traffic down the tunnel (Lab minutes) ECDSA The digital signature of a better Internet Elliptical Curve Cryptography ECC explained Differences between Posture Module and standalone Host Scan Package Deploying Posture Module and Host Scan packages AES-GCM Explained Galios Pronounced IKE V2 PRF's Seperate process to generate IKEv2 key/hash material ISAKMP Default Policy enable/disable NHRP Explained and keepalives FlexVPN Short Circuit configuration Link Configuring the Tunnel Mode .The encapsulation mode for the tunnel interface defaults to generic route encapsulation (GRE), Migration from DMVPN to FlexVPN (Phased Deployment) IKE V2 & PRF Excellent Cisco Live presentation on FlexVPN FlexVPN using EAP Peer Authentication DMVPN High Availability Sharing IPsec with Tunnel Protection IKEv2 and Legacy Config Filtering on Site to Site VPNs Link Introducing Cisco Secure Site-to-Site VPN SolutionsDeploying Cisco IOS VTI-Based Pt/Pt IPsec VPN'sMigration of IKEv1 to IKEV2 ASA 8.4
Next Generation Encryption DMVPN Phase 3 Blog DMVPN & GET VPN Design and Case Study Cisco IOS DMVPN Overview Remote Access VPNs on ASA 9.0 Packet Capture on PIX/ASA MultiPoint GRE Blog DMVPM Migration to FlexVPN sysopt connection permit-vpn link Cisco IOS (Monolithic) IOS XE separate processes Link Cisco IOS XE (ASR and ISR routers, WLC's Switches) Link Cisco ASA VTI's only BGP dynamic routing supported Link Deploying Pt/Pt VPN's with NGFWNo DMVPN/GETVPN/EzVPN support
Deploying RA VPN's NGFWNOTE:
1 .You can enable a 90 eval license for four licenses Base/Threat/Malware and URL Filtering You cannot deploy Remote Access VPN if the following are true: Smart Licensing on the Firepower Management Center is running in evaluation mode. 2. FTD can apply a filter on the tunnel traffic via group policy but unlike ASA must also have the tunnel permitted in the ACP. The access list in the Group Policy is totally separate to the main ACP 3. No SSL Clientless support on the FTD, Certificate Chains Link FAQs Anyconnect Licensing Link Register Anyconnect license for use with FTD Link Support for SSL Client and IKEV2 Link Remote Access VPN and FTD Link Explaining Cisco Secure Networks Access solutionsDescribing 802.1x AuthenticationConfiguring 802.1x AuthenticationDescribing Endpoint Security TechnologiesDeploying Cisco AMP for EndpointsIntroducing Network Infrastructure ProtectionDeploying Control Plane Security ControlsDeploying Layer 2 Data Plane Security ControlsDeploying Layer 3 Control Plane Security ControlsDeploying Management Plane Security ControlsDeploying Traffic Telemetry MethodsDeploying Cisco Stealthwatch EnterpriseDescribing Cloud and Common Cloud AttacksSecuring the CloudDeploying Cisco Stealthwatch CloudDescribing SDN | ||||||||||||||||||||||||||||||||||||||
