Attacks Around the World
Useful LinksDelegate Material Registration Link
Delegate Material Access Link Delegate Lab access Link (6 Months Access once redeemed) Instructor Access Course Material Link SY0-601 Exam Domains
Link 1. Attacks, Threats and Vulnerabilities 24% 2.0 Architecture and Designs 21% 3.0 Implementation 25% 4.0 Operation and Incident Response 16% 5.0 Governance, Risk and Compliance 14% EXAM Objectives CompTIA Roadmap Link Continuing Education Program FREE KALI LINUX PDF Install Kali Link Free Windows Virtual Machine Link Cisco Packet Tracer Download Link Useful Files
Security+ YouTube Playlist SY0-601Useful WebsitesCisco Security Solutions to mitigations Link
Excellent all in one Website re tools and methods Link Excellent site on Worms and Trojans Link Most Common Password List Link Public Web Site for Hacking Link UNIX in a Browser (Practice) Link Homoglyph Attack Generator Link Punnycode Convertor Link ISSUES June 2021 Fastly misconfiguration brought the Internet down Link EA Hacked Source Code June 2021 Link Attacks May 2021 Colonial Pipeline Ransom Paid (BBS News) Link Recent Attacks (July 2020) Blackbaud Data Breach ransomware Link Garmin Attacks Link Premier League Link University of York (may to July) Link Amazon Link Hydro Norway Link MOZI IOT Attack Link Class Whiteboard Files
General Drawings
VIGENERE (Polyalphabetic)
WEP
TKIP
SAML
Kerberos
All Ports Required
General Practical InformationDNSSEC and RRSIG Link
SQL Injection Attack (1=1) Link Null Pointer Exception Link strcpy (String Copy) buffer overflow Link Replace a resource with one in a URL Link Identify Trojan horses and others Link Command injection && Link Command Injection Link Vulnerable ports especially 1900 Link System32 Trojan or Virus Link Javascript examples XSS Link You Tube Security+ Videos |
Course Content"The Art of War" by Sun Tzu Link
Lesson 1: Comparing Security Roles and Security ControlsThe CIA Triad Video Link aka AIC or PAIN
Infosec Link Cybersecurity Framework Five Functions Link Example of Data Security Policy Link NIST 800-53 Security Controls Link ISO 27K Link ISO 31K Link SSAE SOC1/2/3 Link OWASP Top Ten Web Application Security risks Link GDPR Link Playbooks Link 15 Biggest data breaches of the 21st Century Link CESG Link Lesson 2: Explaining Threat Actors and Threat Intelligence The Sony Attack Link
Wannacry attack Link China's Great Cannon Link Fireeye Nation State report Link Fireeye Resources Link Kaspersky APT Predictions for 2020 Link SIM Swap fraud Link Garmin Hacker attack July 2020 Link Link2 Insider threat "Captital One" insider data breach Link Internal Twitter Attack Link Target attack via HVAC system (US) Link Hunt for weaknesses in Apps Common Attack Pattern Enumeration & Classification Link Tactics, Techniques and Procedures (TTPs) Mitre Navigator Link APT Groups Link The Pyramid of Pain (Mitre Attack Framework) Link Link2 The Deep Web and Dark Web Link Defcon Harvard (Eldo Kim) Bomb Attack Link 3rd Party Integration of SI Feeds (STIX/TAXII) Link Reconnaissance web site Shodan Link Using Shodan Video Link Open-source intelligence (OSINT) Link Link2 Google Dorks Link Virus Total Link Tracking SPAM Link MISP OSINT Threat Sharing Link RFC's Database Link RFC 1149 CheckPoint's Live Threat Map Link Lesson 3: Performing Security Assessmentsnmap reference guide Link
nmap cheat sheet Link theHarvestor tool Link dnsenum tool Link scanless tool Link Port Scanning from GRC (remote) Link curl transferring data with URLs Link hping Link Netcat examples and switches Link Netcat Switches (SANS) Link Nessus Link tcpreplay Link metasploit Pen Test framework Link Sn1per Tool Link Security Assessment Frameworks NIST SP 800-115 Link OpenVAS Vulnerability Scanner Link SCAP Protocol Link CVSS 3.0 Online Scoring Calculator Link Non-Intrusive scanner Zeek link Manauver Link 32 million Twitter Credentials Leaked Link 15 Biggest data breaches of the 21st Century Link Hackney Council Data Stolen 2021 Link List of Big Bounty Programs Link Orange is the new Purple (Team) exercise types Link War driving using Drones Link Lesson 4: Identifying Social Engineering and MalwareBruce Schneier's essays on social engineering Link
Credential Harvesting Link Credential Harvesting Madgecart Link Deep Fake (Voice and Video) Link Influence Campaigns (compromised twitter accounts) Link US Election Influencer Campaign Link Rogueware, Scareware Ransomware Link Different Types of Viruses Link Fileless Virus Link Conficker Worm Removal Link Removal for US Intel agencies Darkmatter Rootkit Link How does Bitcoin Mining work Link Cuckoo Sandbox automated malware detection Link Sysinternals Link Lesson 5: Summarizing Basic Cryptographic ConceptsCleartext vs Plaintext Link
ChaCha20 Stream cipher Link Comparison of Symentric Encryption Algorithms Chacha20 Vs RC4 is included Link Padding Oracle Attack with AES CBC Link Schneier's Law Link TLS V1.3 Update Link Smart Meter Security Link Is it still safe to use RSA Link Blockchain used for integrity of Voting System Link Google demonstrates Quantum Computing Link YouTube video on Quantum Computing Link YouTube video Quantum Cryptography in 6 mins Link YouTube video Blockchain in 2 mins Link Stenography Page Link What3words the whole planet broken into blocks link Good for generating passwords Password Checking Site Link WPA3 Link Online Coder/Decoder Rot13 XOR etc Link Better Link On-Line MD5 Hashing Generator Link Rail Fence Cipher Link On Line XOR Calculator. AND/OR/XOR explained DHE Explained Link Diffie Hellman on-line calculator Link ECDH Video Link Lesson 6: Implementing Public Key InfrastructureEV Standards maintained by CA/Browser Forum Link
Wildcards in EV certificates like a Unicorn Link Heartbleed Bug (OpenSSL) Link Really good resource on Digital Certificates chains etc Link Certificate Transparency Link Certificate Formats PEM/DER etc Link Extended Validation is it really dead Link Link2 Big Organisations let their certificates expire (Linkedin) Link CRL Distribution points in Certificate Link Certificate Transparency org Link Lesson 7: Implementing Authentication ControlsWhat3words the whole planet broken into blocks link
Good for generating passwords Password Checking Site Link Password Cracking with Machine Learning Link Brute Force attack Machine learning Link Password Checker (GRC) Link Cain and Abel, Password cracker download Link Hashcat (Fast Password Recovery) Link FIDO/U2F Key Link How FIDO Works Link SMS Intercept Attacks Link Facial Recognition abandoned in Kings Cross Link Lesson 8: Implementing Identity and Account Management ControlsAmazon Capital One Breach Insider Link
Managed Service Accounts Link Privileged Access Management Link CyberARK Link SSO SIte Cisco DevNet Link NIST Updated Guidance on Password Policies Link Adobe Data Breach 2013 helped by password hints Link Password Strength Cartoon fun Link SOAP Link SOAP Vs HTTP Link Illustrated Guide to Oauth and OIDC Link American Red Cross Rogue tweet Disaster McDonalds Twitter Campaign gone wrong Lesson 9: Implementing Secure Network DesignsSecuring the Data Centre (Cisco ASAv) Link
WiFi has new numbers (1/2/3/4/5) Link WiFI 6 Link Easyconnect and DPP replacement for WPS Link EAP-TLS explained (Non-Tunneled) Link Radius Federation, University students eduroam Link WPA2/WPA2 Replay Attack called KRACK Link WPA 4-Way Handshake Link Link2 4-Way Handshake Video Link The Pairwise Transient Key (64 bytes) is divided into five separate keys: Link On-Line WiFi emulator password = password link DDOS protection RTBH BGP (Cicsco) Link DNS DDOS attack. it almost broke the Internet 3/2013 (New Amplification) NTP Attack Feb 2014 (Amplification) Spamming 350 million and the result = 28 Lesson 10: Implementing Network Security AppliancesLesson 11: Implementing Secure Network Protocols.htaccess redirects Link
Talos Domain Reputation Link DNSSEC Adoption Link DNSSEC and DMARC anti-phishing Link TLS V1.3 Link Cisco Support TLS V1.3 Link Top SNMP ALternatives (SNMP is Dying) Link RSS and Atom Feeds Link PPTP Insecure Link PPTP Vs L2TP Link Precision Time Protocol PTP Link Apache Guacamole HTML5 remote desktop solution Link Canvas Element Link Lesson 12: Implementing Host Security SolutionsTrusted Computing Group Link
Christopher Tarnovsky TPM Keys extraction Link Link2 TPM on Window PC Link Disk encryption Std OPAL Link O.MG Cable Hak5 Link BBC Secondhand Security Kit on ebay 99p Link Huawei Phones Link Host Hardening GRC port scan Link Six Sigma Link Microsft Secuiry Compliance Tool Link Missed Patch caused Equifax Data Breach Link DLP Cisco Umbrella (Cloud Security) Link CME Maintained by Mitre (Like CVE) Link Microsoft System Internals Link The things network - LoraWan Link Hacking Phillips Hue Link Traffic Light Vulnerability Link Nissan Leaf DOS attack Link Insulin Pump Attack Link UK Government loses data on 25 million Britons Link CiscoLive Presenatation on Embedded System Security Link Lesson 13: Implementing Secure Mobile SolutionsTop 50 (Products/Os) Vulnerabilities Link
FBI Ask Apple to help unlock IPhone Link Russian soldier reveals location through geo-tag photo Link SS7 Attack in the Telecoms Network Link GPS Spoofing Link WPA3 Vs WPA2 Link What is a Wireless Mesh Link Security in Wireless Mesh Link RFID Skimming attack Video Link Juice Jacking Link Hacked SS7 in the Telecomms Link Stingray/TMSI Catcher Link Lesson 14: Summarizing Secure Application Concepts LinkExternalBlue Exploit Link
Race Condition Attack Dirty COW Link DLL Injection Example Link Crack Windows Passwords from SAM file Link Pass the HASH Video (Mimikatz) Link Difference between URL and URI Link HTML URL Encoding Reference. Link 5 Examples of API's We Use in everyday lives Link OWASP CSRF disguise the attack Link SSL Strip Link HSTS List in Chrome chrome://net-internals/#hsts Directory Travesal Attack Link Link2 Server Side Request Forgery Link XML External Entity (XXE) to exfiltrate data and files Link Example Python Scripts Link Learn PowerShell Scripting Link Functions Link Invoke Link Linux stdin/stdout/stderr Link pty(Pseudo Terminal) Link Network Tab tool in Chrome Browser Link Set Secure Attribute Link Attributes in Cookies (httpOnly etc) Link SEH Apple "goto bug" Link What is Magecart (Implant code to skim credt card info) Link Check for Magecart Link urlscan.io Static Secure Code Analysers Link SDN and Orchestration Link PsExec Link Powershell Constrained Language Mode Link Beef Project - Pen Test Tool on Web Browser Link Lesson 15: Implementing Secure Cloud SolutionsWhat is a Cloud Service Link *aas options defined Link docker.com Link Running Third Party Apps in Containers Link Spectre and Meltdown effects security of VM Host Link VM Escaping Link Docker -- Container Security Link Storage Tiers classes Link AWS Transit Gateway Link Firewalling between Security Groups Link NetFlix and AWS Lambda Case Study Link SDN Overview Link What is NFV Link Cisco SOAR Link East/West Zero Trust Link Fog Computing by Cisco Link Lesson 16: Explaining Data Privacy and Protection ConceptsUS Privacy Shielding Link
IP (Intellectual property) Theft China Link PCI DSS Compliance requirements Link Encrypt Data in Use Intel Software Guard Link De-Identification (NIST) Link K-anonymous Values Link Lesson 17: Performing Incident ResponsePlaybooks Link
Lockheed Martin Kill Chain Link Incident response Exercises Mitre Playbook Link Syslog PRI (Priority Code) explained calculated Link sysmon Link IPFIX Standard version of Netflow IETF Link Confusing AI Link Lesson 18: Explaining Digital ForensicsEnCase and Forensic Toolkit Link Link2
Sleuth Kit disk imaging etc Link WinHex Link The Volatility Framework Link Write Blocker Ultradock Link Lesson 19: Summarizing Risk Management ConceptsLesson 20: Implementing Cybersecurity ResilienceReplace RAID arrays with SSDs Link
BA Data Centre Problems Link Host Naming Link Blockchain an alternative IAM Link Breadcrumb Deception Link Lesson 21: Explaining Physical Security | ||||||||||||||||||||||||||