SY0-501 Exam Domains and course Lessons

Domain 1 Threats, Attacks and Vulnerabilities
      mainly Lesson 3,4
Domain 2 Technologies and Tools
​      mainly Lesson 4,6,10
Domain 3 Architecture and Design
      mainly Lesson 5,6,9
Domain 4 Identity and Access Management
      mainly Lesson 7,9
Domain 5 Risk Management
      mainly Lesson 9,10,11
Domain 6 Cryptography and PKI
      mainly Lesson  6,8
​

CompTIA Roadmap Link

​FREE KALI LINUX PDF
​Install Kali Link

---

Lesson 1: Identifying Security Fundamentals

Difference between Virus Worms and Trojan Horses.
Zero Day Attack Video Link​​
The CIA Triad Video Link aka AIC or PAIN

Keystroke Authentication/Dynamics Link
ECC is better than DH Video Link

Steganography and online hashing and encryption  Link

Lesson 2: Analysing Risk

Risk Calculation Video Link Link2

​Vulnerabilities from Cisco Talos (Cloud) Link
​Common Vulnerability Exposure Link
CVSS Calculator Link
​
​Mapping between NIST 800-53 and ISO 27001        Alternative
NIST GDPR to Microsoft Mapping Link

Privacy Impact Assessments (PIA), GDPR Link 
Privacy Threshold Analysis (PTA) US Homeland Security Link Link2
System of Records Notice (SORN) US Homeland Security Link

MTBF and MTTR Calculator Link

Lesson 3: Identifying Security Threats

Hacktivist, Anonymous Link
Open-source intelligence (OSINT) Link Link2
What this website reveals about you webkay.robinlinus.com

The Deep Web and Dark Web Link
​
Derren Brown The Push Video Link

Email Scams costing millions Link
​SMS Scam Link
The Real Hustle Premium Rate scam Link

Pharming, DNS Cache Poisoning Link
DNSSEC Link
Sony RootKit Link
What is a RootKit Link
​
​Common Types of virus Link
​What is a Computer Worm Link
The Computer Worm good Link
​Difference between Virus Worms and Trojan Horses.
Sasser Worm 2004 Link
Common Worms Link
​Common Botnets Link
NHS Attack May 2017 WannaCry Link

Birthday Attack, probability hashing Video Link

Key Stretching Algorithms PBKDF2 Online Demo​
On Line XOR Calculator. AND/OR/XOR explained

How STRONG is your password​

​Public Web Site for Hacking Link

Reconnaissance web site Shodan Link
Gather information from a website robots.txt Link
Cross-Site Scripting XSS Video Link
Cookies, Session Hijacking, and XCRF Video Link
SQL Injection / XML Injection Video Link
Buffer Overflow Video Link
Buffer Overflow Youtube Link​​
Man-in-the-Browser (Pivoting) Video Link
Pass The Hash Attack Video Link

Bluejacking/Bluesnarfing/Bluebugging Link
​
​802.11 Standards Link

Evil Twin Attack using Starbuks WiFi and Raspberry Pie Link
WEP IV Attack Video Link 
​WPA Attacks Video Link , WPA Explained Video Link
TKIP and CCMP Video Link
Wi-Fi Protected Setup (WPS) Video Link
RFID Vs NFC Link

​The Real Hustle Keylogers Link

Fukushima Nuclear Plant Documentary Link

Lesson 4: Conducting Security Assesments

Buffer Overflow Video Link
Race Condition Link
Race Condition Shopping Cart Video Link
DLL Injection Video Link
​Security Assessment Active/Passive Link

The best Vulnerability scanners Link
Network Enumerators Link

Lesson 5: Implementing Host and Software Security

TPM on Window PC Link
Windows Kiosk software Link

​Trusted Computer Base Link
10 Most Vulnerable OS's 2017 Link


​FIPS & EAL some comparisions
Difference between TPM and HSM Link

Difference between BIOS and UEFI Link

FDE/SDE Link​
EMP Test on an Iphone Video Link​

​Windows DEP Link
USB Kill Link
Embeded OS Stuxnet attacks against atomic plants in IRAN.
​
Real time O/S WolfSSL Link
​
Containers App/OS Docker Link
Thin Clients for VDI HP Link
​Virtualisation Link Link2
Good example of the diference SaaS/PaaS/IaaS link
Microsoft/Citrix ZenApp VDI Link
VDI Demo Video Link
​Vitrual Mobile Infrastructure (NUBO IOS/Android)  VMI Link

​IaaS/NaaS/SaaS/PaaS Link
SECaaS  Link Cisco Umbrella V's Cloudflare Link
ANT (Adaptive Network Technology) Link

SDLC Agile Mode Link
Fuzzing Video Link
​Basic Fuzzing Framework Tool Link

Useful Links

Wordlist Password File Link

Useful Files

all_the_port_numbers.jpg
File Size:	100 kb
File Type:	jpg

Download File

---

encryption_algoritms_and_cbc.pdf
File Size:	385 kb
File Type:	pdf

Download File

---

controls_atp.pptx
File Size:	39 kb
File Type:	pptx

Download File

---

raid.pptx
File Size:	340 kb
File Type:	pptx

Download File

---

backups_full_incr_diff.pptx
File Size:	74 kb
File Type:	pptx

Download File

---

General Drawings

VIGENERE (Polyalphabetic)

WEP

TKIP

The 48 bit IV also now know as the TSC (TKIP Sequence number Counter) Increases 1 for every new packet.

---

SAML

Kerberos

kerberos.pptx
File Size:	47 kb
File Type:	pptx

Download File

---

Lesson 6: Implementing Network Security

Free Build Your Own Network Packet Tracer Link
Packet Tracer 64 bit Windows Download Link
Packet Tracer 32 bit Windows Download Link

Multiple subnets in a single VLAN (Secondary addreses (Link)
ICMP Redirects and Routing tables (Scapy) Link
​
DNSSEC Link

​Secure IMAP and SMTP ports Link

NetBIOS Link1 Link2
NetBIOS over TCP/IP Youtube Link
Null Sessions Windows Link​​

WPA 4-Way Handshake Link Link2
4-Way Handshake Video Link 
The Pairwise Transient Key (64 bytes) is divided into five                              separate keys: Link
802.11 Standards Link (Page 40)
Access Point Placement Signal Loss Link
Antenna Types Video Link

​What is a db in Wireless Link

Site Surveys Video Link

Lesson 7: Managing Identity and Access

FAR, FRR an CER Link

​Access Control and ACLs Video Link
"icacls" command from cmd.exe shows windows ACL's 

​ITU and LDAP and X500 Directory Services Link
LDAP Video Link
​Windows Group Policy Video Link

Active Directory Best Practices Link
​Difference between LDAP and AD Link

NTLAN Manager still used for workgroups Link​

Kerberos Video Link
How to Crack AD Kerberos passwords Not salted Link
​
PAP and CHAP Video Link

Internet based SSO solution /demo Link
      Login and access the following Link
​      Select salesforce.com and login with SSO

​PPTP/L2TP explained
TACACS+ Cisco developed open std 1993 vendor Link

Strong Vs Weak Video Link

OATH HOTP & TOTP Video Link
EAP, LEAP and PEAP Video Link

Lesson 8: Implementing Cryptography

Why Random Numbers in Cryptography Link
​
Difference between Confusion and Diffusion Link  Link2
Online Paint Program Link

​Prime Number Checker on-line Link

One Time Pad Crypto Museum Link
​Number Stations and One Time Pads Link   Link2

Online Coder/Decoder Rot13 XOR etc Link   Better Link
​On-Line MD5 Hashing Generator Link
​​Online HASH generator NT/NTLM etc Link
Diffie Hellman OnLine Calculator Link
AES Calculator OnLine ECB and CBC Link
PRNG OnLine Link
​
TLS 1.3 Published August 2018 Link

Time to disable all SSL/TLS 1.0 (PCI Compliance) Link
48 byte PNRF used to generate Master Key (Shared TLS) Link

Obfuscation-Steganography Video Link

Difference between DH and DHE Link
Key Stretching Video Link

​Certificate OIDs Table Link​
Certificate Pinning Link
​
​Elliptical Curves Video Link
​Public/Private keys generation and Elliptical Curve Link

Key Escrow Video Link

​DigiNotar Dutch CA Attack 2011 Link

On Line XOR Calculator. AND/OR/XOR explained

Difference between DER and Base64 Link 
Creating a Rogue CA Certificate
​Key Escrow Video Link1 Link2

Lesson 9:Implementing Operational Security

FRAMEWORKS
The National Institute of Standards and Technology NIST 800
NCSC NIS Guidance Europe/UK Link
          COBIT5                    ITIL              ISO/IEC 27001

OpenSOC Link
​Mapping between NIST 800-53 and ISO 27002   Link
Security Controls Framework SCF Link
Difference between ISO 27001/27002 (more details) Link

GUIDES
Security Technical Implementation Guides (STIGs) Link
​National Checklist Program (NCP) Link
The Open Web Application Security Project (OWASP) Link

COMPLIANCE
NHS Data Protection Act and GPDR Link
PCI DSS (UK) Link

SECURITY POLICIES
The RUsecure Information Security Policies Link
​SANS Information Security Templates Link
On Line Security Polices Link
​
UK Security Vetting Link
ACRO Police Certificate Link
​
Cisco Security Automation SDN Link

RAID Array with Diagrams, Parity definition
Idiots Guide to RAID Array, another Link
Raid Levels Video Link

​UK example of Data Sensitivity GDPR related (LSE) Link
HMRC Data Retention and Disposal Policy Link
NHS Data Breach Link

Lesson 10: Addressing Security Incidents

Cisco Smart Software Licensing Link
Microsoft Licensing Link

What is Metadata (data about other data) link
​
Incident Response Video Link 
​Incident Response Table Top exercise Video Link

NHS Information Security Policy Link
NHS Information Security Incident: Example Policy Link
Home Depot Data Breach Case Study Link

​Cisco Stealthwatch, Visibility and Security Analytics  Link
​
NIST Incident Handling 800-61r2 Link
​Example Incident Response Plan (IRP) Link
Incident Reporting Categories Link

CyberIncident Response Team CIRT Link

One Click Windows Memory Acquistion Dumpit/Volatility  Link
DD in Linux to copy entire disk (Write Block) Link
Windows wbadmin Link

Lesson 11: Ensuring Business Continuity

Disaster Recovery Plan Template Link
Disaster Plan Link

​Ocado in wake of a fire in Feb 2019 ​Link

​

General Information

DNSSEC and RRSIG Link
SQL Injection Attack (1=1) Link
Null Pointer Exception Link
​strcpy buffer overflow Link
Replace a resource with one in a URL Link
Identify Trojan horses and others Link 
Command Injection Link
​Vulnerable ports especially 1900 Link
System32 Trojan or Virus Link
​Javascript examples XSS Link

White Board Files

security__london_sept_2019.pdf
File Size:	10601 kb
File Type:	pdf

Download File

---