Find exploits https://www.exploit-db.com/ http://www.remote-exploit.org/
Security+: My Favorite Free Tools
This is post 31 of 31 in the series “[ Security+ Certification ]” My Favorite Free Security Tools Command-Line Tools Command Description Example Explanation Linux dig Queries DNS servers for host name/IP address mappings. dig dig <hostname> Queries hosts listed in /etc/resolve.conf or the host named. ping Requests a response from a host. Keeps …
Security+ Domain 5.0: Risk Management: Chapter 29
This is post 30 of 31 in the series “[ Security+ Certification ]” Chapter 29: Public Key Infrastructure (PKI) Components RA CA Third-party trust model Certificate Authority Intermediate CA Revocation CRL OCSP Suspension CSR X.509: the Certificate Standard Version Number (usually 1) Subject (the certificate owner) Public Key (the whole point) Issuer (the CA, like …
Continue reading “Security+ Domain 5.0: Risk Management: Chapter 29”
Security+ Domain 5.0: Risk Management: Chapter 28
This is post 29 of 31 in the series “[ Security+ Certification ]” Chapter 28: Wireless (WiFi) Security Crypto / Auth Protos WEP WPA WPA2 WPA3 (WiFi 6) Authentication Protos EAP PEAP 802.1x RADIUS and TACACS+ Key Protos PSK Enterprise Open
Security+ Domain 5.0: Risk Management: Chapter 27
This is post 28 of 31 in the series “[ Security+ Certification ]” Chapter 27: Cryptographic Algorithms Symmetric DES, 3DES (block) AES (block) Blowfish, Twofish (block) RC2, RC4 (stream), RC5 (block), RC6 (block) Asymmetric RSA DSA Elliptic Curve (ECC – requires less power, good for mobile) PGP / GPG Digital Signatures RSA DSA Key Exchange …
Continue reading “Security+ Domain 5.0: Risk Management: Chapter 27”
Security+ Domain 5.0: Risk Management: Chapter 26
This is post 27 of 31 in the series “[ Security+ Certification ]” Chapter 26: Cryptography and PKI Professor Messer covers a huge amount of this ground. See these search results: https://www.youtube.com/results?search_query=comptia+security%2B+crypto Here’s a good start: Symmetric and Asymmetric Encryption In Linux, you can do it at the command line: Hashing Again, in Linux, native …
Continue reading “Security+ Domain 5.0: Risk Management: Chapter 26”
Security+ Domain 5.0: Risk Management: Chapter 25
This is post 26 of 31 in the series “[ Security+ Certification ]” Chapter 25: Data Security and Privacy Practices Data Destruction / Media Sanitization FIPS-compliant wiping (digital media) D-BAN Eraser Burning (paper and digital media) Shredding (paper and yes, drives) Pulping (paper) Pulverizing (drives) Degaussing (media and drives) Purging (data) Certificate of Data Destruction …
Continue reading “Security+ Domain 5.0: Risk Management: Chapter 25”
Security+ Domain 5.0: Risk Management: Chapter 24
This is post 25 of 31 in the series “[ Security+ Certification ]” Chapter 24: Digital Forensics Capturing Evidence You have two major concerns: Capturing the right evidence before it disappears Keeping evidence valid and admissible Order of Volatility CPU, cache and registers Routing tables, ARP cache, process tables, kernel statistics Live network connections, data …
Continue reading “Security+ Domain 5.0: Risk Management: Chapter 24”
bastion.inf
This is post 24 of 31 in the series “[ Security+ Certification ]” [System Access] MinimumPasswordAge = 2 MaximumPasswordAge = 42 MinimumPasswordLength = 10 PasswordComplexity = 1 PasswordHistorySize = 6 LockoutBadCount = 5 ResetLockoutCount = 720 LockoutDuration = -1 RequireLogonToChangePassword = 1 ForceLogoffWhenHourExpire = 1 NewAdministratorName = “root” [System Log] MaximumLogSize = 100032 AuditLogRetentionPeriod = …
Security+ Domain 5.0: Risk Management: Chapter 23
This is post 23 of 31 in the series “[ Security+ Certification ]” Chapter 23: Incident Response, Disaster Recovery and Continuity of Operations (Business Continuity) Incident Response Plan Documented incident types Roles and responsibilities Reporting Escalation Cyber-incident response teams Incident Response Process Preparation Identification Containment Eradication Recovery Lessons Learned (Postmortem) Disaster Recovery (when the meteor …
Continue reading “Security+ Domain 5.0: Risk Management: Chapter 23”