- Security+ SY0-601 Certification
- Security+ SY0-601: Passing the Security+ Exam
- Security+ SY0-601: Definitions and Catchwords
- Security+ SY0-601: 1.0 Threats, Attacks, and Vulnerabilities
- Security+ SY0-601: 1.1 Social Engineering Techniques
- Security+ SY0-601: 1.2 Indicators of Attack
- Security+ SY0-601: 1.3 Application Attacks
- Security+ SY0-601: 1.4: Network Attack Indicators
- Security+ SY0-601: 1.5: Threat Actors, Vectors, and Intelligence Sources
- Security+ SY0-601: 1.6: Vulnerabilities
- Security+ SY0-601: 1.7: Security Assessment
- Security+ SY0-601: 1.8: Penetration Testing
- Security+ SY0-601: 2.0 Architecture and Design
- Security+ SY0-601: 2.1 Enterprise Security Architecture
- Security+ SY0-601: 2.2: Virtualization and Cloud Security
- Security+ SY0-601: 2.3: Secure Application Development, Deployment and Automation
- Security+ SY0-601: 2.4: Authentication and Authorization
- Security+ SY0-601: 2.5: Implementing Cybersecurity Resilience
- Security+ SY0-601: 2.6: Embedded and Specialized Systems
- Security+ SY0-601: 2.7: Physical Security Controls
- Security+ SY0-601: 2.8: Cryptography
- Security+ SY0-601: 3.0: Implementation
- Security+ SY0-601: 3.1 Secure Protocols
- Security+ SY0-601: 3.2: Host and Application Security
- Security+ SY0-601: 3.3: Secure Network Design
- Security+ SY0-601: 3.4: Wi-Fi Security
- Security+ SY0-601: 3.5: Secure Mobile Solutions
- Security+ SY0-601: 3.6: Cybersecurity Solutions in the Cloud
- Security+ SY0-601: 3.7: Identity and Account Management Controls
- Security+ SY0-601: 3.8: Implement Authentication and Authorization Solutions
- Security+ SY0-601: 3.9: Public Key Infrastructure
- Security+ SY0-601: 4.0: Operations and Incident Response
- Security+ SY0-601: 4.1: Tools to Assess Organizational Security
- Security+ SY0-601: 4.2: Policies, Processes, and Procedures for Incident Response
- Security+ SY0-601: 4.3: Appropriate Data Sources for Investigation
- Security+ SY0-601: 4.4: Mitigation Techniques
- Security+ SY0-601: 4.5: Digital Forensics
- Security+ SY0-601: 5.0: Governance, Risk, and Compliance
- Security+ SY0-601: 5.1: Types of Controls
- Security+ SY0-601: 5.2 Regulations, Standards, and Frameworks
- Security+ SY0-601: 5.3: Policies and Organizational Security
- Security+ SY0-601: 5.4: Risk Management Processes and Concepts
- Security+ SY0-601: 5.5: Privacy and Sensitive Data
- Security+: My Favorite Free Tools
- Security+ : Sample Questions
- Passing the CompTIA Exams
- Understanding CompTIA Objectives Using Bloom’s Taxonomy
Chapter 5: Threat Actors, Vectors, and Intelligence Sources
Threats
APTs: Advanced Persistent Threats
https://duckduckgo.com/?t=ffab&q=mandiant+apt1&atb=v235-1&ia=web
Insider threats –> The Greatest Threats! p. 79
Threat Actors
State Actors
-
-
-
- APT1: China Cyber Espionage Units (PLA 61398)
- APT28: Russia (Fancy Bear)
- APT34: Iran (Helix Kitten
- APT38: North Korea (Lazarus Group)
-
-
Hacktivists
Script Kiddies
Criminal Syndicates
Hackers
-
-
-
- Authorized (White Hat)
- Unauthorized (Black Hat)
- Semi-Authorized (Gray Hat)
-
-
https://www.amazon.com/Hacking-Ethical-Hackers-Handbook-Fourth/dp/0071832386
Shadow IT
Competitors
Attributes of Actors
Internal vs. External
Level of Sophistication or Capability
Resources and Funding
Intent or Motivation
Motivations for Hacking etc. per CompTIA:
-
-
-
- Maintaining Access
- Remain Undetected
- Steal Something of Value
-
-
Consider a Different List:
-
-
-
- Money (Greed)
- Politics (Hacktivism)
- Revenge
- Extortion
- Business (Competitive Intelligence)
-
-
There are possibly more: https://sectigostore.com/blog/hacker-motivation-why-do-hackers-hack/
Vectors of Attack
Direct Access
Network tap, Bash Bunny etc.
Wireless
Kali apps, deauthors etc.
Supply Chain
Social Media
“I’m an expert with….”
Cloud
Hypervisor traversal, Git repo archives etc.
Threat Intelligence Sources
Thread Intelligence Feeds
https://cybermap.kaspersky.com/
https://www.comptia.org/blog/threat-intelligence-feeds
https://logz.io/blog/open-source-threat-intelligence-feeds/
OSINT
Google Dorks
Google Hacking Database at Exploit-db.com
https://www.exploit-db.com/google-hacking-database
Proprietary
Vulnerability Databases
Information Sharing Centers
The Dark Web
Indicators of Compromise
Study pp. 89 – 90!
Automated Indicator Sharing – AIS
OASIS
STIX
TAXII
Predictive analysis
Threat maps
Code Repositories
Research Sources
Vendor websites
Vuln feeds
Conferences
Journals
RFCs
Local Industry Groups
Social media
Threat feeds
TTPs – Adversary Tactics, Techniques and Procedures