FREE Security Awareness Guide - CompTIA
Transcript of FREE Security Awareness Guide - CompTIA
![Page 1: FREE Security Awareness Guide - CompTIA](https://reader031.fdocuments.net/reader031/viewer/2022012111/61dc9125d94cc53f6d52521b/html5/thumbnails/1.jpg)
0
FREE Security Awareness GuideGet 7 simple security hacks that you can use today.
bit.ly/SecurityAwarenessGuide
![Page 2: FREE Security Awareness Guide - CompTIA](https://reader031.fdocuments.net/reader031/viewer/2022012111/61dc9125d94cc53f6d52521b/html5/thumbnails/2.jpg)
1. Differences between threats and vulnerabilities2. Pen testing do’s and don’ts3. Metasploit introduction through the Armitage GUI4. Information gathering and scanning5. Playing with auxiliary modules like ARP, DNS and DHCP attacks6. Browser drive-by attack (application-based attack)7. Remote exploit demo (application-based attack)8. Payloads using the Meterpreter9. Metasploit automation
Ethical Hacking Using a Weaponized Operating System
1Copyright (c) 2019 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
![Page 3: FREE Security Awareness Guide - CompTIA](https://reader031.fdocuments.net/reader031/viewer/2022012111/61dc9125d94cc53f6d52521b/html5/thumbnails/3.jpg)
2Copyright (c) 2019 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Threat VulnerabilityOR
End of life operating system
![Page 4: FREE Security Awareness Guide - CompTIA](https://reader031.fdocuments.net/reader031/viewer/2022012111/61dc9125d94cc53f6d52521b/html5/thumbnails/4.jpg)
3Copyright (c) 2019 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Threat VulnerabilityOR
End of life operating system
![Page 5: FREE Security Awareness Guide - CompTIA](https://reader031.fdocuments.net/reader031/viewer/2022012111/61dc9125d94cc53f6d52521b/html5/thumbnails/5.jpg)
4Copyright (c) 2019 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Threat VulnerabilityOR
End of life operating system
Ransomware
![Page 6: FREE Security Awareness Guide - CompTIA](https://reader031.fdocuments.net/reader031/viewer/2022012111/61dc9125d94cc53f6d52521b/html5/thumbnails/6.jpg)
5Copyright (c) 2019 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Threat VulnerabilityOR
End of life operating system
Ransomware
![Page 7: FREE Security Awareness Guide - CompTIA](https://reader031.fdocuments.net/reader031/viewer/2022012111/61dc9125d94cc53f6d52521b/html5/thumbnails/7.jpg)
6Copyright (c) 2019 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Threat VulnerabilityOR
End of life operating system
Ransomware
Unneeded running service
![Page 8: FREE Security Awareness Guide - CompTIA](https://reader031.fdocuments.net/reader031/viewer/2022012111/61dc9125d94cc53f6d52521b/html5/thumbnails/8.jpg)
7Copyright (c) 2019 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Threat VulnerabilityOR
End of life operating system
Ransomware
Unneeded running service
![Page 9: FREE Security Awareness Guide - CompTIA](https://reader031.fdocuments.net/reader031/viewer/2022012111/61dc9125d94cc53f6d52521b/html5/thumbnails/9.jpg)
8Copyright (c) 2019 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Threat VulnerabilityOR
End of life operating system
Ransomware
Unneeded running service
Hacker
![Page 10: FREE Security Awareness Guide - CompTIA](https://reader031.fdocuments.net/reader031/viewer/2022012111/61dc9125d94cc53f6d52521b/html5/thumbnails/10.jpg)
9Copyright (c) 2019 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Threat VulnerabilityOR
End of life operating system
Ransomware
Unneeded running service
Hacker
![Page 11: FREE Security Awareness Guide - CompTIA](https://reader031.fdocuments.net/reader031/viewer/2022012111/61dc9125d94cc53f6d52521b/html5/thumbnails/11.jpg)
10Copyright (c) 2019 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Threat VulnerabilityOR
End of life operating system
Ransomware
Unneeded running service
Hacker
Unlocked door
![Page 12: FREE Security Awareness Guide - CompTIA](https://reader031.fdocuments.net/reader031/viewer/2022012111/61dc9125d94cc53f6d52521b/html5/thumbnails/12.jpg)
11Copyright (c) 2019 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Threat VulnerabilityOR
End of life operating system
Ransomware
Unneeded running service
Hacker
Unlocked door
![Page 13: FREE Security Awareness Guide - CompTIA](https://reader031.fdocuments.net/reader031/viewer/2022012111/61dc9125d94cc53f6d52521b/html5/thumbnails/13.jpg)
12Copyright (c) 2019 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Threat VulnerabilityOR
End of life operating system
Ransomware
Unneeded running service
Hacker
Unlocked door
Untrained user
![Page 14: FREE Security Awareness Guide - CompTIA](https://reader031.fdocuments.net/reader031/viewer/2022012111/61dc9125d94cc53f6d52521b/html5/thumbnails/14.jpg)
13Copyright (c) 2019 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Threat VulnerabilityOR
End of life operating system
Ransomware
Unneeded running service
Hacker
Unlocked door
Untrained user Untrained user
![Page 15: FREE Security Awareness Guide - CompTIA](https://reader031.fdocuments.net/reader031/viewer/2022012111/61dc9125d94cc53f6d52521b/html5/thumbnails/15.jpg)
14Copyright (c) 2019 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Threat VulnerabilityOR
End of life operating system
Ransomware
Unneeded running service
Hacker
Unlocked door
Untrained user Untrained user
Flaw or Gap Actor
![Page 16: FREE Security Awareness Guide - CompTIA](https://reader031.fdocuments.net/reader031/viewer/2022012111/61dc9125d94cc53f6d52521b/html5/thumbnails/16.jpg)
Pen testingDo’s Don’ts
Get WRITTEN authorization
15Copyright (c) 2019 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
![Page 17: FREE Security Awareness Guide - CompTIA](https://reader031.fdocuments.net/reader031/viewer/2022012111/61dc9125d94cc53f6d52521b/html5/thumbnails/17.jpg)
Pen testingDo’s Don’ts
Get WRITTEN authorizationGet contact information
16Copyright (c) 2019 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
![Page 18: FREE Security Awareness Guide - CompTIA](https://reader031.fdocuments.net/reader031/viewer/2022012111/61dc9125d94cc53f6d52521b/html5/thumbnails/18.jpg)
Pen testingDo’s Don’ts
Define the Scope and timing
Get WRITTEN authorizationGet contact information
17Copyright (c) 2019 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
![Page 19: FREE Security Awareness Guide - CompTIA](https://reader031.fdocuments.net/reader031/viewer/2022012111/61dc9125d94cc53f6d52521b/html5/thumbnails/19.jpg)
Pen testingDo’s Don’ts
Review Threats and VulnerabilitiesDefine the Scope and timing
Get WRITTEN authorizationGet contact information
18Copyright (c) 2019 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
![Page 20: FREE Security Awareness Guide - CompTIA](https://reader031.fdocuments.net/reader031/viewer/2022012111/61dc9125d94cc53f6d52521b/html5/thumbnails/20.jpg)
Pen testingDo’s Don’ts
Review Threats and VulnerabilitiesDefine the Scope and timing
Get WRITTEN authorizationGet contact information
Test public cloud environments
19Copyright (c) 2019 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
![Page 21: FREE Security Awareness Guide - CompTIA](https://reader031.fdocuments.net/reader031/viewer/2022012111/61dc9125d94cc53f6d52521b/html5/thumbnails/21.jpg)
Pen testingDo’s Don’ts
Review Threats and VulnerabilitiesDefine the Scope and timing
Get WRITTEN authorizationGet contact information
Test public cloud environmentsUse payloads that cause damage
20Copyright (c) 2019 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
![Page 22: FREE Security Awareness Guide - CompTIA](https://reader031.fdocuments.net/reader031/viewer/2022012111/61dc9125d94cc53f6d52521b/html5/thumbnails/22.jpg)
Pen testingDo’s Don’ts
Review Threats and VulnerabilitiesDefine the Scope and timing
Get WRITTEN authorizationGet contact information
Test public cloud environmentsUse payloads that cause damageChange configurations
21Copyright (c) 2019 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
![Page 23: FREE Security Awareness Guide - CompTIA](https://reader031.fdocuments.net/reader031/viewer/2022012111/61dc9125d94cc53f6d52521b/html5/thumbnails/23.jpg)
Pen testingDo’s Don’ts
Review Threats and VulnerabilitiesDefine the Scope and timing
Get WRITTEN authorizationGet contact information
Test public cloud environmentsUse payloads that cause damageChange configurationsPractice in production
22Copyright (c) 2019 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
![Page 24: FREE Security Awareness Guide - CompTIA](https://reader031.fdocuments.net/reader031/viewer/2022012111/61dc9125d94cc53f6d52521b/html5/thumbnails/24.jpg)
WARNING
Don’t test anyone’s network unless youGet WRITTEN authorization!
Everything you see here has an IDS signatureand will trigger an alert!
23Copyright (c) 2019 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
![Page 25: FREE Security Awareness Guide - CompTIA](https://reader031.fdocuments.net/reader031/viewer/2022012111/61dc9125d94cc53f6d52521b/html5/thumbnails/25.jpg)
Environment
24Copyright (c) 2019 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
![Page 26: FREE Security Awareness Guide - CompTIA](https://reader031.fdocuments.net/reader031/viewer/2022012111/61dc9125d94cc53f6d52521b/html5/thumbnails/26.jpg)
Armitage
25Copyright (c) 2019 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
• Live GUI Review
![Page 27: FREE Security Awareness Guide - CompTIA](https://reader031.fdocuments.net/reader031/viewer/2022012111/61dc9125d94cc53f6d52521b/html5/thumbnails/27.jpg)
Information Gathering
26Copyright (c) 2019 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
• NMAP Again? Nah• Let’s learn Info Gathering through protocols and HPING3• TTLs• Packet ID
![Page 28: FREE Security Awareness Guide - CompTIA](https://reader031.fdocuments.net/reader031/viewer/2022012111/61dc9125d94cc53f6d52521b/html5/thumbnails/28.jpg)
EternalBlue
27Copyright (c) 2019 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
• Leaked by Shadow Brokers April 2017. Fixed by Microsoft in May• The vulnerability is tracked by CVE-2017-0144 • The exploit targets the Microsoft Server Message Block (SMB) protocol• Used by WannaCry• Let’s play with it! • I become the threat
![Page 29: FREE Security Awareness Guide - CompTIA](https://reader031.fdocuments.net/reader031/viewer/2022012111/61dc9125d94cc53f6d52521b/html5/thumbnails/29.jpg)
ARP
28Copyright (c) 2019 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
• Address Resolution Protocol (ARP)• RFC 826 from 1982 https://tools.ietf.org/html/rfc826• Layer 2 of the OSI• Used to find the hardware address or Media Access Control (MAC) address• ARP cache• MAC looks like 11-22-33-44-55-66• First 3 octets are the OUI
• Mitigation: Dynamic ARP inspection• On supported cisco devices: IP ARP INSPECTION VLAN 100
![Page 30: FREE Security Awareness Guide - CompTIA](https://reader031.fdocuments.net/reader031/viewer/2022012111/61dc9125d94cc53f6d52521b/html5/thumbnails/30.jpg)
DHCP
29Copyright (c) 2019 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
• Dynamic Host Configuration Protocol (DHCP)• First implemented in the Bootstrap Protocol BOOTP in 1985 RFC 951• Last updated in 1997 with RFC 2131 https://tools.ietf.org/html/rfc2131• Layer 7 of the OSI• Uses Broadcast• DHCP Relays turn broadcast into unicast to remote DHCP servers• Mitigation: DHCP Snooping• On supported cisco devices: DHCP SNOOPING VLAN 100
![Page 31: FREE Security Awareness Guide - CompTIA](https://reader031.fdocuments.net/reader031/viewer/2022012111/61dc9125d94cc53f6d52521b/html5/thumbnails/31.jpg)
DNS
30Copyright (c) 2019 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
• Domain Name System (DNS)• First implemented in RFC 882 in 1983• Last updated in 1997 with RFC 2181 https://tools.ietf.org/html/rfc2181• Layer 7 of the OSI• Hierarchical and decentralized
![Page 32: FREE Security Awareness Guide - CompTIA](https://reader031.fdocuments.net/reader031/viewer/2022012111/61dc9125d94cc53f6d52521b/html5/thumbnails/32.jpg)
Question & Answer
31Copyright (c) 2019 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Ask your questions in the Q&A chat box!
![Page 33: FREE Security Awareness Guide - CompTIA](https://reader031.fdocuments.net/reader031/viewer/2022012111/61dc9125d94cc53f6d52521b/html5/thumbnails/33.jpg)
32Copyright (c) 2019 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org