Learn your way! Get started

CompTIA Sec+ SY0-401, Part 6 of 8: Attacks and Mitigation [Deprecated/Replaced]

with expert Ryan Hendricks


Watch trailer


Course at a glance

Included in these subscriptions:

  • Dev & IT Pro Video
  • Dev & IT Pro Power Pack

Release date 4/8/2016
Level Intermediate
Runtime 1h 48m
Closed captioning Included
Transcript Included
eBooks / courseware N/A
Hands-on labs N/A
Sample code N/A
Exams Included


Enterprise Solutions

Need reporting, custom learning tracks, or SCORM? Learn More



Course description

In this course, certified technical trainer Ryan Hendricks delves into the multitude of ways an attacker can compromise an organization. Hendricks will discuss how session hacking is used to compromise Web servers and e-mail servers and also examine the security concerns regarding wireless and Bluetooth devices. This course will also reveal the tools that should be in every security professional’s tool belt as well as the latest mitigation, discovery, penetration and vulnerability testing techniques.

Prerequisites

This course assumes that the user has working knowledge of networks and networking. Ideally, the user should have their CompTIA Network+ certification, but can be replaced with networking experience.

Learning Paths

This course will help you prepare for the following certification and exam:
CompTIA Security+ Certification
SY0-401: CompTIA Security+

Meet the expert

Ryan Hendricks is an experienced instructor who teaches networking and security courses to IT professionals throughout the nation. He currently has the CompTIA Certified Technical Trainer (CTT+ Classroom) and the Cisco Certified Academy Instructor (CCAI) credentials. He holds certifications from (ISC)2, EC-Council, CompTIA, and Cisco. When not on the podium instructing, he delves into IT books, always looking to learn more and keep up with the latest security topics.

Course outline



Wireless & Application Threats

Wireless Attacks (16:53)
  • Introduction (00:28)
  • Rogue Access Points (01:24)
  • Jamming/Interference (01:21)
  • Evil Twin (01:29)
  • War Driving (00:59)
  • War Chalking (00:57)
  • Bluejacking (00:42)
  • Bluesnarfing (00:47)
  • IV Attack (01:27)
  • Packet Sniffing (01:38)
  • Near Field Communication (00:42)
  • Replay Attacks (00:34)
  • WEP/WPA Attacks (02:31)
  • WPS Attack (01:22)
  • Summary (00:25)
Application Attacks (08:47)
  • Introduction (00:17)
  • Zero-Day Attack (01:20)
  • Cookies and Attachements (02:07)
  • Locally-Shared Objects (00:23)
  • Malicious Add-Ons (00:55)
  • Session Hijacking (01:44)
  • Header Manipulation (00:39)
  • Arbitrary Code Execution (00:51)
  • Summary (00:27)
More Application Attacks (35:19)
  • Introduction (00:29)
  • Cross-Site Scripting (00:54)
  • Cross-Site Request Forgery (01:17)
  • Demo: Cross-Site Scripting (05:55)
  • SQL Injection (01:29)
  • Demo: SQL Injection (05:44)
  • Demo: Bypass Authentication (03:28)
  • XML Injection (00:28)
  • Directory Traversal (00:57)
  • Demo: Directory Traversal (04:17)
  • Command Injection (00:52)
  • Demo: Command Injection (04:49)
  • Buffer Overflow (00:44)
  • Integer Overflow (03:22)
  • Summary (00:26)

Mitigation Techniques

Mitigation Techniques (19:12)
  • Introduction (00:17)
  • Event Logs (00:47)
  • Audit Logs (01:08)
  • Security Logs (00:40)
  • Access Logs (00:30)
  • Hardening (04:13)
  • Network Security (04:10)
  • Security Posture (03:30)
  • Reporting (01:53)
  • Detection vs. Prevention (01:35)
  • Summary (00:26)
Discovery (15:43)
  • Introduction (00:23)
  • Security Assessment Results (00:57)
  • Tools (00:32)
  • Protocol Analyzer (01:17)
  • Vulnerability Scanner (00:56)
  • Honeypots (00:54)
  • Honeynets (00:28)
  • Port Scanner (02:22)
  • Passive vs. Active Tools (01:05)
  • Banner Grabbing (00:43)
  • Assessment Techniques (00:25)
  • Baseline Reporting (00:44)
  • Code Review (01:47)
  • Determine Attack Surface (01:04)
  • Review Architecture (01:07)
  • Review Designs (00:30)
  • Summary (00:23)
Penetration Testing (12:39)
  • Introduction (00:24)
  • Penetration Testing (01:02)
  • Identify Vulnerability (00:30)
  • Verify a Threat Exists (00:34)
  • Bypass Security Controls (00:49)
  • Actively Test Security Control (00:27)
  • Exploit Vulnerabilities (00:42)
  • Vulnerability Scanning (00:42)
  • Passively Testing Security (00:42)
  • Identify Lack of Security (00:37)
  • Identify Common Misconfigs (01:10)
  • Intrusive vs. Non-Intrusive (01:19)
  • Credentialed vs. Non (00:53)
  • Black Box (01:11)
  • White Box (00:28)
  • Gray Box (00:27)
  • Summary (00:35)