Week 9
Week 9
This chapter is crucial – It is 24% of the exam. As the title says you must know the symptoms of each attack as the exam ask you to identify each attack
Read Chapter 8
Chapter 9 – Identifying Threats, Attacks and Vulnerabilities
Action – Ian’s Book Key Elements
Read pages 253 -292 taking notes
Complete all 62 review questions
Any review questions that are wrong or missing then go back into the chapter and read those areas
Action – Videos Professor Messer
https://www.professormesser.com/security-plus/sy0-601/sy0-601-video/sy0-601-comptia-security-plus-course/
Social Engineering

  • Phishing
  • Impersonating
  • Dumpster Diving
  • Shoulder Surfing
  • Hoaxes
  • Influence Campaigns

Other Social Engineering Attacks

  • Attack Types
  • Viruses and Worms
  • Trojans and RATS
  • Rootkits
  • Spyware
  • Bots and Botnets
  • Logic Bombs
  • Password Attacks
  • Physical Attacks
  • Adversarial Artificial Intelligence
  • Supply Chain Attacks
  • Cryptographic Attacks
    • Application Attacks
  • Cross-Site Scripting
  • Injection Attacks
  • Buffer Overflow
  • Replay Attacks
  • Request Forgeries
  • Driver Manipulation
  • SSL Stripping
  • Race Conditions
  • Other Application Attacks
  • Network Attacks
  • RFID and NFC Attacks
  • On-Path Attacks
  • MAC Flooding and Cloning
  • DNS Attacks
  • Denial of Service
  • Malicious Scripts

1.5 Threat Actors and Vectors

  • Threat Actors
  • Attack Vectors
  • Threat Intelligence
  • Threat Research
Action – Lab Exercises (optional) 101 Labs
4 – Create a Dictionary Attack to Crack Online Passwords using Hydra
39 – Manual SQL Injection
62 – Cracking Basic Hashes with John the Ripper
CompTIA Security+ – 101Labs.net
Ian’s Website
Labs
PBQ – Attacks
Labs | Ian Neil’s Security+ Study Materials (securityplus.training)
Identify all attacks, the following are more important:
Polymorphic Virus
Worm
RAT
Pass the Hash
Logic Bomb
SQL Injection
CSRF/XSS
Buffer Overflow
Backdoor
Social Engineering

  • Whaling
  • PhishingD
  • Spear Phishing
  • Vishing
  • SMiShing
  • Identity Theft
  • Tailgating
  • Reconnaissance

Watering Hole Attack
Shadow IT
Threat Actors
Password Attacks

  • Dictionary
  • Brute Force
  • Password Spraying

Directory Traversal
Session Replay
Physical Attacks
On-Path Attacks
DDoS/DoS
Zero Day Virus
DNS Poisoning/ARP Poisoning
MAC Flooding/Spoofing
Privilege Escalation
SSL Stripping
Resource Exhaustion
Shimming/Refactoring
Cryptographic Attacks
Supply Chain
Impact of Legacy Systems

Videos
Malicious USB Cable
Malicious USB Drive
DDoS Attack on Facebook
What’s Your Password?
How Private is Your Information
Bug Bounty Starter
Remote Jeep Attack
Exam Preparation | Ian Neil’s Security+ Study Materials (securityplus.training)
Default Passwords
Search for BT and Verizon
Default Passwords | CIRT.net
Security Cameras
https://www.a1securitycameras.com/blog/default-username-passwords-ip-addresses-for-surveillance-cameras/#How_can_A1_Security_Cameras_help_you