< All CompTIA Security+ Notes

tsirhCdneM | CompTIA Security+ | Module 3

By: Raul Pop | Related Course: CompTIA Security+ | Published: May 28, 2017 | Modified: May 29, 2017
Join Cybrary

NotepadApplication Attacks

-Cross Site Scripting(XSS)

-Structured Query Language(SQL)attack

NotepadAssesment technique

Baseline reporting

Code review

Determine attack Surface

Review architecture

Review Designs


LDAP-Lighweight Directory Protocol injection

XML-Extensible Markup Language(XML)injection

Directory traversal/Command injection

-Buffer overflow

NotepadInterpret results of Security tools


Protocol analyzer

Vulnerability scanner



Port Scanner

Banner Grabber


Assment types





NotepadMitigation and Deterrent

Monitor system logs

Event Logs

Audit Logs

Security Logs

Access Logs



Unecessary Services-disable

Protect management interfaces and Applications

Password protection

Disable unecessary Accounts


Network Security

Mac filtering/limiting


Disable unused interface

Disable unused application service ports

NotepadPen vs Vulnerability

Vulnerability Scanning

Passively test security controls

Identify vulnerabilities

Identify a lack of security controls

identify common misconfigurations


Black box Testing

White box Testing

Gray box testing

NotepadPenetration Testing vs Vulnerability Scanning

Penetration Testing

Verify a threat exists

Bypass Security controls

Actively test security controls

Exploit vulnerabilities


Phishing attack is a social engineering attack on email

Spim-Spam over instant messaging

Vishing-telephone attack/VOIP attack

Spear Phishing-its a group attack

x-mas attack-like ddos attack on routers

Pharming attack-malicious person attack host files on system(host files)

DNS poisoing-person attack DNS table to redirect from a site to another.(corrupt DNS)

ARP Poisoning-cache and redirect the traffic(Corrupt Arp cache)


Privilege escalation.

Malicious inside of threat

Client side attack


Transitive Access attack

Brutal attack

Dictionary attack

Hybrid attack

Birthday attack

Rainbow tables


URL hijacking/Typo squatling

Watering hole attack

NotepadSocial Engineering

Social engineering is against human,because human is the weakeast linkȘ


Sholder surfing

another person is looking behind others

Tail gating

looking to get access in a building,facility


false story you give to invidual such that they perform


Seek to obtain credentials,web account,website through e-mail.

Vishing-VOIP/telephone attack

Whaling attack–which attack only CEO/VIP person

Spear psishing-a malicious person attack group of people

Dumpsterdiving-dumpers looking for informatinon that will give them knowleage about your organization,facility,maps,plans,directories,drivers,storage drivers


Impersonation-pretends to be someone they are not to give you some steps to attack you from behind(you are give them access or they ask for some information)

NotepadTypes of Malware

Malware is malicious software:

-Viruses => antivirus

-Worms =>require no human interaction

-Trojans => good or bad activity


Malware is counter by anti-malware

Adware=>Advertising Software(Pop ups)

Spyware=>Spying Software=>Anti-spyware


Back doors

Logic bombs


Ransom ware

Polymorphic malware

Armored virus




NotepadTypes of Malware


-Advertising Software

-shows in pop ups



-virus-slows pc,files change,style

-virus needs a file to attach 

-require human interaction


-worms-cross entire system

-do not require human interaction



-trojan-good or bad activity

having a program and in background is doing something 


-rootkits-gain root acces to system 

-administrate acces to a system

-hide the presence

-mask the presence in the system



-logic bomb-piece of quote insert in a software and activate by a event

-very hard to detect


-ransomware-disable the system


-lock screen


-polymorphic virus-change the form,change the signatures


-armored virus-encrypt them self to avoid detection 


botnets-malicious code insert in a system across the internet  for DDOS

NotepadTypes of Wireless Attacks

Rogue Access Point

Evil twin


War driving

War chalking

Blue jacking

Blue Snarfing


NotepadVarious Types of Attack

Man in the middle attack(mitm)

PC–MITM–WEBSITE (eavesdrop on your communication)

-replay credentials

-impersonating you to gain access


Denial of Service

-exhaust available resources


Distributed Denial of Service

-the attack is distribute on multiple computers across Internet

-malicious person infect with a bot(bot net) the computers(zombies) then attack the victim


malicious person spoof

mac address

ip address

miscoding a another person to get access (ip)


Spam attack

-push adverts,advertisements

-social networks-instant messager


NotepadZero Day Exploits

Zero Day Exploits

Cookies and attachments

Malicious Add-Ons

Session Hijack

Header manipulation

< All CompTIA Security+ Notes
Join Cybrary

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge


We recommend always using caution when following any link

Are you sure you want to continue?