0.00 Class 1 Intro to Ethical Hacking - cloudsecuritylabs/ethicalhackingclass GitHub Wiki
Class 1
Hackers
- who is a hacker? https://www.techtarget.com/searchsecurity/definition/hacker
Threatmaps
- https://threatmap.checkpoint.com/
- https://www.imperva.com/cyber-threat-attack-map/
- https://www.fireeye.com/cyber-map/threat-map.html
- https://threatmap.fortiguard.com/
- https://talosintelligence.com/
- https://cybermap.kaspersky.com/
Your Password does not matter
Zero Day Reports
Certification Roadmap
Various malwares, with common terms
- https://www.malwarefox.com/malware-types/
- WannaCry: https://en.wikipedia.org/wiki/WannaCry_ransomware_attack
- Bad Rabbit - https://www.youtube.com/watch?v=i22DkwT0zAU
- EternalBlue: https://www.cisecurity.org/wp-content/uploads/2019/01/Security-Primer-EternalBlue.pdf
WannaCry (exploiting stolen EternalBlue by NSA - SMB)
Ashley Madison Data Breach / Hactivism?
STUXNET
SONY Attack
Probability vs Impact
What do we Protect?
- CIA
- DDOS (A)
- Encryption (C)
- Hashning (I)
SOC - Tier 1,2,3
Risk Management
Threat Intelligence
IoC
How to ensure security when working with 3rd party vendor?
Software Development
- Dependency management
- open source software/libraries
Cyber Kill Chain
ATT&CK
PEN test methodologies
- Pentest execution standard - http://www.pentest-standard.org/index.php/Main_Page
- NIST 800-115: Technical Guide to Information Security Testing and Assessment - https://csrc.nist.gov/publications/detail/sp/800-115/final
- OWASP security testing guide: https://owasp.org/www-project-websecurity-testing-guide/
- The Open Source Security Testing Methodology Manual - https://www.isecom.org/research.html
Pre-Engagement
Laws and Standards
- Computer Fraud and Abuse Act - https://www.justice.gov/jm/jm-9-48000-computer-fraud
- https://www.ncsl.org/research.aspx
- https://gdpr-info.eu/