Cybersecurity #
Certifications #
Vulnerability Case Studies #
Links #
Info Graphs #

Goodies #
- Great Scott Gadgets
- HackerRF One
- HackerRF Pro
- YARD Stick One
- There are extended versions:
- PortaPack (Shipped in EU!)
- Flipper Zero
Abbreviations #
- VLAN - Virtual LAN
- CSA - Cloud Security Alliance
- CCM - Cloud Controls Matrix
- SDN - Software defined networking
- SDV - Software defined visibility
- VPC - Virtual Private Cloud
- HSM - Hardware Security Modules
- CASB - Cloud Access Security Broker
- MSP - Managed Service Provider
- MSSP - Managed Security Service Provider
- FDE - Full-disk encryption
- TDE - Transparent Data Encryption
- CLE - Column-Level Encryption
- NIST - National Institute of Standards and Technology
- AES - Advanced Encryption Standard
- DES - Data Encryption Standard
- ECC - Elliptic Curve Cryptography
- PKI - Public Key Infrastructure
- CN - Common Name
- SANS - Subject Alternative Names
- CSR - Certificate Signing Request
- DV - Domain Validation
- EX - Extended Validation
- CRL - Certificate Revocation List
- OCSP - Online Certificate Status Protocol
- CPS - Certificate Practice Statement
- DER - Distinguished Encoding Rules
- PEM - Privacy Enhanced Mail
- PFX - Personal Information Exchange
- HMAC - Hash-Based Message Authentication Code
- SHS - Secure Hash Standard
- SHA - Secure Hashing Algorithm
- SCAP - Security Content Automation Protocol
- CGE - Common Configuration Enumeration
- CGE - Common Platform Enumeration
- CVE - Common Vulnerabilities and Exposures
- CVSS - Common Vulnerability Scoring System
- XCCDF - Common Configuration Checklist Description Format
- OVAL - Open Vulnerability and Assessment Language
- SIEM - Security Information and Event Management
- IDS - Intrusion detection systems
- IPS - Intrusion prevention systems
- APT - advanced persistent threat
- STIX - Structured Threat Information eXpression
- TAXII - Trusted Automated eXchange of Intelligence Information
- ISACs - Information Sharing and Analysis Centers
- RAID - Redundant Array of Independent Disks
- RTO - Recovery Time Objective
- UAV - Unmanned Aerial Vehicles
- CCTV - Closed-Circuit TV
- RFID - Radio Frequency Identification
- UEFI - Unified Extensible Firmware Interface
- OEM - Original Equipment Manufacturer
- PCRs - Platform Configuration Registers
- TPM - Trusted Platform Module
- PUFs - Physically Unclonable Functions
- KMS - Key Management Services
- EDR - Endpoint Detection and Response
- DLP - Data Loss Prevention
- HIPS - Host-Based Intrusion Prevention System
- SD-WAN - Software-Defined Wide Area Network
- MPLS - Multiprotocol Label Switching
- SASE - Secure Access Service Edge
- DMZ - Demilitarized Zone
- NAC - Network Access Control
- BPDU - Bridge Protocol Data Unit
- STP - Spanning Tree Protocol
- DHCP - Dynamic Host Configuration Protocol
- VPN - Virtual Private Network
- IPSec - Internet Protocol Security
- AH - Authentication Header
- ESP - Encapsulating Security Payload
- SA - Security Associations
- SSL - Secure Socket Layer
- TLS - Transport Layer Security
- SNMP - Simple Network Management Protocol
- DKIM - DomainKeys Identified Mail
- SPF - Sender Policy Framework
- DMARC - Domain Based Message Authentication Reporting and Conformance
- S/MIME - Secure Multipurpose Internet Mail Extension
- SRTP - Secure Real Time Transport Protocol
- SRTCP - Secure Real Time Control Protocol
- HSTS - HTTP Strict Transport Security
- QoS - Quality Of Service
- DDoS - Distributed Denial-of-Service
- NGFW - Next-Generation Firewalls
- UTM - Unified Threat Management
- ACLs - Access Control Lists
- SSID - Service Set Identifiers
- WPA - Wi‑Fi Protected Access
- CCMP - Counter Mode Cipher Block Chaining Message Authentication Code Protocol
- SAE - Simultaneous Authentication of Equals
- OWE - Opportunistic Wireless Encryption
- WLAN - Wireless Local Area Network
- EAP - Extensible Authentication Protocol
- PEAP - Protected EAP
- EAP-FAST - EAP-Flexible Authentication Via Secure Tunneling
- EAP-TLS - EAP-Transport Layer Security
- EAP-TTLS - EAP-Tunneled Transport Layer Security
- TKIP - Temporal Key Integrity Protocol
- BYOD - Bring-Your-Own-Device
- CYOD - Choose-Your-Own-Device
- COPE - Corporate-Owned, Personally-Enabled
- COBO - Corporate-Owned; Business Only
- VDI - Virtual Desktop Infrastructure
- UEM - Unified Endpoint Management
- MDM - Mobile Device Management
- MAM - Mobile Application Management
- MCM - Mobile Content Management
- GPS - Global Positioning System
- NFC - Near Field Communication
- PII - Personal Identifiable Information
- PHI - Protected Health Information
- DPO - Data Protection Officer
Study Topics #
- Discretionary Access Control (DAC)
- Hot Site
- A documented restoration order helps ensure that systems and services that have dependencies start in the right order and that high‐priority or mission‐critical services are restored first
- Fog commputing
- Cloud Access Security Brokers
- Transit gateway <VPC/On Prem connection>
- General concepts
- Backups
- Endpoint security -> Insecure Ports
- XDR is similar to EDR but has a broader perspective covering not only endpoints but also cloud services, security platforms, and other components.
- A Windows Group Policy Object (GPO) can be used to control whether users are able to install software. Antivirus will not stop this, nor will EDR or a HIPS.
- A host‐based intrusion prevention system (HIPS) can detect and prevent attacks against services while allowing the service to be accessible
- SCADA (supervisory control and data acquisition) is a system architecture that combines data acquisition and control devices with communications methods and interfaces to oversee complex industrial and manufacturing processes, just like those used in utilities.
- SCADA (supervisory control and data acquisition) is a system architecture that combines data acquisition and control devices with communications methods and interfaces to oversee complex industrial and manufacturing processes, just like those used in utilities.
- SNMP traps can be configured to provide additional information, but typical SNMP traps provide information about issues such as links going down, authentication failures, and reboots
- SD‐WAN (software‐defined wide area network) is commonly used to replace MPLS (Multiprotocol Label Switching) networks, which are typically higher cost than other connectivity options
- Policy enforcement points communicate with policy administrators to forward requests from subjects and to receive instructions from them about connections to allow or end.
- SASE (Secure Access Service Edge) combines network security and device security by leveraging SD‐WAN with security tools like Zero Trust, firewalls, and cloud access security brokers (CASBs)
- Simultaneous Authentication of Equals (SAE) is used to establish a secure peering environment and to protect session traffic. Since the process requires additional cryptographic steps, it causes brute‐force attacks to be much slower and thus less likely to succeed
- Wireless protocol
- FDE: Full Disk Encryption
- The Windows Security log records logon events when logon auditing is enabled. The Application and System logs do not contain these events.
- CVSS format / SCAP
- Metasploit
- Footprinting - Detecitng running oS and versions etc
- Spearphishing - specific group
- Secure baselines are used to document the settings and procedures used to configure systems or devices. The other answer choices are not common industry terms
- Ephemeral, short‐lived keys, are used with key establishment. 8 A checksum is a computation that is used to determine whether a file or message has been changed, allowing error detection. A hash generates a unique value for a file and is a one‐way function—it cannot be reversed to re‐create the original file.
- RAID
- A UPS (uninterruptible power supply) relies on batteries or other stored power to keep systems online during short power outages, and it can also provide stable power during power sags and undervoltage events.
- The /etc/shadow file contains password hashes for most modern Linux implementations, and Ben can then use a tool such as rainbow tables or John the Ripper to crack passwords. John itself is not a password file or repository, and /etc/passwd is a secure pointer to /etc/shadow and does not actually contain useful information. Finally, an offline password attack implies activity that does not take place over the network, so SSH is not a valid answer.
- n MOU provides an informal means to document the relationship between separate parties, making it well suited for situations involving different business units within the same company.
- Boot attestation provides information about the software that it booted with to an attestation verification platform or system after boot, unlike secure boot, which uses a chained verification process to ensure that each component is signed and acceptable before it is loaded.
- Remote access Trojans (RATs) are Trojans that are specifically designed to provide remote administrative access. The rest of the answers here are made up. *Trusted Automated Exchange of Indicator Information (TAXII) is intended to allow cyberthreat information to be communicated at the application layer via HTTPS. Structured Threat Information Expression (STIX) is an XML format for describing threat components. OpenIOC is an XML format for describing indicators of compromise. TTP is a generic term for adversary tactics, techniques, and procedures and is not a communication protocol or standard.
- Sarbanes–Oxley Act (SOX Act), as it is specifically designed for U.S. publicly traded companies. It insists on a high level of confidence in the IT systems that manage these companies’ financial records.
- Emily is looking for a solution to minimize the load of numerous third‐party audits. In such a situation, SSAE 18, also referred to as service organization controls (SOC) audits, is an ideal solution as it provides a common standard for auditors assessing service organizations. It allows the organization to undertake an external assessment instead of multiple third‐party assessments, sharing the resulting report with customers and potential clients. While COBIT, ISO 27001, and ISO 27002 are valuable auditing and assessment standards, they do not specifically address the issue of multiple third‐party audits. COBIT is a common framework for conducting audits and assessments, ISO 27001 describes an approach for setting up an information security management system, and ISO 27002 provides more detail on the specifics of information security controls, but none of them offer a solution like SSAE 18 for service organizations facing numerous audits.
- Perfect Forward Secrecy ensures that even if someone later steals a private key, they can’t decrypt past communications. Each session gets its own unique, temporary encryption key, which is deleted afterward. So even if a hacker gets your server’s private key or Wi-Fi password later, they can’t go back and read old data that was captured before.
- Anomalous behavior recognition typically looks at risk, unexpected, and unintentional behaviors. Repeated behavior is commonly in organizations because of ongoing tasks and processes.
- Logging is operational control
- If a phising email is tailored to your business (I work in insurance and they use insurance relevant topics or your role speicfic things) it will be spearphising instead of phising
- Common motivations for internal threat actors include blackmail, financial gain, and ethical reasons.
- New Technology LAN Manager (NTLM) had the flaw that sessions could be replayed.
- Integer overflow is a thing, Buffer overflow is mroe about arrays or all non-initger attackcs
- TCP 6667 => IRC
- Worms spread themselves via vulnerabilities,
- The Windows Security Account Manager (SAM) file and the /etc/shadow file for Linux systems both contain passwords and are popular targets for offline brute‐force attacks.
- TCP port SQL: 1433
- business email compromise (BEC) can be done via typo squatting, spoofing email or actual email compromise.
- Jailbreaking and pakcage managers (requires jailbreak`) is iOS specific.
- Sam is using blocked content logging to determine what systems may be compromised and attempting to connect to malicious domains and if users are trying to access those IP addresses or domains.
https://www.example.com/viewer.php?filename=../../../etc/passwd%00.png>%00is a null byte, so applications stop readying after it, so the.pngpart is ignored.- Horizontal privilege escalation occurs when users at a similar level are able to use privileges or accounts belonging to peer users.
- Firewall rules start at top and first match wins. So deny all usually is at the bottom.
- AH > Authentication Header
- NIPS -> Network Based Intrusion Prevention/Detection System
- Partial backups are not the same as differential, partial is just a part of the entire scope that is backup, like a specific file.
- COOP plans address loss of access to some or all of a facility, personnel, or services.
- ICS: Industrial Controk Systems
- IPSEC VPN works on Network lauer, VPN TLS on Transport layer
- Screened subnet designs use a firewall with three interfaces, one for the Internet or an untrusted network, one for a protected but front‐facing network, and one for a shielded or protected network
- Endpoint detection and response (EDR) focuses on identifying anomalies and issues, but it is not designed to be a malware analysis tool.
- Red Hat stores authentication log information in /var/log/secure instead of /var/log/auth.log used by Debian and Ubuntu systems
- Cuckoo, or Cuckoo Sandbox, is a malware analysis sandbox that will safely run malware and then analyze and report on its behavior.
- Sn1per is a pen test framework.
- sFlow, NetFlow, and IPFIX are all used to capture network flow information,
- FDE can be enabled via MDM.
- Windows Defender Firewall operates on a per‐application model and can filter traffic based on whether the system is on a trusted private network or a public network.
- NXLog collects log
- Incident response simulation involves actual actions taken, without creating issues or affecting prod.
- Security keys are commonly used for passwordless authentication since they can provide both a physical token and cryptographic login credentials that are unlocked using a password, fingerprint reader, or camera.
- OAuth 2.0 = Authorization framework (delegates access).
- OpenID Connect (OIDC) = Authentication layer built on top of OAuth 2.0.
- The Security Content Automation Protocol (SCAP) is frequently used to allow for monitoring and measurement of NIST 800‐53‐based controls.
- Kerberos is one of a small number of commonly used AAA protocols for network devices
- Kerberos is mainly used in: Windows domains (Active Directory) — it’s the default authentication mechanism.
- Kerberos is primarily a network authentication protocol, not just for “network devices,” but for users and services communicating over a network.
- Kerberos is a network authentication protocol for verifying the identity of users and services within a trusted domain — it’s not mainly for network devices like routers or switches, but for networked systems and applications.
- Email security gateways are appliances or software virtual appliances that provide anti‐spam, anti‐phishing, and other email security–related services.
- Bluetooth devices can be fingerprinted.
- Software source code escrow is often used to ensure that organizations can obtain the software code if a company goes out of business or other adverse events occur that might endanger the company relying on the code. Reviewing the source code for an entire application is outside of the scope and capability of the majority of organizations, particularly when other dependencies are included.
- SELinux switches linux to Mandatory Access COntrols
- Enterprise password managers allow for “checking out” passwords and enforcing these to be changed after check out.
- UEBA stands for User and Entity Behavior Analytics, a cybersecurity solution that uses machine learning to detect threats by analyzing the behavior of both users and non-human “entities”
- Certification of destruction can include photographic evidence,
- Embedded systems typically have few, if any hardening options because of their purpose‐built functionality. Benchmarks are rarely available for them, and most are not designed for central management or adding on security software.
- Qualitative risk assessments measure likelihood on a descriptive scale like high, medium, or low. Quantitative assessments measure likelihood on a numeric scale using known event occurrence rates where possible.
- Boards often include external members who may have industry or other experience and expertise that will benefit the organization, and they are sometimes, but not always, paid as part of their work on the board. Committees are frequently composed of internal staff;
- A one‐time risk assessment that addresses the acquisition will best meet Sharon’s needs. Ad hoc assessments are less formal, and they are often used to quickly assess a system or other potential risk.
- Data owners classify, protect, oversee the use of, and ensure the quality of data.
- Data Custodians are the staff and teams who handle data
- Provides technical guidelines for digital identity, focusing on authentication and password lifecycle management.
- Risk exception recognizes risk areas where an organization may not be in compliance with policies or regulations, and may be acknowledged because they cannot be addressed in a timely manner or are required for the organization to conduct business.
- Integrated penetration testing combines both offensive and defensive penetration testing,
- A regulatory assessment doesn’t necessarily mean it’s performed by the regulator — it means the assessment’s purpose is to ensure compliance with a regulation.
- CompTia: “Which concept label best fits the clues in this short paragraph?”— not “Which would I choose in a real-world scenario?”
- The Payment Card Industry Data Security Standard (PCI DSS) is an industry standard, not a law, !!!!
- BUt there is a PCI DSS organization that contractlyly (not regulatory) enforces following it. So you do get fined by the bank or payment processor, cause htey get fined by this PCI SSC.
- An Audit Committee is a subcommittee of an organization’s Board of Directors that oversees financial reporting, risk management, and internal and external audit activities. Often meets with CFO, CISO, internal auditors, and external auditors
- Continuous integration/continuous delivery (CI/CD) pipelines deploy software on an ongoing basis, making them a good fit for continuous risk assessment techniques.
- HIPPA is A REGULATION, LAW.
- An organization’s risk threshold is the level where they will switch from accepting a risk to seeking to handle the risk. Their risk appetite is the amount of risk an organization is willing to accept to achieve its goals.
- Anomalous behaviour: Risky, unexpected, and unintentional
- Due Diligience : reasonable steps taken by a person to avoid committing a tort or offence.
- Waylon is a risk owner. He is responsible for ensuring that the risks related to data and the application are managed appropriately. Risk owner is a thing.
- Businesscontinuity is about HOW TO KEEP THE ORGANIZATION running, Dissaster recoveru is about HOW TO REPSONSE TO SITUATION X.
- Playbooks list the actions that an organization will take as part of a response process.
- Guides incident response teams — what to do, who to involve, how to communicate.
- Runbook lists the steps required to perform an action like notification, removing malware, or similar tasks.
- Guides technicians/analysts — the how-to instructions to execute tasks.
- 27002 guides the implementtion if a ISMS and controls, while 27001 is a STANDARD of ISMS framework.
- For Risk Acceptance the residual risk is most important, cause you want to know what the risk is you will be accepting.
- Disaster recovery plan tell what to do before, during and after the disaster occurs.
- If you make decisions, data controller, if you enforce it, data steward.
- Policy handbooks are used to provide information about high‐level security practices and goals.
- NIST no longer recommends requiring password changes on a regular basis, and instead suggests that passwords only be changed when necessary. This helps to prevent password reuse and avoids influencing users to slightly modify passwords.
- A malicious USB cable or drive can be made to look like jsut a keyboard.
- There are actually some reasonable KPIs for monitoring security awareness effect.
