1.5 Different threat actors, vectors, and intelligence sources

1. Actors and threats

In this video, we're going to talk about actors' threats and their attributes. So what is this video going to be about? Who are the threats to your network? Like, who are the people that are trying to destroy your network, trying to hack your network? So let's go through some terms that are on your exam. Objectives that you should be familiar with are those that are trying to break your network. The number one term you should know is "Apt." An advanced persistent threat So you may be saying, "Well, who is this apt?" But here in the United States, anapt would be like Russia or China. So, for example, Russia is considering Aptand, and you may be wondering why. Because they're advanced, they're pretty persistent and they're a threat to the United States. So we call these apts. Apts are generally really advanced organisations or government agencies other than yours that they view as a threat. So just remember, for your exam, that apts are generally government threats. Now I will tell you guys this. The most important threat to your organisation is not outsiders. The most important threat to an organisation is actually insiders or insider threats. Insider threats can stem from disgruntled employees or people working in your organisation that's not happy or it's just out to destroy it. Remember, these insider threats already have access to all of the information. They can already cause chaos without trying to break through a firewall or crack someone's password. So keep that in mind. The other term here you should know is what's known as state actors. State actors are basically hackers working for other governments within your country. They're there to create disruptions to infrastructure. Another term that's interesting is "hacktivists." So hacktivists are basically hackers for political causes. So let's say a hacker doesn't like a particular political party or doesn't like a particular policy. They tend to go and hack that particular party, causing chaos within the party, maybe DDoSing their service. So this person would be known as a hacktivist. One term that hackers, in particular, do not like to be called is "crony." And the term you should be familiar with, once again, is called a script. Kitty script kitties are basically wannabe hackers. They're not technological advances. When I started out doing pen testing many years ago, I was a script kiddie. I didn't know any Python programs. I didn't know any Bash programs. In fact, all I did was run other people's scripts. A script kiddie is someone who doesn't know a programming language. They only run other people's scripts. And this is probably not a good thing because they could probably get themselves infected. Script kiddies are considered insulting to really good hackers. The other thing you should know is about criminal syndicates, or mobs Cybercrime is definitely on the rise throughout the world. Organized crime is what's doing it. Now, if you recall from the 1930s, you had Al Capone. Was he around back then or something like that? I'm talking about organised crime, the mafia, and syndicated crimes, right? criminal syndicates Except now they're not doing racketeering and opening up casinos to launder money. Now what they're doing is actually creating malware. A lot of the malware that traverses the world and a lot of the stealing of data againstcompanies in ransomware is actually done by organised crime. Assume it's the same mafia that was selling drugs and racketeering many years ago. They're basically doing computer crime now because that's where the money lies now. So when it comes to hackers, you have a white hat, a black hat, and a grey hat. First of all, a white hat hacker is known as a pen tester. White hat hackers are hackers that have permission. We hack businesses because we get permission to test the boundaries of their network. We'll cover pen testing later in the class. But just remember, pen testers are also known as white hat hackers. You don't want to be a black hat hacker. Black hat hackers are hackers that do it for malicious reasons. You see, the term "hack" actually means just to find vulnerabilities. Black hat hackers are criminals. They basically hack your organisation and hold you hostage. They may hack your organisation and start a ransomware and then say you have to pay them a lot of money to get the decryption keys for that particular ransomware. So black-hat hackers are the bad ones. Then you have another one called "grey hat hackers." Gray hat hackers are basically folks that maybe by day they are a white hat and then at night they're a black hat. So they may work as a pen tester during the day and then use the same pen testing skills to commit crime, such as ransomware, and hold companies hostage at night. Another term that you should be familiar with is something called "shadow it." So in an organization, you're going to have a pretty large IT department, especially if the company is really large. You can have a decently large IT department. And what happens is that sometimes there's another IT department that's not managed by it, called a shadow IT department. Sometimes the shadow IT departments are run by folks that don't have technology skills. It has pros and cons. First of all, it could lead to innovation within the IT department because people have different perspectives and maybe they come up with different ways to improve IT services. But what can happen is that the lack of skills in this shadow IT department, also known as fake IT departments, can create loopholes within the organization, causing the organisation to become more vulnerable. And finally, competitors. Who is going to be the target of threats to your organization? competitors. You work in a particular industry. Let's say you sell widgets. Well, whoever your competitors are, selling widgets is going to be one of the biggest threats to competitors, especially between businesses. Sometimes that's espionage. They send spies to work for each other. They commit sabotage against each other, sabotaging each other's businesses. So one business makes more money than the other. Now the other thing here is the attributes of these actors. There are some attributes of these particular types of actors, like APts hacktivists, different types of black hat or grey hat hackers, criminalsyndicates, script kiddies, and so on. What are the attributes of these particular hackers? Well, number one, the attributes can be either internal or external. Most of your security incidents are going to come from internal security incidents or internal problems. Remember something; people like insider threats within an organisation already have access to your data. All they have to do is basically just commit the crime. They already have access to it. If they want to steal it, they just have to steal it. If they want to manipulate it, change it, delete it, edit it for malicious reasons, they could just do that. External threats are going to be hackers from the outside world and maybe even state-sponsored actors. It is possible that your external competitors will be competitors. Now the level of sophistication among hackers really matters. For example, a script kiddie's level of sophistication and capability to hack you is very low. If you think just by running scripts, other people'sscripts, you're going to get hacker company, you may get away with some, but not all. As a result, your level of sophistication or capability is actually quite low. But if you come across a blackhat hacker or state spa, state actor, these are people that are highly trained. So their level is very high and their capabilities are high, so they could probably hack the hell out of you. Script kiddies and standalone hackers may not have a lot of resources and funding, but appropriate state actors, and even some types of activists, do. Especially criminal syndicates. also organised crime and really, really wants to make money. So they're going to have a lot of resources and a lot of funding to commit this particular crime. And then comes the intent and the motivation. So intent and motivation are important. Now you have to ask yourself, why are they doing this? What is the intent? What motivates them? Generally, it's going to come down to a couple of reasons. Number one, money. They're going to hack you to acquire money.Criminal syndicates, for example, or organised crime. Certain types of black hat hackers will actually hack you. The intent is to extort money out of you. This whole concept of ransomware is very popular now and billions of dollars are being lost because of it. Why? The intent, or the motivation, is to acquire money. The other thing that you're going to find is just pure maliciousness. And they're not actually hacking you for money; they're hacking you because they find enjoyment in watching other people suffer. There are certain people in this world whose objective is to find happiness in the misery of others. Think of hackers that write programmes that just delete your operating system, corrupt your files, and send them out. They get absolutely no money back from this.

The only thing they're getting back from this is the misery of you. So, when it comes to apt, their motivation and intent are to bring down that government or create havoc within that government in order to witness the demise of that particular country. Now, the other part of this video we're going to talk about is what's known as the vectors. How would these threats get into you? Well, there are a few ways. First of all, Direct Access Insider Threathas direct access to your information. Spies operating between competitors. I'm going to be a competitor with you. I'm going to spy on your organization. I'm going to have direct access to your information. The other thing is called "wireless." So you've got people standing outside your network scanning the wireless airways, confining your wireless network. If you have a poor passcode on it or you're using things like WDP, which is crackable, they'll be able to crack into your network, steal your data, and even corrupt your information. Email Now, email is without a doubt the best way to steal information or get malware into a business. You can also steal information from the emails and documents. Now let me explain.

The number one way to send malware to an organisation is through phishing attempts. And, as we discussed earlier in this class, phishing attempts are likely the best way to get actual data to people, particularly malicious payloads. Send someone an email with some kind of link. If you craft it right, if you know what you're saying, if they trust it, if you spoof the email address, they will actually click the link and you'll be able to get the payload in. The other thing is the supply chain. This is a newer vector that is getting exploited a lot more. Let's not say newer, let's just say it's getting exploited a lot more. Now what they're doing is they're infecting the different supply chains that organisations are using to build components in order to get malicious software into that particular business. Another way they can do social media, social media and promotion For example, state actors may create fake news and push it throughout social media, thus creating havoc within a particular country. Another thing they can do now is they have USB sticks, removable media, and they have USB sticks that contain malicious software on them. You plug it in and it affects your machine and allows people to control your machine. So this should be another vector. And the last one here is Cloud. The cloud is a good vector because a lot of organisations already store their data in the cloud. So using this as a vector to attack you, for example, because purchasing cloud services and getting a lot of cloud servers can then be used by DDoSattack in order to attack your company. Your company is down. Okay, in this video, we covered a lot of stuff, right? We talked with different actors and threats, the attributes of these actors, and the vectors that they may come after you with.

2. Threat intelligence sources

In this video we're going to talk about threat intelligence sources. So where would you get information that you could use in order to help identify threats to your organization? Also, this can be used in an ethical hack way or in a pen testing way. How would you get information about businesses and use it to pentest a business? Of course, this can also be used by hackers and bad guys in order to commit crimes or find out information about a company. So in this video, what I'm going to becover are these threat intelligence sources. These sources we can go to to get information about threats that are out there, to get information about businesses and people, and stuff like that. They have a footprint in them. So we've got a lot to go through in this video, a lot of different things.

There's a lot of different links in this video that I'm going to be going through different sources for threat intelligence sources and I'm going to be sharing them with you. Don't forget to check the description in the video to get all the different links about it. So let's get started on this particular one. So let's go here to my desktop because I have a lot of notes here for us. So the first term you're going to need to know is Osync. This is an acronym for open source. Open source intelligence. Open source intelligence is basically using public information in order to footprint or to gain information about whether it's a threat or a victim. Because you're an ethical hacker, it's going to be about using public information to gather data about businesses, to gather data about threats, and to gather data to do your pen testing. This is one of the best websites for this, and I can't tell you how this is a gossip. I use it so much when I'm doing footprinting for an organisation to do a pen test on visiocentframework.com. I have a link here to it. So I'm going to click this and let's take a look at what this is. Now this basically combines and gives you links to all of the different public data when it comes to doing intelligence work or finding information about businesses and stuff like that. About businesses So let's take a look. For example, if I want to look at domain names, I'm going to click on this. Then it gives me all the different tools that I can do. So maybe I want to find information about domain blacklists.

So I would click that. Then it would give me some different websites that I could check out for that. If I want to do a discovery scan, it will tell me different websites I can use for that. If I want to take a look at subdomains, it will tell me different websites that I can go to for that. And by clicking on these things, this can just keep going on and on, like finding subdomains. It could take me to where I can find subdomains of different people or different websites. Now I'm not going to click on a lot of these things because sometimes they take you to different links. That is probably not appropriate for me to show you. For example, if you wanted to look up telephone numbers, you can go here and it gives you different websites that can give you that type of information. Spy dial, that's what that is. Use free phone numbers and addresses to search for people. So interesting on that one. So this here really allows you to refresh it quickly. You always have to do a quick refresh of this. Now I could go on and on and show you so many different tools. Please, after this video, go here and check out this website, Osinkframework.com. Check it out. You're going to be on here for hours. All right, trust me on this. For hours, you're going to find so much information about so much stuff. Okay, so that's the first one we're taking a look at. The next term here we should understand is proprietary software. So just keep in mind about something. When a software is set to be closed-source or proprietary, it means that the source code is not available to the users.

The opposite of closed proprietary software is open source software, where the sourcecode is available to users. Now, Windows is proprietary software. Now what that means is that we can't see the source code. So, any threats that affect this particular operating system can only be fixed by Microsoft. Since we don't have the source code, we can't fix it and recompile it to fix Windows. Okay, the other thing here is that we have our vulnerability databases. A vulnerability database is generally a database of vulnerabilities that are out there that can affect your organization. If I have one here, click on this link. This is called this particular one, the National Vulnerability Database. This is maintained by NIST (andnotice it's NVD NIST gov here). Now this is going to maintain some of the most recent vulnerabilities that are out there and it's going to give you a score on these particular vulnerabilities. So the last 20 scored vulnerabilities and summaries are what it's showing. You can explore this thing like crazy. There's so much information hereabout different vulnerabilities that are out there. So here we go with releases of different maps. This gives you a scoring system. So, for example, they're saying that this particular thing we're going to talk about comes up later in the class, right? We're going to talk about common vulnerabilities and exposures. As a security person, you need to know what that is. We'll talk about that coming up later in the class, and they're giving you a score on it. So like this particular one is a Windows remote access, elevation of privilege, vulnerability. And this one is pretty high up there. So it's a 7.8, which is the current vulnerability scoring system on it. It's very interesting stuff. Check this out.

Okay, the other thing you were looking for is public-private information sharing centers. Now there's two things here. Let's take a look at what this is. So the public-private information sharing centers, well, these are basically sharing centres between organisations and government entities. Government entities gather information about threats that are out there and newer or emerging threats that are out there. We have to have a place to share this information. So, for example, if my organisation finds out about a new threat that is out there, do I just keep it to myself? No, I'm going to share it with different centers. right? And there are a whole bunch of these centres that are out there. Now, this here is the CISSA gov. This is a cybersecurity infrastructure security agency as part of the government here. And they have information about these particular sharing centres that are out there. I gave you guys a link here. You guys can check this out. Here's one of the centres that I gave you a link to. Now remember, with these links, you're just exploring them, right? You don't need to be a master in any of this for your exam. All it's doing is that they just want you to know that these things exist. Okay? Again, don't go and spend hours and hours studying for your exams. Just know that these things exist. That's all it is. Here's a term that a lot of people have heard of, something called the dark Web. So what is that? Well, first of all, the dark web is a small part of the deep web. Now, what exactly is the deep Web? The deep well, the deep web, is a part of the Internet that is not indexed by any search engine such as Google. So there's no index. You can't find it. You can't go to Google and find webpages that are on the deep web. The dark web is now primarily used for illegal activity. And this is going to be trading illegal files, trading up like child pornography. Now what they do is in order to connect to these networks, you're going to have to have things like Tor or another one called I two P.Basically, an invisible network is used to access these dark nets. Now, one famous thing that I want to mention is something called Tor.

Tor is used not just for accessing the dark web but also by people using it to anonymize themselves. In other words, when you're surfing the internet and you want to be anonymous, you can use Tor. So I'm going to show you guys here how to download Tor. It's famous for the Tor browser, and a lot of people have this on their computers, and Tor basically anonymizes you. So when you go out and you're looking for things, you use the Tor browser. Now, I have it installed on this computer. Here's the Tor browser. You could download this. I've downloaded this and I've installed it, and I'll show you what I mean. So look, it's starting up in the Tor network, and it looks like a normal browser. So if I go to Google, the thing is that sometimes it's very slow. So Tor goes through a series of proxies, and what it does is that it hides your IP address. So I'm here in New York City. Now, let's see. I don't even know where I am because I'm in this Tor hidden network. So I don't know where I am. So Tor put me through a variety of different servers throughout the network. So I have to select English there, and I don't know where I am. So I'm going to type what my IP is. And let's see where I am right now. Okay, so it wants me to know I have to be careful when doing this. This computer has nothing on it. Raise a crosswalk. There is a crosswalk. I hope the computer might not be sent. Okay, so this year, let's see if it will do a search here for me.

No, it does not. So the Tor network, sometimes it's a little tricky to use it correctly. So I'm going to try to use the Tor network and see if I can get this thing here to work. unusual traffic from your computer's network. This page, Google of itself, is detected. There's something unusual with my network. So you know what? Let's try Yahoo! It's always fun to use our network. Before I did this video, I tried this. This didn't happen. Okay, so it's telling me something here is going on. And let me see what I get here. Okay, so what is my IP address? So I'm going to go here. So again, I'm still in the Tor browser. It says I'm in Australia. Obviously, I'm not. I don't even know what I'm looking at; it's putting me on some ISP. It knows it's some kind of network sharing device. It's got me. This is not my IP address. This is just going through the term browser. If you close it and reopen it, you might even get a different IP address. Notice Google was like, "Hey, man, I don't know who you are." So why do we use this? Why are we using Tor? Let me close this out. So the Tor browser, or the Tor network, is used to anonymize yourself, and it is not used to look for illegal things like illegal software. It is used in indifferent countries where people are suppressed. They can use it to get out of the country with a different IP address.

Okay, moving on. Here the next thing we have is what's known as indicators of compromise. So what exactly is that indicator of compromise? It is basically part of the forensics data. This is going to be like log files orlogging through the files themselves that can indicate that a system or network has been maliciously compromised. So this is when you go through the logfiles on a computer or system and you start to find that these systems have been compromised. Maybe because you're looking at log files and you're seeing that it has weird IP addresses like from Australia showing up in system log files or outgoing traffic on an anetwork when you know this person was in New York. OK, the other one here we're going to talk about is the automated indicator share, in particular your examination, something called "Structured Threat Information Expression," trusted automated exchange of indicator information, or taxitaxii. Now this here is the exchange of cyber threat indicators. So there is a website for this one also. And basically, this is an automated sharing of threat information. That's all this is. We have to exchange information with cyberthreats as their current in automated fashion. We shouldn't have to wait for threat information to circulate throughout the entire globe before organisations are alerted or government agencies are alerted of potential threats that are out there. So there's a link here for this and also the automated indicator sharing. So we want to exchange cyberthreat information between the federal government and private sector machine speech. So as threat information as threat indicators are taking place, maybe there's a new type of Dos attack or some kind of new crypto malware that is out there.

We want to be able to indicate whether it's government agencies or public companies as quickly as possible in automated real time. In other words, So we need to have a system for this, and this is what this is. OK, the next thing here is something called predictive analysis. Predictive analysis refers to statistical techniques from data mining and machine learning that analyse data to make threats predictions. So what this means is that predictive analysis is going through different data within a system to determine if there is a threat taking place. Now this is important because of zero-day vulnerabilities. A zero-day vulnerability is when a threat comes and there is no permanent fix for it, there is no patch for it. And what happens if the system has to determine if it's a real threat or not? So predictive analysis can make a prediction that this is actually a valid threat and stop the threat before it proceeds. The next one we have is something called threat maps. Now I have shown you one of these before, and this is basically when I think we did the DDoS video. I showed you one of these threat maps, which basically show you youth threats in real time as they occur. I think I'd show you one. The one from Checkpoint. Here's the one from FireEye. And FireEye is a maker of ID systems and so on. maker of security software. And here's their version of it. I like the Checkpoint one. That one was pretty good. The Checkpoint system, so it's showing you threats as they're happening in particular in real time.

And you can also use the ones from checkpoints. Just go to Google and type in "threat maps" and you'll see them. Okay? And finally, file code repositories. code repositories, where source codes for programmes are archived in an ordered way. Code repositories are where programmers basically store codes. For example, GitHub is a famous place to store codes. And also, GitHub is where we can share codes. So this becomes a way of transferring information about different threats that are out there. Okay, so quite a lot looking atquite a lot of different ways there. Now I will push you guys to please follow up with the links here. I didn't want to go into depth on all these links. You don't need to know it for your exam in-depth with all those links or all these things. Just understand what they are. But as your security career progresses, you're going to want to know these things. So you're going to want to know these things, especially if you work in organizations or big businesses. Your security career is progressing. Things like knowing threat maps, things like knowing the automated indicator, sharing that Osak framework. Amazing. You guys have got to try that out. Things like knowing these types of things really help you to keep your organisation secure.

3. Research sources

In this video, I'm going to be going over some research sources that you can use to research different threats that can affect your organization. So let's talk about this. You're a security person. You're working as a security professional in an organisation and your job is to secure them. But part of working in security is knowing who your threats are and what vulnerabilities are out there. So you have to now know, OK, where do I look, where do I find all these different threats or vulnerabilities that can affect my organization? So I have a list of things here that we can take a look at, and this comes right off of your exam, so we should know about them.

And I've got a few links here, so you guys can check out the links. They'll be in the description of this video also. All right, so let's take a look at this. Right, so you're doing research on the different vulnerabilities that are out there. Let's take a look. So the first place to look when it comes to research and threats to your organisation or finding vulnerabilities is vendor websites. All right, that's one of the first places you can look. And depending on the technology that you're using, all vendors are going to publish different threats or vulnerabilities to different technologies or software that they created. Like, Cisco is going to have a part of their website that's going to show all vulnerabilities to certain devices or software that they have.

So this is Microsoft and I have a link from even a small company like Asus, which is not that small compared to some of the big technology companies they are. And I have a link here, and I'll show you what I mean. And again, you could find this on any vendor's web page. You just have to look for it. They'll tell you, they'll show you their security advisory or security issues, and they'll say, hey, download this to fix this. So take, for example, if I go down here, notice the latest security updates that they're telling you. They're telling you that these were security issues and they're telling you how to fix it and problems that you may encounter in there. But you notice this thing keeps popping up called CVE. All right, so we'll come down in a minute. Vulnerability feeds the next one. So do we have a list of current vulnerabilities that we can keep an eye on? Imagine something pops up that says, "Here's the latest vulnerability." You say, "Oh, that can affect my organization." One of those is here, metric, which is maintained by something called the common vulnerabilities and exposure database. And now I'd like to discuss CVE. You need to know CVE for your exam. So what exactly is it? Let me just go to it and then we'll come back to that data feed. So I just clicked on this here. It takes me to the CVE metrimitri.org index. So this is the most updated list of vulnerabilities for technology products right now. Basically, this is maintained by the Department of Homeland Security and the Cybersecurity Infrastructure Security Agency, United States Federal Government. Here.

And what this means is that as vulnerabilities for various technologies become public, They're posted here and they're giving you descriptions of them, and they're giving you ways to fix them, with links back to the vendor. So this is the feed right here. Notice the latest entries that are coming in. This thing is going to be serious. Like 2 hours ago, they had... I don't even know what these are. Some kind of reflective cross-site scripting I don't know what that is. X on IPS. I really don't know what that is. Maybe some network protection systems—I'm not sure what that is. But the technologies are all listed here. So you can find different technologies that are here and you can even search for them. So you would go in here and you could search the CVE for different technologies. You can go in here and use whatever technology that you were using. I was looking for Palo Alto devices. And look at this. So, Palo Alto is a firewall. I was teaching a pen testing class, and I was showing them how to use CVE. That's why it's there. And you can see that the CVE 2020 notes are all 2020.

And this is CBE 2020, the CVE number. This is something that you should be familiar with whenever you see something like CVE, because different vendors, different websites, different places you're going to go, they're going to say CVE, and they're going to give you a number that generally tells you the year and the number is for that particular attack. So notice they're saying that on this Palo Alto device, an authentication bypass vulnerability exists in their global VPN client. They go in to tell you about it, then they give you links to fix it. So they're going to give you a link that says, "Okay, here's the URL that talks about this attack." This is Palo Alto themselves, the actual firewall vendor, telling you about this attack, knowing that this is a CVE, and it's telling you it's a pretty high one. And then they tell you how to fix it, right? They're saying, hey, upgrade. If you're running an older operating system, it's going to be affected. The answer was just to upgrade the OS. So as your career progresses, you're going to see this thing called CVE. Anytime you see it, you can always come back here and you can search for the CVE number. Sometimes the vendors themselves say CVE 2021, CVEDash 2021, let's say it's next year. And then it will give you a number. And that number will specify what type of attack that is. And then you could come, you could search for it, pull it up, and tell you what it is and how to fix it. So they have a feed here called CVE Datafeeds. And this year, we'll just keep you updated on the latest ones that come out.

So very interesting. You guys are going to get to know CVE as your security career progresses. You're going to get to know CVE very well. Another place you can go to get research on different threats that are out there is going to be different security conferences. Defcon is one of the most famous security conferences. They always display some of the newest threats that pentesters or ethical hackers have found. It is always a good place to find them. Academic journals can publish different findings that they can see. They may say there's a major vulnerability and you shouldn't use software in this way. So this is going to be used by the Internet Engineering Task Force in order to make internet standards in there. You can also do research to see if there are any threats that can affect your technology. This will happen in your communities. This can be a particular group of people within an industry that may work to advance a profession, like, for example, a school industry security advisory board that looks at school management systems to ensure that they are secure. On social media, I don't think I have to mention much here. Social media Social media could be a virusitself, but with social media going through different postings, you could see people posting about the latest threats that are out there. Maybe there's a major vulnerability out thereaffecting a particular type of firewall and people are posting about it on different social media websites such as Twitter. So generally, there is a major hack going around the world. Twitter will have some information about it. Then you have threat feeds.

Threat feeds are basically the same as vulnerability feeds. There are going to be holes in your network. Threats are new intelligence information that is out there. You know, there are different forms of this. Here's some more vulnerability information that is out here. They're telling you the latest Zero D exploit. This is from Talos.Talosintelligence.com. This is maintained by Cisco. The other one here is for enemy tactics, techniques, and procedures. This is another one here. So this is interesting. You guys have to check this one out. This one is the last one on the list because I wanted to go through this here with you. Attack Metry.org This is such a great tool as a pen tester. This thing maintains a giant knowledge base of different adversary tactics and techniques that they can use against you. But we, as pen testers, use this a lot. Any time I want to do something with an organisation or I want to find out information, I have students in different classes or when I'm doing a pen test, they'll say to me, "Andrew, how do I do this?" I come right here and I say, okay, this is the attack you want to do, and this is how we would go about doing it. And it tells you the tools and how to do it much. So let's say so much stuff. This is a rabbit hole.

If you go here, you're going to be here for days. Let me teach you guys something. So let's say reconnaissance, right? Getting information about your client So let's say you want active scanning. You click on this. It'll give you ways of doing it right. Gathering victims, network information You click on this, and it starts to tell you DNS network topologies. How do we gather information on people's IP addresses? It goes in, and it gives you descriptions of it. And then they go in and tell you they can do active scanning. And then you click on that, and it takes you down more of a rabbit hole. This just keeps on going and going, and eventually it will come, and it will tell you some of the tools that they may use. It will tell you some of the different forms of access that they can use.

And it gets really interesting when you start to get to the execution part. Privilege escalations. For example, they go in and say "boot or log on to auto start," and then they tell you different things about it. So this website has so much information. I mean, if I'm trying to learn to do an attack and I'm trying to learn how I can do an aptitude test on this, I come right here. This is my number one stop for that. This is something that you guys should be exploring a whole lot. This video isn't long enough for me to go through this, but you guys click on it. You'll see what I mean? Lots of interesting information here. Okay, so a lot of good information in this section of the class. You guys learned about all the different threats and how they come and get you. You learned about different places we can go. I've given you guys a lot of links in this section. Please follow up with these links because you're going to be using a lot of them throughout your entire IT security career.

Prepared by Top Experts, the top IT Trainers ensure that when it comes to your IT exam prep and you can count on ExamSnap CompTIA Security+ certification video training course that goes in line with the corresponding CompTIA SY0-601 exam dumps, study guide, and practice test questions & answers.