2.1 – Threat Actors
Threat Actors
There are many different types of attackers. In this video, you’ll learn about threat actors from nation states, organized crime, shadow IT, and others.
2.2 – Threat Vectors and Attack Surfaces
Common Threat Vectors
Attackers can use many different methods to gain access to a system. In this video, you’ll learn how messages, images, files, default credentials, and more can be used as threat vectors.
Phishing
Phishing continues to be a popular method of network infiltration. In this video, you’ll learn about different phishing techniques, and I’ll demonstrate a real-world example from my email inbox.
Impersonation
Attackers use impersonation to make themselves appear to be someone different. In this video, you’ll learn about some of the most popular impersonation and fraud-based attacks.
Watering Hole Attacks
If an attacker can’t get into your network, then they’ll wait for you to come out. In this video, you’ll learn how watering hole attacks can be used to attack a company outside of their own network.
Other Social Engineering Attacks
Attackers use many techniques to gain access to our systems. In this video, you’ll learn about misinformation campaigns and brand impersonation.
2.3 – Types of Vulnerabilities
Memory Injections
Attackers can manipulate information in RAM to gain elevated access. In this video, you’ll learn how memory and DLL injections are used in an attack.
Buffer Overflows
A poorly written application can be a useful vector for an attacker. In this video, you’ll learn how buffer overflows can be used to gain access to a remote system.
Race Conditions
Most applications perform multiple transactions and processes at the same time. In this video, you’ll learn how attackers can take advantage of this characteristic with a race condition.
Malicious Updates
Many operating systems and applications perform automated updates. In this video, you’ll learn how attackers can use this feature to gain access to our systems.
Operating System Vulnerabilities
Our operating systems can contain numerous vulnerabilities. In this video, you’ll learn how attackers use these vulnerabilities and how to protect your systems from unwanted intrusion.
SQL Injection
Code injection is a relatively easy attack vector to exploit. In this video, you’ll learn about SQL injections and how they are used by attackers to gain access to our data.
Cross-site Scripting
Attackers can often use our browsers against us. In this video, you’ll learn how a browser vulnerability can provide an attacker with access to a third-party website.
Hardware Vulnerabilities
Our hardware can also be a useful attack vector for an attacker. In this video, you’ll learn how firmware, end-of-life announcements, and legacy platforms can potentially put our data at risk.
Virtualization Vulnerabilities
A virtual machine manager can be a useful starting point for an attacker. In this video, you’ll learn how VM escapes and resource reuse can be maliciously used by an attacker.
Cloud-specific Vulnerabilities
An application in the cloud is susceptible to many different attack types. In this video, you’ll learn how denial of service, authentication bypass, directory traversal, and other attacks can be used against our cloud-based applications.
Supply Chain Vulnerabilities
Some attacks come in through the front door. In this video, you’ll learn how the supply chain can be used as an attack vector against our organizations.
Misconfiguration Vulnerabilities
Some of the most common vulnerabilities are those we create ourselves. In this video, you’ll learn many different ways that misconfigurations can weaken the security of our networks.
Mobile Device Vulnerabilities
Our mobile devices can be used by attackers to gain access to our networks and data. In this video, you’ll learn about jailbreaking, rooting, and sideloading.
Zero-day Vulnerabilities
An attack can sometimes take us by surprise. In this video, you’ll learn about zero-day attacks and how to prepare and respond to these attacks.